dd3f468a7dbb7874419563ce08c3f9920a3370a2
wiki/info/landscape/olympic-setup.md
| ... | ... | @@ -22,6 +22,19 @@ We assume not to have DNS available on site. Therefore, for now, we have decided |
| 22 | 22 | |
| 23 | 23 | The domain name has been set to ``sapsailing.com`` so that the fully-qualified host names are ``sap-p1-1.sapsailing.com`` and ``sap-p1-2.sapsailing.com`` respectively. Using this domain name is helpful later when it comes to the shared security realm established with the central ``security-service.sapsailing.com`` replica set. |
| 24 | 24 | |
| 25 | +### Tunnels |
|
| 26 | + |
|
| 27 | +On both laptops there is a script ``/usr/local/bin/tunnels`` which establishes SSH tunnels using the ``autossh`` tool. The ``autossh`` processes are forked into the background using the ``-f`` option. It seems important to then pass the port to use for sending heartbeats using the ``-M`` option. If this is omitted, according to my experience only one of several ``autossh`` processes survives. |
|
| 28 | + |
|
| 29 | +On sap-p1-1 two SSH connections are maintained, with the following port forwards: |
|
| 30 | + |
|
| 31 | +* tokyo-ssh.sapsailing.com: 10203-->10203; 5763-->rabbit-ap-northeast-1.sapsailing.com:5762; 15763-->rabbit-ap-northeast-1.sapsailing.com; 10201<--10201 |
|
| 32 | +* sap-p1-2: 10202-->10202; 10201<--10201 |
|
| 33 | + |
|
| 34 | +On sap-p1-2, the following SSH connections are maintained: |
|
| 35 | + |
|
| 36 | +- tokyo-ssh.sapsailing.com: 10203-->10203; 5763-->rabbit-ap-northeast-1.sapsailing.com:5762; 15763-->rabbit-ap-northeast-1.sapsailing.com; 10202<--10202 |
|
| 37 | + |
|
| 25 | 38 | ## AWS Setup |
| 26 | 39 | |
| 27 | 40 | Our primary AWS region for the event will be Tokyo (ap-northeast-1). There, we have reserved the elastic IP ``52.194.91.94`` to which we've mapped the Route53 hostname ``tokyo-ssh.sapsailing.com`` with a simple A-record. The host assigned to the IP/hostname is to be used as a "jump host" for SSH tunnels. |
| ... | ... | @@ -54,4 +67,4 @@ sap-p1-1 normally is the master for the ``tokyo2020`` replica set. It shall repl |
| 54 | 67 | |
| 55 | 68 | *TODO* find out whether an SSH port forward using a DNS hostname will resolve this host name again each time a connection is made. Probably, forwarding to ``security-service.sapsailing.com:443`` could just work... |
| 56 | 69 | |
| 57 | -sap-p1-2 normally is a replica for the ``tokyo2020`` replica set, using the local RabbitMQ running on sap-p1-1. Its outbound ``REPLICATION_CHANNEL`` will be ``tokyo2020-replica`` and uses the RabbitMQ running in ap-northeast-1, using an SSH port forward. A reverse port forward from ap-northeast-1 to the application port 8888 on sap-p1-2 has to be established which replicas running in ap-northeast-1 will use to reach their master through HTTP. This way, adding more replicas on the AWS side in the cloud will not require any additional bandwidth between cloud and on-site network, except that the reverse HTTP channel, which uses only little traffic, will see additional traffic per replica whereas all outbound replication goes to the single exchange in the RabbitMQ node running in ap-northeast-1. |
|
| 70 | +sap-p1-2 normally is a replica for the ``tokyo2020`` replica set, using the local RabbitMQ running on sap-p1-1. Its outbound ``REPLICATION_CHANNEL`` will be ``tokyo2020-replica`` and uses the RabbitMQ running in ap-northeast-1, using an SSH port forward. A reverse port forward from ap-northeast-1 to the application port 8888 on sap-p1-2 has to be established which replicas running in ap-northeast-1 will use to reach their master through HTTP. This way, adding more replicas on the AWS side in the cloud will not require any additional bandwidth between cloud and on-site network, except that the reverse HTTP channel, which uses only little traffic, will see additional traffic per replica whereas all outbound replication goes to the single exchange in the RabbitMQ node running in ap-northeast-1. |
|
| ... | ... | \ No newline at end of file |