Hi all
I managed to get a 3-node rancher setup to work after much handholding and about three restarts from fresh.
My main question now is concerning the ELB for rancher. As has been noted on other threads in the forum, the amount of documentation there is rather scarce. This is still a test setup and I’m using HAProxy as ELB for rancher HA. So far, I configured it with three frontends on ports 80, 443 and 18080, all TCP. I also configured three matching backends, also all TCP.
My main questions:
- How would I best set up HAProxy to do SSL termination? Would I have to set up a “http” frontend in HAproxy with still a TCP back end? And would I still use 443 at the back end?
- How do folks configure the health checks for rancher in HAProxy?
- Why do I have to expose port 80? What uses it?
In my current setup, I simply updated the “system-ssl” certificate within rancher to use my public cert. I am not yet sure about the consequences of that, but it seems to be doing the trick.
I found mention of specifically having to enable the PROXY protocol when using an external load balancer. I am not all to sure how this maps to HAProxy:
http://docs.rancher.com/rancher/v1.0/en/installing-rancher/installing-server/basic-ssl-config/#configuration-requirements-for-elb-to-enable-rancher
Once I have this HAProxy setup figured out, I’d love to contribute to the ELB-specific part of the multi-node setup document.
Thank you!
For what it’s worth, here a copy of my current haproxy.cfg file for rancher:
global
log /dev/log local2
maxconn 4096
maxpipes 1024
uid 99
gid 99
daemon
defaults
log global
mode tcp
option tcplog
option dontlognull
option redispatch
option http-server-close
retries 3
timeout connect 5000
timeout client 50000
timeout server 50000
frontend rancher_80_frontend
bind *:80
mode http
default_backend rancher_80_backend
frontend rancher_443_frontend
bind *:443
mode tcp
default_backend rancher_443_backend
frontend rancher_18080_frontend
bind *:18080
mode http
default_backend rancher_18080_backend
backend rancher_80_backend
mode http
server rancher_01 10.47.64.25:80
server rancher_02 10.47.64.47:80
server rancher_03 10.47.64.54:80
backend rancher_443_backend
mode tcp
server rancher_01 10.47.64.25:443 check
server rancher_02 10.47.64.47:443 check
server rancher_03 10.47.64.54:443 check
backend rancher_18080_backend
mode http
server rancher_01 10.47.64.25:18080
server rancher_02 10.47.64.47:18080
server rancher_03 10.47.64.54:18080