Keepalived를 이용한 HAproxy 이중화

Rocky Linux 9.1에서 진행

[root@HAproxy01 ~]# cat /etc/redhat-release
Rocky Linux release 9.1 (Blue Onyx)

1. 저장소 Keepalived 버전 확인 및 설치

[root@HAproxy01 ~]# yum info keepalived
Last metadata expiration check: 0:00:46 ago on Wed Apr  5 10:22:39 2023.
Available Packages
Name         : keepalived
Version      : 2.2.4
Release      : 2.el9
Architecture : x86_64
Size         : 538 k
Source       : keepalived-2.2.4-2.el9.src.rpm

[root@HAproxy01 ~]# yum install -y keepalived
Last metadata expiration check: 0:01:32 ago on Wed Apr  5 10:22:39 2023.

2. syslog 설정

[root@HAproxy01 ~]# vi /etc/rsyslog.conf
   local0.*        /var/log/keepalived.log

[root@HAproxy01 ~]# vi /etc/sysconfig/keepalived  KEEPALIVED_OPTIONS="-D -d -S 0"  
[root@HAproxy01 ~]# systemctl restart rsyslog

3. sysctl.conf 수정

[root@HAproxy01 ~]# vi /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
net.ipv4.ip_forward=1 

[root@HAproxy01 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1

4. keepalived.conf 설정

[root@HAproxy01 ~]# vi /etc/keepalived/keepalived.conf  ! Configuration File for keepalived

global_defs {
   router_id LVS_DEVEL
}

vrrp_track_process haproxy { # HAProcess 프로세스 감시하여 프로세스 죽으면 priority 값 -20
        process haproxy
        weight -20
}

vrrp_instance VI_1 {
    state MASTER
    interface ens3 # VIP 할당할 인터페이스 지정
    virtual_router_id 51 # Router ID Active, Standby 동일해야 함
    priority 110 # priority 값 Standby 장비는 이보다 낮아야 함
    advert_int 1 # VRRP 패킷 발송 주기
    authentication {
        auth_type PASS
        auth_pass 1111     }
    virtual_ipaddress {         192.168.100.10/24 # VIP IP 설정     
    }
    track_process {
    haproxy
    } 
}

5. VRRP 패킷 허용

[root@HAproxy01 ~]# firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent
success
[root@HAproxy01 ~]#firewall-cmd --reload   
success

6. Keepalived 서비스 시작

[root@HAproxy01 ~]# systemctl enable keepalived 
[root@HAproxy01 ~]# systemctl start keepalived

HAproxy

1. 저장소 HAproxy 버전 확인 및 설치

[root@HAproxy01 ~]# yum info haproxy
Last metadata expiration check: 0:08:02 ago on Wed Apr  5 10:26:10 2023.
Available Packages
Name         : haproxy
Version      : 2.4.17
Release      : 3.el9
Architecture : x86_64
Size         : 2.1 M
Source       : haproxy-2.4.17-3.el9.src.rpm

[root@HAproxy01 ~]# yum install -y haproxy

2. HAproxy.cfg 설정

global
    log         127.0.0.1:514 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    # turn on stats unix socket
    stats socket /var/lib/haproxy/stats

    # utilize system-wide crypto-policies
    ssl-default-bind-ciphers PROFILE=SYSTEM
    ssl-default-server-ciphers PROFILE=SYSTEM

defaults
    mode                    http
    log                     global
#    option                  httplog #    option                  dontlognull
     option http-server-close
#    option forwardfor       except 127.0.0.0/8 
#    option                  redispatch 
#    retries                 3     timeout http-request    10s
#    timeout queue           1m     timeout connect         5s
    timeout client          5s
    timeout server          5s
    timeout http-keep-alive 20s
    timeout http-request    20s
#    maxconn                 3000 #
listen stats
mode http
        bind 192.168.100.10:8888
stats enable #stats scope   .
stats uri     /
stats realm   HAProxy\ Statistics
#stats auth    haproxyadmin:changeme
    stats refresh 1s

#프론트엔드 설정
frontend test_frontend
    bind 192.168.100.10:80
    default_backend             test_backend

#백엔드 설정
backend test_backend
    balance     roundrobin
    mode        http
    option      httpchk OPTIONS * HTTP/1.1
    http-check send meth GET uri / hdr host HAproxy hdr user-agnet HAproxy
    option forwardfor
    server  app1 192.168.100.20:80 check inter 5s 
    server  app2 192.168.100.30:80 check inter 5s

3. HAproxy 서비스 시작

[root@HAproxy01 ~]# systemctl enable haproxy 
[root@HAproxy01 ~]# systemctl start haproxy

동작 확인

Active 장비 HAproxy 서비스 다운 시

Active 장비

[root@HAproxy01 log]# systemctl start haproxy  
[root@HAproxy01 log]# cat /var/log/keepalived.log 
Apr  6 09:43:13 HAproxy01 Keepalived_vrrp[16082]: Quorum lost for tracked process haproxy
Apr  6 09:43:13 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Changing effective priority from 110 to 90
Apr  6 09:43:16 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Master received advert from 192.168.100.12 with higher priority 100, ours 90
Apr  6 09:43:16 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Entering BACKUP STATE
Apr  6 09:43:16 HAproxy01 Keepalived_vrrp[16082]: (VI_1) removing VIPs

[root@HAproxy01 log]# ip a 
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:50:01:00:02:00 brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 192.168.100.11/24 brd 192.168.100.255 scope global noprefixroute ens3
       valid_lft forever preferred_lft forever

Standby 장비

[root@HAproxy02 log]# cat /var/log/keepalived.log
Apr  6 09:43:14 HAproxy02 Keepalived_vrrp[16016]: (VI_1) received lower priority (90) advert from 192.168.100.11 - discarding
Apr  6 09:43:15 HAproxy02 Keepalived_vrrp[16016]: (VI_1) received lower priority (90) advert from 192.168.100.11 - discarding
Apr  6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: (VI_1) received lower priority (90) advert from 192.168.100.11 - discarding
Apr  6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: (VI_1) Receive advertisement timeout
Apr  6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: (VI_1) Entering MASTER STATE
Apr  6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: (VI_1) setting VIPs.
Apr  6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: (VI_1) Sending/queueing gratuitous ARPs on ens3 for 192.168.100.10
Apr  6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:43:21 HAproxy02 Keepalived_vrrp[16016]: (VI_1) Sending/queueing gratuitous ARPs on ens3 for 192.168.100.10
Apr  6 09:43:21 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:43:21 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:43:21 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:43:21 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:43:21 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10


2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:50:01:00:03:00 brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 192.168.100.12/24 brd 192.168.100.255 scope global noprefixroute ens3
       valid_lft forever preferred_lft forever
    inet 192.168.100.10/24 scope global secondary ens3
       valid_lft forever preferred_lft forever

Keepalived Track 기능으로 인해 Active의 priority 값이 -20되어 Active의 vrrp 패킷의 priority 값이 90으로 발송됨. Standby 장비는 해당 vrrp 패킷을 수신받은 후 priority 값이 90인걸 확인 후 자신의 priority 값이 더 높은것을 확인한 후 Keepavlied MASTER 상태로 전환, 자신의 vrrp 패킷 및 자신의 MAC 주소를 알리는 GARP를 발송하게 되며 VIP는 Standby가 가지게 됨.

복원

Active 장비에서 haproxy 데몬을 다시 시작

[root@HAproxy01 log]# systemctl start haproxy  
[root@HAproxy01 log]# cat /var/log/keepalived.log
Apr  6 09:51:10 HAproxy01 Keepalived_vrrp[16082]: Quorum gained for tracked process haproxy
Apr  6 09:51:10 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Changing effective priority from 90 to 110
Apr  6 09:51:11 HAproxy01 Keepalived_vrrp[16082]: (VI_1) received lower priority (100) advert from 192.168.100.12 - discarding
Apr  6 09:51:12 HAproxy01 Keepalived_vrrp[16082]: (VI_1) received lower priority (100) advert from 192.168.100.12 - discarding
Apr  6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: (VI_1) received lower priority (100) advert from 192.168.100.12 - discarding
Apr  6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Receive advertisement timeout
Apr  6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Entering MASTER STATE
Apr  6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: (VI_1) setting VIPs.
Apr  6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Sending/queueing gratuitous ARPs on ens3 for 192.168.100.10
Apr  6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:51:18 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Sending/queueing gratuitous ARPs on ens3 for 192.168.100.10
Apr  6 09:51:18 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:51:18 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:51:18 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:51:18 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr  6 09:51:18 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10

[root@HAproxy01 log]# ip a 
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:50:01:00:02:00 brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    inet 192.168.100.11/24 brd 192.168.100.255 scope global noprefixroute ens3
       valid_lft forever preferred_lft forever
    inet 192.168.100.10/24 scope global secondary ens3
       valid_lft forever preferred_lft forever

Active의 HAprxoy 데몬이 다시 살아나면 priority값을 원복하게 되며 (90 → 110) vrrp 패킷 및 GARP를 전송하며 Acitve가 Keepalived Master 상태가 된다.

PreviousHAProxy Transparent NextHaproxy를 다운타임 없이 재시작(reload)하기

Last updated 1 year ago

hashtagKeepalived를 이용한 HAproxy 이중화

hashtag1. 저장소 Keepalived 버전 확인 및 설치

hashtag2. syslog 설정

hashtag3. sysctl.conf 수정

hashtag4. keepalived.conf 설정

hashtag5. VRRP 패킷 허용

hashtag6. Keepalived 서비스 시작

hashtagHAproxy

hashtag1. 저장소 HAproxy 버전 확인 및 설치

hashtag2. HAproxy.cfg 설정

hashtag3. HAproxy 서비스 시작

hashtag동작 확인

hashtagActive 장비 HAproxy 서비스 다운 시

hashtag복원