Product Announcements

Using Reverse Web Proxy with Auto Deploy

Kyle Gleed, Sr. Technical Marketing Manager, VMware

In the vSphere Installation and Setup guide on page 98 under the section heading "Auto Deploy Load Management Best Practices" it mentions using reverse web proxies to help distribute the auto deploy workload.

Auto Deploy Load Management Best Practice
Simultaneously booting large numbers of hosts places a significant load on the Auto Deploy server. Because Auto Deploy is a web server at its core, you can use existing web server scaling technologies to help distribute the load. For example, one or more caching reverse proxies can be used with Auto Deploy to serve up the static files that make up the majority of an ESXi boot image. Configure the reverse proxy to cache static content and pass requests through to the Auto Deploy server.
Configure the hosts to boot off the reverse proxy by modifying the TFTP tramp file. When you click Download TFTP ZIP in the vSphere Client, the system downloads the ZIP file that contains the tramp file. See Prepare Your System and Install the Auto Deploy Server. Change the URLs in that file to refer to the address of the reverse proxy.

Outside of mentioning that caching reverse proxies can be used there's not much info on how to implement a cashing reverse web proxy.  I've had several requests for more info on the implementation details to do this and this week I finally got around to implementing it in my lab.  It was actually pretty easy, at least it didn't take as long as I expected.  Below are the details showing the steps I followed.  Note, that in this example I used vSphere 5.0 together with CentOS 6.2 and Apache 2.2.15, but any type of reverse web proxy should work, be it Windows or Linux.

Step 1:  Install CentOS
First create a new CentOS VM.  When prompted by the Cent OS installer for the type of insulation choose "Web Server" to ensure that the Apache software (and related modules) are installed. 

Cent-1

Step 2:  Setup Apache
Boot the CentOS VM and verify the Apache web server is installed with the mod_proxy and mod_SSL modules.  To verify this you can use the "/usr/sbin/httpd -v" and "/usr/sbin/httpd -M" commands:

Cent-2

With the Apache server components in place, next edit the configuration file (/etc/httpd/conf/httpd.conf) making the following changes:

Set the "Listen" and ServerName" options:

Listen 80
ServerName <server>.<company>.<domain>:80

Uncommented the "ProxyRequests" entry:

ProxyRequests on

Added the following lines to the end of the file:

# This section defines the location where the web proxy will cache the content
CacheRoot /var/cache/AutoDeploy/
CacheEnable disk /
CacheDirLevels 5
CacheDirLength 3
CacheDefaultExpire 3600
CacheMaxFileSize 500000000

# this section defines the directories on the Auto Deploy server that the web proxy will cache
SSLProxyEngine on
ProxyPass /vmw/cache https://10.20.183.29:6501/vmw/cache
ProxyPassReverse /vmw/cache https://10.20.183.29:6501/vmw/cache
ProxyPass /vmw/rbd https://10.20.183.29:6501/vmw/rbd
ProxyPassReverse /vmw/rbd https://10.20.183.29:6501/vmw/rbd

Save the changes to the /etc/httpd/conf/httpd.conf file, and verify the apache configuration by running:

# /usr/sbin/httpd -t -f /etc/httpd/conf/httpd.conf
(command returns "Syntax OK" if the configuration is good)

Finally, start the web server:

# service httpd start
# service httpd status

To verify the web server is running and properly caching content from the Auto Deploy server open a browser and connect to:

http://<ip of proxy>/vmw/rbd

If everything is working the web server should return the following:

Cent-3
Step 3:  Install TFTP Server
With the reverse web proxy up and running the next step is to create a second TFTP server that will host the updated “tramp” boot file that points to the new web proxy.  I want to leave my original "tramp" file alone as I will have some host usign that file while others will be reconfigured to use the new TFTP server with the updated tramp file.

To installed TFTP on CentOS:

(note:  steps 1 and 2 are only needed if you are behind an http proxy server)
#  http_proxy=<ip>:<port>
#  export http_proxy
#  yum install tftp-server

After installing TFTP, edit the config file to enable the TFTP server (the default is disabled) and then start it:

#  vi /etc/xinetd.d/tftp (change "disable = no")
#  service xinetd restart

Step 4:  Copy the Auto Deploy TFTP Boot Files to the TFTP Server
Next, copy the TFTP boot files from the /tftpboot directory on the auto deploy server into the TFTP home directory on the new TFTP server installed on the web proxy (default = /var/lib/tftpboot):

(the following example assumes Auto Deploy is running on VCSA.)
# scp <Auto Deploy IP>:/tftpboot/* /var/lib/tftpboot

Edit the "tramp" file on the TFTP server with the IP address of the web proxy server instead of the Auto Deploy server.

set filename http://<web proxy IP>/vmw/rbd/tramp
chain http://<web proxy IP>/vmw/rbd/tramp

Step 5:  Edit the DHCP configuration
Now for each ESXi host that you want to boot from the new web proxy edit the static IP reversion on the DHCP o server and change the value of option 66 (Boot Server Host Name) to the IP of the reverse web proxy server.

Cent-4

Step 6:  Testing the Reverse Web Proxy
The last step is to validate that ESXi hosts are able to boot using the reverse web proxy.  To do this connect to the ESXi host console and rebooted the host.  In my case the host booted okay, but the information about the DHCP and TFTP boot process scrolled by so quickly I wasn't able to readily determine if it was booting from the auto deploy server or my web proxy.  After a couple reboots I was eventually able to capture a screen shot that validated that the host is in fact using the reverse web proxy. 

Cent-5

I also found that by tailing the /var/log/httpd/access_log on the web proxy I was able to see the "Get" requests form the ESXi host as it passed the VIBs from the web server. 

Summary
A reverse web proxy server works by caching the web content of the auto deploy server to a local directory, essentially providing a mirror of the auto deploy server.   Web proxies can then be used to distribute the workload of a single auto deploy server across multiple servers.  Setting up a reverse web proxy is a straight forward process that entails (1) installing a web server, (2) configuring it to act as a reverse web proxy to the auto deploy server, (3) modifying the TFTP configuration and (4) editing the DHCP configuration to distribute the ESXi host workload.  Here I've provided an example of how this can be done using vSphere 5.0 together with CentOS 6.2 and Apache 2.2.15.