Introduction
...
Two UDMG Server instances (MFT nodes)
One Shared Storage server machine. Resilience can be achieved with a cluster file system solution.
One Database Server machine. Resilience can be achieved with a cluster database solution.Server machine. Resilience can be achieved with a cluster database solution.
- Two ranges of reserved ports for FTP (3000-3010) and SFTP (4000-4010). For a given FTP or SFTP server, the same port is used on internet facing end (HAProxy) and the backend side (UDMG Server).
The components in white are active and operating. The components in gray are available for operations but currently are inactive (passive).
The linux Linux HAProxy and Keepalived utilities are installed to handle a virtual IP that is used by the client to reach the UDMG services.
...
IP | Hostname | Description |
---|
192.168.56.110 | storage | NFS Server |
192.168.56.100 | vip | Virtual IP Addr |
192.168.56.101 | mft_1 | MFT UDMG Server Node |
192.168.56.102 | mft_2 | MFT UDMG Server Node |
192.168.56.120 | db | PostgreSQL Database |
...
Add the directory that you want to share with the MFT UDMG Servers, for example /data:
...
Panel |
---|
# showmount -e
Export list for storage:
/data mft_1,mft_2
|
Configuring the first
...
UDMG Server
System Configuration
Configure the /etc/hosts
file with the following entries:
...
Panel |
---|
#/etc/haproxy/haproxy.cfg # --------------------------------------------------------------------------- #
# Global
# --------------------------------------------------------------------------- #
global
log 127.0.0.1 local0 info
# --------------------------------------------------------------------------- #
# Defaults Timeouts
# --------------------------------------------------------------------------- #
defaults
retries 3
option redispatch
timeout client 30s
timeout connect 4s
timeout server 30s
# --------------------------------------------------------------------------- #
# Stats
# --------------------------------------------------------------------------- #
listen stats
bind *:8081
mode http
log global
maxconn 10
stats enable
stats hide-version
stats refresh 30s
stats show-node
stats auth admin:password
stats uri /status
# --------------------------------------------------------------------------- #
# FTP - mft Servers
# --------------------------------------------------------------------------- #
frontend ftp_service_front
bind vip:40003000-4010 3010 transparent
mode tcp
use_backend ftp_service_backend
backend ftp_service_backend
mode tcp
stick-table type ip size 10k expire 300s
stick on src
server gw0 <SERVERNAME> check port <SERVERPORT>
# --------------------------------------------------------------------------- #
# SFTP - mft Servers
# --------------------------------------------------------------------------- #
frontend sftp_service_front
bind vip:30004000-3010 4010 transparent
mode tcp
use_backend sftp_service_backend
backend sftp_service_backend
mode tcp
stick-table type ip size 10k expire 300s
stick on src
server gw0 <SERVERNAME> check port <SERVERPORT>
# --------------------------------------------------------------------------- #
# UDMG Server
# --------------------------------------------------------------------------- #
frontend gw_service_front
bind vip:8080 18080 transparent
mode http
default_backend gw_service_backend
backend gw_service_backend
mode http
balance roundrobin
cookie SRVNAME insert
server gw0 <SERVERNAME> check port <SERVERPORT> cookie S01 check
# --------------------------------------------------------------------------- #
# Nginx
# --------------------------------------------------------------------------- #
frontend nx_service_front
bind vip:80 transparent
mode http
default_backend nx_service_backend
backend nx_service_backend
mode http
balance roundrobin
cookie SRVNAME insert
server gw0 <SERVERNAME> check port 80 cookie S01 check
# --------------------------------------------------------------------------- #
# END
# --------------------------------------------------------------------------- #
# EOF
|
...
Verify that HAProxy is binding the ports that we are going to use under the MFT Waarp GatewayUDMG Server:
Panel |
---|
mft:~# netstat -tanlp | grep -i haproxy
tcp 0 0 0.0.0.0:8081 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:3000 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:3001 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:3002 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:3003 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:3004 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:3005 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:3006 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:3007 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:3008 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:3009 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:3010 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:4000 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:4001 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:4002 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:4003 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:4004 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:4005 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:4006 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:4007 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:4008 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:4009 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:4010 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:80 0.0.0.0:* LISTEN 2122/haproxy
tcp 0 0 192.168.56.100:8080 18080 0.0.0.0:* LISTEN 2122/haproxy
|
...
Under the server.ini
configuration the follow following settings must be updated:
...
Panel |
---|
# Proxy Configuration
[proxy]
recover = true
cors = true
tracker = true
logger = true
port = "5000"
inet = "127.0.0.1"
[service.mft]
protocol = "http"
policy = "failover"
admins = ["admin"]
[[service.mft.targets]]
hostname = "<SERVERNAME or SERVER IP>"
port = 808018080
|
Start the UDMG Server and UDMG Authentication Proxy.
...
Configure the NGINX service to reach the IP that was configured before:
Panel |
---|
upstream mftudmg_auth_proxy proxy {
ip_hash;
server <SERVERNAME or SERVER IP>:5000;
keepalive 10;
}
server {
listen <SERVERNAME or SERVER IP>::80 default_server;
location / {
try_files $uri $uri/ /index.html;
root "/var/www/localhost/htdocs";
}
location /service/ {
proxy_pass http://mftudmg_auth_proxy/;
}
# You may need this to prevent return 404 recursion.
location = /404.html {
internal;
}
}
|
Start the nginx service.
Configuring the second
...
UDMG Server
Repeat the above steps with the following difference regarding the state of the virtual IP.
...