f12ad5ded38666ae38ba907ef9a52fa4142b0518
doc/b1873 - Disposable reverse proxy architecture.pptx
wiki/images/orchestration/disposable-reverse-proxy-architecture-from-bug1873.png
| ... | ... | Binary files /dev/null and b/wiki/images/orchestration/disposable-reverse-proxy-architecture-from-bug1873.png differ |
wiki/info/landscape/amazon-ec2.md
| ... | ... | @@ -28,17 +28,18 @@ Additionally, we have created a CNAME record for ``*.sapsailing.com`` pointing a |
| 28 | 28 | |
| 29 | 29 | Further ALBs may exist in addition to the default ALB and the NLB for ``sapsailing.com``. Those will then have to have one or more DNS record(s) pointing to them for which matching rules based on the hostname exist in the ALB listener's rule set. This set-up is specifically appropriate for "longer-lived" content where during archiving or dismantling a DNS lag is not a significant problem. |
| 30 | 30 | |
| 31 | -### Apache httpd Webserver and Reverse Proxy |
|
| 31 | +### Apache httpd, the central reverse proxy (Webserver) and disposable reverse proxies |
|
| 32 | 32 | |
| 33 | -The web server currently exists only as one "central" reverse proxy but work is being undertaken to duplicate the essential services, |
|
| 34 | -to improve availability. Only the current central reverse proxy will be non-disposable, hosting the wiki, releases, Git jobs, static and Bugzilla. |
|
| 35 | -Other services, such as p2 remain to be decided. Any traffic to the Hudson build server subdomain gets directed by route 53 to a `DDNSMapped` load balancer (which all route any port 80 traffic to 443), which has a rule pointing to a target group, that contains only the Hudson server. |
|
| 33 | +A key pillar of our architecture is the central reverse proxy, which handles traffic for the wiki, bugzilla, awstats, releases, p2, Git, jobs, static and is the target of the catch all rule in the Dynamic ALB. |
|
| 34 | +Any traffic to the Hudson build server subdomain *does not* go through the central webserver. Instead, it gets directed by route 53 to a `DDNSMapped` load balancer (which all route any port 80 traffic to 443), which has a rule pointing to a target group, that contains only the Hudson server. |
|
| 36 | 35 | |
| 37 | -The IPs for all reverse proxies will automatically be added to the `CentralWebServerHTTP-Dyn` target group (in the dynamic ALB in eu-west-1) |
|
| 38 | -and to the `DDNSMapped-x-HTTP` (in all the DDNSMapped servers). These are the target groups for the default rules and it ensures availability to the ARCHIVE especially. |
|
| 39 | -Currently, the new approach tags instances with `disposableProxy` to indicate it hosts no vital services. `ReverseProxy` also identifies any reverse proxies. The health check for the target groups would change to trigger a script which returns different error codes: healthy/200 if in the same AZ as the archive (or if the failover archive is in use), whilst unhealthy/503 if in different AZs. This will reduce cross-AZ, archive traffic costs, but maintain availability and load balancing. |
|
| 36 | +To improve availability and reliability, we have a disposable environment type and AMI. The instances from this AMI are only for serving requests to the archive but are lightweight and can be quickly started and shutdown, using the landscape management console. |
|
| 40 | 37 | |
| 41 | -For security groups of the central reverse proxy, we want Webserver, as well as Disposable Reverse Proxy. The diposables just have the latter. |
|
| 38 | +The IPs for all reverse proxies will automatically be added to ALB target groups with the tag key `allReverseProxies`, including the `CentralWebServerHTTP-Dyn` target group (in the dynamic ALB in eu-west-1) |
|
| 39 | +and all the `DDNSMapped-x-HTTP` (in all the DDNSMapped servers). These are the target groups for the default rules and it ensures availability to the ARCHIVE especially. |
|
| 40 | +Disposables instances are tagged with `disposableProxy` to indicate it hosts no vital services. `ReverseProxy` also identifies any reverse proxies. The health check for the target groups would change to trigger a script which returns different error codes: healthy/200 if in the same AZ as the archive (or if the failover archive is in use), whilst unhealthy/503 if in different AZs. This will reduce cross-AZ, archive traffic costs, but maintain availability and load balancing. |
|
| 41 | + |
|
| 42 | +For security groups of the central reverse proxy, we want Webserver, as well as Disposable Reverse Proxy. The disposables just have the latter. |
|
| 42 | 43 | |
| 43 | 44 | There is hope to also deploy the httpd on already existing instances, which have free resources and a certain tag permitting this |
| 44 | 45 | co-deployment. |
| ... | ... | @@ -99,6 +100,10 @@ After (re-)booting the webserver, check that all services have come up before ad |
| 99 | 100 | |
| 100 | 101 | The webserver must be tagged with key ``CentralReverseProxy`` where the value is ignored, but ``true`` is a good default. |
| 101 | 102 | |
