RE: Accessing nodes in uPortal service

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

RE: Accessing nodes in uPortal service

Lauren Anderson
I use the EditThisCookie plugin for Chrome to specify the server behind the load balancer. The load balancer is an Apache Web Server with BalanceMember pointing to the AJP port (8009) of the uPortal server. The balancer configuration looks like this (substituting "app-server-pool" and "app-server" for our uPortal server pool and server names):

<Proxy balancer://app-server-pool>
  Header add Set-Cookie "PORTAL_SERVER_ID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
  BalancerMember ajp://app-server-1:8009 route=bal1
  BalancerMember ajp://app-server-2:8009 route=bal2
  BalancerMember ajp://app-server-3:8009 route=bal3
  BalancerMember ajp://app-server-4:8009 route=bal4
  ProxySet stickysession=PORTAL_SERVER_ID
</Proxy>

In the Cookie manager, I edit the server name in PORTAL_SERVER_ID cookie (.bal1, .bal2, .bal3, .bal4) and refresh the page to test each server behind the load balancer. This has come in handy many times when users complain of intermittent errors. Usually one of the servers has a problem while the others are fine, which explains why it appears randomly.

Lauren


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Benito J. Gonzalez
Sent: Thursday, December 26, 2019 10:30 PM
To: uPortal Developers <[hidden email]>
Subject: [uportal-dev] Accessing nodes in uPortal service

Hi folks,

Anyone have a setup that allows accessing a particular uPortal server behind a load balancer?

Benito J. Gonzalez
Senior Software Developer
Unicon, Inc.
Voice:  209.777.2754
 Text:  209.777.2754
Email:  [hidden email]
GitHub:  bjagg
BitBucket:  bjagg




--
You received this message because you are subscribed to the Google Groups "uPortal Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-dev/358EED99-0D75-4275-9E46-B7C87E8FD7DD%40unicon.net.

--
You received this message because you are subscribed to the Google Groups "uPortal Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-dev/BYAPR08MB55901E1B8717E489995E972ADC2A0%40BYAPR08MB5590.namprd08.prod.outlook.com.
Reply | Threaded
Open this post in threaded view
|

RE: Accessing nodes in uPortal service

Lauren Anderson
Sorry, I should have said 'substituting "load-balancer-config-file" and "app-server" for our uPortal load balancer config file and server names.

I use the EditThisCookie plugin for Chrome to specify the server behind the load balancer. The load balancer is an Apache Web Server with BalanceMember pointing to the AJP port (8009) of the uPortal server. The balancer configuration looks like this (substituting "load-balancer-config-file" and "app-server" for our uPortal load balancer config file and server names):

<Proxy balancer://load-balancer-config-file>
  Header add Set-Cookie "PORTAL_SERVER_ID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
  BalancerMember ajp://app-server-1:8009 route=bal1
  BalancerMember ajp://app-server-2:8009 route=bal2
  BalancerMember ajp://app-server-3:8009 route=bal3
  BalancerMember ajp://app-server-4:8009 route=bal4
  ProxySet stickysession=PORTAL_SERVER_ID
</Proxy>

In the Cookie manager, I edit the server name in PORTAL_SERVER_ID cookie (.bal1, .bal2, .bal3, .bal4) and refresh the page to test each server behind the load balancer. This has come in handy many times when users complain of intermittent errors. Usually one of the servers has a problem while the others are fine, which explains why it appears randomly.

Lauren

-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf Of Benito J. Gonzalez
Sent: Thursday, December 26, 2019 10:30 PM
To: uPortal Developers <[hidden email]>
Subject: [uportal-dev] Accessing nodes in uPortal service

Hi folks,

Anyone have a setup that allows accessing a particular uPortal server behind a load balancer?

Benito J. Gonzalez
Senior Software Developer
Unicon, Inc.
Voice:  209.777.2754
 Text:  209.777.2754
Email:  [hidden email]
GitHub:  bjagg
BitBucket:  bjagg




--
You received this message because you are subscribed to the Google Groups "uPortal Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-dev/358EED99-0D75-4275-9E46-B7C87E8FD7DD%40unicon.net.

--
You received this message because you are subscribed to the Google Groups "uPortal Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-dev/BYAPR08MB55900E2A083DDA73F8BEA621DC2A0%40BYAPR08MB5590.namprd08.prod.outlook.com.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing nodes in uPortal service

Andrew Petro-3
In reply to this post by Lauren Anderson
Yes.

