You must use a load balancer in a CloudBees Flow cluster. You can choose to use any hardware load balancer or load-balancing software for a cluster configuration as long as the load balancer can act as an SSL endpoint and support returning HTTP re-directions.
|Transport Layer Security (TLS) has replaced Secure Sockets Layer version 3.0 (SSLv3) on the CloudBees Flow server and the CloudBees Flow web server.|
When configuring your load balancer, follow these general guidelines.
You must configure a load-balancer IP address for each node in your cluster.
Load-balance traffic on port 8000 across the CloudBees Flow servers on port 8000
Act as an SSL endpoint for port 8443 and load-balance the traffic on that port across the CloudBees Flow servers on port 8000.
Stomp Client URI: CloudBees Flow uses STOMP for the following purposes:
Transferring log files when you use the EC-FlowLogCollector plugin.
Preflights, such as in a CI scenario.
Certain API commands such as
If you enter
stomp+ssl://FLOW_SERVER_LOAD_BALANCER_OR_IP:61613into the Stomp Client URI field in the CloudBees Flow server settings page, this property is used as the URI for stomp clients. For example,
stomp+ssl://myef-lb.electric-cloud.com:61613. If not present, a default value is calculated using the server’s host name.
The server must be restarted for this setting to take effect.
You can also enable this functionality via
ectool --server localhost setProperty /server/settings/stompClientUri stomp+ssl://EF_SERVER_LOAD_BALANCER_OR_IP:61613
ectool --server localhost setProperty /server/settings/stompSecure true
SSL for STOMP:
If the load balancer does not act as a SSL endpoint for STOMP port 61613 but instead does SSL pass-through, SSL/TLS bridging or re-encryption, make sure the Use SSL for Stomp checkbox (in the Edit Server Settings dialog box) is checked . This ensures that Commander knows that the STOMP packets are encrypted and will decrypt them.
If the load balancer acts as an SSL endpoint (meaning that it does SSL termination) for STOMP port 61613, make sure the Use SSL for Stomp checkbox is unchecked . This ensures that Commander knows that the load balancer is forwarding STOMP packets unencrypted.
The load balancer must be configured to perform frequent health check HTTP GET requests for a specific URL and take servers temporarily out of rotation if they receive an HTTP status 503 response. For example, for the CloudBees Flow server, this URL can be used:
There are no requirements for the state associated with a user session to be replicated across the cluster.
For an example of how to configure a widely used load balancer such as HAProxy, see the KBEC-00281 - Configuring Load Balancers in CloudBees Flow Clusters Knowledge Base article.
You can use the previous example as a model for the load balancer configuration in your system and modify it to meet the system requirements of your particular model of load balancer and system configuration.
CloudBees does not support any specific load balancer. For information using about HAProxy, go to the link:https://haproxy.1wt.eu/HAProxy website. For more information about using another load balancer, go to the website for that load balancer.
If you are using HAProxy and are exporting or importing data in a large XML file, a 504 Gateway Timeout error, also called an HTTP 504 error, may occur. Change the timeout value in the
to 10 minutes:
The load balancer needs to contain cookie-based sticky sessions to retain the session for the user when accessing a specific web server. This way, future requests from the user will go to the same web server, locking the session to that web server. This will avoid redirect and session issues. For information about setting up sticky sessions, see your load balancer documentation.