Re: SSL and Piranha conversion

2015-09-08 Thread Jonathan Matthews 
On 8 Sep 2015 20:07, "Daniel Zenczak"  wrote:
>
> Hello All,
>
> First time caller, short time listener. So this is the
deal.  My organization was running a CentOS box with Piranha on it to work
as our load balancer between our two web servers.  Well the CentOS box was
a Gateway workstation from 2000 and it finally gave up the ghost.

May I suggest you reconsider migrating your hardware and software at the
same time, both whilst under pressure? It will be massively simpler to
install your preexisting choice of (known "good") software on your new
hardware.

Jonathan

Re: SSL and Piranha conversion

2015-09-08 Thread Malcolm Turnbull 
Piranha is a front end for LVS (layer 4 load balancing)
So I'm assuming that all your Piranha box was doing was forwarding
port 443 & 80 to your two servers...

So just set up HAProxy in TCP mode for port 80 & 443.

Test it , and then when you are happy point your DNS at it.



On 8 September 2015 at 20:23, Jonathan Matthews  wrote:
> On 8 Sep 2015 20:07, "Daniel Zenczak"  wrote:
>>
>> Hello All,
>>
>> First time caller, short time listener. So this is the
>> deal.  My organization was running a CentOS box with Piranha on it to work
>> as our load balancer between our two web servers.  Well the CentOS box was a
>> Gateway workstation from 2000 and it finally gave up the ghost.
>
> May I suggest you reconsider migrating your hardware and software at the
> same time, both whilst under pressure? It will be massively simpler to
> install your preexisting choice of (known "good") software on your new
> hardware.
>
> Jonathan



-- 
Regards,

Malcolm Turnbull.

Loadbalancer.org Ltd.
Phone: +44 (0)330 1604540
http://www.loadbalancer.org/

RE: SSL and Piranha conversion

2015-09-08 Thread Daniel Zenczak 
Malcolm,
The Piranha gui had some configurations about Virtual IPs and I am not 
sure how that works or how it is different than HAProxy.  The firewall had some 
rules that pointed website requests to the virtual ips.  

Daniel
-Original Message-
From: Malcolm Turnbull [mailto:malc...@loadbalancer.org] 
Sent: Tuesday, September 8, 2015 2:55 PM
To: Jonathan Matthews <cont...@jpluscplusm.com>
Cc: Daniel Zenczak <dani...@zoosociety.org>; haproxy <haproxy@formilux.org>
Subject: Re: SSL and Piranha conversion

Piranha is a front end for LVS (layer 4 load balancing)
So I'm assuming that all your Piranha box was doing was forwarding port 443 & 
80 to your two servers...

So just set up HAProxy in TCP mode for port 80 & 443.

Test it , and then when you are happy point your DNS at it.



On 8 September 2015 at 20:23, Jonathan Matthews <cont...@jpluscplusm.com> wrote:
> On 8 Sep 2015 20:07, "Daniel Zenczak" <dani...@zoosociety.org> wrote:
>>
>> Hello All,
>>
>> First time caller, short time listener. So this is 
>> the deal.  My organization was running a CentOS box with Piranha on 
>> it to work as our load balancer between our two web servers.  Well 
>> the CentOS box was a Gateway workstation from 2000 and it finally gave up 
>> the ghost.
>
> May I suggest you reconsider migrating your hardware and software at 
> the same time, both whilst under pressure? It will be massively 
> simpler to install your preexisting choice of (known "good") software 
> on your new hardware.
>
> Jonathan



--
Regards,

Malcolm Turnbull.

Loadbalancer.org Ltd.
Phone: +44 (0)330 1604540
http://www.loadbalancer.org/

Re: SSL and Piranha conversion

2015-09-08 Thread Willy Tarreau 
On Tue, Sep 08, 2015 at 09:53:24PM +0100, Malcolm Turnbull wrote:
> Daniel,
> 
> All load balancers work in roughly the same way:
> 
> You have a Virtual IP on the load balancer that the clients talk to,
> and the load balancer is configured to talk to multiple Real
> IPs/Backend Servers.
> Your old config probably had one VIP for HTTP and one for HTTPS.
> 
> HAProxy is very easy but you will need to read the manual or one of
> the many blogs talking about how to use it.
> Once you have studied / installed / configured / tested / understood -
> then if necessary come back to the list for help.

