> Hi list, > > I just signed up to the list - please forgive any newb mistakes but > hopefully I'm following the right format, style and content. > > I currently work in a production environment with eight app servers, > all running the same version of Tomcat (currently 7.0.62). Four > servers support version 1 of our app, the other four servers support > version 2. Within each group of four, two serve completely open > content via 80, the other two support queries of sensitive data via > 443. Servers are named with a number system where all odd-named > servers are for the secure content, all evens are open. > > So here's the setup in a hopefully clearer portrayal: > > App Version 1: > Server 01: secure queries via 443 > Server 02: open content via 80 > Server 03: secure queries via 443 > Server 04: open content via 80 > > App Version 2: > Server 05: secure queries via 443 > Server 06: open content via 80 > Server 07: secure queries via 443 > Server 08: open content via 80 > > Each pair of even and odd named servers are *conceptually* linked, > but physically stand on their own. All http traffic and https > traffic for each version is directed to a particular server by a > load balancer. No Apache Web Server is in the mix and we would like > to keep it that way for simplicity. Load-wise, our eight Tomcats > are not taxed. > > I'm responsible for upkeep of these servers, which requires regular > version upgrades and configuration changes when any vulnerability is > found by regular, periodic Nessus scans (http://www.tenable.com/ > products/nessus-vulnerability-scanner). Sometimes the changes are > related to ciphers, sometimes other things, but I'd say 90% of the > time, I just need to upgrade to a newer version. > > So no big deal conceptually, I fully admit, but doing this across > eight servers is TEDIOUS. And more importantly, it's a ripe > opportunity for introducing user error. On three occasions I have > brought our production systems by stupid mistakes in server.xml or > other config files, or most recently, accidentally copying the wrong > ROOT from a version 2 (05) box into the version one boxes (01 and > 03). I got things up and running fine with no serious consequences > but this being the third time, I thought "there has to be a better > way" right after I talked myself off the "you're a complete idiot" ledge. > > I'm starting to research Tomcat clustering but everything I see just > talks about load balancing and failover. **What about ease of > configuration??** I'd like to be able to set up Tomcat <something> > (clusters?) to help automate what I've described above to make it > less tedious and reduce the chances of making stupid mistakes when > I'm on the 6th, 7th, 8th server. I'm not sure if Tomcat clustering > is what I need, or if I should look at something else. > > Can you nice folks help direct me to where I should look for > starters? Will Tomcat clustering get me what I want? or something > else, like Zookeeper? > > Thanks, > Mark Bramer >
We do somthing similar by utilizing docker containers. At first we create a base-image consisting of: - minified linux distro - jvm - tomcat Then we have application images based on that which add: - app specific tomcat config - the app itself These images can be run as multiple instances and thus becoming containers. When we update tomcat it is done in the base-image and all app-images are rebuilt and containers restarted. So it is just one place where the change has to be done. On config updates the according app-image is changed, rebuilt and restarted. Regards, Christoph This Email was scanned by Sophos Anti Virus
