KBEC-00281 - Configuring Load Balancers in CloudBees CD (CloudBees Flow) Clusters

Article ID:360033191231
3 minute readKnowledge base

This example shows how to configure HAProxy as a load balancer for a CloudBees CD (CloudBees Flow) cluster. You can use this example as a model for the load balancer configuration in your system and modify it to meet the system requirements. Electric Cloud does not support HAProxy and the configuration described in the document. For information about the HAProxy configuration, go to the HAProxy website.

Electric Cloud does not support any load balancers. For more information about using load balancer in your CloudBees CD (CloudBees Flow) cluster, go to the website for that load balancer.

Do the following tasks to configure network load balancing on a cluster of Linux machines. All machines in the cluster receive incoming requests when network load balancing is enabled. However, the load balancer ensures that only one machine completes the request. For more information, go to the HAProxy website.

Configuring the CloudBees CD (CloudBees Flow) Cluster in HAProxy

Use this procedure with HAProxy 1.5, which was evaluated by Electric Cloud. If you use another software version of HAProxy or load balancer, the configuration procedure will vary. You may need to use a separate piece of software to act as a Secure Sockets Layer (SSL) endpoint. For example, you could use stunnel with HAProxy 1.4.Note

Electric Cloud does not support HAProxy. For more information about HAProxy, including upgrading from HAProxy 1.4 to HAProxy 1.5, go to the HAProxy website.

  1. Install HAProxy 1.5 or later.

  2. Configure HAProxy to communicate with the CloudBees CD (CloudBees Flow) server.

    1. Go to the end of the haproxy.cfg file in /etc/haproxy.

    2. Comment out the following lines by adding a # at the start of each line:

       log loghost    local0 info
   chroot /usr/share/haproxy
   debug
   quiet
 listen  ssl-relay 0.0.0.0:8443
   option  ssl-hello-chk
   balance source
   server  inst1 192.168.110.56:443 check inter 2000 fall 3
   server  inst2 192.168.110.57:443 check inter 2000 fall 3
   server  back1 192.168.120.58:443 backup
   errorloc       502     https://192.168.114.58/error502.html
   errorfile       503     /etc/haproxy/errors/503.http
   errorfile       400     /etc/haproxy/errors/400.http
   errorfile       403     /etc/haproxy/errors/403.http
   errorfile       408     /etc/haproxy/errors/408.http
   errorfile       500     /etc/haproxy/errors/500.http
   errorfile       502     /etc/haproxy/errors/502.http
   errorfile       503     /etc/haproxy/errors/503.http
   errorfile       504     /etc/haproxy/errors/504.http

1. 1. Add the following information with the appropriate host names and IP addresses

```
# redirect port 80 to port 443
frontend commander-web-frontend-insecure
  mode http
  bind 0.0.0.0:80
  redirect scheme https if !{ssl_fc}
# load balance port 443 across web servers, with HAProxy acting as the SSL endpoint
frontend commander-web-frontend-secure
  mode tcp
  bind 0.0.0.0:443 ssl crt /home//server.pem
  default_backend commander-web-backend
backend commander-web-backend
  mode http
  server node1 :80 check
  server node2 :80 check
  server node3 :80 chec
  stats enable
# load balance ports 8000 and 8443 across Flow servers, with HAProxy acting as the SSL endpoint for port 8443
frontend commander-server-frontend-insecure
  mode http
  bind 0.0.0.0:8000
  default_backend commander-server-backend
frontend commander-server-frontend-secure
  mode tcp
  bind 0.0.0.0:8443 ssl crt /home//server.pem
  default_backend commander-server-backend
backend commander-server-backend
  mode http
  server node1 :8000 check
  server node2 :8000 check
  server node3 :8000 check
  stats enable
  option httpchk GET /commanderRequest/health
# load balance port 61613 across Flow servers, with HAProxy acting as the SSL endpoint
frontend commander-stomp-frontend
  mode tcp
  bind 0.0.0.0:61613 ssl crt /home//server.pem
  default_backend commander-stomp-backend
  option tcplog
  log global
backend commander-stomp-backend
  mode tcp
  server node1 :61613 check port 8000
  server node2 :61613 check port 8000
  server node3 :61613 check port 8000
  option tcplog
  log global
```

  1. Determine where to create an SSL certificate called server.pem .
    The default location is

     /home//

    You can add this certificate to another location if you modify the corresponding paths specified in

     /etc/haproxy/haproxy.cfg

  2. Enter the following commands to create an SSL certificate called server.pem :

     openssl req -new -out server.csr -text
 openssl rsa -in privkey.pem -out server.key
 openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650 -text
 cat server.crt server.key > server.pem
When prompted for the Common Name, enter the fully-qualified domain name address of your load balancer.

  1. To restart HAProxy, enter /etc/init.d/haproxy restart.

  2. To confirm that HAProxy is running, enter /etc/init.d/haproxy status.

Adding Nodes to the HAProxy Cluster

To add additional nodes to a pre-existing cluster:

  1. Open the haproxy.cfg file in /etc/haproxy.

  2. Add the new host name and IP address to the backend commander-backend section.

  3. To restart HAProxy, enter /etc/init.d/haproxy restart.

This is an example of a HAProxy configuration file.