èšäºã®ç¿»èš³ã¯ã³ãŒã¹éå§åå€ã«æºåãããŸãã
è² è·åæ£ã¯ããŠãŒã¶ãŒã«ãµãŒãã¹ãžã®åäžã¢ã¯ã»ã¹ ãã€ã³ããæäŸããªãããWeb ã¢ããªã±ãŒã·ã§ã³ãè€æ°ã®ãã¹ãéã§æ°Žå¹³ã«ã¹ã±ãŒãªã³ã°ããããã®äžè¬çãªãœãªã¥ãŒã·ã§ã³ã§ãã
HAProxy ã¯ããªãœãŒã¹äœ¿çšéã®æé©åãã¹ã«ãŒãããã®æ倧åãå¿çæéã®æå°åãããã³åã
ã®ãªãœãŒã¹ã®éè² è·ã®åé¿ã«åªããŸãã ãã®ã¬ã€ãã§ã¯ãCentOS 8 ãªã©ã®ããŸããŸãª Linux ãã£ã¹ããªãã¥ãŒã·ã§ã³ãã·ã¹ãã ã«ã€ã³ã¹ããŒã«ã§ããŸãã
HAProxy ã¯ããã©ãã£ãã¯ãéåžžã«å€ã Web ãµã€ãã«ç¹ã«é©ããŠããããããã«ããµãŒã㌠Web ãµãŒãã¹æ§æã®ä¿¡é Œæ§ãšããã©ãŒãã³ã¹ãåäžãããããã«ãã䜿çšãããŸãã ãã®ã¬ã€ãã§ã¯ãHAProxy ã CentOS 8 ã¯ã©ãŠã ãã¹ãäžã®ããŒã ãã©ã³ãµãŒãšããŠèšå®ãããã©ãã£ãã¯ã Web ãµãŒããŒã«ã«ãŒãã£ã³ã°ããæé ã®æŠèŠã説æããŸãã
æè¯ã®çµæãåŸãåææ¡ä»¶ãšããŠãå°ãªããšã XNUMX ã€ã® Web ãµãŒããŒãš XNUMX ã€ã®è² è·åæ£ãµãŒããŒãå¿ èŠã§ãã Web ãµãŒããŒéã®è² è·åæ£ããã¹ãããã«ã¯ãWeb ãµãŒããŒã§å°ãªããšã nginx ã httpd ãªã©ã®åºæ¬ç㪠Web ãµãŒãã¹ãå®è¡ãããŠããå¿ èŠããããŸãã
CentOS 8 ãžã® HAProxy ã®ã€ã³ã¹ããŒã«
HAProxy ã¯æ¥éã«é²åããŠãããªãŒãã³ ãœãŒã¹ ã¢ããªã±ãŒã·ã§ã³ã§ãããããæšæºã® CentOS ãªããžããªã§å©çšã§ãããã£ã¹ããªãã¥ãŒã·ã§ã³ã¯ææ°ããŒãžã§ã³ã§ã¯ãªãå¯èœæ§ããããŸãã çŸåšã®ããŒãžã§ã³ã確èªããã«ã¯ã次ã®ã³ãã³ããå®è¡ããŸãã
sudo yum info haproxy
HAProxy ã¯ãåžžã« XNUMX ã€ã®å®å®ããããŒãžã§ã³ããéžæã§ããããã«ããŸãããµããŒããããŠããææ°ã® XNUMX ã€ã®ããŒãžã§ã³ãšãéèŠãªæŽæ°ããŸã åãåã£ãŠãã XNUMX ã€ç®ã®å€ãããŒãžã§ã³ã§ãã HAProxy Web ãµã€ãã«ãªã¹ããããŠããææ°ã®å®å®ããŒãžã§ã³ããã€ã§ã確èªããŠãã©ã®ããŒãžã§ã³ã䜿çšãããã決å®ã§ããŸãã
ãã®ã¬ã€ãã§ã¯ãææ°ã®å®å®ããŒãžã§ã³ 2.0 ãã€ã³ã¹ããŒã«ããŸãããã®ããŒãžã§ã³ã¯ãã¬ã€ãã®äœææç¹ã§ã¯æšæºãªããžããªã§ã¯ãŸã å©çšã§ããŸããã§ããã å ã®ãœãŒã¹ããã€ã³ã¹ããŒã«ããå¿ èŠããããŸãã ãã ãããã®åã«ãããã°ã©ã ãããŠã³ããŒãããŠã³ã³ãã€ã«ããããã«å¿ èŠãªæ¡ä»¶ãæºãããŠãããã©ããã確èªããŠãã ããã
