Chapter 5: DEPLOYING HAProxy

image from HAProxy

Refer this article to learn on how to install the HAProxy.

Use the CentOS [LoadBalancer : IP 10.2.2.131 ] and install this service in it. Refer 1.2 My Testing Network Environment (Section B).

Decide on what port are you going to map this service into, in this test i’m using the standard cockroachDB port 26257 and a HAProxy administration on port 8080 .

Scroll to end of this chapter to view the architecture.

5.1 How Did I Configure My HAProxy

Navigate to this location /etc/haproxy/

If there’s no file exist as haproxy.cfg then create one.

My file consist of these below:

global

maxconn 4096

daemon defaults



# Timeout values should be configured for your specific use.



timeout connect 10s

timeout client 1m

timeout server 1m # TCP keep-alive on client side. Server already enables them.

option clitcpka listen psql

bind :26257

mode tcp

balance roundrobin

option httpchk GET /health?ready=1

server node1 10.2.2.130:26257 check port 8080

server node2 10.2.2.124:26257 check port 8080

server node3 10.2.2.125:26257 check port 8080 #---------------------------------------------------------------------

# Stats.

#---------------------------------------------------------------------

listen stats :8080

mode http

stats enable

stats uri /

#stats hide-version

stats realm HAProxy\ Statistics

stats auth admin:passwd

If you don’t know what to configure, move on to next subtopic (5.2).

NOTE: Ignore the 4th Node, i’ll explain on the last chapter.

5.2 AUTO GENERATE Your Own HAProxy Config For CockroachDB

If you don’t know what to change on the config file, Your cockroach it self do able to generate these config file for you, just ran the command below:

cockroach gen haproxy --insecure --host=<NODE1 IP> --port=26257

example: cockroach gen haproxy --insecure --host=10.1.1.130 --port=26257

there you go, just copy that file to this location /etc/haproxy/

REMEMBER: Remove the 4th NODE from the HAProxy Config file, this node should not be providing any service. I’ll explain in detail on Chapter 6.

REMOVE THIS LINE FROM THE FILE:

server node4 10.2.2.133:26257 check port 8080

To test the configuration file is working or not, run the command below

haproxy -f haproxy.cfg

5.3 POSSIBLE Trouble Bringing HAP Service UP

You should look at:

A.) FIREWALL

Make sure you have allowed the TCP port 26257 & 8080 try run the command below to get the firewall status:

firewall-cmd --list-all

you should get something like this:

public (active)

target: default

icmp-block-inversion: no

interfaces: eth0

sources:

services: ssh dhcpv6-client http

ports: 26257/tcp 8080/tcp

protocols:

masquerade: no

forward-ports:

source-ports:

icmp-blocks:

rich rules:

If not configure your firewall to allow those ports.

Learn more here on firewall-cmd.

Or Use my command below:

firewall-cmd --zone=public --add-port=26257/tcp --permanent

firewall-cmd --zone=public --add-port=8080/tcp --permanent

iptables-save

firewall-cmd reload

B.) SYSTEM SERVICE

If you’re having trouble running the HAProxy, you may wanna take a look at the service file that located at /usr/lib/systemd/system/haproxy.service make sure the configuration file are as like in below:

[Unit]

Description=HAProxy Load Balancer

After=syslog.target network.target [Service]

EnvironmentFile=/etc/sysconfig/haproxy

ExecStart=/usr/sbin/haproxy-systemd-wrapper -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid $OPTIONS

ExecReload=/bin/kill -USR2 $MAINPID

KillMode=mixed [Install]

WantedBy=multi-user.target

C.) SELINUX enforcement

Make sure you have disabled the SELinux, run the command sestatus to get the status, and the output must be as like in below:

SELinux status: disabled

if not, read here to learn what it is and how to disable it.

5.4 Capture Traffic HAP On Service Port

Ssh to the LoadBalancer CentOS and Make sure you have installed the tools called tcpdump if not run the command below:

sudo yum install tcpdump -y

Once you’ve done installing it, get your network interface name that facing the client [where the request will come in] by running the command ip a , like mine, it’s eth0 and then run the command as like in below:

tcpdump -n -i eth0 port 26257

Alright, so once you’ve ran the command you should see some output as like in below:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

which means it’s waiting for traffic to capture.

Alright, you are almost done.

Let’s point our PHP web application to our HAProxy and let’s see if we can get the same output as before.

Now go back to the php file test3.php we created before [ on Client Simulator] and change the host IP to your loadbalancer IP as like in below:

$dbconn = pg_connect("host=<Loadbalancer IP> port=26257 dbname=kanthan user=root")or die(mysql_error()); function show_records_cr(){

global $dbconn;

$sqlSelect = "SELECT * FROM testing ";



$result = pg_query($dbconn, $sqlSelect)or die(mysql_error());



if ($result == true) {

while($row = pg_fetch_assoc($result)) { echo $row['username']." ===>>pass:".$row['password']."<br>"; }

} pg_close($dbconn);

}

show_records_cr();

LoadBalancer IP: 10.2.2.131

Now call the file from browser, you will see the tcpdump tool will start to capture traffic as like in the picture below:

traffic being captured on the port

On the php file you should be getting the same output as like before,

output on PHP file ( test3.php )

Congratulations🎉 you have completed deploying your full HA CockroachDB.

So this is how the completed architecture would look like: