An shirya fassarar labarin a jajibirin fara karatun
Daidaita kaya shine mafita gama gari don ƙaddamar da aikace-aikacen gidan yanar gizo a kwance a tsakanin runduna da yawa yayin samar da masu amfani da maki guda na samun damar sabis. yana ɗaya daga cikin mashahurin buɗaɗɗen ma'auni na ma'auni na kayan aiki wanda kuma yana ba da dama mai yawa da aikin wakili.
HAProxy yana ƙoƙari don haɓaka amfani da albarkatu, haɓaka kayan aiki, rage lokacin amsawa, da kuma guje wa wuce gona da iri na kowane albarkatu. Ana iya shigar da shi akan nau'ikan rarrabawar Linux, kamar CentOS 8, wanda za mu mai da hankali kan wannan jagorar, da kuma tsarin. и .
HAProxy ya dace musamman ga gidajen yanar gizo masu yawan zirga-zirgar zirga-zirga kuma saboda haka ana amfani da su sau da yawa don inganta aminci da aiki na saitunan sabis na gidan yanar gizo da yawa. Wannan jagorar yana zayyana matakan saita HAProxy azaman ma'auni mai ɗaukar nauyi akan mai masaukin girgije na CentOS 8, wanda sannan yana zirga-zirga zuwa sabar gidan yanar gizon ku.
A matsayin abin da ake buƙata don sakamako mafi kyau, yakamata ku sami aƙalla sabar gidan yanar gizo guda biyu da sabar daidaita kaya. Sabar yanar gizo dole ne su kasance suna gudana aƙalla ainihin sabis na gidan yanar gizo kamar nginx ko httpd don gwada daidaita nauyi tsakanin su.
Shigar da HAProxy akan CentOS 8
Saboda HAProxy aikace-aikacen tushen buɗaɗɗen haɓakawa ne cikin sauri, rarrabawar da ke akwai a gare ku a daidaitattun ma'ajin CentOS na iya zama ba sabon sigar ba. Don gano sigar yanzu, gudanar da umarni mai zuwa:
sudo yum info haproxyHAProxy koyaushe yana ba da tsayayyen juzu'i uku don zaɓar daga: nau'ikan goyan bayan kwanan nan biyu da na uku, sigar tsofaffi wanda har yanzu yana karɓar sabuntawa mai mahimmanci. Kuna iya koyaushe bincika sabon sigar kwanciyar hankali da aka jera akan gidan yanar gizon HAProxy sannan ku yanke shawarar wacce sigar kuke son aiki da ita.
A cikin wannan jagorar, za mu shigar da sabon ingantaccen sigar 2.0, wanda ba a samu ba tukuna a daidaitattun ma'ajin a lokacin rubuta jagorar. Kuna buƙatar shigar da shi daga tushen asali. Amma da farko, bincika idan kun cika sharuddan da ake buƙata don saukewa da kuma haɗa shirin.
sudo yum install gcc pcre-devel tar make -yZazzage lambar tushe ta amfani da umarnin da ke ƙasa. Kuna iya bincika idan akwai sabon sigar da ake samu akansa .
wget http://www.haproxy.org/download/2.0/src/haproxy-2.0.7.tar.gz -O ~/haproxy.tar.gzDa zarar saukarwar ta cika, cire fayilolin ta amfani da umarnin da ke ƙasa:
tar xzvf ~/haproxy.tar.gz -C ~/Jeka zuwa kundin tushen da ba a cika kunshin ba:
cd ~/haproxy-2.0.7Sannan hada shirin don tsarin ku:
make TARGET=linux-glibcKuma a ƙarshe, shigar da HAProxy kanta:
sudo make installAn shigar da HAProxy yanzu, amma yana buƙatar ƙarin manipulations don yin aiki. Bari mu ci gaba da saita software da ayyuka a ƙasa.
