2022-08-07, update1

INFRA/HA-PROXY/ENV/README.md

@@ -98,21 +98,9 @@ frontend hongs
     acl is_hongsnet_net hdr_end(host) -i hongsnet.net
     use_backend hongsnet_net if is_hongsnet_net
 
-backend hongsnet_net
-
-    redirect prefix https://www.hongsnet.net code 301 if { hdr(host) -i hongsnet.net }
-
 backend www_hongsnet_net
 
-    balance roundrobin
-    option  forwardfor
-
-    option  httpchk  HEAD / HONGSNET_LVS
-    option  httpclose
-    cookie  SVID insert indirect nocache maxlife 10m
-
-    redirect scheme https code 301 if !{ ssl_fc }
-
+    # 에러 파일 설정
     errorfile 400 /etc/haproxy/errors/400.http
     errorfile 403 /etc/haproxy/errors/403.http
     errorfile 408 /etc/haproxy/errors/408.http
@@ -126,22 +114,15 @@ backend www_hongsnet_net
 
     http-request set-src src
 
-    server  tb2.hongsnet.net 172.24.0.151:80 cookie tb2 check fall 3 rise 2
-    server  tb3.hongsnet.net 172.16.0.158:80 cookie tb3 check fall 3 rise 2
-    server  tb3-docker.hongsnet.net 172.16.0.251:80 cookie tb3-docker check fall 3 rise 2
-    server  maintenance 192.168.200.233:8080 maxconn 1024 backup
-
-backend edu_hongsnet_net
-
-    balance roundrobin
-    option  forwardfor
+    #Redirect if HTTPS is *not* used, 강제 https 리디렉션, 평시운영 시
+    redirect scheme https code 301 if !{ ssl_fc }
 
-    option  httpchk  HEAD / HONGSNET_PROXY
-    option  httpclose
-    cookie  SVID insert indirect nocache maxlife 10m
+    server  tb2.hongsnet.net 172.24.0.151:30000 check fall 3 rise 2
+    server  tb3.hongsnet.net 172.16.0.158:30000 check fall 3 rise 2
 
-    redirect scheme https code 301 if !{ ssl_fc }
+backend edu_hongsnet_net
 
+    # 에러 파일 설정
     errorfile 400 /etc/haproxy/errors/400.http
     errorfile 403 /etc/haproxy/errors/403.http
     errorfile 408 /etc/haproxy/errors/408.http
@@ -150,23 +131,21 @@ backend edu_hongsnet_net
     errorfile 503 /etc/haproxy/errors/503.http
     errorfile 504 /etc/haproxy/errors/504.http
 
-    http-request set-src src
-
-    server  tb2.hongsnet.net 172.24.0.151:80 cookie tb2 check fall 3 rise 2
-    server  tb3.hongsnet.net 172.16.0.158:80 cookie tb3 check fall 3 rise 2
-    server  tb3-docker.hongsnet.net 172.16.0.251:80 cookie tb3-docker check fall 3 rise 2
+    http-request cache-use web_cache
+    http-response cache-store web_cache
 
-backend edu_example_com
+    http-request set-src src
 
-    balance roundrobin
-    option  forwardfor
+    # Redirect if HTTPS is *not* used, 강제 https 리디렉션
+    redirect scheme https code 301 if !{ ssl_fc }
 
-    option  httpchk  HEAD / HONGSNET_PROXY
-    option httpclose
-    cookie  SVID insert indirect nocache maxlife 10m
+    server  tb2.hongsnet.net 172.24.0.151:30000 cookie tb2 check fall 3 rise 2
+    server  tb3.hongsnet.net 172.16.0.158:30000 cookie tb3 check fall 3 rise 2
+    server  tb3-docker.hongsnet.net 172.16.0.251:30000 cookie tb3-docker check fall 3 rise 2
 
