Christopher, > >> Hi list, > >> > >> I just signed up to the list - please forgive any newb mistakes > >> but hopefully I'm following the right format, style and content. > >> > >> I currently work in a production environment with eight app > >> servers, all running the same version of Tomcat (currently > >> 7.0.62). Four servers support version 1 of our app, the other > >> four servers support version 2. Within each group of four, two > >> serve completely open content via 80, the other two support > >> queries of sensitive data via 443. Servers are named with a > >> number system where all odd-named servers are for the secure > >> content, all evens are open. > >> > >> So here's the setup in a hopefully clearer portrayal: > >> > >> App Version 1: Server 01: secure queries via 443 Server 02: open > >> content via 80 Server 03: secure queries via 443 Server 04: open > >> content via 80 > >> > >> App Version 2: Server 05: secure queries via 443 Server 06: open > >> content via 80 Server 07: secure queries via 443 Server 08: open > >> content via 80 > >> > >> Each pair of even and odd named servers are *conceptually* > >> linked, but physically stand on their own. All http traffic and > >> https traffic for each version is directed to a particular server > >> by a load balancer. No Apache Web Server is in the mix and we > >> would like to keep it that way for simplicity. Load-wise, our > >> eight Tomcats are not taxed. > >> > >> I'm responsible for upkeep of these servers, which requires > >> regular version upgrades and configuration changes when any > >> vulnerability is found by regular, periodic Nessus scans > >> (http://www.tenable.com/ products/nessus-vulnerability-scanner). > >> Sometimes the changes are related to ciphers, sometimes other > >> things, but I'd say 90% of the time, I just need to upgrade to a > >> newer version. > >> > >> So no big deal conceptually, I fully admit, but doing this across > >> eight servers is TEDIOUS. And more importantly, it's a ripe > >> opportunity for introducing user error. On three occasions I > >> have brought our production systems by stupid mistakes in > >> server.xml or other config files, or most recently, accidentally > >> copying the wrong ROOT from a version 2 (05) box into the version > >> one boxes (01 and 03). I got things up and running fine with no > >> serious consequences but this being the third time, I thought > >> "there has to be a better way" right after I talked myself off > >> the "you're a complete idiot" > > ledge. > >> > >> I'm starting to research Tomcat clustering but everything I see > >> just talks about load balancing and failover. **What about ease > >> of configuration??** I'd like to be able to set up Tomcat > >> <something> (clusters?) to help automate what I've described > >> above to make it less tedious and reduce the chances of making > >> stupid mistakes when I'm on the 6th, 7th, 8th server. I'm not > >> sure if Tomcat clustering is what I need, or if I should look at > >> something else. > >> > >> Can you nice folks help direct me to where I should look for > >> starters? Will Tomcat clustering get me what I want? or > >> something else, like Zookeeper? > >> > >> Thanks, Mark Bramer > >> > > > > > > We do somthing similar by utilizing docker containers. > > > > At first we create a base-image consisting of: - minified linux > > distro - jvm - tomcat > > > > Then we have application images based on that which add: - app > > specific tomcat config - the app itself > > > > These images can be run as multiple instances and thus becoming > > containers. > > > > When we update tomcat it is done in the base-image and all > > app-images are rebuilt and containers restarted. So it is just one > > place where the change has to be done. > > > > On config updates the according app-image is changed, rebuilt and > > restarted. > > I would love to invite you to ApacheCon and have you give a > presentation on how you do this because it's something I've been > wanting to do for a while, now. >
Happy to hear that :) > Would your employer send you to ApacheCon? > Looks bad. ApacheCon Europe *might* be possible. Regards, Christoph This Email was scanned by Sophos Anti Virus