Saita HAProxy don uwar garken ku
Yanzu ƙara waɗannan kundayen adireshi da fayil ɗin ƙididdiga don shigarwar HAProxy:
sudo mkdir -p /etc/haproxy
sudo mkdir -p /var/lib/haproxy
sudo touch /var/lib/haproxy/statsƘirƙirar hanyar haɗi ta alama don binaries don ku iya gudanar da umarnin HAProxy azaman mai amfani na yau da kullun:
sudo ln -s /usr/local/sbin/haproxy /usr/sbin/haproxyIdan kuna son ƙara wakili zuwa tsarin ku azaman sabis, kwafi fayil ɗin haproxy.init daga misalai zuwa directory ɗin ku /etc/init.d. Shirya izinin fayil ɗin don rubutun ya gudana, sannan sake kunna tsarin daemon:
sudo cp ~/haproxy-2.0.7/examples/haproxy.init /etc/init.d/haproxy
sudo chmod 755 /etc/init.d/haproxy
sudo systemctl daemon-reloadHakanan kuna buƙatar ƙyale sabis ɗin ya sake farawa ta atomatik lokacin da tsarin ya fara:
sudo chkconfig haproxy onDon dacewa, ana kuma ba da shawarar ƙara sabon mai amfani don gudanar da HAProxy:
sudo useradd -r haproxyBayan wannan, zaku iya sake duba lambar sigar da aka shigar ta amfani da umarni mai zuwa:
haproxy -v
HA-Proxy version 2.0.7 2019/09/27 - https://haproxy.org/A cikin yanayinmu, nau'in ya kamata ya zama 2.0.7, kamar yadda aka nuna a cikin samfurin misali a sama.
A ƙarshe, tsohuwar Tacewar zaɓi a cikin CentOS 8 yana da iyakancewa ga wannan aikin. Yi amfani da umarni masu zuwa don ba da izinin ayyukan da ake buƙata kuma sake saita Tacewar zaɓi:
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-port=8181/tcp
sudo firewall-cmd --reloadLoad Ma'auni Saitin
Kafa HAProxy tsari ne mai sauƙi mai sauƙi. Mahimmanci, duk abin da kuke buƙatar yi shine gaya wa HAProxy abin da ya kamata ya saurara da kuma inda ya kamata ya watsa su.
Ana yin wannan ta ƙirƙirar fayil ɗin sanyi /etc/haproxy/haproxy.cfg tare da ma'anar saituna. Kuna iya karanta game da zaɓuɓɓukan sanyi na HAProxy idan kuna son ƙarin sani game da shi.
Load daidaitawa a layin sufuri (Layer 4)
Bari mu fara da saitin asali. Ƙirƙiri sabon fayil ɗin saiti, misali ta amfani da vi tare da umarnin da ke ƙasa:
sudo vi /etc/haproxy/haproxy.cfgƘara waɗannan sassan zuwa fayil ɗin. Sauya server_name abin da ya kamata ya kira sabar ku akan shafin kididdiga, kuma private_ip - adiresoshin IP masu zaman kansu na sabobin da kuke son jagorantar zirga-zirgar yanar gizo zuwa gare su. Kuna iya duba adiresoshin IP masu zaman kansu kuma a kan tab Hanyar sadarwar kai tsaye a menu Network.
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend http_front
bind *:80
stats uri /haproxy?stats
default_backend http_back
backend http_back
balance roundrobin
server server_name1 private_ip1:80 check
server server_name2 private_ip2:80 checkWannan yana bayyana ma'aunin ma'aunin ɗaukar nauyi na sufuri (Layer 4) a waje mai suna http_front saurare akan tashar jiragen ruwa 80, wanda sannan ya tura zirga-zirga zuwa tsohuwar baya mai suna http_back. Ƙarin ƙididdiga /haproxy?stats yana haɗa shafin ƙididdiga zuwa ƙayyadadden adireshin.
Algorithms masu daidaitawa daban-daban.
Ƙayyadaddun sabar a cikin sashin baya yana ba da damar HAProxy don amfani da waɗannan sabobin don daidaitawa da nauyi bisa ga tsarin zagaye-robin algorithm lokacin da zai yiwu.
