> > Lets distinguish balancing into two items: "/Connection Balancer/" which > refers to the number of connections per node and "/Workload Balancer/" > which > redirects new connection to the node with less workload meaning less > cpu/ram > usage. > The first case is already possible in the /guacamole connection group/ as > described here: > > https://guacamole.apache.org/doc/gug/administration.html#connection-group-management > > Could the load balancer you mentioned mange the workload balancing as well? > > Yes, I agree that a distinction should be made, here, and I understand the difference. There are load balancers available that can query the back-end servers for performance data and adjust priorities based on the relative load of the system. For example, I believe HAProxy has a way to do this - through custom scripting, you can execute scripts that would query performance data on remote systems (via SSH or WMIC, etc.), and then adjust the priority based on that data. I've done this in the past - it may not be the cleanest thing, but it works. I think Keepalived had some similar hooks that could do such things, and maybe even IPVS. I would imagine that some of the commercial load balancers - Citrix Netscaler, F5, etc. - have some similar capabilities to hook into backend servers and adjust priority based on load. All of these are *Load Balancers* and not *Workload Managers* - that is, they will make decisions about where to put a connection at the time of the connection and then persist that connection until it is completed - they will not attempt to move connections from one system to another dynamically/real-time. However, for 99% of use-cases out there this is sufficient.
It also would be possible to write some additional load balancing integration for Guacamole to query and adjust priorities within a connection group based on load. I think I started to do this at one point but never completed it, but it is very doable. Slurm has the capability to free resources. Any plugin for Guacamole to do > similar thing once session killed? Even by killing a session manually, > only > connection has been terminated and still a job could run on the instance > keeping the resource busy. > > > Ah, I think I get what you're driving at, here. You're talking about freeing up resources on the remote systems to which a user is connected. So, if a user connects, through Guacamole to a host called "VNC1" over the VNC protocol, and then disconnects, they could have left something running on the VNC1 host that needs to be "cleaned up" in order to free the resources for other users who would log on to that system, correct? There's no capability to do this currently in Guacamole, for a couple of reasons. First, the remote systems are not "aware" of the Guacamole at all. To the remote systems it could be Guacamole, or vncviewer, or Microsoft Remote Desktop Client, or openssh connecting, and it doesn't have any way to tie running processes on the remote host to session within Guacamole. This makes the "clean up" job at least a little more difficult - you have to come up with some way, whether through a workload manager or a Guacamole plugin, to tie the Guacamole session to the login on the remote host. It is probably possible to do this with an extension, at least to some extent. You could write an extension that had credentials to log in to the remote systems and run something on them, and either intercept the tunnel close event or decorate an existing extension and work with some of the existing methods there to perform an action on the remote system when the tunnel closes. However, there are a few things you have to think pretty critically about: - How do you tie the Guacamole session to the processes running on the remote system? While many of them might be in a process tree with a top-level parent PID, what if a user starts something in the background with nohup (on Linux, for example) such that the process has a parent PID of 1. How do you determine that the process "belongs" to the Guacamole session? You could say, well, I'll do it by username - but what if you allow the user to log in multiple times? How do you determine which of their logins launched a process? I don't think this are insurmountable problems, but they are things to consider. - If you allow users to disconnect from and reconnect to sessions, how do you distinguish within that Guacamole tunnel close event when the user intends to disconnect and reconnect versus when they are really trying to log off? This is where just using the idle timers available within the protocols themselves, on the remote system, would be beneficial, as the remote O/S is already keeping track of that information and can make a determination on its own when a connection has been idle for too long and clean things up. To be clear, I think these are issues that have to be addressed no matter which way you go - Guacamole Extension or "workload manager." And, as such, I don't see where integration with a workload manager provides any value over either just writing the extension in Guacamole or allowing the remote systems to use the built-in capabilities to handle idle connections. Or maybe I'm way off in the weeds here and not understanding what you're saying, still?? -Nick
