Keepalived를 이용한 HAproxy 이중화
Keepalived를 이용한 HAproxy 이중화
Rocky Linux 9.1에서 진행
[root@HAproxy01 ~]# cat /etc/redhat-release
Rocky Linux release 9.1 (Blue Onyx)1. 저장소 Keepalived 버전 확인 및 설치
[root@HAproxy01 ~]# yum info keepalived
Last metadata expiration check: 0:00:46 ago on Wed Apr 5 10:22:39 2023.
Available Packages
Name : keepalived
Version : 2.2.4
Release : 2.el9
Architecture : x86_64
Size : 538 k
Source : keepalived-2.2.4-2.el9.src.rpm
[root@HAproxy01 ~]# yum install -y keepalived
Last metadata expiration check: 0:01:32 ago on Wed Apr 5 10:22:39 2023.2. syslog 설정
[root@HAproxy01 ~]# vi /etc/rsyslog.conf
local0.* /var/log/keepalived.log
[root@HAproxy01 ~]# vi /etc/sysconfig/keepalived KEEPALIVED_OPTIONS="-D -d -S 0"
[root@HAproxy01 ~]# systemctl restart rsyslog3. sysctl.conf 수정
[root@HAproxy01 ~]# vi /etc/sysctl.conf
net.ipv4.ip_nonlocal_bind=1
net.ipv4.ip_forward=1
[root@HAproxy01 ~]# sysctl -p
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 14. keepalived.conf 설정
[root@HAproxy01 ~]# vi /etc/keepalived/keepalived.conf ! Configuration File for keepalived
global_defs {
router_id LVS_DEVEL
}
vrrp_track_process haproxy { # HAProcess 프로세스 감시하여 프로세스 죽으면 priority 값 -20
process haproxy
weight -20
}
vrrp_instance VI_1 {
state MASTER
interface ens3 # VIP 할당할 인터페이스 지정
virtual_router_id 51 # Router ID Active, Standby 동일해야 함
priority 110 # priority 값 Standby 장비는 이보다 낮아야 함
advert_int 1 # VRRP 패킷 발송 주기
authentication {
auth_type PASS
auth_pass 1111 }
virtual_ipaddress { 192.168.100.10/24 # VIP IP 설정
}
track_process {
haproxy
}
}5. VRRP 패킷 허용
[root@HAproxy01 ~]# firewall-cmd --add-rich-rule='rule protocol value="vrrp" accept' --permanent
success
[root@HAproxy01 ~]#firewall-cmd --reload
success 6. Keepalived 서비스 시작
[root@HAproxy01 ~]# systemctl enable keepalived
[root@HAproxy01 ~]# systemctl start keepalivedHAproxy
1. 저장소 HAproxy 버전 확인 및 설치
[root@HAproxy01 ~]# yum info haproxy
Last metadata expiration check: 0:08:02 ago on Wed Apr 5 10:26:10 2023.
Available Packages
Name : haproxy
Version : 2.4.17
Release : 3.el9
Architecture : x86_64
Size : 2.1 M
Source : haproxy-2.4.17-3.el9.src.rpm
[root@HAproxy01 ~]# yum install -y haproxy2. HAproxy.cfg 설정
global
log 127.0.0.1:514 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
defaults
mode http
log global
# option httplog # option dontlognull
option http-server-close
# option forwardfor except 127.0.0.0/8
# option redispatch
# retries 3 timeout http-request 10s
# timeout queue 1m timeout connect 5s
timeout client 5s
timeout server 5s
timeout http-keep-alive 20s
timeout http-request 20s
# maxconn 3000 #
listen stats
mode http
bind 192.168.100.10:8888
stats enable #stats scope .
