Solved: vCO 5.5 High Availability / Load Balancer configur...

jbweber2 · ‎10-01-2013

I'm doing some planning for a new vCO 5.5 deployment and I want to take advantage of the new high availability features, but the documentation seems to be a bit lacking in the load balancer department. I'm hoping someone knows the answers to the following questions to help zero in on possible configuration options for the load balancer:

Do calls to the vCO instances have state or can I use a stateless round robin type configuration for the lb configuration or do I need to support sessions?

Is there a health check endpoint which I can query from the load balancer to remove instances from service automatically in an active / active configuration in the event of failure? If there isn't a specific one is there a good check one can do to create a service to act as a health check?

Is anyone out there already working with a similar configuration and willing to share their experiences?

radostin · ‎10-04-2013

Hi,

You can check the following KB article which describes how to configure Nginx as load balancer. I hope it is helpful.

VMware KB: Setting up Nginx load lalancing software with VMware vCenter Orchestrator 5.5

Regards,

Radostin

View solution in original post

radostin · ‎10-04-2013

Hi,

You can check the following KB article which describes how to configure Nginx as load balancer. I hope it is helpful.

VMware KB: Setting up Nginx load lalancing software with VMware vCenter Orchestrator 5.5

Regards,

Radostin

jvassev · ‎10-04-2013

The quickest way to getting to a running nginx proxy if you have a debian/ubuntu Linux is this:

# install nginx

apt-get install nginx-extras openssl

# edit the config file

vim /etc/nginx/sites-enabled/default # and follow the instructions from the KB

# this will generate a self signed certificate,

cd /etc/nginx

NAME=domainname

openssl genrsa -out $NAME.key 1024

openssl req -new -key $NAME.key -out $NAME.csr

openssl x509 -req -days 36500 -in $NAME.csr -signkey $NAME.key -out $NAME.crt

# restart nginx to reload the new config

service nginx restart

jbweber2 · ‎10-04-2013

Any problems directly going to the https port 8021?

If you hit 8020 the local instance redirects you to 8021 anyway to put you on https.

[root@linux conf.d]# curl -i http://192.168.0.100:8280/vco/

HTTP/1.1 302 Found

Server: Apache-Coyote/1.1

Cache-Control: private

Expires: Thu, 01 Jan 1970 00:00:00 UTC

Location: https://192.168.0.100:8281/vco/

Content-Length: 0

Date: Fri, 04 Oct 2013 13:40:20 GMT

jvassev · ‎10-04-2013

The redirect to https is mandated by vCO in order to improve security.

However, the proxy (if configured as described in the KB) talks to vCO over http and the proxy itself is handling the ssl.

In the proxy you can choose not to redirect to https.

I am pasting a ready to use config file here:

upstream small-cluster {

server vco-1:8280 max_fails=1 fail_timeout=30s;

server vco-2:8280 max_fails=1 fail_timeout=30s;

}

server {

listen 80; ## listen for ipv4; this line is default and implied

listen [::]:80 default ipv6only=on; ## listen for ipv6

server_name localhost;

# this does the redirect, replace with the below definition of location /vco... if you want https and http to behave the same

location /vco {

rewrite ^(.*) https://$host$1 permanent;

}

server {

listen 443 ssl;

server_name small-cluster;

root html;

index index.html index.htm;

ssl on;

ssl_certificate domainname.crt;

ssl_certificate_key domainname.key;

ssl_session_timeout 5m;

ssl_protocols SSLv3 TLSv1;

ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;

ssl_prefer_server_ciphers on;

location /vco {

proxy_pass http://small-cluster;

proxy_next_upstream error timeout http_503;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header X-Forwarded-Proto https;

add_header X-vco-server $upstream_addr;

}

All

vCO 5.5 High Availability / Load Balancer configuration