Wednesday Nov 19, 2008

Load-balancer plugin in GlassFish now supports Apache 2.2

Support for Apache 2.2 will be coming in GlassFish Server v2.1. Users can download this version of GlassFish server from GlassFish download page. The enterprise edition will even contain installer support for installing load-balancer plugin on Apache 2.2.

For the benefit  of GlassFish user, steps to manually configure load-balancer plugin with Apache2.2 is provided in this blog.


 Platform supported

  • Solaris SPARC
  • Solaris x86
  • Linux

For exact version of the platform supported, please refer to release notes of GlassFish Server 2.1

NOTE : Apache 2.2 in not supported on windows right now. However Apache 2.0.x is supported on windows.  


Download Location

The load-balancer plugin library can be downloaded from http://download.java.net/javaee5/external/<OS>/aslb/jars where OS can be SunOS, SunOS_X86 and Linux.

The latest version of load-balancer plugin available is aslb-9.1.1-b5.jar. User can download any other latest version compared to above version, if available.


Steps to configure load-balancer plugin on Apache2.2

  1. Build Apache 2.2 and install it. If user wants to use auto-apply feature, then it should be build with openssl and server certificate must be installed. You can refer to Apache2.0 documentation for building Apache2.2 with ssl and installing certificate. Use --with-included-apr option when building Apache 2.2 to build bundled apr. Apache 2.2 install directory will be referred to as <apache2.2-install-dir>.

  2. Download load-balancer plugin and unjar it. Then unzip SUNWaspx.zip and SUNWaslb.zip. This directory will be referred to as <lbplugin-unzip-dir>.

  3. Create directory

    1. <apache2.2-install-dir>/modules/errorpages
    2. <apache2.2-install-dir>/modules/resource
    3. <apache2.2-install-dir>/sec_db_files
  4. Copy file - <lbplugin-unzip-dir>/lib/webserver-plugin/<OS>/apache2.2/mod_loadbalancer.so to <apache2.2-install-dir>/modules. Also change permission of the file to executable.

  5. Copy files - <lbplugin-unzip-dir>/lib/webserver-plugin/<OS>/apache2.2/errorpages/default-error.html and <lbplugin-unzip-dir>/lib/webserver-plugin/<OS>/apache2.2/errorpages/sun-http-lberror.html to <apache2.2-install-dir>/modules/errorpages directory.

  6. Copy files - <lbplugin-unzip-dir>/lib/webserver-plugin/<OS>/apache2.2/LBPluginDefault_root.res and <lbplugin-unzip-dir>/lib/webserver-plugin/<OS>/apache2.2/LBPlugin_root.res to <apache2.2-install-dir>/modules/resource directory.

  7. Copy files - <lbplugin-unzip-dir>/lib/webserver-plugin/<OS>/apache2.2/secmod.db, <lbplugin-unzip-dir>/lib/webserver-plugin/<OS>/apache2.2/cert8.db and <lbplugin-unzip-dir>/lib/webserver-plugin/<OS>/apache2.2/key3.db to <apache2.2-install-dir>/sec_db_files directory.

  8. Copy file <lbplugin-unzip-dir>/lib/install/templates/loadbalancer.xml.example to <apache2.2-install-dir>/conf directory.

  9. Copy files - <lbplugin-unzip-dir>/lib/dtds/sun-loadbalancer_1_1.dtd and <lbplugin-unzip-dir>/lib/dtds/sun-loadbalancer_1_2.dtd to <apache2.2-install-dir>/conf directory.

  10. Changes in file <apache2.2-install-dir>/conf/httpd.conf

    1. Change
      FROM:
      ServerName www.example.com:80
      TO:
      ServerName <host-name>:80

    2. Change
      FROM:
      #Include conf/extra/httpd-mpm.conf
      TO:
      Include conf/extra/httpd-mpm.conf

    3. Change
      FROM:
      #Include conf/extra/httpd-vhosts.conf
      TO:
      Include conf/extra/httpd-vhosts.conf

    4. Change
      FROM:
      #Include conf/extra/httpd-ssl.conf
      TO:
      Include conf/extra/httpd-ssl.conf

    5. Append following entry
      ##BEGIN EE LB Plugin Parameters
      LoadFile /usr/lib/libCstd.so.1 (THIS LINE IS ONLY NEEDED ON SOLARIS SPARC)
      LoadModule apachelbplugin_module modules/mod_loadbalancer.so
      #AddModule apachelbplugin_module
      <IfModule apachelbplugin_module>
      config-file <apache2.2-install-dir>/conf/loadbalancer.xml
      locale en
      </IfModule>
      ##END EE LB Plugin Parameters

