Show More
@@ -8,7 +8,7 b' the information in the following section' | |||||
8 |
|
8 | |||
9 | .. toctree:: |
|
9 | .. toctree:: | |
10 |
|
10 | |||
|
11 | apache-conf-example | |||
11 | apache-diffie-hellman |
|
12 | apache-diffie-hellman | |
12 | apache-conf-example |
|
|||
13 | apache-subdirectory |
|
13 | apache-subdirectory | |
14 | apache-wsgi-coding |
|
14 | apache-wsgi-coding |
@@ -7,7 +7,7 b' Use the following example to configure N' | |||||
7 | .. code-block:: nginx |
|
7 | .. code-block:: nginx | |
8 |
|
8 | |||
9 | ## rate limiter for certain pages to prevent brute force attacks |
|
9 | ## rate limiter for certain pages to prevent brute force attacks | |
10 |
limit_req_zone $binary_remote_addr zone= |
|
10 | limit_req_zone $binary_remote_addr zone=req_limit:10m rate=1r/s; | |
11 |
|
11 | |||
12 | ## custom log format |
|
12 | ## custom log format | |
13 | log_format log_custom '$remote_addr - $remote_user [$time_local] ' |
|
13 | log_format log_custom '$remote_addr - $remote_user [$time_local] ' | |
@@ -18,7 +18,7 b' Use the following example to configure N' | |||||
18 | ## define upstream (local RhodeCode instance) to connect to |
|
18 | ## define upstream (local RhodeCode instance) to connect to | |
19 | upstream rc { |
|
19 | upstream rc { | |
20 | # Url to running RhodeCode instance. |
|
20 | # Url to running RhodeCode instance. | |
21 | # This is shown as `- URL:` in output from rccontrol status. |
|
21 | # This is shown as `- URL: <host>` in output from rccontrol status. | |
22 | server 127.0.0.1:10002; |
|
22 | server 127.0.0.1:10002; | |
23 |
|
23 | |||
24 | # add more instances for load balancing |
|
24 | # add more instances for load balancing | |
@@ -85,9 +85,10 b' Use the following example to configure N' | |||||
85 | # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits |
|
85 | # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits | |
86 | #ssl_dhparam /etc/nginx/ssl/dhparam.pem; |
|
86 | #ssl_dhparam /etc/nginx/ssl/dhparam.pem; | |
87 |
|
87 | |||
|
88 | # example of proxy.conf can be found in our docs. | |||
88 | include /etc/nginx/proxy.conf; |
|
89 | include /etc/nginx/proxy.conf; | |
89 |
|
90 | |||
90 | ## serve static files by Nginx, recommended for performance |
|
91 | ## uncomment to serve static files by Nginx, recommended for performance | |
91 | # location /_static/rhodecode { |
|
92 | # location /_static/rhodecode { | |
92 | # gzip on; |
|
93 | # gzip on; | |
93 | # gzip_min_length 500; |
|
94 | # gzip_min_length 500; | |
@@ -96,6 +97,7 b' Use the following example to configure N' | |||||
96 | # gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; |
|
97 | # gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; | |
97 | # gzip_vary on; |
|
98 | # gzip_vary on; | |
98 | # gzip_disable "msie6"; |
|
99 | # gzip_disable "msie6"; | |
|
100 | # alias /path/to/.rccontrol/community-1/static; | |||
99 | # alias /path/to/.rccontrol/enterprise-1/static; |
|
101 | # alias /path/to/.rccontrol/enterprise-1/static; | |
100 | # } |
|
102 | # } | |
101 |
|
103 | |||
@@ -120,9 +122,9 b' Use the following example to configure N' | |||||
120 | proxy_set_header Connection "upgrade"; |
|
122 | proxy_set_header Connection "upgrade"; | |
121 | } |
|
123 | } | |
122 |
|
124 | |||
|
125 | ## rate limit this endpoint to prevent login page brute-force attacks | |||
123 | location /_admin/login { |
|
126 | location /_admin/login { | |
124 | ## rate limit this endpoint |
|
127 | limit_req zone=req_limit burst=10 nodelay; | |
125 | limit_req zone=dl_limit burst=10 nodelay; |
|
|||
126 | try_files $uri @rhode; |
|
