8. Configure HAPRoxy for your Galera cluster

by Jan Bachelor
  • In this scenario, we are setting up HAPRoxy on OPNSense, where it is available as a plugin. If you have a different reverse proxy or have HAProxy deployed in a different way, you can try following the steps before, although it may differ.

Install / Enable HAProxy on OPNSense

  • In case you do not yet have HAPRoxy installed/enabled on your OPNSense, go ahead to ‘System’ → ‘Firmware’ → ‘Plugins’ and download it.
Install HAProxy on OPNSense
  • Log into OPNSense and go to ‘Services’ → ‘HAProxy’ → ‘Settings’. Then again to ‘Settings’ → ‘Service’ to ensure that the service running.
Ensure HAProxy is running on your OPNSense
Enable the HAPRoxy service (if not already running)

Health Check Monitor Set Up on HAProxy

  • Create a health check for the MySQL service that MariaDB needs:
    • In the top menu, go to ‘Rules & Checks’ → ‘Health Monitors’
    • Click on the + sign to add a new one (this button is a bit less visible).
    • Name/Description: as you like, such as mariadb_health_check
    • Check type: MySQL
    • Check internal 3s (or as you prefer)
    • Port: 3306
Set up a health check for your cluster
Set up a health check on HAProxy for MariaDB (port 3306)

Real Server Set Up on HAPRoxy

  • Now let’s make HAProxy aware of each container’s existence. While still in ‘Services’ → ‘HAProxy’ → ‘Settings’ in the left menu, go to ‘Real servers’ → ‘Real servers’ drop-down option. Click on on the + sign to add a new one for each instance.
    • Name: name of each galera instance, such as galera_a1
    • Type: static
    • IP: the real IP of each instance
    • Port: 3306 (optional, since our health check has it configured already)
    • Mode: active
HAProxy on OPNSense - add your MariaDB containers.
Add individual servers in HAProxy on OPNSense
  • In the end, you should have all four listed:
HAPRoxy on OPNSense - overview of all containers added
All MariaDB servers added into HAProxy on OPNSense

Back-end Pool Set Up on HAProxy

  • The next step is to create a backend pool. Go to ‘Virtual Services’ → ‘Backends’ and click on the + sign again.
HAPRoxy on OPNSense - Add cluster into a back-end pool
Populate the back-end pool in HAProxy on OPNSense
  • At this point, it would be good after saving this change to click on the ‘Test syntax’ button to ensure that there are no errors and then you can click on the ‘Apply’ button.

Virtual IP Set Up on OPNSense

  • So now HAProxy knows what to check and where and how often. Yet, for our web apps, we would want a single point of contact. We will need a virtual IP address.
  • In the left menu of your OPNSense, go to ‘Interfaces’ → ‘Virtual IPs’ → ‘Settings’ and click on the + sign to add a new one.
    • Mode: CARP (as we have OPNSense in a HA cluster already and want them to take over in case one fails)
    • Interface: LAN
    • Network address: Choose an address on your LAN that is not on your DHCP range (mine starts from .101 onwards). The subnet should be specific to that IP only, i.e. /32.
    • Set up a custom password – if you have more OPNSense units, it needs to match on all instances.
    • VHID: needs to be unique from others and match with other OPNSense units in the cluster (if you have one).
    • advbase: same as above
    • advskew: The main unit should have a lower value, the secondary (backup) unit(s) higher value(s).
  • Check out my previous article on how CARP and HA works on OPNSense for more details.
CARP on OPNSense - virtual IP set up.
Virtual IP addition in CARP mode
  • You might object why to add another CARP interface when you already have your OPNSense in a cluster. This is the cleanest way of separating between our network’s gateway IP and our database service IP. If we ever need to add firewall or NAT rules in the future, we can simply refer to this virtual IP.
  • This is how it looks on my end after configuring the virtual IP for the Galera DB service (do not worry about the others if you do not have them):
CARP on OPNSense - overview
Overview of how all virtual IPs – we are only concerned abotu the one for our MariaDB cluster

Front-end (Public) Service Set Up on HAProxy

  • Finally, we can head back to HAProxy via ‘Services’ → ‘HAProxy’ → ‘Settings’ and find the the ‘Virtual Services’ in the top menu and select ‘Public Services’ from the drop-down. Click on the + sign.
    • Name/Description: As per your preference, something like ‘galera_db_cluster_listener’ may do.
    • Listen address: your virtual IP
    • Type: TCP (not HTTP!)
    • Default back-end pool: our previously configured pool, e.g. ‘mariadb_galeraA_pool’.
HAPRoxy on OPNSense - add an interface to listen on the virtual IP
Set up your front-end on HAProxy on OPNSense

Configuration Sync (For OPNSense Backup Nodes)

  • After saving it, testing the syntax and applying, it would be good to ensure that this new config gets replicated to the other OPNSense instance in HA, if you have any.
    • Head to ‘System’ → ‘High Availability’ → ‘Status’.
    • Click on the button to the right of ‘Synchronize config to backup’.
CARP on OPNSense - sync settings on another node
Sync config to other nodes (for HA set up only)
  • Then it would be good to log into your backup instance(s) to confirm that all the HAProxy and virtual IP config is in there. Esp. in HAProxy, it is often necessary to apply the new configuration:
CARP on OPNSense - confirm settings transferred on a backup node
Check if your backup OPNSense unit(s) have their HAProxy configuration
  • This concludes are load balancer part and we can finally look into testing our cluster.

Go back to course overview: Deploy MariaDB Galera Cluster on Proxmox

Leave a Comment

Save my name, email, and website in this browser for the next time I comment.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Step Contents

Content