1)基本条件:haproxy > v1.6 版本(测试时候觉得1.8版本更稳定)

2)centos编译haproxy的rpm包

https://github.com/DBezemer/rpm-haproxy

3)遇到的坑:

      –  dns的返回值不正确,原因是backend的域名填写的有问题

rancher的环境中,必须要对域名做如下转换:

如desktop-server  需转换为 desktop-server.flexhcs.rancher.internal

系统中是根据/etc/resol.conf 来自动添加的,但haproxy这边是直接向dns-server发送desktop-server这个域名的query,所以backend必须预先转换好

如:

resolvers dns1
    nameserver internal-dns 169.254.169.250:53
    resolve_retries 3
    timeout resolve 10s
    timeout retry 10s
    hold other 30s
    hold refused 30s
    hold nx 30s
    hold timeout 30s
    hold valid 10s
    hold obsolete 30s

listen desktop_server_443
    bind 172.16.33.250:443
    mode tcp
    balance source
    timeout client 28801s
    timeout server 28801s
    server Desktop-Host desktop-server.flexhcs.rancher.internal:443 check resolvers dns1

定位方式:

1)抓包

2)dns.c文件中更改dns_check_dns_response这个函数的log

 

 

配置及诉求:

5.3. Server IP address resolution using DNS
-------------------------------------------
HAProxy allows using a host name on the server line to retrieve its IP address using name servers. By default, HAProxy resolves the name when parsing the configuration file, at startup and cache the result for the process' life. This is not sufficient in some cases, such as in Amazon where a server's IP can change after a reboot or an ELB Virtual IP can change based on current workload. This chapter describes how HAProxy can be configured to process server's name resolution at run time. Whether run time server name resolution has been enable or not, HAProxy will carry on doing the first resolution when parsing the configuration.
5.3.1. Global overview
----------------------
As we've seen in introduction, name resolution in HAProxy occurs at two different steps of the process life:
1. when starting up, HAProxy parses the server line definition and matches a host name. It uses libc functions to get the host name resolved. This resolution relies on /etc/resolv.conf file.
2. at run time, HAProxy performs periodically name resolutions for servers requiring DNS resolutions.
A few other events can trigger a name resolution at run time:
- when a server's health check ends up in a connection timeout: this may be because the server has a new IP address. So we need to trigger a name resolution to know this new IP.
When using resolvers, the server name can either be a hostname, or a SRV label. HAProxy considers anything that starts with an underscore as a SRV label. If a SRV label is specified, then the corresponding SRV records will be retrieved from the DNS server, and the provided hostnames will be used. The SRV label will be checked periodically, and if any server are added or removed, haproxy will automatically do the same.
A few things important to notice:
- all the name servers are queried in the mean time. HAProxy will process the first valid response.
- a resolution is considered as invalid (NX, timeout, refused), when all the servers return an error.
5.3.2. The resolvers section
----------------------------
This section is dedicated to host information related to name resolution in HAProxy. There can be as many as resolvers section as needed. Each section can contain many name servers.
When multiple name servers are configured in a resolvers section, then HAProxy uses the first valid response. In case of invalid responses, only the last one is treated. Purpose is to give the chance to a slow server to deliver a valid answer after a fast faulty or outdated server.
When each server returns a different error type, then only the last error is used by HAProxy. The following processing is applied on this error:
1. HAProxy retries the same DNS query with a new query type. The A queries are switch to AAAA or the opposite. SRV queries are not concerned here. Timeout errors are also excluded.
2. When the fallback on the query type was done (or not applicable), HAProxy retries the original DNS query, with the preferred query type.
3. HAProxy retries previous steps <resolve_retires> times. If no valid response is received after that, it stops the DNS resolution and reports the error.
For example, with 2 name servers configured in a resolvers section, the following scenarios are possible:
- First response is valid and is applied directly, second response is ignored
- First response is invalid and second one is valid, then second response is applied
- First response is a NX domain and second one a truncated response, then HAProxy retries the query with a new type
- First response is a NX domain and second one is a timeout, then HAProxy retries the query with a new type
- Query timed out for both name servers, then HAProxy retries it with the same query type
As a DNS server may not answer all the IPs in one DNS request, haproxy keeps a cache of previous answers, an answer will be considered obsolete after <hold obsolete> seconds without the IP returned.
resolvers <resolvers id> Creates a new name server list labeled <resolvers id>
A resolvers section accept the following parameters:
accepted_payload_size <nb> Defines the maximum payload size accepted by HAProxy and announced to all the name servers configured in this resolvers section.
<nb> is in bytes. If not set, HAProxy announces 512. (minimal value defined by RFC 6891)
Note: to get bigger responses but still be sure that responses won't be dropped on the wire, one can choose a value between 1280 and 1410.
Note: the maximum allowed value is 8192.
nameserver <id> <ip>:<port> DNS server description: <id> : label of the server, should be unique
<ip> : IP address of the server
<port> : port where the DNS service actually runs
hold <status> <period> Defines <period> during which the last name resolution should be kept based on last resolution <status> <status> : last name resolution status. Acceptable values are "nx", "other", "refused", "timeout", "valid", "obsolete". <period> : interval between two successive name resolution when the last answer was in <status>. It follows the HAProxy time format.
<period> is in milliseconds by default.
Default value is 10s for "valid", 0s for "obsolete" and 30s for others.
resolution_pool_size <nb> (deprecated) Defines the number of resolutions available in the pool for this resolvers. If not defines, it defaults to 64. If your configuration requires more than <nb>, then HAProxy will return an error when parsing the configuration.
resolve_retries <nb> Defines the number <nb> of queries to send to resolve a server name before giving up.
Default value: 3
A retry occurs on name server timeout or when the full sequence of DNS query type failover is over and we need to start up from the default ANY query type.
timeout <event> <time> Defines timeouts related to name resolution <event> : the event on which the <time> timeout period applies to. events available are:
- resolve : default time to trigger name resolutions when no other time applied. Default value: 1s
- retry : time between two DNS queries, when no valid response have been received. Default value: 1s <time> : time related to the event. It follows the HAProxy time format. <time> is expressed in milliseconds.
Example:
resolvers mydns nameserver dns1 10.0.0.1:53
nameserver dns2 10.0.0.2:53
resolve_retries 3
timeout resolve 1s
timeout retry 1s
hold other 30s
hold refused 30s
hold nx 30s
hold timeout 30s
hold valid 10s
hold obsolete 30s

Logo

开放原子开发者工作坊旨在鼓励更多人参与开源活动,与志同道合的开发者们相互交流开发经验、分享开发心得、获取前沿技术趋势。工作坊有多种形式的开发者活动,如meetup、训练营等,主打技术交流,干货满满,真诚地邀请各位开发者共同参与!

更多推荐