1. 개요
아마존 리눅스에 HAProxy를 설치하는 과정이다.
2. 사전작업
2.1. 패키지 설치
$ sudo yum install -y make gcc gcc-c++ pcre-devel openssl-devel readline-devel systemd-devel zlib-devel
설치 결과는 다음과 같다.
Installed: gcc-c++.x86_64 0:7.3.1-15.amzn2 openssl-devel.x86_64 1:1.0.2k-24.amzn2.0.4 pcre-devel.x86_64 0:8.32-17.amzn2.0.2 readline-devel.x86_64 0:6.2-10.amzn2.0.2 systemd-devel.x86_64 0:219-78.amzn2.0.20 zlib-devel.x86_64 0:1.2.7-19.amzn2.0.2 Dependency Installed: keyutils-libs-devel.x86_64 0:1.5.8-3.amzn2.0.2 krb5-devel.x86_64 0:1.15.1-37.amzn2.2.4 libcom_err-devel.x86_64 0:1.42.9-19.amzn2 libkadm5.x86_64 0:1.15.1-37.amzn2.2.4 libselinux-devel.x86_64 0:2.5-12.amzn2.0.2 libsepol-devel.x86_64 0:2.5-8.1.amzn2.0.2 libverto-devel.x86_64 0:0.2.5-4.amzn2.0.2 ncurses-c++-libs.x86_64 0:6.0-8.20170212.amzn2.1.3 ncurses-devel.x86_64 0:6.0-8.20170212.amzn2.1.3 Dependency Updated: openssl.x86_64 1:1.0.2k-24.amzn2.0.4 openssl-libs.x86_64 1:1.0.2k-24.amzn2.0.4 zlib.x86_64 0:1.2.7-19.amzn2.0.2 Complete!
2.2. Lua 설치
curl -R -O http://www.lua.org/ftp/lua-5.3.5.tar.gz tar zxf lua-5.3.5.tar.gz cd lua-5.3.5 make linux test make linux install cd ..
설치 결과는 다음과 같다.
/usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/ct.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/des_modes.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/evp.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/ossl_store-file.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/ossl_store.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/passphrase-encoding.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/scrypt.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/ssl.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/x509.html
2.3. OpenSSL 설치
curl -R -O https://www.openssl.org/source/openssl-1.1.1c.tar.gz tar xvzf openssl-1.1.1c.tar.gz cd openssl-1.1.1c ./config --prefix=/usr/local/openssl-1.1.1c shared make make install
설치 결과는 다음과 같다.
... /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/ct.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/des_modes.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/evp.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/ossl_store-file.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/ossl_store.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/passphrase-encoding.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/scrypt.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/ssl.html /usr/local/openssl-1.1.1c/share/doc/openssl/html/man7/x509.html
3. HAProxy 설치
curl -R -O http://www.haproxy.org/download/2.6/src/haproxy-2.6.6.tar.gz tar -xzf haproxy-2.6.6.tar.gz cd haproxy-2.6.6 make -j $(nproc) TARGET=linux-glibc USE_OPENSSL=1 SSL_LIB=/usr/local/openssl-1.1.1c/lib SSL_INC=/usr/local/openssl-1.1.1c/include USE_ZLIB=1 USE_LUA=1 LUA_LIB=/usr/local/lib/ LUA_INC=/usr/local/include/ USE_PCRE=1 USE_SYSTEMD=1 make install cp /usr/local/sbin/haproxy /usr/sbin/haproxy useradd -M -r -s /sbin/nologin haproxy
설치가 잘 되었는지 확인한다.
# ls -l /usr/sbin/haproxy -rwxr-xr-x 1 root root 15751328 Oct 31 07:20 /usr/sbin/haproxy
4. HAProxy 서비스 등록
/etc/systemd/system/haproxy.service 파일을 생성하고 다음 내용을 삽입한다.
[Unit] Description=HAProxy Load Balancer After=network-online.target Wants=network-online.target [Service] EnvironmentFile=-/etc/default/haproxy EnvironmentFile=-/etc/sysconfig/haproxy Environment="LD_LIBRARY_PATH=/usr/local/openssl-1.1.1c/lib/" Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock" ExecStart=/usr/local/sbin/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS ExecReload=/usr/local/sbin/haproxy -Ws -f $CONFIG -c -q $EXTRAOPTS ExecReload=/bin/kill -USR2 $MAINPID KillMode=mixed Restart=always SuccessExitStatus=143 Type=notify # The following lines leverage SystemD's sandboxing options to provide # defense in depth protection at the expense of restricting some flexibility # in your setup (e.g. placement of your configuration files) or possibly # reduced performance. See systemd.service(5) and systemd.exec(5) for further # information. # NoNewPrivileges=true # ProtectHome=true # If you want to use 'ProtectSystem=strict' you should whitelist the PIDFILE, # any state files and any other files written using 'ReadWritePaths' or # 'RuntimeDirectory'. # ProtectSystem=true # ProtectKernelTunables=true # ProtectKernelModules=true # ProtectControlGroups=true # If your SystemD version supports them, you can add: @reboot, @swap, @sync # SystemCallFilter=~@cpu-emulation @keyring @module @obsolete @raw-io [Install] WantedBy=multi-user.target
5. HAProxy 실행
systemctl daemon-reload mkdir -p /etc/haproxy touch /etc/haproxy/haproxy.cfg systemctl enable haproxy systemctl start haproxy cd ..