相比于nginx负载均衡,haproxy有一个很好用的功能,就是可以动态的维护后端的server,而不必重启整个服务。完成这项功能需要使用到haproxy socket和socat。
1. haproxy sock
开启haproxy unix socket
- 在配置文件的global选项里添加:
#vim /etc/haproxy/haproxy.cfg
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
stats timeout 2m
#整个配置文件内容如下
global
maxconn 10000
chroot /var/lib/haproxy
uid haproxy
gid haproxy
daemon
nbproc 1
pidfile /var/lib/haproxy/haproxy.pid
log 127.0.0.1 local3 info
stats socket /var/lib/haproxy/haproxy.sock mode 600 level admin
stats timeout 2m
defaults
mode http
log global
option http-keep-alive
maxconn 10000
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
listen stats
mode http
bind 0.0.0.0:8888
stats refresh 30s
stats enable
stats uri /stats
stats auth haproxy:123456
frontend frontend_www_example_com
bind 10.0.0.43:80
mode http
option httplog
log global
default_backend backend_www_example_com
backend backend_www_example_com
option forwardfor header X-REAL-IP
option httpchk HEAD / HTTP/1.0
balance roundrobin
server web-node1 10.0.0.41:8080 check inter 2000 rise 30 fall 15
server web-node2 10.0.0.42:8080 check inter 2000 rise 30 fall 15
#修改完成后重启haroxy
systemctl restart haproxy.service
-
验证配置是否生效
查看haproxy.sock文件,如果存在则说明配置成功!
[root@haproxy01 ~]# ls -l /var/lib/haproxy/haproxy.sock
srw------- 1 root root 0 Feb 25 21:13 /var/lib/haproxy/haproxy.sock
2. Socat工具
Socat是一个多功能的网络工具,名字来由是”Socket CAT”,可以看作是netcat的N倍加强版,socat的官方网站:http://www.dest-unreach.org/socat/。 Socat是一个两个独立数据通道之间的双向数据传输继电器,这些数据通道包含文件、管道、设备、插座(Unix,IP4,IP6-raw,UPD,TCP)、SSL、SOCKS4客户端或代理CONNECT。Socat支持广播和多播、抽象Unix sockets、Linux tun/tap、GUN readline和PTY。它提供了分叉、记录和进程通信的不同模式。多个选项可用于调整socket和其渠道,Socket可以作为TCP中继(一次性或守护进程),做为一个守护进程基于socksifier,作为一个shell Unix套接字接口,作为IP6的继电器,或面向TCP的程序重定向到一个串行线。 chcket的主要特点就是在两个数据流之间建立通道,且支持众多协议和链接方式:ip、tcp、udp、ipv6、pipe、exec、system、open、proxy、openssl、socket等。
2.1 安装socat
#直接yum安装(推荐)
yum -y install socat
#编译安装
yum -y install readline-devel openssl-devel tcp_wrappers
cd /usr/local/src
wget http://www.dest-unreach.org/socat/download/socat-1.7.2.4.tar.gz
tar xf socat-1.7.2.4.tar.gz
cd socat-1.7.2.4
./configure
make
make install
#验证是否安装成功
[root@haproxy02 socat-1.7.2.4]# socat -V
socat by Gerhard Rieger - see www.dest-unreach.org
socat version 1.7.2.4 on Feb 25 2019 21:09:25
2.2 查看socat帮助
查看socat管理haproxy的命令帮助
echo "help" | socat --stdio /var/lib/haproxy/haproxy.sock
#输出结果如下,这里就不对内容详细解释了,感兴趣的同学可以自己看下
Unknown command. Please enter one of the following commands only :
clear counters : clear max statistics counters (add 'all' for all counters)
clear table : remove an entry from a table
help : this message
prompt : toggle interactive mode with prompt
quit : disconnect
show info : report information about the running process
show pools : report information about the memory pools usage
show stat : report counters for each proxy and server
show errors : report last request and response errors for each proxy
show sess [id] : report the list of current sessions or dump this session
show table [id]: report table usage stats or dump this table's contents
get weight : report a server's current weight
set weight : change a server's weight
set server : change a server's state or weight
set table [id] : update or create a table entry's data
set timeout : change a timeout setting
set maxconn : change a maxconn setting
set rate-limit : change a rate limiting value
disable : put a server or frontend in maintenance mode
enable : re-enable a server or frontend which is in maintenance mode
shutdown : kill a session or a frontend (eg:to release listening ports)
show acl [id] : report available acls or dump an acl's contents
get acl : reports the patterns matching a sample for an ACL
add acl : add acl entry
del acl : delete acl entry
clear acl <id> : clear the content of this acl
show map [id] : report available maps or dump a map's contents
get map : reports the keys and values matching a sample for a map
set map : modify map entry
add map : add map entry
del map : delete map entry
clear map <id> : clear the content of this map
set ssl <stmt> : set statement for ssl
3 常见在线维护操作
3.1 查看haproxy状态
echo "show info;show stat" | socat stdio /var/lib/haproxy/haproxy.sock
3.2 关闭节点
echo "disable server backend_www_example_com/web-node1" | socat stdio /var/lib/haproxy/haproxy.sock
#注意,在操作后端节点时,需要使用backend模块名/节点实例的方式。
执行完disable命令后,在前端可以看到web01节点下线了,如下图:
3.3 启动节点
echo "enable server backend_www_example_com/web-node1" | socat stdio /var/lib/haproxy/haproxy.sock
根据socat功能的特性,我们可以从两方面来管理服务:
1、通过查看status,可以用zabbix对haproxy进行状态的监控;
2、通过enable和disable,可以在线调整节点,而不用去重启整个服务,在代码上线的时候非常有帮助。
分享到此结束,谢谢~
转载于:https://blog.51cto.com/13178102/2354739