In my first article “vCloud Director Howto: Load balancing with free pfSense” I investigated a configuration using pfSense as a load balancer in front of two or more vCloud Director cells. The focus in this article was on the network configuration of pfSense (a free firewall/load balancer available through this website).
The article left a question open: What is a proper way to monitor the availability of the vCloud Director cells. Of course you can use ping to see if a cell is up and running, but this method will only check if the ip address is available. This method will not check if the vCD software is actually running.
So, what should you do?
- For the vCD webinterface implement a (new) pfSense monitor which will check the URL /cloud/server_status. Adding a new monitor in pfSense is available through Service–>Load Balancer–>Monitors. Your setup should look like:
- The vCD proxy is more of a problem. The monitor URL for the vCD proxy is /sdk/vimServiceVersions.xml, so you could setup a second new monitor in pfSense to make this work. However, I didn’t have successful results here….But, I have found an acceptable alternative here:
Use the default pfSense TCP monitor for the Console Proxy. The TCP monitor will try to connect to the port of the service (port 443 for the Console Proxy): That is exactly what we want. If the connection is successful, pfSense qualifies the Console Proxy as up and running.Your pfSense Load Balancer configuration should look this:
This updated pfSense configuration gives some pretty good results:
Only one cell is up and running (the vCD service is running) in this case: The monitor “VCD webmonitor” successfully determines the vCD webinterface is available and on top of that a TCP connection to port 443 is created to the console proxy to check if the service is available. After stopping the vCD service in the cell, both the vCD Webinterface and the vCD Console are reported down, which is exactly what we want!
One of the disadvantages of this method is the messages appearing in your vcloud-container-debug.log. The Console Proxy will report that a TCP connection is initiated ; that is correct, it’s pfSense trying to check if the Console Proxy is available (the interval for this check is 5 seconds):
Probably your log files will fill up with this kind of messages, but if you can live with that this is a good method for pfSense to determine if the console proxy is available.
Note: This setup is intended for lab/test use….