G.Morreale
Introduction:
WARNING: There may be conflict in the door between Glassfish and apache.
Reading the log (error.log in apache) or (in Glassfish server.log) to identify the conflict and act accordingly.
(valid for glassfish v2ur2)
The loadbalancer task is to distribute the traffic between different nodes in the cluster.
The load balancing between the various nodes in the cluster can be achieved in several ways:
LVS, mod_jk, plugins for Glassfish, Apache Rewrite Rule using dedicated equipment etc. etc.
The objective is to examine the different nodes in a particular algorithm in order to load the various nodes in accordance with the requirements of the system.
In subsequent steps, reference is made to configure a LoadBalancer, using the Glassfish plugin and apache webserver.
Using the solution plug-in you can take the following advantages:
- Integration with application servers
- Ability to configure loadbalancing from admin console:
- Integrated Health Checking System, the module determines if a request is not able to respond in order to eliminate from balancing load.
- Configuring the algorithm of load distribution, with the possibility to load a user-defined one.
- Automatic balancing module, the plugin allows you to automatically or manually export the configuration file for the module so as to make it current, even in real-time, on the structure of the cluster (eg. Addition or deletion of nodes) .
Abstract:
The communication between the Web server that acts as loadbalancer and the DAS is via SSL.
It 'necessary to enable the apache server to support SSL.
The plugin for Glassfish is considered compatible with apache 2.0.x (32 bit version)
so do not use the newer 2.2 or higher.
The steps to be performed are divided into the following macro-steps:
- Installing and Configuring Apache with SSL support
- Install the plugin and configure Apache to communicate with the plugin
- Create and enable the plugin in the DAS
Installing and Configuring Apache with SSL support
The following steps refer to the Windows platform:
For Linux or Solaris, you can follow one of several guides on the web, or alternatively refer to the guidance provided by the sun
Download a version of Apache with openssl:
- Enable the module on httpd.conf by removing the comment '#'
Ssl_module LoadModule modules / mod_ssl.so
- Ensure the existence of the following in httpd.conf lines
<IfModule Mod_ssl.c>
Include conf / ssl.conf
</ IfModule>
- Generate the certificate and the key for apache
%% ApacheDIR bin openssl.exe req-new-x509-keyout newreq.pem-out newreq.pem-days 365-config "% ApacheDIR% confopenssl
. CNF "
(substitute the appropriate path for the file openssl.cnf used)
Note: the generation of the certificate creates problems with the environment variable that indicates the location of openssl configuration, best to use the switch-config as shown.
WARNING: the common name applied for must correspond to the hostname used on apache. This value will then during the configuration of Glassfish plugin on the host device.
- Opening with a text editor file newreq.pem
- copy the portion that goes from
----- BEGIN CERTIFICATE -----
to
----- END CERTIFICATE -----
ApacheDIR in file%% / conf / ssl.crt / server.crt
Instead copy the portion that goes from
----- BEGIN RSA PRIVATE KEY -----
to
----- END RSA PRIVATE KEY -----
ApacheDIR in file%% / conf / ssl.key / server.key
Note: If you entered a passphrase when generating the key file server.key will have a version of the cryptographic key. Apache, have shown during the opening a dialog to enter your passphrase.
This dialog box is NOT supported on windows, so you need to remove the passphrase from the key with the following command:
ApacheDIR%% / bin / openssl rsa-in server.key-out serverNoPhrase.key
The serverNoPhrase.key is obtained without passaphrase. Make sure the file ssl.conf it points to that file rather than the encrypted or copy serverNoPhrase.keyin server.key and delete serverNoPhrase.key.
.
- Start Apache in SSL mode. In windows the command is as follows:
apache-D SSL
- Test the operation of apache with ssl not forgetting the browser to use https.
WARNING: There may be conflict in the door between Glassfish and apache.
Reading the log (error.log in apache) or (in Glassfish server.log) to identify the conflict and act accordingly.
Install the plugin and configure Apache to communicate with the plugin
- Download the plugin from the following link:
SOLARISX86 http://download.java.net/javaee5/external/SunOS_X86/aslb/jars/aslb-9.1-MS4-b1.jar
SOLARIS http://download.java.net/javaee5/external/SunOS/aslb/jars/aslb-9.1-MS4-b1.jar
WINDOWS http://download.java.net/javaee5/external/WINNT/aslb/jars/aslb-9.1-MS4-b1.jar
LINUX http://download.java.net/javaee5/external/Linux/aslb/jars/aslb-9.1-MS4-b1.jar
Note: http://download.java.net/javaee5/external/ surf to search for any newer versions and other platforms
In this configuration has been used "aslb-9.1-MS4-b7.jar"
- Unpack the file. Jar using the command jar-xvf nomefile.jar or using an archiver like WinRar.
- Zip files obtained (SUNWaslb.zip and SUNWaspx.zip) should be unpacked in the folder lib / lbplugin server
then create the folder "lbplugin" on% GLASSFISH_HOME / lib / and unpack the contents of two files inside. zip
Note: in linux assign permissions with the command: chmod-R 755 <GLASSFISH_HOME> / lib / lbplugin / lib
- Copy the file mod_balancer.dll in <GLASSFISH_HOME> / lib/lbplugin/lib/webserver-plugin/windows/apache2 /
within the modules directory of Apache.
- Create and copy within ApacheDir%% / modules / resource files. <GLASSFISH_HOME> In res / lib/lbplugin/lib/webserver-plugin/windows/apache2 /
- Create and copy within ApacheDir%% / modules / errorpages files in <GLASSFISH_HOME> / lib/lbplugin/lib/webserver-plugin/windows/apache2/errorpages
- Create and copy within ApacheDir%% / sec_db_files files. <GLASSFISH_HOME> In db / lib/lbplugin/lib/webserver-plugin/windows/apache2 /
- Copy within ApacheDir%% / conf file loadbalancer.xml.example in <GLASSFISH_HOME> / lib / lbplugin / lib / install / templates / loadbalancer.xml.example
and rename loadbalancer.xml
- Restart Apache in SSL mode
Create and enable the plugin in the DAS
E 'advisable at this stage of the setup of the open console can read in real time the contents of file error log (for Glassfish server.log and error.log for apache, also in the case of the cluster light not only on the server. log of the domain but also the hub and various forums)
You need to login the Admin console of the DAS, positioned on HTTP Load Balancers and click New to create a new reference to the load balancer.
- Choose a name for the load balancer, for example apacheLB
- How Device Host, the host of the same apache configuration in ssl.conf, typed in the same common name when creating the file newreq.pem (certificate + key)
- How Devce Admin Port, the port number of apache ssl (default is 443)
- Select the correct target in a way that the points on the cluster loadbalancer
- The Apply Changes Automatically checkbox can be selected if you want to automatically notify the module to apache balancing with respect to changes in structure of the cluster (eg, adding or deleting nodes instance)
- After saving the test configuration apacheLB selecting and clicking on Test Connection
Note: In the Export section of the LoadBalancer exists the possibility to export the configuration files necessary to loadbalancer.xml form of balancing apache or edit by clicking on "Apply Changes Now".
About the automatic generation of xml files to the directory of apache on linux you must correctly set the different permissions.
Make sure that the instances in the cluster have enabled load balancing (Click on "Enable Load Balancing" as per image)
The Plug In is configured.
Installing an application on the cluster and check if your browser meets one of the nodes by calling
http://apache_hostname/path_applicazione_cluster
Note: The configuration has been implemented using SSL for communication between the DAS and apache, the load balancing is the case using the normal http protocol.
Possible Problems
Trying to make repeated requests to the loadbalancer you may experience the following errors (see error.log for apache)
[warn] lb.runtime: RNTM2024: Daemon http://MOBISERVER:38081 is unhealthy.
[warn] lb.runtime: RNTM2030: Daemon Monitor: http://MOBISERVER:38081: could be because daemon is down
[warn] lb.runtime: RNTM2025: Daemon http://mobipc:38080 is healthy.
[warn] lb.runtime: RNTM2025: Daemon http://mobipc:38080 is healthy.
[warn] lb.runtime: RNTM2025: Daemon http://mobipc:38080 is healthy.
[warn] lb.healthchecker: HLCK3003: Listener: http://MOBISERVER:38081 is still detected to be unhealthy in cluster: cluster
[warn] lb.healthchecker: HLCK3003: Listener: http://MOBISERVER:38081 is still detected to be unhealthy in cluster: cluster
[warn] lb.healthchecker: HLCK3003: Listener: http://MOBISERVER:38081 is still detected to be unhealthy in cluster: cluster
[warn] lb.healthchecker: HLCK3003: Listener: http://mobipc:38080 is still detected to be unhealthy in cluster: cluster
[warn] lb.healthchecker: HLCK3003: Listener: http://mobipc:38080 is still detected to be unhealthy in cluster: cluster
[warn] lb.runtime: RNTM2030: Daemon Monitor: http://MOBISERVER:38081: could be because daemon is down
[warn] lb.runtime: RNTM2025: Daemon http://mobipc:38080 is healthy.
[warn] lb.runtime: RNTM2025: Daemon http://mobipc:38080 is healthy.
[warn] lb.runtime: RNTM2025: Daemon http://mobipc:38080 is healthy.
[warn] lb.healthchecker: HLCK3003: Listener: http://MOBISERVER:38081 is still detected to be unhealthy in cluster: cluster
[warn] lb.healthchecker: HLCK3003: Listener: http://MOBISERVER:38081 is still detected to be unhealthy in cluster: cluster
[warn] lb.healthchecker: HLCK3003: Listener: http://MOBISERVER:38081 is still detected to be unhealthy in cluster: cluster
[warn] lb.healthchecker: HLCK3003: Listener: http://mobipc:38080 is still detected to be unhealthy in cluster: cluster
[warn] lb.healthchecker: HLCK3003: Listener: http://mobipc:38080 is still detected to be unhealthy in cluster: cluster
If instances of the cluster are running in the state and if I answer calls directly on their ip: port means you may be some problem nell'httpd. Conf, it is necessary to check that the virtual host name and server have the correct number name.
In addition, the Apache error.log file is updated by module mod_balancer, and then provide the appropriate automatic rotation of log files or to set a different log level.
Reference Link:
Conclusion:
The article was translated from the italian version i'm wrote before.
I translate it with google translate service and after a fast review and some correction I think that it is a bad english too(I'm sorry).
The article that I wrote directly in english are a little bit better.
however I hope it is helpful.
If you want to correct any sentences please contact me through a comment, don't hesitate!