Line: 1 to 1 | ||||||||
---|---|---|---|---|---|---|---|---|
Smartstack Airbnbhttp://nerds.airbnb.com/smartstack-service-discovery-cloud/![]()
Difference to shoal as of Oct 28, 2013Smart stack:
| ||||||||
Changed: | ||||||||
< < |
| |||||||
> > |
| |||||||
RequirementsSmartstack:
SetupNerveNerve (Starting from cernvm-squid-node-2.6.0-4-1-x86_64.ext3.gz):
{ "instance_id": "mymachine", "services": { "squid": { "port": 3121, "host": "127.0.0.1", "zk_hosts": ["localhost:2181"], "zk_path": "/nerve/services/squid/services" } } }Nerve can then be run by (assuming squid and zookeeper are already running): nerve --config /path/to/config ZookeeperZookeeper (Starting from cernvm-basic-2.7.2-1-2-x86_64.ext3.gz):
SynapseSynapse (Starting from cernvm-basic-2.7.2-1-2-x86_64.ext3.gz):
![]() ![]() { "services": { "squid" : { "name": "squid", "local_port": 3219, "server_options": "check inter 2000 rise 3 fall 2", "discovery": { "method": "zookeeper", "path": "/nerve/services/squid/services", "hosts": ["149.165.148.122:2181"] }, "haproxy": { "port": 3213, "server_options": "check inter 2s rise 3 fall 2" } } }, "haproxy": { "reload_command": "sudo service haproxy reload", "config_file_path": "/etc/haproxy/haproxy.cfg", "socket_file_path": "/var/haproxy/stats.sock", "do_writes": false, "do_reloads": false, "do_socket": false, "global": [ "daemon", "user haproxy", "group haproxy", "maxconn 4096", "log 127.0.0.1 local0", "log 127.0.0.1 local1 notice", "stats socket /var/haproxy/stats.sock mode 666 level admin" ], "defaults": [ "log global", "option dontlognull", "maxconn 2000", "retries 3", "timeout connect 5s", "timeout client 1m", "timeout server 1m", "option redispatch", ] } } stunnelStunnel is a wrapper for web services to add SSL support to applications that don't have it. I attempted to add SSL support to nerve and synapse and found it too be quite complicated. User credentials (name+password) are easy enough to add but x509 certificates are not. stunnel allows x509 certificate support to be added without modifying nerve/synapse directly. It is just a proxy that accepts SSL connections via the internet and then over localhost sends the unecrypted data to the webservice that needs SSL. In the case of Smart Stack, commmunication would work like this: Nerve -> unecrypted over loacalhost -> stunnel -> encrypted -> stunnel on zookeeper machine -> unecrypted over localhost -> zookeeper Every part of Smart Stack would need to run stunnel. To setup stunnel, download it from the official site![]() |