Jump to: navigation, search

Setting up the Load Balancer in a Single-Tenant Environment

See Also: Setting Up the Load Balancer in a Multi-Tenant Environment

Overview and Architecture

The solution uses a common Linux HA framework from http://clusterlabs.org. There are two components involved in this solution:

  • Cman uses corosync internally to provide a platform for membership, messaging, and quorum among the hosts.
  • Pacemaker is a cluster resource manager that controls where resources (processes) are executed. Pacemaker works with the processes like Apache httpd using resource agents to provide controls of the process such as start/stop/status.

The following diagram shows a primary/backup design to associate a single virtual IP address with httpd. Whenever the primary host fails, the virtual IP address and the httpd process can be automatically fail over to the backup host.

Gir-loadbalance.png

As a simple two host primary/backup solution, the hosts must be deployed on the same subnet that allows UDP multicast. This solution provides the same reliability as a network that hosts the two machines handling the virtual IP address.

Deploying the Load Balancer

Important
For load balancers used for Recording Processors, warm standby functionality must be disabled.

Prerequisites

  • Red Hat Enterprise Linux 6 with the High Availability Add-On
Tip
Network Manager can be enabled as part of the OS installation. To disable Network Manager, see Red Hat documentation.

Installing the OS

Install the required software using the following command:

yum -y install httpd pacemaker cman pcs ccs resource-agents

Setting up the HTTP Load Balancer

Setting up the HTTP Load Balancer (when working with 8.5.210.02 or earlier)

On both servers, create the following files:

  • Create /etc/httpd/conf.d/serverstatus.conf, and add the following text:
<Location /server-status>
 SetHandler server-status
 Order deny,allow
 Deny from all
 Allow from 127.0.0.1
</Location>
  • Create /etc/httpd/conf.d/loadbalancer.conf, and add the following text:
Important
If your existing configuration already includes the load balancer rules in the /etc/httpd/conf/httpd.conf, skip this step.

The following lines starting with BalancerMember refer to the URL to the servers for Web Services, Recording Processor, Recording Crypto Server, Interaction Receiver, and WebDAV server.

For Recording Crypto Server, the route value must be set to the application name of the Recording Crypto Server instance, where the " " (space) characters in the name are replaced with the _ (underscore) characters. For example, if the application name is RCS 1, set the route value to RCS_1.

 # Web Services
<Proxy balancer://htcc>
BalancerMember http://htcc1:8080 route=HTCC1
BalancerMember http://htcc2:8080 route=HTCC2
BalancerMember http://htcc3:8080 route=HTCC3
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /api balancer://htcc/api
ProxyPass /internal-api balancer://htcc/internal-api
ProxyPass /ui balancer://htcc/ui
 
# RP
<Proxy balancer://rp>
BalancerMember http://rp1:8889
BalancerMember http://rp2:8889
</Proxy>
ProxyPass /rp/api balancer://rp/api
 
# RCS
<Proxy balancer://rcs>
BalancerMember http://rcs1:8008 disablereuse=On connectiontimeout=10000ms route=RCS1_Application_Name
BalancerMember http://rcs2:8008 disablereuse=On connectiontimeout=10000ms route=RCS2_Application_Name
ProxySet stickysession=JSESSIONID
</Proxy>
ProxyPass /rcs balancer://rcs/rcs
 
# Interaction Receiver
<Proxy balancer://sm>
BalancerMember http://ir1
BalancerMember http://ir2
</Proxy>
ProxyPass /interactionreceiver balancer://sm/interactionreceiver
 
# WebDAV
<Proxy balancer://webdav>
BalancerMember http://webdav1
BalancerMember http://webdav2 status=H
</Proxy>
ProxyPass /webdav/recordings balancer://webdav/recordings
ProxyPass /webdav/dest2 balancer://webdav/dest2


Setting up the HTTP Load Balancer (when working with a version later than 8.5.210.02 with Workspace Desktop Edition)

On both servers, create the following files:

  • Create /etc/httpd/conf.d/serverstatus.conf and add the following text:
<Location /server-status>
 SetHandler server-status
 Order deny,allow
 Deny from all
 Allow from 127.0.0.1
</Location>
  • Create /etc/httpd/conf.d/loadbalancer.conf, and add the following text:
Important
If your existing configuration already includes the loadbalancer rules in the /etc/httpd/conf/httpd.conf, skip this step.

The following lines starting with BalancerMember refer to the URL to the servers for Interaction Recording Web Services, Recording Processor, Recording Crypto Server, Interaction Receiver, and WebDAV server.

For Recording Crypto Server, the route value must be set to the application name of the Recording Crypto Server instance, where the " " (space) characters in the name are replaced with the _ (underscore) characters. For example, if the application name is RCS 1, set the route value to RCS_1.

 
# Interaction Recording Web Services
<Proxy balancer://rws>
BalancerMember http://rws1:8080 route=RWS1
BalancerMember http://rws2:8080 route=RWS2
BalancerMember http://rws3:8080 route=RWS3
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
ProxySet stickysession=ROUTEID
</Proxy>
ProxyPass /api balancer://rws/api
ProxyPass /internal-api balancer://rws/internal-api
 
# RP
<Proxy balancer://rp>
BalancerMember http://rp1:8889
BalancerMember http://rp2:8889
</Proxy>
ProxyPass /rp/api balancer://rp/api
 
# RCS
<Proxy balancer://rcs>
BalancerMember http://rcs1:8008 disablereuse=On connectiontimeout=10000ms route=RCS1_Application_Name
BalancerMember http://rcs2:8008 disablereuse=On connectiontimeout=10000ms route=RCS2_Application_Name
ProxySet stickysession=JSESSIONID
</Proxy>
ProxyPass /rcs balancer://rcs/rcs 
 
# Interaction Receiver
<Proxy balancer://sm>
BalancerMember http://ir1
BalancerMember http://ir2 
</Proxy>
ProxyPass /interactionreceiver balancer://sm/interactionreceiver
 
# WebDAV
<Proxy balancer://webdav>
BalancerMember http://webdav1
BalancerMember http://webdav2 status=H
</Proxy>
ProxyPass /webdav/recordings balancer://webdav/recordings
ProxyPass /webdav/dest2 balancer://webdav/dest2

Setting up the HTTP Load Balancer (when working with a version later than 8.5.210.02 with Workspace Web Edition)

On both servers, create the following files:

  • Create /etc/httpd/conf.d/serverstatus.conf, and add the following text:
<Location /server-status>
 SetHandler server-status
 Order deny,allow
 Deny from all
 Allow from 127.0.0.1
</Location>
  • Create /etc/httpd/conf.d/loadbalancer.conf, and add the following text:
Important
If your existing configuration already includes the load balancer rules in the /etc/httpd/conf/httpd.conf, skip this step.

The following lines starting with BalancerMember refer to the URL to the servers for Web Services, Interaction Recording Web Services, Recording Processor, Recording Crypto Server, Interaction Receiver, and WebDAV server.

For Recording Crypto Server, the route value must be set to the application name of the Recording Crypto Server instance, where the " " (space) characters in the name are replaced with the _ (underscore) characters. For example, if the application name is RCS 1, set the route value to RCS_1.

# Web Services
<Proxy balancer://htcc>
BalancerMember http://htcc1:8080 route=HTCC1
BalancerMember http://htcc2:8080 route=HTCC2
BalancerMember http://htcc3:8080 route=HTCC3
Header add Set-Cookie "GWSROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
ProxySet stickysession=GWSROUTEID
</Proxy>
ProxyPass /api balancer://htcc/api
ProxyPass /internal-api balancer://htcc/internal-api
ProxyPass /ui balancer://htcc/ui

# Interaction Recording Web Services
<Proxy balancer://rws>
BalancerMember http://rws1:8080 route=RWS1
BalancerMember http://rws2:8080 route=RWS2
BalancerMember http://rws3:8080 route=RWS3
Header add Set-Cookie "RWSROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
ProxySet stickysession=RWSROUTEID
</Proxy>
ProxyPass /gir/api balancer://rws/api
ProxyPass /gir/internal-api balancer://rws/internal-api

 # RP
<Proxy balancer://rp>
BalancerMember http://rp1:8889
BalancerMember http://rp2:8889
</Proxy>
ProxyPass /rp/api balancer://rp/api
 
# RCS
<Proxy balancer://rcs>
BalancerMember http://rcs1:8008 disablereuse=On connectiontimeout=10000ms route=RCS1_Application_Name
BalancerMember http://rcs2:8008 disablereuse=On connectiontimeout=10000ms route=RCS2_Application_Name
ProxySet stickysession=JSESSIONID
</Proxy>
ProxyPass /rcs balancer://rcs/rcs
 
# Interaction Receiver
<Proxy balancer://sm>
BalancerMember http://ir1
BalancerMember http://ir2 
</Proxy>
ProxyPass /interactionreceiver balancer://sm/interactionreceiver
 
# WebDAV
<Proxy balancer://webdav>
BalancerMember http://webdav1
BalancerMember http://webdav2 status=H
</Proxy>
ProxyPass /webdav/recordings balancer://webdav/recordings
ProxyPass /webdav/dest2 balancer://webdav/dest2

Interaction Recording Web Services

  1. Set the following properties in the application.yaml file.
    sessionCookieName: GIRJSESSID
    externalApiUrlV2: [ToBeChanged: public URL including protocol, address and port, <PUBLIC_SCHEMA_BASE_URL>]/gir/api/v2
      internalApiUrlV2: [ToBeChanged: internal URL including protocol, address and port, <INTERNAL_SCHEMA_BASE_URL>]/gir/internal-api
      undocumentedExternalApiUrl: [ToBeChanged: public URL including protocol, address and port, <PUBLIC_SCHEMA_BASE_URL>]/gir/internal-api
    
  2. Verify that the following URLs are routed to <loadbalancer>/gir:
    externalApiUrlV2
    internalApiUrlV2
    undocumentedExternalApiUrl
    

Screen Recording Service

  • Verify that the config.json file on the agent desktop does not include the server entry.
  • Verify that <load balancer> address/hostname appears in the allowedHosts entry.
  • Using Genesys Administrator Extension, add the following parameter to the [interaction-workspace] section of the Web Services Cluster object:
    screen-recording.client.server-url: https://<load balancer>:443/gir

Recording Processor

Configure the base_uri parameter in the [htcc] section of the rpconfig.cfg configuration file for each Recording Processor instance to point to <load balancer>/gir.

Recording Crypto Server

Use Genesys Administrator Extension to configure the baseurl parameter in the [htcc] section of the Recording Crypto Server application to point to <load balancer>/gir.

Recording GAX plug-in

Use Genesys Administrator Extension to:

  • Configure the baseurl parameter in RCS (see above).
  • In the GAX application object, override the htcc_base_url option in the [rcs] section.

Recording Muxer Script

Use Genesys Administrator Extension to configure the base_uri parameter in the [htcc] section of the Recording Muxer application, to point to <load balancer>/gir.

Important
The password parameter in the [htcc] section should be updated with a strong password during premise deployment.
For additional details, refer to Interaction Recording Options Reference.

SpeechMiner

In the SpeechMiner Configuration Tool, in the Recording page, enter <load balancer>/gir in the HTCC URL field. For additional details, refer to Configuring SpeechMiner.

