Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsComputer equipmentNETWORK PROXY SERVER 3.7 -
21222324252627282930
Chapter 6. Load Balancing Satellite Proxy Servers
Some environments include a load balancer between Satellite clients and Satellite proxies to
distribute the load of Satellite requests, or to help redirect requests to a location closer to the
originating client. If the Satellite Proxy topology becomes more complex, includes CNAME support,
chaining, and so on, it is helpful to test the HTTP header requests exchanged between load
balancers and round-robin proxy chains. This chapter describes configuring Squid as a reverse
proxy to perform round-robin requests between two Satellite proxies. It covers the set up procedure
and how to support both non-SSL and SSL proxy requests.
The following environment in this example would use five different hosts:
Red Hat Satellite Proxy A, signified with IP address 19 2. 16 8. 10 0 . 16 and hostname
pro xya. exampl e. co m
Red Hat Satellite Proxy B, signified with IP address 19 2. 16 8. 10 0 . 17 and hostname
pro xyb. exampl e. co m
Load Balancer, signified with hostname l b. exampl e. co m
Red Hat Satellite Server with Red Hat Satellite Proxy A and B connected
The client machine, signified with IP address 19 2. 16 8. 10 0 . 19
6.1. Inst alling a Squid Reverse Proxy
Install a Squid server to use as the load balancer by using reverse proxy mode.
# yum install squid
You also need to generate SSL certificates and sign them with the Satellite CA. The easiest method is
to use the rhn-ssl -to o l on the Satellite server to generate the server certificates, because the CA is
already available.
The Satellite SSL Maintenance Tool (rhn-ssl-tool) generates and maintains Satellite SSL keys and
certificates. It also generates RPMs for use in deploying these keys and certificates. The tool is
geared for use in a Satellite context, but can be useful outside of Satellite too.
In this example, the load balancer is called lb. exampl e. co m; substitute the host name that applies
to your deployment, and enter a suitable build directory. Run this command on the Satellite server.
$ rhn-ssl-tool --gen-server --set-hostname=lb.example.com -d /root/ssl-
build
The rhn-ssl -to o l used above creates SSL files for l b. exampl e. co m and saves the files in
/ro o t/ssl -bui l d directory. Copy the server. crt, server. key, and the R HN-O R G -T R UST ED -
SSL-C ER T CA certificate from the d hcp directory to the l b. exampl e. co m load balancer. These
files are used to set up SSL for the actual load balancer. The R HN-O R G -T R UST ED -SSL-C ER T
certificate allows SSL communication between the load balancer and the proxies.
Modify the /etc/sq ui d /sq ui d . co nf file on the l b. exampl e. co m server to set up reverse proxy
mode:
Examp le 6 .1. Set t ing u p Reverse Pro xy Mo d e
Chapt er 6 . Load Balancing Sat ellit e Proxy Servers
25