読者です 読者をやめる 読者になる 読者になる

labunix's blog

labunixのラボUnix

2台のWheezyにbackportsのhaproxyを導入

■Wheezyにbackportsのhaproxyを導入
 以下のWheezy版。WheezyではApache2を2台で冗長化する。

 1台のsqueeze(apache2)でHAProxyを導入
 http://labunix.hateblo.jp/entry/20130720/1374308619

$ grep "^deb .* wheezy main" /etc/apt/sources.list | \
  awk '{print "deb "$2" wheezy-backports main"}' | \
  sudo tee -a /etc/apt/sources.list
deb http://ftp.jp.debian.org/debian/ wheezy-backports main

$ sudo apt-get update
$ sudo apt-file update
$ apt-cache search ^haproxy
haproxy - fast and reliable load balancing reverse proxy
$ sudo apt-get install -y haproxy apache2

$ sudo haproxy -v
HA-Proxy version 1.4.24 2013/06/17
Copyright 2000-2013 Willy Tarreau <w@1wt.eu>

■VIPは不要なので、apache2のログの抑制を行う。

$ sudo touch /var/www/check.html
$ sudo sed -i s/"CustomLog.*"/'SetEnvIf Request_URI "/check.html" nolog'"\n\t"'SetEnvIf Request_URI "\\\*" nolog'"\n\t&"' env=!nolog'/ \
  /etc/apache2/sites-available/default
$ grep -A 2 "Set.*check" /etc/apache2/sites-available/default
	SetEnvIf Request_URI "/check.html" nolog
	SetEnvIf Request_URI "\*" nolog
	CustomLog ${APACHE_LOG_DIR}/access.log combined env=!nolog

■haproxyの設定
 chrootがデフォルト、「dev/log」もはじめから生成されている。

$ sudo cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.org
$ grep chroot /etc/haproxy/haproxy.cfg
	chroot /var/lib/haproxy
$ grep . /etc/rsyslog.d/haproxy.conf 
# Create an additional socket in haproxy's chroot in order to allow logging via
# /dev/log to chroot'ed HAProxy processes
$AddUnixListenSocket /var/lib/haproxy/dev/log
# Send HAProxy messages to a dedicated logfile
if $programname startswith 'haproxy' then /var/log/haproxy.log
&~

■上記を元に以下を作成

$ cat /etc/haproxy/haproxy.cfg
global
	log /dev/log	local0
	log /dev/log	local1 notice
	chroot /var/lib/haproxy
	user haproxy
	group haproxy
	daemon

defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
        contimeout 5000
        clitimeout 50000
        srvtimeout 50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

listen	appli5-backup 0.0.0.0:10005
	option	httpchk /check.html
	balance	roundrobin
	cookie	SERVERID insert indirect nocache
	server	inst1 192.168.152.91:80 cookie server01 check inter 2000 fall 3
	server	inst2 192.168.152.92:80 cookie server02 check inter 2000 fall 3
	capture cookie ASPSESSION len 32
	srvtimeout	20000

	option	httpclose		# disable keep-alive
	option  checkcache		# block response if set-cookie & cacheable

	rspidel ^Set-cookie:\ IP=	# do not let this cookie tell our internal IP address

■haproxyを起動する。

$ sudo sed -i s/"ENABLED=0"/"ENABLED=1"/ /etc/default/haproxy 
$ sudo /etc/init.d/haproxy restart
[ ok ] Restarting haproxy: haproxy.

$ ps aux | grep haproxy | grep ^haproxy | cut -c 66-
/usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg -D -p /var/run/haproxy.pid

$ netstat -an | grep 10005
tcp        0      0 0.0.0.0:10005           0.0.0.0:*               LISTEN     

■「dev/log」経由でログも出ている。

$ sudo grep haproxy /var/log/syslog
Jul 20 20:44:45 kvm-debian haproxy[7249]: Proxy appli5-backup started.
Jul 20 20:44:45 kvm-debian haproxy[7249]: Proxy appli5-backup started.

$ sudo grep haproxy /var/log/syslog  
Jul 20 20:48:47 xen-debian haproxy[5963]: Proxy appli5-backup started.
Jul 20 20:48:47 xen-debian haproxy[5963]: Proxy appli5-backup started.

■チェック

$ for n in `seq 91 92`;do w3m -dump http://192.168.152.$n:10005 | head -1;done
Received cookie: SERVERID=server01
It works!
Received cookie: SERVERID=server02
It works!

■ラウンドロビンで分散してます。

$ for cnt in `seq 1 10`;do \
    for n in `seq 91 92`;do \
      echo -n "$n,"; \
      w3m -dump http://192.168.152.$n:10005 2>&1 | \
        grep "Received" | sed s/".*server"//g; \
    done; \
  done
91,02
92,02
91,01
92,01
91,02
92,02
91,01
92,01
91,02
92,02
91,01
92,01
91,02
92,02
91,01
92,01
91,02
92,02
91,01
92,01

■若干どうでもよいのだけど、切り替わったことをわかりやすく(?)してみた。

$ for cnt in `seq 1 10`;do \
    for n in `seq 91 92`;do \
      echo "$n," | awk '{printf "%2d,",$1%90}'; \
      w3m -dump http://192.168.152.$n:10005 2>&1 | \
        grep "Received" | sed s/".*server"//g | \
        awk '{print $1%3}'; \
     done; \
   done | awk -F\, '{if($1==$2){print "==,"$0}else{print "rr,"$0}}'
rr, 1,2
==, 2,2
==, 1,1
rr, 2,1
rr, 1,2
==, 2,2
==, 1,1
rr, 2,1
rr, 1,2
==, 2,2
==, 1,1
rr, 2,1
rr, 1,2
==, 2,2
==, 1,1
rr, 2,1
rr, 1,2
==, 2,2
==, 1,1
rr, 2,1