Sajith we can get a confirmation on how session persistence work in a distributed IDP setup and then decide.
If sticky session is needed then we can enable IP hashing in ngnix AFAIK. On Thu, Jun 4, 2015 at 8:14 PM, Sajith Abeywardhana <[email protected]> wrote: > Hi Dunusha, > > With these exceptions in nginx, should I remove nginx installation & > configuration from puppet, as for the result of that configs can be done > manually. > > *Sajith Abeywardhana* | Software Enginee > WSO2, Inc | lean. enterprise. middleware. > #20, Palm Grove, Colombo 03, Sri Lanka. > Mobile: +94772260485 > Email: [email protected] <[email protected]> | Web: www.wso2.com > > On Thu, Jun 4, 2015 at 5:21 PM, Dinusha Senanayaka <[email protected]> > wrote: > >> >> >> On Thu, Jun 4, 2015 at 5:12 PM, Rushmin Fernando <[email protected]> >> wrote: >> >>> And Dinusha we will have to enable sticky sessions for the IDP cluster >>> since the calls to the IDP is not stateless unlike APIM ? >>> >> Since IdP persist the session and IdP having distributed caching, I guess >> it should be able to work without having sticky sessions. Can someone from >> IS team confirm whether, in a normal SSO cluster setup, do you recommended >> to have sticky sessions ? >> >> Regards, >> Dinusha. >> >>> >>> On Thu, Jun 4, 2015 at 5:10 PM, Sajith Abeywardhana <[email protected]> >>> wrote: >>> >>>> Hi Yasassri/Nuwan, >>>> >>>> Thank you for your valuable suggestion. Will write the puppet script >>>> including your suggestion. >>>> >>>> *Sajith Abeywardhana* | Software Engineer >>>> WSO2, Inc | lean. enterprise. middleware. >>>> #20, Palm Grove, Colombo 03, Sri Lanka. >>>> Mobile: +94772260485 >>>> Email: [email protected] <[email protected]> | Web: www.wso2.com >>>> >>>> On Thu, Jun 4, 2015 at 4:52 PM, Yasassri Ratnayake <[email protected]> >>>> wrote: >>>> >>>>> Hi Sajith, >>>>> >>>>> This is just a suggestion. And you don't need a IS cluster to do this, >>>>> you can expose a single mode via the LB. And users can scale up easily if >>>>> it is required. >>>>> >>>>> For e.g as I mentioned earlier If the user decides to change the IDP >>>>> to IS this can be easily done if you are accessing the node via the LB, in >>>>> the same way if you need to scale-up the IDP node into a IS cluster, it's >>>>> a >>>>> matter of exposing new node via the LB. In this case you don't have to >>>>> meddle around with the configs of already deployed nodes. >>>>> >>>>> With Regards, >>>>> >>>>> On Thu, Jun 4, 2015 at 4:45 PM, Sajith Abeywardhana <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi Nuwan/Yasassi, >>>>>> >>>>>> Since IDP is only a single node (not a cluster) what is the purpose >>>>>> of having load balancer in front of it? Are you suggesting, do we need to >>>>>> have a IDP cluster as well? >>>>>> >>>>>> Hi Sumedha/Dinusha, >>>>>> >>>>>> If so (IDP cluster) shall I write those puppet script as well or >>>>>> shall I proceed with a single IDP node for this task? >>>>>> >>>>>> *Sajith Abeywardhana* | Software Engineer >>>>>> WSO2, Inc | lean. enterprise. middleware. >>>>>> #20, Palm Grove, Colombo 03, Sri Lanka. >>>>>> Mobile: +94772260485 >>>>>> Email: [email protected] <[email protected]> | Web: www.wso2.com >>>>>> >>>>>> On Thu, Jun 4, 2015 at 3:05 PM, Yasassri Ratnayake <[email protected] >>>>>> > wrote: >>>>>> >>>>>>> Hi Sajith, >>>>>>> >>>>>>> As Nuwan mentioned its better to front IDP by the LB, If the nodes >>>>>>> are fronted by the LB the users can easily scale their systems as >>>>>>> required >>>>>>> without