----- Original Message -----
> From: "Rajat Chopra" <rchopra redhat com>
> To: "Clayton Coleman" <ccoleman redhat com>
> Cc: dev lists openshift redhat com
This is not something we enable well yet. He's not talking about HA apps. He's talking about DIY routing/proxying for all apps.> Sent: Monday, November 11, 2013 4:58:00 PM
> Subject: Re: Routing SPI
> ----- Original Message -----
> > From: "Clayton Coleman" <ccoleman redhat com>
> > To: "Philibert Romain" <romain philibert worldline com>
> > Cc: dev lists openshift redhat com
> > Sent: Monday, November 11, 2013 7:11:00 AM
> > Subject: Re: Routing SPI
> > Hey Romain - didn't see any responses to the public list, so I'll
> > throw a
> > couple of answers in where I know.
> > On Nov 6, 2013, at 9:10 AM, Philibert Romain <
> > romain philibert worldline com
> > > wrote:
> > Hello everyone,
> > We are currently playing with the Routing SPI, on the latest master
> > of
> > origin.
> > It works quite well. I published a gist explaining how to use it :
> > https://gist.github.com/Filirom1/7334311
> > Our goal is to build an nginx OpenShift LoadBalancer that will bypass Node
> > Apache, HAProxy and Node Proxy.
Gears bind to internal ports. You have to go through either the Node httpd or Node tcp proxy (which is now iptables-based, not haproxy) to reach them at all. And I'd like to point out, apps that are not scaled don't currently expose any ports via the tcp proxy, so the only way to reach them is via the httpd proxy.
> > Another thing I notice, is that `add_gear` and `delete_gear` messages areFor this user, it's not just HA apps. It's all ports on all apps. Whether that's a use case we want to support is not clear to me.
> > only published if the application is HA. Is it wanted ?
> > Sounds like a bug - I'll make sure one is filed.
> It is an intended outcome. Not a bug. Isn't the entire routing SPI
> meant for applications who want to have the HA routing layer? So we
> skip the hassle for those who are not designated so.
> We can always change the behaviour, counter-arguments please?
The only way I can see doing this is if HTTP requests and git/ssh requests have different hostnames. Which they do if it's an HA app (the ha-app-name can then be pointed to the router); otherwise not. So the only way to do it for all apps currently is to make all apps HA. Do we want to do it for all apps?
> > The last question is how can I force every http request to pass through the
> > nginx (nginx servers are different from node servers), and ssh/git requests
> > to access the node directly ?
Is it maybe valuable to introduce an option to always create two different app names, one for web and one for ssh? Maybe app-namespace continues to be web (may be pointed to router if desired), and git-app-namespace always points to node? At least something like this split is implied by the desire to route web access and ssh access differently for ALL apps.
> The difference between web requests vs ssh/git requests should be
> resolved using the DNS entries.
> There should be one DNS meant for web requests and another for
> ssh/git. And that is what the event 'make-ha' does.
> - A given app's default dns is not HA, because it points to the
> first-gear/head-gear/deploy-gear of the app. e.g.
> - If one uses the appname-namespace.rhcloud.com DNS then both the
> git/ssh and web/http requests land on the first gear without the
> router knowing anything about it.
> - Enter the HA DNS entry - ha-appname-namespace.rhcloud.com ! This
> dns points to the router with the assumption that some
> vhost/mod-rewrite/nginx-http-rewrite exists in the router to do
> forward/reverse proxy with the appropriate url mapping.
> With two DNS entries, one pointing to the router and the other to the
> head-gear, we do not have to worry about 'move' etc. The fallout is
> that git-push/ssh is not HA. Only the web requests become HA.
> Eventually we can figure out how to resolve/re-map git/ssh DNS if
> the head gear/node goes down.
dev mailing list
dev lists openshift redhat com