RSS LinkedIn Twitter

Apache mod_proxy_balancer Self Registration : Part 3

I’ll start off by going over the basic high level architecture for my self registration procedure:

There is a register.php script residing on the load balancer, accessible via HTTP.
There is a deregister.php script residing on the load balancer, accessible via HTTP.
There is a register_with_lb.pl script residing on the web server, in /usr/local/bin/.
There is a deregister_with_lb.pl script residing on the web server, in /usr/local/bin/.
There is a MySQL database that stores the current configuration state, on it are two stored procedures register_lb and deregister_lb.


register.php

No changes were made to register.php as described in this post , though I’m considering some alterations to increase its security.


deregister.php

The biggest difference between register.php and deregister.php (aside from their purpose) is where the insert/delete database code is called from and why. When register.php is called by the web server, it will have already inserted information about itself into the database, including its hash. I made the decision that I did not want the load balancer responsible for inserting servers into the database. It would merely check that the requesting server inserted itself, and then regenerate the balancer_members.conf.

In the case of deregister.php I decided I wanted the server making the call to still be in the database so the script could verify the identity before removing it and regeneration the balancer_members. And since the deregistration SQL is contained within a stored procedure, I needed to make some changes to the script (as compared to register.php) regarding the database.

Specifically, the standard mysql library cannot call stored procedures. So I had to convert it to using mysqli, which is a similar, though more OO approach. The portion of the code that regenerates the balancer_members.conf is similar enough that I won’t re-list it here, but I will show how to connect using mysqli, and how to call a stored procedure.

$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
if (mysqli_connect_errno()) {
  printf("Connect failed: %s\n", mysqli_connect_error());
}
 
 
$query = "SELECT count(*) as count FROM " . $dbtable . " WHERE ip='" . $_SERVER['REMOTE_ADDR'] . "';";
$result = $mysqli->query($query);
$row = $result->fetch_row();
echo $row[0];
 
 
if ($row[0] >= 1) {
  $del_query = "call deregister_lb('" . $_SERVER['REMOTE_ADDR'] . "');";
  $del_result = $mysqli->query($del_query);
 
 
  //
 
 
  echo exec('echo "' . $file . '" > /etc/httpd/conf.d/balancer_members.conf');
  echo exec("sudo /usr/local/bin/reload_httpd");
}

As you can see, I'm using the actual REMOTE_ADDR to determine the validity of the request.


(de)register_lb.sql Stored Procedure

Here is the code for the deregister_lb stored procedure:

DROP PROCEDURE IF EXISTS deregister_lb $$
 
 
CREATE PROCEDURE deregister_lb ( ip VARCHAR(100) )
  BEGIN
    DELETE FROM lb2_members
	WHERE ip=_ip;
  END $$

and also for the register_lb stored procedure:

DROP PROCEDURE IF EXISTS register_lb $$
CREATE PROCEDURE register_lb (
  _hostname VARCHAR(100),
  _ip VARCHAR(40),
  _loadfactor INT,
  _hash VARCHAR(100)
  )
 
 
  BEGIN
    DECLARE already_exists INT DEFAULT 0;
    SELECT count(*) INTO already_exists FROM lb2_members WHERE hash=_hash;
 
 
    IF already_exists=1 THEN
	  UPDATE lb2_members
	  SET hostname=_hostname, ip=_ip, loadfactor=_loadfactor
	  WHERE hash=_hash;
    ELSE
      INSERT INTO lb2_members (ip, hostname, loadfactor, hash)
	  VALUES (_ip, _hostname, _loadfactor, _hash);
    END IF;
  END $$

Note that I've omitted the code that changes the delimiter to $$ instead of a semicolon.


register_with_lb.pl

This perl script uses perl DBI for accessing the database. I had to get that installed on my web server since it wasn't already. Normally you can install perl packages using the cpan command. In which case you would issue the following commands to install DBI and a MySQL driver for it:

cpan DBI
cpan DBD::mysql

If it's the first time you've run cpan, you will need to go through some configuration. It's pretty much self explanatory, and I just accepted all of the defaults. Everything installed correctly except for the MySQL driver, which I ended up having to install from source. If I had executed the command:

yum install mysql-devel.i386

first, then my cpan install of DBD::mysql might have worked, but I didn't realize that until installing from source. In case you ever need to install a perl module from source, particularly the DBD::mysql driver, enter these commands (which I think is basically what cpan does):

yum install mysql-devel.i386 #(only requred in this particular instance)
wget http://www.cpan.org/modules/by-module/DBD/DBD-mysql-4.011.tar.gz
gzip -cd DBD-mysql-4.011.tar.gz | tar xf -
cd DBD-mysql-4.011 #(or whatever version you downloaded)
perl Makefile.PL
make

