This document describes how to install HAProxy after the upgrade from 3.10.x to 4.0.x.
Author: Marc Cirauqui
Before you begin: check that you have the epel-release package installed. Otherwise HAProxy might not be available or it might be an old version.
The configuration to use depends on your architecture.
If you have multiple datacenters and are running websockify on each Remote Services server, you will need to define the backend for each server. Configure the UI server with the following model for the /etc/haproxy/haproxy.cfg file and make the changes described below.
The frontend block defines where HAProxy will listen for browser connections, which in this case is port 41337. The bind line also specifies the SSL certificate. Use the same one as you use in the UI to avoid certificate warnings. Note that HAProxy only takes one file so you may need to concat certificate and private key into a single file (use cat cert key > haproxycert).
For multiple datacenters in Abiquo, you will need websockify installed on every Remote Services server. Then configure these servers by creating acl and use_backend lines and backend blocks as described here.
For each remote services server, copy the acl and use_backend lines and replace the hash values. To create the hashes for a server, generate an SHA1 digest of the value of the abiquo.datacenter.id property. For example:
So requests with path 2af9eaa6f48878b7952cbca17bc3d784b642d2ac will use backend named 2af9eaa6f48878b7952cbca17bc3d784b642d2ac.
To create the backend block, copy the backend text from the example above, but in the server line, replace the IP and port value with the values for the websockify daemon on the corresponding Remote services server.
When you have all the acl and use_backend lines, as well as the backend blocks for all the datacenters, restart the haproxy daemon to start routing requests.
If you have multiple datacenters with ESXi hosts and you can allow access to all hosts in all datacenters, then you could use the following configuration with a single default websockify daemon.
Here the frontend block does not have acl or use_backend statements, but instead has a default_backend pointing to the only backend available. That backend in turn, points to the websockify daemon.