HAPROXY : Load balancer Cluster

Neste post será apresentado como configurar um cluster HAPROXY para ser o load balancer da infraestrutura abaixo.

Conforme é apresentado será criado um Cluster HAPROXY prevendo o crescimento horizontal do ambiente independente de tecnologia. (Apache , NGINX, IIS e etc)

1) Ambiente :

OS : CentOS7 (RHEL7)
10.0.0.10 HAPROXY-01
10.0.0.20 HAPROXY-02

OBS: A configuração do HAPROXY será SSL SNI.

 

2) Requisitos :

2.1) Instalação do HAPROXY :

 

Neste post a instlação será realizada vim YUM , no blog temos o exemplo de como compilar o HAPROXY com suporte à SSL :

HAPROXY 1.5 : Configurando com SSL SNI (Passthrough)

Executando a instalação via YUM

yum install haproxy -y 

Habilitando no boot

systemctl enable haproxy 

Estamos utilizando a versão 1.5.18

 


 

2.2) Instalação do KeepAlived :

 

Neste post utilizaremos o YUM , mas temos também a versão compilada no post abaixo :

Configurando Keepalived no Redhat 6 / 7

Executando a instalação via YUM

yum install keepalived -y 

Habilitando no boot

systemctl enable keepalived

 
3) Configuração do Ambiente :

 

3.1) Configuração do HAPROXY :

 

vim /etc/haproxy.conf

 

##### GLOBAL CONFIG #####
global

        log 127.0.0.1   local0
        log 127.0.0.1   local1 debug
        maxconn   45000 # Total Max Connections.
        daemon
        nbproc      1 # Number of processing cores.

defaults
        timeout server 86400000
        timeout connect 86400000
        timeout client 86400000
        timeout queue   1000s

log     global
        mode    tcp
        option  tcplog
        option  dontlognull


#####  DASHBOARD #####
listen stats :4997
mode http
stats   enable
stats   hide-version
stats   refresh 30s
stats   show-node
stats realm Haproxy\ Statistics
stats auth admin:haproxy
stats uri       /haproxy


############ Configuracao dos Frontends #######################

###### HTTP HTTPS  FRONTEND #############
frontend http-in
    bind <IP DO HAPROXY>:80

 # Default Backend 
 default_backend template_http-lb

 # ACL  BACKEND HTTP TEMPLATE
    acl host_http-template.example.com hdr(host) -i template.example.com
    use_backend template_http-lb if host_http-template.example.com


##### HTTPS FRONTEND ############
#frontend https-in
    mode tcp
    bind <IP DO HAPROXY>:443


tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }


# ACL  BACKEND HTTPS  TEMPLATE
  acl host_https-template req_ssl_sni -i template.example.com
  use_backend template_https-lb if host_https-template.example.com

 # Default Backend 
 default_backend template_https-lb


###########  Configuracao dos Backends #####################


#### BACKEND TEMPLATE HTTP-LB ####
backend template_http-lb
        mode http
        balance roundrobin
        option forwardfor
        option  http-server-close
        option  http-pretend-keepalive
        server  SERVER1 <IP DO SERVER 1>:80 check
        server  SERVER2 <IP DO SERVER 2>:80 check



#### BACKEND TEMPLATE HTTPS-LB ####
backend template_https-lb
        mode tcp
        balance source
        option  http-server-close

# maximum SSL session ID length is 32 bytes.
  stick-table type binary len 32 size 30k expire 30m
  acl clienthello req_ssl_hello_type 1
  acl serverhello rep_ssl_hello_type 2

  # use tcp content accepts to detects ssl client and server hello.
  tcp-request inspect-delay 5s
  tcp-request content accept if clienthello

  # no timeout on response inspect delay by default.
  tcp-response content accept if serverhello

  stick on payload_lv(43,1) if clienthello

  # Learn on response if server hello.
  stick store-response payload_lv(43,1) if serverhello

  option ssl-hello-chk
  #option  http-pretend-keepalive
        server  SERVER1 <IP DO SERVER 1>:443 check
        server  SERVER2 <IP DO SERVER 2>:443 check

Restart o HAPROXY

systemctl restart haproxy

 

3.2) Configuração do Keepalived :

 

HAPROXY-01

vim /etc/keepalived/keepalived.conf

vrrp_instance HAPROXY-01 {
        interface eth0 
        state MASTER
        virtual_router_id 1
        priority 101
        authentication {
            auth_type PASS
            auth_pass Add-Your-Password-Here
        }
        virtual_ipaddress {
                10.0.0.100/24
        }
}

HAPROXY-02

vim /etc/keepalived/keepalived.conf

instance HAPROXY-02 {
        interface eth0 
        state MASTER
        virtual_router_id 1
        priority 100
        authentication {
            auth_type PASS
            auth_pass Add-Your-Password-Here
        }
        virtual_ipaddress {
                10.0.0.100/24
        }
}