I have an application in which we follow blue/green deployment.so we are having one active environment(1) and passive environment(2), for this we are using application load balance to divert traffic from active to passive. Here we use the ALB http header rules,
x-canary=true, forward traffic to target group 1.
x-canary=false,forward traffic to target group 2.
And if we don't give any header value by default traffic goes to target group 2.
But the problem here is whenever I give the http header x-canary= true traffic is not diverting to target group 1.
x-canary=false, forward to target group 2 then traffic going to target group 2.
x-canary=true, forward to target group 1 then traffic not diverting to it.
Related
I have a freshly installed fusionpbx server on the cloud and I created a few extensions and I registered my gateway which in this case is flowroute. I created the outbound routes and everything looked OK besides the incoming calls which are not working.
In the access control I added all IP addresses that flowroute has on their website. I made sure to add :5080 but it still doesn't work.
I made sure flowroute is sending it to :5080. I added all IP adresses in the ACL list. And if I use "sngrep" it doesn't even show any incoming calls. And when I check in flowroute it says "Unavailable - No trunk or registration 604".
I am trying to reach the list of user devices with a GET here:
https://graph.microsoft.com/beta/me/devices
I am using the Graph Explorer at https://developer.microsoft.com/en-us/graph/graph-explorer
I get a 500 error response.
In addition to the Graph Explorer, I also tried making the HTTP request manually using a token for a demo tenant, for a user that has at least 1 registered device. Same result.
Any ideas what could be wrong here?
In case you have network virtual appliances (NVA) such as firewall to inspect the network traffic, ensure that the required ports are allowed.
Also in case the traffic is force tunneled, ensure that the UDR routes for control plane ip addresses and others are added. Virtual network gateway route propagation settings should also be properly set up. Else, you might have asymmetric routing issues.
For a scaling solution with Ant Media Server, how do we whitelist IP when using a load balancer? As you know for load balancer IP dynamically changes, and Ant Media Server can now white list domain name?
How should be the setup?
You have 2 choices for this request.
Option 1 - Setting IP Filter with REST Method
Step 1 - Remove below code snippets in /AMS_DIR/webapps/root/WEB-INF/web.xml
<filter>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>io.antmedia.console.rest.AuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/rest/*</url-pattern>
</filter-mapping>
Step 2 - Request Application Settings with following REST Method which supports GET method
http://domain-address.com:5080/rest/getSettings/WebRTCAppEE
Returns settings object for that application.
Step 3 - Add/edit remoteAllowedCIDR field in the settings object and send the settings to object to the following REST method below.
http://domain-address:5080/rest/changeSettings/WebRTCAppEE
Request Type: POST
Content-Type: application/json
You can add comma separated CIDR notations or IP Addresses to the remoteAllowedCIDR. For instance:
remoteAllowedCIDR=127.0.0.1,12.44.55.3/24,192.123.33.66
Note: You can change request https, port address, an application like WebRTCAppEE
Option 2 - Setting IP Filter with MongoDB
Step 1 - Update settings.remoteAllowedCIDR and updateTime field in the settings object in MongoDB -> clusterdb -> AppSettings collection. Also, you can connect MongoDB with service.
a- You can change settings.remoteAllowedCIDR the same way you do above
b- You should also update the updateTime field. You can set the current time in milliseconds(System.currentTimeMillis()). Let me give some more information about why we need to update updateTime.
Each AMS checks periodically updateTime field in AppSettings to update application settings. So, after the updated remoteAllowedCIDR field, you need to update updateTime field to let each node update itself.
Note: In the clusterdb, the application settings are storing in MongoDB as a collection.
You can also check out the following docs for MongoDB transactions and AppSettings class:
https://docs.mongodb.com/manual/core/transactions-in-applications/
https://docs.mongodb.com/manual/crud/#update-operations
https://github.com/ant-media/Ant-Media-Server-Common/blob/master/src/main/java/io/antmedia/AppSettings.java#L533
In this kind of setup I suggest to make use of security on the load balancer level.
Quick option for disabling IP security in Ant admin would be to put a 0.0.0.0/0 wildcard.
Traffic Distributor (https://docs.jelastic.com/traffic-distributor) is a cool feature which add's load balancing to your app and enables Blue/Green deploy.
