From 529c8a78aebda5d44c4e1a1e2e2b6d20ba1413e9 Mon Sep 17 00:00:00 2001 From: Tim Hansen Date: Wed, 12 May 2021 15:38:17 -0400 Subject: [PATCH] libvirt: add doc on a default load balancer configuration for libvirt The installer for the development libvirt target does not launch a load balancer by default. A default configuration of a basic HAProxy config is given here as a guideline for developers. Signed-off-by: Tim Hansen --- docs/dev/libvirt/load_balancer.md | 125 ++++++++++++++++++++++++++++++ 1 file changed, 125 insertions(+) create mode 100644 docs/dev/libvirt/load_balancer.md diff --git a/docs/dev/libvirt/load_balancer.md b/docs/dev/libvirt/load_balancer.md new file mode 100644 index 0000000000..b7036c77ad --- /dev/null +++ b/docs/dev/libvirt/load_balancer.md @@ -0,0 +1,125 @@ +# Load Balancer Setup + +The libvirt deployment does not deploy a load balancer for development purposes. + +This doc goes over an example configuration of HAProxy for doing local development. + +### Installing HAProxy +These instructions are for Fedora 34+. + +Install the RPM for `HAProxy`. +```sh +sudo dnf install haproxy +``` + +Configure `haproxy.cfg`. A default configuration follows, replace with the appropriate IP addresses for your environment: + +```sh +#--------------------------------------------------------------------- +# Global settings +#--------------------------------------------------------------------- +global + log 127.0.0.1 local2 + + chroot /var/lib/haproxy + pidfile /var/run/haproxy.pid + maxconn 4000 + user haproxy + group haproxy + daemon + + # turn on stats unix socket + stats socket /var/lib/haproxy/stats + + # utilize system-wide crypto-policies + # ssl-default-bind-ciphers PROFILE=SYSTEM + # ssl-default-server-ciphers PROFILE=SYSTEM + +#--------------------------------------------------------------------- +# common defaults that all the 'listen' and 'backend' sections will +# use if not designated in their block +#--------------------------------------------------------------------- +defaults + mode tcp + log global + option httplog + option dontlognull + option http-server-close + option forwardfor except 127.0.0.0/8 + option redispatch + retries 3 + timeout http-request 10s + timeout queue 1m + timeout connect 10s + timeout client 1m + timeout server 1m + timeout http-keep-alive 10s + timeout check 10s + maxconn 3000 + +#--------------------------------------------------------------------- +# main frontend which proxys to the backends +#--------------------------------------------------------------------- + +frontend api + bind :6443 + default_backend controlplaneapi + +frontend internalapi + bind :22623 + default_backend controlplaneapiinternal + +frontend secure + bind :443 + default_backend secure + +frontend insecure + bind :80 + default_backend insecure + +#--------------------------------------------------------------------- +# static backend +#--------------------------------------------------------------------- + +backend controlplaneapi + balance source + server bootstrap :6443 check + server master0 :6443 check + server master1 :6443 check + server master2 :6443 check + +backend controlplaneapiinternal + balance source + server bootstrap :22623 check + server master0 :22623 check + server master1 :22623 check + server master2 :22623 check + +backend secure + balance source + server compute0 :443 check + server compute1 :443 check + server compute2 :443 check + +backend insecure + balance source + server worker0 :80 check + server worker1 :80 check + server worker2 :80 check +``` + +Start and (optionally, enable) the systemd daemon. + +```sh +# If you want it enabled +sudo systemctl enable --now haproxy.service +# If you want to start it manually every time +sudo systemctl start haproxy.service +``` + +Ensure it's running by checking the systemd journal: + +```sh +# Hit Ctrl+C when done following the logs. +sudo journalctl -f -u haproxy.service +``` \ No newline at end of file