Sekenario

OS : Debian 8.7
Haproxy : 1.5.19

lb-master : 172.16.0.3
lb-slave : 172.16.0.4
share/floating IP : 172.16.0.5

Balancer dibuat master/slave (active/passive) agar meminimalkan downtime saat maintenance di salah satu node

configure haproxy dan keepalived di kedua node

# apt-get -y install haproxy keepalived vvrpd

kemudian pada file sysctl.conf tambahkan baris berikut dengan tujuan agar floating IP dapat di assign disalah satu node yang bertindak sebagai master

net.ipv4.ip_nonlocal_bind=1

# vi /etc/sysctl.conf

net.ipv4.ip_nonlocal_bind=1

aktifkan perubahan pada sysctl dengan perintah

# sysctl -p
net.ipv4.ip_nonlocal_bind = 1

selanjutnya buat file config keepalived di master node

# vi /etc/keepalived/keepalived.conf
global_defs {
# Keepalived process identifier
lvs_id haproxy_DH
}

# Script used to check if HAProxy is running
vrrp_script check_haproxy {
script "killall -0 haproxy"
interval 2
weight 2
}

# Virtual interface
# The priority specifies the order in which the assigned interface to take over in a failover
vrrp_instance VI_01 {
state MASTER
interface eth0
virtual_router_id 79
priority 101

# The virtual ip address shared between the two loadbalancers
virtual_ipaddress {
172.16.0.5
    }
track_script {
  check_haproxy

}
            }

file config keepalived di slave node

# vi /etc/keepalived/keepalived.conf
global_defs {
# Keepalived process identifier
lvs_id haproxy_DH_passive
}

# Script used to check if HAProxy is running
vrrp_script check_haproxy {
script "killall -0 haproxy"
interval 2
weight 2
}

# Virtual interface
# The priority specifies the order in which the assigned interface to take over in a failover
vrrp_instance VI_01 {
state BACKUP
interface eth0
virtual_router_id 79
priority 100

# The virtual ip address shared between the two loadbalancers
virtual_ipaddress {
172.16.0.5
    }
track_script {check_haproxy}
            }

jika sudah restart service keepalived di setiap node

selanjutnya configure haproxy di node master/slave

file config haproxy terdapat di /etc/haproxy/haproxy.cfg

# vi /etc/haproxy/haproxy.cfg
global
	log /dev/log	local0
	log /dev/log	local1 notice
	log 127.0.0.1 	local0
	chroot /var/lib/haproxy
	stats socket /run/haproxy/admin.sock mode 660 level admin
	stats timeout 30s
	user haproxy
	group haproxy
	maxconn 32000
	nbproc 8
	stats bind-process 1
        cpu-map odd 0-1 4-5
        cpu-map even 2-3 6-7
	daemon

	# Default SSL material locations
	ca-base /etc/ssl/certs
	crt-base /etc/ssl/private

	# Default ciphers to use on SSL-enabled listening sockets.
	# For more information, see ciphers(1SSL). This list is from:
	#  https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
	# An alternative list with additional directives can be obtained from
	#  https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
	ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
	ssl-default-bind-options no-sslv3

defaults
	log	global
	mode	http
	#option	httplog
	option	dontlognull
        timeout connect 5000
        timeout client  50000
        timeout server  50000
	errorfile 400 /etc/haproxy/errors/400.http
	errorfile 403 /etc/haproxy/errors/403.http
	errorfile 408 /etc/haproxy/errors/408.http
	errorfile 500 /etc/haproxy/errors/500.http
	errorfile 502 /etc/haproxy/errors/502.http
	errorfile 503 /etc/haproxy/errors/503.http
	errorfile 504 /etc/haproxy/errors/504.http

listen  haproxy_write_only_3306
        bind *:3306
        mode tcp
        timeout connect 5000ms
        timeout client 50000ms
        timeout server 50000ms
        balance leastconn
        server srv-u26 172.17.0.169:3306 check port 3306 inter 2s downinter 5s rise 2 fall 3  weight 100
        server srv-u36b 172.17.0.170:3306 check port 3306 inter 2s downinter 5s rise 2 fall 3 weight 100 backup
        server srv-u34a 172.17.0.172:3306 check port 3306 inter 2s downinter 5s rise 3 fall 2 weight 100 backup
        server srv-u38  172.17.0.175:3306 check port 3306 inter 2s downinter 5s rise 3 fall 2 weight 100 backup
        server srv-u39  172.17.0.176:3306 check port 3306 inter 2s downinter 5s rise 3 fall 2 weight 100 backup
 
