Setup HAProxy as a Load Balancer for VMware VCF Operations

Aria Operations, Cool Tool, Load Balancer, VMware Cloud Foundation 1 Minute

HAProxy is a free opensource load balancer that is supported for use with VMware VCF Operations (formerly VMware Aria Operations). Here are the steps you need to install and configure it on a Debian VM. This configuration was for a lab deployment and may not be optimised for production. Use at your own risk!

EDIT: My colleague Ryan Johnson has very kindly written a shell script to perform the steps. Code available here.

Add an interface to the Debian VM for the VCF Operations VIP


vi /etc/network/interfaces

# Insert the following and save the changes substituting the VLANs/Subnets with your own

# VCF OPs VIP
auto eth1.1110
iface eth1.1110 inet static
address 10.11.10.30
netmask 255.255.255.0
mtu 9000

# Restart network service
systemctl restart networking.service

Install HAProxy

apt-get install haproxy 

# Backup default haproxy.cfg cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.bak

Create a new haproxy.cfg file with the following contents

# Configuration file to load balance VCF Operations
#global parameters 
global
		log 127.0.0.1 local2
		chroot /var/lib/haproxy
		pidfile /var/run/haproxy.pid
		maxconn 2000
		user haproxy
		group haproxy
		daemon
		stats socket /var/lib/haproxy/stats
		ssl-server-verify none
#default parameters unless otherwise specified 
defaults
		log global
		mode http
		option httplog
		option tcplog
		option dontlognull
		timeout connect 5000ms
		timeout client 50000ms
		timeout server 50000ms
#listener settings for stats webpage can be optional but highly recommended listen stats :9090
		balance
		mode http
		stats enable
		stats auth admin:admin
		stats uri /
		stats realm Haproxy\ Statistics
#front settings in this case we bind to all addresses on system or specify an interface
		frontend vrops_frontend_secure
		bind 10.11.10.30:443
		mode tcp
		option tcplog
		default_backend vrops_backend_secure
#backend configuration of receiving servers containing tcp-checks health checks and hashing
		backend vrops_backend_secure
		mode tcp
		option tcplog
		balance source
		hash-type consistent
		option tcp-check
		tcp-check connect port 443 ssl
		tcp-check send GET\ /suite-api/api/deployment/node/status?services=api&services=adminui&services=ui\ HTTP/1.0\r\n\r\n
		tcp-check expect rstring ONLINE
		server node1 10.11.10.31:443 check inter 15s check-ssl maxconn 140 fall 3 rise 3
		server node2 10.11.10.32:443 check inter 15s check-ssl maxconn 140 fall 3 rise 3
		server node3 10.11.10.33:443 check inter 15s check-ssl maxconn 140 fall 3 rise 3

Restart haproxy service

systemctl restart haproxy

You should now be able to browse to https://<aria-operations-vip-fqdn

Published

Leave a comment