Load Balancers¶
Infrastructure > Load Balancers
Overview¶
Morpheus can provision VM or Container HaProxy Load Balancers, Amazon Elastic and Application Load Balancers, Azure Load Balancers, and integrates with several external Load Balancers, including F5, A10, Citrix, and AVI.
Once created or integrated, Load Balancers are available as an option to be added during provision time or post-provisioning.
Once a Load Balancer is added to an instance, you can manually scale or configure auto-scaling based on thresholds or schedules, and burst across clouds with cloud priority.
In the Load Balancers page there are two sections:
- Load Balancers
View or edit existing Load Balancers, add new Load Balancers.
- Virtual Servers
View and link to Instances that are attached to load balancers.
Group and Tenant Access
Load balancers can be configured to provide specific Group and Tenant access, if desired. Group Access controls which Groups at provision time will have access to the load balancer resource. Only workloads being provisioned to the selected Groups would have visibility to the load balancer. Workloads provisioned to other Groups would not see the load balancer as an available selection. Tenant Permissions control which Tenants may see the load balancer. Public visibility allows access to the load balancer for users in all Tenants (subject to additional RBAC controls) while Private visibility allows access only for selected Tenants. Select all that may apply.
Load Balancers¶
The Load Balancers tab list currently available Load Balancers, which you can select, edit or delete, and is where you can create new or integrate with external Load Balancers.
Add a new Load Balancer¶
Select + LOAD BALANCER, chose an option, and fill in the required information:
- A10 (aXAPI v3)
API Host
API Port
Username
Password
Internal IP
Public IP
VIP Address
VIP Port
- Amazon ALB
Scheme
Internal
Internet-Facing
Amazon Subnets (Select + to add additional) * Specify the subnets to enable for your load balancer. You can specify only one subnet per Availability Zone. You must specify subnets from at least two Availability Zones to increase the availability of your load balancer.
Amazon Security Groups (Select + to add additional)
- AVI
API Host
API Port
Username
Password
Internal IP
Public IP
VIP Address
VIP Port
- Azure Load Balancer
Cloud
Resource Group * Populated from cloud selection
- Citrix NetScaler
API Host
API Port
Username
Password
- F5 BigIP (v11.4+)
API Host
API Port
Username
Password
Management URL
- FortiADC
API HOST
API PORT
USERNAME
PASSWORD
INTERFACE (synced on auth)
- HaProxy Container (Internal, will create a HaProxy container, must have available docker host to provision to)
Group
Cloud
Name
Description
Plan * Select the size of HaProxy container to be provisioned
- NSX-T Load Balancer
NSX-T
Name
Description
Enabled
Admin State
Size
Tier-1 Gateways
Log Level
Upon saving your new Load Balancer will be added to the Load Balancers list and available in the Load Balancer dropdown in the Provisioning Wizard Automation Section for Instance Types that have scaling enabled.
Load Balancer Detail Pages¶
In the main Load Balancer page, select an existing Load Balancer to go to that Load Balancers Details Page, which lists Stats, Settings, Actions and Virtual Servers for that load balancer.
Orchestrating Load Balancers¶
A large part of application orchestration and automation involves tying various web services and backend services into different load balancer configurations. If the automation tool is unable to communicate or integrate with this aspect of your infrastructure, a lot of gaps will be created in the full orchestrated flow of application deployment. This is why Morpheus provides deep integration with load balancers and explicit definitions with catalog items as to how they are connected to provisioned instances. Some of the functionality includes:
Public Cloud Load Balancer Support
Private Cloud Load Balancer Support
Port Type definitions (Profiles like HTTP/HTTPS or UDP)
SSL Certificate Management and SSL Certificate Upload
SSL Passthrough or Forced Redirect
Not only does Morpheus have an ability to provision HAProxy based load balancer containers for easy consumption in development environments, but also has direct tie ins with several Load Balancer Types:
F5 BigIP
A10
Netscaler
NSX Advanced Load Balancer
Amazon ELB
Amazon ALB
Azure Load Balancer
Fortinet
Openstack Octavia
HA Proxy
NSX-T
Morpheus exposes configuration options during provisioning of an Instance relevant and common to each supported LB Integration. In some cases, Morpheus also provides direct management and sync support for VIP configurations on the various Load Balancers (such as F5, and NSX Advanced Load Balancer), However in a day to day orchestrated workflow this would not be the ideal means by which a user should consume load balancer services.
By tying the Load Balancer associations into the provisioning of instances and the definition of the instance catalog item, the lifecycle of the VIP can more easily be maintained throughout the lifecycle of whatever application may be deployed.