  11. Changes in file <apache2.2-install-dir>/conf/extra/httpd-mpm.conf

    1. Change prefork MPM settings
      Set StartServers to 1
      Set MaxClients to 1

  12. Changes in file <apache2.2-install-dir>/conf/extra/httpd-vhosts.conf

    1. Append
      ##BEGIN EE LB Plugin Parameters
      <VirtualHost <machine-ip-address>>
          ServerName <host-name>
          DocumentRoot "<apache2.2-install-dir>/htdocs"
      </VirtualHost>
      ##END EE LB Plugin Parameters

    2. User can remove other existing VirtualHost entries from this file

  13. Changes in file <apache2.2-install-dir>/conf/extra/httpd-ssl.conf

    1. Change
      FROM:
      <VirtualHost _default_:443>
      TO:
      <VirtualHost <machine-ip-address>:443>
      b)Change
      FROM:
      ServerName www.example.com:443
      TO:
      ServerName <host-name>:443

  14. If user want to use feature auto-apply feature

    1. Export DAS certificate using command : certutil -L -d <application-server-DAS-dir>/config -n s1as -a -o sjsas.crt

    2. Copy certificate file(sjsas.crt) to <apache2.2-install-dir>/conf/ssl.crt directory. If directory does not exist, create one.

    3. Append in file <apache2.2-install-dir>/conf/extra/httpd-ssl.conf
      ##BEGIN EE LB Plugin Parameters
      <Location /lbconfigupdate >
      SSLVerifyClient require
      SSLVerifyDepth 1
      SSLRequireSSL
      SSLCACertificateFile <apache2.2-install-dir>/conf/ssl.crt/sjsas.crt
      SSLRequire ( %{SSL_CIPHER} !~ m/\^(EXP|NULL)-/ \\
      and %{SSL_CLIENT_S_DN_O} eq "Sun Microsystems" \\
      and %{SSL_CLIENT_S_DN_OU} eq "Sun Java System Application Server" \\
      and %{SSL_CLIENT_M_SERIAL} eq "<Cert-Serial-Number>" )
      </Location>
      <Location /getmonitordata >
      SSLVerifyClient require
      SSLVerifyDepth 1
      SSLRequireSSL
      SSLCACertificateFile  <apache2.2-install-dir>/conf/ssl.crt/sjsas.crt
      SSLRequire ( %{SSL_CIPHER} !~ m/\^(EXP|NULL)-/ \\
      and %{SSL_CLIENT_S_DN_O} eq "Sun Microsystems" \\
      and %{SSL_CLIENT_S_DN_OU} eq "Sun Java System Application Server" \\
      and %{SSL_CLIENT_M_SERIAL} eq "<Cert-Serial-Number>" )
      </Location>
      ##END EE LB Plugin Parameters

      NOTE:

      1. Cert-Serial-Number need to be generated from provided DAS certificate file(sjsas.crt).  Command for that is : keytool -printcert -file sjsas.crt. Note Serial number from output of above command. Take its value and change all lower case characters to upper case.
      2. Application Server name is assumed to be Sun Java System Application Server. If it is different, then it needs to be reflected here as well. Above command will print that as well.
  15. Changes in file <apache2.2-install-dir>/bin/envvars

    1. Suffix <lbplugin-unzip-dir>/lib and <apache2.2-install-dir>/modules directory to LD_LIBRARY_PATH on unix platform

  16. For auto-apply feature to work, the run-as user for apache must have writable permission for <apache2.2-install-dir>/conf directory. If security is not an issue, user can even set <apache2.2-install-dir>/conf directory permission to 777.


About

kshitiz

Search

Categories
Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today