sudo yum install gcc pcre-devel tar make -y
以äžã®ã³ãã³ãã䜿çšããŠãœãŒã¹ã³ãŒããããŠã³ããŒãããŸãã å©çšå¯èœãªæ°ããããŒãžã§ã³ããããã©ããã確èªã§ããŸãã
wget http://www.haproxy.org/download/2.0/src/haproxy-2.0.7.tar.gz -O ~/haproxy.tar.gz
ããŠã³ããŒããå®äºãããã以äžã®ã³ãã³ãã䜿çšããŠãã¡ã€ã«ãæœåºããŸãã
tar xzvf ~/haproxy.tar.gz -C ~/
解åããããœãŒã¹ ãã£ã¬ã¯ããªã«ç§»åããŸãã
cd ~/haproxy-2.0.7
次ã«ãã·ã¹ãã ã«åãããŠããã°ã©ã ãã³ã³ãã€ã«ããŸãã
make TARGET=linux-glibc
æåŸã«ãHAProxy èªäœãã€ã³ã¹ããŒã«ããŸãã
sudo make install
ãã㧠HAProxy ãã€ã³ã¹ããŒã«ãããŸãããããããæ©èœãããã«ã¯è¿œå ã®æäœãå¿ èŠã§ãã 以äžã®ãœãããŠã§ã¢ãšãµãŒãã¹ã®èšå®ãç¶ããŠã¿ãŸãããã
ãµãŒããŒçšã® HAProxy ã®ã»ããã¢ãã
ããã§ãHAProxy ãšã³ããªçšã«æ¬¡ã®ãã£ã¬ã¯ããªãšçµ±èšãã¡ã€ã«ãè¿œå ããŸãã
sudo mkdir -p /etc/haproxy
sudo mkdir -p /var/lib/haproxy
sudo touch /var/lib/haproxy/stats
ãã€ããªã®ã·ã³ããªã㯠ãªã³ã¯ãäœæããŠãHAProxy ã³ãã³ããéåžžã®ãŠãŒã¶ãŒãšããŠå®è¡ã§ããããã«ããŸãã
sudo ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
ãããã·ããµãŒãã¹ãšããŠã·ã¹ãã ã«è¿œå ããå Žåã¯ããµã³ãã«ã® haproxy.init ãã¡ã€ã«ã /etc/init.d ãã£ã¬ã¯ããªã«ã³ããŒããŸãã ã¹ã¯ãªãããå®è¡ãããããã«ãã¡ã€ã«ã®ã¢ã¯ã»ã¹èš±å¯ãç·šéããsystemd ããŒã¢ã³ãåèµ·åããŸãã
sudo cp ~/haproxy-2.0.7/examples/haproxy.init /etc/init.d/haproxy
sudo chmod 755 /etc/init.d/haproxy
sudo systemctl daemon-reload
ãŸããã·ã¹ãã ã®èµ·åæã«ãµãŒãã¹ãèªåçã«åèµ·åã§ããããã«ããå¿ èŠããããŸãã
sudo chkconfig haproxy on
䟿å®äžãHAProxy ãå®è¡ããæ°ãããŠãŒã¶ãŒãè¿œå ããããšããå§ãããŸãã
sudo useradd -r haproxy
ãã®åŸã次ã®ã³ãã³ãã䜿çšããŠãã€ã³ã¹ããŒã«ãããŠããããŒãžã§ã³çªå·ãå床確èªã§ããŸãã
haproxy -v