Setting up an Instance for Load Balancer Consumption¶
Several of the provided Morpheus instance types are ready to go with load balancer orchestration out of the box (Apache, Nginx, Tomcat, Node.js, etc). It is also fairly easy to extend existing generic instance types during provisioning to be tied to load balancers or to set up said catalog items in advanced for such functionality.
When creating a custom Instance Type (in Library), one can define a list of exposed ports that the node type within the instance exposes. When defining these exposed ports it prompts for a Name, Port Number, and LB Type. The LB Type is what enables load-balancer functionality. This can either be HTTP,HTTPS, or TCP. This specification helps build the correct profile for the VIP as well as setup the appropriate types of Health Monitors within the target load balancer integration.
Now, when a user consumes this custom instance type (either through single instance provisioning or full application blueprint provisioning), a section appears in the Automation phase of provisioning. Each port that is defined that exposes a load-balancer gets a dropdown to choose which load balancer integration attach to the exposed port and various prompts become available.
These prompts control features ranging from target VIP Address to selecting an SSL Certificate to be applied to the VIP. These SSL Certificates will even go so far as to create SSL Profiles in integrations for things like an F5 automatically for the application. There are also external integrations for SSL Certificate management with Venafi which allows for the consumption of certificates managed by that external system.
Once the instance is provisioned, as part of the final phase, the load balancer configuration will be applied and maintained on the instance. This association can be manipulated after the fact via the “Scale” tab found on the Instance Detail page.
Another benefit to associating load-balancers this way is that the pool members are automatically maintained during scaling events, either via auto-scaling thresholds or manual node additions / removals.
F5 Load Balancers¶
Add F5 Load Balancer¶
To add a F5 Load Balancer Integration:
Navigate to Infrastructure > Load Balancers
Select + ADD
Select F5 BigIP
Fill in the following:
- GROUP
Select the Group the Load Balancer will be available for
- CLOUD
Select the Cloud the Load Balancer will be available for
- NAME
Name of the Load Balancer in Morpheus
- DESCRIPTION
Identifying information displayed on the Load Balancer list page.
- VISIBILITY
Define Multi-Tenant permissions
- API HOST
IP or resolvable hostname url.
- API PORT
Typically
8443
- USERNAME
API user
- PASSWORD
API user password
- MANAGEMENT URL
Example:
https://10.30.20.31:8443/xui/
- Advanced Options (optional)
VIRTUAL NAME
POOL NAME
SERVER NAME
Save Changes
Important
The F5 API handles SSL certificate installation by downloading the certificate from a URL the user provides. Morpheus provides the “Appliance URL” configured in global settings (Administration > Settings > Appliance) to satisfy that requirement. Make sure you have configured a valid URL in this field and that F5 can reach it.
Virtual Servers¶
Instances attached to an F5 will be listed in the Virtual servers tab. Virtual servers can also be manually added in this section.
Add Virtual Server¶
Navigate to Infrastructure > Load Balancers
Select F5 Integration name to drill into the detail page
Select + ADD in the VIRTUAL SERVERS tab
Fill in the following:
- NAME
Name of the Virtual Server in Morpheus
- DESCRIPTION
Description of the Virtual Server in Morpheus
- Enabled
Uncheck to keep the configuration but disable F5 availability in Morpheus
- VIP TYPE
Standard
Forwarding (Layer 2)
Forwarding (IP)
Performance (HTTP)
Performance (Layer 4)
Stateless
Reject
DHCP
Internal
Message Routing
- VIP HOSTNAME
Enter Hostname of the VIP (optional)
- VIP ADDRESS
Enter IP address for the VIP
- VIP PORT
Enter post used for the VIP
- SOURCE ADDRESS
Enter Virtual Server source address
- PROTOCOL
tcp, udp, or sctp
- PROFILES
Search for and select from available PROFILES
- POLICIES
Search for and select from available POLICIES
- IRULES
Search for and select from available RUEL SCRIPTS
- PERSISTENCE
cookie
dest-addr
global-settings
hash
msrdp
sip
source-addr
ssl
universal
- DEFAULT POOL
Select from available POOLS
Select SAVE CHANGES
Policies¶
Policies will be synced and listed in the Policies tab. These policies will be available options when creating Virtual Servers.
Pools¶
Create Pool¶
- NAME
Name of the POOL in Morpheus
- DESCRIPTION
Description of the POOL in Morpheus
- BALANCE MODE
Round Robin
Least Connections
- SERVICE PORT
Specify SERVICE PORT for the POOL
- MEMBERS
Search for and select from available NODES
- MONITORS
Search for and select from available Monitors
Profiles¶
SSL Profiles are synced and and will be created when an SSL Certificate is assigned in the Load balancer section when provisioning or editing a Load balancer on an Instance.
