KBEC-00281 - Configuring Load Balancers in ElectricFlow Clusters

This example shows how to configure HAProxy as a load balancer for a ElectricFlow cluster. You can use this example as a model for the load balancer configuration in your system and modify it to meet the system requirements. Electric Cloud does not support HAProxy and the configuration described in the document. For information about the HAProxy configuration, go to the HAProxy website.

Note: Electric Cloud does not support any load balancers.  For more information about using load balancer in your ElectricFlow cluster, go to the website for that load balancer.

Do the following tasks to configure network load balancing on a cluster of Linux machines. All machines in the cluster receive incoming requests when network load balancing is enabled. However, the load balancer ensures that only one machine completes the request. For more information, go to the HAProxy website.

Configuring the ElectricFlow Cluster in HAProxy

Use this procedure with HAProxy 1.5, which was evaluated by Electric Cloud. If you use another software version of HAProxy or load balancer, the configuration procedure will vary. You may need to use a separate piece of software to act as a Secure Sockets Layer (SSL) endpoint. For example, you could use stunnel with HAProxy 1.4.Note

Note: Electric Cloud does not support HAProxy. For more information about HAProxy, including upgrading from HAProxy 1.4 to HAProxy 1.5, go to the HAProxy website.

  1. Install HAProxy 1.5 or later.
  2. Configure HAProxy to communicate with the Flow server.
    1. Go to the end of the haproxy.cfg file in /etc/haproxy.
    2. Comment out the following lines by adding a # at the start of each line:
log loghost    local0 info 
  chroot /usr/share/haproxy
  debug
  quiet
listen  ssl-relay 0.0.0.0:8443
  option  ssl-hello-chk
  balance source
  server  inst1 192.168.110.56:443 check inter 2000 fall 3
  server  inst2 192.168.110.57:443 check inter 2000 fall 3
  server  back1 192.168.120.58:443 backup
  errorloc       502     http://192.168.114.58/error502.html
  errorfile       503     /etc/haproxy/errors/503.http
  errorfile       400     /etc/haproxy/errors/400.http
  errorfile       403     /etc/haproxy/errors/403.http
  errorfile       408     /etc/haproxy/errors/408.http
  errorfile       500     /etc/haproxy/errors/500.http
  errorfile       502     /etc/haproxy/errors/502.http
  errorfile       503     /etc/haproxy/errors/503.http
  errorfile       504     /etc/haproxy/errors/504.http
    1. Add the following information with the appropriate host names and IP addresses
# redirect port 80 to port 443
frontend commander-web-frontend-insecure
  mode http
  bind 0.0.0.0:80
  redirect scheme https if !{ssl_fc}
# load balance port 443 across web servers, with HAProxy acting as the SSL endpoint
frontend commander-web-frontend-secure
  mode tcp
  bind 0.0.0.0:443 ssl crt /home/<user_name_haproxy_runs_under>/server.pem
  default_backend commander-web-backend
backend commander-web-backend
  mode http
  server node1 <your_web_server1_ip_address>:80 check
  server node2 <your_web_server2_ip_address>:80 check
  server node3 <your_web_server3_ip_address>:80 check
  stats enable
# load balance ports 8000 and 8443 across Flow servers, with HAProxy acting as the SSL endpoint for port 8443
frontend commander-server-frontend-insecure
  mode http
  bind 0.0.0.0:8000
  default_backend commander-server-backend
frontend commander-server-frontend-secure
  mode tcp
  bind 0.0.0.0:8443 ssl crt /home/<user_name_haproxy_runs_under>/server.pem
  default_backend commander-server-backend
backend commander-server-backend
  mode http
  server node1 <your_commander_server1_IP_address>:8000 check
  server node2 <your_commander_server2_IP_address>:8000 check
  server node3 <your_commander_server3_IP_address>:8000 check
  stats enable
  option httpchk GET /commanderRequest/health
# load balance port 61613 across Flow servers, with HAProxy acting as the SSL endpoint
frontend commander-stomp-frontend
  mode tcp
  bind 0.0.0.0:61613 ssl crt /home/<user_name_haproxy_runs_under>/server.pem
  default_backend commander-stomp-backend
  option tcplog
  log global
backend commander-stomp-backend
  mode tcp
  server node1 <your_commander_server1_IP_address>:61613 check port 8000
  server node2 <your_commander_server2_IP_address>:61613 check port 8000
  server node3 <your_commander_server3_IP_address>:61613 check port 8000
  option tcplog
  log global
  1. Determine where to create an SSL certificate called server.pem.
    The default location is
    /home/<user_name_haproxy_runs_under>/

    You can add this certificate to another location if you modify the corresponding paths specified in

    /etc/haproxy/haproxy.cfg
  2. Enter the following commands to create an SSL certificate called server.pem:
openssl req -new -out server.csr -text
openssl rsa -in privkey.pem -out server.key
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 -text
cat server.crt server.key > server.pem

Note: When prompted for the Common Name, enter the fully-qualified domain name address of your load balancer.

  1. To restart HAProxy, enter /etc/init.d/haproxy restart.
  2. To confirm that HAProxy is running, enter /etc/init.d/haproxy status.

Adding Nodes to the HAProxy Cluster

To add additional nodes to a pre-existing cluster:

  1. Open the haproxy.cfg file in /etc/haproxy.
  2. Add the new host name and IP address to the backend commander-backend section.
  3. To restart HAProxy, enter /etc/init.d/haproxy restart.

This is an example of a HAProxy configuration file.  

Have more questions? Submit a request

Comments

Powered by Zendesk