HA-Proxy version 2.0.7 2019/09/27 - https://haproxy.org/
ãã®å Žåãäžèšã®åºåäŸã«ç€ºãããã«ãããŒãžã§ã³ã¯ 2.0.7 ã§ããå¿ èŠããããŸãã
æåŸã«ãCentOS 8 ã®ããã©ã«ãã®ãã¡ã€ã¢ãŠã©ãŒã«ã¯ããã®ãããžã§ã¯ãã«å¯ŸããŠéåžžã«å¶éçã§ãã 次ã®ã³ãã³ãã䜿çšããŠãå¿ èŠãªãµãŒãã¹ãèš±å¯ãããã¡ã€ã¢ãŠã©ãŒã«ããªã»ããããŸãã
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-port=8181/tcp
sudo firewall-cmd --reload
ããŒããã©ã³ãµã®ã»ããã¢ãã
HAProxy ã®ã»ããã¢ããã¯éåžžã«ç°¡åãªããã»ã¹ã§ãã åºæ¬çã«ãHAProxy ã«ã©ã®æ¥ç¶ããªãã¹ã³ããå¿ èŠããããããŸãã©ãã«äžç¶ããå¿ èŠãããããäŒããã ãã§æžã¿ãŸãã
ãããè¡ãã«ã¯ãèšå®ãå®çŸ©ããæ§æãã¡ã€ã« /etc/haproxy/haproxy.cfg ãäœæããŸãã HAProxy æ§æãªãã·ã§ã³ã«ã€ããŠèªãããšãã§ããŸãã
ãã©ã³ã¹ããŒãå±€ïŒã¬ã€ã€ãŒ4ïŒã§ã®è² è·åæ£
åºæ¬çãªã»ããã¢ããããå§ããŸãããã ããšãã°ã次ã®ããã«ããŠæ°ããæ§æãã¡ã€ã«ãäœæããŸãã vi 以äžã®ã³ãã³ãã§:
sudo vi /etc/haproxy/haproxy.cfg
次ã®ã»ã¯ã·ã§ã³ããã¡ã€ã«ã«è¿œå ããŸãã 亀æãã ãµãŒããŒã®åå çµ±èšããŒãžã§ãµãŒããŒãåŒã³åºãå¿
èŠããããã®ãããã³ ãã©ã€ããŒãIP â Web ãã©ãã£ãã¯ã®éä¿¡å
ãšãªããµãŒããŒã®ãã©ã€ããŒã IP ã¢ãã¬ã¹ã ãã©ã€ããŒãIPã¢ãã¬ã¹ã確èªã§ãã
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats timeout 30s
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
frontend http_front
bind *:80
stats uri /haproxy?stats
default_backend http_back
backend http_back
balance roundrobin
server server_name1 private_ip1:80 check
server server_name2 private_ip2:80 check
ããã«ãããããŒã 4 ã§ãªãã¹ã³ãã http_front ãšããå€éšåãæã€ãã©ã³ã¹ããŒãå±€ããŒã ãã©ã³ãµ (ã¬ã€ã€ 80) ãå®çŸ©ããããã©ãã£ãã¯ã http_back ãšããååã®ããã©ã«ã ããã¯ãšã³ãã«è»¢éãããŸãã è¿œå ã®çµ±èš /haproxy?stats ã¯ãçµ±èšããŒãžãæå®ãããã¢ãã¬ã¹ã«æ¥ç¶ããŸãã
ããŸããŸãªè² è·åæ£ã¢ã«ãŽãªãºã ã
