RSS

WSO2 Identity Server Clustering with WSO2 Elastic Load Balancer

13 Feb

Wso2 IS is most useful product in the world, so many people are using this to achieve their day to day security  operations. So once we go to the hi available and high scalable system we need have multiple IS instances. So I’m going to explain how to make the IS cluster with two nodes.

First of all we need know about the high level scenarios so lets look at following diagram.

is-cluster

There is two proxy ports in LB to communicate the different transports According to the above diagram so we need to do this mapping in the IS nodes.
Here we are using one of clustering mechanism call “Well-Known Address based multicasting

Lets look at the LB configuration

1. By default it has two proxy ports exposed for http(8290) and https(8243) in $WSO2_ELB/repository/conf/axis2/axis2.xml

<!-- ================================================= -->
    <!--             Transport Ins (Listeners)             -->
    <!-- ================================================= -->
    <!--Default trasnport will be passthrough if you need to change please add it here -->
   <transportReceiver name="http" class="org.apache.synapse.transport.passthru.PassThroughHttpListener">
      <parameter name="port">8290</parameter>
      <parameter name="non-blocking"> true</parameter>
      <parameter name="httpGetProcessor" locked="false">org.wso2.carbon.transport.nhttp.api.PassThroughNHttpGetProcessor</parameter>
   </transportReceiver>
   <transportReceiver name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLListener">
        <parameter name="port" locked="false">8243</parameter>
        <parameter name="non-blocking" locked="false">true</parameter>
        <parameter name="httpGetProcessor" locked="false">org.wso2.carbon.transport.nhttp.api.PassThroughNHttpGetProcessor</parameter>
        <!--parameter name="bind-address" locked="false">hostname or IP address</parameter-->
        <!--parameter name="WSDLEPRPrefix" locked="false">https://apachehost:port/somepath</parameter-->
        <parameter name="keystore" locked="false">
            <KeyStore>
                <Location>repository/resources/security/wso2carbon.jks</Location>
                <Type>JKS</Type>
                <Password>wso2carbon</Password>
                <KeyPassword>wso2carbon</KeyPassword>
            </KeyStore>
        </parameter>
        <parameter name="truststore" locked="false">
            <TrustStore>
                <Location>repository/resources/security/client-truststore.jks</Location>
                <Type>JKS</Type>
                <Password>wso2carbon</Password>
            </TrustStore>
        </parameter>
        <!--<parameter name="SSLVerifyClient">require</parameter>
            supports optional|require or defaults to none -->
    </transportReceiver>

2. You have to go to $WSO2_ELB/repository/conf/loadbalancer.conf and define the cluster details as follows.

    identity {
        hosts                   is.cloud.wso2.com;	
        domains   {
            wso2.is.domain {
                tenant_range    *;
            }            
        }
    }

3. Now you can put the entry into the hosts file in linux to map the “is.cloud.wso2.com” and your IP

4. Start the load balancer.

5. Now go to IS node 1 and do the following configuration on $WSO2_IS_node/repository/conf/axis2/axis2.xml
* first you have to enable the clustering in node 1.

    <clustering class="org.apache.axis2.clustering.tribes.TribesClusteringAgent" enable="true">

* put membership schema as “wka”

   <parameter name="membershipScheme">wka</parameter>

* Domain specification

   <parameter name="domain">wso2.is.domain</parameter>

* Local member port – this should be unique for each node. Local member port in ELB is 4000 by default

   <parameter name="localMemberPort">4100</parameter>

* You have to define the well known member as well.

        <members>
            <member>
                <hostName>is.cloud.wso2.com</hostName>
                <port>4000</port>
            </member>            
        </members>

* You have to map the http and https to the ELB proxy ports.

        <!-- ================================================= -->
    <!-- In Transports -->
    <!-- ================================================= -->
    <transportReceiver name="http"
                       class="org.wso2.carbon.core.transports.http.HttpTransportListener">
        <!--
           Uncomment the following if you are deploying this within an application server. You
           need to specify the HTTP port of the application server
        -->
        <parameter name="port">9763</parameter>

        <!--
       Uncomment the following to enable Apache2 mod_proxy. The port on the Apache server is 80
       in this case.
        -->
        <parameter name="proxyPort">8290</parameter>
    </transportReceiver>
   
    <transportReceiver name="https"
                       class="org.wso2.carbon.core.transports.http.HttpsTransportListener">
        <!--
           Uncomment the following if you are deploying this within an application server. You
           need to specify the HTTPS port of the application server
        -->
        <parameter name="port">9443</parameter>

        <!--
       Uncomment the following to enable Apache2 mod_proxy. The port on the Apache server is 443
       in this case.
        -->
        <parameter name="proxyPort">8243</parameter>
    </transportReceiver>

* Put the offset as 5 in $WSO2_IS_node/repository/conf/carbon.xml and start the IS node 1

    <Offset>5</Offset>

is

In ELB side you can see this
elb

Same as you have to do the configuration in IS node 2 download the axis2.xml here for node 2

6. Now you can start the identity server node 2

7. Then you can access the Identity server through the “https://is.cloud.wso2.com:8243/carbon/admin/login.jsp
is

About these ads
 
Leave a comment

Posted by on February 13, 2013 in Identity Server, Other, wso2

 

Tags: , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: