You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Mark Bramer <MB...@esri.com> on 2015/10/07 01:36:57 UTC
Tomcat clustering for simplified config
Hi list,
I just signed up to the list - please forgive any newb mistakes but hopefully I'm following the right format, style and content.
I currently work in a production environment with eight app servers, all running the same version of Tomcat (currently 7.0.62). Four servers support version 1 of our app, the other four servers support version 2. Within each group of four, two serve completely open content via 80, the other two support queries of sensitive data via 443. Servers are named with a number system where all odd-named servers are for the secure content, all evens are open.
So here's the setup in a hopefully clearer portrayal:
App Version 1:
Server 01: secure queries via 443
Server 02: open content via 80
Server 03: secure queries via 443
Server 04: open content via 80
App Version 2:
Server 05: secure queries via 443
Server 06: open content via 80
Server 07: secure queries via 443
Server 08: open content via 80
Each pair of even and odd named servers are *conceptually* linked, but physically stand on their own. All http traffic and https traffic for each version is directed to a particular server by a load balancer. No Apache Web Server is in the mix and we would like to keep it that way for simplicity. Load-wise, our eight Tomcats are not taxed.
I'm responsible for upkeep of these servers, which requires regular version upgrades and configuration changes when any vulnerability is found by regular, periodic Nessus scans (http://www.tenable.com/products/nessus-vulnerability-scanner). Sometimes the changes are related to ciphers, sometimes other things, but I'd say 90% of the time, I just need to upgrade to a newer version.
So no big deal conceptually, I fully admit, but doing this across eight servers is TEDIOUS. And more importantly, it's a ripe opportunity for introducing user error. On three occasions I have brought our production systems by stupid mistakes in server.xml or other config files, or most recently, accidentally copying the wrong ROOT from a version 2 (05) box into the version one boxes (01 and 03). I got things up and running fine with no serious consequences but this being the third time, I thought "there has to be a better way" right after I talked myself off the "you're a complete idiot" ledge.
I'm starting to research Tomcat clustering but everything I see just talks about load balancing and failover. **What about ease of configuration??** I'd like to be able to set up Tomcat <something> (clusters?) to help automate what I've described above to make it less tedious and reduce the chances of making stupid mistakes when I'm on the 6th, 7th, 8th server. I'm not sure if Tomcat clustering is what I need, or if I should look at something else.
Can you nice folks help direct me to where I should look for starters? Will Tomcat clustering get me what I want? or something else, like Zookeeper?
Thanks,
Mark Bramer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat clustering for simplified config
Posted by Igor Cicimov <ic...@gmail.com>.
On 07/10/2015 10:37 AM, "Mark Bramer" <MB...@esri.com> wrote:
>
> Hi list,
>
> I just signed up to the list - please forgive any newb mistakes but
hopefully I'm following the right format, style and content.
>
> I currently work in a production environment with eight app servers, all
running the same version of Tomcat (currently 7.0.62). Four servers
support version 1 of our app, the other four servers support version 2.
Within each group of four, two serve completely open content via 80, the
other two support queries of sensitive data via 443. Servers are named
with a number system where all odd-named servers are for the secure
content, all evens are open.
>
> So here's the setup in a hopefully clearer portrayal:
>
> App Version 1:
> Server 01: secure queries via 443
> Server 02: open content via 80
> Server 03: secure queries via 443
> Server 04: open content via 80
>
> App Version 2:
> Server 05: secure queries via 443
> Server 06: open content via 80
> Server 07: secure queries via 443
> Server 08: open content via 80
>
> Each pair of even and odd named servers are *conceptually* linked, but
physically stand on their own. All http traffic and https traffic for each
version is directed to a particular server by a load balancer. No Apache
Web Server is in the mix and we would like to keep it that way for
simplicity. Load-wise, our eight Tomcats are not taxed.
>
> I'm responsible for upkeep of these servers, which requires regular
version upgrades and configuration changes when any vulnerability is found
by regular, periodic Nessus scans (
http://www.tenable.com/products/nessus-vulnerability-scanner). Sometimes
the changes are related to ciphers, sometimes other things, but I'd say 90%
of the time, I just need to upgrade to a newer version.