128 | try_files $uri @rhode; | |
127 | } |
|
129 | } | |
128 |
|
130 | |||
@@ -138,6 +140,7 b' Use the following example to configure N' | |||||
138 | ## is turned off |
|
140 | ## is turned off | |
139 | error_page 502 /502.html; |
|
141 | error_page 502 /502.html; | |
140 | location = /502.html { |
|
142 | location = /502.html { | |
|
143 | #root /path/to/.rccontrol/community-1/static; | |||
141 | root /path/to/.rccontrol/enterprise-1/static; |
|
144 | root /path/to/.rccontrol/enterprise-1/static; | |
142 | } |
|
145 | } | |
143 | } No newline at end of file |
|
146 | } |
@@ -8,7 +8,7 b' the information in the following section' | |||||
8 |
|
8 | |||
9 | .. toctree:: |
|
9 | .. toctree:: | |
10 |
|
10 | |||
|
11 | nginx-config-example | |||
11 | nginx-diffie-hellman |
|
12 | nginx-diffie-hellman | |
12 |
nginx-conf |
|
13 | nginx-proxy-conf | |
13 | nginx-tuning |
|
|||
14 | nginx-url-prefix |
|
14 | nginx-url-prefix |
@@ -1,7 +1,8 b'' | |||||
1 |
.. _nginx- |
|
1 | .. _nginx-proxy-conf: | |
2 |
|
2 | |||
3 |
Nginx |
|
3 | Nginx Proxy Config | |
4 | ------------ |
|
4 | ------------------ | |
|
5 | ||||
5 |
|
6 | |||
6 | Set the following properties in your ``/etc/nginx/proxy.conf`` so it does not |
|
7 | Set the following properties in your ``/etc/nginx/proxy.conf`` so it does not | |
7 | timeout during large pushes. |
|
8 | timeout during large pushes. |
@@ -1,7 +1,7 b'' | |||||
1 | .. _hg-lrg-loc: |
|
1 | .. _hg-lrg-loc: | |
2 |
|
2 | |||
3 |
|
|
3 | |hg| Large Files Location | |
4 |
------------------------- |
|
4 | ------------------------- | |
5 |
|
5 | |||
6 | |RCE| manages |hg| larges files from the following default location |
|
6 | |RCE| manages |hg| larges files from the following default location | |
7 | :file:`/home/{user}/repos/.cache/largefiles`. If you wish to change this, use |
|
7 | :file:`/home/{user}/repos/.cache/largefiles`. If you wish to change this, use |
@@ -1,7 +1,7 b'' | |||||
1 | .. _git-lfs-loc: |
|
1 | .. _git-lfs-loc: | |
2 |
|
2 | |||
3 |
|
|
3 | |git| LFS storage Location | |
4 |
-------------------------- |
|
4 | -------------------------- | |
5 |
|
5 | |||
6 | |RCE| manages |git| LFS files from the following default location |
|
6 | |RCE| manages |git| LFS files from the following default location | |
7 | :file:`/home/{user}/repos/.cache/lfs_store`. If you wish to change this, use |
|
7 | :file:`/home/{user}/repos/.cache/lfs_store`. If you wish to change this, use |
@@ -1,14 +1,13 b'' | |||||
1 | .. _increase-gunicorn: |
|
1 | .. _increase-gunicorn: | |
2 |
|
2 | |||
3 |
|
|
3 | Configure Gunicorn Workers | |
4 | ------------------------- |
|
4 | -------------------------- | |
5 |
|
5 | |||
6 |
|
6 | |||
7 | |RCE| comes with `Gunicorn`_ packaged in its Nix environment. |
|
7 | |RCE| comes with `Gunicorn`_ which is a Python WSGI HTTP Server for UNIX. | |
8 | Gunicorn is a Python WSGI HTTP Server for UNIX. |
|
|||
9 |
|
8 | |||
10 | To improve |RCE| performance you can increase the number of `Gunicorn`_ workers. |
|
9 | To improve |RCE| performance you can increase the number of `Gunicorn`_ workers. | |
11 | This allows to handle more connections concurently, and provide better |
|
10 | This allows to handle more connections concurrently, and provide better | |
12 | responsiveness and performance. |
|
11 | responsiveness and performance. | |
13 |
|
12 | |||
14 | By default during installation |RCC| tries to detect how many CPUs are |
|
13 | By default during installation |RCC| tries to detect how many CPUs are | |
@@ -18,8 +17,11 b" However sometimes it's better to manuall" | |||||
18 | To do this, use the following steps: |
