Lab 14‐1: HAProxy Load Balancer - AidanP017/Aidan-NET-330 GitHub Wiki

Purpose

In this lab, we used the open-source software HAProxy to set up web-server load-balancing using an HAProxy and two Apache virtual machines.

Lab Setup

Obtaining IP Addresses

On the two Apache virtual machines, we ran the command dhclient to obtain IP addresses.

Verify that both virtual machines are able to ping each other before moving on.

Enable Apache

On both Apache virtual machines, create a text file called index.html in the /var/www/html directory that includes the name and number of the respective servers.

cd /var/www/html
touch index.html
vi index.html
Aidan-Server 1 (on Server 1)
Aidan-Server 2 (on Server 2)

Then, start the Apache servers using the command systemctl start httpd and verify that both servers can be reached in a browser before proceeding.

image

image

HAProxy VM Setup

On the HAProxy VM, obtain an IP address using dhclient.

Then verify that the two Apache servers can be pinged before continuing.

Configuration of Load Balancing on HAProxy VM

Frontend Configuration

For this lab, the IP address of the HAProxy VM will be the Virtual IP (VIP).

Edit haproxy.cfg in the /etc/haproxy directory to include the following.

image

These three lines of text will create a VIP for a server pool call web-srv-pool-1, have the pool use the HAProxy VM's IP address and port 80, and define the group name for the backend servers, respectively.

Backend Configuration

For the backend configuration, enter the following.

image

These four lines of text will create the backend group, use the RoundRobin method for load balancing, and specify the names and IP addresses on port 80 associated with the two Apache servers, respectively.

Save the file and restart HAProxy. Make sure that it is running.

systemctl restart haproxy
systemctl status haproxy

Testing the Connection

In a browser, browse to the IP address of the HAProxy VM. It should switch between the pages for both Apache servers when refreshing the page.

image

image

Enable HAProxy Logging

Configuring rsyslog

Next, we configured rsyslog to log HAProxy info to /var/log/haproxy.log.

Edit /etc/rsyslog.conf to look like the following.

image

image

Save the file and restart the service.

systemctl restart rsyslog

Testing the Connection

Refresh the browser with the IP address of the HAProxy VM in the search bar. Then run the command tail -f /var/log/haproxy.log on the HAProxy VM. Access to the site should be logged and show RoundRobin connection attempts.

image

Configuration of Health Checks

Enabling Health Checks for the Backend Servers

Then, health checks were enabled for the backend servers.

Edit the haproxy.cfg file and add the word check after the server definitions.

image

Save the file and restart HAProxy.

Testing Health Checks for Down Servers

Rerun the tail -f /var/log/haproxy.log command and shut down Server 2. The log should show a "server2 is DOWN" message. Only Server 1's page should show up when connecting to the frontend server in the browser.

Now restart Server 2 remembering to reobtain an IP address and start Apache. The log should now show a "server 2 is UP" message.

image

Doing the same process but with Apache on Server 2 should yield similar results.

Additional HAProxy Configurations

Changing the Apache Server Ports from 80 to 8008

Navigate to /etc/httpd/conf/httpd.conf on Server 1 and 2 and change the listening port to 8008.

image

On the HAProxy VM, edit the haproxy.cfg file and change the port numbers like so.

image

Then update the firewall on the Apache servers to allow port 8008.

image

Remember to apply the changes to the firewall on both Apache servers and restart it.

firewall-cmd --reload

In a browser, navigate to the Apache servers and specify port 8008 in the search. The page should load successfully for both servers.

image

image

Updating the HTTP Checks to Look for a Specific URL

Lastly, we updated the HTTP checks to look for a specific URL, in this case index.html.

The backend configuration in haproxy.cfg was edited like so.

image

The last line will tell HAProxy to use a HEAD request for index.html and send it using the HTTP/1.1 protocol. The host:localhost header is included since virtual hosts are being used with Apache.

When done, save the file and restart HAProxy. Then rerun the command tail -f /var/log/haproxy.log and rename the index.html files on both Apache servers.

Example: mv index.html check.html

If done correctly, a Layer 7 Down message should show up for both servers in the log. Changing the names of the HTML files back to index.html should restore the status of the Apache servers and show a Layer 7 Up message for them in the log.

image