>
> So no big deal conceptually, I fully admit, but doing this across eight
servers is TEDIOUS. And more importantly, it's a ripe opportunity for
introducing user error. On three occasions I have brought our production
systems by stupid mistakes in server.xml or other config files, or most
recently, accidentally copying the wrong ROOT from a version 2 (05) box
into the version one boxes (01 and 03). I got things up and running fine
with no serious consequences but this being the third time, I thought
"there has to be a better way" right after I talked myself off the "you're
a complete idiot" ledge.
>
> I'm starting to research Tomcat clustering but everything I see just
talks about load balancing and failover. **What about ease of
configuration??** I'd like to be able to set up Tomcat <something>
(clusters?) to help automate what I've described above to make it less
tedious and reduce the chances of making stupid mistakes when I'm on the
6th, 7th, 8th server. I'm not sure if Tomcat clustering is what I need, or
if I should look at something else.
>
> Can you nice folks help direct me to where I should look for starters?
Will Tomcat clustering get me what I want? or something else, like
Zookeeper?
>
Sounds like you should start using configuration manager like Puppet, Chef
etc. We use Ansible and pretty happy with it.
Re: Tomcat clustering for simplified config
Posted by Mark Thomas <ma...@apache.org>.
On 07/10/2015 00:36, Mark Bramer wrote:
> Hi list,
>
> I just signed up to the list - please forgive any newb mistakes but hopefully I'm following the right format, style and content.
>
> I currently work in a production environment with eight app servers, all running the same version of Tomcat (currently 7.0.62). Four servers support version 1 of our app, the other four servers support version 2. Within each group of four, two serve completely open content via 80, the other two support queries of sensitive data via 443. Servers are named with a number system where all odd-named servers are for the secure content, all evens are open.
>
> So here's the setup in a hopefully clearer portrayal:
>
> App Version 1:
> Server 01: secure queries via 443
> Server 02: open content via 80
> Server 03: secure queries via 443
> Server 04: open content via 80
>
> App Version 2:
> Server 05: secure queries via 443
> Server 06: open content via 80
> Server 07: secure queries via 443
> Server 08: open content via 80
>
> Each pair of even and odd named servers are *conceptually* linked, but physically stand on their own. All http traffic and https traffic for each version is directed to a particular server by a load balancer. No Apache Web Server is in the mix and we would like to keep it that way for simplicity. Load-wise, our eight Tomcats are not taxed.
>
> I'm responsible for upkeep of these servers, which requires regular version upgrades and configuration changes when any vulnerability is found by regular, periodic Nessus scans (http://www.tenable.com/products/nessus-vulnerability-scanner). Sometimes the changes are related to ciphers, sometimes other things, but I'd say 90% of the time, I just need to upgrade to a newer version.
>
> So no big deal conceptually, I fully admit, but doing this across eight servers is TEDIOUS. And more importantly, it's a ripe opportunity for introducing user error. On three occasions I have brought our production systems by stupid mistakes in server.xml or other config files, or most recently, accidentally copying the wrong ROOT from a version 2 (05) box into the version one boxes (01 and 03). I got things up and running fine with no serious consequences but this being the third time, I thought "there has to be a better way" right after I talked myself off the "you're a complete idiot" ledge.
>
> I'm starting to research Tomcat clustering but everything I see just talks about load balancing and failover. **What about ease of configuration??** I'd like to be able to set up Tomcat <something> (clusters?) to help automate what I've described above to make it less tedious and reduce the chances of making stupid mistakes when I'm on the 6th, 7th, 8th server. I'm not sure if Tomcat clustering is what I need, or if I should look at something else.
>
> Can you nice folks help direct me to where I should look for starters? Will Tomcat clustering get me what I want? or something else, like Zookeeper?
Tomcat clustering won't help.
