Skip to main content

`haproxy` Setup on Centos 6.5, Kernel 2.6, CPU x86_64

How to setup HAProxy

HAProxy is the Reliable, High Performance TCP/HTTP Load Balancer and it works nicely with Deveo Cluster setup.

Follow these steps to install on CentOS:

 [ahmed@ahmed-server ~]$ sudo yum install make gcc wget
 [ahmed@ahmed-server ~]$ wget http://www.haproxy.org/download/1.5/src/haproxy-1.5.11.tar.gz
 [ahmed@ahmed-server ~]$ tar -zxvf haproxy-1.5.11.tar.gz -C /opt
 [ahmed@ahmed-server ~]$ cd /opt/haproxy-1.5.11
 [ahmed@ahmed-server haproxy-1.5.11]$ sudo make TARGET=linux26 CPU=x86_64
 [ahmed@ahmed-server haproxy-1.5.11]$ sudo make install

Follow these steps to create init script:

 [ahmed@ahmed-server ~]$ sudo ln -sf /usr/local/sbin/haproxy /usr/sbin/haproxy
 [ahmed@ahmed-server ~]$ sudo cp /opt/haproxy-1.5.11/examples/haproxy.init /etc/init.d/haproxy
 [ahmed@ahmed-server ~]$ sudo chmod  755 /etc/init.d/haproxy

Follow these steps to configure haproxy:

 [ahmed@ahmed-server ~]$ sudo mkdir /etc/haproxy
 [ahmed@ahmed-server ~]$ sudo cp /opt/haproxy-1.5.11/examples/examples.cfg /etc/haproxy/haproxy.cfg
 [ahmed@ahmed-server ~]$ sudo mkdir /var/lib/haproxy
 [ahmed@ahmed-server ~]$ sudo touch /var/lib/haproxy/stats
 [ahmed@ahmed-server ~]$ sudo useradd haproxy

Finally start the service and enable on boot:

 [ahmed@ahmed-server ~]$ sudo service haproxy check
 [ahmed@ahmed-server ~]$ sudo service haproxy start
 [ahmed@ahmed-server ~]$ sudo chkconfig haproxy on

Configuration sample haproxy.cfg.

 global
         log /dev/log    local0
         log /dev/log    local1 notice
         log 127.0.0.1    local2
         #chroot /var/lib/haproxy
         #stats socket /run/haproxy/admin.sock mode 660 level admin
         stats timeout 30s
         user haproxy
         group haproxy
         daemon

         # Default SSL material locations
         #ca-base /etc/ssl/certs
         #crt-base /etc/ssl/private

         # Default ciphers to use on SSL-enabled listening sockets.
         # For more information, see ciphers(1SSL).
         #ssl-default-bind-ciphers kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL

 defaults
         log     global
         mode    http
         option  httplog
         option  dontlognull
         timeout connect 5000
         timeout client  50000
         timeout server  50000
         #errorfile 400 /etc/haproxy/errors/400.http
         #errorfile 403 /etc/haproxy/errors/403.http
         #errorfile 408 /etc/haproxy/errors/408.http
         #errorfile 500 /etc/haproxy/errors/500.http
         #errorfile 502 /etc/haproxy/errors/502.http
         #errorfile 503 /etc/haproxy/errors/503.http
         #errorfile 504 /etc/haproxy/errors/504.http

 frontend localnodes
     bind *:9002
     mode http
     default_backend nodes

 backend nodes
     mode http
     balance roundrobin
     option forwardfor
     http-request set-header X-Forwarded-Port %[dst_port]
     http-request add-header X-Forwarded-Proto https if { ssl_fc }
     option httpchk HEAD / HTTP/1.1\r\nHost:localhost
     server web01 127.0.0.1:9090 check
     server web02 127.0.0.1:9091 check
     server web03 127.0.0.1:9092 check

 listen stats *:9001
     stats enable
     stats uri /
     stats hide-version
     stats auth someuser:password

Configuring Logging

If you look at the top of /etc/haproxy/haproxy.cfg, you will see something like below. If you dont see it then add the line in the beginning.

Here is how my conf looks like.

 global
         log /dev/log    local0
         log /dev/log    local1 notice
         log 127.0.0.1    local2
If you dont have the below line then add it.
 global
     log         127.0.0.1 local2
This means that HAProxy will send its messages to rsyslog on 127.0.0.1. But by default, rsyslog doesn’t listen on any address.

