[X2Go-User] x2go loadbalancing with HAProxy

Fri, 07 Mar 2014 01:01:33 -0800

Hi,

As promised I tell you about my experience with loadbalancing x2go.

I had first tried to use the default loadbalancing setup of x2go broker. It was working fine except that the Windows client was not connecting to the https broker (due to a bug in the client). It has been fixed quickly and I thank the development team for their reactivity.

In the meanwhile, I had looked up alternative solutions and here is what I set up :

The broker is a simple HAProxy loadbalancer configured for ssh connections balancing. For us it listens on port 10000 and dispatches ssh/tcp connections over 2 x2go servers on ports 22 (the default ssh port !). The balancing algorithm is based upon source ip hashing : It gives returning users a chance to be sent to the same x2go server next time and have the possibility to resume a suspended session (better than round-robin).

Advantages of that solution :
- x2go servers are not exposed to the outside world and there is no need to open ports on the firewall for each x2go server : You only need to open ports for the loadbalancer, which you can put in your dmz.
- HAProxy cares to dispatch connections only to x2go servers that are up (timeout configuration).
- Authentication is only made once on x2go servers (they are configured with ldap_pam).
- No need to install a session broker agent on x2go servers.

Drawbacks :
- When a user connects with a different public ip, he wont probably be sent to the same x2go server where he could have a suspended session.
- Authentication is not made by the loadbalancer so there aren't acl management as with the regular x2go broker.
- Every connections transit through the loadbalancer so there might be a little overhead. HAProxy is pretty optimized though and it is not noticeable.

I join hereby the HAProxy configuration file I am using.

It really works fine for us. I hope it will be useful to others.

Best regards,

Thierry

--

Thierry KAUFFMANN

Chef du service informatique (SIF)

Tél : +33 4 67 14 31 58

Mail : [email protected]

CC 437 - Place Eugène Bataillon. 34095 Montpellier Cedex 5 - FRANCE.

www.fdsweb.univ-montp2.fr

FACULTÉ DES SCIENCES / UNIVERSITÉ MONTPELLIER 2

 
# this config needs haproxy-1.1.28 or haproxy-1.2.1

global
        log 127.0.0.1   local0
        log 127.0.0.1   local1 notice
        #log loghost    local0 info
        maxconn 4096
        #chroot /usr/share/haproxy
        user haproxy
        group haproxy
        daemon
        #debug
        #quiet

defaults
        retries 3
        option redispatch
        maxconn 2000
        contimeout      5000
        clitimeout      50000
        srvtimeout      50000

frontend x2go-ssh-in
        bind :10000
        mode    tcp
        log global
        option  tcplog
        option logasap
        option  dontlognull
        default_backend x2go-servers

backend x2go-servers
        balance source
        server  x2go1 10.127.0.1:22
        server  x2go2 10.127.0.2:22

_______________________________________________
X2Go-User mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/x2go-user

Reply via email to