-    redirect scheme https code 301 if !{ ssl_fc }
+backend edu_example_com
 
+    # 에러 파일 설정
     errorfile 400 /etc/haproxy/errors/400.http
     errorfile 403 /etc/haproxy/errors/403.http
     errorfile 408 /etc/haproxy/errors/408.http
@@ -177,21 +156,16 @@ backend edu_example_com
 
     http-request set-src src
 
-    server  tb2.hongsnet.net 172.24.0.151:80 cookie tb2 check fall 3 rise 2
-    server  tb3.hongsnet.net 172.16.0.158:80 cookie tb3 check fall 3 rise 2
-    server  tb3-docker.hongsnet.net 172.16.0.251:80 cookie tb3-docker check fall 3 rise 2
-
-backend newsystem_hongsnet_net
-
-    balance roundrobin
-    option  forwardfor
+    # Redirect if HTTPS is *not* used, 강제 https 리디렉션
+    redirect scheme https code 301 if !{ ssl_fc }
 
-    option  httpchk  HEAD / HONGSNET_PROXY
-    option httpclose
-    cookie  SVID insert indirect nocache maxlife 10m
+    server  tb2.hongsnet.net 172.24.0.151:30000 cookie tb2 check fall 3 rise 2
+    server  tb3.hongsnet.net 172.16.0.158:30000 cookie tb3 check fall 3 rise 2
+    server  tb3-docker.hongsnet.net 172.16.0.251:30000 cookie tb3-docker check fall 3 rise 2
 
-    redirect scheme https code 301 if !{ ssl_fc }
+backend newsystem_hongsnet_net
 
+    # 에러 파일 설정
     errorfile 400 /etc/haproxy/errors/400.http
     errorfile 403 /etc/haproxy/errors/403.http
     errorfile 408 /etc/haproxy/errors/408.http
@@ -202,21 +176,16 @@ backend newsystem_hongsnet_net
 
     http-request set-src src
 
-    server  tb2.hongsnet.net 172.24.0.151:80 cookie tb2 check fall 3 rise 2
-    server  tb3.hongsnet.net 172.16.0.158:80 cookie tb3 check fall 3 rise 2
-    server  tb3-docker.hongsnet.net 172.16.0.251:80 cookie tb3-docker check fall 3 rise 2
-
-backend study_hongsnet_net
-
-    balance roundrobin
-    option  forwardfor
+    # Redirect if HTTPS is *not* used, 강제 https 리디렉션
+    redirect scheme https code 301 if !{ ssl_fc }
 
-    option  httpchk  HEAD / HONGSNET_PROXY
-    option httpclose
-    cookie  SVID insert indirect nocache maxlife 10m
+    server  tb2.hongsnet.net 172.24.0.151:30000 check fall 3 rise 2
+    server  tb3.hongsnet.net 172.16.0.158:30000 check fall 3 rise 2
+    server  tb3-docker.hongsnet.net 172.16.0.251:30000 check fall 3 rise 2
 
-    redirect scheme https code 301 if !{ ssl_fc }
+backend study_hongsnet_net
 
+    # 에러 파일 설정
     errorfile 400 /etc/haproxy/errors/400.http
     errorfile 403 /etc/haproxy/errors/403.http
     errorfile 408 /etc/haproxy/errors/408.http
@@ -227,9 +196,13 @@ backend study_hongsnet_net
 
     http-request set-src src
 
-    server  tb2.hongsnet.net 172.24.0.151:80 cookie tb2 check fall 3 rise 2
-    server  tb3.hongsnet.net 172.16.0.158:80 cookie tb3 check fall 3 rise 2
-    server  tb3-docker.hongsnet.net 172.16.0.251:80 cookie tb3-docker check fall 3 rise 2
+    # Redirect if HTTPS is *not* used, 강제 https 리디렉션
+    redirect scheme https code 301 if !{ ssl_fc }
+
+    server  tb2.hongsnet.net 172.24.0.151:30000 cookie tb2 check fall 3 rise 2
+    server  tb3.hongsnet.net 172.16.0.158:30000 cookie tb3 check fall 3 rise 2
+    server  tb3-docker.hongsnet.net 172.16.0.251:30000 cookie tb3-docker check fall 3 rise 2
+
 ```
 
 
@@ -269,12 +242,11 @@ use_backend www_hongsnet_net if is_www_hongsnet_net
 - **Back-end 설정**
 
