CAS Clustering Not Working

Scott Battaglia scott.battaglia at gmail.com
Tue Oct 16 13:50:49 EDT 2007 

Andrew,

I don't believe there should be any clock skew issue since the expiration
time for a TGT is rather large.  A service ticket's is also pretty large (
i.e. 5 minutes).

-Scott

On 10/16/07, Andrew R Feller <afelle1 at lsu.edu> wrote:
>
>  Cliff,
>
>
>
> Stupid question: what version of CAS are you configuring?
>
>
>
> I examined the source behind the ticket granting ticket expiration class
> and noticed it always references the system time, so even if it was skewed,
> it wouldn't affect things.  Perhaps Scott can comment whether a clock skew
> affects anything in CAS.
>
>
>
> Andrew R Feller, Analyst
>
> Subversion Administrator
>
> University Information Systems
>
> Louisiana State University
>
> afelle1 at lsu.edu
>
> (office) 225.578.3737
>   ------------------------------
>
> *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] *On
> Behalf Of *Clifford Bryant
> *Sent:* Tuesday, October 16, 2007 9:46 AM
> *To:* Yale CAS mailing list
> *Subject:* RE: CAS Clustering Not Working
>
>
>
> Andrew,
>
>
>
> How important is it for the server's clocks to be in sync?  I have been
> playing around with NTP.  I am not sure that I have gotten it right, yet.
> But, the clustering seems to be working.
>
>
>
> Cliff
>
>
>  ------------------------------
>
> *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] *On
> Behalf Of *Andrew R Feller
> *Sent:* Tuesday, October 16, 2007 10:15 AM
> *To:* Yale CAS mailing list
> *Subject:* RE: CAS Clustering Not Working
>
>
>
> Clifford,
>
>
>
> You are correct, JBoss Cache is to replicate CAS' ticket registry.  This
> ticket registry along with Tomcat's session information must be replicated
> amongst all of the clustered machines.  Excuse the obligatory "did you"
> checklist:
>
>
>
>    - Configured Tomcat's conf/server.xml for session replication
>    (different settings than JBoss)
>    - Configured firewall to accept connections for both Tomcat and
>    JBoss session replication
>    - Modified applicationContext for ticket uniqueness and configured
>    cas.properties file with servers' names
>
>
>
> If you could, configure Log4J to log debug messages for
> org.jasig.cas.ticket.registry and org.apache.catalina.cluster.  This might
> tell you why Apache / JBoss hasn't found the other member.
>
>
>
> Andrew R Feller, Analyst
>
> Subversion Administrator
>
> University Information Systems
>
> Louisiana State University
>
> afelle1 at lsu.edu
>
> (office) 225.578.3737
>   ------------------------------
>
> *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] *On
> Behalf Of *Clifford Bryant
> *Sent:* Tuesday, October 16, 2007 7:36 AM
> *To:* Yale CAS mailing list
> *Subject:* RE: CAS Clustering Not Working
>
>
>
> The production environment has 4 Apache/Tomcat servers fronted by a BigIP
> load balancer.
>
>
>
> To test out the concept, I have 2 (virtual) Linux servers each running
> Tomcat, with Apache load balancer on one of them.
>
>
>
> I thought that the JBoss stuff was for the Ticket Cache Replication?
>
>
>  ------------------------------
>
> *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] *On
> Behalf Of *Andrew R Feller
> *Sent:* Tuesday, October 16, 2007 8:17 AM
> *To:* Yale CAS mailing list
> *Subject:* RE: CAS Clustering Not Working
>
>
>
> Clifford,
>
>
>
> What is your intended scenario?  Have you setup two instances of CAS on a
> single machine or are they on different machines?  It appears as though you
> have JBoss configured for localhost (127.0.0.1:32789), which makes me
> curious.
>
>
>
> Andrew R Feller, Analyst
>
> Subversion Administrator
>
> University Information Systems
>
> Louisiana State University
>
> afelle1 at lsu.edu
>
> (office) 225.578.3737
>   ------------------------------
>
> *From:* cas-bounces at tp.its.yale.edu [mailto:cas-bounces at tp.its.yale.edu] *On
> Behalf Of *Clifford Bryant
> *Sent:* Monday, October 15, 2007 12:58 PM
