Skip to content

Instantly share code, notes, and snippets.

@v1k0d3n
Last active Jul 24, 2021
Embed
What would you like to do?
Standard HAProxy Configuration for OpenShift 4.7+
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------
# Globals:
global
log 127.0.0.1 local2
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
# Defaults:
defaults
mode tcp
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
# Stats:
listen HAProxyLocalStats
bind *:8404 name localstats
mode http
stats enable
stats refresh 10
stats show-legends
stats uri /haproxy/haproxy_stats.php?haproxystats=1
timeout client 5000
timeout connect 5000
timeout server 5000
# Frontends:
frontend api
bind 192.168.5.50:6443
default_backend controlplaneapi
frontend apiinternal
bind 192.168.5.50:22623
default_backend controlplaneapiinternal
frontend secure
bind 192.168.5.51:443
default_backend secure
frontend insecure
bind 192.168.5.51:80
stats uri /haproxy?stats
default_backend insecure
# Backends:
backend controlplaneapi
balance source
# server bootstrap 192.168.3.21:6443 check
server master0 192.168.3.31:6443 check
server master1 192.168.3.32:6443 check
server master2 192.168.3.33:6443 check
backend controlplaneapiinternal
balance source
# server bootstrap 192.168.3.21:22623 check
server master0 192.168.3.31:22623 check
server master1 192.168.3.32:22623 check
server master2 192.168.3.33:22623 check
backend secure
balance source
server master0 192.168.3.31:443 check
server master1 192.168.3.32:443 check
server master2 192.168.3.33:443 check
backend insecure
balance source
server master0 192.168.3.31:80 check
server master1 192.168.3.32:80 check
server master2 192.168.3.33:80 check
[bjozsa@lb01 ~]$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:50:56:95:96:b1 brd ff:ff:ff:ff:ff:ff
altname enp11s0
inet 192.168.4.90/22 brd 192.168.7.255 scope global noprefixroute ens192
valid_lft forever preferred_lft forever
inet 192.168.5.50/22 scope global secondary ens192
valid_lft forever preferred_lft forever
inet 192.168.5.51/22 scope global secondary ens192
valid_lft forever preferred_lft forever
inet6 fe80::250:56ff:fe95:96b1/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[bjozsa@lb01 ~]$ sudo cat /etc/sys^C
[bjozsa@lb01 ~]$ sudo nmcli con show
NAME UUID TYPE DEVICE
ens192 c7f557af-77bb-35bc-b48c-a045f60c2fac ethernet ens192
[bjozsa@lb01 ~]$
vrrp_script chk_haproxy {
script "killall -0 haproxy"
interval 2
weight 2
}
vrrp_instance api {
interface ens192
state MASTER
virtual_router_id 50
priority 10
virtual_ipaddress {
192.168.5.50/22
}
track_script {
chk_haproxy
}
}
vrrp_instance apps {
interface ens192
state MASTER
virtual_router_id 51
priority 10
virtual_ipaddress {
192.168.5.51/22
}
track_script {
chk_haproxy
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment