Loadbalanced ISPconfig - Apache2 users/ groups
I have been working on this for quite a while.. but.. i'm neaarrllyyy there haha.
I have got a nearly full functioning ISPconfig (fully loadbalanced) running.
But i have hit a little bumb in the road: apache2 plus the users created/ configured by ispconfig.
So.. to keep things simple.. how can i make ISPconfig panel duplicate the username/group on 2 servers? (or use LDAP for this)
Basically on every site creation it's my understanding that it creates a new user/group.. this causes my apache on the second server to fail to start unless i manually replicate the user.
The second little glitch (less seriouse) mySQL: it only creates databases and users from the Primary server.. is there a way to make it use a global address to create it with? (at the moment mysql in failover mode has to be on host1 inorder for ISPconfig to create the user/pass - Other then that the full mysql continues to function fine on every other server - in other words the mysql server has to pick favoures by being loaded on primary server - indead of any random server JUST for ISP panel)
Hopefully i'm making enough sence for some of you to help me out who got a greater understanding of how ISPconfig works.
Once my setup is fully done i will post the full setup howto ;)
Ispconfig creates the users and groups on both servers with the same name, so mirroring works fine and there is already. Howto published on this topic. Just ensure that you use identical setups for both servers especially that the uid and gid of the last user before you install ispconfig on the servers is the same. This ensures thant all additional users created by ispconfig has the same uid and gid on boh severs.
Ispconfig creates the mysql users on all mirrors auomatically. Just ensure that the mysql interface can only be installed on the master and may not be installed on the slaves. See mirroring totorial.
Hey and thanx for your quick reply.
I used the mirroring tutorial as a guideline however this is very incomplete and out of date in some cases like quorum.
with loadbalancing there is a need for equal sites (files) , users (usr db) etc.
the primary server (initially) is configured following the guidelines of the mirror tutorial.
The secondary server has drbd + ocfs2 storage for live sync (instead of glusterFS which is outdated and.. blocklevel tends to be the better party :P)
This however in the tutorial missed the log files area.. apache config is not synced etc.. (so where the site existed on one server - it didn't on the other).
so in addition to that tutorial i figured to sync apache's files (so the vhosts etc is all correct) -
This is where you hit issues with the username and group.
The test site is missing web1 and client0 (user // group)
this is created in Host1 --> Host2 is not updated.
However i have to admit host2 is a little bit modified: it is using the same database as host1 --> therefor has the same functions as host1.
at the moment their both perfect for loadbalancing besides the apache2 user// group and mysql creation of databases (just the creating part inside ispconfig)..
host2 is set as mirror server in isppanel.
Any idea what might of gone wrong here? (ps for me it never synced even before the modifications --> Host1 showed the welcome page while Host2 showed the IT WORKS! page of apache.)
At the moment host1 shows the welcome page and host2 shows 403 forbidden (because of the user/ group issue)
Another handy info:
I'm using Debian Squeeze x64
In addition to this -->
mySQL is set to Failover using heartbeat (master-master simply is not functioning that well and hits issues with high loads)
So host1 OR host2 is only running mySQL and not BOTH
Their both configured to use linsql --> Which is pointing to the failover SQL ip.
In the end mySQL == Failover and the rest (EVERYTHING) is loadbalanced.
I'm not talking about a backup or active/passive server.. for web servers thats just a complete waste of resources.
however Loadbalancing requires identical servers.. this includes the panel (which is now nearly identical with my setup - just got this 1 real issue left and 1 to be improved :P).
The mirror setup is complte, i know several setups that uses it. Your servers are configured wrong hen, as users, apache config logfiles etc is synced by ispconfig internally, so they may not be synced by another method or he systm must fail.
As far as i can see, you have a mysql auth problem and a wrong setup regarding mysql so hat the secondary mysql instance can not connect to mysql on the master server to sync he data ss you have no secondary mysql intance.
The first step to fix that is to remove all syncing hat you added beside he irectories /var/www and /var/vmail. Then uninstall idpconfig on h lave and follow th mirror tutorisl to instsll it again by using two separat mysql servers as described in the guide.
Ispconfig can not work if both servers use the same database. Asispconfig can not mirror the onfiguration between the servs then as it thinks hat the data is mirrored already.it is a must that each server has its mysql server and ispconfig has to connect to the datbase on localhost.
Just anoher hint, each step in the mirror guide is required, especially the editing of he hosts files in exact the way described there. If you dont o hat, no changes will get mirrored as mysql auth fails.
Using drbd instead of glustrfs is fine, i wold use hat as well for a new setup. Everything else has to be as in the guide and thas working for debian 6 as well, so its not outdated at all.
well the setup is incomplete on behalf of MAINLY the mysql.
you can not keep 2 mysql's up2date using that setup without either a reload or restart command. (if you load/save data OUTSIDE ispconfig that is on either mysql on host1 or mysql on host2)
Secondary --> Quota on debian squeeze with UID disks does not function like that neither, etc:
How it works in debian squeeze : errors=remount-ro,usrjquota=aquota.user,grpjquota=aquota.group,jq fmt=vfsv0
Third --> once i completed the setup using drbd + ocfs2 instead of glusterFS --> the site log (created new site) did not sync.
located in :/var/log/ispconfig/ --> without this host2 apache did not start.
Fail2ban is left relatively unconfigured.. leaving alot of improvements on security (ssh / mysql / apache)
However .. i must say it was a great guide and helped me alot so far.
I'm not a big fan of mysql master-master .. i have seen many corperations obtaining huge dataloss duo to minor bugs with this setup.
Failover mysql is from our expirience the best "bullet proof" setup.
This means either use a seperated 2 Servers for mysql storage OR simply find a way around the defaults.
Also a single master panel - is not load balanced thats an old fashion cluster with 1 master and slaves (loadbalanced == master master )
So to keep this simple - ispconfig can not be edited in such a way to create users / groups WITHOUT a master AND slave database?
(remember my setup uses master // master database).
If so.. where's the scripts located responsible for creating users/groups?
Hosts file we got it a bit more advanced with 2 different networks for each servers, shared ip's etc
In addition to that we got our internal DNS servers (3x) linked to the hostnames as a fall back.
If you want i can send you the entire txt file with every single step i took. (also got screenshots of some areas like the drbd setup using LCMC)
The file system section is still a bit messy duo to the user perms tho.
Your setup can not work with ispconfig. I am the auhor of ispconfig, so you should believe me in that regard. Idpconig works with configuration trnsactions and it stores also the processing state of the local system in the dtabase, so if you connect two instances to the same db, the system can not process any changes as two processes overwrite their transaction states.
To get your setup working, undo the mirroring of the config parts as ispconfig is doing that. THen install 2 mysql instances as thats a must have for ispconfig.
You can use your mysl cluster for the website databases but not for the two dbispconfig databases, as ispconfig mirrors its database contents internally.
The setup can be loadbalanced even with one master of course, as the main reason for such a setup in most ips is for loadbalancing the sites, mail accounts etc. Loadbalancing the controlpanel is normally not nescessary if you dont expect to have more then a few hundred thousand pageviews per day from the controlpanel itself. To get that, youw would need to have several ten thousand customers on that system.
hehe.. Then how come it only gets stuck on the user replication? the rest works fine.
On a side note: then this would be the first thing EVER that i failed to cluster (so far i clustered everything in Unix, Linux and Windows.. this includes IIS, even Filezilla servers are loadbalanced in our environments :P)
1) you can not call it a load balanced setup without a master/master a master / slave is NOT a load balanced cluster this is simply a cluster. (the one that exists for ages and ages :P).
2) If all ISPconfigs need to run mysql for it to work in the panel.. how exactly can i run a failover mysql using isppanel? that only leaves the option for a master/ master setup in mysql which is defenatly not recormended practise.
(both being able to run + write to eachother = Once the connection breaks mysql can act "funny" in some cases whiping alot of data.)
3) both servers are in ISPconfig WITH their own states (as in whats running on what system and for example 1 of them complains about mysql being down.).
4) I don't mind turning off the extra configs HOWEVER we stumble over the "must have mysql on it's own" problem (which i guess is why mirroring never worked for me. ps: why do you even give the option of installing it on any other database server other then localhost?)
5) for my current problem there is always a backup option to let the systems replicate the user files etc however this is not a lovely option AND i'm pretty sure this issue can be solved if i got some more understanding of how isppanel works
1) There is a difference between the mysql databases of the websites and the ispconfig mysql database. ISPConfigs goal is it to provide a load baanced setup for the "workload" e.g. websites, email, etc. The configuration panel itself is always a master/slave system, but the websites, mail accounts etc. can be configured as a cluster with two or more nodes.
2) See post #7. There is a difference between the ispconfig mysql database and the website databases. MySQL is used in ispconfig as a kind of local configuration cache which is mirrored inside of ispconfig. So it is a requirement for ispconfig that each instance runs its own mysql server.
3) Thats something different and does not indicate that the replication works. The steps to debug ispconfig are described in the manual and in several threads here in the forum.
4) Install it and you will see that it works. As I explained in #7, you can use your mysql cluster for the wesbite databases but not for the ispconfig system configuration database "dbispconfig". You can use any hostname for the local database, as long as it is not connected to another ispconfig instance like on your setup.
5) So to get this working. Remove your extra mirroring and then reinstall ispconfig on the slave server to use the mysql DB on localhost for its local DB and let it connect to the master DB as remote server.
Not really.. for alot of things there where no or no good manuals.. which is where we created and contributed our own.
In the end - thats what we are paid for.
This time i made a slight adjustment to my script and gone with master-master mysql and some other minor modifications (even tho i hate master-master with some decent monitoring scripts etc etc it should be alright.. tho we are still heavily testing this setup and try to make it crash / splitbrain :P)
with this minor modification my own setup works.
Unfortunatly i ran out of time to do it fully the way i want it (as in setup with failover) as my deadline is wensday ;)
I will give you one tip however: in the IT branch specially opensource - nothing is impossible it all just depends how far your willing to go to achieve your goals. You as an author should know this best of all :P
|All times are GMT +2. The time now is 03:45.|
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.