> *To:* cas at tp.its.yale.edu
> *Subject:* CAS Clustering Not Working
>
>
>
> Hi,
>
>
>
> I followed the instructions in the CAS clustering link.  The multicast
> ping is working.  But, the CAS clustering is not working.  If I shut down
> the first server, and browse to the second server, then I am prompted to
> login again to the second server.
>
>
>
> This is the log from Catalina.out.
>
>
>
> Oct 15, 2007 12:44:24 PM org.apache.catalina.cluster.tcp.SimpleTcpClusterstart
>
> INFO: Cluster is about to start
>
> Oct 15, 2007 12:44:24 PM
> org.apache.catalina.cluster.tcp.ReplicationTransmitter start
>
> INFO: Start ClusterSender at cluster Catalina:type=Cluster,host=localhost
> with name Catalina:type=ClusterSender,host=localhost
>
> Oct 15, 2007 12:44:24 PM
> org.apache.catalina.cluster.mcast.McastServiceImpl setupSocket
>
> INFO: Setting cluster mcast TTL to 1
>
> Oct 15, 2007 12:44:24 PM org.apache.catalina.cluster.mcast.McastServicestart
>
> INFO: Sleeping for 2000 milliseconds to establish cluster membership
>
> Oct 15, 2007 12:44:26 PM org.apache.catalina.cluster.mcast.McastServiceregisterMBean
>
> INFO: membership mbean registered
> (Catalina:type=ClusterMembership,host=localhost)
>
> Oct 15, 2007 12:44:29 PM org.apache.catalina.cluster.session.DeltaManagerstart
>
> INFO: Register manager /cas to cluster element Host with name localhost
>
> Oct 15, 2007 12:44:29 PM org.apache.catalina.cluster.session.DeltaManagerstart
>
> INFO: Starting clustering manager at /cas
>
> Oct 15, 2007 12:44:29 PM org.apache.catalina.cluster.session.DeltaManagergetAllClusterSessions
>
> INFO: Manager [/cas]: skipping state transfer. No members active in
> cluster group.
>
> 2007-10-15 12:44:32,075 INFO [org.jasig.cas.util.JBossCacheFactoryBean] -
> <Starting TreeCache service.>
>
>
>
> -------------------------------------------------------
>
> GMS: address is 127.0.0.1:32789
>
>
>
> Cliff Bryant
>
>
>
>
>
>
>
> This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed.  This communication may contain information that is protected from disclosure by applicable law.  If you are not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, be advised that you have received this e-mail in error and any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited.  If you believe that you have received this e-mail in error, please immediately notify Edgewater Technology by telephone at (781) 246-3343 and delete the communication from all e-mail files.
>
>
>
>
>
>
>
> This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed.  This communication may contain information that is protected from disclosure by applicable law.  If you are not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, be advised that you have received this e-mail in error and any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited.  If you believe that you have received this e-mail in error, please immediately notify Edgewater Technology by telephone at (781) 246-3343 and delete the communication from all e-mail files.
>
>
>
>
>
>
>
> This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed.  This communication may contain information that is protected from disclosure by applicable law.  If you are not the intended recipient, or the employee or agent responsible for delivering this communication to the intended recipient, be advised that you have received this e-mail in error and any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited.  If you believe that you have received this e-mail in error, please immediately notify Edgewater Technology by telephone at (781) 246-3343 and delete the communication from all e-mail files.
>
>
>
>
> _______________________________________________
> Yale CAS mailing list
> cas at tp.its.yale.edu
> http://tp.its.yale.edu/mailman/listinfo/cas
>
>


-- 
-Scott Battaglia

LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20071016/9462299c/attachment.html

More information about the cas mailing list