Skip to main content

Fronting WSO2 AS worker/manager cluster with HAProxy

This blog describes how to configure HAProxy as a load balancer with WSO2 Application Server cluster

HAProxy 1.5
WSO2 Application Server 5.2.1

Setup WSO2 AS Cluster




This cluster consist of 3 WSO2 Application Server instances, as 3 worker nodes and 1 manager node, where 1 node work as both worker and manager. HAProxy performs load balancing with this cluster by distributing incoming requests to the worker nodes via HTTP/S on port 80/443.

All admin requests can be sent to the manager node directly via HTTPs on port 9444 or through the HAProxy via 443 port depending on how we configure the manager node.

Click here to see how to setup WSO2 Application Server cluster






Setup HAProxy load balancer


* Install HAProxy
$ sudo add-apt-repository ppa:vbernat/haproxy-1.5
$ sudo apt-get update
$ sudo apt-get install haproxy

Need version 1.5 since native SSL support was implemented in 1.5

* Set ENABLED to 1 if you want the init script to start haproxy

$sudo vi /etc/default/haproxy

* Edit the /etc/haproxy/haproxy.cfg file and add the following

# load balancing among the worker nodes - HTTP
frontend ft_wrk
      bind as.wso2.com:80
      default_backend bk_wrk

backend bk_wrk
      balance roundrobin
    server node1 as.wso2.com:9764
      server node2 as.wso2.com:9765
      server node3 as.wso2.com:9766

# load balancing among the worker nodes - HTTPS
# access the management console via HTTPS
frontend https-in
      bind *:443 ssl crt /etc/haproxy/ssl/haproxy.pem
      acl is_mgt hdr_beg(host) -m beg mgt.as.wso2.com
      acl is_wrk hdr_beg(host) -m beg as.wso2.com

      use_backend mgt_as_wso2_com if is_mgt
      use_backend as_wso2_com if is_wrk
      default_backend as_wso2_com

backend as_wso2_com
      balance roundrobin
      server node1 as.wso2.com:9444 check ssl
      server node2 as.wso2.com:9445 check ssl
      server node3 as.wso2.com:9446 check ssl

backend mgt_as_wso2_com
      server server1 mgt.as.wso2.com:9444 check ssl

NOTE: load balancer can receive HTTPS requests via 443 port either to management console https://mgt.as.wso2.com/carbon or worker nodes https://as.wso2.com/
frontend https-in block handles HTTPS requests come to the load balancer via 443 port,
bind *:443 ssl crt /etc/haproxy/ssl/haproxy.pem provide valid certificate to HAProxy.

acl is_mgt hdr_beg(host) -m beg mgt.as.wso2.com
acl is_wrk hdr_beg(host) -m beg as.wso2.com
acl properties filter manager and worker requests

Server verification is enabled by default in HAProxy, so need to specify the ca-file as follows
server node1 as.wso2.com:9444 check ssl ca-file /ca-file/path

To disable the server verifications need to specify ssl verify none as follows or specify ssl-server-verify none in global section
server node1 as.wso2.com:9444 check ssl verify none

* Mapping the host names to the IP
Update the “/etc/hosts” file

<IP-of-worker>    as.wso2.com
<IP-of-manager>    mgt.as.wso2.com


* Restart the HAProxy

$sudo  /etc/init.d/haproxy restart

Comments

Popular posts from this blog

How to generate random unique number in SOAP UI request

eg 1: ${=System.currentTimeMillis() + ((int)(Math.random()*10000))} eg 2: ${=java.util.UUID.randomUUID()} ${=java.util.UUID.randomUUID()} ${=System.currentTimeMillis() + ((int)(Math.random()*10000))} - See more at: http://tryitnw.blogspot.com/2014/03/generating-random-unique-number-in-soap.html#sthash.m2S4tUFu.dpuf ${=System.currentTimeMillis() + ((int)(Math.random()*10000))} - See more at: http://tryitnw.blogspot.com/2014/03/generating-random-unique-number-in-soap.html#sthash.m2S4tUFu.dpuf ${=System.currentTimeMillis() + ((int)(Math.random()*10000))} - See more at: http://tryitnw.blogspot.com/2014/03/generating-random-unique-number-in-soap.html#sthash.m2S4tUFu.dpuf

VFS access SFTP with special character password

Learn WSO2 ESB VFS Transport https://docs.wso2.com/display/ESB481/VFS+Transport When we need to access the FTP server using SFTP, VFS connection-specific URL need to be given as : <parameter name="transport.vfs.FileURI">vfs:sftp://username:p@ssword@ftp.server.com/filePath?vfs.passive=true</parameter> When the password contains a special characters (eg: p@ssword), it gives the following error. 2015-03-27 13:06:03,766  [-]   [PassThroughMessageProcessor-5]  ERROR VFSTransportSender cannot resolve replyFile org.apache.commons.vfs2.FileSystemException: Invalid absolute URI "sftp://username:***@ftp.server.com/filePath?vfs.passive=true". Solution 1: Replace the special characters with the respective hex representation. <parameter name="transport.vfs.FileURI">vfs:sftp://username:p%40ssword@ftp.server.com/filePath?vfs.passive=true</parameter> Char Hex Code ------- -------- [space] %20 &

Tips on using environment variables in WSO2 Integration Cloud

Environment variables allow you to change an application's internal configuration without changing its source code. Let’s say you want to deploy the same application in development, testing  and production environments. Then database related configs and some other internal configurations may change from one environment to another. If we can define these configurations as an environment variables we can easily set those without changing the source code of that application. When you deploy your application in WSO2 Integration Cloud, it lets you define environment variables via the UI. Whenever you change the values of environment variables, you just need to redeploy the application for the changes to take effect. Predefined environment variables Key Concepts - Environment Variables   provides you some predefined set of environment variables which will be useful when deploying applications in WSO2 Integration Cloud. Sample on how to use environment variables U se