|
17 | To do this, use the following steps: | |
19 |
|
18 | |||
20 | 1. Open the :file:`home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file. |
|
19 | 1. Open the :file:`home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file. | |
21 |
2. In the ``[server:main]`` section, |
|
20 | 2. In the ``[server:main]`` section, change the number of Gunicorn | |
22 | ``workers`` using the following formula :math:`(2 * Cores) + 1`. |
|
21 | ``workers`` using the following default formula :math:`(2 * Cores) + 1`. | |
|
22 | We however not recommend using more than 8-12 workers per server. It's better | |||
|
23 | to start using the :ref:`scale-horizontal-cluster` in case that performance | |||
|
24 | with 8-12 workers is not enough. | |||
23 |
|
25 | |||
24 | .. code-block:: ini |
|
26 | .. code-block:: ini | |
25 |
|
27 |
@@ -1,7 +1,7 b'' | |||||
1 | .. _db-session-ref: |
|
1 | .. _db-session-ref: | |
2 |
|
2 | |||
3 |
|
|
3 | Database Performance | |
4 |
-------------------- |
|
4 | -------------------- | |
5 |
|
5 | |||
6 | For tuning PostgreSQL we recommend reading: http://www.revsys.com/writings/postgresql-performance.html |
|
6 | For tuning PostgreSQL we recommend reading: http://www.revsys.com/writings/postgresql-performance.html | |
7 |
|
7 |
@@ -12,8 +12,7 b' may find some of the following methods u' | |||||
12 | tuning-vcs-memory-cache |
|
12 | tuning-vcs-memory-cache | |
13 | tuning-user-sessions-performance |
|
13 | tuning-user-sessions-performance | |
14 | tuning-increase-db-performance |
|
14 | tuning-increase-db-performance | |
15 | tuning-scale-horizontally |
|
15 | tuning-scale-horizontally-cluster | |
16 | tuning-increase-cache-size |
|
|||
17 | tuning-mount-cache-memory |
|
16 | tuning-mount-cache-memory | |
18 | tuning-change-encoding |
|
17 | tuning-change-encoding | |
19 | tuning-change-large-file-dir |
|
18 | tuning-change-large-file-dir |
@@ -1,58 +1,383 b'' | |||||
1 | .. _scale-horizontal: |
|
1 | .. _scale-horizontal-cluster: | |
|
2 | ||||
2 |
|
3 | |||
3 | Scale Horizontally |
|
4 | Scale Horizontally / RhodeCode Cluster | |
4 | ------------------ |
|
5 | -------------------------------------- | |
5 |
|
6 | |||
6 | |RCE| is built in a way it support horizontal scaling across multiple machines. |
|
7 | |RCE| is built in a way it support horizontal scaling across multiple machines. | |
7 |
There are t |
|
8 | There are three main pre-requisites for that: | |
8 |
|
9 | |||
9 | - Shared storage that each machine can access. |
|
10 | - Shared storage that each machine can access. Using NFS or other shared storage system. | |
10 | - Shared DB connection across machines. |
|
11 | - Shared DB connection across machines. Using `MySQL`/`PostgreSQL` that each node can access. | |
|
12 | - |RCE| user sessions and caches need to use a shared storage (e.g `Redis`_/`Memcached`) | |||
11 |
|
13 | |||
12 |
|
14 | |||
13 | Horizontal scaling means adding more machines or workers into your pool of |
|
15 | Horizontal scaling means adding more machines or workers into your pool of | |
14 | resources. Horizontally scaling |RCE| gives a huge performance increase, |
|
16 | resources. Horizontally scaling |RCE| gives a huge performance increase, | |
15 |
especially under large traffic scenarios with a high number of requests. |
|
17 | especially under large traffic scenarios with a high number of requests. | |
16 | is very beneficial when |RCE| is serving many users simultaneously, |
|
18 | This is very beneficial when |RCE| is serving many users simultaneously, | |
17 | or if continuous integration servers are automatically pulling and pushing code. |
