HTTPD (Apache) load balancer configuration for WCC
search cancel

HTTPD (Apache) load balancer configuration for WCC

book

Article ID: 240418

calendar_today

Updated On:

Products

CA Workload Automation AE

Issue/Introduction

Is there a recommended HTTPD (Apache) load balancer configuration for WCC?

Environment

Release : 12.0

Component : WORKLOAD CONTROL CENTER

Resolution

This is just being suggested as an example, it is highly recommended that this be done by a Load Balancer administrator

 

First make sure basic httpd proxying works, via httpd.conf (or an include to another .conf file via httpd.conf)

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so

LoadModule xml2enc_module modules/mod_xml2enc.so

LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so

Note: Without the above modules loaded, httpd may not start properly. 


 

Now WCC specific load balancer entries:

 <Location /balancer-manager>
 SetHandler balancer-manager
 </Location>


 ProxyPass /balancer-manager !
 # failonstatus status is available with Apache HTTP Server 2.2.17 and later. Remove the parameter if necessary.
 ProxyPass /wcc balancer://wccbalancer stickysession=WCC-ASID failonstatus=503
 ProxyPassReverse /wcc balancer://wccbalancer


 # All WCC HA nodes in a WCC HA cluster must use the same protocol either http or https
 # In order to change protocol of node, please, use the batch interface wcc_config.[bat|sh]
 # in <CA_WCC_INSTALL_LOCATION>/bin folder
 <Proxy balancer://wccbalancer>
 BalancerMember http://server1.company.com:8080/wcc route=server1.company.com timeout=30s 
 BalancerMember http://server2.company.com:8080/wcc route=server2.company.com timeout=30s 
 </Proxy>

 

If the previous one does not work (login attempt gives error in browser: E150004: An error occurred during authentication. Authentication between CA WCC and EEM failed.), we can use ROUTEID cookie instead of WCC-ASID

 

<Location /balancer-manager>
 SetHandler balancer-manager
 </Location>


 ProxyPass /balancer-manager !
 # failonstatus status is available with Apache HTTP Server 2.2.17 and later. Remove the parameter if necessary.
 ProxyPass /wcc balancer://wccbalancer stickysession=ROUTEID failonstatus=503
 ProxyPassReverse /wcc balancer://wccbalancer


 # All WCC HA nodes in a WCC HA cluster must use the same protocol either http or https
 # In order to change protocol of node, please, use the batch interface wcc_config.[bat|sh]
 # in <CA_WCC_INSTALL_LOCATION>/bin folder

Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
 <Proxy balancer://wccbalancer>
 BalancerMember http://server1.company.com:8080/wcc route=server1.company.com timeout=300s 
 BalancerMember http://server2.company.com:8080/wcc route=server2.company.com timeout=300s 
 </Proxy>

 

 

Additional Information

 

SSL example:

httpd.conf:

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

<Location /balancer-manager>
 SetHandler balancer-manager
 </Location>


 ProxyPass /balancer-manager !
 # failonstatus status is available with Apache HTTP Server 2.2.17 and later. Remove the parameter if necessary.
 ProxyPass /wcc balancer://wccbalancer stickysession=ROUTEID failonstatus=503
 ProxyPassReverse /wcc balancer://wccbalancer


 # All WCC HA nodes in a WCC HA cluster must use the same protocol either http or https
 # In order to change protocol of node, please, use the batch interface wcc_config.[bat|sh]
 # in <CA_WCC_INSTALL_LOCATION>/bin folder

Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
 <Proxy balancer://wccbalancer>
 BalancerMember https://server1.company.com:8443/wcc route=server1.company.com timeout=300s 
 BalancerMember https://server2.company.com:8443/wcc route=server2.company.com timeout=300s 
 </Proxy>

 

conf/extra/httpd-ssl.conf:

SSLProxyEngine On

SSLCertificateFile /httpd-2.4.18/Apache24/server-cert.pem
SSLCertificateKeyFile /httpd-2.4.18/Apache24/server-cert-key.key
SSLCertificateChainFile /httpd-2.4.18/Apache24/tomcat.pem

 

#server-cert.pem  file is the server certificate

#server-cert-key.key file is the private key for the server-cert.pem certificate

#tomcat.pem file is the whole certificate chain of WCC SSL certificates that Apache HTTPD needs to be able to use

 

 

 

 

#below settings might be needed too if self-signed certs are being used on WCC nodes

# add them right after SSLProxyEngine On    option described above  OR before the  <Location /balancer-manager> section

SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off

 

Powered by Wolken Software