0

我们在 OpenStack 控制器上有一个 haproxy 设置。
OpenStack 控制器在其各自的 LXC 容器中维护所有 OpenStack 服务。

我们控制器上的 Ulimit 是 3095554

我的配置文件如下所示。我面临的问题是Tq我在 haproxy 日志中看到的时间非常长(5 - 20 秒)。有人可以帮我吗?

Tq从客户端服务器到 haproxy 的请求值非常高,这会改变tr从后端 keystone 响应到客户端服务器的响应。

        log 127.0.0.1 local0
        log 127.0.0.1 local1 notice
        maxconn 32768
        tune.bufsize 384000
        nbproc 16
        tune.chksize 16384
        tune.comp.maxlevel 1
        tune.http.maxhdr 101
        tune.maxaccept 64
        tune.ssl.cachesize 20000
        tune.ssl.lifetime 300
        tune.ssl.default-dh-param 2048
        
defaults
        log global
        option dontlognull
        option redispatch
        retries 3
        timeout client 50s
        timeout connect 10s
        timeout http-request 5s
        timeout server 50s
        maxconn 32768

frontend keystone_admin-front-1
    bind ******:Port ssl crt /etc/ssl/private/haproxy.pem ciphers 
    option httplog
    option forwardfor except ****/*
    option http-server-close
    acl white_list src.   ******/*. *******/*
    tcp-request content accept if white_list
    tcp-request content reject
    reqadd X-Forwarded-Proto:\ https
    mode http
    default_backend keystone_admin-back

frontend keystone_admin-front-2
    bind ****/* ssl crt /etc/ssl/private/haproxy.pem ciphers 
    option httplog
    option forwardfor except ****/*
    option http-server-close
    acl white_list src ****/*.  ****/*
    tcp-request content accept if white_list
    tcp-request content reject
    reqadd X-Forwarded-Proto:\ https
    mode http
    default_backend keystone_admin-back


backend keystone_admin-back
    mode http
    balance leastconn
    stick store-request src
    stick-table type ip size 256k expire 30m
    option forwardfor
    option httplog
    option httpchk HEAD /


frontend keystone_service-front-1
    bind ****/* ssl crt /etc/ssl/private/haproxy.pem ciphers 
    option httplog
    option forwardfor except ****/*
    option http-server-close
    reqadd X-Forwarded-Proto:\ https
    mode http
    default_backend keystone_service-back

frontend keystone_service-front-2
    bind ****/* ssl crt /etc/ssl/private/haproxy.pem ciphers 
    option httplog
    option forwardfor except ****/*
    option http-server-close
    reqadd X-Forwarded-Proto:\ https
    mode http
    default_backend keystone_service-back


backend keystone_service-back
    mode http
    balance leastconn
    stick store-request src
    stick-table type ip size 256k expire 30m
    option forwardfor
    option httplog
    option httpchk HEAD /
4

0 回答 0