OpenACS

gustafn
committed
oacs-5-10:gustafn:20230207175031
on 07 Feb 23
Cluster reform

- Support for dynamic cluster nodes:

Previous versions of OpenACS required to know the IP addresses of
the cluster node… Show more
Cluster reform

- Support for dynamic cluster nodes:

 Previous versions of OpenACS required to know the IP addresses of

 the cluster nodes in advance, which is a show-stopper for many cloud

 applications.

 The new functionality allows arbitrary nodes to register as client

 nodes at the canonical server, provided that these know a shared

 secret.  All messages of the intra-cluster talk are now

 cryptographically signed using this shared secret.

 In the current version, the shared secret key has to be specified in

 the NaviServer configuration file (ClusterSecret). Later versions

 will support the use of other measures such as generated keys, kept

 as files.

 Also in the new version it is still possible to use static peer

 addresses (which do not have to register during startup).

- Support for multiple protocols for intra-cluster talk

 Previous version of OpenACS required the communication of the

 intra-cluster talk over HTTP. With these changes, multiple protocols

 are supported. Most prominently HTTPS can be used, which is required

 by some organization for all web communication, especially for cloud

 applications. Other protocols might be added later (e.g. UDP).

- Nodes (such as the canonical server) can be specified via URL

 locations. These location specifier have the following advantages

 over classical IP address and port.

 * support different protocols (http, https, udp)

 * support of IP addresses or DNS names

 * when DNS names map to multiple IP addresses

   (e.g. multiple IPv4 and/or multiple IPv6 addresses)

   the new parameter PreferredLocationRegexp can be use

   to select the wanted. When this regexp does not match

   any of the addresses, the first address is used.

 * ports are now optional (except UDP)

 * for location specifier: https://openacs.org

- Support for cluster communication statistics

 (requires xotcl-request-monitor)

 These statistics show the amount of intra-server

 communication. The following statistics are collected

 per node:

    - number of broadcast operations

    - number of send operations (active flushes)

    - number of receive operation (passive flushes)

  For N cluster nodes, the send operations are

  basically the number of broadcast operations times

  the number of nodes minus one.

  These statistics can also be used prior to cluster

  enabling, to obtain the number of potential broadcast

  operations.

Kernel Parameters

   CanonicalServer         : location of the canonical server

   ClusterAuthorizedIP     : obsolete

   ClusterEnabledP         : unchanged

   ClusterPeerIP           : obsolete

   EnableLoggingP          : unchanged

   PreferredLocationRegexp : new

   DynamicClusterPeers     : new, no not edit

Differences between old and new value for "CanonicalServer":

old:

- specify IP address with port

- example: 137.208.116.31:443

new:

- specify URL location

- support different protocols (http, https, udp)

- support of IP address or domain name

- when domain name maps to different IP addresses

 (e.g. multiple IPv4 and/or multiple IPv6 addresses)

 PreferredLocationRegexp can be use to select the wanted.

 When the provided regexp does not match any of

 the addresses, take the first address.

- port is optional

- example: https://openacs.org

Sample setup

Old:

   CanonicalServer         : 137.208.116.31:443

   ClusterAuthorizedIP     : 137.208.116.31

   ClusterPeerIP           : 137.208.116.31:443 137.208.116.31:8443

   ClusterEnabledP         : 1

   EnableLoggingP          : 1

New:

   CanonicalServer         : https://openacs.org

   PreferredLocationRegexp : https://

   ClusterEnabledP         : 1

   EnableLoggingP          : 1

#

# Cluster secret for intra-cluster communications in NaviServer

# configuration file.  Clustering will not be enabled if no value is

# provided.

#

ns_section ns/server/$server/acs {

   # ...

   ns_param ClusterSecret "please change me"

}

#-----------------------------------------------------------------------

# Support for munin statistics

#

# 1) install munin plugins for naviserver (munin-plugins-ns.git)

# 2) add link to the munin plugins (replace "openacs" by the name

#    of your server in the munin configuration)

#    /etc/munin/plugins/naviserver_openacs_count_cluster -> /usr/share/munin/plugins/naviserver_count

# 3) in the plugin plugin configuration (e.g., etc/munin/plugin-conf.d/naviserver)

#    add a section like the following (again, replace "openacs" by the server name you used)

#

#    [naviserver_openacs_count_cluster]

#       env.title Cluster

#       env.vars cluster:broadcast cluster:sent cluster:received

#

# 4) restart munin

Show less