Hi Guys,
I am trying to use the Apache ProxyPass iRule on my LTM VE 11.2x box to duplicate load balancing of VMWare 5.1 SSO service as VmWare discusses. The problem is, VMWare runs multiple services (Groupcheck, SSO Admin, and Lookup Service) on the same port. Here is the Apache method of performing this function. Can anyone tell me where I make edits to the ProxyPass iRule?
This information is provided as an example configuration for use with Apache 2.2.
LoadModule actions_module modules/mod_actions.so
LoadModule alias_module modules/mod_alias.so
LoadModule asis_module modules/mod_asis.so
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule dir_module modules/mod_dir.so
LoadModule env_module modules/mod_env.so
LoadModule headers_module modules/mod_headers.so
LoadModule include_module modules/mod_include.so
LoadModule isapi_module modules/mod_isapi.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule mime_module modules/mod_mime.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule ssl_module modules/mod_ssl.so
LoadModule status_module modules/mod_status.so
A) Add the load balanced hostname
This hostname and port will be what is used to connect to SSO in KB 2033588
ServerName CHANGE-ME-loadbalanced-fqdn
Listen 443
B) Modify the location of the SSL files
SSLCertificateFile "c:/path_to_certs/server.crt"
SSLCertificateKeyFile "c:/path_to_certs/server.key"
SSLCertificateChainFile "c:/path_to_certs/cacert.pem"
C) Load Balance Rules.
Only the hostnames should need to be changed in this section
Update each Single Sign On node hostname for each rule
Replace 'node1.changeme.com' with the primary node FQDN
Replace 'node2.changeme.com' with the backup node FQDN
Configure the STS for clustering
ProxyPass /ims/ balancer://stscluster/ nofailover=On
ProxyPassReverse /ims/ balancer://stscluster/
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/ims" env=BALANCER_ROUTE_CHANGED
BalancerMember https://node1.changeme.com:7444/ims route=node1 loadfactor=100
BalancerMember https://node2.changeme.com:7444/ims route=node2 loadfactor=1
ProxySet lbmethod=byrequests stickysession=ROUTEID
Configure the Groupcheck API clustering
ProxyPass /groupcheck/ balancer://gccluster/ nofailover=On
ProxyPassReverse /groupcheck/ balancer://gccluster/
BalancerMember https://node1.changeme.com:7444/sso-adminserver route=node1 loadfactor=100
BalancerMember https://node2.changeme.com:7444/sso-adminserver route=node2 loadfactor=1
ProxySet lbmethod=byrequests stickysession=vmware_soap_session
Configure the proxy for adminserver. It is located only on node1
ProxyPass /sso-adminserver/ https://node1.changeme.com:7444/sso-adminserver/
ProxyPassReverse /sso-adminserver/ https://node1.changeme.com:7444/sso-adminserver/
Configure the Lookup Service cluster
ProxyPass /lookupservice/ balancer://lscluster/ nofailover=On
ProxyPassReverse /lookupservice/ balancer://lscluster/
BalancerMember https://node1.changeme.com:7444/lookupservice route=node1 loadfactor=1
BalancerMember https://node2.changeme.com:7444/lookupservice route=node2 loadfactor=1
ProxySet lbmethod=byrequests
Configure for status pages [OPTIONAL]
SetHandler balancer-manager
ProxyPass /balancer-manager !
ProxyStatus On
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from all