ããã¯ãšã³ã ã»ã¯ã·ã§ã³ã§ãµãŒããŒãæå®ãããšãHAProxy ã¯å¯èœãªå Žåãã©ãŠã³ãããã³ ã¢ã«ãŽãªãºã ã«åŸã£ãŠè² è·åæ£ã«ãããã®ãµãŒããŒã䜿çšã§ããããã«ãªããŸãã
ãã©ã³ã·ã³ã° ã¢ã«ãŽãªãºã ã䜿çšããŠãåæ¥ç¶ãããã¯ãšã³ãã®ã©ã®ãµãŒããŒã«æž¡ããããã決å®ããŸãã 以äžã«äŸ¿å©ãªãªãã·ã§ã³ãããã€ã瀺ããŸãã
- ã©ãŠã³ãããã³ïŒ åãµãŒããŒã¯ããã®ééã«å¿ããŠé çªã«äœ¿çšãããŸãã ããã¯ããµãŒããŒã®åŠçæéãåçã«åæ£ãããŠããå Žåãæãã¹ã ãŒãºã§å ¬å¹³ãªã¢ã«ãŽãªãºã ã§ãã ãã®ã¢ã«ãŽãªãºã ã¯åçã§ããããµãŒããŒã®éã¿ããã®å Žã§èª¿æŽã§ããŸãã
- æå°ã³ã³: æ¥ç¶æ°ãæãå°ãªããµãŒããŒãéžæãããŸãã åãè² è·ã®ãµãŒããŒéã§ã©ãŠã³ãããã³ãå®è¡ãããŸãã ãã®ã¢ã«ãŽãªãºã ã®äœ¿çšã¯ãLDAPãSQLãTSE ãªã©ã®é·ãã»ãã·ã§ã³ã«ã¯æšå¥šãããŸãããHTTP ãªã©ã®çãã»ãã·ã§ã³ã«ã¯ããŸãé©ããŠããŸããã
- æåïŒ äœ¿çšå¯èœãªæ¥ç¶ã¹ããããæã€æåã®ãµãŒããŒãæ¥ç¶ãåãåããŸãã ãµãŒããŒã¯æå°ã®æ°å€ ID ããæ倧㮠ID ãŸã§éžæãããããã©ã«ãã§ã¯ãã¡ãŒã å ã®ãµãŒããŒã®äœçœ®ã«ãªããŸãã ãµãŒããŒã maxconn ã«éãããšã次ã®ãµãŒããŒã䜿çšãããŸãã
- æ å ±æºïŒ éä¿¡å IP ã¢ãã¬ã¹ãããã·ã¥ãããå®è¡äžã®ãµãŒããŒã®åèšã®éã¿ã§é€ç®ãããŠãã©ã®ãµãŒããŒããªã¯ãšã¹ããåä¿¡ãããã決å®ãããŸãã ãã®æ¹æ³ã§ã¯ããµãŒããŒã¯åããŸãŸã§ãåãã¯ã©ã€ã¢ã³ã IP ã¢ãã¬ã¹ãåžžã«åããµãŒããŒã«éä¿¡ãããŸãã
ã¢ããªã±ãŒã·ã§ã³ ã¬ãã«ã§ã®è² è·åæ£ã®èšå® (ã¬ã€ã€ãŒ 7)
ãã 7 ã€ã®å©çšå¯èœãªãªãã·ã§ã³ã¯ãã¢ããªã±ãŒã·ã§ã³å±€ (å±€ XNUMX) ã§å®è¡ãããããã«ããŒã ãã©ã³ãµãŒãæ§æããããšã§ããããã¯ãWeb ã¢ããªã±ãŒã·ã§ã³ã®äžéšãç°ãªããã¹ãã«é 眮ãããŠããå Žåã«äŸ¿å©ã§ãã ããã¯ãURL ãªã©ã«ãã£ãŠæ¥ç¶ã®éä¿¡ã調æŽããããšã§å®çŸã§ããŸãã
ããã¹ã ãšãã£ã¿ã䜿çšã㊠HAProxy æ§æãã¡ã€ã«ãéããŸãã
sudo vi /etc/haproxy/haproxy.cfg
次ã«ã以äžã®äŸã®ããã«ããã³ããšã³ã ã»ã°ã¡ã³ããšããã¯ãšã³ã ã»ã°ã¡ã³ããæ§æããŸãã
frontend http_front
bind *:80
stats uri /haproxy?stats
acl url_blog path_beg /blog
