Clustering CAS

最新推荐文章于 2024-10-31 11:13:17 发布

dengzhongju

最新推荐文章于 2024-10-31 11:13:17 发布

阅读量1.2k

点赞数

文章标签： tomcat interceptor application file cache network

Clustering CAS

2010-04-14 11:17

操作系统：
redhat AS 5.4

准备软件：
jdk-6u20-ea-bin-b01-linux-i586-10_mar_2010-rpm.bin
httpd-2.2.15.tar.bz2
openssl-1.0.0.tar.gz
apache-tomcat-6.0.26.tar
tomcat-connectors-1.2.30-src.tar
apache-maven-2.2.1-bin.tar.bz2
CAS-3.3.4

软件配置：
软件的安装可以参照以前的日志或者源码中的安装文档。值得一提的是maven，在编译CAS的时候如果遇到jar包依赖，在默认的中心repository中找不到的话，就去google上查找相应的jar，将该包所在的repository加到maven的setting.xml中。下面重点介绍clustering CAS配置。参考网站http://www.ja-sig.org/wiki/display/CASUM/Clustering+CAS

Tomcat Session Replication
Since CAS stores the login information in the application session ^² we need to setup session replication between our Tomcat instances.
The first thing you need to do is tell CAS (the application) that it is distributable ^³. So, in the CAS web.xml file you need to add the <distributable/> tag.
在文件中cas-distribution/cas-server-webapp/src/main/webapp/WEB-INF/web.xml
添加：
－－－－－－－－－－－－－－－－－

...
<context-param>
      <param-name>contextConfigLocation</param-name>
            <param-value>
                  /WEB-INF/applicationContext.xml,
                  /WEB-INF/deployerConfigContext.xml
             </param-value>
</context-param>

<!-- Set the application as distributable: http://tomcat.apache.org/tomcat-5.0-doc/cluster-howto.html -->
<distributable />
...

－－－－－－－－－－－－－－－－－－－－－－－
Now you need to tell Tomcat to replicate the session information using muticast. This is done in the Tomcat server.xml file. You need to add the cluster information inside of the Engine tag
---------------------------------

 <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster">

          <Manager className="org.apache.catalina.ha.session.DeltaManager"
                   expireSessionsOnShutdown="false"
                   notifyListenersOnReplication="true"/>

          <Channel className="org.apache.catalina.tribes.group.GroupChannel">
            <Membership
                className="org.apache.catalina.tribes.membership.McastService"
                <!-- address="239.255.0.1" -->    
                
                address="228.0.0.4"
                port="45564"
                frequency="500"
                dropTime="3000"
                mcastTTL="1"/>

            <Receiver
                className="org.apache.catalina.tribes.transport.nio.NioReceiver"
                <!-- address="auto" -->
                
                address="your_ip_address"
                port="4000"
                autoBind="0"
                selectorTimeout="100"
                maxThreads="6"/>

            <Sender className="org.apache.catalina.tribes.transport.ReplicationTransmitter">
              <Transport className="org.apache.catalina.tribes.transport.nio.PooledParallelSender"/>
            </Sender>
            <Interceptor className="org.apache.catalina.tribes.group.interceptors.TcpFailureDetector"/>
            <Interceptor className="org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor"/>

          </Channel>

          <Valve className="org.apache.catalina.ha.tcp.ReplicationValve"
                   filter=".*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;"/>

          <ClusterListener className="org.apache.catalina.ha.session.ClusterSessionListener"/>

      </Cluster>

-----------------------------------

Note 1: Again, please check with your network administrator before turning this on. I have set mcastTTL" If you want to force it to stay within your subnet, my understanding is that you can do so by using a TTL of 1." If you want to do clustering outside of a single subnet, you will probably have to change this value, or remove the mcastTTL attribute and value altogether. to 1 because my network admin told me

Note 2: You will see a lot of references to the jvmRoute attribute of the Engine tag, but you only need to specify that if you are clustering more than one Tomcat on one host. In that case, you will have to specify the jvmRoute that corresponds to the Apache worker you have specified for that Tomcat instance. ^⁴

Note 3: If your Tomcat cluster doesn't work (Tomcat instance not seeing other member), perhaps you must change auto in tcpListenAddress="auto" by IP address of server.

Note 4: If your Tomcat cluster still doesn't work ensure that the TCP and UDP ports on the servers are not being blocked by a host-based firewall, that your network interface has multicast enabled, and that it has the appropriate routes for multicast.