Let’s edit /etc/rsyslog.conf and uncomment these lines:

 $ModLoad imudp
 $UDPServerRun 514
This will make rsyslog listen on UDP port 514 for all IP addresses. Optionally you can limit to 127.0.0.1 by adding:
 $UDPServerAddress 127.0.0.1

Now create a /etc/rsyslog.d/haproxy.conf file containing:

 local2.*    /var/log/haproxy.log

You can of course be more specific and create separate log files according to the level of messages:

 local2.=info     /var/log/haproxy/haproxy-info.log
 local2.notice    /var/log/haproxy/haproxy-allbutinfo.log

Then restart rsyslog and see that log files are created:

 # service rsyslog restart
 Shutting down system logger:                               [  OK  ]
 Starting system logger:                                    [  OK  ]

 # ls -l /var/log/haproxy | grep haproxy
 -rw-------. 1 root   root      131  3 oct.  10:43 haproxy-allbutinfo.log
 -rw-------. 1 root   root      106  3 oct.  10:42 haproxy-info.log
Now you can start your debugging session!

More Details.

 https://serversforhackers.com/haproxy/
 http://support.deveo.com/knowledgebase/articles/409523-how-to-setup-haproxy
 http://cbonte.github.io/haproxy-dconv/configuration-1.5.html
 http://www.percona.com/blog/2014/10/03/haproxy-give-me-some-logs-on-centos-6-5/
Labels:

Comments

Post a Comment

Popular posts from this blog

Cloudera Manager - Duplicate entry 'zookeeper' for key 'NAME'.

We had recently built a cluster using cloudera API’s and had all the services running on it with Kerberos enabled. Next we had a requirement to add another kafka cluster to our already exsisting cluster in cloudera manager. Since it is a quick task to get the zookeeper and kafka up and running. We decided to get this done using the cloudera manager instead of the API’s. But we faced the Duplicate entry 'zookeeper' for key 'NAME' issue as described in the bug below. https://issues.cloudera.org/browse/DISTRO-790 I have set up two clusters that share a Cloudera Manger. The first I set up with the API and created the services with capital letter names, e.g., ZOOKEEPER, HDFS, HIVE. Now, I add the second cluster using the Wizard. Add Cluster->Select Hosts->Distribute Parcels->Select base HDFS Cluster install On the next page i get SQL errros telling that the services i want to add already exist. I suspect that the check for existing service names does n
2 comments
Read more

Zabbix History Table Clean Up

Zabbix history table gets really big, and if you are in a situation where you want to clean it up. Then we can do so, using the below steps. Stop zabbix server. Take table backup - just in case. Create a temporary table. Update the temporary table with data required, upto a specific date using epoch . Move old table to a different table name. Move updated (new temporary) table to original table which needs to be cleaned-up. Drop the old table. (Optional) Restart Zabbix Since this is not offical procedure, but it has worked for me so use it at your own risk. Here is another post which will help is reducing the size of history tables - http://zabbixzone.com/zabbix/history-and-trends/ Zabbix Version : Zabbix v2.4 Make sure MySql 5.1 is set with InnoDB as innodb_file_per_table=ON Step 1 Stop the Zabbix server sudo service zabbix-server stop Script. echo "------------------------------------------" echo " 1. Stopping Zabbix Server &quo
1 comment
Read more

Access Filter in SSSD `ldap_access_filter` [SSSD Access denied / Permission denied ]

Access Filter Setup with SSSD ldap_access_filter (string) If using access_provider = ldap , this option is mandatory. It specifies an LDAP search filter criteria that must be met for the user to be granted access on this host. If access_provider = ldap and this option is not set, it will result in all users being denied access. Use access_provider = allow to change this default behaviour. Example: access_provider = ldap ldap_access_filter = memberOf=cn=allowed_user_groups,ou=Groups,dc=example,dc=com Prerequisites yum install sssd Single LDAP Group Under domain/default in /etc/sssd/sssd.conf add: access_provider = ldap ldap_access_filter = memberOf=cn=Group Name,ou=Groups,dc=example,dc=com Multiple LDAP Groups Under domain/default in /etc/sssd/sssd.conf add: access_provider = ldap ldap_access_filter = (|(memberOf=cn=System Adminstrators,ou=Groups,dc=example,dc=com)(memberOf=cn=Database Users,ou=Groups,dc=example,dc=com)) ldap_access_filter accepts standa
Post a Comment
Read more