Chapter 6. Load balancing traffic with HAProxy
The HAProxy service provides load balancing of traffic to Controller nodes in the high availability cluster, as well as logging and sample configurations.
The haproxy package contains the haproxy daemon, which corresponds to the systemd service of the same name. Pacemaker manages the HAProxy service as a highly available service called haproxy-bundle.
For more information about HAProxy, see the HAProxy 1.8 documentation.
For information on verifying that HAProxy is configured correctly, see the KCS article How can I verify my haproxy.cfg is correctly configured to load balance openstack services?.
6.1. How HAProxy works
Director can configure most Red Hat OpenStack Platform services to use the HAProxy service. Director configures those services in the /var/lib/config-data/haproxy/etc/haproxy/haproxy.cfg file, which instructs HAProxy to run in a dedicated container on each overcloud node.
The following table shows the list of services that HAProxy manages:
Table 6.1. Services managed by HAProxy
| aodh | cinder | glance_api | gnocchi |
| haproxy.stats | heat_api | heat_cfn | horizon |
| keystone_admin | keystone_public | mysql | neutron |
| nova_metadata | nova_novncproxy | nova_osapi | nova_placement |
For each service in the haproxy.cfg file, you can see the following properties:
- listen: The name of the service that is listening for requests.
- bind: The IP address and TCP port number on which the service is listening.
- server: The name of each Controller node server that uses HAProxy, the IP address and listening port, and additional information about the server.
The following example shows the OpenStack Block Storage (cinder) service configuration in the haproxy.cfg file:
listen cinder
bind 172.16.0.10:8776
bind 192.168.1.150:8776
mode http
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
option httpchk
server overcloud-controller-0 172.16.0.13:8777 check fall 5 inter 2000 rise 2
server overcloud-controller-1 172.16.0.14:8777 check fall 5 inter 2000 rise 2
server overcloud-controller-2 172.16.0.15:8777 check fall 5 inter 2000 rise 2This example output shows the following information about the OpenStack Block Storage (cinder) service:
-
172.16.0.10:8776: Virtual IP address and port on the Internal API network (VLAN201) to use within the overcloud. -
192.168.1.150:8776: Virtual IP address and port on the External network (VLAN100) that provides access to the API network from outside the overcloud. -
8777: Port number on which the OpenStack Block Storage (cinder) service is listening. -
server: Controller node names and IP addresses. HAProxy can direct requests made to those IP addresses to one of the Controller nodes listed in theserveroutput. -
httpchk: Enables health checks on the Controller node servers. -
fall 5: Number of failed health checks to determine that the service is offline. -
inter 2000: Interval between two consecutive health checks in milliseconds. -
rise 2: Number of successful health checks to determine that the service is running.
For more information about settings you can use in the haproxy.cfg file, see the /usr/share/doc/haproxy-[VERSION]/configuration.txt file on any node where the haproxy package is installed.
6.2. Viewing HAProxy stats
By default, the director also enables HAProxy Stats, or statistics, on all HA deployments. With this feature, you can view detailed information about data transfer, connections, and server states on the HAProxy Stats page.
The director also sets the IP:Port address that you use to reach the HAProxy Stats page and stores the information in the haproxy.cfg file.
Procedure
-
Open the
/var/lib/config-data/haproxy/etc/haproxy/haproxy.cfgfile in any Controller node where HAProxy is installed. Locate the listen haproxy.stats section:
listen haproxy.stats bind 10.200.0.6:1993 mode http stats enable stats uri / stats auth admin:<haproxy-stats-password>
-
In a Web browser, navigate to 10.200.0.6:1993 and enter the credentials from the
stats authrow to view the HAProxy Stats page.
