-
1. Re: How to use mod_cluster from DMZ?
jfclere Feb 18, 2010 4:07 AM (in response to ndhanks)You mean that the Host part of the CONFIG message contains an IP httpd can't reach because of the NAT, do you?
(See http://community.jboss.org/wiki/Mod-ClusterManagementProtocol for the CONFIG description).
-
2. Re: How to use mod_cluster from DMZ?
jfclere Feb 18, 2010 4:26 AM (in response to jfclere)use address="hostname" in the <Connector/> and have hostname resolved differently in httpd and AS nodes. -
3. Re: How to use mod_cluster from DMZ?
ndhanks Jun 15, 2010 1:51 AM (in response to jfclere)Finally was able to get back to this.
Now I am getting errors:
Jboss log: (multiple of these)
06-14 23:31:58 ER [org.jboss.modcluster.mcmp.impl.DefaultMCMPHandler] (ContainerBackgroundProcessor[StandardEngine[jboss.web]]) Error [null: null: {4}] sending command INFO to proxy 192.168.82.39:80, configuration will be reset
apache error log: (loglevel set to debug)
[Mon Jun 14 23:32:08 2010] [debug] mod_manager.c(1416): manager_trans INFO (/)
[Mon Jun 14 23:32:08 2010] [error] [client 192.168.82.188] client denied by server configuration: /
[Mon Jun 14 23:32:08 2010] [debug] mod_proxy_cluster.c(1118): proxy: byrequests balancer FAILED
[Mon Jun 14 23:32:08 2010] [error] proxy: CLUSTER: (balancer://p42devbalancer). All workers are in error stateConfiguration:
appserver idlapp3 -> wdlint2 ip 192.168.82.39
webserver wdlint2 -> idlapp3 ip 192.168.82.188
Jboss started with -b wdlint2
mod-cluster-jboss-beans.xml:
...
<property name="proxyList">wdlint2:80</property>
<!-- <property name="proxyList">${jboss.modcluster.proxyList:}</property> -->
<!-- URL prefix to send with commands to mod_cluster. Default is no prefix. -->
<!--property name="proxyURL"></property-->
<!-- mod_advertise is a small httpd module that advertises the
availability of httpd servers via multicast, allowing
ModClusterService to discover the httpd front-end instead of
(or in addition to) having them defined in proxyList. -->
<!-- Whether to listen for advertise messages -->
<property name="advertise">false</property>
<!-- Multicast address on which to listen for advertisements -->
<property name="advertiseGroupAddress">${jboss.modcluster.advertise.address,jboss.partition.udpGroup:224.0.1.105}</property>
<!-- Port to listen to for advertisements -->
<property name="advertisePort">${jboss.modcluster.advertise.port:23364}</property><!-- Comma delimited list of contexts that should *not* be auto-registered with httpd. -->
<!-- ROOT indicates the root context. -->
<!-- Context may be qualified by host using a colon, e.g. host1:context1 -->
<!-- If no host is defined, localhost is assumed. -->
<property name="excludedContexts">${jboss.modcluster.excludedContexts:ROOT,admin-console,invoker,jbossws,jmx-console,juddi,w
eb-console}</property><!-- Security key the proxy is going to send with advertise messages.
Default is none. -->
<!--property name="advertiseSecurityKey"></property--><!-- Whether to use SSL to communicate with mod_cluster. Note this
has nothing to do with handling of https requests by JBoss Web -->
<property name="ssl">false</property><!-- Configuration values for the load balancer itself (must be the
same on all nodes in the cluster). These will be passed to the
load balancer. -->
<property name="stickySession">true</property>
<property name="stickySessionForce">true</property>
<property name="stickySessionRemove">false</property>
<property name="maxAttempts">2</property>
<property name="workerTimeout">-1</property>
<property name="balancer">P42DevBalancer</property>...
httpd.conf:
...
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.soLoadModule slotmem_module modules/mod_slotmem.so
LoadModule manager_module modules/mod_manager.so
LoadModule proxy_cluster_module modules/mod_proxy_cluster.so
LoadModule advertise_module modules/mod_advertise.soCreateBalancers 0
NameVirtualHost *:80
<VirtualHost *:80>
ServerName wdlint2.octanner.com
ServerAdmin xxxx@xxxx.com
DocumentRoot /usr/local/apache2.2/htdocs
ErrorLog "|/usr/local/apache2.2/bin/rotatelogs /usr/local/apache2.2/logs/wdlint2-error_log_%Y_%m_%d 86400 -420"
CustomLog "|/usr/local/apache2.2/bin/rotatelogs /usr/local/apache2.2/logs/wdlint2-access_log_%Y_%m_%d 86400 -420" combinedManagerBalancerName P42DevBalancer
ProxyPass / balancer://P42DevBalancer/
...
</VirtualHost>
Thanks
Ned
-
4. Re: How to use mod_cluster from DMZ?
ndhanks Jun 15, 2010 1:51 AM (in response to ndhanks)Oops
mod_cluster v1.0.3GA
-
5. Re: How to use mod_cluster from DMZ?
jfclere Jun 15, 2010 12:12 PM (in response to ndhanks)[Mon Jun 14 23:32:08 2010] [error] [client 192.168.82.188] client denied by server configuration: /
You need to allow 192.168.82.188. Something like:
<Directory />
Order deny,allow
Deny from all
Allow from 192.168.82.188
</Directory> -
6. Re: How to use mod_cluster from DMZ?
ndhanks Jun 15, 2010 1:28 PM (in response to jfclere)Thanks for your reply.
