Configuring the load-balancer

Purpose File Example full path
Main config zato.config /opt/zato/dev1/web-admin/config/repo/zato.config
Load-balancer’s XML-RPC agent config lb-agent.conf /opt/zato/dev1/web-admin/config/repo/web-admin.conf
Logging configuration logging.conf /opt/zato/dev1/web-admin/config/repo/logging.conf
Crypto material zato-lba-*.pem /opt/zato/dev1/web-admin/config/repo/web-admin-*.pem

Main config

The main config file is a HAProxy one and should be usually modified using the web admin.

One thing that you may want to edit is the username and password to browse the load-balancer’s statistics with, available under ‘defaults -> stats auth’.

However, if you’re an advanced HAProxy user you may wish to update other parts yourself too, just keep in mind that any lines containing the ‘# ZATO’ string must not be deleted and the comment must be left intact.

Note that any changes you introduce won’t be picked up by HAProxy until it will have been restarted.

Load-balancer’s XML-RPC agent config

Example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
{
  "haproxy_command": "haproxy",
  "host": "localhost",
  "port": 20151,
  "keyfile": "./zato-lba-priv-key.pem",
  "certfile": "./zato-lba-cert.pem",
  "ca_certs": "./zato-lba-ca-certs.pem",
  "work_dir": "../",
  "verify_fields": {"commonName": "My Client", "organizationName":"My Company",
                 "stateOrProvinceName":"My State"},
  "log_config": "./logging.conf",
  "pid_file": "zato-lb-agent.pid"
}

Discussion

The file is in JSON and its keys are:

haproxy_command

The operating system's command that should be executed to start HAPproxy, which is the underlying tool used as a load-balancer.

host

Host for the agent to listen on.

port

Host for the agent to bind to.

keyfile

Path to the private key, relative to the config file.

certfile

Path to the certificate, relative to the config file.

ca_certs

Path to the CA certs list, relative to the config file.

work_dir

Path to a directory that will be used to execute HAProxy commands in and to store a PID file.

verify_fields

An optional dictionary of key/value fields in a client certificate that must exist in incoming requests to the agent.

log_config

Path to the logging configuration, relative to the config file.

pid_file

Path to a file into which the PID of a running load-balancer agent should written out, relative to load-balancer's top-level directory.

Logging configuration - logging.conf

Example

Format

loggers:
    '':
        level: INFO
        handlers: [stdout, default]
    zato:
        level: INFO
        handlers: [stdout, default]
        qualname: zato
        propagate: false
    zato_access_log:
        level: INFO
        handlers: [http_access_log]
        qualname: zato_access_log
        propagate: false

Discussion

The log applies only to load-balancer's agent - not to the load-balancer itself.

Uses Python's own syntax to configure how and where logging messages should be written to.

Of special interest are keys:

  • ''.level - sets the log level for anything but Zato
  • zato.level - sets the log level for main Zato logger

Crypto material - zato-lba-*.pem

Load balancer agent's cryptograpical material is kept in PEM files. Private files must not be password-protected.

  • zato-lba-priv-key.pem - private key
  • zato-lba-pub-key.pem - public key
  • zato-lba-cert.pem - certificate
  • zato-lba-ca-certs.pem - a list of CA certificates web admin should trust

Changelog

Version Notes
2.0 Logging configuration's format changed from INI to YAML
1.0 Added initially