|
19 | or if continuous integration servers are automatically pulling and pushing code. | |
|
20 | It also adds High-Availability to your running system. | |||
|
21 | ||||
|
22 | ||||
|
23 | Cluster Overview | |||
|
24 | ^^^^^^^^^^^^^^^^ | |||
|
25 | ||||
|
26 | Below we'll present a configuration example that will use two separate nodes to serve | |||
|
27 | |RCE| in a load-balanced environment. The 3rd node will act as a shared storage/cache | |||
|
28 | and handle load-balancing. In addition 3rd node will be used as shared database instance. | |||
|
29 | ||||
|
30 | This setup can be used both in Docker based configuration or with individual | |||
|
31 | physical/virtual machines. Using the 3rd node for Storage/Redis/PostgreSQL/Nginx is | |||
|
32 | optional. All those components can be installed on one of the two nodes used for |RCE|. | |||
|
33 | We'll use following naming for our nodes: | |||
|
34 | ||||
|
35 | - `rc-node-1` (NFS, DB, Cache node) | |||
|
36 | - `rc-node-2` (Worker node1) | |||
|
37 | - `rc-node-3` (Worker node2) | |||
|
38 | ||||
|
39 | Our shares NFS storage in the example is located on `/home/rcdev/storage` and | |||
|
40 | it's RW accessible on **each** node. | |||
|
41 | ||||
|
42 | In this example we used certain recommended components, however many | |||
|
43 | of those can be replaced by other, in case your organization already uses them, for example: | |||
|
44 | ||||
|
45 | - `MySQL`/`PostgreSQL`: Aren't replaceable and are the two only supported databases. | |||
|
46 | - `Nginx`_ on `rc-node-1` can be replaced by: `Hardware Load Balancer (F5)`, `Apache`_, `HA-Proxy` etc. | |||
|
47 | - `Nginx`_ on rc-node-2/3 acts as a reverse proxy and can be replaced by other HTTP server | |||
|
48 | acting as reverse proxy such as `Apache`_. | |||
|
49 | - `Redis`_ on `rc-node-1` can be replaced by: `Memcached` | |||
|
50 | ||||
|
51 | ||||
|
52 | Here's an overview what components should be installed/setup on each server in our example: | |||
|
53 | ||||
|
54 | - **rc-node-1**: | |||
|
55 | ||||
|
56 | - main storage acting as NFS host. | |||
|
57 | - `nginx` acting as a load-balancer. | |||
|
58 | - `postgresql-server` used for database and sessions. | |||
|
59 | - `redis-server` used for storing shared caches. | |||
|
60 | - optionally `rabbitmq-server` for `Celery` if used. | |||
|
61 | - optionally if `Celery` is used Enterprise/Community instance + VCSServer. | |||
|
62 | - optionally mailserver that can be shared by other instances. | |||
|
63 | - optionally channelstream server to handle live communication for all instances. | |||
|
64 | ||||
|
65 | ||||
|
66 | - **rc-node-2/3**: | |||
|
67 | ||||
|
68 | - `nginx` acting as a reverse proxy to handle requests to |RCE|. | |||
|
69 | - 1x RhodeCode Enterprise/Community instance. | |||
|
70 | - 1x VCSServer instance. | |||
|
71 | - optionally for testing connection: postgresql-client, redis-client (redis-tools). | |||
|
72 | ||||
|
73 | ||||
|
74 | Before we start here are few assumptions that should be fulfilled: | |||
|
75 | ||||
|
76 | - make sure each node can access each other. | |||
|
77 | - make sure `Redis`_/`MySQL`/`PostgreSQL`/`RabbitMQ`_ are running on `rc-node-1` | |||
|
78 | - make sure both `rc-node-2`/`3` can access NFS storage with RW access | |||
|
79 | - make sure rc-node-2/3 can access `Redis`_/`PostgreSQL`, `MySQL` database on `rc-node-1`. | |||
|
80 | - make sure `Redis`_/Database/`RabbitMQ`_ are password protected and accessible only from rc-node-2/3. | |||
|
81 | ||||
18 |
|
82 | |||
19 |
|
83 | |||
