tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: Tomcat clustering for simplified config
Date Wed, 07 Oct 2015 15:58:40 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Christoph,

On 10/7/15 4:36 AM, Christoph Nenning wrote:
>> Hi list,
>> 
>> I just signed up to the list - please forgive any newb mistakes
>> but hopefully I'm following the right format, style and content.
>> 
>> I currently work in a production environment with eight app
>> servers, all running the same version of Tomcat (currently
>> 7.0.62).  Four servers support version 1 of our app, the other
>> four servers support version 2.  Within each group of four, two
>> serve completely open content via 80, the other two support
>> queries of sensitive data via 443.  Servers are named with a
>> number system where all odd-named servers are for the secure
>> content, all evens are open.
>> 
>> So here's the setup in a hopefully clearer portrayal:
>> 
>> App Version 1: Server 01: secure queries via 443 Server 02: open
>> content via 80 Server 03: secure queries via 443 Server 04: open
>> content via 80
>> 
>> App Version 2: Server 05: secure queries via 443 Server 06: open
>> content via 80 Server 07: secure queries via 443 Server 08: open
>> content via 80
>> 
>> Each pair of even and odd named servers are *conceptually*
>> linked, but physically stand on their own.  All http traffic and
>> https traffic for each version is directed to a particular server
>> by a load balancer.  No Apache Web Server is in the mix and we
>> would like to keep it that way for simplicity.  Load-wise, our
>> eight Tomcats are not taxed.
>> 
>> I'm responsible for upkeep of these servers, which requires
>> regular version upgrades and configuration changes when any
>> vulnerability is found by regular, periodic Nessus scans
>> (http://www.tenable.com/ products/nessus-vulnerability-scanner).
>> Sometimes the changes are related to ciphers, sometimes other
>> things, but I'd say 90% of the time, I just need to upgrade to a
>> newer version.
>> 
>> So no big deal conceptually, I fully admit, but doing this across
>>  eight servers is TEDIOUS.  And more importantly, it's a ripe 
>> opportunity for introducing user error.  On three occasions I
>> have brought our production systems by stupid mistakes in
>> server.xml or other config files, or most recently, accidentally
>> copying the wrong ROOT from a version 2 (05) box into the version
>> one boxes (01 and 03). I got things up and running fine with no
>> serious consequences but this being the third time, I thought
>> "there has to be a better way" right after I talked myself off
>> the "you're a complete idiot"
> ledge.
>> 
>> I'm starting to research Tomcat clustering but everything I see
>> just talks about load balancing and failover.  **What about ease
>> of configuration??** I'd like to be able to set up Tomcat
>> <something> (clusters?) to help automate what I've described
>> above to make it less tedious and reduce the chances of making
>> stupid mistakes when I'm on the 6th, 7th, 8th server.  I'm not
>> sure if Tomcat clustering is what I need, or if I should look at
>> something else.
>> 
>> Can you nice folks help direct me to where I should look for 
>> starters?  Will Tomcat clustering get me what I want?  or
>> something else, like Zookeeper?
>> 
>> Thanks, Mark Bramer
>> 
> 
> 
> We do somthing similar by utilizing docker containers.
> 
> At first we create a base-image consisting of: - minified linux
> distro - jvm - tomcat
> 
> Then we have application images based on that which add: - app
> specific tomcat config - the app itself
> 
> These images can be run as multiple instances and thus becoming 
> containers.
> 
> When we update tomcat it is done in the base-image and all
> app-images are rebuilt and containers restarted. So it is just one
> place where the change has to be done.
> 
> On config updates the according app-image is changed, rebuilt and 
> restarted.

I would love to invite you to ApacheCon and have you give a
presentation on how you do this because it's something I've been
wanting to do for a while, now.

Would your employer send you to ApacheCon?

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJWFUEwAAoJEBzwKT+lPKRYw34P/1QAyLAWOioogv2pJPQ09Ppx
kFVvgw1XJPhaI2ZdFgadPXkrvm9wNJIU/cR+/I+97Ehpmk/DFM0ZutYjunzB0IeI
Cr883Y/PtPvJvhurkggM4P147F68d/4DpdSDCNrdmHteQ3k3lB6pY57PCCr/45zX
81s553Nn/Y/l3m4HEUjWbIYZI2BiL1Fp8aJ//hgB8t/GWAPRoeTh6PMstQqD9EhA
xE7dkdlH4vYVMUtV8krPUGGgIbfJ1Q3UOyk36SdDBx5kNacFPM1BrwW/HSwj9ou1
GYeAlb+uAYIaKglADhKkjVwTxeYnJWscA5yoaTzSUNyQE08yVTD/ekhlR9b5EVMi
XUa1G9lGLgpJjMhCVK6yqSn+fHbZvxDPaYzpFHG3UQmxVBI+kl8GKhckSQRtG64k
PTJrQsC1xcjwh0i4Fi/FrOaveHndNCHv2eQ7KbarKWivE886gLMBtINuHNWoGHuP
dcQUK2wiTWCQR141Oiqd17p18/gYxUqtOhyzNW3SxkfwyTvEfE8BT8ioOH0350Li
l53bTEAiqhnF2clzQcWLDjsuSWnMfjGLVT/KD2WFDUe0awjOy/kc16OqWndKdpB0
iWVM2Ds6ddf63h4bdBvLI2+INugu+PkQIXoN9/J7OYaNB+oo4GCUidPfk9kGRQl2
YaRATse6j0NsPjgipVju
=aprI
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message