Red Hat Summit第5章 Installing the Load Balancer
The following example provides general guidance for configuring an HAProxy load balancer. However, you can install any suitable load balancing software solution that supports TCP forwarding and sticky sessions.
On a Red Hat Enterprise Linux 7 host, install HAProxy:
yum install haproxy
# yum install haproxyCopy to Clipboard Copied! Toggle word wrap Toggle overflow Install the following package that includes the
semanagetool:yum install policycoreutils-python
# yum install policycoreutils-pythonCopy to Clipboard Copied! Toggle word wrap Toggle overflow Configure SELinux to allow HAProxy to bind any port:
semanage boolean --modify --on haproxy_connect_any
# semanage boolean --modify --on haproxy_connect_anyCopy to Clipboard Copied! Toggle word wrap Toggle overflow Configure the load balancer to balance the network load for the ports as described in 表5.1「Ports Configuration for the Load Balancer」. For example, to configure ports for HAProxy, edit the
/etc/haproxy/haproxy.cfgfile to correspond with the table.You must configure sticky session on TCP port 443 to request yum metadata for RPM repositories from different Capsule Servers that you configure for load balancing.
Expand 表5.1 Ports Configuration for the Load Balancer Service Port Mode Balance Mode Destination HTTP
80
TCP
roundrobin
port 80 on all Capsule Servers
HTTPS
443
TCP
source
port 443 on all Capsule Servers
RHSM
8443
TCP
roundrobin
port 8443 on all Capsule Servers
AMQP
5647
TCP
roundrobin
port 5647 on all Capsule Servers
Puppet (Optional)
8140
TCP
roundrobin
port 8140 on all Capsule Servers
PuppetCA (Optional)
8141
TCP
roundrobin
port 8140 only on the system where you configure Capsule Server to sign Puppet certificates
SmartProxy (Optional for OpenScap)
9090
TCP
roundrobin
port 9090 on all Capsule Servers
Docker (Optional)
5000
TCP
roundrobin
port 5000 on all Capsule Servers
- Configure the load balancer to disable SSL offloading and allow client-side SSL certificates to pass through to back end servers. This is required because communication from clients to Capsule Servers depends on client-side SSL certificates.
Start and enable the HAProxy service:
systemctl start haproxy systemctl enable haproxy
# systemctl start haproxy # systemctl enable haproxyCopy to Clipboard Copied! Toggle word wrap Toggle overflow
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}