use_backend blog_back if url_blog
default_backend http_back
backend http_back
balance roundrobin
server server_name1 private_ip1:80 check
server server_name2 private_ip2:80 check
backend blog_back
server server_name3 private_ip3:80 check
ããã³ããšã³ãã¯ã/blog ã§å§ãŸããã¹ãæã€ãã¹ãŠã®æ¥ç¶ã«é©çšããã url_blog ãšãã ACL ã«ãŒã«ã宣èšããŸãã Use_backend ã¯ãurl_blog æ¡ä»¶ã«äžèŽããæ¥ç¶ã blog_back ãšããååã®ããã¯ãšã³ãã«ãã£ãŠåŠçãããããšãæå®ããä»ã®ãã¹ãŠã®ãªã¯ãšã¹ãã¯ããã©ã«ãã®ããã¯ãšã³ãã«ãã£ãŠåŠçãããŸãã
ããã¯ãšã³ãåŽã§ã¯ãæ§æã«ãã XNUMX ã€ã®ãµãŒã㌠ã°ã«ãŒããã»ããã¢ãããããŸãã以åãšåæ§ã« http_back ãšãexample.com/blog ãžã®æ¥ç¶ãåŠçãã blog_back ãšåŒã°ããæ°ããã°ã«ãŒãã§ãã
èšå®ãå€æŽããåŸããã¡ã€ã«ãä¿åãã次ã®ã³ãã³ãã䜿çšã㊠HAProxy ãåèµ·åããŸãã
sudo systemctl restart haproxy
èµ·åäžã«èŠåããšã©ãŒ ã¡ãã»ãŒãžã衚瀺ãããå Žåã¯ããããã®æ§æã確èªããå¿ èŠãªãã¡ã€ã«ãšãã©ã«ããŒããã¹ãŠäœæãããŠããããšã確èªããŠãããããäžåºŠåèµ·åããŠãã ããã
ã»ããã¢ããã®ãã¹ã
HAProxy ãæ§æããå®è¡ããããããã©ãŠã¶ã§ããŒã ãã©ã³ãµãŒ ãµãŒããŒã®ãããªã㯠IP ã¢ãã¬ã¹ãéããããã¯ãšã³ãã«æ£ããæ¥ç¶ãããŠãããã©ããã確èªããŸãã æ§æå ã® stats uri ãã©ã¡ãŒã¿ãŒã¯ãæå®ãããã¢ãã¬ã¹ã«çµ±èšããŒãžãäœæããŸãã
http://load_balancer_public_ip/haproxy?stats
çµ±èšããŒãžãããŒããããšããã¹ãŠã®ãµãŒããŒãç·è²ã«è¡šç€ºãããŠããã°ãã»ããã¢ããã¯æåããŠããŸãã
çµ±èšããŒãžã«ã¯ã皌å/åæ¢æéãã»ãã·ã§ã³æ°ãªã©ãWeb ãã¹ãã远跡ããã®ã«åœ¹ç«ã€æ å ±ãå«ãŸããŠããŸãã ãµãŒããŒãèµ€ã§ããŒã¯ãããŠããå Žåã¯ããµãŒããŒã®é»æºããªã³ã«ãªã£ãŠããŠãããŒã ãã©ã³ãµãŒ ãã·ã³ãããµãŒããŒã« ping ã§ããããšã確èªããŠãã ããã
ããŒã ãã©ã³ãµãŒãå¿çããªãå Žåã¯ãHTTP æ¥ç¶ããã¡ã€ã¢ãŠã©ãŒã«ã«ãã£ãŠãããã¯ãããŠããªãããšã確èªããŠãã ããã ãŸãã以äžã®ã³ãã³ãã䜿çšããŠãHAProxy ãåäœããŠããããšã確èªããŸãã
sudo systemctl status haproxy
