Custom LoadBalaner definition for https endpoints in Azure CloudServices

About my case: I have a node.js REST API deployed to Azure CloudService. The node.js process is hosted on IIS using iisnode. Because of this, the default check does not work, as it can happen that the entire IIS process is down or something is wrong in the node.exe process and the probe will not encounter a problem by default. As a solution, I'm trying to implement custom probing.

Problem: I am trying to get Azure LoadBalancer to use a custom sample point for one of my CloudServices as discussed in this . I am wrestling with the fact that it looks like LoadBalancing custom test objects are only available for shared endpoints using http, tcp or udp.

In my case, I have a limitation that I have to only show endpoints according to the https protocol. Here is my definition of CloudService:

<ServiceDefinition xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="dec-api-server" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceDefinition">
  <WebRole name="dec-api" vmsize="Small">
    <Certificates>
        <Certificate name="HttpsCertificate" storeLocation="LocalMachine" storeName="CA" />
    </Certificates>
    <Endpoints>
      <InputEndpoint name="HttpsIn" protocol="https" port="443" certificate="HttpsCertificate"/>
      <InputEndpoint name="internalProbingEndpoint" port="8091" protocol="http" loadBalancerProbe="customProbe"/>
    </Endpoints>
    <Sites>
      <Site name="Web">
        <Bindings>
          <Binding name="HttpsIn" endpointName="HttpsIn" />
          <Binding name="internalProbingBinding" endpointName="internalProbingEndpoint" />
        </Bindings>
      </Site>
    </Sites>
  </WebRole>
  <LoadBalancerProbes>
    <LoadBalancerProbe name="customProbe" intervalInSeconds="30" path="/probe" timeoutInSeconds="60" port="8091" protocol="http"/>
  </LoadBalancerProbes>
</ServiceDefinition>

      

I've tried the following things:

  • I have defined the loadBalancerProbe = "customProbe" attribute on the httpsIn endpoint and the modified protocol and port in the LoadBalancerProbe element, but it seems that this is not possible since the deployment fails with a complaint that XML.protocol = https is not valid there.
  • Then I thought I could add a second input endpoint using http to be used for probing and disable network traffic for other networks using Endpoint ACL and only let LoadBalancer access it. It works, or at least I can see in the IIS log that LoadBalancer is calling the / probe endpoint, but in case it returns a 500 status, it only takes that endpoint out of rotation, but not the entire WebRole or CloudService instance ... Calls through the HttpsIn endpoint still go to the machine where the probe endpoint returns 500.

Q: Is there a way to configure Azure LoadBalancer for CloudService to use a custom endpoint for probing when using HTTPS?

Is there a workaround if this is not supported?

Any help or hint is greatly appreciated. thank

+3


source to share





All Articles