stats uri /
stats realm HAProxy\ Statistics
#stats auth haproxyadmin:changeme
stats refresh 1s
#프론트엔드 설정
frontend test_frontend
bind 192.168.100.10:80
default_backend test_backend
#백엔드 설정
backend test_backend
balance roundrobin
mode http
option httpchk OPTIONS * HTTP/1.1
http-check send meth GET uri / hdr host HAproxy hdr user-agnet HAproxy
option forwardfor
server app1 192.168.100.20:80 check inter 5s
server app2 192.168.100.30:80 check inter 5s3. HAproxy 서비스 시작
[root@HAproxy01 ~]# systemctl enable haproxy
[root@HAproxy01 ~]# systemctl start haproxy동작 확인
Active 장비 HAproxy 서비스 다운 시
Active 장비
[root@HAproxy01 log]# systemctl start haproxy
[root@HAproxy01 log]# cat /var/log/keepalived.log
Apr 6 09:43:13 HAproxy01 Keepalived_vrrp[16082]: Quorum lost for tracked process haproxy
Apr 6 09:43:13 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Changing effective priority from 110 to 90
Apr 6 09:43:16 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Master received advert from 192.168.100.12 with higher priority 100, ours 90
Apr 6 09:43:16 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Entering BACKUP STATE
Apr 6 09:43:16 HAproxy01 Keepalived_vrrp[16082]: (VI_1) removing VIPs
[root@HAproxy01 log]# ip a
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:50:01:00:02:00 brd ff:ff:ff:ff:ff:ff
altname enp0s3
inet 192.168.100.11/24 brd 192.168.100.255 scope global noprefixroute ens3
valid_lft forever preferred_lft foreverStandby 장비
[root@HAproxy02 log]# cat /var/log/keepalived.log
Apr 6 09:43:14 HAproxy02 Keepalived_vrrp[16016]: (VI_1) received lower priority (90) advert from 192.168.100.11 - discarding
Apr 6 09:43:15 HAproxy02 Keepalived_vrrp[16016]: (VI_1) received lower priority (90) advert from 192.168.100.11 - discarding
Apr 6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: (VI_1) received lower priority (90) advert from 192.168.100.11 - discarding
Apr 6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: (VI_1) Receive advertisement timeout
Apr 6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: (VI_1) Entering MASTER STATE
Apr 6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: (VI_1) setting VIPs.
Apr 6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: (VI_1) Sending/queueing gratuitous ARPs on ens3 for 192.168.100.10
Apr 6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:43:16 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:43:21 HAproxy02 Keepalived_vrrp[16016]: (VI_1) Sending/queueing gratuitous ARPs on ens3 for 192.168.100.10
Apr 6 09:43:21 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:43:21 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:43:21 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:43:21 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:43:21 HAproxy02 Keepalived_vrrp[16016]: Sending gratuitous ARP on ens3 for 192.168.100.10
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:50:01:00:03:00 brd ff:ff:ff:ff:ff:ff
altname enp0s3
inet 192.168.100.12/24 brd 192.168.100.255 scope global noprefixroute ens3
valid_lft forever preferred_lft forever
inet 192.168.100.10/24 scope global secondary ens3
valid_lft forever preferred_lft foreverKeepalived Track 기능으로 인해 Active의 priority 값이 -20되어 Active의 vrrp 패킷의 priority 값이 90으로 발송됨. Standby 장비는 해당 vrrp 패킷을 수신받은 후 priority 값이 90인걸 확인 후 자신의 priority 값이 더 높은것을 확인한 후 Keepavlied MASTER 상태로 전환, 자신의 vrrp 패킷 및 자신의 MAC 주소를 알리는 GARP를 발송하게 되며 VIP는 Standby가 가지게 됨.
복원
Active 장비에서 haproxy 데몬을 다시 시작
[root@HAproxy01 log]# systemctl start haproxy
[root@HAproxy01 log]# cat /var/log/keepalived.log
Apr 6 09:51:10 HAproxy01 Keepalived_vrrp[16082]: Quorum gained for tracked process haproxy
Apr 6 09:51:10 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Changing effective priority from 90 to 110
Apr 6 09:51:11 HAproxy01 Keepalived_vrrp[16082]: (VI_1) received lower priority (100) advert from 192.168.100.12 - discarding
Apr 6 09:51:12 HAproxy01 Keepalived_vrrp[16082]: (VI_1) received lower priority (100) advert from 192.168.100.12 - discarding
Apr 6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: (VI_1) received lower priority (100) advert from 192.168.100.12 - discarding
Apr 6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Receive advertisement timeout
Apr 6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Entering MASTER STATE
Apr 6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: (VI_1) setting VIPs.
Apr 6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Sending/queueing gratuitous ARPs on ens3 for 192.168.100.10
Apr 6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:51:13 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:51:18 HAproxy01 Keepalived_vrrp[16082]: (VI_1) Sending/queueing gratuitous ARPs on ens3 for 192.168.100.10
Apr 6 09:51:18 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:51:18 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:51:18 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:51:18 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
Apr 6 09:51:18 HAproxy01 Keepalived_vrrp[16082]: Sending gratuitous ARP on ens3 for 192.168.100.10
[root@HAproxy01 log]# ip a
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:50:01:00:02:00 brd ff:ff:ff:ff:ff:ff
altname enp0s3
inet 192.168.100.11/24 brd 192.168.100.255 scope global noprefixroute ens3
valid_lft forever preferred_lft forever
inet 192.168.100.10/24 scope global secondary ens3
valid_lft forever preferred_lft foreverActive의 HAprxoy 데몬이 다시 살아나면 priority값을 원복하게 되며 (90 → 110) vrrp 패킷 및 GARP를 전송하며 Acitve가 Keepalived Master 상태가 된다.
Last updated