MyUW has a public view, so you can try this out without a Wisconsin identity:

The generic virtual IP: https://public.my.wisc.edu

note in the footer helpful details including, in my case right now, "prod7". That indicates which specific node behind the load balancer I got.

I can get a different node with e.g. https://public.prod5.my.wisc.edu

This is accomplished by, in the case of the generic virtual IP,

1. A hardware L4 handles the "public.my.wisc.edu" and load balances to
2. any of 4 VMs, specifically to a Docker container containing httpd running mod_proxy_loadbalancer, which proxy to
3. any of 4 Docker containers running Tomcat.

The L4 load balancer is IP sticky.
The httpds are cookie (iirc) sticky and prefer to route to the Tomcat Docker running on its local VM to minimize latency.

And in the case of the node-specific "https://public.prod5.my.wisc.edu", in step 3 the httpd proxy config tells httpd to route to a specific Tomcat Docker rather than load balancing.

The Apache httpd configuration for this is pretty complicated and something I've inherited. It's got macros that call macros that call macros. I've had a lot of difficulty wrapping my brain around how it might route some paths to other Docker containers while still doing the load balancing and node-specific routing and so forth.

Been clicking around in Amazon Elastic Beanstalk a bit considering how we might accomplish this kind of thing in the cloud instead.

-Andrew

On Thursday, December 26, 2019 at 11:30:26 PM UTC-6, bgonzalez wrote:
Hi folks,

Anyone have a setup that allows accessing a particular uPortal server behind a load balancer?

Benito J. Gonzalez
Senior Software Developer
Unicon, Inc.




--
You received this message because you are subscribed to the Google Groups "uPortal Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-dev/52a13ed7-b80a-4588-b7d9-87b9c011325e%40apereo.org.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing nodes in uPortal service

Julien Gribonvald
In reply to this post by Lauren Anderson
Hi folks and happy new year !

+1 with this way (I'm working with that).

After for proxy CAS we have also a direct url with
https://portail1.xxxxx, https://portail2.xxxx, etc... it's usefull to
validate CAS tickets on the good server. But as this isn't working in
the same load-balancing context than users we need to use the cookie way !

Julien

Le 27/12/2019 à 22:31, Lauren Anderson a écrit :

> Sorry, I should have said 'substituting "load-balancer-config-file" and "app-server" for our uPortal load balancer config file and server names.
>
> I use the EditThisCookie plugin for Chrome to specify the server behind the load balancer. The load balancer is an Apache Web Server with BalanceMember pointing to the AJP port (8009) of the uPortal server. The balancer configuration looks like this (substituting "load-balancer-config-file" and "app-server" for our uPortal load balancer config file and server names):
>
> <Proxy balancer://load-balancer-config-file>
>    Header add Set-Cookie "PORTAL_SERVER_ID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
>    BalancerMember ajp://app-server-1:8009 route=bal1
>    BalancerMember ajp://app-server-2:8009 route=bal2
>    BalancerMember ajp://app-server-3:8009 route=bal3
>    BalancerMember ajp://app-server-4:8009 route=bal4
>    ProxySet stickysession=PORTAL_SERVER_ID
> </Proxy>
>
> In the Cookie manager, I edit the server name in PORTAL_SERVER_ID cookie (.bal1, .bal2, .bal3, .bal4) and refresh the page to test each server behind the load balancer. This has come in handy many times when users complain of intermittent errors. Usually one of the servers has a problem while the others are fine, which explains why it appears randomly.
>
> Lauren
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Benito J. Gonzalez
> Sent: Thursday, December 26, 2019 10:30 PM
> To: uPortal Developers <[hidden email]>
> Subject: [uportal-dev] Accessing nodes in uPortal service
>
> Hi folks,
>
> Anyone have a setup that allows accessing a particular uPortal server behind a load balancer?
>
> Benito J. Gonzalez
> Senior Software Developer
> Unicon, Inc.
> Voice:  209.777.2754
>   Text:  209.777.2754
> Email:  [hidden email]
> GitHub:  bjagg
> BitBucket:  bjagg
>
>
>
>
--
Julien Gribonvald

--
You received this message because you are subscribed to the Google Groups "uPortal Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/uportal-dev/12c999b4-82be-3464-99a8-77c83b064872%40recia.fr.