我正在尝试创建一个共享stick_table的两个对等设置(使用HA-Proxy版本1.5.14 2015/07/02)。当我手动启动haproxy时,一切看起来都很好(意味着只是运行它):
/usr/sbin/haproxy-systemd-wrapper -L haproxy1 -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid
当我尝试通过systemd或supervisord运行整个事件时,stick_tables之间的同步似乎已停止。 我检查了从每个服务器到另一个对等端口的传出数据包(使用tcpdump),看到他们甚至没有尝试通信 (他们确实听对等端口,前端可以访问)。
(systemd文件) 的 haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=syslog.target network.target
[Service]
EnvironmentFile=/etc/sysconfig/haproxy
ExecStart=/usr/sbin/haproxy-systemd-wrapper -L haproxy1 -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid $OPTIONS
ExecReload=/bin/kill -USR2 $MAINPID
Restart=always
[Install]
WantedBy=multi-user.target
haproxy.cfg(某些IP地址已替换为be-ip)
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
#---------------------------------------------------------------------
# peers of ha-proxy cluster
#---------------------------------------------------------------------
peers mypeers enable
peer haproxy1 10.240.0.4:32768
peer haproxy2 10.240.0.7:32768
#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend localhost
bind *:80
bind *:443 ssl crt /etc/haproxy/ssl/a/real.pem
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js .svg .html
acl health_check path_beg -i /isAlive
redirect scheme https if !{ ssl_fc } ! health_check
mode http
#reqadd X-Forwarded-Proto:\ https
use_backend static if url_static
default_backend app
frontend dal
bind *:8080 ssl crt /etc/haproxy/ssl/a/real.pem
default_backend dal
#frontend peerlist
# bind *:32769
#---------------------------------------------------------------------
# peer listen listen
#---------------------------------------------------------------------
#---------------------------------------------------------------------
# statistics listen
#---------------------------------------------------------------------
listen stats :9000 #Listen on localhost port 9000
mode http
stats enable #Enable statistics
stats hide-version #Hide HAPRoxy version, a necessity for any public-facing site
stats realm Haproxy\ Statistics #Show this text in authentication popup (escape space characters with backslash)
stats uri /haproxy_stats #The URI of the stats page, in this case localhost:9000/haproxy_stats
stats auth Username:Password #Set a username and password
#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
#server static 127.0.0.1:4331 check
server app1 app.cooladata.com:443 check ssl verify none
server app2 app.cooladata.com:443 check ssl verify none
#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
#mode tcp
balance roundrobin
option httpchk GET /isAlive
http-check expect string true
#cookie SRVNAME insert
#appsession SRVNAME len 64 timeout 30 request-learn
#appsession SRVNAME len 64 timeout 30
#server app1 <ip>:80 cookie S1 check
#server app2 <ip>:80 cookie S2 check
stick-table type string len 64 size 100k peers mypeers
stick on req.cook(JSESSIONID)
stick store-response res.cook(JSESSIONID)
server app1 <be1-ip>:443 check ssl verify none
server app2 <be2-ip>:443 check ssl verify none
#server app3 127.0.0.1:5003 check
#server app4 127.0.0.1:5004 check
backend dal
balance roundrobin
option httpchk GET /health
http-check expect string Ok
server dm1 <be-ip>:<port> check inter 2000
server dm2 <be2-ip>:<port> check inter 2000
答案 0 :(得分:1)
我尝试在centos 6上运行,一切都像魅力一样。 SElinux是问题所在,还不确定为什么。