本文发布于Cylon的收藏册,转载请著名原文链接~
haproxy1 VS haproxy2
haproxy2由 2019-06-16 被发布,对于与haproxy1版本来说,haproxy 2.0 增加了对云原生的支持,这使得haproxy 2.0 更适用于云原生环境,对比于 haproxy1.0 在2001年发布来,到 1.9.16 在 2020/07/31 最后一次更新也代表haproxy1.0的结束维护
为什么选择haproxy2.0
haproxy2.0的核心功能就是集成了云原生架构的支持。包含L7重试, Prometheus metrics, 流量镜像 (traffic shadowing), 多语言可扩展性, gRPC 。haproxy2.0 还增加 基于haproxy2.0 的 Kubernetes Ingress Controller 和强大的 HAProxy Data Plane API,这提供了用于配置和管理 HAProxy 的 REST API
安装haproxy2.0
对于 Ubuntu/Debian 来说,社区版haproxy提供了更友好的安装方式,用户直接添加对应仓库可以直接安装最新版本的haproxy Debian/Ubuntu HAProxy packages
对于 CentOS/Fedora 来说,只有Fedora 仓库提供了较为新版的haproxy,通常来在这类平台的Linux都是通过编译安装haproxy
-
下载haproxy2.6源码 [ haproxy下载 ]
-
安装依赖包
yum install gcc pcre-devel openssl-devel tar make -y -
编译程序
tar xf haproxy-2.6.7.tar.gz && cd haproxy-2.6.7/ # 查看编译参数 # 直接使用make可以查看编译参数,这是makefile中配置的 make # 编译参数 make TARGET=/app/haproxy USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 make install -
默认安装的路径在
/usr/local/下
官方提供的一份 haproxy2.0 配置文件 HAProxy 2.0 configuration
Reference
Troubeshooting
The configuration file is not declared in the HAPROXY_CFGFILES environment variable, cannot start.
$ haproxy -f haproxy.cfg
[NOTICE] (3143) : New program 'api' (3144) forked
[NOTICE] (3143) : New worker (3145) forked
[NOTICE] (3143) : Loading success.
time="2022-12-15T18:43:44+08:00" level=fatal msg="The configuration file is not declared in the HAPROXY_CFGFILES environment variable, cannot start."
[NOTICE] (3143) : haproxy version is 2.6.7-c55bfdb
[NOTICE] (3143) : path to executable is /usr/local/sbin/haproxy
[ALERT] (3143) : Current program 'api' (3144) exited with code 1 (Exit)
[ALERT] (3143) : exit-on-failure: killing every processes with SIGTERM
[ALERT] (3143) : Current worker (3145) exited with code 143 (Terminated)
[WARNING] (3143) : All workers exited. Exiting... (1)
原因:指定的配置文件必须带有路径 haproxy -f haproxy.cfg 这种是错误的,-f 参数属性为
- 如果为目录,则是这个目录下所有的
.cfg结尾的文件 - 如果是目录,
./<filename>与filename都提示这个报错,必须绝对路径
no users configured
haproxy -f /root/haproxy.cfg
[NOTICE] (3193) : New program 'api' (3194) forked
[NOTICE] (3193) : New worker (3195) forked
[NOTICE] (3193) : Loading success.
time="2022-12-15T18:45:49+08:00" level=fatal msg="Error initiating users: no users configured in /root/haproxy.cfg, error: section missing"
[NOTICE] (3193) : haproxy version is 2.6.7-c55bfdb
原因:data plane api 程序必须有运行的用户和用户组在配置文件中,官方手册中给出的配置不全 [1] ,对于data plane api部分配置可以参考 [2]
set gid: operation not permitted
# haproxy -f /root/haproxy.cfg
[NOTICE] (3701) : haproxy version is 2.6.7-c55bfdb
[NOTICE] (3701) : path to executable is /usr/local/sbin/haproxy
[WARNING] (3701) : config : missing timeouts for frontend 'myfrontend'.
| While not properly invalid, you will certainly encounter various problems
| with such a configuration. To fix this, please ensure that all following
| timeouts are set to a non-zero value: 'client', 'connect', 'server'.
[WARNING] (3701) : config : missing timeouts for backend 'web_servers'.
| While not properly invalid, you will certainly encounter various problems
| with such a configuration. To fix this, please ensure that all following
| timeouts are set to a non-zero value: 'client', 'connect', 'server'.
[NOTICE] (3701) : New program 'api' (3702) forked
[NOTICE] (3701) : New worker (3703) forked
[NOTICE] (3701) : Loading success.
set gid: operation not permitted
[NOTICE] (3701) : haproxy version is 2.6.7-c55bfdb
[NOTICE] (3701) : path to executable is /usr/local/sbin/haproxy
[ALERT] (3701) : Current program 'api' (3702) exited with code 1 (Exit)
[ALERT] (3701) : exit-on-failure: killing every processes with SIGTERM
[ALERT] (3701) : Current worker (3703) exited with code 143 (Terminated)
[WARNING] (3701) : All workers exited. Exiting... (1)
Reference
[3] SSSD and LDAP
[4] Chapter 10. Migrating authentication from nslcd to SSSD
[5] OpenLDAP Client 2.4.23: TLS negotiation failure
[6] Chapter 10. Migrating authentication from nslcd to SSSD
[7] Configure SSSD
本文发布于Cylon的收藏册,转载请著名原文链接~
链接:https://www.oomkill.com/2022/12/haproxy2/
版权:本作品采用「署名-非商业性使用-相同方式共享 4.0 国际」 许可协议进行许可。