Configuring TLS for the HTTP Load Balancer

  1. On the WebDAV server, run the following command to install SSL:
    yum install mod_ssl

    The certificate/key pair is automatically generated:

    • Certificate: /etc/pki/tls/certs/localhost.crt
    • Key: /etc/pki/tls/private/localhost.key
  2. To use your own certificate/key pair, either update the files automatically generated (as above), or edit the /etc/httpd/conf.d/ssl.conf file and modify the following lines:
    • SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    • SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
  3. To enable https for the proxy, edit the /etc/httpd/conf.d/ssl.conf file and add the following option: SSLProxyEngine on
  4. Direct the load balancer to the proper https locations. For example:
    <Proxy balancer://rws>
    BalancerMember https://rws1:8080 route=RWS1
    BalancerMember https://rws2:8080 route=RWS2
    BalancerMember https://rws3:8080 route=RWS3
    Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
    ProxySet stickysession=ROUTEID
    </Proxy>
    ProxyPass /api balancer://rws/api
    ProxyPass /internal-api balancer://rws/internal-api
    

Setting Up Pacemaker and Cman

Important
Perform the following commands using the root user.

Disable Autostart for Httpd

Pacemaker manages the startup of httpd. Disable httpd from chkconfig services using the following command:

chkconfig httpd off

Setting Up the Hosts File

Make sure there is a hostname for both servers and that the hostname is resolvable on both hosts, either using DNS or /etc/hosts file. ip1 and ip2 are used as the hostnames thereafter.

# /etc/hosts
# ... keep the existing lines, and only append new lines below
192.168.33.18 ip1
192.168.33.19 ip2

Setting Up the Cluster

Run the following command on each host to create the cluster configuration:

ccs -f /etc/cluster/cluster.conf --createcluster webcluster
ccs -f /etc/cluster/cluster.conf --addnode ip1
ccs -f /etc/cluster/cluster.conf --addnode ip2
ccs -f /etc/cluster/cluster.conf --addfencedev pcmk agent=fence_pcmk
ccs -f /etc/cluster/cluster.conf --addmethod pcmk-redirect ip1
ccs -f /etc/cluster/cluster.conf --addmethod pcmk-redirect ip2
ccs -f /etc/cluster/cluster.conf --addfenceinst pcmk ip1 pcmk-redirect port=ip1
ccs -f /etc/cluster/cluster.conf --addfenceinst pcmk ip2 pcmk-redirect port=ip2
ccs -f /etc/cluster/cluster.conf --setcman two_node=1 expected_votes=1
echo "CMAN_QUORUM_TIMEOUT=0" >> /etc/sysconfig/cman


Start the Service

Start the cman and pacemaker services on each host using the following command:

service cman start
service pacemaker start
chkconfig --level 345 cman on
chkconfig --level 345 pacemaker on

(Optional) Setting Up UDP Unicast

This solution relies on UDP multicast to work, but can also work with UDP unicast. Edit the /etc/cluster/cluster.conf file and insert an attribute to the <cman> tag as follows:

...
<cman transport="udpu" two_node="1" expected_votes="1/>
...

Restart both servers for the changes to take effect.

Setting Cluster Defaults

Run the following on one of the servers.

pcs property set stonith-enabled=false
pcs property set no-quorum-policy=ignore
pcs resource defaults migration-threshold=1

Configure the Virtual IP Address and Apache httpd

Run the following on one of the servers.

For the first command below, nic=eth0 refers to the network interface that brings up the virtual IP address. Change eth0 to the active network interface your environment uses.

Change <Virtual IP> in the first command below to your virtual IP assigned to this load balancer pair.

pcs resource create virtual_ip ocf:heartbeat:IPaddr2 ip=<Virtual IP> nic=eth0 cidr_netmask=32 op monitor interval=30s
pcs resource create webserver ocf:heartbeat:apache configfile=/etc/httpd/conf/httpd.conf statusurl="http://localhost/server-status" op monitor interval=30s
pcs resource meta webserver migration-threshold=10
pcs constraint colocation add webserver virtual_ip INFINITY
pcs constraint order virtual_ip then webserver

Maintaining Pacemaker

The following commands help you with the maintenance operations for pacemaker.

To check the status of the cluster:

pcs status

To clear resource errors (for example, because of incorrect configuration):

pcs resource cleanup <resourcename>

A resource name is either virtual_ip or web server (for example, pcs resource cleanup webserver).

To check the status of the resources in the cluster:

crm_mon -o -1

Feedback

Comment on this article:

blog comments powered by Disqus
This page was last modified on June 3, 2018, at 19:48.