Configure LB and proxy using haproxy
Requirement:
1. Once server for load balancer
2. one or two servers for web servers
In my example I have three servers
Load Balancer: master - 192.168.10.50
Web servers: worker1, worker2 - 192.168.10.51/52
1. On master server, Install haproxy - comes on RedHat DVD
# yum install haproxy
Note: There is no httpd process running on this host.
# rpm -qa httpd
2. Configure haproxy
[root@master ~]# vi /etc/haproxy/haproxy.cfg
do not modify global and default setting,
Directly go to 'frontend main' section
Here, change the port where you want your Load Balancer to run.
I will be using port 8080
I will be disabling firewall and selinux for this lab.
frontend main
bind *:8080
go all the way down to section called 'backend app,
In this section, you will be adding all web server information.
backend app
balance roundrobin
server app1 w1 192.168.10.51:80 check
server app2 w2 192.168.10.52:80 check
3. Once config is changed, start the service
# systemctl start haproxy
# systemctl enable haproxy
# systemctl status haproxy
4. Now, go to your web server machines.
a. In my case, its worker node 1 and node2
Install web server and start the service
# yum install httpd
# systemctl start httpd
# systemctl status httpd
# systemctl enable httpd
# systemctl stop firewalld
b. Create a index file
[root@worker1 html]# cat index.html
This is worker node1
[root@worker2 html]# cat index.html
This is Worker node2
5. Now, get the IP of your load balancer server.
http://192.168.10.50:8080
You should be able to see the web site. if you refresh, you will see new page.
This proves that load balancer is working.
--------------------------------------------------------------
Until now, we configure haproxy manually, lets start configuring haproxy using ansible
1. Lets configure our inventory file as follows,
# ansible --version
# more /etc/ansible/ansible.conf
# cat myhosts
[mylb]
master ansible_user=root ansible_ssh_pass=changeme ansible_connection=ssh
[myweb]
worker1 ansible_user=root ansible_ssh_pass=changeme ansible_connection=ssh
worker2 ansible_user=root ansible_ssh_pass=changeme ansible_connection=ssh
Note: There is one option available in inventory to group them. and give them group name say web or load balancer.
2. Lets automate everything using ansible. Here is the yaml file.
[root@master wk6]# cat mylb.yaml
- hosts: myweb # myweb comes from inventory file
tasks:
- package:
name: "httpd"
- copy:
dest: "/var/www/html/index.html"
content: " Testing Load Balancer on RHEL7/Centos7"
- service:
name: "httpd"
state: restarted
- service:
name: "firewalld"
state: stopped
enabled: False
- hosts: mylb
tasks:
- name: "Install LB software"
package:
name: "haproxy"
- template:
dest: "/etc/haproxy/haproxy.cfg"
src: "haproxy.cfg"
- service:
name: "haproxy"
state: restarted
3. Lets look at the config file for haproxy
Do not modify global and default values.
[root@master wk6]# cat haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# utilize system-wide crypto-policies
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main
bind *:8080 # This is a port where LB will be listening
#bind *:5000
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js
use_backend static if url_static
default_backend app
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app # app value can be anything
balance roundrobin
#server app1 127.0.0.1:5001 check
#server app2 127.0.0.1:5002 check
#server app3 127.0.0.1:5003 check
#server app4 127.0.0.1:5004 check
#server app1 w1 192.168.10.51:80 check
#server app2 w2 192.168.10.52:80 check
{% for i in groups[ 'myweb' ] %}
server app{{ loop.index }} {{ i }}:80 check
{% endfor %}
4. Lets run your playbook
[root@master wk6]# ansible-playbook mylb.yaml
5. Lets verify the content of haproxy.conf file
# cat /etc/haproxy/haproxy.conf
6. Go to the browser with ip of proxy server which is .50
http://192.168.10.50:8080/
You should be able to see the page.
Now, modify the content of one of the indexfile from web server and refresh the LB server, you will find the new pages.
No comments:
Post a Comment