Sample Configuration Files for HAProxy

You can use the supplied configuration files to configure the HAProxy load balancer for deployments with and without TLS or as a guide when using a different type of load balancer.

HAProxy is an open source load balancer. It can be used as a load balancer in front of the Cloudera Manager hosts. Other load balancers may be used instead of HAProxy.

Below is are samples of an haproxy.config file, one for deployments where TLS is enabled, and a second samlple without TLS. If you choose a different type of load balancer, use this configuration file as a guide for configuring the load balancer.

In the files below, <cert.pem> refers to a PEM-encoded file containing a concatenation of the load balancer’s certificate and corresponding private key. Ensure that the private key does not have a passphrase. HAProxy does not support private keys protected with a passphrase.

Replace <cm_host_1> and <cm_host_2> with the actual DNS names of the Cloudera Manager server hosts. The passive server is indicated by the use of the backup keyword in the server definition line, as used in the file below.

Sample haproxy.confg file with TLS enabled

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults 
timeout http-request    10s
   	timeout queue           1m
   	timeout connect         10s
   	 timeout client          10m
    	 timeout server          10m
   	 #timeout http-keep-alive 10s
   	 timeout check           10s
    	 maxconn                 3000


# enable admin stats at :8000/haproxy?stats
listen admin
	bind *:8000
	stats enable



global
    log /dev/log local0
    log localhost local1 notice
    maxconn 2000
    daemon

defaults
    log global
    mode tcp
    option tcplog
    option dontlognull
    retries 3
    timeout connect 5000
    timeout client 50000
    timeout server 50000

frontend http-in
    bind *:7183 ssl crt <cert.pem>
    default_backend cmservers

backend cmservers
    mode tcp
    option tcplog
    option log-health-checks
    option redispatch
    log global
    balance roundrobin
    timeout connect 10s
    timeout server 1m
    # active server
    server cm1 <cm_host_1>:7183 check ssl verify none crt <cert.pem>
    # passive server
    server cm2 <cm_host_2>:7183 check backup ssl verify none crt <cert.pem>



frontend agents
    bind *:7182 ssl crt <cert.pem>
    default_backend foragents

backend foragents
    mode tcp
    option tcplog
    option log-health-checks
    option redispatch
    log global
    balance roundrobin
    timeout connect 10s
    timeout server 1m
    server cm1 <cm_host_1>:7182 check ssl verify none crt <cert.pem>
    server cm2 <cm_host_2>:7182 check backup ssl verify none crt <cert.pem>

Sample haproxy.confg file for HAProxy without TLS

defaults 
timeout http-request    10s
   	 timeout queue           1m
   	 timeout connect         10s
   	 timeout client          10m
    	 timeout server          10m
   	 #timeout http-keep-alive 10s
   	 timeout check           10s
    	 maxconn                 3000


# enable admin stats at :8000/haproxy?stats
listen admin
	bind *:8000
	stats enable



global
    log /dev/log local0
    log localhost local1 notice
    maxconn 2000
    daemon

defaults
    log global
    mode tcp
    option tcplog
    option dontlognull
    retries 3
    timeout connect 5000
    timeout client 50000
    timeout server 50000

frontend http-in
    bind *:7180
    default_backend cmservers

backend cmservers
    mode tcp
    option tcplog
    option log-health-checks
    option redispatch
    log global
    balance roundrobin
    timeout connect 10s
    timeout server 1m
    server cm1 <cm_host_1>:7180 check
    server cm2 <cm_host_2>:7180 check backup

frontend agents
    bind *:7182
    default_backend foragents

backend foragents
    mode tcp
    option tcplog
    option log-health-checks
    option redispatch
    log global
    balance roundrobin
    timeout connect 10s
    timeout server 1m
    server cm1 <cm_host_1>:7182 check 
    server cm2 <cm_host_2>:7182 check backup