08 - Setup HAproxy

Photo by Ash Edmonds on Unsplash

08 - Setup HAproxy

ยท

2 min read

This post is part of the Manual Deployment Openstack HA and Ceph series.

HAProxy is a commonly used load balancer and proxy server that can be deployed in a high-availability (HA) configuration in an OpenStack environment. It helps distribute incoming traffic across multiple backend servers, providing redundancy, scalability, and improved performance.

Setup HAproxy (Execute on all controller nodes)

1. Install haproxy

apt install haproxy -y

2. Enable ip forward and ip nonlocal bind kernel parameter

cat << EOF > /etc/sysctl.d/50-haproxy.conf
net.ipv4.ip_nonlocal_bind = 1
net.ipv4.ip_forward = 1
EOF

sysctl -p /etc/sysctl.d/50-haproxy.conf

3. Generate self signed certificate

openssl req -x509 -new -nodes -newkey rsa:2048 -keyout root.key -sha256 -days 1024 -out root.crt -subj "/OU=DAMA ID/CN=dama.id"

openssl req -nodes -newkey rsa:2048 -keyout java.dama.id.key -out java.dama.id.csr -subj "/OU=DAMA ID/CN=*.java.dama.id"

openssl x509 -req -in java.dama.id.csr -CA root.crt -CAkey root.key -CAcreateserial -out java.dama.id.crt -days 500 -sha256

cat java.dama.id.crt java.dama.id.key > /etc/ssl/certs/java.dama.id.pem

4. Distribute cert to other controllers node

scp /etc/ssl/certs/java.dama.id.pem os-controller-01:/etc/ssl/certs/
scp /etc/ssl/certs/java.dama.id.pem os-controller-02:/etc/ssl/certs/

5. Generate user for haproxy mysql health check

mysql
CREATE USER 'haproxy'@'localhost';
CREATE USER 'haproxy'@'%';

6. Edit haproxy configuration

global
  chroot  /var/lib/haproxy
  daemon
  group  haproxy
  maxconn  4000
  pidfile  /var/run/haproxy.pid
  user  haproxy

defaults
  log  global
  maxconn  4000
  option  redispatch
  retries  3
  timeout  http-request 10s
  timeout  queue 1m
  timeout  connect 10s
  timeout  client 480m
  timeout  server 480m
  timeout  check 10s

# HAPROXY Status Page

listen stats
  bind *:1945
  mode http
  stats enable
  stats hide-version
  stats uri /stats
  stats refresh 10s
  stats show-node

# GALERA
listen galera_cluster
  bind 10.10.10.100:3306
  balance  source
  option  tcpka
  mode tcp
  option mysql-check user haproxy
        server os-controller-01 10.10.10.11:3306 check weight 1
        server os-controller-02 10.10.10.12:3306 check weight 1
        server os-controller-03 10.10.10.13:3306 check weight 1

7. Restart haproxy service

systemctl restart haproxy
ย