 ```bash
-server  tb2.hongsnet.net 172.24.0.151:80 cookie tb2 check fall 3 rise 2
-server  tb3.hongsnet.net 172.16.0.158:80 cookie tb3 check fall 3 rise 2
-server  tb3-docker.hongsnet.net 172.16.0.251:80 cookie tb3-docker check fall 3 rise 2
-# 서버점검 시
-server  maintenance 192.168.200.233:8080 maxconn 1024 backup
+server  tb2.hongsnet.net 172.24.0.151:30000 check fall 3 rise 2
+server  tb3.hongsnet.net 172.16.0.158:30000 check fall 3 rise 2
+server  tb3-docker.hongsnet.net 172.16.0.251:30000 check fall 3 rise 2
 ```
 
 > 연결할 Back-end 서버들의 리스트다. 3번 health check가 실패하면 down으로 판단되고, 2번 성공하면 다시 Load Balancer 대상에 포함시킨다. 그리고 backup의 경우 서버점검 시 사용한다.
+> **30000**번 포트는 `K8s의 NodePort 설정으로 외부에 노출되는 서비스 포트` 이다.
 

SYSTEM/HW/SERVER/README.md

@@ -4,13 +4,13 @@
 
 | NO | CPU | MEM | DISK | Role | 현황 | 비고 |
 | ------ | ------ | ------ | ------ | ------ | ------ | ------ |
-| 1 | Intel(R) Xeon(R) E5620 @ 2.40GHz (Quad) * 2 | 64 GB (DDR3) | SATA 2 TB * 4 (RAID 10) | 개발용 + Front-End | [GO](./RESULT/192.168.200.62/2021/03/01/) | DELL R410 |
-| 2 | Intel(R) Xeon(R) E31220 @ 3.10GHz (Quad) * 1 | 32 GB (DDR3) | SATA 2 TB * 2 (Software RAID,  Level 1) | STAG + Front-End | [GO](./RESULT/192.168.200.217/2021/03/01/) | HP DL120 G9 |
-| 3 | Intel(R) Xeon(R) E5645 @ 2.40GHz (Hexa) * 2 | 148 GB (DDR3) | SATA 1TB * 6 (RAID 10) | Admin 용도 + WORKER | [GO](./RESULT/172.24.0.151/2021/03/01/) | DELL R710 |
-| 4 | Intel(R) Xeon(R) X5650  @ 2.67GHz (Hexa) * 2 | 256 GB (DDR3) | SATA 2TB * 6 (RAID 10) | Virtualization + WORKER | [GO](./RESULT/172.16.0.158/2021/03/01/) | DELL R710 |
-| 5 | Intel(R) Xeon(R) E5645  @ 2.40GHz (Hexa) * 2 | 128 GB (DDR3) | SATA 2TB * 4 (RAID 10) | STORAGE + MANAGER | [GO](./RESULT/172.24.0.245/2021/03/01/) | DELL R710 |
-| 6 | Intel(R) Xeon(R) X5650 @ 2.67GHz (Hexa) * 2 | 64 GB (DDR3) | SATA 2TB * 4 (RAID 10) | DBMS + Virtualization | [GO](./RESULT/180.180.180.250/2021/03/01/) | DELL R410 |
-| 7 | Intel(R) Xeon(R) E5620 @ 2.40GHz (Quad) * 2 | 64 GB (DDR3) | SAS 600GB * 2 (Software RAID, Level 1) | WORKER | [GO](./RESULT/172.16.0.251/2021/03/01/) | IBM X3550 M2 |