20 | If you scale across different machines, each |RCM| instance |
|
84 | Setup rc-node-2/3 | |
21 | needs to store its data on a shared disk, preferably together with your |
|
85 | ^^^^^^^^^^^^^^^^^ | |
22 | |repos|. This data directory contains template caches, a full text search index, |
|
86 | ||
23 | and is used for task locking to ensure safety across multiple instances. |
|
87 | Initially before `rc-node-1` we'll configure both nodes 2 and 3 to operate as standalone | |
24 | To do this, set the following properties in the :file:`rhodecode.ini` file to |
|
88 | nodes with their own hostnames. Use a default installation settings, and use | |
25 | set the shared location across all |RCM| instances. |
|
89 | the default local addresses (127.0.0.1) to configure VCSServer and Community/Enterprise instances. | |
|
90 | All external connectivity will be handled by the reverse proxy (`Nginx`_ in our example). | |||
|
91 | ||||
|
92 | This way we can ensure each individual host works, | |||
|
93 | accepts connections, or do some operations explicitly on chosen node. | |||
|
94 | ||||
|
95 | In addition this would allow use to explicitly direct certain traffic to a node, e.g | |||
|
96 | CI server will only call directly `rc-node-3`. This should be done similar to normal | |||
|
97 | installation so check out `Nginx`_/`Apache`_ configuration example to configure each host. | |||
|
98 | Each one should already connect to shared database during installation. | |||
|
99 | ||||
|
100 | ||||
|
101 | 1) Assuming our final url will be http://rc-node-1, Configure `instances_id`, `app.base_url` | |||
|
102 | ||||
|
103 | a) On **rc-node-2** find the following settings and edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` | |||
|
104 | ||||
|
105 | .. code-block:: ini | |||
|
106 | ||||
|
107 | ## required format is: *NAME- | |||
|
108 | instance_id = *rc-node-2- | |||
|
109 | app.base_url = http://rc-node-1 | |||
|
110 | ||||
|
111 | ||||
|
112 | b) On **rc-node-3** find the following settings and edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` | |||
|
113 | ||||
|
114 | .. code-block:: ini | |||
|
115 | ||||
|
116 | ## required format is: *NAME- | |||
|
117 | instance_id = *rc-node-3- | |||
|
118 | app.base_url = http://rc-node-1 | |||
|
119 | ||||
|
120 | ||||
|
121 | ||||
|
122 | 2) Configure `User Session` to use a shared database. Example config that should be | |||
|
123 | changed on both node 2 and 3. Edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` | |||
|
124 | ||||
|
125 | .. code-block:: ini | |||
|
126 | ||||
|
127 | #################################### | |||
|
128 | ### BEAKER SESSION #### | |||
|
129 | #################################### | |||
|
130 | ||||
|
131 | ## Disable the default `file` sessions | |||
|
132 | #beaker.session.type = file | |||
|
133 | #beaker.session.data_dir = %(here)s/data/sessions | |||
|
134 | ||||
|
135 | ## use shared db based session, fast, and allows easy management over logged in users | |||
|
136 | beaker.session.type = ext:database | |||
|
137 | beaker.session.table_name = db_session | |||
|
138 | # use our rc-node-1 here | |||
|
139 | beaker.session.sa.url = postgresql://postgres:qweqwe@rc-node-1/rhodecode | |||
|
140 | beaker.session.sa.pool_recycle = 3600 | |||
|
141 | beaker.session.sa.echo = false | |||
|
142 | ||||
|
143 | In addition make sure both instances use the same `session.secret` so users have | |||
|
144 | persistent sessions across nodes. Please generate other one then in this example. | |||
|
145 | ||||
|
146 | .. code-block:: ini | |||
|
147 | ||||
|
148 | # use an unique generated long string | |||
|
149 | beaker.session.secret = 70e116cae2274656ba7265fd860aebbd | |||
|
150 | ||||
|
151 | 3) Configure stored cached/archive cache to our shared NFS `rc-node-1` | |||
26 |
|
152 | |||
27 | .. code-block:: ini |
|
153 | .. code-block:: ini | |
28 |
|
154 | |||
29 | cache_dir = /shared/path/caches # set to shared location |
|
155 | # note the `_` prefix that allows using a directory without | |
30 | search.location = /shared/path/search_index # set to shared location |
|
156 | # remap and rescan checking for vcs inside it. | |
|
157 | cache_dir = /home/rcdev/storage/_cache_dir/data | |||
|
158 | # note archive cache dir is disabled by default, however if you enable | |||
|
159 | # it also needs to be shared | |||
|
160 | #archive_cache_dir = /home/rcdev/storage/_tarball_cache_dir | |||
|
161 | ||||
|
162 | ||||
|
163 | 4) Change cache backends to use `Redis`_ based caches. Below full example config | |||
|
164 | that replaces default file-based cache to shared `Redis`_ with Distributed Lock. | |||
|
165 | ||||
|
166 | ||||
|
167 | .. code-block:: ini | |||
|
168 | ||||
|
169 | ##################################### | |||
|
170 | ### DOGPILE CACHE #### | |||
|
171 | ##################################### | |||
|
172 | ||||
|
173 | ## `cache_perms` cache settings for permission tree, auth TTL. | |||
|
174 | #rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace | |||
|
175 | #rc_cache.cache_perms.expiration_time = 300 | |||
|
176 | ||||
|
177 | ## alternative `cache_perms` redis backend with distributed lock | |||
|
178 | rc_cache.cache_perms.backend = dogpile.cache.rc.redis | |||
|
179 | rc_cache.cache_perms.expiration_time = 300 | |||
|
180 | ## redis_expiration_time needs to be greater then expiration_time | |||
|
181 | rc_cache.cache_perms.arguments.redis_expiration_time = 7200 | |||
|
182 | rc_cache.cache_perms.arguments.socket_timeout = 30 | |||
|
183 | rc_cache.cache_perms.arguments.host = rc-node-1 | |||
|
184 | rc_cache.cache_perms.arguments.password = qweqwe | |||
|
185 | rc_cache.cache_perms.arguments.port = 6379 | |||
|
186 | rc_cache.cache_perms.arguments.db = 0 | |||
|
187 | rc_cache.cache_perms.arguments.distributed_lock = true | |||
|
188 | ||||
|
189 | ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS | |||
|
190 | #rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace | |||
|
191 | #rc_cache.cache_repo.expiration_time = 2592000 | |||
|
192 | ||||
|
193 | ## alternative `cache_repo` redis backend with distributed lock | |||
|
194 | rc_cache.cache_repo.backend = dogpile.cache.rc.redis | |||
|
195 | rc_cache.cache_repo.expiration_time = 2592000 | |||
|
196 | ## redis_expiration_time needs to be greater then expiration_time | |||
|
197 | rc_cache.cache_repo.arguments.redis_expiration_time = 2678400 | |||
|
198 | rc_cache.cache_repo.arguments.socket_timeout = 30 | |||
|
199 | rc_cache.cache_repo.arguments.host = rc-node-1 | |||
|
200 | rc_cache.cache_repo.arguments.password = qweqwe | |||
|
201 | rc_cache.cache_repo.arguments.port = 6379 | |||
|
202 | rc_cache.cache_repo.arguments.db = 1 | |||
|
203 | rc_cache.cache_repo.arguments.distributed_lock = true | |||
|
204 | ||||
|
205 | ## cache settings for SQL queries, this needs to use memory type backend | |||
|
206 | rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru | |||
|
207 | rc_cache.sql_cache_short.expiration_time = 30 | |||
|
208 | ||||
|
209 | ## `cache_repo_longterm` cache for repo object instances, this needs to use memory | |||
|
210 | ## type backend as the objects kept are not pickle serializable | |||
|