çµ±èšããŒãžããã¹ã¯ãŒãã§ä¿è·ãã
ãã ããçµ±èšããŒãžãåã«ããã³ããšã³ãã«ãªã¹ããããŠããã ãã§ããã°ã誰ã§ãé²èŠ§ã§ããããšã«ãªããããã¯è¯ãèãã§ã¯ãªããããããŸããã 代ããã«ã以äžã®äŸã haproxy.cfg ãã¡ã€ã«ã®æåŸã«è¿œå ããããšã§ãã«ã¹ã¿ã ããŒãçªå·ãå²ãåœãŠãããšãã§ããŸãã 亀æãã ãŠãŒã¶å О password å®å šãªãã®ã®ããã«ïŒ
listen stats
bind *:8181
stats enable
stats uri /
stats realm Haproxy Statistics
stats auth username:password
æ°ãããªã¹ã㌠ã°ã«ãŒããè¿œå ããåŸãããã³ããšã³ã ã°ã«ãŒãããå€ãçµ±èš URI ãªã³ã¯ãåé€ããŸãã å®äºãããããã¡ã€ã«ãä¿åããHAProxy ãåèµ·åããŸãã
sudo systemctl restart haproxy
次ã«ãæ°ããããŒãçªå·ã䜿çšããŠããŒã ãã©ã³ãµãŒãå床éããæ§æãã¡ã€ã«ã§æå®ãããŠãŒã¶ãŒåãšãã¹ã¯ãŒãã䜿çšããŠãã°ã€ã³ããŸãã
http://load_balancer_public_ip:8181
ãã¹ãŠã®ãµãŒããŒããŸã ç·è²ã§è¡šç€ºãããŠããããšã確èªãããã©ãŠã¶ã§ããŒãçªå·ã䜿çšããã«ããŒã ãã©ã³ãµãŒ IP ã ããéããŸãã
http://load_balancer_public_ip/
ããã¯ãšã³ã ãµãŒããŒã«å°ãªããšãããŸããŸãªã©ã³ãã£ã³ã° ããŒãžãããå ŽåãããŒãžããªããŒããããã³ã«ãå¥ã®ãã¹ãããå¿çãåãåãããšã«æ°ã¥ãã§ãããã æ§æã»ã¯ã·ã§ã³ã§ããŸããŸãªãã©ã³ã¹ã¢ã«ãŽãªãºã ãè©Šããããã§ãã¯ã¢ãŠãããŠãã ããã
çµè«: HAProxy ããŒã ãã©ã³ãµãŒ
HAProxy ããŒã ãã©ã³ãµãŒã®ã»ããã¢ãããæ£åžžã«å®äºããŸãããããã§ãšãããããŸãã åºæ¬çãªè² è·åæ£ã»ããã¢ããã䜿çšããŠããWeb ã¢ããªã±ãŒã·ã§ã³ã®ããã©ãŒãã³ã¹ãšå¯çšæ§ã倧å¹
ã«åäžãããããšãã§ããŸãã ãã®ã¬ã€ãã¯ãHAProxy ã䜿çšããè² è·åæ£ã®åãªãå
¥éæžã§ãããã¯ã€ã㯠ã»ããã¢ãã ã¬ã€ãã§èª¬æã§ãã以äžã®æ©èœãåããŠããŸãã ã䜿çšããŠããŸããŸãªæ§æãè©ŠããŠã¿ãããšããå§ãããŸãã
è€æ°ã®ãã¹ãã䜿çšã㊠Web ãµãŒãã¹ãä¿è·ããŠããããŒã ãã©ã³ãµãŒèªäœã«é害ç¹ãååšããå¯èœæ§ããããŸãã è€æ°ã®ããŒã ãã©ã³ãµãŒéã«ãããŒãã£ã³ã° IP ãã€ã³ã¹ããŒã«ãããšãé«å¯çšæ§ãããã«åäžãããããšãã§ããŸãã 詳现ã«ã€ããŠã¯ããã¡ããã芧ãã ããã
ã³ãŒã¹ã®è©³çŽ°
åºæïŒ habr.com