본문 바로가기

리눅스

[리눅스] HAProxy 컴파일(source compile) 설치 및 구성

728x90

HAProxy 컴파일(source code compile) 설치 및 구성

테스트 환경

$ cat /etc/redhat-release 
CentOS Linux release 7.9.2009 (Core)

필수 패키지

yum install -y make gcc perl pcre-devel zlib-devel openssl-devel lua-devel systemd-devel
$ lua -v
Lua 5.1.4  Copyright (C) 1994-2008 Lua.org, PUC-Rio

lua 5.3 업그레이드(lua-5.3.0)

wget http://www.nosuchhost.net/~cheese/fedora/packages/epel-7/x86_64/cheese-release-7-1.noarch.rpm
yum install -y cheese-release-7-1.noarch.rpm
yum update -y lua-devel
lua -v
$ lua -v
Lua 5.3.0  Copyright (C) 1994-2015 Lua.org, PUC-Rio

파일 다운로드 및 압축 해제

wget https://www.haproxy.org/download/2.6/src/haproxy-2.6.1.tar.gz -O /usr/local/src/haproxy-2.6.1.tar.gz
tar xfz /usr/local/src/haproxy-2.6.1.tar.gz -C /usr/local/src
cd /usr/local/src/haproxy-*

HAProxy 컴파일 및 설치(make, make install)

make -j$(nproc) TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_LUA=1 USE_SYSTEMD=1
  $ make -j$(nproc) TARGET=linux-glibc USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 USE_LUA=1
  CC      src/hlua.o
  CC      src/hlua_fcn.o
  CC      src/namespace.o
  ...
  CC      dev/flags/flags.o
  LD      haproxy
  LD      dev/flags/flags
make install -j$(nproc)
$ make install -j$(nproc)
install: creating directory ‘/usr/local/doc’
install: creating directory ‘/usr/local/doc/haproxy’
‘doc/haproxy.1’ -> ‘/usr/local/share/man/man1/haproxy.1’
‘haproxy’ -> ‘/usr/local/sbin/haproxy’
‘doc/configuration.txt’ -> ‘/usr/local/doc/haproxy/configuration.txt’
...
‘doc/intro.txt’ -> ‘/usr/local/doc/haproxy/intro.txt’

haproxy version

haproxy -version
$ haproxy -version
HAProxy version 2.6.1-f6ca66d 2022/06/21 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2027.
Known bugs: http://www.haproxy.org/bugs/bugs-2.6.1.html
Running on: Linux 3.10.0-1160.66.1.el7.x86_64 #1 SMP Wed May 18 16:02:34 UTC 2022 x86_64
haproxy -vv

OPTIONS = USE_PCRE=1 USE_OPENSSL=1 USE_LUA=1 USE_ZLIB=1 USE_SYSTEMD=1

$ haproxy -vv          
HAProxy version 2.6.1-f6ca66d 2022/06/21 - https://haproxy.org/
Status: long-term supported branch - will stop receiving fixes around Q2 2027.
Known bugs: http://www.haproxy.org/bugs/bugs-2.6.1.html
Running on: Linux 3.10.0-1160.66.1.el7.x86_64 #1 SMP Wed May 18 16:02:34 UTC 2022 x86_64
Build options :
  TARGET  = linux-glibc
  CPU     = generic
  CC      = cc
  CFLAGS  = -O2 -g -Wall -Wextra -Wundef -Wdeclaration-after-statement -Wfatal-errors -Wtype-limits -fwrapv -Wno-address-of-packed-member -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers -Wno-cast-function-type -Wno-string-plus-int -Wno-atomic-alignment
  OPTIONS = USE_PCRE=1 USE_OPENSSL=1 USE_LUA=1 USE_ZLIB=1 USE_SYSTEMD=1
  DEBUG   = -DDEBUG_STRICT -DDEBUG_MEMORY_POOLS

Feature list : +EPOLL -KQUEUE +NETFILTER +PCRE -PCRE_JIT -PCRE2 -PCRE2_JIT +POLL +THREAD +BACKTRACE -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT +CRYPT_H -ENGINE +GETADDRINFO +OPENSSL +LUA +ACCEPT4 -CLOSEFROM +ZLIB -SLZ +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL +SYSTEMD -OBSOLETE_LINKER +PRCTL -PROCCTL +THREAD_DUMP -EVPORTS -OT -QUIC -PROMEX -MEMORY_PROFILING

Default settings :
  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

haproxy 계정 생성

groupadd -g 99 haproxy
useradd -m -c "HAProxy Service" -d /var/lib/haproxy -s /sbin/nologin -u 99 -g 99 haproxy

통계 및 라이브러리 디렉토리 생성

mkdir -p /etc/haproxy
mkdir -p /var/lib/haproxy
touch /etc/haproxy/haproxy.cfg
touch /etc/haproxy/domain2backend.map
touch /var/lib/haproxy/stats

링크 설정

ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy

디렉터리 권한 변경

chown -R haproxy:haproxy /etc/haproxy
chown -R haproxy:haproxy /var/lib/haproxy

시스템 데몬 설정

## cd /usr/local/src/haproxy-2.6.1/admin/systemd
cd admin/systemd
$ ls
haproxy.service.in  Makefile
make
$ make
sed -e 's:@SBINDIR@:'/usr/local/sbin':' haproxy.service.in > haproxy.service
cp haproxy.service /lib/systemd/system/
$ cat /usr/lib/systemd/system/haproxy.service
[Unit]
Description=HAProxy Load Balancer
After=network-online.target
Wants=network-online.target

[Service]
EnvironmentFile=-/etc/default/haproxy
EnvironmentFile=-/etc/sysconfig/haproxy
Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock"
ExecStart=/usr/local/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS
ExecReload=/usr/local/sbin/haproxy -Ws -f $CONFIG -c -q $EXTRAOPTS
ExecReload=/bin/kill -USR2 $MAINPID
KillMode=mixed
Restart=always
SuccessExitStatus=143
Type=notify

# The following lines leverage SystemD's sandboxing options to provide
# defense in depth protection at the expense of restricting some flexibility
# in your setup (e.g. placement of your configuration files) or possibly
# reduced performance. See systemd.service(5) and systemd.exec(5) for further
# information.

# NoNewPrivileges=true
# ProtectHome=true
# If you want to use 'ProtectSystem=strict' you should whitelist the PIDFILE,
# any state files and any other files written using 'ReadWritePaths' or
# 'RuntimeDirectory'.
# ProtectSystem=true
# ProtectKernelTunables=true
# ProtectKernelModules=true
# ProtectControlGroups=true
# If your SystemD version supports them, you can add: @reboot, @swap, @sync
# SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io

[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl --now enable haproxy
$ systemctl --now enable haproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/haproxy.service to /usr/lib/systemd/system/haproxy.service.

haproxy.cfg check(check mode)

haproxy -f /etc/haproxy/haproxy.cfg -c
$ haproxy -f /etc/haproxy/haproxy.cfg -c
Configuration file is valid
728x90