Traefik Load Balancing

Describes how to use the Traefik load balancer to distribute the Object Store load across multiple MOSS servers in a release 7.0.0 or later Data Fabric cluster.

Use the following steps to install and configure the Traefik binary:
  1. Install Traefik on a non-cluster node. You can access the binary from the Traefik website.
  2. Download the tar file, and extract it to a well-known location:
    tar -xvzf traefik_v2.7.1_linux_386.tar.gz
  3. Specify the Traefik configuration for the type of request (http or https) that you plan to use. Traefik supports both static and dynamic configurations, and you must configure both. For more information about static and dynamic configurations, see Traefik Configuration Introduction.
    1. Specify the Traefik configuration in the /etc/traefik/traefik.yml file. For example:
      entryPoints:
        web:
          address: ":80"
      api:
        dashboard: true
        insecure: true
      
      log:
       filePath: "/etc/traefik/traefik.log"
       level: debug
      
      providers:
        file:
          filename: "/etc/traefik/router.yml"
    2. Specify the router configuration in the /etc/traefik/router.yml file. The router.yml file identifies the MOSS service and load balancer server details:
      # cat /etc/traefik/router.yml
      http:
         routers:
            moss-router:
              entryPoints:
                 - "web"
              rule: PathPrefix("/")
              service: moss-service
         services:
            moss-service:
               loadBalancer: 
                  servers: 
                    - url: "http://m2-hux6k-34-n2.mip.storage.hpecorp.net:9000"
                    - url : http://m2-hux6k-34-n4.mip.storage.hpecorp.net:9000
    1. Specify the static and dynamic configuration files as shown in the following example.

      For https requests, you must copy the chain-ca.pem file from the MOSS server to the Traefik client node and include the path for the config parameter in the static configuration file, as shown in the serversTransport section:

      • Example of Static Configuration File
        /etc/traefik/traefik.yml:
        ============================
        entryPoints:
          web:
            address: ":80"
          websecure:
            address: ":443"
        api:
          dashboard: true
          insecure: true
        
        log:
         filePath: "/etc/traefik/traefik.log"
         level: debug
        
        providers:
          file:
             directory: "/root/traefik/dynamic/"
             watch: true
        
        serversTransport:
          rootCAs:
               - /root/traefik/chain-ca.pem
      • Example of Dynamic Configuration Files
        For https, two dynamic configuration files are required. Create a directory for these files, and place both files in the directory. For example:
        # ls -rlth dynamic/
        total 8.0K
        -rw-r--r-- 1 root root 390 Jun 26 23:57 router.yml
        -rw-r--r-- 1 root root 270 Jun 27 02:04 certificates.yaml
    2. Specify the router configuration in the /etc/traefik/router.yml file. For example:
      dynamic/router.yml 
      http:
         routers:
            moss-router:
              entryPoints:
                 - "websecure"
              rule: PathPrefix("/")
              service: moss-service
              tls: true
         services:
            moss-service:
               loadBalancer: 
                  servers:
                    - url: "https://m2-hux6k-34-n2.mip.storage.hpecorp.net:9000"
                    - url : "https://m2-hux6k-34-n4.mip.storage.hpecorp.net:9000"
    3. Specify the certificates file:
      dynamic/certificates.yaml
       =========================== 
      tls:
        certificates:
          - certFile: /root/traefik/public.crt
            keyFile: /root/traefik/private.key
            stores:
              - default
        stores:
          default:
            defaultCertificate:
              certFile: /root/traefik/public.crt
              keyFile: /root/traefik/private.key
  4. Start the Traefik binary:
    ./traefik
  5. Check the /etc/traefik/traefik.log to make sure there are no errors in loading the static or dynamic configuration files.
  6. Send an http or https request to the MOSS server using the load balancer server in the URL, and verify that the load is distributed across the specified nodes. For example:
    import boto3
    
    try:
        s3 = boto3.client('s3',endpoint_url='http:/<loadbalancer_serverhostname>:80', aws_access_key_id='<access_key>', aws_secret_access_key='<secret_key>', region_name='us-east-1', use_ssl=False, verify=False)
        resp = s3.put_object(
                Body = 'test putobject with loadbalancer',
                Bucket = 'bucket1',
                Key ='test_demo.txt'
                )
        print(resp)
    except ClientError as e:
        print(e.response)
    import boto3
    
    try:
        boto3.setup_default_session(region_name='us-east-1')
        s3 = boto3.client('s3',endpoint_url='https://<loadbalancer_servername>:443/', aws_access_key_id='<access_key>', aws_secret_access_key='<secret_key>', region_name='us-east-1', use_ssl=True, verify="/root/traefik/chain-ca.pem")
        resp = s3.put_object(
                Body = 'test putobject with loadbalancer',
                Bucket = 'bucket2',
                Key ='secureobj4.txt'
                )
        print(resp)