However, seems that there's no API to control traffic distributor so it's impossible to automate new releases rollout.
Is there a way to do this?
There is a possibility to create and control Traffic Distributor via API.
Let us explain the flow...
At first, you should login to the platform and get your session.
This can be done by next API request:
https://app.{platform_domain}/1.0/users/authentication/rest/signin/login={your_email}&password={your_password}
If you are using Jelastic platform v5.1+ you should perform the mentioned request as POST.
As example, you can do this using curl:
curl 'https://app.{platform_domain}/1.0/users/authentication/rest/signin' -d "login={your_email}&password={your_password}"
Next, you can create the Traffic Distributor using this request:
http://appstore.{platform_domain}/InstallApp?envName=[env_name]&session=[your_session]&jps=traffic-distributor&displayName=[disp_env_name]&settings={"extip":true,"balancerCount":1,"routingMethod":"round-robin","range":50,"backend1":"{environment_1}","backend2":"{environment_2}"}
, where
[env_name] - the name of the environment.
[disp_env_name] - the visible name of the environment in the Dashboard.
[your_session] - your session, which can be taken from the response of the previous request.
The necessary settings of the Traffic Distributor can be specified inside the JSON:
extip - enables the external IP for the Traffic Distributor ( Highly recommended! ).
balancerCount - count of the balancers inside the Traffic Distributor. (by default = 1)
routingMethod - defines the necessary method of the traffic's routing.
You can specify next possible values: round-robin, sticky-sessions or failover
range - define the percent of the traffic, that will be routed to the first environment.
For example:
0 - All requests will be routed to the {environment_2},
100 - All requests will be routed to the {environment_1},
50 - All requests will be balanced between environments equally.
{environment_1} - URL to the first environment like env-XXXXXXX.{platform_domain}
{environment_2} - URL to the second environment like env-XXXXXXX.{platform_domain}
After executing this method - Traffic Distributor will appear in the Jelastic Dashboard.
Please, execute next API request to take the "uniqueName" value from the response (inside the Addons section):
https://app.{Platform_domain}/1.0/environment/control/rest/getenvinfo?envname=[env_name]&session=[your_session]
, where [env_name] - the name of the created environment with the Traffic Distributor addon.
Now you can control the settings of the created Traffic Distributor by next API:
https://appstore.{Platform_domain}/ExecuteAppAction?session=[your_session]&appUniqueName=[app_unique_name]&action=configure¶ms={"extip":1,"balancerCount":1,"routingMethod":"sticky-sessions","range":50,"backend1":"{environment_1}","backend2":"{environment_2}"}
, where
[app_unique_name] - the value "uniqueName" from the response of the previous request.
The settings inside the JSON exactly the same as for the InstallApp API request.
I'm new to haproxy and load balancing. I want to see what happens when a backend host is turned off while the proxy is running.
The problem is, if I turn off one of the backends and refresh the browser the page immediateltly exposes a 503 error to the user. After the next page load, it no longer gets the error since presumably that backend has been removed from the pool.
As a test I have set up two backend Flask apps and configured HAProxy to balance them like so:
backend app
mode http
balanace roundrobin
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
My understanding according to this:
https://www.haproxy.com/doc/aloha/7.0/haproxy/healthchecks.html#check-parameters
is that every 2 seconds a the backend hosts are pingged to see if they are up. Then they are removed from the pool if they are down. The 5xx error happens between the time I kill the backend and the 2 seconds.
I would think there is a way to get around this 5xx error by having HAProxy perform a little logic such that if a request from the frontend fails, it would then remove that failed backend from the pool and then switch to another and make another request. This way the user would never see the failure.
Is there a way to do this, or should I try something else so that my user does not get an error?
By default haproxy will retry 3 times (retries) with 1s intervals to the same backend. In order to allow to take another backend you should set option redispatch.
Also consider to (carefully, it can be hamrful):
decrease fall (default is 3),
decrease error-limit (default is 10) and set on-error to mark-down or sudden-death
tune healthcheck intervals with inter/fastinter/downinter
Note: Haproxy retries only on connection errors (e.g. ECONNNREFUSED like in your case), it will not resend/resubmit request/data.