Installing and Configuring a Load Balancer

3 minute readScalability

You must use a load balancer in a CloudBees CD/RO cluster. You can choose to use any hardware load balancer or load-balancing software for a cluster configuration as long as the load balancer can act as an SSL endpoint and support returning HTTP re-directions.

Transport Layer Security (TLS) has replaced Secure Sockets Layer version 3.0 (SSLv3) on the CloudBees CD/RO server and the CloudBees CD/RO web server.

When configuring your load balancer, follow these general guidelines.

  • You must configure a load-balancer IP address for each node in your cluster.

  • Load-balance traffic on port 8000 across the CloudBees CD/RO servers on port 8000

  • Act as an SSL endpoint for port 8443 and load-balance the traffic on that port across the CloudBees CD/RO servers on port 8000.

  • Stomp Client URI: CloudBees CD/RO uses STOMP for the following purposes:

    • Transferring log files when you use the EC-FlowLogCollector plugin.

    • Preflights, such as in a CI scenario.

    • Certain API commands such as waitforjob

      If you enter stomp+ssl://FLOW_SERVER_LOAD_BALANCER_OR_IP:61613 into the Stomp Client URI field in the CloudBees CD/RO server settings page, this property is used as the URI for stomp clients. For example, stomp+ssl://myef-lb.electric-cloud.com:61613. If not present, a default value is calculated using the server’s host name.

      The server must be restarted for this setting to take effect.

      TIP:

      You can also enable this functionality via ectool :

      ectool --server localhost setProperty /server/settings/stompClientUri stomp+ssl://EF_SERVER_LOAD_BALANCER_OR_IP:61613
      ectool --server localhost setProperty /server/settings/stompSecure true
  • SSL for STOMP:

    • If the load balancer does not act as a SSL endpoint for STOMP port 61613 but instead does SSL pass-through, SSL/TLS bridging or re-encryption, make sure the Use SSL for Stomp checkbox (in the Edit Server Settings dialog box) is checked . This ensures that Commander knows that the STOMP packets are encrypted and will decrypt them.

    • If the load balancer acts as an SSL endpoint (meaning that it does SSL termination) for STOMP port 61613, make sure the Use SSL for Stomp checkbox is unchecked . This ensures that Commander knows that the load balancer is forwarding STOMP packets unencrypted.

  • The load balancer must be configured to perform frequent health check HTTP GET requests for a specific URL and take servers temporarily out of rotation if they receive an HTTP status 503 response. For example, for the CloudBees CD/RO server, this URL can be used: https://<server-host-name>:<server-http-port>/commanderRequest/health.

  • There are no requirements for the state associated with a user session to be replicated across the cluster.

For an example of how to configure a widely used load balancer such as HAProxy, see the KBEC-00281 - Configuring Load Balancers in CloudBees CD/RO Clusters Knowledge Base article.

You can use the previous example as a model for the load balancer configuration in your system and modify it to meet the system requirements of your particular model of load balancer and system configuration.

CloudBees does not support any specific load balancer. For information using about HAProxy, go to the link:https://haproxy.1wt.eu/HAProxy website. For more information about using another load balancer, go to the website for that load balancer.

If you are using HAProxy and are exporting or importing data in a large XML file, a 504 Gateway Timeout error, also called an HTTP 504 error, may occur. Change the timeout value in the /etc/haproxy/haproxy.cfg configuration file from 50 seconds:

clitimeout 50000, srvtimeout 50000

to 10 minutes:

clitimeout 600000, srvtimeout 600000

Web Server Load Balancer

The load balancer needs to contain cookie-based sticky sessions to retain the session for the user when accessing a specific web server. This way, future requests from the user will go to the same web server, locking the session to that web server. This will avoid redirect and session issues. For information about setting up sticky sessions, see your load balancer documentation.