A couple of things you might want to look at:
1. Use separate CATALINA_HOME / CATALINA_BASE. That reduces version
upgrades to:
- extract archive for new version
- stop instance
- edit startup script to point to new CATALINA_HOME
- start instance
2. Consider using ${your.property.name} style substitution in your xml
files. This lets you have a common configuration file that you can
simply copy across all your servers with server specific settings
defined as properties (that can be picked up from catalina.properties).
This allows 'global' changes to server.xml (or any other xml config
file) to be rolled out by copying the same file to all instances. You
should be able to use the same file in test and production, reducing the
chances of errors during changes.
HTH,
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat clustering for simplified config
Posted by Christoph Nenning <Ch...@lex-com.net>.
> I don't have a solution or advice to contribute, but I hope I can
> spur along some more discussion on the issue.
>
> We struggle with the problem of pets versus cattle also.
>
> We have a farm of pets right now.
>
> Our team is still evaluating at what level in our infrastructure our
> tomcat servers will live.
>
Here are some notes how *we* do it:
> Tomcat is its own container server, able to deploy and undeploy
> multiple apps all by itself. Making docker containers of tomcats
> which will then run multiple webapps-- would we deploy a whole
> container, pre-loaded with war files? That gives us the power of
> docker but eliminates the power of tomcat's own deployment.
We think of it as "application containers", not "tomcat containers". So
yes, we don't use tomcat's deployment powers anymore.
> Do we
> create empty tomcat docker containers and fill them with warfiles
> once they are running?
We package tomcat, app and app-specific-tomcat-config in one image.
Deploying a new version of an app means we deploy the whole image.
Warfiles are not deployed anymore.
> That gives us long-running docker containers
> which, from what I understand, misses the point of docker.
We do use long-running docker containers.
> Or do we
> go old school and use chef/puppet/ansible to create cattle servers
> in our private cloud without docker altogether. They will be long-
> running, but we will likely pay a price at server creation time.
We were thinking about that, too. But we concluded that maintaining our
tomcats and apps with those tools is too hard for us. But actually we use
puppet to run containers.
Regards,
Christoph
This Email was scanned by Sophos Anti Virus
Re: Tomcat clustering for simplified config
Posted by Chris Gamache <cg...@gmail.com>.
I don't have a solution or advice to contribute, but I hope I can spur along some more discussion on the issue.
We struggle with the problem of pets versus cattle also.
We have a farm of pets right now.
Our team is still evaluating at what level in our infrastructure our tomcat servers will live.
Tomcat is its own container server, able to deploy and undeploy multiple apps all by itself. Making docker containers of tomcats which will then run multiple webapps-- would we deploy a whole container, pre-loaded with war files? That gives us the power of docker but eliminates the power of tomcat's own deployment. Do we create empty tomcat docker containers and fill them with warfiles once they are running? That gives us long-running docker containers which, from what I understand, misses the point of docker. Or do we go old school and use chef/puppet/ansible to create cattle servers in our private cloud without docker altogether. They will be long-running, but we will likely pay a price at server creation time.
Plus, all the cool kids are using docker these days.
So were stuck in this limbo, having to make a serious design choice.
> On Oct 12, 2015, at 7:07 AM, Christoph Nenning <Ch...@lex-com.net> wrote:
>
> Christopher,
>
>>>> Hi list,
>>>>
>>>> I just signed up to the list - please forgive any newb mistakes
>>>> but hopefully I'm following the right format, style and content.
>>>>
>>>> I currently work in a production environment with eight app
>>>> servers, all running the same version of Tomcat (currently
>>>> 7.0.62). Four servers support version 1 of our app, the other
>>>> four servers support version 2. Within each group of four, two
>>>> serve completely open content via 80, the other two support
>>>> queries of sensitive data via 443. Servers are named with a
>>>> number system where all odd-named servers are for the secure
>>>> content, all evens are open.
