Chapter 5. Installing the Load Balancer


The following example provides general guidance for configuring an HAProxy load balancer. However, you can install any suitable load balancing software solution that supports TCP forwarding and sticky sessions.

  1. On a Red Hat Enterprise Linux 7 host, install HAProxy:

    # yum install haproxy
  2. Install the following package that includes the semanage tool:

    # yum install policycoreutils-python
  3. Configure SELinux to allow HAProxy to bind any port:

    # semanage boolean --modify --on haproxy_connect_any
  4. Configure the load balancer to balance the network load for the ports as described in Table 5.1, “Ports Configuration for the Load Balancer”. For example, to configure ports for HAProxy, edit the /etc/haproxy/haproxy.cfg file to correspond with the table.

    You must configure sticky session on TCP port 443 to request yum metadata for RPM repositories from different Capsule Servers that you configure for load balancing.

    Table 5.1. Ports Configuration for the Load Balancer
    ServicePortModeBalance ModeDestination

    HTTP

    80

    TCP

    roundrobin

    port 80 on all Capsule Servers

    HTTPS

    443

    TCP

    source

    port 443 on all Capsule Servers

    RHSM

    8443

    TCP

    roundrobin

    port 8443 on all Capsule Servers

    AMQP

    5647

    TCP

    roundrobin

    port 5647 on all Capsule Servers

    Puppet (Optional)

    8140

    TCP

    roundrobin

    port 8140 on all Capsule Servers

    PuppetCA (Optional)

    8141

    TCP

    roundrobin

    port 8140 only on the system where you configure Capsule Server to sign Puppet certificates

    SmartProxy (Optional for OpenScap)

    9090

    TCP

    roundrobin

    port 9090 on all Capsule Servers

    Docker (Optional)

    5000

    TCP

    roundrobin

    port 5000 on all Capsule Servers

  5. Configure the load balancer to disable SSL offloading and allow client-side SSL certificates to pass through to back end servers. This is required because communication from clients to Capsule Servers depends on client-side SSL certificates.
  6. Start and enable the HAProxy service:

    # systemctl start haproxy
    # systemctl enable haproxy
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.