I'm doing some planning for a new vCO 5.5 deployment and I want to take advantage of the new high availability features, but the documentation seems to be a bit lacking in the load balancer department. I'm hoping someone knows the answers to the following questions to help zero in on possible configuration options for the load balancer:
Do calls to the vCO instances have state or can I use a stateless round robin type configuration for the lb configuration or do I need to support sessions?
Is there a health check endpoint which I can query from the load balancer to remove instances from service automatically in an active / active configuration in the event of failure? If there isn't a specific one is there a good check one can do to create a service to act as a health check?
Is anyone out there already working with a similar configuration and willing to share their experiences?
Hi,
You can check the following KB article which describes how to configure Nginx as load balancer. I hope it is helpful.
VMware KB: Setting up Nginx load lalancing software with VMware vCenter Orchestrator 5.5
Regards,
Radostin
Hi,
You can check the following KB article which describes how to configure Nginx as load balancer. I hope it is helpful.
VMware KB: Setting up Nginx load lalancing software with VMware vCenter Orchestrator 5.5
Regards,
Radostin
The quickest way to getting to a running nginx proxy if you have a debian/ubuntu Linux is this:
# install nginx
apt-get install nginx-extras openssl
# edit the config file
vim /etc/nginx/sites-enabled/default # and follow the instructions from the KB
# this will generate a self signed certificate,
cd /etc/nginx
NAME=domainname
openssl genrsa -out $NAME.key 1024
openssl req -new -key $NAME.key -out $NAME.csr
openssl x509 -req -days 36500 -in $NAME.csr -signkey $NAME.key -out $NAME.crt
# restart nginx to reload the new config
service nginx restart
Any problems directly going to the https port 8021?
If you hit 8020 the local instance redirects you to 8021 anyway to put you on https.
[root@linux conf.d]# curl -i http://192.168.0.100:8280/vco/
HTTP/1.1 302 Found
Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Thu, 01 Jan 1970 00:00:00 UTC
Location: https://192.168.0.100:8281/vco/
Content-Length: 0
Date: Fri, 04 Oct 2013 13:40:20 GMT
The redirect to https is mandated by vCO in order to improve security.
However, the proxy (if configured as described in the KB) talks to vCO over http and the proxy itself is handling the ssl.
In the proxy you can choose not to redirect to https.
I am pasting a ready to use config file here:
upstream small-cluster {
server vco-1:8280 max_fails=1 fail_timeout=30s;
server vco-2:8280 max_fails=1 fail_timeout=30s;
}
server {
listen 80; ## listen for ipv4; this line is default and implied
listen [::]:80 default ipv6only=on; ## listen for ipv6
server_name localhost;
# this does the redirect, replace with the below definition of location /vco... if you want https and http to behave the same
location /vco {
rewrite ^(.*) https://$host$1 permanent;
}
}
server {
listen 443 ssl;
server_name small-cluster;
root html;
index index.html index.htm;
ssl on;
ssl_certificate domainname.crt;
ssl_certificate_key domainname.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
location /vco {
proxy_pass http://small-cluster;
proxy_next_upstream error timeout http_503;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
add_header X-vco-server $upstream_addr;
}
}