>>>>
>>>> So here's the setup in a hopefully clearer portrayal:
>>>>
>>>> App Version 1: Server 01: secure queries via 443 Server 02: open
>>>> content via 80 Server 03: secure queries via 443 Server 04: open
>>>> content via 80
>>>>
>>>> App Version 2: Server 05: secure queries via 443 Server 06: open
>>>> content via 80 Server 07: secure queries via 443 Server 08: open
>>>> content via 80
>>>>
>>>> Each pair of even and odd named servers are *conceptually*
>>>> linked, but physically stand on their own. All http traffic and
>>>> https traffic for each version is directed to a particular server
>>>> by a load balancer. No Apache Web Server is in the mix and we
>>>> would like to keep it that way for simplicity. Load-wise, our
>>>> eight Tomcats are not taxed.
>>>>
>>>> I'm responsible for upkeep of these servers, which requires
>>>> regular version upgrades and configuration changes when any
>>>> vulnerability is found by regular, periodic Nessus scans
>>>> (http://www.tenable.com/ products/nessus-vulnerability-scanner).
>>>> Sometimes the changes are related to ciphers, sometimes other
>>>> things, but I'd say 90% of the time, I just need to upgrade to a
>>>> newer version.
>>>>
>>>> So no big deal conceptually, I fully admit, but doing this across
>>>> eight servers is TEDIOUS. And more importantly, it's a ripe
>>>> opportunity for introducing user error. On three occasions I
>>>> have brought our production systems by stupid mistakes in
>>>> server.xml or other config files, or most recently, accidentally
>>>> copying the wrong ROOT from a version 2 (05) box into the version
>>>> one boxes (01 and 03). I got things up and running fine with no
>>>> serious consequences but this being the third time, I thought
>>>> "there has to be a better way" right after I talked myself off
>>>> the "you're a complete idiot"
>>> ledge.
>>>>
>>>> I'm starting to research Tomcat clustering but everything I see
>>>> just talks about load balancing and failover. **What about ease
>>>> of configuration??** I'd like to be able to set up Tomcat
>>>> <something> (clusters?) to help automate what I've described
>>>> above to make it less tedious and reduce the chances of making
>>>> stupid mistakes when I'm on the 6th, 7th, 8th server. I'm not
>>>> sure if Tomcat clustering is what I need, or if I should look at
>>>> something else.
>>>>
>>>> Can you nice folks help direct me to where I should look for
>>>> starters? Will Tomcat clustering get me what I want? or
>>>> something else, like Zookeeper?
>>>>
>>>> Thanks, Mark Bramer
>>>
>>>
>>> We do somthing similar by utilizing docker containers.
>>>
>>> At first we create a base-image consisting of: - minified linux
>>> distro - jvm - tomcat
>>>
>>> Then we have application images based on that which add: - app
>>> specific tomcat config - the app itself
>>>
>>> These images can be run as multiple instances and thus becoming
>>> containers.
>>>
>>> When we update tomcat it is done in the base-image and all
>>> app-images are rebuilt and containers restarted. So it is just one
>>> place where the change has to be done.
>>>
>>> On config updates the according app-image is changed, rebuilt and
>>> restarted.
>>
>> I would love to invite you to ApacheCon and have you give a
>> presentation on how you do this because it's something I've been
>> wanting to do for a while, now.
>
> Happy to hear that :)
>
>
>
>> Would your employer send you to ApacheCon?
>
> Looks bad. ApacheCon Europe *might* be possible.
>
>
> Regards,
> Christoph
>
> This Email was scanned by Sophos Anti Virus
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat clustering for simplified config
Posted by Christoph Nenning <Ch...@lex-com.net>.
Christopher,
> >> Hi list,
> >>
> >> I just signed up to the list - please forgive any newb mistakes
> >> but hopefully I'm following the right format, style and content.
> >>
> >> I currently work in a production environment with eight app
> >> servers, all running the same version of Tomcat (currently
> >> 7.0.62). Four servers support version 1 of our app, the other
> >> four servers support version 2. Within each group of four, two
> >> serve completely open content via 80, the other two support
> >> queries of sensitive data via 443. Servers are named with a
> >> number system where all odd-named servers are for the secure
> >> content, all evens are open.
> >>
> >> So here's the setup in a hopefully clearer portrayal:
> >>
> >> App Version 1: Server 01: secure queries via 443 Server 02: open
> >> content via 80 Server 03: secure queries via 443 Server 04: open
> >> content via 80
> >>
> >> App Version 2: Server 05: secure queries via 443 Server 06: open
> >> content via 80 Server 07: secure queries via 443 Server 08: open
> >> content via 80
> >>
> >> Each pair of even and odd named servers are *conceptually*
> >> linked, but physically stand on their own. All http traffic and
> >> https traffic for each version is directed to a particular server
> >> by a load balancer. No Apache Web Server is in the mix and we
> >> would like to keep it that way for simplicity. Load-wise, our
> >> eight Tomcats are not taxed.
> >>
> >> I'm responsible for upkeep of these servers, which requires
> >> regular version upgrades and configuration changes when any
> >> vulnerability is found by regular, periodic Nessus scans
> >> (http://www.tenable.com/ products/nessus-vulnerability-scanner).
> >> Sometimes the changes are related to ciphers, sometimes other
> >> things, but I'd say 90% of the time, I just need to upgrade to a
> >> newer version.
> >>
> >> So no big deal conceptually, I fully admit, but doing this across
> >> eight servers is TEDIOUS. And more importantly, it's a ripe
> >> opportunity for introducing user error. On three occasions I
> >> have brought our production systems by stupid mistakes in
> >> server.xml or other config files, or most recently, accidentally
> >> copying the wrong ROOT from a version 2 (05) box into the version
> >> one boxes (01 and 03). I got things up and running fine with no
> >> serious consequences but this being the third time, I thought
> >> "there has to be a better way" right after I talked myself off
> >> the "you're a complete idiot"
> > ledge.
> >>
> >> I'm starting to research Tomcat clustering but everything I see
> >> just talks about load balancing and failover. **What about ease
> >> of configuration??** I'd like to be able to set up Tomcat
> >> <something> (clusters?) to help automate what I've described
> >> above to make it less tedious and reduce the chances of making
> >> stupid mistakes when I'm on the 6th, 7th, 8th server. I'm not
> >> sure if Tomcat clustering is what I need, or if I should look at
> >> something else.
> >>
> >> Can you nice folks help direct me to where I should look for
> >> starters? Will Tomcat clustering get me what I want? or
> >> something else, like Zookeeper?
> >>
> >> Thanks, Mark Bramer
> >>
> >
> >
> > We do somthing similar by utilizing docker containers.
> >
> > At first we create a base-image consisting of: - minified linux
> > distro - jvm - tomcat
> >
> > Then we have application images based on that which add: - app
> > specific tomcat config - the app itself
> >
> > These images can be run as multiple instances and thus becoming
> > containers.
> >
> > When we update tomcat it is done in the base-image and all
> > app-images are rebuilt and containers restarted. So it is just one
> > place where the change has to be done.
> >
> > On config updates the according app-image is changed, rebuilt and
> > restarted.
>
> I would love to invite you to ApacheCon and have you give a
> presentation on how you do this because it's something I've been
> wanting to do for a while, now.
>
Happy to hear that :)
> Would your employer send you to ApacheCon?
>
Looks bad. ApacheCon Europe *might* be possible.
Regards,
Christoph
This Email was scanned by Sophos Anti Virus
Re: Tomcat clustering for simplified config
Posted by Christopher Schultz <ch...@christopherschultz.net>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Christoph,
On 10/7/15 4:36 AM, Christoph Nenning wrote:
>> Hi list,
>>
>> I just signed up to the list - please forgive any newb mistakes
>> but hopefully I'm following the right format, style and content.
>>
>> I currently work in a production environment with eight app
>> servers, all running the same version of Tomcat (currently
>> 7.0.62). Four servers support version 1 of our app, the other
>> four servers support version 2. Within each group of four, two
>> serve completely open content via 80, the other two support
>> queries of sensitive data via 443. Servers are named with a
>> number system where all odd-named servers are for the secure
>> content, all evens are open.
