Push Clients need to be able to reach the backend VIP #69
Labels
Comments
|
I just wanted to add that the following instructions can be used as the workaround solution until the improvements make their way into new releases. On both the primary and secondary backend Chef servers open the file Then on both the primary and secondary backend Chef servers run |
markan
added a commit
that referenced
this issue
Jan 29, 2015
…y from the VIP #69 A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies. This is unlike any other part of chef server; everything else goes through nginx on the front end nodes, but zeromq can't do that. The server can advertise to clients a different name to use, but this was defaulted to the backend VIP, which may not be routable from the clients. Making this independently settable lets the user choose a name or ip that is routable, perhaps via a firewall rule. This adds an default attribute ['pushy']['opscode-pushy-server']['server_name_for_client'] to allow access to the server feature.
markan
added a commit
that referenced
this issue
Feb 3, 2015
…y from the VIP #69 A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies. This is unlike any other part of chef server; everything else goes through nginx on the front end nodes, but zeromq can't do that. The server can advertise to clients a different name to use, but this was defaulted to the backend VIP, which may not be routable from the clients. Making this independently settable lets the user choose a name or ip that is routable, perhaps via a firewall rule. This adds an default attribute ['pushy']['opscode-pushy-server']['server_name_for_client'] to allow access to the server feature.
markan
added a commit
that referenced
this issue
Feb 6, 2015
…y from the VIP #69 A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies. This is unlike any other part of chef server; everything else goes through nginx on the front end nodes, but zeromq can't do that. The server can advertise to clients a different name to use, but this was defaulted to the backend VIP, which may not be routable from the clients. Making this independently settable lets the user choose a name or ip that is routable, perhaps via a firewall rule. This adds an default attribute ['pushy']['opscode-pushy-server']['server_name_for_client'] to allow access to the server feature.
markan
added a commit
that referenced
this issue
Feb 10, 2015
…y from the VIP #69 A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies. This is unlike any other part of chef server; everything else goes through nginx on the front end nodes, but zeromq can't do that. The server can advertise to clients a different name to use, but this was defaulted to the backend VIP, which may not be routable from the clients. Making this independently settable lets the user choose a name or ip that is routable, perhaps via a firewall rule. This adds an default attribute ['pushy']['opscode-pushy-server']['server_name_for_client'] to allow access to the server feature.
markan
added a commit
that referenced
this issue
Feb 14, 2015
…y from the VIP #69 A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies. This is unlike any other part of chef server; everything else goes through nginx on the front end nodes, but zeromq can't do that. The server can advertise to clients a different name to use, but this was defaulted to the backend VIP, which may not be routable from the clients. Making this independently settable lets the user choose a name or ip that is routable, perhaps via a firewall rule. This adds an default attribute ['pushy']['opscode-pushy-server']['server_name_for_client'] to allow access to the server feature. Setting the value: opscode_pushy_server['server_name_advertised'] = "example.com" in /etc/opscode-push-jobs-server/opscode-push-jobs-server.rb will adjust this attribute.
markan
added a commit
that referenced
this issue
Feb 14, 2015
…y from the VIP #69 A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies. This is unlike any other part of chef server; everything else goes through nginx on the front end nodes, but zeromq can't do that. The server can advertise to clients a different name to use, but this was defaulted to the backend VIP, which may not be routable from the clients. Making this independently settable lets the user choose a name or ip that is routable, perhaps via a firewall rule. This adds an default attribute ['pushy']['opscode-pushy-server']['server_name_for_client'] to allow access to the server feature. Setting the value: opscode_pushy_server['server_name_advertised'] = "example.com" in /etc/opscode-push-jobs-server/opscode-push-jobs-server.rb will adjust this attribute.
|
Merged, will be in 1.3 |
MattVonVielen
pushed a commit
to chef-boneyard/opscode-pushy-server
that referenced
this issue
Jul 8, 2016
…y from the VIP chef-boneyard/omnibus-pushy#69 A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies. This is unlike any other part of chef server; everything else goes through nginx on the front end nodes, but zeromq can't do that. The server can advertise to clients a different name to use, but this was defaulted to the backend VIP, which may not be routable from the clients. Making this independently settable lets the user choose a name or ip that is routable, perhaps via a firewall rule. This adds an default attribute ['pushy']['opscode-pushy-server']['server_name_for_client'] to allow access to the server feature. Setting the value: opscode_pushy_server['server_name_advertised'] = "example.com" in /etc/opscode-push-jobs-server/opscode-push-jobs-server.rb will adjust this attribute.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies, and is unlike any other part of chef server.
A workaround would be to forward the push jobs ports from a publicly available IP to the backend VIP. The actual server has the 'server_name' config option, which sets what address the clients use to connect to. (https://github.com/opscode/opscode-pushy-server/blob/master/apps/pushy/src/pushy_config_resource.erl#L81)
However, the omnibus cookbook (https://github.com/opscode/omnibus-pushy/blob/master/files/pushy-server-cookbooks/opscode-pushy-server/templates/default/opscode-pushy-server.config.erb#L83) hardcodes the node['pushy']['opscode-pushy-server']['vip'] as the server_name. That attribute is also used by the FE nginx config to forward the client http requests, and needs to be the internally routable address.
Instead we should change the template to allow this to be separately configured as a user settable attribute.
Longer term, we should move the push service to the frontend; that will remove a user pain point.
The text was updated successfully, but these errors were encountered: