See CloudLoadbalancingSpec for more information on the motivations behind this Howto.

In this HOWTO, we'll show how to use the proof of concept project 'clb' to build a rudimentary, haproxy based "load balancer in the cloud."


  • clb is a proof of concept as of the time of this writing, and so, may have bugs that will eat your data, redirect your traffic to, or any number of other terrible things.
  • There is no real security built into clb yet. HTTPS would be the simplest way, but even then, without a CA signed cert, its not that useful. You can build a VPN tunnel if you decide the danger is too high.
  • The auth method that clb uses is VERY prone to compromise, being a shared password that is difficult to change.


CLB is just a python daemon that was created as a proof of concept to provide a simple backend for running a load balancer in the cloud. It was never intended for production use.

Configure haproxy template

By default, the templates dir is '/var/lib/clb-server/templates'. Inside, it will look for haproxy.tmpl.

The default haproxy.tmpl file in the 'templates' directory is fairly rudimentary and probably won't work in most instances. It uses the Cheetah templating system, so you can look at for documentation on the syntax.

The default output file is /etc/haproxy/haproxy.cfg, you can change this by passing -o path/to/your/desired/file to clbd. You'll need to make sure that a) haproxy is installed, and b) that the 'clb-server' user can edit /etc/haproxy/haproxy.cfg.

cloud-init for backend servers

Create a cloud-config file that you can feed in via user-data

Using the cloud-init package, have your system install the clb-server package:

 - source: "ppa:clint-fewbar/clb"

 - clb-server

This should produce a working backend server that can have its haproxy.cfg updated on port 8090

You'll still need to either give the clb-server user sudo access to restart haproxy, and pass --reload-cmd in the upstart job, or cron reloading it occasionally.

cloud-init for member servers

You'll need to feed in an upstart job that registers/unregisters this node.

start on started rc
stop on stopping rc

pre-start script
  /usr/bin/clb_register my-clb-password my.clb.node http
end script

pre-stop script
  /usr/bin/clb_unregister my-clb-password my.clb.node http
end script

exec /bin/cat

You'll also need to make sure you install clb-client so you have clb_register and clb_unregister:

 - source: "ppa:clint-fewbar/clb"

 - clb-client

In order to do these both at the same time, you can install cloud-init on your machine, and use it to create a multi-part mime user data:

$ write-mime-multipart --output=combined-userdata.txt \
   apt-install-clb-client.txt:text/cloud-config \

One thing, make sure if you install cloud-init on a non-ec2/euca node that you edit /etc/cloud/cloud.cfg and set 'cloud_type: nocloud'. Otherwise you may have to wait 20+ minutes to boot your system.

Wrapping Up

If you apply the above cloud-config templates you should be able to build an haproxy based "load balancer in the cloud". Other things you might need:

  • An elastic IP for the load balancer
  • Another node with clb-server for redundancy.
    • A way to fail over to said node

CloudLoadbalancingHowto (last edited 2010-10-05 06:50:47 by 76-216-240-245)