>>
>> So here's the setup in a hopefully clearer portrayal:
>>
>> App Version 1: Server 01: secure queries via 443 Server 02: open
>> content via 80 Server 03: secure queries via 443 Server 04: open
>> content via 80
>>
>> App Version 2: Server 05: secure queries via 443 Server 06: open
>> content via 80 Server 07: secure queries via 443 Server 08: open
>> content via 80
>>
>> Each pair of even and odd named servers are *conceptually*
>> linked, but physically stand on their own. All http traffic and
>> https traffic for each version is directed to a particular server
>> by a load balancer. No Apache Web Server is in the mix and we
>> would like to keep it that way for simplicity. Load-wise, our
>> eight Tomcats are not taxed.
>>
>> I'm responsible for upkeep of these servers, which requires
>> regular version upgrades and configuration changes when any
>> vulnerability is found by regular, periodic Nessus scans
>> (http://www.tenable.com/ products/nessus-vulnerability-scanner).
>> Sometimes the changes are related to ciphers, sometimes other
>> things, but I'd say 90% of the time, I just need to upgrade to a
>> newer version.
>>
>> So no big deal conceptually, I fully admit, but doing this across
>> eight servers is TEDIOUS. And more importantly, it's a ripe
>> opportunity for introducing user error. On three occasions I
>> have brought our production systems by stupid mistakes in
>> server.xml or other config files, or most recently, accidentally
>> copying the wrong ROOT from a version 2 (05) box into the version
>> one boxes (01 and 03). I got things up and running fine with no
>> serious consequences but this being the third time, I thought
>> "there has to be a better way" right after I talked myself off
>> the "you're a complete idiot"
> ledge.
>>
>> I'm starting to research Tomcat clustering but everything I see
>> just talks about load balancing and failover. **What about ease
>> of configuration??** I'd like to be able to set up Tomcat
>> <something> (clusters?) to help automate what I've described
>> above to make it less tedious and reduce the chances of making
>> stupid mistakes when I'm on the 6th, 7th, 8th server. I'm not
>> sure if Tomcat clustering is what I need, or if I should look at
>> something else.
>>
>> Can you nice folks help direct me to where I should look for
>> starters? Will Tomcat clustering get me what I want? or
>> something else, like Zookeeper?
>>
>> Thanks, Mark Bramer
>>
>
>
> We do somthing similar by utilizing docker containers.
>
> At first we create a base-image consisting of: - minified linux
> distro - jvm - tomcat
>
> Then we have application images based on that which add: - app
> specific tomcat config - the app itself
>
> These images can be run as multiple instances and thus becoming
> containers.
>
> When we update tomcat it is done in the base-image and all
> app-images are rebuilt and containers restarted. So it is just one
> place where the change has to be done.
>
> On config updates the according app-image is changed, rebuilt and
> restarted.
I would love to invite you to ApacheCon and have you give a
presentation on how you do this because it's something I've been
wanting to do for a while, now.
Would your employer send you to ApacheCon?
- -chris
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJWFUEwAAoJEBzwKT+lPKRYw34P/1QAyLAWOioogv2pJPQ09Ppx
kFVvgw1XJPhaI2ZdFgadPXkrvm9wNJIU/cR+/I+97Ehpmk/DFM0ZutYjunzB0IeI
Cr883Y/PtPvJvhurkggM4P147F68d/4DpdSDCNrdmHteQ3k3lB6pY57PCCr/45zX
81s553Nn/Y/l3m4HEUjWbIYZI2BiL1Fp8aJ//hgB8t/GWAPRoeTh6PMstQqD9EhA
xE7dkdlH4vYVMUtV8krPUGGgIbfJ1Q3UOyk36SdDBx5kNacFPM1BrwW/HSwj9ou1
GYeAlb+uAYIaKglADhKkjVwTxeYnJWscA5yoaTzSUNyQE08yVTD/ekhlR9b5EVMi
XUa1G9lGLgpJjMhCVK6yqSn+fHbZvxDPaYzpFHG3UQmxVBI+kl8GKhckSQRtG64k
PTJrQsC1xcjwh0i4Fi/FrOaveHndNCHv2eQ7KbarKWivE886gLMBtINuHNWoGHuP
dcQUK2wiTWCQR141Oiqd17p18/gYxUqtOhyzNW3SxkfwyTvEfE8BT8ioOH0350Li
l53bTEAiqhnF2clzQcWLDjsuSWnMfjGLVT/KD2WFDUe0awjOy/kc16OqWndKdpB0
iWVM2Ds6ddf63h4bdBvLI2+INugu+PkQIXoN9/J7OYaNB+oo4GCUidPfk9kGRQl2
YaRATse6j0NsPjgipVju
=aprI
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Tomcat clustering for simplified config
Posted by Christoph Nenning <Ch...@lex-com.net>.
> Hi list,
>
> I just signed up to the list - please forgive any newb mistakes but
> hopefully I'm following the right format, style and content.
>
> I currently work in a production environment with eight app servers,
> all running the same version of Tomcat (currently 7.0.62). Four
> servers support version 1 of our app, the other four servers support
> version 2. Within each group of four, two serve completely open
> content via 80, the other two support queries of sensitive data via
> 443. Servers are named with a number system where all odd-named
> servers are for the secure content, all evens are open.
>
> So here's the setup in a hopefully clearer portrayal:
>
> App Version 1:
> Server 01: secure queries via 443
> Server 02: open content via 80
> Server 03: secure queries via 443
> Server 04: open content via 80
>
> App Version 2:
> Server 05: secure queries via 443
> Server 06: open content via 80
> Server 07: secure queries via 443
> Server 08: open content via 80
>
> Each pair of even and odd named servers are *conceptually* linked,
> but physically stand on their own. All http traffic and https
> traffic for each version is directed to a particular server by a
> load balancer. No Apache Web Server is in the mix and we would like
> to keep it that way for simplicity. Load-wise, our eight Tomcats
> are not taxed.
>
> I'm responsible for upkeep of these servers, which requires regular
> version upgrades and configuration changes when any vulnerability is
> found by regular, periodic Nessus scans (http://www.tenable.com/
> products/nessus-vulnerability-scanner). Sometimes the changes are
> related to ciphers, sometimes other things, but I'd say 90% of the
> time, I just need to upgrade to a newer version.
>
> So no big deal conceptually, I fully admit, but doing this across
> eight servers is TEDIOUS. And more importantly, it's a ripe
> opportunity for introducing user error. On three occasions I have
> brought our production systems by stupid mistakes in server.xml or
> other config files, or most recently, accidentally copying the wrong
> ROOT from a version 2 (05) box into the version one boxes (01 and
> 03). I got things up and running fine with no serious consequences
> but this being the third time, I thought "there has to be a better
> way" right after I talked myself off the "you're a complete idiot"
ledge.
>
> I'm starting to research Tomcat clustering but everything I see just
> talks about load balancing and failover. **What about ease of
> configuration??** I'd like to be able to set up Tomcat <something>
> (clusters?) to help automate what I've described above to make it
> less tedious and reduce the chances of making stupid mistakes when
> I'm on the 6th, 7th, 8th server. I'm not sure if Tomcat clustering
> is what I need, or if I should look at something else.
>
> Can you nice folks help direct me to where I should look for
> starters? Will Tomcat clustering get me what I want? or something
> else, like Zookeeper?
>
> Thanks,
> Mark Bramer
>
We do somthing similar by utilizing docker containers.
At first we create a base-image consisting of:
- minified linux distro
- jvm
- tomcat
Then we have application images based on that which add:
- app specific tomcat config
- the app itself
These images can be run as multiple instances and thus becoming
containers.
When we update tomcat it is done in the base-image and all app-images are
rebuilt and containers restarted. So it is just one place where the change
has to be done.
On config updates the according app-image is changed, rebuilt and
restarted.
Regards,
Christoph
This Email was scanned by Sophos Anti Virus