| 103 | +The following diagram explains the disposable reverse proxies role a little better. |
|
| 104 | + |
|
| 105 | +<img src="wiki\images\orchestration\disposable-reverse-proxy-architecture-from-bug1873.png" width="100%" height="100%"/> |
|
| 106 | + |
|
| 102 | 107 | ### DNS and Application Load Balancers (ALBs) |
| 103 | 108 | |
| 104 | 109 | We distinguish between DNS-mapped and non-DNS-mapped content. The basic services offered by the web server as listed above are DNS-mapped, with the DNS entries being CNAME records pointing to an ALB (DNSMapped-0-1286577811.eu-west-1.elb.amazonaws.com) which handles SSL offloading with the Amazon-managed certificate and forwards those requests to the web server. Furthermore, longer-running application replica sets can have a sub-domain declared in Route53's DNS, pointing to an ALB which then forwards to the public and master target groups for this replica set based on hostname, header fields and request method. A default redirect for the ``/`` path can also be defined, obsoleting previous Apache httpd reverse proxy redirects for non-archived ALB-mapped content. |
| ... | ... | @@ -213,7 +218,7 @@ We try to maintain setup scripts that help us with setting up those instance typ |
| 213 | 218 | |
| 214 | 219 | The SAP Sailing Analytics image is used to launch new instances, shared or dedicated, that host one or more Sailing Analytics application processes. The image contains an installation of the SAP JVM 8 under /opt/sapjvm_8, an Apache httpd service that is not currently used by default for reverse proxying / rewriting / logging activities, an initially empty directory ``/home/sailing/servers`` used to host default application process configurations, and an initialization script under ``/etc/init.d/sailing`` that handles the instance's initialization with a default application process from the EC2 instance's user data. Instructions for setting up such an image from scratch can be found [here](/wiki/info/landscape/creating-ec2-image-from-scratch). |
| 215 | 220 | |
| 216 | -The user data line ``image-upgrade`` will cause the image to ignore all application configuration data and only bring the new instance to an updated state. For this, the Git content under ``/home/sailing/code`` is brought to the latest master branch commit, a ``yum update`` is carried out to install all operating system package updates available, log directories and the ``/home/sailing/servers`` directory are cleared, and the ``root`` user's crontab is brought up to date by running `crontab /root/crontab`, under the assumption it points to the appropriately named crontab in `$OUR_GIT_HOME/configuration/crontabs` (as we have different crontabs for different instances/users). If the ``no-shutdown`` line is provided in the instance's user data, the instance will be left running. Otherwise, it will shut down which would be a good default for creating a new image. See also procedures that automate much of this upgrade process. |
|
| 221 | +The user data line ``image-upgrade`` will cause the image to ignore all application configuration data and only bring the new instance to an updated state. For this, the Git content under ``/home/sailing/code`` is brought to the latest master branch commit, a ``yum update`` is carried out to install all operating system package updates available, log directories and the ``/home/sailing/servers`` directory are cleared, and the ``root`` user's crontab is brought up to date by running `. imageupgrade_functions.sh` and then `build_crontab_and_setup_files`, with the appropriate parameters. If the ``no-shutdown`` line is provided in the instance's user data, the instance will be left running. Otherwise, it will shut down which would be a good default for creating a new image. See also procedures that automate much of this upgrade process. |
|
| 217 | 222 | |
| 218 | 223 | The MongoDB Live Replica Set NVMe image is used to scale out or upgrade existing MongoDB replica sets. It also reads the EC2 instance's user data during start-up and can be parameterized by the following variables: ``REPLICA_SET_NAME``, ``REPLICA_SET_PRIMARY``, ``REPLICA_SET_PRIORITY``, and ``REPLICA_SET_VOTES``. An example configuration could look like this: |
| 219 | 224 | ``` |
| ... | ... | @@ -449,6 +454,9 @@ This script has a couple of arguments and options. The most important are the ar |
| 449 | 454 | Ideally, we would have only a single checked out Git copy across all instances: one on the wiki user of the central. However, some crontabs require references to specific users' files, so we have the strings PATH_OF_GIT_HOME_DIR_TO_REPLACE & PATH_OF_HOME_DIR_TO_REPLACE, in the crontabs, as placeholders for the paths the string itself describes, which the build-crontab-and-cp-files script replaces with the right path. |
| 450 | 455 | Have a look at the script itself for more details on the options and arguments. |
| 451 | 456 | |
| 457 | +<!-- ### Spinning up disposables --> |
|
| 458 | + |
|
| 459 | +<!-- TODO: Explain--> |
|
| 452 | 460 | |
| 453 | 461 | ## Automated SSH Key Management |
| 454 | 462 |