listen  haproxy_read_only_3307
        bind *:3307
        mode tcp
        timeout connect 5000ms
        timeout client 50000ms
        timeout server 50000ms
        balance leastconn
        server srv-u26 172.17.0.169:3306 check port 3306 inter 2s downinter 5s rise 2 fall 3 weight 100 backup
        server srv-u36b 172.17.0.170:3306 check port 3306 inter 2s downinter 5s rise 2 fall 3 weight 100
        server srv-u34a 172.17.0.172:3306 check port 3306 inter 2s downinter 5s rise 3 fall 2 weight 100 backup
	server srv-u38  172.17.0.175:3306 check port 3306 inter 2s downinter 5s rise 3 fall 2 weight 100 backup
        server srv-u39  172.17.0.176:3306 check port 3306 inter 2s downinter 5s rise 3 fall 2 weight 100 backup


listen  haproxy_read_only_3308
        bind *:3308
        mode tcp
        timeout connect 5000ms
        timeout client 50000ms
        timeout server 50000ms
        balance leastconn
        server srv-u26 172.17.0.169:3306 check port 3306 inter 2s downinter 5s rise 2 fall 3 weight 100 backup
        server srv-u36b 172.17.0.170:3306 check port 3306 inter 2s downinter 5s rise 2 fall 3 weight 100 backup
        server srv-u34a 172.17.0.172:3306 check port 3306 inter 2s downinter 5s rise 3 fall 2 weight 100
	server srv-u38  172.17.0.175:3306 check port 3306 inter 2s downinter 5s rise 3 fall 2 weight 100 backup
        server srv-u39  172.17.0.176:3306 check port 3306 inter 2s downinter 5s rise 3 fall 2 weight 100 backup

listen  haproxy_read_only_3309
        bind *:3309
        mode tcp
        timeout connect 5000ms
        timeout client 50000ms
        timeout server 50000ms
        balance leastconn
        server srv-u26 172.17.0.169:3306 check port 3306 inter 2s downinter 5s rise 2 fall 3 weight 100 backup
        server srv-u36b 172.17.0.170:3306 check port 3306 inter 2s downinter 5s rise 2 fall 3 weight 100 backup
        server srv-u34a 172.17.0.172:3306 check port 3306 inter 2s downinter 5s rise 3 fall 2 weight 100 backup
        server srv-u38  172.17.0.175:3306 check port 3306 inter 2s downinter 5s rise 3 fall 2 weight 100 
        server srv-u39  172.17.0.176:3306 check port 3306 inter 2s downinter 5s rise 3 fall 2 weight 100 backup

listen  haproxy_read_only_3310
        bind *:3310
        mode tcp
        timeout connect 5000ms
        timeout client 50000ms
        timeout server 50000ms
        balance leastconn
        server srv-u26 172.17.0.169:3306 check port 3306 inter 2s downinter 5s rise 2 fall 3 weight 100 backup
        server srv-u36b 172.17.0.170:3306 check port 3306 inter 2s downinter 5s rise 2 fall 3 weight 100 backup
        server srv-u34a 172.17.0.172:3306 check port 3306 inter 2s downinter 5s rise 3 fall 2 weight 100 backup
        server srv-u38  172.17.0.175:3306 check port 3306 inter 2s downinter 5s rise 3 fall 2 weight 100 backup
        server srv-u39  172.17.0.176:3306 check port 3306 inter 2s downinter 5s rise 3 fall 2 weight 100 

listen read_write_haproxy
    bind :8081 process 1
    bind :8082 process 2
    bind :8083 process 3
    bind :8084 process 4
    bind :8085 process 5
    bind :8086 process 6
    bind :8087 process 7
    bind :8088 process 8
    mode http
    balance leastconn
    stats enable
    stats uri /
    stats show-node
    stats refresh 10s
    stats show-legends

Test failover

sebelumnya jalankan perintah ip addr di master node, akan terlihat seperti ini

# ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:10:74:68 brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.3/24 brd 172.16.77.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 172.16.0.5/32 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe10:7468/64 scope link 
       valid_lft forever preferred_lft forever

selanjutnya lakukan perintah yang sama pada slave node

# ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:11:c8:af brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.4/24 brd 172.16.77.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe11:c8af/64 scope link 
       valid_lft forever preferred_lft forever

selanjutnya matikan service haproxy di master node, maka jika di lakukan perintah ip addr di slave node otomatis IP 172.16.0.5 akan ter assign di slave node

# ip addr
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:11:c8:af brd ff:ff:ff:ff:ff:ff
    inet 172.16.0.4/24 brd 172.16.77.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet 172.16.0.5/32 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe11:c8af/64 scope link 
       valid_lft forever preferred_lft forever

sumber

sumber2

sumber3

selesai

Advertisements