3 Replies Latest reply: Apr 11, 2012 5:50 AM by Alfred Yu RSS

problems of clustering server (picketlink, haproxy, failover)

Alfred Yu Newbie

Hi Everybody,

 

     I'm new to Jboss, and have some problems of clustering AS 7.1.1.

 

I have two clusterd server nodes.

node 1 ip 172.20.27.244

node 2 ip 172.20.27.245

and use haproxy as load balancer with ip 172.20.27.243 (Could I use haproxy rather than mod_cluster?)

The haproxy listen to 80 port and redirect requests to node 1 or node 2 port 8080.

I add picketlink configurations for SSO to my applications and cluster the node 1 and 2.

When request the application with URL http://172.20.27.243/application

 

Case 1:

     I can't login. (the haproxy use "roundrobin" as it's load balance policy.)

     The server always responds me some message like session expired.

     When there's only one node alive (the haproxy always have one node to redirect), I can login normally.

 

Case 2:

     If I change the load balance policy to "source" (like sticky session) with two node alive, I also can login normally.

     But when I shutdown the server which is servicing the request, server failover doesn't work.

     Then I'm redirected to login page.

 

I attched the standalone-ha.xml and server.log.

What I am missing for configuration clustering, SSO and failover?

  • 1. Re: problems of clustering server (picketlink, haproxy, failover)
    Radoslav Husar Master

    Hi Alfred,

     

    the replication is not working because the cluster didn't form:

     

    18:05:27,051 INFO  [org.jboss.as.clustering.impl.CoreGroupCommunicationService.web] (MSC service thread 1-3) JBAS010206: Number of cluster members: 1

     

    Since I dont see your full setup, I am not sure what the fix is, probably env (e.g. firewall) issues or missing <distributable/> tag?

     

    And also you need to use sticky session instead of round-robin for performance and stability reasons:

     

         I can't login. (the haproxy use "roundrobin" as it's load balance policy.)

     

    HTH,

    Rado

  • 2. Re: problems of clustering server (picketlink, haproxy, failover)
    Alfred Yu Newbie

    Thanks for your reply, Rado.

     

    The server log is from node 1 and I start up it before node 2.  I could see

     

    18:05:57,841 INFO  [org.jboss.as.clustering.impl.CoreGroupCommunicationService.web] (MSC service thread 1-3) JBAS010206: Number of cluster members: 2

     

    in the server.log from node 2.  In the end of server.log which I attched, the log show

     

    [org.infinispan.remoting.transport.jgroups.JGroupsTransport] (Incoming-1,null) ISPN000094: Received new cluster view: [2003vm32-1/web|1] [2003vm32-1/web, 2003vm32-2/web]

     

    The 2003vm32-1 and 2003vm32-2 are the server hosts. I think the cluster is established. Am I right?

     

    The firewall would not be the problem because I stopped it.

     

    I've tried to depoly a simple application with " <distributable/>" tag in it's web.xml.

     

    I can get the same session on both two server nodes and failover process works(I think).

     

    After adding the JAAS to my application, I can't get the same result by the request. The JAAS seems change to a new session after logging in.

     

    Maybe I should know how to cluster a secured application first. I don't really know how to do it.

     

    Any tip or document I can reference?

     

    I'm not from a English-speaking country and may not describe my problem clearly.

     

    I've taken two weeks to clarify my problem but... Hope you can give me some suggestion, thanks a lot.

  • 3. Re: problems of clustering server (picketlink, haproxy, failover)
    Alfred Yu Newbie

     

    After adding the JAAS to my application, I can't get the same result by the request. The JAAS seems change to a new session after logging in.

     

    Let me modify my description.  I changed my haproxy load balance policy to "source"(sticky session) and I logged in my application via JAAS.

     

    Then I shutdown my server node 1 and expected that I should be able to continue accessing the secured resources by node 2. But I was redirected to login page.

     

    My problem is similar to the post https://community.jboss.org/message/215607#215607 but the post is since 2009.

     

    The first thing I want to clarify how I should do to failover secured application?