Ana amfani da daidaita algorithms don tantance wace uwar garken da ke cikin bangon baya kowace haɗi aka wuce zuwa. Ga wasu zaɓuɓɓuka masu amfani:
- Roundrobin: Ana amfani da kowace uwar garken bi da bi gwargwadon nauyinta. Wannan shine mafi santsi kuma mafi kyawun algorithm lokacin da lokacin sarrafa sabar ya kasance daidai da rarrabawa. Wannan algorithm yana da ƙarfi, yana ba da damar daidaita nauyin uwar garken akan tashi.
- Letastconn: an zaɓi uwar garken da ke da mafi ƙarancin haɗi. Ana yin zagaye zagaye tsakanin sabobin masu kaya iri ɗaya. Ana ba da shawarar yin amfani da wannan algorithm don dogon zama kamar LDAP, SQL, TSE, da dai sauransu, amma bai dace da gajeren zama kamar HTTP ba.
- Na farko: Sabar farko tare da ramukan haɗin kai yana karɓar haɗin. Ana zaɓar sabar daga mafi ƙanƙanta ID na lamba zuwa mafi girma, wanda ya sabawa matsayin uwar garken a cikin gona. Da zarar uwar garken ya kai maxconn, ana amfani da uwar garken na gaba.
- Source: Adireshin IP na tushen yana hashed kuma an raba shi ta jimlar nauyin sabar masu gudana don sanin wane uwar garken ne zai karɓi buƙatar. Ta wannan hanyar, adireshin IP ɗin abokin ciniki ɗaya zai tafi koyaushe zuwa sabar iri ɗaya, yayin da sabobin ke kasancewa iri ɗaya.
Saita daidaita nauyi a matakin aikace-aikacen (Layer 7)
Wani zaɓin da ake da shi shine saita ma'aunin nauyi don aiki a Layer na aikace-aikacen (Layer 7), wanda ke da amfani lokacin da sassan aikace-aikacen yanar gizon ku ke kan runduna daban-daban. Ana iya samun wannan ta hanyar murƙushe watsa haɗin yanar gizo, misali ta URL.
Bude fayil ɗin sanyi na HAProxy ta amfani da editan rubutu:
sudo vi /etc/haproxy/haproxy.cfgSannan saita sassan gaba da baya kamar misalin da ke ƙasa:
frontend http_front
bind *:80
stats uri /haproxy?stats
acl url_blog path_beg /blog
use_backend blog_back if url_blog
default_backend http_back
backend http_back
balance roundrobin
server server_name1 private_ip1:80 check
server server_name2 private_ip2:80 check
backend blog_back
server server_name3 private_ip3:80 checkGaban gaba yana ayyana dokar ACL da ake kira url_blog wanda ya shafi duk haɗin gwiwa tare da hanyoyin farawa da /blog. Use_backend ya ƙayyade cewa haɗin da ya dace da yanayin url_blog ya kamata a yi amfani da shi ta hanyar baya mai suna blog_back, kuma duk sauran buƙatun ana sarrafa su ta hanyar tsohowar baya.
A gefen baya, saitin yana saita ƙungiyoyin sabar guda biyu: http_back, kamar yadda ya gabata, da kuma wani sabon da ake kira blog_back, wanda ke ɗaukar haɗin kai zuwa example.com/blog.
Bayan canza saitunan, adana fayil ɗin kuma sake kunna HAProxy ta amfani da umarni mai zuwa:
sudo systemctl restart haproxyIdan kun karɓi kowane faɗakarwa ko saƙon kuskure yayin farawa, bincika tsarin ku don su kuma tabbatar kun ƙirƙiri duk fayiloli da manyan fayiloli masu mahimmanci, sannan gwada sake farawa.
Gwajin saitin
Da zarar an daidaita HAProxy kuma yana gudana, buɗe adireshin IP na jama'a na uwar garken ma'aunin nauyi a cikin mai bincike kuma bincika idan an haɗa ku da baya daidai. Ma'aunin ƙididdiga uri a cikin saitin yana ƙirƙirar shafin ƙididdiga a ƙayyadadden adireshin.
http://load_balancer_public_ip/haproxy?statsLokacin da kuka loda shafin kididdiga, idan duk sabobin ku sun nuna kore, to saitin ya yi nasara!
Shafin kididdiga ya ƙunshi wasu bayanai masu amfani don bin diddigin rundunonin gidan yanar gizon ku, gami da lokacin sama/ƙasa da adadin zaman. Idan uwar garken yana da ja, tabbatar cewa an kunna uwar garken kuma za ku iya ping ta daga na'ura mai daidaitawa.
Idan ma'aunin nauyin ku baya amsawa, tabbatar da cewa tacewar wuta ba ta toshe haɗin HTTP. Hakanan tabbatar cewa HAProxy yana aiki ta amfani da umarnin da ke ƙasa:
sudo systemctl status haproxyKare shafin kididdiga tare da kalmar sirri
Koyaya, idan an jera shafin ƙididdiga a ƙarshen gaba, to yana buɗewa don kowa ya gani, wanda bazai zama kyakkyawan ra'ayi ba. Madadin haka, zaku iya sanya mata lambar tashar tashar al'ada ta ƙara misalin da ke ƙasa zuwa ƙarshen fayil ɗin haproxy.cfg ɗinku. Sauya sunan mai amfani и password don wani abu mai lafiya:
listen stats
bind *:8181
stats enable
stats uri /
stats realm Haproxy Statistics
stats auth username:passwordBayan ƙara sabon rukunin masu sauraro, cire tsohuwar hanyar haɗin statistic uri daga rukunin gaba. Lokacin da aka gama, ajiye fayil ɗin kuma sake kunna HAProxy.
sudo systemctl restart haproxySa'an nan kuma sake buɗe ma'aunin nauyi tare da sabon lambar tashar jiragen ruwa kuma shiga tare da sunan mai amfani da kalmar wucewa da kuka ƙayyade a cikin fayil ɗin sanyi.
http://load_balancer_public_ip:8181Tabbatar cewa duk sabar naku har yanzu suna nuna kore sannan kuma buɗe IP mai ɗaukar nauyi kawai ba tare da lambobi na tashar jiragen ruwa ba a cikin burauzar ku.
http://load_balancer_public_ip/Idan kuna da aƙalla wasu shafuka masu saukowa iri-iri akan sabobin ku na baya, za ku lura cewa duk lokacin da kuka sake loda shafin za ku sami amsa daga mai masaukin baki daban. Kuna iya gwada algorithms daidaitawa daban-daban a cikin sashin daidaitawa ko duba .
Ƙarshe: HAProxy Load Balancer
Taya murna akan nasarar kafa ma'aunin nauyi na HAProxy! Ko da tare da saitin daidaita ma'auni na asali, zaku iya inganta aiki da wadatar aikace-aikacen gidan yanar gizon ku. Wannan jagorar gabatarwa ce kawai don daidaitawa tare da HAProxy, wanda ke da ikon da yawa fiye da abin da za'a iya rufewa a cikin jagorar saiti mai sauri. Muna ba da shawarar yin gwaji tare da saituna daban-daban ta amfani da su , samuwa ga HAProxy, sa'an nan kuma fara shirin daidaita nauyin kaya don yanayin samar da ku.
Ta amfani da runduna da yawa don kare sabis ɗin gidan yanar gizonku tare da ɗakin kai, ma'aunin nauyi da kanta na iya gabatar da maƙasudin gazawa. Kuna iya ƙara haɓaka babban samuwa ta hanyar shigar da IP mai iyo tsakanin ma'aunin nauyi da yawa. Kuna iya samun ƙarin bayani game da wannan a cikin mu .
Karin bayani game da kwas ***
source: www.habr.com