Monitors¶
Create Monitor¶
- NAME
Name of the MONITOR in Morpheus
- DESCRIPTION
Description of the MONITOR in Morpheus
- PARENT MONITOR
Select from available MONITORS
- DESTINATION
Specify Destination, such a
*:443
. Default is*:*
- INTERVAL
Specify Monitor Interval. Default is
5
- TIMEOUT
Specify Monitor Timeout. Default is
15
- MONITOR CONFIG
Enter monitor config.
Nodes¶
Create Node¶
- NAME
Name of the NODE in Morpheus
- DESCRIPTION
Description of the NODE in Morpheus
- ADDRESS
Enter node address
- MONITOR
Select from available MONITORS
- SERVICE PORT
Specify SERVICE PORT for the NODE
Rule Scripts¶
Rule Scripts will be synced and listed in the RULE SCRIPTS tab. These rules will be available options when creating Virtual Servers.
Citrix NetScaler¶
Add NetScaler Integration¶
To add a NetScaler Load Balancer Integration:
Navigate to Infrastructure > Load Balancers
Select + ADD
Select Citrix NetScaler
Fill in the following:
- GROUP *
Select the Group the Load Balancer will be available for.
- CLOUD *
Select the Cloud the Load Balancer will be available for.
- NAME *
Name of the Load Balancer in Morpheus.
- DESCRIPTION
Identifying information displayed on the Load Balancer list page.
- VISIBILITY
- Define Tenant Visibility
Public: Available to all Tenants.
Private: Only available to specified Tenant.
- Tenant
If Visibility is set to private, define the Tenant the Load Balancer will be available in.
- API URL *
- URL of the NetScaler API
Example: http://10.30.21.55
- API PORT *
- NetScaler API port
Example: 80
- USERNAME *
NetScaler service account username
- PASSWORD *
NetScaler service account password
- VIRTUAL NAME
- Naming Pattern for new NetScaler Virtual Servers
If blank, defaults to
morph_lb_${loadBalancer.id}
- SERVICE NAME
- Naming Pattern for new NetScaler Services
If blank, defaults to
morph_service_${container.id}
- SERVER NAME
- Naming Pattern for new NetScaler Servers
If blank, defaults to
morph_server_${server.id}
Add Load Balancer to Instance¶
Load Balancers can be added to Instances during Provisioning or to existing Instances. For Load Balancer settings to appear during provisioning, or for the scale tab to be available on an Instance, the instances Node Type must have a LB port defined.
Note
For Load Balancer settings to appear during provisioning, or for the scale tab to be available on an Instance, the instances Node Type must have a LB port defined.
Add Load Balancer during Provisioning¶
In the Instance Provisioning wizard, Load Balancers can be configured in the Automation > Load Balancer section.
Navigate to Provisioning > Instances.
Select + ADD.
Select an Instance Type that supports scaling. (ENABLE SCALING (HORIZONTAL) flagged on Instance Type configuration)
Proceed with Instance configuration to the Automation section.
Fill in the following:
- VIP ADDRESS
- Define IP Address for the Virtual Server
Example: 10.30.23.191
- VIP PORT
- Define port for the Virtual Server
Example: 80
- VIP HOSTNAME
- Define hostname that will resolve to the VIP IP.
Example: jwDemoHaApp59.den.example.com
- VIRTUAL SERVICE NAME
Define name for the Virtual Service. Defaults to
${instance.name}
- BALANCE MODE
- Specify balance mode for the VIP
Least Connections
Round Robin
- STICKY MODE
- Specify sticky session options for the VIP
Source IP
Cookie
- SHARED VIP ADDRESS
Select if VIP is shared, then enter DIRECT VIP ADDRESS
- SSL CERT
- SSL Certificate that will be applied to the VIP.
No SSL
Select existing Certificate from
Infrastructure > Keys & Certs
or from a Trust Provider Integration.
- USE EXTERNAL ADDRESS FOR BACKEND NODES
Select if traffic from LB to Backend Nodes needs to be sent to the External Addresses, or leave deselected to use Internal Addresses for Backed Nodes.
Optionally configure auto-scaling configuration in the
Scale
sectionSelect NEXT and provision the Instance.
After all nodes in the Instance are provisioned, the LB configuration will be added to the Instance and Virtual Servers, Services and Servers will be created and configured on the NetScaler. The Load Balancer settings and status will be visible in the Instance details page LOAD BALANCER section, with additional details, links, and configurations options available in the SCALE
tab.