Haproxy HA Cluster

Posted on Thu 24 February 2022 in Linux-Open-Source

HAProxy Cluster

Important

HAProxy is a free, open source HA load balancer and proxy server for TCP and HTTP-based applications that distributes requests across many servers with high availability. The connection is forwarded by HAProxy to whatever node is the master at the time. Patroni's REST endpoint is used to do this. Patroni makes sure that only the master node is online at any given time, forcing HAProxy to connect to the proper node.

  • login HAproxy_node1 or HAproxy_node2 and install HAproxy & Keepalived
dnf install haproxy keepalived -y

Configure HAProxy

  • Login on both node and configure

backup default haproxy.conf file

cp -f /etc/haproxy/haproxy.cfg cp -f /etc/haproxy/haproxy.cfg-orig

Remove everything from this file, and add the following configuration parameters.

#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------

global
log     127.0.0.1 local0
ssl-default-bind-options no-sslv3
tune.ssl.default-dh-param 2048
chroot      /var/lib/haproxy
pidfile     /var/run/haproxy.pid
maxconn     4000
user    haproxy
group       haproxy
daemon
stats socket /var/lib/haproxy/stats

defaults
mode    tcp
log     global
option      tcplog
option      dontlognull
option      http-server-close
#option     forwardfor       except 127.0.0.0/8
option      redispatch
retries     3
timeout http-request    10s
timeout queue       1m
timeout connect     10s
timeout client      1m
timeout server      1m
timeout http-keep-alive     10s
timeout check       10s


#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------

listen stats
    mode http
    bind *:8089
    stats enable
    stats uri /


listen apache
    bind *:80
    mode http
    balance source
    http-request redirect scheme https unless { ssl_fc }

listen apache-ssl
    bind *:443
    #use_backend socket if { dst_port 3232 }
mode http
    balance roundrobin
    bind *:443 ssl crt /etc/tls/wss.pem alpn h2
    http-request redirect scheme https unless { ssl_fc }

    server  app1 192.168.0.117:80 check inter 2000 fall 3 cookie app1
    server  app2 192.168.0.118:80 check inter 2000 fall 3 cookie app2

listen postgres
    mode tcp
    bind *:5432

    option httpchk
    http-check expect status 200
    default-server inter 3s fall 3 rise 2 on-marked-down shutdown-sessions

    server pg_node1 192.168.0.123:5432 maxconn 1000 check port 8008 #check-ssl verify none
    server pg_node2 192.168.0.121:5432 maxconn 1000 check port 8008 #check-ssl verify none

Check configuration file with below command;

haproxy -c -V -f /etc/haproxy/haproxy.cfg

If any error correct then start haproxy service.

setsebool -P haproxy_connect_any on

systemctl enable --now haproxy.service

Configure Keepalived

Login on HAproxy_node1

  • backup defualt Keepalived.conf
cp -f /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf-orig

Remove everything from this file, and add the following configuration parameters.

vrrp_script chk_haproxy {
    script "killall -0 haproxy" # check the haproxy process
    interval 2      # every 2 seconds
    weight 2    # add 2 points if OK
}
vrrp_instance VI_1 {
    interface ens192     # interface to monitor
    state MASTER     # MASTER on haproxy_node1, BACKUP on haproxy_node2
    virtual_router_id 51
    priority 101     # 101 on haproxy_node1, 100 on haproxy_node2
    virtual_ipaddress {
    192.168.0.100/24     # virtual ip address
    }
  track_script {
    chk_haproxy
    }
}

systemctl enable --now keepalived.service

Login on HAproxy_node2

  • backup defualt Keepalived.conf
cp -f /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf-orig

Remove everything from this file, and add the following configuration parameters.

vrrp_script chk_haproxy {
  script "killall -0 haproxy" # check the haproxy process
  interval 2    # every 2 seconds
  weight 2      # add 2 points if OK
}
vrrp_instance VI_1 {
  interface ens192       # interface to monitor
  state BACKUP       # MASTER on haproxy_node1, BACKUP on haproxy_node2
  virtual_router_id 51
  priority 100       # 101 on haproxy_node1, 100 on haproxy_node2
  virtual_ipaddress {
  192.168.0.100/24       # virtual ip address
  }
 track_script {
  chk_haproxy
  }
}

systemctl enable --now keepalived.service
K

HAproxy Statistics Report;

G

awesome thanks