changing configurations in already deployed nodes. >>>>>>> >>>>>>> >>>>>>> With Regards, >>>>>>> >>>>>>> On Thu, Jun 4, 2015 at 2:24 PM, Nuwan Silva <[email protected]> wrote: >>>>>>> >>>>>>>> I hope the Key-manager (or IDP) is also exposed through nginx. >>>>>>>> AIU when a request comes to the GWs it will be directed to the IDP >>>>>>>> for authorization so dont we have to expose this also? >>>>>>>> >>>>>>>> Regards, >>>>>>>> NuwanS. >>>>>>>> >>>>>>>> On Thu, Jun 4, 2015 at 2:14 PM, Sajith Abeywardhana < >>>>>>>> [email protected]> wrote: >>>>>>>> >>>>>>>>> Hi All, >>>>>>>>> >>>>>>>>> I'm in process of writing puppet modules for APPM cluster setup. I >>>>>>>>> have configured cluster environment manually and now moving to puppet >>>>>>>>> scripts. Below deployment diagram shows manually configured clustering >>>>>>>>> environment which I will be using as a cluster model to implement >>>>>>>>> puppet >>>>>>>>> modules. Please kind enough to provide feed backs on anything >>>>>>>>> need to be done than addition to this. >>>>>>>>> >>>>>>>>> 1. AppM publisher node communicate to gateway manager node >>>>>>>>> directly and then publish the apps. >>>>>>>>> 2. Store node use for the app subscription. >>>>>>>>> 3. Key manager node will provide authentication functions for >>>>>>>>> all AppM nodes. >>>>>>>>> 4. Gateway nodes fronted by nginx and all app request will >>>>>>>>> load balanced according to load balancer algorithm. >>>>>>>>> 5. svn used for deployment synchronization in gateway cluster. >>>>>>>>> 6. All the nodes use MySQL as a database. >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> *Sajith Abeywardhana* | Software Engineer >>>>>>>>> WSO2, Inc | lean. enterprise. middleware. >>>>>>>>> #20, Palm Grove, Colombo 03, Sri Lanka. >>>>>>>>> Mobile: +94772260485 >>>>>>>>> Email: [email protected] <[email protected]> | Web: www.wso2.com >>>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> >>>>>>>> >>>>>>>> *Nuwan Silva* >>>>>>>> *Senior Software Engineer - QA* >>>>>>>> Mobile: +9477 980 4543 >>>>>>>> >>>>>>>> WSO2 Inc. >>>>>>>> lean . enterprise . middlewear. >>>>>>>> http://www.wso2.com >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Yasassri Ratnayake >>>>>>> Software Engineer - QA >>>>>>> WSO2 Inc ; http://wso2.com >>>>>>> lean.enterprise.middleware >>>>>>> *Mobile : +94715933168 <%2B94715933168>* >>>>>>> *Blogs : http://yasassriratnayake.blogspot.com >>>>>>> <http://yasassriratnayake.blogspot.com/>* >>>>>>> * http://wso2logs.blogspot.com >>>>>>> <http://wso2logs.blogspot.com>* >>>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> -- >>>>> Yasassri Ratnayake >>>>> Software Engineer - QA >>>>> WSO2 Inc ; http://wso2.com >>>>> lean.enterprise.middleware >>>>> *Mobile : +94715933168 <%2B94715933168>* >>>>> *Blogs : http://yasassriratnayake.blogspot.com >>>>> <http://yasassriratnayake.blogspot.com/>* >>>>> * http://wso2logs.blogspot.com >>>>> <http://wso2logs.blogspot.com>* >>>>> >>>> >>>> >>> >>> >>> -- >>> *Rushmin Fernando* >>> *Technical Lead* >>> >>> WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware >>> >>> email : [email protected] >>> mobile : +94772310855 >>> >>> >>> >> >> >> -- >> Dinusha Dilrukshi >> Associate Technical Lead >> WSO2 Inc.: http://wso2.com/ >> Mobile: +94725255071 >> Blog: http://dinushasblog.blogspot.com/ >> > > -- *Rushmin Fernando* *Technical Lead* WSO2 Inc. <http://wso2.com/> - Lean . Enterprise . Middleware email : [email protected] mobile : +94772310855
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
