Example: Configuring Multiple Oracle NoSQL Database Proxies for Redundancy
Learn how to configure multiple Oracle NoSQL Database proxies to work with a load balancer.
You can set up a configuration using multiple Oracle NoSQL Database proxies to create redundancy. Redundancy ensures that at least one proxy continues to function through different demand loads and failure types.
The Oracle NoSQL Database Proxy can run in one or multiple dedicated hosts. It can also be hosted inside the nodes of the data store. You can use a load balancer as the front end, which has a back end set of multiple Oracle NoSQL Database proxies for redundancy on different hosts.
HAProxy is an open-source software that offers a load balancer for HTTP and TCP applications. You can use the HAProxy software as a load balancer in front of multiple Oracle NoSQL Database proxies.
Note:
There are other load balancers available. This topic demonstrates the concepts using HAProxy as the load balancer.For example, consider a data store with three dedicated proxy hosts: proxy1-nosql, proxy2-nosql, proxy3-nosql. To set up multiple proxies with redundancy, you can configure the hosts proxy1-nosql, proxy2-nosql, proxy3-nosql as Oracle NoSQL Database proxies in the back end. Install and configure the HAProxy software as the load balancer. The load balancer routes requests to the proxies.
Configuring Oracle NoSQL Database Proxy in the hosts
Ensure that you have deployed the data store.
-
Start the HTTP proxy on each of the hosts,
proxy1-nosql, proxy2-nosql, proxy3-nosqlas follows:Non-secure data store:java -jar $KVHOME/lib/httpproxy.jar -helperHosts <kvstore_helper_host:5000> -storeName <kvstore_name> -httpPort 8080 -verbose trueFor details, see Using the Proxy in a non-secure data store.
Secure data store:java -jar $KVHOME/lib/httpproxy.jar -helperHosts <kvstore_helper_host:5000> -storeName <kvstore_name> -httpsPort 8443 -storeSecurityFile $KVROOT/security/proxy.login -sslCertificate certificate.pem -sslPrivateKey key-pkcs8.pem -sslPrivateKeyPass <privatekey_password> -verbose trueFor details, see Using the Proxy in a secure data store.
Note:
Instead of creating a certificate for each Oracle NoSQL Database Proxy, you can create only one certificate with Subject Alternative Names (SAN). This simplifies the configuration in the following scenarios:- When you need to rotate the certificate. You only have one certificate to manage and share.
- When a server has multiple names.
- When using the IPs.
For more details on using SAN, see Generating Certificate and Private Key for Proxy.
-
Verify if the proxy is functioning.
Non-secure data store:http://<proxy1-nosql>:8080/V2/healthSecure data store:https://<proxy1-nosql>:8443/V2/health
Configuring the load balancer
-
Install and configure the HAProxy software as a load balancer.
Note:
Oracle NoSQL Database documentation does not provide instructions to set up HAProxy as a load balancer. You must implement it as a prerequisite before configuring the Oracle NoSQL Database Proxy set up with redundancy. -
Configure the HAProxy software:
The examples serve as a guideline to configure an open-source load balancer in the Oracle NoSQL Database HTTP proxy context.
Add the following lines at the end of the file
/etc/haproxy/haproxy.cfg.This configures the HAProxy to route requests to the proxies:
proxy1-nosql, proxy2-nosql, proxy3-nosql.Example: Non-secure data store# Configure HAProxy to listen on port 8080 frontend http_front bind *:8080 stats uri /haproxy?stats default_backend http_back # Configure HAProxy to route requests to Oracle NoSQL Database Proxy hosts on port 8080 backend http_back balance roundrobin server proxy1-nosql <IP_node1>:8080 check server proxy2-nosql <IP_node2>:8080 check server proxy3-nosql <IP_node3>:8080 checkExample: Secure data store
Depending on your load balancer, you can use one of the following sample configurations:-
SSL passthrough configuration:
The load balancer passes encrypted HTTPS traffic directly to the back end servers without decrypting the traffic on the load balancer. Here, the load balancer and proxies use the same SSL certificate.# Configure HAProxy to listen on port 8443 frontend http_front bind *:8443 ssl crt /etc/haproxy/certs/full.pem timeout http-keep-alive 20s stats uri /haproxy?stats default_backend http_back # Configure HAProxy to route requests to Oracle NoSQL Database Proxy hosts on port 8443 backend http_back balance roundrobin timeout http-keep-alive 20s server proxy1-nosql <IP_node1>:8443 check maxconn 20 ssl verify none server proxy2-nosql <IP_node2>:8443 check maxconn 20 ssl verify none server proxy3-nosql <IP_node3>:8443 check maxconn 20 ssl verify none -
SSL Bridging configuration:
The load balancer decrypts all HTTPS traffic when it arrives at the load balancer, and encrypts the traffic to the destination server. This configuration allows load balancer and proxies to use different SSL certificates.# Configure HAProxy to listen on port 8443 frontend http_front bind *:8443 ssl crt /etc/haproxy/certs/full.pem timeout http-keep-alive 20s stats uri /haproxy?stats default_backend http_back # Configure HAProxy to route requests to Oracle NoSQL Database Proxy hosts on port 8443 backend http_back balance roundrobin timeout http-keep-alive 20s server proxy1-nosql <IP_node1>:8443 check maxconn 20 ssl ca-file /root/proxy1-nosql.pem server proxy2-nosql <IP_node2>:8443 check maxconn 20 ssl ca-file /root/proxy2-nosql.pem server proxy3-nosql <IP_node3>:8443 check maxconn 20 ssl ca-file /root/proxy3-nosql.pem
-
-
Restart the HAProxy and validate the status:
sudo systemctl stop haproxy.service sudo systemctl start haproxy.service sudo systemctl status haproxy.service -
Verify if the load balancer is working.
Here, <LB-hostname> is the host on which the HAProxy software is installed.
Non-secure data store:http://<LB-hostname>:8080/V2/healthSecure data store:
https://<LB-hostname>:8443/V2/health