+| 1 | Intel(R) Xeon(R) E5620 @ 2.40GHz (Quad) * 2 | 64 GB (DDR3) | SATA 2 TB * 4 (RAID 10) | Front-End, Virtualization | [GO](./RESULT/192.168.200.62/2021/03/01/) | DELL R410 |
+| 2 | Intel(R) Xeon(R) E5620 @ 2.40GHz (Quad) * 2 | 64 GB (DDR3) | SATA 2 TB * 4 (RAID 10) | Front-End, Virtualization | [GO](./RESULT/192.168.200.217/2021/03/01/) | DELL R410 |
+| 3 | Intel(R) Xeon(R) E5645 @ 2.40GHz (Hexa) * 2 | 148 GB (DDR3) | SATA 1TB * 6 (RAID 10) | WORKER, Virtualization | [GO](./RESULT/172.24.0.151/2021/03/01/) | DELL R710 |
+| 4 | Intel(R) Xeon(R) X5650  @ 2.67GHz (Hexa) * 2 | 256 GB (DDR3) | SATA 2TB * 6 (RAID 10) | WORKER, Virtualization | [GO](./RESULT/172.16.0.158/2021/03/01/) | DELL R710 |
+| 5 | Intel(R) Xeon(R) E5645  @ 2.40GHz (Hexa) * 2 | 128 GB (DDR3) | SATA 2TB * 6 (RAID 10) | MASTER, STORAGE | [GO](./RESULT/172.24.0.245/2021/03/01/) | DELL R710 |
+| 6 | Intel(R) Xeon(R) X5650 @ 2.67GHz (Hexa) * 2 | 96 GB (DDR3) | SATA 2TB * 6 (RAID 10) | DBMS, Virtualization | [GO](./RESULT/180.180.180.250/2021/03/01/) | DELL R710 |
+| 7 | Intel(R) Xeon(R) E5620 @ 2.40GHz (Quad) * 2 | 64 GB (DDR3) | SAS 600GB * 2 (Software RAID, Level 1) | WORKER, Virtualization | [GO](./RESULT/172.16.0.251/2021/03/01/) | IBM X3550 M2 |
 
 
 # Ansible을 통한 정보수집 준비

SYSTEM/NETWORKING/README.md

@@ -8,8 +8,7 @@
 | 2 | Cisco WS-C3560G-24TS | 12.2(58)SE2 (C3560-IPSERVICESK9-M) | 관리자용 1Gbps | [GO](./RESULT/20.20.20.2/2021/03/01/) | Layer 3 |
 | 3 | Cisco WS-C3750G-48TS | 12.2(35)SE5 (C3750-IPSERVICES-M) | 개발용 1Gbps | [GO](./RESULT/10.10.10.2/2021/03/01/) | Layer 3 |
 | 4 | Cisco WS-C3750-48TS | 12.2(44)SE3 (C3750-IPSERVICESK9-M) | Swtich Exchange | [GO](./RESULT/10.10.10.1/2021/03/01/) | Layer 3 |
-| 5 | Cisco WS-C3750-48TS | 12.2(50)SE3 (C3750-IPSERVICESK9-M) | DBMS Routing (100Mbps) | [GO](./RESULT/40.40.40.2/2021/03/01/) | Layer 3 |
-| 6 | Cisco WS-C2960G-24TC-L | 12.2(53)SE1 (C2960-LANBASEK9-M) | DBMS 1Gbps | [GO](./RESULT/180.180.180.254/2021/03/01/) | Layer 2 |
+| 6 | Cisco WS-C3560G-24TS | 12.2(58)SE2 (C3560-IPSERVICESK9-M) | DBMS 1Gbps | [GO](./RESULT/180.180.180.254/2021/03/01/) | Layer 3 |
 
 
 # Ansible을 통한 정보수집 준비