Using load balancers in an LEI

A newer version is available; see the version menu above for details.

In an LEI, agent requests are distributed among a pool of compile masters in order to increase the environment’s total capacity. You can configure a simple TCP load balancer to route traffic between agents and compile masters on port 8140.

Specifics on how to configure a load balancer infrastructure falls outside the scope of this document, but examples of how to leverage haproxy for this purpose can be found in the HA proxy module documentation.

Considerations when using load balancers

Using health checks

Puppet’s REST API exposes a status endpoint that can be leveraged from a load balancer health check to ensure that unhealthy hosts do not receive agent requests from the load balancer.

The Puppet master service will respond to unauthenticated HTTP GET requests issued to /puppet/v3/status/:name?environment=:environment where :name is set to any alphanumeric value, and :environment is set to the name of any Puppet environment present on the host. A response with an HTTP 200 status code will be returned if the service is healthy.

If your load balancer doesn’t support HTTP health checks, a simpler alternative is to check that the host is listening for TCP connections on port 8140. This ensures that requests will not be forwarded to an unreachable instance of the Puppet master, but it does not guarantee that a host will be pulled out of rotation if it is deemed to be unhealthy, or if the service listening on port 8140 is not a service related to Puppet.

Optimizing workload distribution

Due to the diverse nature of the network communications between the Puppet agent and the Puppet master, we recommend that you implement a load balancing algorithm that will distribute traffic between compile masters based on the number of open connections. Load balancers often refer to this strategy as “balancing by least connections.”

Installing Puppet agents with a load balancer

Configuring pe_repo for Puppet agent installation

When installing a new Puppet agent from a load balanced pool of compile masters, the agent configuration will point to whichever compile master handled the request, instead of the load balancer itself. You need to override this behavior to ensure that agents will take advantage of the pooled masters.

To point agent installs at the load balancer:

  1. From the console, click Nodes > Classification, and select the PE Master group.
  2. In the PE Master group, click the Classes tab, and find the pe_repo class.
  3. From the Parameter drop-down list, select master.
  4. In the Value field, enter the address your load balancer resolves to (for example, loadbalancer.example.com).
  5. Click Add parameter and then the Commit change button.

Configuring pe_repo for Puppet agent installation on compile masters

After configuring pe_repo to point newly installed Puppet agents to the load balancer, you need to make an additional classification change so that any newly provisioned compile masters will point to the MoM instead of the load balanced compile masters.

To point new compile masters at the MoM:

  1. From the console, click Nodes > Classification.
  2. From the Classification page, in the Node group name field, enter a name such as “PE CA pe_repo override.” (Note, do not add the quotes.)
  3. From the Parent name drop-down list, select the PE Master group, and then click Add group.
  4. In the PE CA pe_repo override group, from the Rules tab, in the Node name field, enter the certname of your CA server.
  5. Click the Classes tab, and in the Add new class field, enter “pe_repo,” and select Add class. (Note, do not add the quotes.)
  6. From the Parameter drop-down list, select master.
  7. In the Value field, enter the FQDN of your original Puppet master/CA server (e.g. in the examples above, master.example.com).
  8. Click Add parameter and then the Commit change button.

↑ Back to top