This example shows how to configure HAProxy as a load balancer for a ElectricFlow cluster. You can use this example as a model for the load balancer configuration in your system and modify it to meet the system requirements. Electric Cloud does not support HAProxy and the configuration described in the document. For information about the HAProxy configuration, go to the HAProxy website.
Note: Electric Cloud does not support any load balancers. For more information about using load balancer in your ElectricFlow cluster, go to the website for that load balancer.
Do the following tasks to configure network load balancing on a cluster of Linux machines. All machines in the cluster receive incoming requests when network load balancing is enabled. However, the load balancer ensures that only one machine completes the request. For more information, go to the HAProxy website.
Configuring the ElectricFlow Cluster in HAProxy
Use this procedure with HAProxy 1.5, which was evaluated by Electric Cloud. If you use another software version of HAProxy or load balancer, the configuration procedure will vary. You may need to use a separate piece of software to act as a Secure Sockets Layer (SSL) endpoint. For example, you could use stunnel with HAProxy 1.4.Note
Note: Electric Cloud does not support HAProxy. For more information about HAProxy, including upgrading from HAProxy 1.4 to HAProxy 1.5, go to the HAProxy website.
- Install HAProxy 1.5 or later.
- Configure HAProxy to communicate with the Flow server.
- Go to the end of the haproxy.cfg file in /etc/haproxy.
- Comment out the following lines by adding a # at the start of each line:
log loghost local0 info chroot /usr/share/haproxy debug quietlisten ssl-relay 0.0.0.0:8443 option ssl-hello-chk balance source server inst1 192.168.110.56:443 check inter 2000 fall 3 server inst2 192.168.110.57:443 check inter 2000 fall 3 server back1 192.168.120.58:443 backup errorloc 502 http://192.168.114.58/error502.html errorfile 503 /etc/haproxy/errors/503.http errorfile 400 /etc/haproxy/errors/400.http errorfile 403 /etc/haproxy/errors/403.http errorfile 408 /etc/haproxy/errors/408.http errorfile 500 /etc/haproxy/errors/500.http errorfile 502 /etc/haproxy/errors/502.http errorfile 503 /etc/haproxy/errors/503.http errorfile 504 /etc/haproxy/errors/504.http |
-
- Add the following information with the appropriate host names and IP addresses
# redirect port 80 to port 443frontend commander-web-frontend-insecure mode http bind 0.0.0.0:80 redirect scheme https if !{ssl_fc}# load balance port 443 across web servers, with HAProxy acting as the SSL endpointfrontend commander-web-frontend-secure mode tcp bind 0.0.0.0:443 ssl crt /home/<user_name_haproxy_runs_under>/server.pem default_backend commander-web-backendbackend commander-web-backend mode http server node1 <your_web_server1_ip_address>:80 check server node2 <your_web_server2_ip_address>:80 check server node3 <your_web_server3_ip_address>:80 check stats enable# load balance ports 8000 and 8443 across Flow servers, with HAProxy acting as the SSL endpoint for port 8443frontend commander-server-frontend-insecure mode http bind 0.0.0.0:8000 default_backend commander-server-backendfrontend commander-server-frontend-secure mode tcp bind 0.0.0.0:8443 ssl crt /home/<user_name_haproxy_runs_under>/server.pem default_backend commander-server-backendbackend commander-server-backend mode http server node1 <your_commander_server1_IP_address>:8000 check server node2 <your_commander_server2_IP_address>:8000 check server node3 <your_commander_server3_IP_address>:8000 check stats enable option httpchk GET /commanderRequest/health# load balance port 61613 across Flow servers, with HAProxy acting as the SSL endpointfrontend commander-stomp-frontend mode tcp bind 0.0.0.0:61613 ssl crt /home/<user_name_haproxy_runs_under>/server.pem default_backend commander-stomp-backend option tcplog log globalbackend commander-stomp-backend mode tcp server node1 <your_commander_server1_IP_address>:61613 check port 8000 server node2 <your_commander_server2_IP_address>:61613 check port 8000 server node3 <your_commander_server3_IP_address>:61613 check port 8000 option tcplog log global |
- Determine where to create an SSL certificate called server.pem.
The default location is/home/<user_name_haproxy_runs_under>/You can add this certificate to another location if you modify the corresponding paths specified in
/etc/haproxy/haproxy.cfg - Enter the following commands to create an SSL certificate called server.pem:
openssl req -new -out server.csr -textopenssl rsa -in privkey.pem -out server.keyopenssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 -textcat server.crt server.key > server.pem |
Note: When prompted for the Common Name, enter the fully-qualified domain name address of your load balancer.
- To restart HAProxy, enter /etc/init.d/haproxy restart.
- To confirm that HAProxy is running, enter /etc/init.d/haproxy status.
Adding Nodes to the HAProxy Cluster
To add additional nodes to a pre-existing cluster:
- Open the haproxy.cfg file in /etc/haproxy.
- Add the new host name and IP address to the backend commander-backend section.
- To restart HAProxy, enter /etc/init.d/haproxy restart.
This is an example of a HAProxy configuration file.
Comments