Configure Nginx Load Balancer for TIBCO OI Hawk RedTail

This section describes the process of configuring the Nginx load balancer for the Webapp component.

It also discusses the procedure for configuring Nginx for load balancing the communication between Hawk RedTail Console and Hawk Agents through gRPC transport.

Configure Nginx Load Balancer for the Webapp Component

The Nginx load balancer is used to manage the workload of the Webapp components. The Webapp component is a Web application (Web app) program that is delivered over the Internet through a browser interface, where the user can interact with the TIBCO OI Hawk RedTail system. In short, the load balancer is responsible for maintaining an equal workload between the instances of Webapp and automatically redirecting the user to an instance of Webapp in case one of the instances is not functioning.

Before you begin
Install TIBCO OI Hawk RedTail on at least three separate machines.
Install Nginx. For more information about installing Nginx, see Nginx documentation.
Note: When you obtain third-party software or services, it is your responsibility to ensure you understand the license terms associated with such third-party software or services and comply with such terms.
Ensure that you have configured ZooKeeper ensemble on the machines which are a part of HA deployment. For more information, see Configure ZooKeeper Ensemble for TIBCO OI Hawk RedTail.
    Procedure
  1. Start Webapp on the machines on which you have installed TIBCO OI Hawk RedTail.
  2. Modify the contents of nginx.conf file as follows:

    worker_processes 2;

events {
    worker_connections 1024;
}

http {
    include mime.types;
    default_type application/octet-stream;
    sendfile on;
    keepalive_timeout 65;

    map_hash_bucket_size 128;

    upstream redtailwebapp {
        server <Webapp_IP_1>:<Webapp_PORT_1> weight=1;
        server <Webapp_IP_2>:<Webapp_PORT_2>;
        server <Webapp_IP_3>:<Webapp_PORT_3>;
    }

    map $request_uri $redtailwebappMap {
       # UI pages:
       "~^(/redtail/content-pack/base/remote)(search|config)*$" '<Webapp_IP_1>:<Webapp_PORT_1>';

       # APIs:
      /redtail/v1/content-pack/base/invalidateRemoteLMI '<Webapp_IP_1>:<Webapp_PORT_1>';
      "~^(/redtail/v1/content-pack/base/remoteLMI)(/validate|/login)*$" '<Webapp_IP_1>:<Webapp_PORT_1>';

      # LMI requests (through proxy):
      "~^(/redtail/webapi/v(1|2))(\s|\S)*$" '<Webapp_IP_1>:<Webapp_PORT_1>';
      # Any other request, goes to webapp as usual:
      default redtailwebapp;
    }

    server {
        listen <nginx_port>;
        server_name <nginx_IP> # you can put the IP of the machine where the NGINX is installed.
        underscores_in_headers on;

        location /redtail {
            proxy_pass https://$redtailwebappMap;
            proxy_set_header Host $host;
            proxy_ssl_verify off;
            proxy_ssl_server_name on;
            proxy_ssl_protocols TLSv1.3;
        }

        error_page 500 502 503 504 /50x.html;

        location = /50x.html {
            root html;
        }
    }
    include servers/*;
}

    Modify the upstream redtailwebapp method and specify the server parameters with the Webapp instances which are installed on three separate machines and needs to be load balanced.

    upstream redtailwebapp {
    server <Webapp_IP_1>:<Webapp_port_1> weight=1;
    server <Webapp_IP_2>:<Webapp_port_2>;
    server <Webapp_IP_3>:<Webapp_port_3>;
    }

    Modify the server method and specify the server_name and listen parameters with the IP address and port of the machine on which Nginx service is running.

    Modify the listen parameter and specify a port for that parameter. The Nginx service starts on the port specified on this parameter.

    Note: The /redtail prefix is used for load balancing Webapp instances. You must not modify this prefix.
    server {
    listen <nginx_port>;
    server_name <nginx_IP>;
    underscores_in_headers on;
    location /redtail {
    proxy_pass https://redtailwebappMap;
    proxy_ssl_verify off;
    proxy_ssl_server_name on;
    proxy_ssl_protocols TLSv1.3;
    proxy_set_header Host $host;
    }
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    root html;
    }

    Modify the map $request_uri $redtailwebappMap method so that the user is automatically redirected to the Webapp which is currently authenticated with LogLogic LMI for accessing LogLogic LMI logs remotely.

    Note: If the Webapp instance which is communicating with LogLogic LMI stops functioning, then you must reconfigure this to another available Webapp instance's IP address and port.

    For more information about configuring Nginx, see Nginx documentation.

  3. Start the Nginx service after the configuration is complete. For more information about starting Nginx service, see Nginx documentation.
  4. Access the Webapp by opening a browser and then enter the following address:
    http://<nginx_IP>:<nginx_port>/redtail

Configuring Nginx to allow gRPC Connection to Hawk RedTail Console

The Nginx load balancer is used to manage the workload of the Hawk RedTail Console. We are configuring Nginx to maintain communication between Hawk RedTail Console and Hawk Agents through the gRPC transport as only a single instance of Hawk RedTail Console is active at a time. The load balancer switches the agents to the active instance of Hawk RedTail Console if the existing instance of Hawk RedTail Console stops functioning.

Before you begin
Install TIBCO OI Hawk RedTail on at least three separate machines.
Install Nginx. For more information about installing Nginx, see Nginx documentation.
Note: When you obtain third-party software or services, it is your responsibility to ensure you understand the license terms associated with such third-party software or services and comply with such terms.
Ensure that you have configured ZooKeeper ensemble on the machines that are a part of HA deployment. For more information, see Configure ZooKeeper Ensemble for TIBCO OI Hawk RedTail.
    Procedure

  1. Open the nginx.conf file.

  2. Add the Hawk RedTail Console upstream server information:
    #HawkConsole GRPC server info
upstream grpcservers {
	#host-port_of_hawkconsole 1
	server <IP of machine-01>:9697 weight=1;
    	 
	#host-port_of_hawkconsole 2
	server <IP of machine-02>:9697;
  	 
	#host-port_of_hawkconsole 3
	server <IP of machine-03>:9697;
    	 
	}

    Modify the upstream grpcservers method with the Hawk RedTail Console IP addresses and gRPC ports.

  3. Add the nginx server information for all Hawk RedTail Consoles:
    server {
    	#This will be port hawk agents will communicate with nginx over http2
    	listen   	<listening-port> http2;
 
    	location /COM.TIBCO.hawk.console.nest.shared.grpc.HawkConsoleService	{
            	grpc_pass grpc://grpcservers;
            	grpc_socket_keepalive on;
            	error_page 502 = /error502grpc;
            	 
            	#set a value for below to properties otherwise nignx will close
            	#connection between hawkconsole and hawkagent if there is no data
            	#transfer between hawk console and hawkagent
            	grpc_read_timeout 9000s;
    	}
    	 
    	location = /error502grpc
    	{
         	internal;
         	default_type application/grpc;
         	add_header grpc-status 14;
         	add_header grpc-message "unavailable";
         	return 503;
    	}
    	 
}