Loading ...
Sorry, an error occurred while loading the content.
 

Re: HELP: Dealing with multiple servers

Expand Messages
  • Brat Wizard
    Hmm- all of these sound like good suggestions in general-- I will definately take a look at that today. Question tho- my situation is one of the state
    Message 1 of 4 , Jan 22 5:46 AM
      Hmm- all of these sound like good suggestions in general-- I will
      definately
      take a look at that today.

      Question tho- my situation is one of the state directory apparently
      becoming
      corrupted (as evidenced by strange "hanging" behavior of site scripts
      when the
      problem manifests)... what you describe is the state directory
      disappearing
      altogether. Are these two phenomena similar enough to be related issues?

      Another point is that I seem to have these issues most when I'm going
      back and
      forth to the secure server. Am I overblowing the significance of this,
      or is
      there some "extra thing" I may not be aware of (this is my first secure
      server-- I'm reasonably sure I have it set up correctly but I don't have
      enough
      experience with it to recognize trouble symptoms or make useful
      diagnosis).

      Thanks again for your reply- it was definately useful in general and I
      will
      take a look at the items you mentioned this afternoon.

      John Whitten
      brat@...
      Wizard.Org, Inc.


      Thanos Chatziathanassiou wrote:

      > My experience comes from a similar project:
      > A Linux LVS cluster, where Apache::ASP enabled servers all draw their
      > session data
      > from an NFS mounted directory.
      > I had my reservations too, but after extensive testing, everything seemed
      > OK.
      > The system is in production for about 2 months now and not a single flaw has
      > surfaced.
      > Make sure your NFS mount options are good and provide solid ground for
      > sharing.
      > Mine, working so far are (snip from /etc/fstab all in a single line of
      > course).
      > ------------------------------------------------
      > nfsip:/opt/shared/var/state /var/state nfs
      > rw,hard,intr,udp,rsize=8192,wsize=8192,auto 0 0
      > ------------------------------------------------
      > Make sure rpc.lockd is running and functional (a simple perl script with
      > FLOCK,LOCK_EX is enough to test it)
      >
      > In particular, pay attention to the mount option ``hard''. Without it, lots
      > of strange events took place (the contents of /var/state lost being one of
      > them).
      >
      > Lots more of helpful info on http://nfs.sourceforge.net/
      >
      > Thanos Chatziathanassiou
      >
      > ---------------------------------------------------------------------
      > To unsubscribe, e-mail: asp-unsubscribe@...
      > For additional commands, e-mail: asp-help@...

      ---------------------------------------------------------------------
      To unsubscribe, e-mail: asp-unsubscribe@...
      For additional commands, e-mail: asp-help@...
    • Joshua Chamas
      ... The StateDir implementation was built to survive an NFS environment, even without decent file locking implemented. Its not ideal, but it can work fine.
      Message 2 of 4 , Jan 22 1:09 PM
        Brat Wizard wrote:
        >
        > Hello there-
        >
        > I am working on a project that is bigger than a single host. As a result
        > I have sessions logging into several hosts but working out of a common
        > (nfs mounted) directory. Specifically things are operating using a
        > single, comon (shared) state directory... is this bad??
        >
        > I am running into situations where the state directory gets corrupted
        > and processes "hang" until the state directory gets cleared (removed) at
        > which time things will run ok for awhile until it hoses up again.
        >
        > The biggest thing that seems to cause problem is that the secure server
        > is on a separate host from the rest of the site-- and yet it too
        > operates using the common state directory. I most often see problems
        > when going back and forth to the secure server from the main parts of
        > the site.
        >

        The StateDir implementation was built to survive an NFS environment,
        even without decent file locking implemented. Its not ideal, but it
        can work fine. As Thanos mentions, the NFS implementation & mount
        configuration is critical to get right to get an NFS shared StateDir
        to work. If NFS flock() file locking is working, then sharing a StateDir
        should be perfectly usable in a web cluster ( with also no caching
        for the NFS client mount )

        However, between https & http, I would not share sessions. This defeats
        the security of SSL. If someone had a packet sniffer and sniffed a session-id
        going over http, they then could resue that session-id over https, and get access
        to what you thought was secure data.

        So I would have a separate StateDir for http vs. https use. Further, for
        the secure site, I would set:

        PerlSetVar SecureSession 1

        this will flag the browser to make sure to only send the session-id cookie
        over SSL.

        --Josh

        _________________________________________________________________
        Joshua Chamas Chamas Enterprises Inc.
        NodeWorks Founder Huntington Beach, CA USA
        http://www.nodeworks.com 1-714-625-4051

        ---------------------------------------------------------------------
        To unsubscribe, e-mail: asp-unsubscribe@...
        For additional commands, e-mail: asp-help@...
      Your message has been successfully submitted and would be delivered to recipients shortly.