v1k0d3n/haproxy.cfg Secret

## haproxy.cfg
#---------------------------------------------------------------------
# Example configuration for a possible web application.  See the
# full configuration options online.
#
#   https://www.haproxy.org/download/1.8/doc/configuration.txt
#
#---------------------------------------------------------------------

# Globals:
global
    log         127.0.0.1 local2

    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    stats socket /var/lib/haproxy/stats

# Defaults:
defaults
    mode                    tcp
    log                     global
    option                  httplog
    option                  dontlognull
    option http-server-close
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

# Stats:
listen HAProxyLocalStats
    bind *:8404 name localstats
    mode http
    stats enable
    stats refresh 10
    stats show-legends
    stats uri /haproxy/haproxy_stats.php?haproxystats=1
    timeout client 5000
    timeout connect 5000
    timeout server 5000

# Frontends:
frontend api
    bind 192.168.5.50:6443
    default_backend controlplaneapi

frontend apiinternal
    bind 192.168.5.50:22623
    default_backend controlplaneapiinternal

frontend secure
    bind 192.168.5.51:443
    default_backend secure

frontend insecure
    bind 192.168.5.51:80
    stats uri /haproxy?stats
    default_backend insecure

# Backends:
backend controlplaneapi
    balance source
    # server bootstrap 192.168.3.21:6443 check
    server master0 192.168.3.31:6443 check
    server master1 192.168.3.32:6443 check
    server master2 192.168.3.33:6443 check

backend controlplaneapiinternal
    balance source
    # server bootstrap 192.168.3.21:22623 check
    server master0 192.168.3.31:22623 check
    server master1 192.168.3.32:22623 check
    server master2 192.168.3.33:22623 check

backend secure
    balance source
    server master0 192.168.3.31:443 check
    server master1 192.168.3.32:443 check
    server master2 192.168.3.33:443 check

backend insecure
    balance source
    server master0 192.168.3.31:80 check
    server master1 192.168.3.32:80 check
    server master2 192.168.3.33:80 check

## interfaces.txt
[bjozsa@lb01 ~]$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:95:96:b1 brd ff:ff:ff:ff:ff:ff
    altname enp11s0
    inet 192.168.4.90/22 brd 192.168.7.255 scope global noprefixroute ens192
       valid_lft forever preferred_lft forever
    inet 192.168.5.50/22 scope global secondary ens192
       valid_lft forever preferred_lft forever
    inet 192.168.5.51/22 scope global secondary ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe95:96b1/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
[bjozsa@lb01 ~]$ sudo cat /etc/sys^C
[bjozsa@lb01 ~]$ sudo nmcli con show
NAME    UUID                                  TYPE      DEVICE
ens192  c7f557af-77bb-35bc-b48c-a045f60c2fac  ethernet  ens192
[bjozsa@lb01 ~]$

## keepalived.conf
vrrp_script chk_haproxy {
  script "killall -0 haproxy"
  interval 2
  weight 2
}

vrrp_instance api {
  interface ens192
  state MASTER
  virtual_router_id 50
  priority 10
  virtual_ipaddress {
    192.168.5.50/22
  }
  track_script {
    chk_haproxy
  }
}

vrrp_instance apps {
  interface ens192
  state MASTER
  virtual_router_id 51
  priority 10
  virtual_ipaddress {
    192.168.5.51/22
  }
  track_script {
    chk_haproxy
  }
}
	#---------------------------------------------------------------------
	# Example configuration for a possible web application. See the
	# full configuration options online.
	#
	# https://www.haproxy.org/download/1.8/doc/configuration.txt
	#
	#---------------------------------------------------------------------

	# Globals:
	global
	log 127.0.0.1 local2

	chroot /var/lib/haproxy
	pidfile /var/run/haproxy.pid
	maxconn 4000
	user haproxy
	group haproxy
	daemon

	stats socket /var/lib/haproxy/stats

	# Defaults:
	defaults
	mode tcp
	log global
	option httplog
	option dontlognull
	option http-server-close
	option forwardfor except 127.0.0.0/8
	option redispatch
	retries 3
	timeout http-request 10s
	timeout queue 1m
	timeout connect 10s
	timeout client 1m
	timeout server 1m
	timeout http-keep-alive 10s
	timeout check 10s
	maxconn 3000

	# Stats:
	listen HAProxyLocalStats
	bind *:8404 name localstats
	mode http
	stats enable
	stats refresh 10
	stats show-legends
	stats uri /haproxy/haproxy_stats.php?haproxystats=1
	timeout client 5000
	timeout connect 5000
	timeout server 5000

	# Frontends:
	frontend api
	bind 192.168.5.50:6443
	default_backend controlplaneapi

	frontend apiinternal
	bind 192.168.5.50:22623
	default_backend controlplaneapiinternal

	frontend secure
	bind 192.168.5.51:443
	default_backend secure

	frontend insecure
	bind 192.168.5.51:80
	stats uri /haproxy?stats
	default_backend insecure

	# Backends:
	backend controlplaneapi
	balance source
	# server bootstrap 192.168.3.21:6443 check
	server master0 192.168.3.31:6443 check
	server master1 192.168.3.32:6443 check
	server master2 192.168.3.33:6443 check

	backend controlplaneapiinternal
	balance source
	# server bootstrap 192.168.3.21:22623 check
	server master0 192.168.3.31:22623 check
	server master1 192.168.3.32:22623 check
	server master2 192.168.3.33:22623 check

	backend secure
	balance source
	server master0 192.168.3.31:443 check
	server master1 192.168.3.32:443 check
	server master2 192.168.3.33:443 check

	backend insecure
	balance source
	server master0 192.168.3.31:80 check
	server master1 192.168.3.32:80 check
	server master2 192.168.3.33:80 check
	[bjozsa@lb01 ~]$ ip addr
	1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
	link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	inet 127.0.0.1/8 scope host lo
	valid_lft forever preferred_lft forever
	inet6 ::1/128 scope host
	valid_lft forever preferred_lft forever
	2: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
	link/ether 00:50:56:95:96:b1 brd ff:ff:ff:ff:ff:ff
	altname enp11s0
	inet 192.168.4.90/22 brd 192.168.7.255 scope global noprefixroute ens192
	valid_lft forever preferred_lft forever
	inet 192.168.5.50/22 scope global secondary ens192
	valid_lft forever preferred_lft forever
	inet 192.168.5.51/22 scope global secondary ens192
	valid_lft forever preferred_lft forever
	inet6 fe80::250:56ff:fe95:96b1/64 scope link noprefixroute
	valid_lft forever preferred_lft forever
	[bjozsa@lb01 ~]$ sudo cat /etc/sys^C
	[bjozsa@lb01 ~]$ sudo nmcli con show
	NAME UUID TYPE DEVICE
	ens192 c7f557af-77bb-35bc-b48c-a045f60c2fac ethernet ens192
	[bjozsa@lb01 ~]$
	vrrp_script chk_haproxy {
	script "killall -0 haproxy"
	interval 2
	weight 2
	}

	vrrp_instance api {
	interface ens192
	state MASTER
	virtual_router_id 50
	priority 10
	virtual_ipaddress {
	192.168.5.50/22
	}
	track_script {
	chk_haproxy
	}
	}

	vrrp_instance apps {
	interface ens192
	state MASTER
	virtual_router_id 51
	priority 10
	virtual_ipaddress {
	192.168.5.51/22
	}
	track_script {
	chk_haproxy
	}
	}