Skip to end of metadata
Go to start of metadata

Proxy

The following script will download and compile HAProxy from source.

 

Download and Compile HAProxy
#!/bin/bash
# A script to download and compile HA-Proxy

TARGET=haproxy-1.5.19.tar.gz
TMP=/tmp/haproxy
cd ~
rm -rf $TMP && mkdir $TMP && cd $TMP
curl -L http://www.haproxy.org/download/1.5/src/$TARGET -o $TARGET
tar -xvzf $TARGET
rm $TARGET
cd haproxy-*
make TARGET=generic;

 

If you are unable to compile from source, then this download is known to work on Linux.
Copy haproxy to your installation folder (~/proxy will suffice).

Configuration

HAProxy needs the following configuration created to run correctly.

Error Page

Create the following in the installation folder (~proxy):
$ echo “error” > ~proxy/error.html
Create a file called “config" in the same folder:

 

# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
	log 127.0.0.1	local0
	log 127.0.0.1	local1 notice
	#log loghost	local0 info
	maxconn 4096
	#chroot /usr/share/haproxy
	user root
	group root
	#daemon
	#debug
	#quiet
defaults
	log	global
	mode	http
	option	httplog
	option	dontlognull
	retries	3
	option redispatch
	maxconn	2000
	contimeout	5000
	clitimeout	50000
	srvtimeout	50000
listen	openam <proxy hostname>:<proxy port>
		option httpchk GET /openam/isAlive.jsp
		cookie SERVERID insert nocache
		balance	roundrobin
		server	<unique server name> <hostname>:<port> cookie <lbcookie id> id 1000 check inter 2000 rise 2 fall 2
		server	<unique server name> <hostname>:<port> cookie <lbcookie id> id 1001 check inter 2000 rise 2 fall 2
 
	errorfile	400	/home/rwapshott/proxy/error.html
	errorfile	403	/home/rwapshott/proxy/error.html
	errorfile	408	/home/rwapshott/proxy/error.html
	errorfile	500	/home/rwapshott/proxy/error.html
	errorfile	502	/home/rwapshott/proxy/error.html
	errorfile	503	/home/rwapshott/proxy/error.html
	errorfile	504	/home/rwapshott/proxy/error.html

 

The important parts of this configuration are as follows.

  • proxy hostname:port - This is the hostname of the system running the load balancer and the port to run on. e.g. trogdor.forgerock.com:9090
  • unique server name - A name for the server which appears in the logs. e.g. server-1
  • hostname:port - This is the actual hostname and port of the server, which will be redirected to by the load balancer.
  • lbcookie id - This is the server ID as reported by Configuration > Servers and Sites > [server] > Advanced > com.iplanet.am.lbcookie.value
  • unique - Just a unique number e.g. 1000, 1001

Of particular interest in this config is the ability for it to only consider a server is valid for a cluster when the server has been configured. An unconfigured server will be marked as offline until configuration is complete.

Starting and Stopping


All operations should be run with root privileges.
$ sudo ./haproxy-1.4.24-pcre-40kses-linux-i586.stripped -f config
Starts a blocking process which will log the output of the load balancer as it is running. Control+C to cancel this.

Testing


Test that the load balancer is operating as expected.
Once the servers are configured in the site, shut one of them down and observe that the load balancer has detected this and reports the failure.
$ sudo ./haproxy-1.4.24-pcre-40kses-linux-i586.stripped -f config
[WARNING] 239/132529 (6392) : Server appli1-appsess/openam-2 is DOWN, reason: Layer4 connection problem, info: "Connection refused", check duration: 0ms. 1 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.
[WARNING] 239/132541 (6392) : Server appli1-appsess/openam-2 is UP, reason: Layer4 check passed, check duration: 0ms. 2 active and 0 backup servers online. 0 sessions requeued, 0 total in queue.
Also access the proxy hostname and port to verify that you are correctly getting redirected to an appropriate server in the cluster.
  • No labels