Skip to content

Hotwo get an OpenShift custom HA Proxy router

I’m testing RedHats new version of their PaaS product OpenShift 3.0. I would like to find out, what capabilities are there for using different protocols than http and http+tls, because it was a missing feature in the 2.0 version. OpenShift 3.0 has the concept of routers to direct incoming traffic to the endpoints. Sad but true fact is, there are just two implementations of routers available (HA Proxy andF5 BIG-IP®) and they just support the protocols HTTP, HTTPS (with SNI), WebSockets and TLS with SNI. Nevertheless, there are some fancy HA Proxy configs for other protocols and I want to play with them. First of all I needed to get a custom HA Proxy running. Here is how:

Prerequesits

  • Of course you need a working OpenShift Origin installation (I used this Vagrant file)
  • A running Docker registry service (already there in the Vagrant image)

 

Creating OpenShift custom HA Proxy router Docker image

  1. Create a working directory and cd into it.
  2. Retrieve the custom HA Proxy template like explained here with this command
    docker run --rm --interactive=true --tty --entrypoint=cat \
        registry.access.redhat.com/openshift3/ose-haproxy-router:v3.0.2.0 haproxy-config.template
  3. Create a file named Dockerfile and paste this code into it:
    FROM openshift/origin-haproxy-router
    
    ADD haproxy-config.template  /var/lib/haproxy/conf/
    # or you can use a diff name for the template.
    
    #  Note: For the custom errorfiles, make sure you add those files in at the appropriate location.
    #  Example:
    #   ADD  custom/patrick/errors/400.http   /etc/haproxy/errors/400.http
    WORKDIR  /var/lib/haproxy.conf
    
    EXPOSE  80
    ENV TEMPLATE_FILE=/var/lib/haproxy/conf/haproxy-config.template
    # or use a custom name from above if needed.
    
    ENV RELOAD_SCRIPT=/var/lib/haproxy/reload-haproxy
    ENTRYPOINT ["/usr/bin/openshift-router"]
  4. Optional: I created two error files to visibly test my custom router. Create two files error-page-503.html and error-page-502.html and paste this HTML code it
    <html>
      <head>
        <title>503 Error</title>
      </head>
      <body>
        <h1>Fail!</h1>
      </body>
    </html>
    

    Then edit the downloaded haproxy-config.template to add the custom error pages to the default section of the config  vi haproxy-config.template

    defaults
      # maxconn 4096
      # Add x-forwarded-for header.
      timeout connect 5s
      timeout client 30s
      timeout server 30s
      # Long timeout for WebSocket connections.
      timeout tunnel 1h
      errorfile 502 /var/lib/haproxy/conf/error-page-502.html
      errorfile 503 /var/lib/haproxy/conf/error-page-503.html

    After this you need to add them to the docker image file system. Change the Docker file like this:

    FROM openshift/origin-haproxy-router
    
    ADD haproxy-config.template  /var/lib/haproxy/conf/
    # or you can use a diff name for the template.
    
    #  Note: For the custom errorfiles, make sure you add those files in at the appropriate location.
    #  Example:
    #   ADD  custom/patrick/errors/400.http   /etc/haproxy/errors/400.http
    ADD error-page-503.html /var/lib/haproxy/conf/
    ADD error-page-502.html /var/lib/haproxy/conf/
    WORKDIR  /var/lib/haproxy.conf
    
    EXPOSE  80
    ENV TEMPLATE_FILE=/var/lib/haproxy/conf/haproxy-config.template
    # or use a custom name from above if needed.
    
    ENV RELOAD_SCRIPT=/var/lib/haproxy/reload-haproxy
    ENTRYPOINT ["/usr/bin/openshift-router"]
  5. Run command docker build -t localhost:5000/haproxy-custom . to build your docker file. (Should output something like this: “Successfully built 2976535451a7”).
  6. Run command docker push localhost:5000/haproxy-custom to push the docker image in the OpenShift Docker registry. (Should output something like this: “2976535451a7: Image successfully pushed”).

 

Deploying OpenShift custom HA Proxy router

  1. Removing the old router, if already in place
    $> oc delete deploymentconfigs router
    deploymentconfig "router" deleted
    $> oc delete services router
    service "router" deleted
  2. Deploy the your custom HA Proxy router
    $> oadm router --images=localhost:5000/haproxy-custom --credentials=/var/lib/origin/openshift.local.config/master/openshift-router.kubeconfig --service-account=router
    password for stats user admin has been set to jIxdsf36h85
    DeploymentConfig "router" created
    Service "router" created
  3. Now you can test your OpenShift custom HA Proxy router. If you did Step 4, you can test it in your browser with the IP of your instance and a non-existing URL. Youe should get your custom error page:
    Sample Screenshot for a test if OpenShift custom HA Proxy router works.

Many thanks  to Vaclav Rozsypalek and Ram Ranganathan for their help and support on the mailing list.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.