红帽全球峰会第 7 章 示例配置:带有外部 HAProxy 负载均衡器的 Overcloud
此示例配置显示使用联合 HAProxy 服务器提供外部负载平衡的 overcloud。您可以根据您的环境要求选择不同的外部负载均衡器。
示例配置包括以下元素:
- 运行 HAProxy 的外部负载均衡服务器。
- 一个 Red Hat OpenStack Platform (RHOSP) director 节点。
- 一个 overcloud,它由高可用性集群中的 3 个 Controller 节点和 1 个 Compute 节点组成。
- 使用 VLAN 进行网络隔离。
这个示例为每个网络使用以下 IP 地址分配:
-
内部 API:
172.16.20.0/24 -
租户:
172.16.22.0/24 -
Storage:
172.16.21.0/24 -
存储管理:
172.16.19.0/24 -
外部:
172.16.23.0/24
这些 IP 范围包括 Controller 节点和负载均衡器绑定到 OpenStack 服务的虚拟 IP 的 IP 分配。
7.1. HAProxy 配置文件示例
复制链接链接已复制到粘贴板!
示例文件显示了内部 HAProxy 配置参数。您可以使用示例配置参数作为配置外部负载均衡器的基础。
HAProxy 配置文件包含以下部分:
- 全局配置
- 默认配置
- 服务配置
director 在每个 Controller 节点上的 /etc/haproxy/haproxy.conf 文件中为非容器化环境提供此配置,并在 /var/lib/config-data/puppet-generated/haproxy/etc/haproxy/haproxy.cfg 文件中为容器化环境提供。
注意
除了全局、默认和服务参数外,还必须配置其他 HAProxy 参数。有关 HAProxy 参数的更多信息,请参阅位于 Controller 节点上的 /usr/share/doc/haproxyFE/configuration.txt 中的 HAProxy 配置手册,或在安装了 haproxy 软件包的任何系统中。
HAProxy 配置文件示例:
global
daemon
group haproxy
log /dev/log local0
maxconn 10000
pidfile /var/run/haproxy.pid
user haproxy
defaults
log global
mode tcp
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s
listen aodh
bind 172.16.20.250:8042
bind 172.16.20.250:8042
mode http
server overcloud-controller-0 172.16.20.150:8042 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:8042 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.252:8042 check fall 5 inter 2000 rise 2
listen ceilometer
bind 172.16.20.250:8777
bind 172.16.23.250:8777
server overcloud-controller-0 172.16.20.150:8777 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:8777 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:8777 check fall 5 inter 2000 rise 2
listen cinder
bind 172.16.20.250:8776
bind 172.16.23.250:8776
server overcloud-controller-0 172.16.20.150:8776 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:8776 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:8776 check fall 5 inter 2000 rise 2
listen glance_api
bind 172.16.23.250:9292
bind 172.16.21.250:9292
server overcloud-controller-0 172.16.21.150:9292 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.21.151:9292 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.21.152:9292 check fall 5 inter 2000 rise 2
listen glance_registry
bind 172.16.20.250:9191
server overcloud-controller-0 172.16.20.150:9191 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:9191 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:9191 check fall 5 inter 2000 rise 2
listen gnocchi
bind 172.16.23.250:8041
bind 172.16.21.250:8041
mode http
server overcloud-controller-0 172.16.20.150:8041 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:8041 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:8041 check fall 5 inter 2000 rise 2
listen heat_api
bind 172.16.20.250:8004
bind 172.16.23.250:8004
mode http
server overcloud-controller-0 172.16.20.150:8004 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:8004 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:8004 check fall 5 inter 2000 rise 2
listen heat_cfn
bind 172.16.20.250:8000
bind 172.16.23.250:8000
server overcloud-controller-0 172.16.20.150:8000 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.152:8000 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.151:8000 check fall 5 inter 2000 rise 2
listen heat_cloudwatch
bind 172.16.20.250:8003
bind 172.16.23.250:8003
server overcloud-controller-0 172.16.20.150:8003 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:8003 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:8003 check fall 5 inter 2000 rise 2
listen horizon
bind 172.16.20.250:80
bind 172.16.23.250:80
mode http
cookie SERVERID insert indirect nocache
server overcloud-controller-0 172.16.20.150:80 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:80 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:80 check fall 5 inter 2000 rise 2
listen keystone_admin
bind 172.16.23.250:35357
bind 172.16.20.250:35357
server overcloud-controller-0 172.16.20.150:35357 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:35357 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:35357 check fall 5 inter 2000 rise 2
listen keystone_admin_ssh
bind 172.16.20.250:22
server overcloud-controller-0 172.16.20.150:22 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:22 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:22 check fall 5 inter 2000 rise 2
listen keystone_public
bind 172.16.20.250:5000
bind 172.16.23.250:5000
server overcloud-controller-0 172.16.20.150:5000 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:5000 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:5000 check fall 5 inter 2000 rise 2
listen mysql
bind 172.16.20.250:3306
option tcpka
option httpchk
stick on dst
stick-table type ip size 1000
timeout client 0
timeout server 0
server overcloud-controller-0 172.16.20.150:3306 backup check fall 5 inter 2000 on-marked-down shutdown-sessions port 9200 rise 2
server overcloud-controller-1 172.16.20.151:3306 backup check fall 5 inter 2000 on-marked-down shutdown-sessions port 9200 rise 2
server overcloud-controller-2 172.16.20.152:3306 backup check fall 5 inter 2000 on-marked-down shutdown-sessions port 9200 rise 2
listen neutron
bind 172.16.20.250:9696
bind 172.16.23.250:9696
server overcloud-controller-0 172.16.20.150:9696 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:9696 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:9696 check fall 5 inter 2000 rise 2
listen nova_ec2
bind 172.16.20.250:8773
bind 172.16.23.250:8773
server overcloud-controller-0 172.16.20.150:8773 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:8773 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:8773 check fall 5 inter 2000 rise 2
listen nova_metadata
bind 172.16.20.250:8775
server overcloud-controller-0 172.16.20.150:8775 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:8775 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:8775 check fall 5 inter 2000 rise 2
listen nova_novncproxy
bind 172.16.20.250:6080
bind 172.16.23.250:6080
balance source
server overcloud-controller-0 172.16.20.150:6080 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:6080 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:6080 check fall 5 inter 2000 rise 2
listen nova_osapi
bind 172.16.20.250:8774
bind 172.16.23.250:8774
server overcloud-controller-0 172.16.20.150:8774 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:8774 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:8774 check fall 5 inter 2000 rise 2
listen nova_placement
bind 172.16.20.250:8778
bind 172.16.23.250:8778
mode http
server overcloud-controller-0 172.16.20.150:8778 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:8778 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:8778 check fall 5 inter 2000 rise 2
listen panko
bind 172.16.20.250:8779 transparent
bind 172.16.23.250:8779 transparent
server overcloud-controller-0 172.16.20.150:8779 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:8779 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:8779 check fall 5 inter 2000 rise 2
listen redis
bind 172.16.20.249:6379
balance first
option tcp-check
tcp-check send AUTH\ p@55w0rd!\r\n
tcp-check send PING\r\n
tcp-check expect string +PONG
tcp-check send info\ replication\r\n
tcp-check expect string role:master
tcp-check send QUIT\r\n
tcp-check expect string +OK
server overcloud-controller-0 172.16.20.150:6379 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:6379 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:6379 check fall 5 inter 2000 rise 2
listen swift_proxy_server
bind 172.16.23.250:8080
bind 172.16.21.250:8080
server overcloud-controller-0 172.16.21.150:8080 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.21.151:8080 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.21.152:8080 check fall 5 inter 2000 rise 27.1.1. 全局配置参数: HAProxy 配置文件示例
复制链接链接已复制到粘贴板!
全局配置参数部分为负载均衡器定义一组进程范围参数。您可以使用配置文件中的示例参数来配置外部负载均衡器。根据您的环境调整这些参数值:
global
daemon
user haproxy
group haproxy
log /dev/log local0
maxconn 10000
pidfile /var/run/haproxy.pid示例显示了以下参数:
-
守护进程:作为后台进程运行。 -
用户 haproxy和组 haproxy:定义拥有进程的 Linux 用户和组。 -
log:定义要使用的 syslog 服务器。 -
maxconn:设置进程的并发连接的最大数量。 -
pidfile:设置用于进程 ID 的文件。
7.1.2. 默认值配置参数: HAProxy 配置文件示例
复制链接链接已复制到粘贴板!
默认值配置参数部分定义在运行外部负载均衡器服务时要使用的一组默认值。您可以使用配置文件中的示例参数来配置外部负载均衡器。根据您的环境调整这些参数值:
defaults
log global
mode tcp
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout check 10s示例显示了以下参数:
-
日志:启用该服务的日志记录。global值表示日志记录功能使用global部分中的log参数。 -
模式:定义要使用的协议。在这种情况下,默认为 TCP。 -
retries:在报告连接失败前设置服务器执行的重试次数。 -
timeout:设置等待特定功能的最长时间。例如,超时 http-request设置等待完整 HTTP 请求的最长时间。
7.1.3. 服务级别配置参数: HAProxy 配置文件示例
复制链接链接已复制到粘贴板!
服务级别配置参数部分定义在将流量负载平衡到特定 Red Hat OpenStack Platform (RHOSP)服务时使用的一组参数。您可以使用配置文件中的示例参数来配置外部负载均衡器。根据您的环境调整这些参数值,并为您要负载均衡的每个服务复制部分。
此示例显示 ceilometer 服务的配置参数。
listen ceilometer
bind 172.16.20.250:8777
bind 172.16.23.250:8777
server overcloud-controller-0 172.16.20.150:8777 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.20.151:8777 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.20.152:8777 check fall 5 inter 2000 rise 2要负载平衡的每个服务都必须与配置文件中的一个部分对应。每个服务配置包括以下参数:
-
listen: 侦听请求的服务名称。 -
绑定:服务侦听的 IP 地址和 TCP 端口号。每个服务绑定了代表不同网络流量类型的不同地址。 -
server:提供服务的每个服务器的名称、服务器 IP 地址和侦听端口,以及连接参数: -
检查:(可选)启用健康检查。 -
回退 5:(可选)在五个失败的健康检查后,该服务被视为离线。 -
inter 2000:(可选)两个连续健康检查设置为 2000 毫秒或 2 秒之间的间隔。 -
增长 2:(可选)在两个成功健康检查后,该服务被视为可操作。
在 ceilometer 示例中,服务标识了提供 ceilometer 服务的 IP 地址和端口 172.16.20.2500:8777 和 172.16.23.250:8777。HAProxy 将对这些地址的请求定向到 overcloud-controller-0 (172.16.20.150:8777)、overcloud-controller-1 (172.16.20.151:8777)或 overcloud-controller-2 (172.16.0.152:8777)。
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}