[Bug 55276] New: Add REST API for load balancer for dynamic registration of workers

Wed, 17 Jul 2013 05:24:45 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=55276

            Bug ID: 55276
           Summary: Add REST API for load balancer for dynamic
                    registration of workers
           Product: Apache httpd-2
           Version: 2.4.4
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: mod_proxy_balancer
          Assignee: [email protected]
          Reporter: [email protected]

Created attachment 30597
  --> https://issues.apache.org/bugzilla/attachment.cgi?id=30597&action=edit
mod_proxy_balancer.c with added handler for REST API

I am looking to extend the Apache web server with a REST API that allows my
application nodes to automatically register themselves with the Apache
mod_proxy_balancer module.

My motivation for doing this is to allow my application nodes to exist as
elastic resources in a cloud. This allows me to create a single VM image for my
application, and use my hypervisor to bring up new VMs from this single VM
image on demand.

I have updated mod_proxy_balancer.c with a new handler "balancer-api",
implemented as the balancer_api(request_req*) function in the attached modified
version of mod_proxy_balancer.c

I configure my load balancer as follows:

  <Proxy balancer://runtime>
  BalancerMember http://192.168.66.66:8081
  </Proxy>

  ProxySet balancer://runtime growth=100
  ProxyPass /xdist balancer://runtime
  ProxyPassReverse /xdist balancer://runtime

  <Location /balancer-api>
  SetHandler balancer-api
  Order Deny,Allow
  Deny from all
  Allow from 127.0.0.1
  Allow from 127.0.0.2
  Allow from 192.168.66.66
  </Location>

The balancer-api handler allows JSON/REST request to retrieve the list of
balancers and workers, but also to add and disable workers using REST request
like:

    HTTP GET http://hostname:port/balancer-api  -- lists all balancers and
their workers
    HTTP PUT http://hostname:port/balancer-api/balancer/http://workerhost:port 
-- adds "http://workerhost:port"; to "balancer"
    HTTP DELETE
http://hostname:port/balancer-api/balancer/http://workerhost:workerport  --
disables "http://workerhost:port"; to "balancer"

There isn't much security in this, other than the standard "Deny from all",
"Allow from hostname", etc. and I am not sure if more is needed to ensure that
the load balancer cannot be hacked from the outside.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to