Skip to content

Hotwo get an OpenShift custom HA Proxy router

Published 01.01.16

I’m testing RedHats new version of their PaaS product OpenShift 3.0. I would like to find out, what capabilities are there for using different protocols than http and http+tls, because it was a missing feature in the 2.0 version. OpenShift 3.0 has the concept of routers to direct incoming traffic to the endpoints. Sad but true fact is, there are just two implementations of routers available (HA Proxy andF5 BIG-IP®) and they just support the protocols HTTP, HTTPS (with SNI), WebSockets and TLS with SNI. Nevertheless, there are some fancy HA Proxy configs for other protocols and I want to play with them. First of all I needed to get a custom HA Proxy running. Here is how:

Prerequesits

  • Of course you need a working OpenShift Origin installation (I used this Vagrant file)
  • A running Docker registry service (already there in the Vagrant image)

 

Creating OpenShift custom HA Proxy router Docker image

  1. Create a working directory and cd into it.
  2. Retrieve the custom HA Proxy template like explained here with this command 
    docker run --rm --interactive=true --tty --entrypoint=cat \
    registry.access.redhat.com/openshift3/ose-haproxy-router:v3.0.2.0 haproxy-config.template
  3. Create a file named Dockerfile and paste this code into it: 
    FROM openshift/origin-haproxy-router

ADD haproxy-config.template  /var/lib/haproxy/conf/
# or you can use a diff name for the template.

#  Note: For the custom errorfiles, make sure you add those files in at the appropriate location.
#  Example:
#   ADD  custom/patrick/errors/400.http   /etc/haproxy/errors/400.http
WORKDIR  /var/lib/haproxy.conf

EXPOSE  80
ENV TEMPLATE_FILE=/var/lib/haproxy/conf/haproxy-config.template
# or use a custom name from above if needed.

ENV RELOAD_SCRIPT=/var/lib/haproxy/reload-haproxy
ENTRYPOINT ["/usr/bin/openshift-router"]
  4. Optional: I created two error files to visibly test my custom router. Create two files error-page-503.html and error-page-502.html and paste this HTML code it 
    <html>
  <head>
    <title>503 Error</title>
  </head>
  <body>
    <h1>Fail!</h1>
  </body>
</html>

    Then edit the downloaded haproxy-config.template to add the custom error pages to the default section of the config  vi haproxy-config.template

    defaults
  # maxconn 4096
  # Add x-forwarded-for header.
  timeout connect 5s
  timeout client 30s
  timeout server 30s
  # Long timeout for WebSocket connections.
  timeout tunnel 1h
  errorfile 502 /var/lib/haproxy/conf/error-page-502.html
  errorfile 503 /var/lib/haproxy/conf/error-page-503.html

    After this you need to add them to the docker image file system. Change the Docker file like this:

    FROM openshift/origin-haproxy-router

ADD haproxy-config.template  /var/lib/haproxy/conf/
# or you can use a diff name for the template.

#  Note: For the custom errorfiles, make sure you add those files in at the appropriate location.
#  Example:
#   ADD  custom/patrick/errors/400.http   /etc/haproxy/errors/400.http
ADD error-page-503.html /var/lib/haproxy/conf/
ADD error-page-502.html /var/lib/haproxy/conf/
WORKDIR  /var/lib/haproxy.conf

EXPOSE  80
ENV TEMPLATE_FILE=/var/lib/haproxy/conf/haproxy-config.template
# or use a custom name from above if needed.

ENV RELOAD_SCRIPT=/var/lib/haproxy/reload-haproxy
ENTRYPOINT ["/usr/bin/openshift-router"]
  5. Run command docker build -t localhost:5000/haproxy-custom . to build your docker file. (Should output something like this: “Successfully built 2976535451a7”).
  6. Run command docker push localhost:5000/haproxy-custom to push the docker image in the OpenShift Docker registry. (Should output something like this: “2976535451a7: Image successfully pushed”).

 

Deploying OpenShift custom HA Proxy router

  1. Removing the old router, if already in place 
    $> oc delete deploymentconfigs router
deploymentconfig "router" deleted
$> oc delete services router
service "router" deleted
  2. Deploy the your custom HA Proxy router 
    $> oadm router --images=localhost:5000/haproxy-custom --credentials=/var/lib/origin/openshift.local.config/master/openshift-router.kubeconfig --service-account=router
password for stats user admin has been set to jIxdsf36h85
DeploymentConfig "router" created
Service "router" created
  3. Now you can test your OpenShift custom HA Proxy router. If you did Step 4, you can test it in your browser with the IP of your instance and a non-existing URL. Youe should get your custom error page:
    Sample Screenshot for a test if OpenShift custom HA Proxy router works.

Many thanks  to Vaclav Rozsypalek and Ram Ranganathan for their help and support on the mailing list.

Published in Technology

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.