526互联

HAproxy 配置

发布时间 2023-06-27 17:44:37作者: SkyRainmom

HAProxy是一个使用C语言编写的自由及开放源代码软件,其提供高可用性、负载均衡,以及基于TCP和HTTP的应用程序代理

HAProxy特别适用于那些负载特大的web站点,这些站点通常又需要会话保持或七层处理。HAProxy运行在当前的硬件上,完全可以支持数以万计的并发连接。并且它的运行模式使得它可以很简单安全地整合进用户当前的架构中, 同时可以保护用户的web服务器不被暴露到网络上

HAProxy实现了一种事件驱动, 单一进程模型,此模型支持非常大的并发连接数。多进程或多线程模型受内存限制 、系统调度器限制以及无处不在的锁限制,很少能处理数千并发连接。事件驱动模型因为在有更好的资源和时间管理的用户空间(User-Space) 实现所有这些任务,所以没有这些问题。此模型的弊端是,在多核系统上,这些程序通常扩展性较差。这就是为什么他们必须进行优化以 使每个CPU时间片(Cycle)做更多的工作

主机配置信息

主机节点 安装的服务 IP配置 操作系统
k8s-master haproxy Net:10.10.20.10 Centos8-Stream
k8s-worker01 httpd Net:10.10.20.20 Centos8-Stream
k8s-worker02 httpd Net:10.10.20.30 Centos8-Stream

配置主机名和主机IP映射

#k8s-master
[root@localhost ~]# hostnamectl set-hostname k8s-master
[root@localhost ~]# bash
[root@k8s-master ~]# cat >>/etc/hosts<<EOF
10.10.20.10     k8s-master
10.10.20.20     k8s-worker01
10.10.20.30     k8s-worker02
EOF

#k8s-worker01
[root@localhost ~]# hostnamectl set-hostname k8s-worker01
[root@localhost ~]# bash
[root@k8s-worker01 ~]# cat >>/etc/hosts<<EOF
10.10.20.10     k8s-master
10.10.20.20     k8s-worker01
10.10.20.30     k8s-worker02
EOF

#k8s-worker02
[root@localhost ~]# hostnamectl set-hostname k8s-worker02
[root@localhost ~]# bash
[root@k8s-worker02 ~]# cat >>/etc/hosts<<EOF
10.10.20.10     k8s-master
10.10.20.20     k8s-worker01
10.10.20.30     k8s-worker02
EOF

关闭防火墙和selinux

#三个节点均执行,这里以master演示
[root@k8s-master ~]# systemctl disable --now firewalld
[root@k8s-master ~]# vi /etc/selinux/config 
SELINUX=disabled
[root@k8s-master ~]# reboot

配置yum源

#使用阿里云yum源,三个节点均执行,这里以master演示
[root@k8s-master ~]# mkdir /etc/yum.repos.d/Centos8
[root@k8s-master ~]# mv /etc/yum.repos.d/CentOS-Stream-* /etc/yum.repos.d/Centos8
[root@k8s-master ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-vault-8.5.2111.repo
[root@k8s-master ~]# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
[root@k8s-master ~]# yum clean all
0 files removed
[root@k8s-master ~]# yum makecache

Worker节点安装httpd服务

k8s-worker01:

[root@k8s-worker01 ~]# dnf -y install httpd
[root@k8s-worker01 ~]# echo 'I,forgive all sentient beings!' > /var/www/html/index.html
[root@k8s-worker01 ~]# cat /var/www/html/index.html 
I,forgive all sentient beings!
[root@k8s-worker01 ~]# systemctl enable --now httpd

k8s-worker02:

[root@k8s-worker02 ~]# dnf -y install httpd
[root@k8s-worker02 ~]# echo 'What is a dream?' > /var/www/html/index.html
[root@k8s-worker02 ~]# cat /var/www/html/index.html 
What is a dream?
[root@k8s-worker02 ~]# systemctl enable --now httpd

HAproxy(仅在master上安装)

官方安装包网址:https://www.haproxy.org/download/

源码安装包网址:https://src.fedoraproject.org/repo/pkgs/haproxy/ (这个可能下载的快一点)

编译环境

dnf -y install make wget gcc pcre-devel bzip2-devel openssl-devel systemd-devel --allowerasing

下载haproxy包,此次采用2.8.0版本

wget https://src.fedoraproject.org/repo/pkgs/haproxy/haproxy-2.8.0.tar.gz /sha512/4197e94df3d4ab8b27487146181335422358a097f7d50188b40ae23263c58ddeab6d17d9ed91e93d239a7fccec2fa58319e3f2cf07ac589c79fd78a3839c2b81/haproxy-2.8.0.tar.gz

解压安装包,编译,安装

[root@k8s-master ~]# tar xf haproxy-2.8.0.tar.gz 
[root@k8s-master ~]# cd haproxy-2.8.0
[root@k8s-master haproxy-2.8.0]# ls
addons    BSDmakefile   dev       include  MAINTAINERS  reg-tests  SUBVERS  VERSION
admin     CHANGELOG     doc       INSTALL  Makefile     scripts    tests
BRANCHES  CONTRIBUTING  examples  LICENSE  README       src        VERDATE
[root@k8s-master haproxy-2.8.0]# make clean
make -j $(grep 'processor' /proc/cpuinfo |wc -l)  \
TARGET=linux-glibc  \
USE_OPENSSL=1  \
USE_ZLIB=1  \
USE_PCRE=1  \
USE_SYSTEMD=1
[root@k8s-master haproxy-2.8.0]# make install PREFIX=/usr/local/haproxy
[root@k8s-master haproxy-2.8.0]# cp haproxy  /usr/sbin/

设置Linux内核参数

[root@k8s-master haproxy-2.8.0]# cat >>/etc/sysctl.conf<<EOF
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
EOF
#注意空格

创建haproxy用户

[root@k8s-master ~]# useradd -r -M -s /sbin/nologin haproxy

编写haproxy服务

[root@k8s-master ~]# mkdir /etc/haproxy
[root@k8s-master ~]# vi /etc/haproxy/haproxy.cfg

global
    log 127.0.0.1 local0  info
    #log loghost local0 info
    maxconn 20480
    #chroot /usr/local/haproxy
    pidfile /var/run/haproxy.pid
    #maxconn 4000
    user haproxy
    group haproxy
    daemon
#---------------------------------------------------------------------
#common defaults that all the 'listen' and 'backend' sections will
#use if not designated in their block
#---------------------------------------------------------------------
defaults
    mode http
    log global
    option dontlognull
    option httpclose
    option httplog
    #option forwardfor
    option redispatch
    balance roundrobin
    timeout connect 10s
    timeout client 10s
    timeout server 10s
    timeout check 10s
    maxconn 60000
    retries 3
#--------------统计页面配置------------------#
listen admin_stats
    bind 0.0.0.0:8084
    stats enable
    mode http
    log global
    stats uri /haproxy-stats           #设置访问网页后缀URL
    stats realm Haproxy\ Statistics
    stats auth admin:admin              #设置用户名和密码
    #stats hide-version
    stats admin if TRUE
    stats refresh 30s
#---------------web设置-----------------------#
listen webcluster
    bind 0.0.0.0:80
    mode http
    #option httpchk GET /index.html
    log global
    maxconn 3000
    balance roundrobin
    cookie SESSION_COOKIE insert indirect nocache
    server k8s-worker01 10.10.20.20:80 check inter 2000 fall 5
    server k8s-worker02 10.10.20.30:80 check inter 2000 fall 5

编写haproxy.service服务单元

[root@k8s-master ~]# vi /usr/lib/systemd/system/haproxy.service

[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target

[Service]
ExecStartPre=/usr/local/haproxy/sbin/haproxy -f /etc/haproxy/haproxy.cfg   -c -q
ExecStart=/usr/local/haproxy/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg  -p /var/run/haproxy.pid
ExecReload=/bin/kill -USR2 $MAINPID

[Install]
WantedBy=multi-user.target

#保存所有配置
[root@k8s-master ~]# systemctl daemon-reload

配置日志信息

[root@k8s-master ~]# vi /etc/rsyslog.conf
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
local0.*                        /var/log/haproxy.log         #在这里加这一行

#重启日志
[root@k8s-master ~]# systemctl restart rsyslog
[root@k8s-master ~]# systemctl enable rsyslog

启动haproxy服务

#直接启动
[root@k8s-master ~]# systemctl enable --now haproxy.service
Created symlink /etc/systemd/system/multi-user.target.wants/haproxy.service → /usr/lib/systemd/system/haproxy.service.

#用haproxy命令启动
[root@k8s-master ~]# haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid					#上述命令的执行结果

#查看端口
[root@k8s-master ~]# ss -antlup | grep haproxy
tcp   LISTEN 0      2048         0.0.0.0:80        0.0.0.0:*    users:(("haproxy",pid=18772,fd=8))
tcp   LISTEN 0      2048         0.0.0.0:8084      0.0.0.0:*    users:(("haproxy",pid=18772,fd=7))

测试效果

[root@k8s-master ~]# curl http://10.10.20.10
I,forgive all sentient beings!
[root@k8s-master ~]# curl http://10.10.20.10
What is a dream?
[root@k8s-master ~]# curl http://10.10.20.10
I,forgive all sentient beings!
[root@k8s-master ~]# curl http://10.10.20.10
What is a dream?
[root@k8s-master ~]# curl http://10.10.20.10
I,forgive all sentient beings!
[root@k8s-master ~]# curl http://10.10.20.10
What is a dream?

Web界面访问

地址为:http://10.10.20.10:8084/haproxy-stats 用户和密码均为:admin

image-20230627171506895