Mod cluster Installation: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
Line 129: Line 129:


Configure a simple virtual host that proxies everything it gets to the back end nodes. Currently we don't have any, but we'll add those in the next steps. Note that the virtual host in the example is configure to deny everything except traffic that is coming from the internal network. This is obviously not something that you would necessary to carry out in production.
Configure a simple virtual host that proxies everything it gets to the back end nodes. Currently we don't have any, but we'll add those in the next steps. Note that the virtual host in the example is configure to deny everything except traffic that is coming from the internal network. This is obviously not something that you would necessary to carry out in production.
<pre>
</pr>


===Turn mod_cluster On for a Virtual Host===
===Turn mod_cluster On for a Virtual Host===

Revision as of 04:04, 9 January 2016

TODO deplete https://home.feodorov.com:9443/wiki/Wiki.jsp?page=Mod_clusterInstallation

Internal

Download

Compiled bundles are available here: http://mod-cluster.jboss.org/downloads

Native Components Installation on Linux

This procedure assumes httpd was already installed, configured, and it works well without mod_cluster.

At the time of the writing, the pre-compiled native components to be installed within an existing httpd are published on the download page as "mod_cluster modules for httpd". For example, the mod_cluster binaries for Linux x86 httpd are listed as "linux-x86_64 mod_cluster binaries". The file name is mod_cluster-1.3.1.Final-linux2-x64-so.tar.gz. It contains the pre-compiled httpd dynamic libraries (mod_advertise.so, mod_cluster_slotmem.so, mod_manager.so and mod_proxy_cluster.so).

Place the Dynamic Libraries in the modules Directory

Identify the httpd instance's module directory, by looking at the existing LoadModule directives specified in the configuration. It is usually /etc/httpd/modules.

It is good practice to include the mod_cluster version in the name of the dynamic library files, to make it obvious what version is used.

cp mod_advertise.so /etc/httpd/modules/mod_advertise-1.3.1.Final.so 
cp mod_cluster_slotmem.so /etc/httpd/modules/mod_cluster_slotmem-1.3.1.Final.so 
cp mod_manager.so /etc/httpd/modules/mod_manager-1.3.1.Final.so 
cp mod_proxy_cluster.so /etc/httpd/modules/mod_proxy_cluster-1.3.1.Final.so 

Make sure the newly copied files have the same ownership and permissions as the existing modules.

Load Modules at Startup

A standard RHEL httpd installation has its modules configured in /etc/httpd/conf.modules.d. All files present in that directory are automatically included from httpd.conf:

...
Include conf.modules.d/*.conf
...

Follow the same pattern to configure mod_cluster.

Add a new 99-mod_cluster.conf file in /etc/httpd/conf.modules.d with the following content:

#
# This file configures mod_cluster
#

LoadModule cluster_slotmem_module modules/mod_cluster_slotmem-1.3.1.Final.so
LoadModule manager_module modules/mod_manager-1.3.1.Final.so 
LoadModule proxy_cluster_module modules/mod_proxy_cluster-1.3.1.Final.so
LoadModule advertise_module modules/mod_advertise-1.3.1.Final.so

Insure mod_proxy Dependencies are Present and Loaded

mod_cluster needs mod_proxy to work. More details about mod_cluster dependency on mod_proxy are found here.

Make sure mod_proxy.so and mod_proxy_ajp.so are loaded. For a standard httpd installation, those modules are loaded in /etc/httpd/conf.modules.d/00-proxy.conf:

...
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
...

Remove undesired mod_proxy Dependencies

mod_cluster's mod_proxy_cluster cannot work correctly if mod_proxy's mod_proxy_balancer, so mod_proxy_balancer must be removed from the httpd configuration.

For a standard httpd deployment, mod_proxy_balancer is loaded in /etc/httpd/conf.modules.d/00-proxy.conf.

SELinux Configuration

If the host has SELinux enabled, we will need to install additional policies to allow httpd to write mod_cluster-related files in /var/log/httpd and also to perform multicast socket operations.

Start with a mod_cluster_1.te policy file:


module mod_cluster_1 1.0;

require {
        type httpd_log_t;
        type httpd_t;
        type unreserved_port_t;
        class file { write unlink };
        class dir remove_name;
        class udp_socket name_bind;
}

#============= httpd_t ==============
allow httpd_t httpd_log_t:dir remove_name;
allow httpd_t httpd_log_t:file unlink;
allow httpd_t httpd_log_t:file write;
allow httpd_t unreserved_port_t:udp_socket name_bind;

Compile the policy:

checkmodule -M -m -o mod_cluster_1.mod mod_cluster_1.te

Create the module package:

semodule_package -o  mod_cluster_1.pp -m mod_cluster_1.mod 

Install the policy:

semodule -i mod_cluster_1.pp

Verify that the policy was installed:

semodule -l | grep mod_cluster_1

More details about managing SELinux policies are available here: SELinux Operations.

Basic Configuration

This is the minimal configuration that can be used to conduct smoke tests. It consists in just one single httpd-wide balancer, accessed from the main host. More complex configuration are of course possible. For more details on how to configure mod_cluster, go to mod_cluster Configuration.

Create a Virtual Host

Configure a simple virtual host that proxies everything it gets to the back end nodes. Currently we don't have any, but we'll add those in the next steps. Note that the virtual host in the example is configure to deny everything except traffic that is coming from the internal network. This is obviously not something that you would necessary to carry out in production.


</pr>

===Turn mod_cluster On for a Virtual Host===

===Standard Configuration===

<pre>
...

<VirtualHost 1.2.3.4:80>

    <Location />
        Order deny,allow 
        Deny from all
        Allow from 192.168.1.
    </Location>

    KeepAliveTimeout 60 
    MaxKeepAliveRequests 0

    ManagerBalancerName mycluster 
    ServerAdvertise On 
    EnableMCPMReceive

</VirtualHost>

...

Test Initial Installation

Start httpd, it should start without warnings or errors.

mod_cluster will create a set of new files in (by default) /var/log/httpd: manager.*.slotmem and manager.*.lock.

Native Component Installation on Windows

TODO, manual page 6, section 2.2.4 Install on Windows.

Java Components Installation