Versions Compared

Version Old Version 16 New Version 17
Changes made by

Abraham Felsenstein

Abraham Felsenstein

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Setup and install HAProxy. This package is part of the EPEL repository.

Info

HAproxy is pre-installed on the SwarmContentGateway VM and SCI deployed gateway VM’s.

  • Use the following configuration for /etc/haproxy/haproxy.cfg

...

  • Start HAProxy:
    systemctl restart haproxy

Note

If when restarting HAProxy this error is thrown “Starting frontend www-https-svc: cannot bind socket [0.0.0.0:91]”, either disable SELinux or run this command:

setsebool -P haproxy_connect_any=1

Create a Self-Signed SSL Certificate

Method 1:

  • Execute the following to create a self signed certificate for the domain:

...

If when restarting HAProxy this error is thrown “Starting frontend www-https-svc: cannot bind socket [
Info

Perform this for all bind statements with the ssl keyword configured. Restart HAProxy to activate:  systemctl restart haproxy

Info

Method 2:

A new more modern approach is to make an openssl.conf file first, here is an example:

Code Block
[ req ]
prompt = no
distinguished_name = server_distinguished_name
req_extensions = v3_req

[ server_distinguished_name ]
commonName = swarm.acme.local
stateOrProvinceName = Texas
countryName = US
emailAddress = admin@acme.local
organizationName = Acme Inc.
organizationalUnitName = IT

[ v3_req ]
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names

[ alt_names ]
DNS.0 = swarm.acme.local

Generate the private key

Code Block
openssl genrsa -out YOUR_DOMAIN.key 3072

Generate certificate signing request

Code Block
openssl req -new -key YOUR_DOMAIN.key -out YOUR_DOMAIN.csr -config openssl.conf -sha256 -newkey rsa:3072

Generate certificate

Code Block
openssl x509 -req -sha256 -days 3650 -in YOUR_DOMAIN.csr -signkey YOUR_DOMAIN.key -out YOUR_DOMAIN.crt -extensions v3_req -extfile openssl.conf

Concatenate the YOUR_DOMAIN.crt (first) and the YOUR_DOMAIN.key (second) into a YOUR_DOMAIN.pem file.

Place the pem file where you configured it in haproxy.cfg example here put it in /etc/pki/tls/certs

Code Block
bind 0.0.0.0
:91]”, either disable SELinux or run this command:

setsebool -P haproxy_connect_any=1

...

:443 ssl crt /etc/pki/tls/certs/YOUR_DOMAIN.pem

The host <contentgatewayIP>:8091 needs to be used in the login page to connect for Swarm UI in the configuration example above.

Info

Copy both crt files to /etc/pki/ca-trust/source/anchors and run update-ca-trust to test the new certificate from a CentOS 7.x client. curl may then used to test the certificate validation once the command completes.

Replication Feed configuration

The following setting must appear and be set properly in the /etc/caringo/cloudgateway/gateway.cfg file if the content gateway is going to be used as the destination for a remote replication feed:

Code Block
[scsp]
...
...
allowSwarmAdminIP=172.30

In the example above, replicate "172.30" with the IP addresses (or prefix) of clients sending administrative requests to the gateway.

The most common example is the IP addresses (or prefix) of the nodes in a cluster using a remote replication feed with the gateway as the destination.

Info

The host <contentgatewayIP>:8091 needs to be used in the login page to connect for Swarm UI in the configuration example above.

...

.

Filter by label (Content by label)
showLabelsfalse
max5
spacesKB
showSpacefalse
sortmodified
typepage
reversetrue
labelsContentGateway devcloud OEM
cqllabel in ( "devcloud" , "contentgateway" , "oem" ) and type = "page" and space = "KB"
Page Properties
hiddentrue


Related issues