Our puppet infrastructure lives behind two sets of loadbalancers. Both sets are handled by the role "role::balance::management", where the frontends "puppetserver" and "puppetdb" are handled.
Frontend
The frontend for the load balancers are defined in:
- profile::services::puppet::server::haproxy::frontend
- profile::services::puppet::db::haproxy::frontend
Both services are HTTP transported over TLS (HTTPS), which means that the loadbalancers are simply configured to do TCP balancing. The loadbalancers distributes the load using round-robin on a session-basis.
Backend
The backend for the loadbalancers are configured by having the loadbalancers collecting resources from puppetdb, which are exported by the backend nodes puppet configuration. This will provide automatic configuration of new backend servers at the loadbalancers.