[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] bugs.gentoo.org status report, 2009/03/19 10h00
From:       Ramon van Alteren <ramon () vanalteren ! nl>
Date:       2009-03-30 10:20:11
Message-ID: 49D09CDB.6080406 () vanalteren ! nl
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Robin H. Johnson wrote:
> The primary Bugzilla webserver is now back in operation.
> 
> Additionally, for the moment, I've re-enabled the load-balancing, but
> note that it comes with a warning...
> Load balanced bugzilla webservers:
> http://bugs-web-lb.gentoo.org/
> (HTTPS supported as well, but the SSL certificate won't match).
> 
> Visiting either specific side of the webserver nodes:
> http://bugs-web1.gentoo.org/
> http://bugs-web2.gentoo.org/
> (The web node you're on is listed on the frontpage only).
> 
> Caveat:
> - Why can't we just always use the load-balancer?
> Unfortunately bugzilla writes a number of files to the local disk and
> then gives you a URL to them. If the file was written to disk on web1,
> but your request was delivered to web2, then you would get a 404 error.

Robbat, would persistency on loadbalancer level solve this problem ?
In that case a tcp-connect that has been build stays with that
real-server instance in the loadbalancer, provided that data from the
same ip is coming in below a specified timeout.

We've used this in the past when we still used disk-based sessions in
our webapp. It works well, but can create hotspots in your webfarm if a
large percentage of your userbase is behind a single NATed gateway.

It would also limit your attacker to a single host.

Ramon
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAknQnNoACgkQwiVM6CtDHQ1zwgCfZfEXwjZ9a0y7mHjq7A5MAxTo
HPIAn17SCBu0M71j6UBH8uW+7bVpMUnD
=gzHX
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]