Foreman-porxy Load Balancing Setup

Source: Internet
Author: User
Tags ssl certificate haproxy

In this paper, a puppet load Balancing environment experiment is presented.

Foreman-proxy can be four-layer or seven-layer load, can be implemented in the Foreman Web interface to add a smart-proxy, backend multiple real foreman-proxy processing purposes

Personal adoption of the Haproxy implementation of the four-layer and seven-tier agents, PM01 and pm03 are Foreman-proxy server, AG01 is the foreman server, LVS is a Load Balancer server (VIP on the LVS01 server), the above agent puppet, Foreman-proxy business.

5.1 foreman-proxy seven-layer load balancing

Because the seven layer in the agent to do HTTPS, SSL certificate authentication problem, and according to the official configuration file prompts, the use of HTTP proxy, not the HTTPS proxy, and all the SSL certificate is replaced with the LVS Agent SSL certificate.

5.1.1 Modifying the Foreman-proxy configuration file

[Email protected] puppet]# grep-v "#"/ETC/FOREMAN-PROXY/SETTINGS.YML | Grep-v "^$"

---

: settings_directory:/ETC/FOREMAN-PROXY/SETTINGS.D

: Ssl_ca_file:/var/lib/puppet/ssl/certs/ca.pem

: ssl_certificate:/var/lib/puppet/ssl/certs/lvs.jq.com.pem

: Ssl_private_key:/var/lib/puppet/ssl/private_keys/lvs.jq.com.pem

: trusted_hosts:

-Pm01.jq.com

-Pm02.jq.com

-Pm03.jq.com

-Ag01.jq.com

-Ag02.jq.com

-Ag03.jq.com

-Ca01.jq.com

-Ca02.jq.com

-Lvs01.jq.com

-Lvs02.jq.com

-Pc.jq.com

-Lvs.jq.com

:d Aemon:true

: bind_host:0.0.0.0

: http_port:8000 # The default here is: https_port:8443

: Virsh_network:default

: Log_file:/var/log/foreman-proxy/proxy.log

: Log_level:debug

5.1.2 Modifying the foreman configuration file for Foreman-proxy

[Email protected] puppet]# Cat/etc/puppet/foreman.yaml

---

: URL: "Https://ag01.jq.com"

: Ssl_ca: "/var/lib/puppet/ssl/certs/ca.pem"

: Ssl_cert: "/var/lib/puppet/ssl/certs/lvs.jq.com.pem"

: Ssl_key: "/var/lib/puppet/ssl/private_keys/lvs.jq.com.pem"

: User: ""

:p assword: ""

:p uppetdir: "/var/lib/puppet"

:p uppetuser: "Puppet"

: Facts:true

: Timeout:10

: Threads:null

5.1.3 Haproxy Proxy configuration

[Email protected] haproxy]# grep-v "#"/etc/haproxy/haproxy.cfg | Grep-v "^$"

Global

Maxconn 40000

Ulimit-n 500000

Log 127.0.0.1 local0 Info

UID 99

GID 99

Chroot/tmp

Daemon

Defaults

Log Global

Retries 2

Option Redispatch

Option Dontlognull

Option Httpclose

Balance Roundrobin

Timeout Connect 30000ms

Timeout Client 30000ms

Timeout Server 30000ms

Timeout Check 2000

Listen Admin_stats

Bind 0.0.0.0:8080

Mode http

Stats Refresh 5s

Stats enable

Stats Hide-version

Stats Realm Haproxy\ Statistics

Stats Uri/haproxy

Stats Auth Admin:password

Listen puppetmaster *:8140

Mode TCP

Option Ssl-hello-chk

Balance Source

Server pm01 pm01.jq.com:8140 check Inter fall 3

Server pm03 pm03.jq.com:8140 check Inter fall 3

Frontend Foremanproxy

Bind 0.0.0.0:8000

Mode http

Log Global

Option Httplog

Reqadd x-forwarded-proto:\ HTTPS

Default_backend Web_server

Backend Web_server

Mode http

Log Global

Option Httplog

Balance Source

Cookie ServerID Insert Indirect nocache

Server pm01 pm01.jq.com:8000 check Inter fall 3

Server pm03 pm03.jq.com:8000 check Inter fall 3

At the same time, the Foreman-proxy runs on port 8000 and is also safe,

As can be seen, the information to the 8000 port, and finally HTTPS processing.

5.2 Foreman-proxy Four-layer load balancing

The four-tier uses the HTTPS proxy, the Haproxy configuration is as follows:

Listen Foreman-proxy *:8443

Mode TCP

Option Ssl-hello-chk

Option Tcplog

# #balance Source

Balance Roundrobin

# #balance Source

Server pm01 pm01.jq.com:8443 check Inter fall 3

Server pm03 pm03.jq.com:8443 check Inter fall 3

5.3 Foreman Web Add Smart_proxy

Foreman Web Interface add Smart_proxy, only need to add Foreman-proxy on the LVS server, as follows:

Four-layer load:

http://lvs.jq.com:8000

Seven-layer load:

https://lvs.jq.com:8443

5.4 Load Test

Using the method of stopping the foreman-proxy process on the PM01 and PM03 servers respectively, remove the host and Smart_proxy on the foreman page before each test, and then add the Foreman-proxy address to the Web, in Pm01,pm03, Ag01 on the execution of puppet agent-t, it can be found that the host was successfully added to the host page.

Foreman-porxy Load Balancing Setup

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.