CERN provides us with the virtual machines and that is very nice. It is also possible to convince the security guys to make one of those machines accessible from Internet. However, it is not something they like to do very often.

So my problem is that I have one virtual machine visible to the world, but several demos to show (and Invenio requires the whole virtual host of the apache – ie blocks one port).

To solve this, I’ll hide several machines behind one – which is not that different from a load balancing. The apache config contains:

Include /opt/apache.conf

And there I played… (with the help of #cookies and #sticky-load-balance)

DocumentRoot /opt/static-web
<Directory /welcome>
 Options Indexes FollowSymLinks
</Directory>
LogLevel debug
#Set a cookie if BALANCER_ROUTE_CHANGED containing BALANCER_WORKER_ROUTE environment variable
Header add Set-Cookie "BALANCEID=hej.%{BALANCER_WORKER_ROUTE}e; path=/;" env=BALANCER_ROUTE_CHANGED
#Show balancer-manager
<Location /balancer-manager>
 SetHandler balancer-manager
 Order allow,deny
 Allow from all
</Location>
ProxyRequests Off
#Configure members for cluster
<Proxy balancer://rcabalancer>
 BalancerMember http://137.138.124.207:80 route=atlantis
 BalancerMember http://inspirehep.net:80 route=inspire
</Proxy>
#Do not proxy balancer-manager
ProxyPass /balancer-manager !
ProxyPass /welcome !
ProxyPass /robots.txt !
#The actual ProxyPass
ProxyPass / balancer://rcabalancer/ stickysession=BALANCEID nofailover=Off
#Do not forget ProxyPassReverse for redirects
ProxyPassReverse / balancer://rcabalancer
#ProxyPassReverse / http://inspirehep.net/

This is apache config at insdev01.cern.ch and when you visit insdev01.cern.ch/welcome you can get to a static page where a small javascript helps you to choose from available demos (and sets the cookie).

<html>
<head>
<script type="text/javascript">
var cName = 'BALANCEID';
var cTimeout = 0.5;
function createCookie(name,value,days) {
 if (days) {
 var date = new Date();
 date.setTime(date.getTime()+(days*24*60*60*1000));
 var expires = "; expires="+date.toGMTString();
 }
 else var expires = "";
 document.cookie = name+"="+value+expires+"; path=/";
}
function readCookie(name) {
 var nameEQ = name + "=";
 var ca = document.cookie.split(';');
 for(var i=0;i < ca.length;i++) {
 var c = ca[i];
 while (c.charAt(0)==' ') c = c.substring(1,c.length);
 if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);
 }
 return null;
}
function eraseCookie(name) {
 createCookie(name,"",-1);
}
</script>
</head>
<body>
Hi! <br/>
<p>
This is a testing/demo site. Below you can see the list of available servers. You can activate them by clicking.
<p>
Beware this demo might be broken, but if it is working, then you have a lucky day!
<ol>
 <li> <a href="http://insdev01.cern.ch" onclick="javascript:createCookie(cName, 'inspire', cTimeout)">INSPIRE search </a></li>
 <li> <a href="http://insdev01.cern.ch" onclick="javascript:createCookie(cName, 'atlantis', cTimeout)">Invenio demo search</a> </li>
</ol>
<p>
If it doesn't work, or you want to select another demo from the list, then please close your browser
<br/> ... or wait <script>document.write(cTimeout)</script> days ;) ... and visit this webpage again.
</body>
</html>

This will set the BALANCEID cookie to contain the name of the server which we want to display.

And I also want that bots stop bothering me, so put this inside /opt/static-web/robots.txt

User-agent: *
Disallow: /

A two things confused me:

1. after configuring the proxy and loading the site I saw a blank page, the browser was loading and trying to connect to the server behind the proxy

First I thought I had an error in my configuration, but it was an error on my side – the browser was simply trying to load pictures and css references by the html page which was generated by the hidden machine (but wasn’t yet configured to pretend to be insdev01.cern.ch)

2. server reached MaxClients

This happens only when I want to use the insdev01:80 as a public proxy and run invenio on the same machine on a different port

BalancerMember http://insdev01.cern.ch:8080 route=atlantis

I don’t know yet how to solve this, the returned html code is correct, but for some reason wsgi seems to be loaded in loop (probably because proxy establishes many connections) and this exhausts the maxClients. Which were set to 250.

Advertisements