I managed to get a 3-node rancher setup to work after much handholding and about three restarts from fresh.
My main question now is concerning the ELB for rancher. As has been noted on other threads in the forum, the amount of documentation there is rather scarce. This is still a test setup and I’m using HAProxy as ELB for rancher HA. So far, I configured it with three frontends on ports 80, 443 and 18080, all TCP. I also configured three matching backends, also all TCP.
My main questions:
- How would I best set up HAProxy to do SSL termination? Would I have to set up a “http” frontend in HAproxy with still a TCP back end? And would I still use 443 at the back end?
- How do folks configure the health checks for rancher in HAProxy?
- Why do I have to expose port 80? What uses it?
In my current setup, I simply updated the “system-ssl” certificate within rancher to use my public cert. I am not yet sure about the consequences of that, but it seems to be doing the trick.
I found mention of specifically having to enable the PROXY protocol when using an external load balancer. I am not all to sure how this maps to HAProxy:
Once I have this HAProxy setup figured out, I’d love to contribute to the ELB-specific part of the multi-node setup document.
For what it’s worth, here a copy of my current haproxy.cfg file for rancher:
global log /dev/log local2 maxconn 4096 maxpipes 1024 uid 99 gid 99 daemon defaults log global mode tcp option tcplog option dontlognull option redispatch option http-server-close retries 3 timeout connect 5000 timeout client 50000 timeout server 50000 frontend rancher_80_frontend bind *:80 mode http default_backend rancher_80_backend frontend rancher_443_frontend bind *:443 mode tcp default_backend rancher_443_backend frontend rancher_18080_frontend bind *:18080 mode http default_backend rancher_18080_backend backend rancher_80_backend mode http server rancher_01 10.47.64.25:80 server rancher_02 10.47.64.47:80 server rancher_03 10.47.64.54:80 backend rancher_443_backend mode tcp server rancher_01 10.47.64.25:443 check server rancher_02 10.47.64.47:443 check server rancher_03 10.47.64.54:443 check backend rancher_18080_backend mode http server rancher_01 10.47.64.25:18080 server rancher_02 10.47.64.47:18080 server rancher_03 10.47.64.54:18080