Chapter 6. Load balancing traffic with HAProxy
The HAProxy service provides load balancing of traffic to Controller nodes in the high availability cluster, as well as logging and sample configurations.
The haproxy
package contains the haproxy
daemon, which corresponds to the systemd
service of the same name. Pacemaker manages the HAProxy service as a highly available service called haproxy-bundle
.
For more information about HAProxy, see the HAProxy 1.8 documentation.
For information on verifying that HAProxy is configured correctly, see the KCS article How can I verify my haproxy.cfg is correctly configured to load balance openstack services?.
6.1. How HAProxy works
Director can configure most Red Hat OpenStack Platform services to use the HAProxy service. Director configures those services in the /var/lib/config-data/haproxy/etc/haproxy/haproxy.cfg
file, which instructs HAProxy to run in a dedicated container on each overcloud node.
The following table shows the list of services that HAProxy manages:
Table 6.1. Services managed by HAProxy
aodh | cinder | glance_api | gnocchi |
haproxy.stats | heat_api | heat_cfn | horizon |
keystone_admin | keystone_public | mysql | neutron |
nova_metadata | nova_novncproxy | nova_osapi | nova_placement |
For each service in the haproxy.cfg
file, you can see the following properties:
- listen: The name of the service that is listening for requests.
- bind: The IP address and TCP port number on which the service is listening.
- server: The name of each Controller node server that uses HAProxy, the IP address and listening port, and additional information about the server.
The following example shows the OpenStack Block Storage (cinder) service configuration in the haproxy.cfg
file:
listen cinder bind 172.16.0.10:8776 bind 192.168.1.150:8776 mode http http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } option httpchk server overcloud-controller-0 172.16.0.13:8777 check fall 5 inter 2000 rise 2 server overcloud-controller-1 172.16.0.14:8777 check fall 5 inter 2000 rise 2 server overcloud-controller-2 172.16.0.15:8777 check fall 5 inter 2000 rise 2
This example output shows the following information about the OpenStack Block Storage (cinder) service:
-
172.16.0.10:8776
: Virtual IP address and port on the Internal API network (VLAN201) to use within the overcloud. -
192.168.1.150:8776
: Virtual IP address and port on the External network (VLAN100) that provides access to the API network from outside the overcloud. -
8777
: Port number on which the OpenStack Block Storage (cinder) service is listening. -
server
: Controller node names and IP addresses. HAProxy can direct requests made to those IP addresses to one of the Controller nodes listed in theserver
output. -
httpchk
: Enables health checks on the Controller node servers. -
fall 5
: Number of failed health checks to determine that the service is offline. -
inter 2000
: Interval between two consecutive health checks in milliseconds. -
rise 2
: Number of successful health checks to determine that the service is running.
For more information about settings you can use in the haproxy.cfg
file, see the /usr/share/doc/haproxy-[VERSION]/configuration.txt
file on any node where the haproxy
package is installed.
6.2. Viewing HAProxy stats
By default, the director also enables HAProxy Stats, or statistics, on all HA deployments. With this feature, you can view detailed information about data transfer, connections, and server states on the HAProxy Stats page.
The director also sets the IP:Port address that you use to reach the HAProxy Stats page and stores the information in the haproxy.cfg
file.
Procedure
-
Open the
/var/lib/config-data/haproxy/etc/haproxy/haproxy.cfg
file in any Controller node where HAProxy is installed. Locate the listen haproxy.stats section:
listen haproxy.stats bind 10.200.0.6:1993 mode http stats enable stats uri / stats auth admin:<haproxy-stats-password>
-
In a Web browser, navigate to 10.200.0.6:1993 and enter the credentials from the
stats auth
row to view the HAProxy Stats page.