HA Proxy - Set Subnet Mask

General support questions
Post Reply
User avatar
penguinpages
Posts: 91
Joined: 2015/07/21 13:58:05

HA Proxy - Set Subnet Mask

Post by penguinpages » 2020/01/28 17:12:58

I am trying to use HAProxy for IPLB to front end my Openshift cluster.



Steps I use after installed and IPforwarding is enabled on host: (Below is just small section example.. but shows issue)


# Edit HA Proxy settings for VIP forwarding on both ns01 and ns02
cp /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.orig
vi /etc/haproxy/haproxy.cfg

# Append below to enable VIP with forwarding rule to console and nodes
#####################
#---------------------------------------------------------------------
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/ ... ration.txt
#
#---------------------------------------------------------------------

#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the '-r' option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2

chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#---------------------------------------------------------------------
# common defaults that all the 'listen' and 'backend' sections will
# use if not designated in their block
#---------------------------------------------------------------------
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000

#---------------------------------------------------------------------
# main frontend which proxys to the backends
#---------------------------------------------------------------------
frontend main *:5000
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js

use_backend static if url_static
default_backend app

#---------------------------------------------------------------------
# static backend for serving up images, stylesheets and such
#---------------------------------------------------------------------
backend static
balance roundrobin
server static 127.0.0.1:4331 check

#---------------------------------------------------------------------
# round robin balancing between the various backends
#---------------------------------------------------------------------
backend app
balance roundrobin
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 check
# CloudForms Management UI URL
# Added 2019-12-02 for cluster VIP OpenShift console.penguinpages.local.
listen apache-80-osmstr_vip
bind 172.16.100.70:80
mode tcp
balance source
server osmstr01 172.16.100.71:80 check inter 1s
server osmstr02 172.16.100.72:80 check inter 1s
server osmstr03 172.16.100.73:80 check inter 1s

#
listen apache-443-osmstr_vip
bind 172.16.100.70:443
mode tcp
balance source
server osmstr01 172.16.100.71:443 check inter 1s
server osmstr02 172.16.100.72:443 check inter 1s
server osmstr03 172.16.100.73:443 check inter 1s

#
#####################


Issue is that service works.. but with wrong mask
[root@ns01 ~]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:c4:c3:2f brd ff:ff:ff:ff:ff:ff
inet 172.16.100.41/24 brd 172.16.100.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet 172.16.100.70/32 scope global eth0
valid_lft forever preferred_lft forever
inet 172.16.100.74/32 scope global eth0
valid_lft forever preferred_lft forever
inet 172.16.100.120/32 scope global eth0
valid_lft forever preferred_lft forever
inet 172.16.100.130/32 scope global eth0
valid_lft forever preferred_lft forever
inet 172.16.100.20/32 scope global eth0
valid_lft forever preferred_lft forever
inet 172.16.100.24/32 scope global eth0
valid_lft forever preferred_lft forever
inet 172.16.100.40/24 brd 172.16.100.255 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fec4:c32f/64 scope link
valid_lft forever preferred_lft forever



I googled around and found no examples. Tried to figure out the HAProxy documentation but nothing about setting mask. I "assumed it would follow the subnet mask of the IP the system uses... but some reason it picked 32 vs what I want 24.

Any ideas on how this is setup?

Post Reply