Red Hat Training

A Red Hat training course is available for Red Hat OpenStack Platform

Chapter 5. Using HAProxy

HAProxy provides high-availability features to OpenStack by load-balancing traffic to controllers running OpenStack services. The haproxy package contains the haproxy daemon, which is started from the systemd service of the same name, along with logging features and sample configurations. As noted earlier, Pacemaker manages the HAProxy service itself as a highly available service (haproxy-clone).

Note

Refer to the KCS solution How can I verify my haproxy.cfg is correctly configured to load balance openstack services? for information on validating an HAProxy configuration.

In Red Hat OpenStack Platform 8, the director configures multiple OpenStack services to take advantage of the haproxy service. It does this by configuring those services in the /etc/haproxy/haproxy.cfg file. For each service in that file, you can see:

  • listen: The name of the service that is listening for requests
  • bind: The IP address and TCP port number on which the service is listening
  • server: The name of each server providing the service, the server’s IP address and listening port, and other information.

The haproxy.cfg file created when you install Red Hat OpenStack Platform 8 with the director identifies 19 different services for HAProxy to manage. Here’s an example of how the ceilometer listen service is configured in the haproxy.cfg file:

listen ceilometer
  bind 172.16.0.10:8777
  bind 192.168.1.150:8777
  server overcloud-controller-0 172.16.0.13:8777 check fall 5 inter 2000 rise 2
  server overcloud-controller-1 172.16.0.14:8777 check fall 5 inter 2000 rise 2
  server overcloud-controller-2 172.16.0.15:8777 check fall 5 inter 2000 rise 2

This example of HAProxy settings for the ceilometer service identifies the IP addresses and ports on which the ceilometer service is offered (port 8777 on 172.16.0.10 and 192.168.1.150). The 172.16.0.10 address is a virtual IP address on the Internal API network (VLAN201) for use within the overcloud, while the 192.168.1.150 virtual IP address is on the External network (VLAN100) to provide access to the API network from outside of the overcloud.

HAProxy can direct requests made for those two IP addresses to overcloud-controller-0 (172.16.0.13:8777), overcloud-controller-1 (172.16.0.14:8777), or overcloud-controller-2 (172.16.0.15:8777).

The options set on these servers enables health checks (check) and the service is considered to be dead after five failed health checks (fall 5). The interval between two consecutive health checks is set to 2000 milliseconds (or 2 seconds) by inter 2000. A server is considered operational after 2 successful health checks (rise 2).

Here is the list of services managed by HAProxy on the controller nodes:

Table 5.1. Services managed by HAProxy

ceilometer

cinder

glance_api

glance_registry

haproxy.stats

heat_api

heat_cfn

heat_cloudwatch

horizon

keystone_admin

keystone_public

mysql

neutron

nova_ec2

nova_metadata

nova_novncproxy

5.1. HAProxy Stats

The director also enables HAProxy Stats by default on all HA deployments. This feature allows you to view detailed information about data transfer, connections, server states, and the like on the HAProxy Stats page.

The director also sets the IP:Port address through which you can reach the HAProxy Stats page. To find out what this address is, open the /etc/haproxy/haproxy.cfg file of any node where HAProxy is installed. The listen haproxy.stats section lists this information. For example:

listen haproxy.stats
  bind 10.200.0.6:1993
  mode http
  stats enable
  stats uri /

In this case, point your web browser to 10.200.0.6:1993 to view the HAProxy Stats page.

5.2. References

For more information about HAProxy, see HAProxy Configuration (from Load Balancer Administration).

For detailed information about settings you can use in the haproxy.cfg file, see the documentation in /usr/share/doc/haproxy-VERSION/configuration.txt on any system where the haproxy package is installed (such as Controller nodes).