相比於nginx負載均衡,haproxy有一個很好用的功能,就是可以動態的維護後端的server,而不必重啓整個服務。完成這項功能需要使用到haproxy socket和socat。
1. haproxy sock
開啓haproxy unix socket
- 在配置文件的global選項裏添加:
#vim /etc/haproxy/haproxy.cfg
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
stats timeout 2m
#整個配置文件內容如下
global
maxconn 10000
chroot /var/lib/haproxy
uid haproxy
gid haproxy
daemon
nbproc 1
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
stats timeout 2m
defaults
mode http
log global
option http-keep-alive
maxconn 10000
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats refresh 30s
stats enable
stats uri /stats
stats auth haproxy:123456
frontend frontend_www_example_com
bind 10.0.0.43:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance roundrobin
server web-node1 10.0.0.41:8080 check inter 2000 rise 30 fall 15
server web-node2 10.0.0.42:8080 check inter 2000 rise 30 fall 15
#修改完成後重啓haroxy
systemctl restart haproxy.service
-
驗證配置是否生效
查看haproxy.sock文件,如果存在則說明配置成功!
[root@haproxy01 ~]# ls -l /var/lib/haproxy/haproxy.sock
srw------- 1 root root 0 Feb 25 21:13 /var/lib/haproxy/haproxy.sock
2. Socat工具
Socat是一個多功能的網絡工具,名字來由是”Socket CAT”,可以看作是netcat的N倍加強版,socat的官方網站:http://www.dest-unreach.org/socat/。 Socat是一個兩個獨立數據通道之間的雙向數據傳輸繼電器,這些數據通道包含文件、管道、設備、插座(Unix,IP4,IP6-raw,UPD,TCP)、SSL、SOCKS4客戶端或代理CONNECT。Socat支持廣播和多播、抽象Unix sockets、Linux tun/tap、GUN readline和PTY。它提供了分叉、記錄和進程通信的不同模式。多個選項可用於調整socket和其渠道,Socket可以作爲TCP中繼(一次性或守護進程),做爲一個守護進程基於socksifier,作爲一個shell Unix套接字接口,作爲IP6的繼電器,或面向TCP的程序重定向到一個串行線。 chcket的主要特點就是在兩個數據流之間建立通道,且支持衆多協議和鏈接方式:ip、tcp、udp、ipv6、pipe、exec、system、open、proxy、openssl、socket等。
2.1 安裝socat
#直接yum安裝(推薦)
yum -y install socat
#編譯安裝
yum -y install readline-devel openssl-devel tcp_wrappers
cd /usr/local/src
wget http://www.dest-unreach.org/socat/download/socat-1.7.2.4.tar.gz
tar xf socat-1.7.2.4.tar.gz
cd socat-1.7.2.4
./configure
make
make install
#驗證是否安裝成功
[root@haproxy02 socat-1.7.2.4]# socat -V
socat by Gerhard Rieger - see www.dest-unreach.org
socat version 1.7.2.4 on Feb 25 2019 21:09:25
2.2 查看socat幫助
查看socat管理haproxy的命令幫助
echo "help" | socat --stdio /var/lib/haproxy/haproxy.sock
#輸出結果如下,這裏就不對內容詳細解釋了,感興趣的同學可以自己看下
Unknown command. Please enter one of the following commands only :
clear counters : clear max statistics counters (add 'all' for all counters)
clear table : remove an entry from a table
help : this message
prompt : toggle interactive mode with prompt
quit : disconnect
show info : report information about the running process
show pools : report information about the memory pools usage
show stat : report counters for each proxy and server
show errors : report last request and response errors for each proxy
show sess [id] : report the list of current sessions or dump this session
show table [id]: report table usage stats or dump this table's contents
get weight : report a server's current weight
set weight : change a server's weight
set server : change a server's state or weight
set table [id] : update or create a table entry's data
set timeout : change a timeout setting
set maxconn : change a maxconn setting
set rate-limit : change a rate limiting value
disable : put a server or frontend in maintenance mode
enable : re-enable a server or frontend which is in maintenance mode
shutdown : kill a session or a frontend (eg:to release listening ports)
show acl [id] : report available acls or dump an acl's contents
get acl : reports the patterns matching a sample for an ACL
add acl : add acl entry
del acl : delete acl entry
clear acl <id> : clear the content of this acl
show map [id] : report available maps or dump a map's contents
get map : reports the keys and values matching a sample for a map
set map : modify map entry
add map : add map entry
del map : delete map entry
clear map <id> : clear the content of this map
set ssl <stmt> : set statement for ssl
3 常見在線維護操作
3.1 查看haproxy狀態
echo "show info;show stat" | socat stdio /var/lib/haproxy/haproxy.sock
3.2 關閉節點
echo "disable server backend_www_example_com/web-node1" | socat stdio /var/lib/haproxy/haproxy.sock
#注意,在操作後端節點時,需要使用backend模塊名/節點實例的方式。
執行完disable命令後,在前端可以看到web01節點下線了,如下圖:
3.3 啓動節點
echo "enable server backend_www_example_com/web-node1" | socat stdio /var/lib/haproxy/haproxy.sock
根據socat功能的特性,我們可以從兩方面來管理服務:
1、通過查看status,可以用zabbix對haproxy進行狀態的監控;
2、通過enable和disable,可以在線調整節點,而不用去重啓整個服務,在代碼上線的時候非常有幫助。
分享到此結束,謝謝~