Here is how you connect to the database and call a stored procedure:

my $dsn = "DBI:mysql:host=mysql.host;database=lb_register";
my $dbh = DBI->connect ($dsn, "lbuser", "lbpasswd")
  or die "Cannot connect to MySQL server\n";
 
 
my $sql = "call register_lb('" . $localhost . "', '" . $localip . "', " . $loadfactor . ", '" .  $hash . "')";
$dbh->do($sql);
 
 
$dbh->disconnect();

After that, register_with_lb.pl opens a socket to the load balancer and makes an HTTP request over the socket. There are probably easier ways to do this, I just happened to have the socket code lying around and was glad to be able to reuse it. Here's the gist of it, in case you're interested:

# Parse the URI.
my $url = URI->new("http://load.balancer.com/register/register.php?hash=" . $hash);
 
 
# Parse these in from the command line
$host = $url->host;
$port = $url->port;
$resource = $url->path;
$query = $url->query;
 
 
# Initialize the socket
$socket = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host, PeerPort => $port,);
unless ($socket) { die "Error connecting to $host" }
$socket->autoflush(1);
 
 
# Format the request
my $request = "GET " . $resource . (($query)?"?" . $query : "") . " HTTP/1.1" . $EOL . "Host: " . $host . $EOL . "User-agent: register_script" . $EOR;
 
 
# Use send() to make the request, and output the response.
# Not necessary in this example, but informational.
if ( $socket->send($request) ) {
  while (  ) { print }
}
 
 
# Close the socket
close $socket;

The above code pretty much sums up deregister_from_lb.pl, since no database calls are made, a call is simply made to the deregister script. The line you would change is as follows:

my $url = URI->new("http://my.balancer.com/register/deregister.php");

Then make the files executable, and copy them to be used by the startup script described in the previous post:

"
chmod a+x register_with_lb.pl
chmod a+x deregister_with_lb.pl
cp register_with_lb.pl /usr/local/bin/
cp deregister_with_lb.pl /usr/local/bin

I don't show it here, but right now my IP addresses are hard coded. There are a number of ways you can find out your actual IP address from within perl, I'm just not doing that right now.


Securing the register scripts

As an additional security measure, I've restricted access to the /register/ location on the load balancer to the IP address range I expect my web servers to be from, like this:

Order Deny,Allow
  Deny from all
  Allow from 10.0.0.

And now you have a web server that can register automatically (if you've gone through the previous two posts as well) with a mod_proxy_balancer load balancer.

Update

I did some searching around to find a way to determine your IP address from inside the perl script. This is a simple way if your server has a public IP address and reverse DNS set up correctly for that IP address:

use Socket;
use Sys::Hostname;
my $host = hostname();
my $addr = inet_ntoa(scalar(gethostbyname($host)) || 'localhost');

If your slave web servers are on a private network, the above command will return the loopback IP address (127.0.0.1) which isn't useful for the load balancer (I wonder if it would start an infinite loop and crash the load balancer?). I found a function that prints out the IP address by parsing it out from the results of the ifconfig command.

Here it is, in case you'd like to use it.

#!/usr/bin/perl -w
#use Socket;
#use Sys::Hostname;
#my $host = hostname();
#my $addr = inet_ntoa( scalar(gethostbyname($host)) || 'localhost');
#print $host . "\n" . $addr;
$net = `/sbin/ifconfig | grep 'eth0'`;
if (length($net)) {
        $net = `/sbin/ifconfig eth0 | grep 'inet addr'`;
        if (!length($net)) {
           $net = `/sbin/ifconfig eth0 | grep 'inet end.'`;
        }
        if (length($net)) {
           chop($net);
           @netip = split/:/,$net;
           $netip[1] =~ /(\d{1,3}).(\d{1,3}).(\d{1,3}).(\d{1,3})/;
           $ip = $1 .".". $2 .".". $3 .".". $4;
           print "". $ip ."\n";
        }
        else {
           print "Not Found\n";
        }
}
else {
   print "Error\n";
}
Tags: , , , , , , ,
No comments yet.

Leave a Comment

*