Note 5: If you see a large stacktrace in the cas.log file that ends with a root cause of: "java.net.BindException: Cannot assign requested address", it's likely due to the JVM trying to use IPv6 sockets while your system is using IPv4. Set the JVM to prefer IPv4 by setting the Java system property -Djava.net.preferIPv4Stack=true. You can set the CATALINA_OPTS environment variable so Tomcat will pick it up automatically with:

export CATALINA_OPTS=-Djava.net.preferIPv4Stack=true

-----------------------------------------

Now start up your two (or more) Tomcat instances (on separate hosts!) and you should see something like the following in the catalina.out log:

May 22, 2007 4:25:54 PM org.apache.catalina.cluster.tcp.SimpleTcpCluster memberAdded
INFO: Replication member added:org.apache.catalina.cluster.mcast.McastMember
     [tcp://128.32.143.78:4001,catalina,128.32.143.78,4001, alive=5]

Conversly, in the catalina.out log on my other server, I see:

May 22, 2007 4:27:13 PM org.apache.catalina.cluster.tcp.SimpleTcpCluster memberAdded
INFO: Replication member added:org.apache.catalina.cluster.mcast.McastMember
     [tcp://128.32.143.79:4001,catalina,128.32.143.79,4001, alive=5]

--------------------------------------------------------------------

Ticket Cache Replication

Now you we need to setup the ticket cache replication using the org.jasig.cas.ticket.registry.JBossCacheTicketRegistry class. We implement this by editing the applicationContext.xml config file again.

Open up applicationContext.xml and change the "Ticket Registry" section from this:

You need to edit the file WEB-INF/spring-configuration/ticketRegistry.xml:

<bean
      id="ticketRegistry"
      class="org.jasig.cas.ticket.registry.DefaultTicketRegistry" />

to this:

<bean id="ticketRegistry"
      class="org.jasig.cas.ticket.registry.JBossCacheTicketRegistry">
      <property name="cache" ref="cache" />
</bean>

<bean id="cache" class="org.jasig.cas.util.JBossCacheFactoryBean">
      <property name="configLocation"
             value="classpath:jbossTicketCacheReplicationConfig.xml" />
</bean>

Note 1: No space between classpath: and jbossTicketCacheReplicationConfig.xml, otherwise you have a not found exception.

In the cache bean above, there is a property with a value of classpath:jbossTicketCacheReplicationConfig.xml so now we have to find and do something with this file.

jbossCache.xml started out life as jbossTestCache.xml. Since I do not like to put things into production with the word "test" in them, I changed the name (and a few things inside the file). This file is located at:

cas-distribution/cas-server-integration-jboss/src/test/resources/jbossTestCache.xml

Open this file up and get ready for some editing. I discovered that the default file did not work in my installation, as was noted by some others on the CAS mailing list. Scott Battaglia sent an edited version to the list. ^⁵

You have to comment-out the following lines:

<!--  <depends>jboss:service=TransactionManager</depends> -->

and:

<!-- <attribute name="TransactionManagerLookupClass">
          org.jboss.cache.DummyTransactionManagerLookup</attribute> -->

Next, you have to edit the mcast_addr In the ClusterConfig section, set the mcast_addr to the value appropriate for your network, and if your hosts are on the same subnet, set ip_ttl to 1. You may also need to set the bind_addr property to the IP address you want this host to listen for TreeCache updates. This is especially true if you are using bonding and/or IPV6 on your system :

<UDP mcast_addr="228.0.0.3" mcast_port="48866"
      ip_ttl="1" ip_mcast="true" bind_addr="192.168.10.10"
      mcast_send_buf_size="150000" mcast_recv_buf_size="80000"
      ucast_send_buf_size="150000" ucast_recv_buf_size="80000"
      loopback="false"/>

ps:

Now that you have edited this file, you have to get it onto your CLASSPATH ^⁶ I have decided to put it directly into my Tomcat directory:

cas-distribution/cas-server-webapp/src/main/webapp/WEB-INF/classes/jbossTicketCacheReplicationConfig.xml

Add the following dependency to the pom.xml file located at the folder cas-server-webapp and it will include the JBoss cache stuff in cas.war

Remarks: The dependency is needed if you are NOT using JBoss Application Server.

...
<dependency>
 <groupId>org.jasig.cas</groupId>
 <artifactId>cas-server-integration-jboss</artifactId>
 <version>3.3.4</version>
 <scope>runtime</scope>
</dependency>
...

Ensuring Ticket Granting Ticket Cookie Visibility

WEB-INF/spring-configuration/warnCookieGenerator.xml

<bean id="warnCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
        p:cookieSecure="true"
        p:cookieMaxAge="-1"
        p:cookieName="CASPRIVACY"
        p:cookiePath="/cas"
        p:cookieDomain="example.com"/>

WEB-INF/spring-configuration/ticketGrantingCookieGenerator.xml

<bean id="ticketGrantingTicketCookieGenerator" class="org.jasig.cas.web.support.CookieRetrievingCookieGenerator"
        p:cookieSecure="true"
        p:cookieMaxAge="-1"
        p:cookieName="CASTGC"
        p:cookiePath="/cas"
        p:cookieDomain="example.com"/>

Ok, now test it out (hopefully your load balancers will cooperate).