Traefik Load Balancing

Describes how to use the Traefik load balancer to distribute the Object Store load across multiple MOSS servers in a release 7.0.0 or later Data Fabric cluster.

Use the following steps to install and configure the Traefik binary:

Install Traefik on a non-cluster node. You can access the binary from the Traefik website.
Download the tar file, and extract it to a well-known location:
```
tar -xvzf traefik_v2.7.1_linux_386.tar.gz
```

Specify the Traefik configuration for the type of request (http or https) that you plan to use. Traefik supports both static and dynamic configurations, and you must configure both. For more information about static and dynamic configurations, see Traefik Configuration Introduction.

Specify the Traefik configuration in the /etc/traefik/traefik.yml file. For example:

entryPoints:
  web:
    address: ":80"
api:
  dashboard: true
  insecure: true

log:
 filePath: "/etc/traefik/traefik.log"
 level: debug

providers:
  file:
    filename: "/etc/traefik/router.yml"

Specify the router configuration in the /etc/traefik/router.yml file. The


                        router.yml

file identifies the MOSS service and load balancer server details:

# cat /etc/traefik/router.yml
http:
   routers:
      moss-router:
        entryPoints:
           - "web"
        rule: PathPrefix("/")
        service: moss-service
   services:
      moss-service:
         loadBalancer: 
            servers: 
              - url: "http://m2-hux6k-34-n2.mip.storage.hpecorp.net:9000"
              - url : http://m2-hux6k-34-n4.mip.storage.hpecorp.net:9000

Specify the static and dynamic configuration files as shown in the following example.
For https requests, you must copy the chain-ca.pem file from the MOSS server to the Traefik client node and include the path for the config parameter in the static configuration file, as shown in the serversTransport section:
- Example of Static Configuration File
```
/etc/traefik/traefik.yml:
============================
entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
api:
  dashboard: true
  insecure: true

log:
 filePath: "/etc/traefik/traefik.log"
 level: debug

providers:
  file:
     directory: "/root/traefik/dynamic/"
     watch: true

serversTransport:
  rootCAs:
       - /root/traefik/chain-ca.pem
```
- Example of Dynamic Configuration Files
  For https, two dynamic configuration files are required. Create a directory for these files, and place both files in the directory. For example:
```
# ls -rlth dynamic/
total 8.0K
-rw-r--r-- 1 root root 390 Jun 26 23:57 router.yml
-rw-r--r-- 1 root root 270 Jun 27 02:04 certificates.yaml
```

Specify the router configuration in the /etc/traefik/router.yml file. For example:

dynamic/router.yml 
http:
   routers:
      moss-router:
        entryPoints:
           - "websecure"
        rule: PathPrefix("/")
        service: moss-service
        tls: true
   services:
      moss-service:
         loadBalancer: 
            servers:
              - url: "https://m2-hux6k-34-n2.mip.storage.hpecorp.net:9000"
              - url : "https://m2-hux6k-34-n4.mip.storage.hpecorp.net:9000"

Specify the certificates file:

dynamic/certificates.yaml
 =========================== 
tls:
  certificates:
    - certFile: /root/traefik/public.crt
      keyFile: /root/traefik/private.key
      stores:
        - default
  stores:
    default:
      defaultCertificate:
        certFile: /root/traefik/public.crt
        keyFile: /root/traefik/private.key

Start the Traefik binary:
```
./traefik
```
Check the /etc/traefik/traefik.log to make sure there are no errors in loading the static or dynamic configuration files.

Send an http or https request to the MOSS server using the load balancer server in the URL, and verify that the load is distributed across the specified nodes. For example:

import boto3

try:
    s3 = boto3.client('s3',endpoint_url='http:/<loadbalancer_serverhostname>:80', aws_access_key_id='<access_key>', aws_secret_access_key='<secret_key>', region_name='us-east-1', use_ssl=False, verify=False)
    resp = s3.put_object(
            Body = 'test putobject with loadbalancer',
            Bucket = 'bucket1',
            Key ='test_demo.txt'
            )
    print(resp)
except ClientError as e:
    print(e.response)

import boto3

try:
    boto3.setup_default_session(region_name='us-east-1')
    s3 = boto3.client('s3',endpoint_url='https://<loadbalancer_servername>:443/', aws_access_key_id='<access_key>', aws_secret_access_key='<secret_key>', region_name='us-east-1', use_ssl=True, verify="/root/traefik/chain-ca.pem")
    resp = s3.put_object(
            Body = 'test putobject with loadbalancer',
            Bucket = 'bucket2',
            Key ='secureobj4.txt'
            )
    print(resp)