New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Push Clients need to be able to reach the backend VIP #69
Comments
I just wanted to add that the following instructions can be used as the workaround solution until the improvements make their way into new releases. On both the primary and secondary backend Chef servers open the file
Then on both the primary and secondary backend Chef servers run |
…y from the VIP #69 A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies. This is unlike any other part of chef server; everything else goes through nginx on the front end nodes, but zeromq can't do that. The server can advertise to clients a different name to use, but this was defaulted to the backend VIP, which may not be routable from the clients. Making this independently settable lets the user choose a name or ip that is routable, perhaps via a firewall rule. This adds an default attribute ['pushy']['opscode-pushy-server']['server_name_for_client'] to allow access to the server feature.
…y from the VIP #69 A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies. This is unlike any other part of chef server; everything else goes through nginx on the front end nodes, but zeromq can't do that. The server can advertise to clients a different name to use, but this was defaulted to the backend VIP, which may not be routable from the clients. Making this independently settable lets the user choose a name or ip that is routable, perhaps via a firewall rule. This adds an default attribute ['pushy']['opscode-pushy-server']['server_name_for_client'] to allow access to the server feature.
…y from the VIP #69 A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies. This is unlike any other part of chef server; everything else goes through nginx on the front end nodes, but zeromq can't do that. The server can advertise to clients a different name to use, but this was defaulted to the backend VIP, which may not be routable from the clients. Making this independently settable lets the user choose a name or ip that is routable, perhaps via a firewall rule. This adds an default attribute ['pushy']['opscode-pushy-server']['server_name_for_client'] to allow access to the server feature.
…y from the VIP #69 A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies. This is unlike any other part of chef server; everything else goes through nginx on the front end nodes, but zeromq can't do that. The server can advertise to clients a different name to use, but this was defaulted to the backend VIP, which may not be routable from the clients. Making this independently settable lets the user choose a name or ip that is routable, perhaps via a firewall rule. This adds an default attribute ['pushy']['opscode-pushy-server']['server_name_for_client'] to allow access to the server feature.
…y from the VIP #69 A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies. This is unlike any other part of chef server; everything else goes through nginx on the front end nodes, but zeromq can't do that. The server can advertise to clients a different name to use, but this was defaulted to the backend VIP, which may not be routable from the clients. Making this independently settable lets the user choose a name or ip that is routable, perhaps via a firewall rule. This adds an default attribute ['pushy']['opscode-pushy-server']['server_name_for_client'] to allow access to the server feature. Setting the value: opscode_pushy_server['server_name_advertised'] = "example.com" in /etc/opscode-push-jobs-server/opscode-push-jobs-server.rb will adjust this attribute.
…y from the VIP #69 A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies. This is unlike any other part of chef server; everything else goes through nginx on the front end nodes, but zeromq can't do that. The server can advertise to clients a different name to use, but this was defaulted to the backend VIP, which may not be routable from the clients. Making this independently settable lets the user choose a name or ip that is routable, perhaps via a firewall rule. This adds an default attribute ['pushy']['opscode-pushy-server']['server_name_for_client'] to allow access to the server feature. Setting the value: opscode_pushy_server['server_name_advertised'] = "example.com" in /etc/opscode-push-jobs-server/opscode-push-jobs-server.rb will adjust this attribute.
Merged, will be in 1.3 |
…y from the VIP chef-boneyard/omnibus-pushy#69 A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies. This is unlike any other part of chef server; everything else goes through nginx on the front end nodes, but zeromq can't do that. The server can advertise to clients a different name to use, but this was defaulted to the backend VIP, which may not be routable from the clients. Making this independently settable lets the user choose a name or ip that is routable, perhaps via a firewall rule. This adds an default attribute ['pushy']['opscode-pushy-server']['server_name_for_client'] to allow access to the server feature. Setting the value: opscode_pushy_server['server_name_advertised'] = "example.com" in /etc/opscode-push-jobs-server/opscode-push-jobs-server.rb will adjust this attribute.
A push client needs to be able to reach the backend VIP to connect to the push jobs server. This causes trouble in some network topologies, and is unlike any other part of chef server.
A workaround would be to forward the push jobs ports from a publicly available IP to the backend VIP. The actual server has the 'server_name' config option, which sets what address the clients use to connect to. (https://github.com/opscode/opscode-pushy-server/blob/master/apps/pushy/src/pushy_config_resource.erl#L81)
However, the omnibus cookbook (https://github.com/opscode/omnibus-pushy/blob/master/files/pushy-server-cookbooks/opscode-pushy-server/templates/default/opscode-pushy-server.config.erb#L83) hardcodes the node['pushy']['opscode-pushy-server']['vip'] as the server_name. That attribute is also used by the FE nginx config to forward the client http requests, and needs to be the internally routable address.
Instead we should change the template to allow this to be separately configured as a user settable attribute.
Longer term, we should move the push service to the frontend; that will remove a user pain point.
The text was updated successfully, but these errors were encountered: