tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Tomcat clustering for simplified config
Date Wed, 07 Oct 2015 15:58:40 GMT
Hash: SHA256


On 10/7/15 4:36 AM, Christoph Nenning wrote:
>> Hi list,
>> I just signed up to the list - please forgive any newb mistakes
>> but hopefully I'm following the right format, style and content.
>> I currently work in a production environment with eight app
>> servers, all running the same version of Tomcat (currently
>> 7.0.62).  Four servers support version 1 of our app, the other
>> four servers support version 2.  Within each group of four, two
>> serve completely open content via 80, the other two support
>> queries of sensitive data via 443.  Servers are named with a
>> number system where all odd-named servers are for the secure
>> content, all evens are open.
>> So here's the setup in a hopefully clearer portrayal:
>> App Version 1: Server 01: secure queries via 443 Server 02: open
>> content via 80 Server 03: secure queries via 443 Server 04: open
>> content via 80
>> App Version 2: Server 05: secure queries via 443 Server 06: open
>> content via 80 Server 07: secure queries via 443 Server 08: open
>> content via 80
>> Each pair of even and odd named servers are *conceptually*
>> linked, but physically stand on their own.  All http traffic and
>> https traffic for each version is directed to a particular server
>> by a load balancer.  No Apache Web Server is in the mix and we
>> would like to keep it that way for simplicity.  Load-wise, our
>> eight Tomcats are not taxed.
>> I'm responsible for upkeep of these servers, which requires
>> regular version upgrades and configuration changes when any
>> vulnerability is found by regular, periodic Nessus scans
>> ( products/nessus-vulnerability-scanner).
>> Sometimes the changes are related to ciphers, sometimes other
>> things, but I'd say 90% of the time, I just need to upgrade to a
>> newer version.
>> So no big deal conceptually, I fully admit, but doing this across
>>  eight servers is TEDIOUS.  And more importantly, it's a ripe 
>> opportunity for introducing user error.  On three occasions I
>> have brought our production systems by stupid mistakes in
>> server.xml or other config files, or most recently, accidentally
>> copying the wrong ROOT from a version 2 (05) box into the version
>> one boxes (01 and 03). I got things up and running fine with no
>> serious consequences but this being the third time, I thought
>> "there has to be a better way" right after I talked myself off
>> the "you're a complete idiot"
> ledge.
>> I'm starting to research Tomcat clustering but everything I see
>> just talks about load balancing and failover.  **What about ease
>> of configuration??** I'd like to be able to set up Tomcat
>> <something> (clusters?) to help automate what I've described
>> above to make it less tedious and reduce the chances of making
>> stupid mistakes when I'm on the 6th, 7th, 8th server.  I'm not
>> sure if Tomcat clustering is what I need, or if I should look at
>> something else.
>> Can you nice folks help direct me to where I should look for 
>> starters?  Will Tomcat clustering get me what I want?  or
>> something else, like Zookeeper?
>> Thanks, Mark Bramer
> We do somthing similar by utilizing docker containers.
> At first we create a base-image consisting of: - minified linux
> distro - jvm - tomcat
> Then we have application images based on that which add: - app
> specific tomcat config - the app itself
> These images can be run as multiple instances and thus becoming 
> containers.
> When we update tomcat it is done in the base-image and all
> app-images are rebuilt and containers restarted. So it is just one
> place where the change has to be done.
> On config updates the according app-image is changed, rebuilt and 
> restarted.

I would love to invite you to ApacheCon and have you give a
presentation on how you do this because it's something I've been
wanting to do for a while, now.

Would your employer send you to ApacheCon?

- -chris
Comment: GPGTools -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message