Setting address="idlapp3" did not help.
Jboss/mod_cluster sends the IP address to Apache/mod_cluster.
appserver: idlapp3 ip 172.29.70.85 nat ip 192.168.82.188
Apache errorlog:
[Tue Jun 15 11:18:04 2010] [debug] mod_manager.c(1929): manager_handler CONFIG (/) processing: "JVMRoute=p42_3_0&Port=8009&Balancer=P42DevBalancer&Host=172.29.70.85&Type=ajp&Maxattempts=2"
[Tue Jun 15 11:18:04 2010] [debug] mod_manager.c(1970): manager_handler CONFIG OK
[Tue Jun 15 11:18:05 2010] [debug] mod_proxy_cluster.c(232): Created: reusing worker for ajp://172.29.70.85:8009
[Tue Jun 15 11:18:05 2010] [debug] mod_proxy_cluster.c(306): proxy: initialized worker 1 in child 11722 for (172.29.70.85) min=0 max=25 smax=25...
[Tue Jun 15 11:18:14 2010] [debug] proxy_util.c(2444): proxy: ajp: fam 2 socket created to connect to 172.29.70.85
[Tue Jun 15 11:18:20 2010] [error] (111)Connection refused: proxy: ajp: attempt to connect to 172.29.70.85:8009 (172.29.70.85) failed
[Tue Jun 15 11:18:20 2010] [error] ap_proxy_connect_backend disabling worker for (172.29.70.85)
[Tue Jun 15 11:18:20 2010] [debug] mod_proxy_cluster.c(1259): proxy_cluster_try_pingpong: can't connect to backend
[Tue Jun 15 11:18:20 2010] [debug] proxy_util.c(2029): proxy: ajp: has released connection for (172.29.70.85)
[Tue Jun 15 11:18:20 2010] [debug] mod_proxy_cluster.c(1333): proxy_cluster_isup: pingpong failedAgain, thank you for all your help.
-
7. Re: How to use mod_cluster from DMZ?
jfclere Jun 16, 2010 2:23 AM (in response to ndhanks)Tue Jun 15 11:18:20 2010] [error] (111)Connection refused: proxy: ajp: attempt to connect to 172.29.70.85:8009 (172.29.70.85) failed
You need to "open" 8009 in the firewall between httpd and jboss or make sure that 172.29.70.85 is a valid address for the jboss box in the httpd box.
-
8. Re: How to use mod_cluster from DMZ?
ndhanks Jun 16, 2010 10:20 AM (in response to jfclere)I can not open 172.29.70.85 on the webserver, that IP address is on the other side of the firewall. The NAT ip address for the Jboss server is 192.168.82.188.
Is there anyway to get Jboss/mod_cluster to send the NAT ip address or hostname to apache/mod_cluster?
Thanks for your help.
Ned
-
9. Re: How to use mod_cluster from DMZ?
jfclere Jun 16, 2010 10:43 AM (in response to ndhanks)You should configure the boxes so that the hostname solves 192.168.82.188 on the httpd box and 172.29.70.85 on the jboss one.
-
10. Re: How to use mod_cluster from DMZ?
ndhanks Jun 16, 2010 11:02 AM (in response to jfclere)Hostname, idlapp3, does resolve to correct IP address on each box. What I have found is that jboss/mod_cluster always sends IP address to apache. I have tried setting address="idlapp3". Setting to address=192.168.82.188 causes jbossweb to not work because 192.168.82.188 is not a valid ip address on the jboss server.
I will try again. I will capture the CONFIG message and post here.
Thanks
Ned
-
11. Re: How to use mod_cluster from DMZ?
ndhanks Jun 16, 2010 12:55 PM (in response to ndhanks)Eveything I try still gets just IP address sent to apache.
[Wed Jun 16 10:33:13 2010] [debug] mod_manager.c(1416): manager_trans CONFIG (/)
[Wed Jun 16 10:33:13 2010] [debug] mod_manager.c(1929): manager_handler CONFIG (/) processing: "JVMRoute=p42_3_0&Port=8009&Balancer=P42DevBalancer&Host=172.29.70.85&Type=ajp&Maxattempts=2"
[Wed Jun 16 10:33:13 2010] [debug] mod_manager.c(1970): manager_handler CONFIG OKThanks
Ned
-
12. Re: How to use mod_cluster from DMZ?
ruckalvnet Aug 20, 2010 9:54 AM (in response to ndhanks)Is there a solution for this issue? I just can't make mod_cluster to work when there is a NAT between apache balancer and jboss cluster. Is there way to force jboss to send the hostname and not the IP Adress in the CONFIG post to httpd?
By the way, i'm using jboss eap 5.0.1 with mod_cluster 1.0.3.GA.
Best Regards,
-
13. Re: How to use mod_cluster from DMZ?
ndhanks Aug 20, 2010 11:12 AM (in response to ruckalvnet)I have not found a fix yet.
Next week I am planning on trying mod_cluset 1.1.3CR1. I will post here my findings.
-
14. Re: How to use mod_cluster from DMZ?
ruckalvnet Aug 22, 2010 10:28 AM (in response to ndhanks)Hi,
Based on jira MODCLUSTER-168, I replaced getHostAddress() to getHostName() in method getAddress located at Utils.java source. I rebuild mod_cluster 1.0.3GA and it works!
I have to be carefull with reverse address lookups when setting up connector bindings, but with my network configuration works flawless.
Best Regards,
Rui Alves