Centrally managing GlassFish Load Balancer configurations

Yesterday we delivered a webinar on setting up load balancing for GlassFish clusters: Make Applications Highly Available: Load Balancing GlassFish Clusters. I'll post a link to the replay when available.  The registration and attendance numbers were  pretty amazing, which tells me a couple of things:

  1. The community is either already using GlassFish Enterprise Server in production, or are considering to place it in production.
  2. The community would like to learn more about approaches to load balancing GlassFish deployments.

While GlassFish supports multiple load balancing approaches (hardware load balancers, mod_jk, and the GlassFish. We have been adding both marketing and engineering content in this area due to the amount of interest we are seeing (example).

One of the more interesting features of the GlassFish is the ability to automatically push out the load balancer configuration from the GlassFish Domain Administraton Console (DAS) to the GlassFish Load Balancer Plugin running in one or more remote web servers. Vivek demonstrated this feature during the webinar.  Because of time, we did not have to to demonstrate cluster setup/configuration or how to set up the secure communication channel between the plugin and the DAS.

First, you can set up a GlassFish high availability cluster, from download to validating the configuration, in under 10 minutes.  Of course, it takes a bit longer if you want to install a cluster across multiple hosts, but that's just boilerplate (s)ftp and time consuming.

To address the second point, setting up a secure communication channel, I thought I would double-click on that a bit and show you how to set it up. Again, this will be done on a single host, removing the boilerplate of FTPing the installer around.  The first step is to download the GlassFish Enterprise Server bits that include HADB (download url). This bundle also includes the load balancer plugin. Download the Sun GlassFish Enterprise Server v2.1 with HADB. I used the file-based installer during the demo instead of the package-based installer.

Side note - apologies for the webinar demo demons hitting the load balancer installation demo. For some reason the network was slow (GUI was updating too slowly), and the terminal was not refreshing properly, so I lost context of what screen I was on. Yes, I ran through the demo beforehand in the exact same way it was demo'd, 4 times without issues. Sigh.

Below is a script that will set up the secure connection between the DAS and the Sun Web Server to enable automated updates of the load balancer configuration. I've added documentation for each step.


#!/usr/bin/bash

#################################################################
# This script will set up the secure communication channel between
# the Sun Web Server and DAS for automated load balancer updates. It
# assumes that both the web server and DAS exist on the same
# box (hey, it's a DEMO ;-) )
#################################################################

#
# Top-level "HOME_DIRECTORY" variables. Examples are shown,
# replace variables with data that reflect your environment.
# Error checking of commands not shown :-/. Also note that
# in my demo, I put all bits under /var/tmp/demo directory.
#

WS_HOME=/var/tmp/demo/webserver7
JAVA_HOME=/usr/jdk/latest
DAS_DOMAIN=/var/tmp/demo/glassfish/domains/domain1

#
# Variables related to the web server configuration
#

WS_INSTANCE=https-my_webserver_instance.sun.com
SECURE_DAS_COMM_PORT=4443
LISTENER_NAME=http-listener-2

#
# Variables related to certificates. Because this is a demo, we will
# create a self-signed certificate.
#

CERT_NAME=ServerCert
CERT_ALIAS=s1as
CERT_EXPORT_FILE=/var/tmp/demo/etc/${CERT_ALIAS}.rfc

#
# Push any existing webserver configuration modifications, in case
# the load balancer was just installed in the webserver, for example
#

${WS_HOME}/bin/wadm \\
        deploy-config \\
        --user=admin \\
        --force ${WS_INSTANCE}

#
# Create a new HTTP listener to communicate with the GlassFish Domain
# Administration Server. This is the connection where the loadbalancer
# configuration changes will be pushed.
#

${WS_HOME}/bin/wadm \\
        create-http-listener \\
        --user=admin \\
        --server-name=${WS_INSTANCE} \\
        --default-virtual-server-name=${WS_INSTANCE} \\
        --listener-port=${SECURE_DAS_COMM_PORT} \\
        --config=${WS_INSTANCE} ${LISTENER_NAME}

#
# Create a self-signed certificate for demo or educational purposes. Typically
# a signed certificate will be installed for maximum security in production
#

${WS_HOME}/bin/wadm \\
        create-selfsigned-cert \\
        --user=admin \\
        --nickname=${CERT_NAME} \\
        --server-name=${WS_INSTANCE} \\
        --token=internal \\
        --config=${WS_INSTANCE}

#
# Set SSL property on the http listener used for DAS communication, using
# the certificate just defined
#
 
${WS_HOME}/bin/wadm \\
        set-ssl-prop \\
        --user=admin \\
        --http-listener=${LISTENER_NAME} \\
        --config=${WS_INSTANCE} \\
        enabled=true \\
        server-cert-nickname=${CERT_NAME}

#
# Export the DAS public key certificate stored in the Java keystore. Note that
# the Enterprise Profile (default for GlassFish w/HADB bundle) utilizes the
# NSS keystore, so this would be replaced with the equivalent certutil command.
#

${JAVA_HOME}/bin/keytool \\
        -export \\
        -rfc \\
        -alias ${CERT_ALIAS} \\
        -keystore ${DAS_DOMAIN}/config/keystore.jks \\
        -file ${CERT_EXPORT_FILE}

#
# Import the DAS public key certificate into the the certificate database,
# enabling a secure, trusted communication channel between the DAS and
# the web server.
#

${WS_HOME}/bin/certutil \\
        -A \\
        -a \\
        -n ${CERT_ALIAS} \\
        -t "TC" \\
        -i ${CERT_EXPORT_FILE} \\
        -d  ${WS_HOME}/admin-server/config-store/${WS_INSTANCE}/config/ 

#
# List the certificates in the web server certificate database
#

${WS_HOME}/bin/certutil \\
        -L \\
        -d ${WS_HOME}/admin-server/config-store/${WS_INSTANCE}/config 

#
# Push webserver configuration modifications to the instance
#

${WS_HOME}/bin/wadm \\
        deploy-config \\
        --user=admin \\
        --force ${WS_INSTANCE}



Comments:

Post a Comment:
Comments are closed for this entry.
About

John Clingan

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today