Lab 14‐1 - LPouliot/Junior-Spring-NET-330-01-Network-Design GitHub Wiki

Lab 14-1 HAProxy Load Balancer - Lab

Server Load Balancing with HAProxy

For this lab, we will be using the open-source software HAProxy for web-server load-balancing. HAProxy is open-source and used by many of the most popular sites on the Internet.

Lab Set-Up

For this lab, you will need an HAProxy VM (link below) and 2 CentOS simple web servers (link below)

HAProxy VM Download

CentOS Web Server VM Download

Configure 2 Web Servers in VMWare

Download the CentOS-Apache-Base-VM (user: root, password: test3)

Make a copy of the download - as you will need 2 CentOS-Apache-Base-VM's running

Start up a VM called "Server 1" using Bridged or NAT networking

image

Start up another VM (using the copy of the base VM) called "Server 2" using Bridged or NAT networking

image

Run dhclient to get an IP address on each

  • Server 1 - 192.168.1.144

  • Server 2 - 192.168.1.36

Make sure that the 2 servers can ping each other before proceeding

Server 1

image

Server 2

image

On each server, create a simple text file /var/www/html/index.html with content that indicates the server-name/number

image

image

Start httpd (systemctl start httpd) on both servers

From your workstation browser, verify that you can reach the website on both server IP addresses before proceeding

image

image

HAProxy Server

Download the HAProxy VM

image

Launch VM using Bridged or NAT networking

  • Password: test3

Run dhclient to get an IP

  • HAProxy Server - 192.168.153.132

Verify that you can ping the 2 web servers from the HAProxy server before proceeding

image

Configuring Load Balancing in HAProxy

Define the "Frontend"

  • In HAProxy - the "frontend: refers to the IP address that remote users will use to connect to the "balanced" servers.
  • On other vendor's Load Balancers, this is often referred to as the VIP (Virtual IP) as it is the IP address assigned to the pool of systems and not the physical servers themselves.

In our lab

  • the IP address of the HAProxy server will be the VIP as it is handling the connections on behalf of the "backend servers"

edit /etc/haproxy/haproxy.cfg

  • vi

Under "#define frontend" we will need to enter the following:

frontend web-srv-pool-1  (this creates a VIP for a server pool call web-srv-pool-1)
bind *:80   (this says that the pool will use the HAProxy server's IP address and port 80)
default_backend web_servers  (the backend servers group is called "web_servers")

Under the "# define backend" section in haproxy.cfg, enter the following

backend web_servers (creates a backend group called "web_servers")
balance roundrobin  (use the roundrobin method for load balancing)
server server1 _ip_of_server1_:80 (192.168.1.144:80)
server server2 _ip_of_server_2:80 (192.168.1.36:80)

image

start haproxy service

Use systemctl status haproxy to make sure haproxy is "active"

image

Testing HAProxy

From your workstation - browse to the HAProxy IP address

You should see either the Server1 or Server2 web page

Refresh - use different browsers etc. and you should see it switch between Server1 and Server2!

Submit screenshots of the Server 1 and Server 2 pages displayed in a browser with the HAProxy IP address

image

Enable HAProxy Logging

Logging is important for Load Balancing monitoring and troubleshooting.

  • We will configue rsyslog to log HAProxy info to /var/log/haproxy.log

Configure rsyslog config file /etc/rsyslog.conf

image

Restart rsyslog

Restart HAproxy

Do a "tail -f /var/log/haproxy.log" and make connections from your workstation browser to your "frontend". The connections should be logged

Submit screenshot of haproxy log showing roundrobin connection attempts

image

Configure Health Checks

Monitoring services on the backend servers to see if they are still responding can be an important component of server load balancers. If a service is unresponsive, it is useful if the load balancer does not send any packets to that system.

HAProxy monitors systems through Health Checks. By default, the HAProxy server tests the service on each backend server ever 2 seconds (configurable). These tests can be simple TCP connections or more detailed checks to see if a certain protocol (e.g. HTTP) is responding or if a particular resource is returned (e.g. words on a web page).

Edit the haproxy.cfg file

In the "backend" section add "check" after the server definitions

server             server[num] [IP]:80 check

restart haproxy

Test Health Check for Down Servers

Run a tail -f /var/log/haproxy.log

shutdown Server2

You should see a "server2 is Down" message

Try and connect to the Frontend IP - you should only get Server1 responses

image

Restart Server2 (don't forget dhclient and to restart httpd)

You should see "server 2 is Up" message

Test Health Check for Down Services

Repeat the steps above (B.) but instead of shutting down Server 2 - just stop httpd

Submit screenshots of the haproxy.log showing server 2 going down and up again

Correction - this is completed before I fixed the haproxy.cfg file

image

Additional HAProxy Configurations

Many backend servers do not use standard ports so change the web server Apache listening ports on server1 and server2 from 80 to 8008

  • /etc/httpd/conf/httpd.conf

image

Update HAproxy for the changed ports

  • Frontend connection should still be port 80

image

Update the firewall on the web server(s) to allow port 8008 (firewall-cmd command)

  • For both Server 1 and Server 2
firewall-cmd --permanent --add-port=8008/udp

firewall-cmd --reload

restart httpd and haproxy

Update the HTTP Checks to look for specific URL

Edit haproxy.cfg

Under the "backend web_servers" configuration - add a httpchk option to perform a HEAD request for /index.html

  • HEAD requests will pull down the headers for that URL (not the whole file) so if index.html is not there, it will fail
  • Apache supports Virtual Hosts, so you will also need the "Host:" header

Syntax of option httpcheck

  • option httpchk METHOD URL Protocol\r\nHost:any_domain_name
  • METHOD is HTTP Method (HEAD,GET,PUT...)
  • \r\n is for a new line
  • example: option httpchk HEAD /status/check.html HTTP/1.1\r\nHost:slb-lab.com

you only need to add this line once. It defines an option for any server that is being "check"-ed

option httpchk HEAD /status/check.html HTTP/1.1\r\nHost:slb-lab.com

Remember - the url has to be a page that exists on your server (/index.html in this lab)

image

Restart HAProxy

tail -f /var/log/haproxy.log

rename /var/www/html/index.html on server 1 or server 2

You should see a Layer 7 Down message in HAProxy

change back to index.html and HAProxy should mark server as UP

Error: time to live exceeded when trying to reach haproxy server

image

The error I am getting is a time-to-live exceeded when trying to ping my haproxy server

What may work:

  • Right now, all of the VMs are set to NAT. Changing it to a bridged connection may solve the issue as it is not as remotely connected like NAT