Yep that's the idea. I could suggest that you take a look at the architecture
manual in doc/. It's quite old (2006) but will give you some quick hints
as to the config you need for various use cases. You may recognize some
elements that your old setup was doing and this will help you start with
a simple but working config.

Willy

Re: SSL and Piranha conversion

2015-09-08 Thread Jonathan Matthews 
On 8 September 2015 at 20:56, Daniel Zenczak  wrote:
> Hello Jonathan,
>
> Thank you for the response.  That old gateway workstation is
> not going to be used anymore (the HDDs failed on it and the RAID board
> didn’t warn/detect/tell us when it happened).  I have spun up Ubuntu Server
> inside one of our Virtual Servers to act as the new Load Balancer.  Is this
> what you mean by migrating the hardware as well as the software?

[on-list reply]

Daniel -

You have to swap out your hardware because it failed.
You don't have to swap out your software as it has not failed.

Whilst a move to HAProxy is a great plan, I would not be doing it
whilst trying to fix your web servers' redundancy and bringing both
web servers back into service.

My professional advice in your situation would be to change the
minimum number of things necessary to restore resilient service, which
in this case sounds like only your hardware - whether you fix it by
replacing the hardware or by virtualising the server.

I would not include swapping Piranha for HAProxy and CentOS for Ubuntu
in this work. I'd do both of those later.

HTH,
Jonathan

Re: SSL and Piranha conversion

2015-09-08 Thread Malcolm Turnbull 
Daniel,

All load balancers work in roughly the same way:

You have a Virtual IP on the load balancer that the clients talk to,
and the load balancer is configured to talk to multiple Real
IPs/Backend Servers.
Your old config probably had one VIP for HTTP and one for HTTPS.

HAProxy is very easy but you will need to read the manual or one of
the many blogs talking about how to use it.
Once you have studied / installed / configured / tested / understood -
then if necessary come back to the list for help.



On 8 September 2015 at 20:59, Daniel Zenczak <dani...@zoosociety.org> wrote:
> Malcolm,
> The Piranha gui had some configurations about Virtual IPs and I am 
> not sure how that works or how it is different than HAProxy.  The firewall 
> had some rules that pointed website requests to the virtual ips.
>
> Daniel
> -Original Message-
> From: Malcolm Turnbull [mailto:malc...@loadbalancer.org]
> Sent: Tuesday, September 8, 2015 2:55 PM
> To: Jonathan Matthews <cont...@jpluscplusm.com>
> Cc: Daniel Zenczak <dani...@zoosociety.org>; haproxy <haproxy@formilux.org>
> Subject: Re: SSL and Piranha conversion
>
> Piranha is a front end for LVS (layer 4 load balancing)
> So I'm assuming that all your Piranha box was doing was forwarding port 443 & 
> 80 to your two servers...
>
> So just set up HAProxy in TCP mode for port 80 & 443.
>
> Test it , and then when you are happy point your DNS at it.
>
>
>
> On 8 September 2015 at 20:23, Jonathan Matthews <cont...@jpluscplusm.com> 
> wrote:
>> On 8 Sep 2015 20:07, "Daniel Zenczak" <dani...@zoosociety.org> wrote:
>>>
>>> Hello All,
>>>
>>> First time caller, short time listener. So this is
>>> the deal.  My organization was running a CentOS box with Piranha on
>>> it to work as our load balancer between our two web servers.  Well
>>> the CentOS box was a Gateway workstation from 2000 and it finally gave up 
>>> the ghost.
>>
>> May I suggest you reconsider migrating your hardware and software at
>> the same time, both whilst under pressure? It will be massively
>> simpler to install your preexisting choice of (known "good") software
>> on your new hardware.
>>
>> Jonathan
>
>
>
> --
> Regards,
>
> Malcolm Turnbull.
>
> Loadbalancer.org Ltd.
> Phone: +44 (0)330 1604540
> http://www.loadbalancer.org/



-- 
Regards,

Malcolm Turnbull.

Loadbalancer.org Ltd.
Phone: +44 (0)330 1604540
http://www.loadbalancer.org/