211 | rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru | |||
|
212 | ## by default we use 96H, this is using invalidation on push anyway | |||
|
213 | rc_cache.cache_repo_longterm.expiration_time = 345600 | |||
|
214 | ## max items in LRU cache, reduce this number to save memory, and expire last used | |||
|
215 | ## cached objects | |||
|
216 | rc_cache.cache_repo_longterm.max_size = 10000 | |||
|
217 | ||||
|
218 | ||||
|
219 | 4) Configure `Nginx`_ as reverse proxy on `rc-node-2/3`: | |||
|
220 | Minimal `Nginx`_ config used: | |||
|
221 | ||||
31 |
|
222 | |||
32 | #################################### |
|
223 | .. code-block:: nginx | |
33 | ### BEAKER CACHE #### |
|
224 | ||
34 | #################################### |
|
225 | ## rate limiter for certain pages to prevent brute force attacks | |
35 | beaker.cache.data_dir = /shared/path/data # set to shared location |
|
226 | limit_req_zone $binary_remote_addr zone=req_limit:10m rate=1r/s; | |
36 | beaker.cache.lock_dir = /shared/path/lock # set to shared location |
|
227 | ||
|
228 | ## custom log format | |||
|
229 | log_format log_custom '$remote_addr - $remote_user [$time_local] ' | |||
|
230 | '"$request" $status $body_bytes_sent ' | |||
|
231 | '"$http_referer" "$http_user_agent" ' | |||
|
232 | '$request_time $upstream_response_time $pipe'; | |||
|
233 | ||||
|
234 | server { | |||
|
235 | listen 80; | |||
|
236 | server_name rc-node-2; | |||
|
237 | #server_name rc-node-3; | |||
|
238 | ||||
|
239 | access_log /var/log/nginx/rhodecode.access.log log_custom; | |||
|
240 | error_log /var/log/nginx/rhodecode.error.log; | |||
|
241 | ||||
|
242 | # example of proxy.conf can be found in our docs. | |||
|
243 | include /etc/nginx/proxy.conf; | |||
|
244 | ||||
|
245 | ## serve static files by Nginx, recommended for performance | |||
|
246 | location /_static/rhodecode { | |||
|
247 | gzip on; | |||
|
248 | gzip_min_length 500; | |||
|
249 | gzip_proxied any; | |||
|
250 | gzip_comp_level 4; | |||
|
251 | gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml; | |||
|
252 | gzip_vary on; | |||
|
253 | gzip_disable "msie6"; | |||
|
254 | #alias /home/rcdev/.rccontrol/community-1/static; | |||
|
255 | alias /home/rcdev/.rccontrol/enterprise-1/static; | |||
|
256 | } | |||
|
257 | ||||
|
258 | ||||
|
259 | location /_admin/login { | |||
|
260 | limit_req zone=req_limit burst=10 nodelay; | |||
|
261 | try_files $uri @rhode; | |||
|
262 | } | |||
|
263 | ||||
|
264 | location / { | |||
|
265 | try_files $uri @rhode; | |||
|
266 | } | |||
|
267 | ||||
|
268 | location @rhode { | |||
|
269 | # Url to running RhodeCode instance. | |||
|
270 | # This is shown as `- URL: <host>` in output from rccontrol status. | |||
|
271 | proxy_pass http://127.0.0.1:10020; | |||
|
272 | } | |||
|
273 | ||||
|
274 | ## custom 502 error page. Will be displayed while RhodeCode server | |||
|
275 | ## is turned off | |||
|
276 | error_page 502 /502.html; | |||
|
277 | location = /502.html { | |||
|
278 | #root /home/rcdev/.rccontrol/community-1/static; | |||
|
279 | root /home/rcdev/.rccontrol/enterprise-1/static; | |||
|
280 | } | |||
|
281 | } | |||
|
282 | ||||
|
283 | ||||
|
284 | 5) Optional: Full text search, in case you use `Whoosh` full text search we also need a | |||
|
285 | shared storage for the index. In our example our NFS is mounted at `/home/rcdev/storage` | |||
|
286 | which represents out storage so we can use the following: | |||
|
287 | ||||
|
288 | .. code-block:: ini | |||
|
289 | ||||
|
290 | # note the `_` prefix that allows using a directory without | |||
|
291 | # remap and rescan checking for vcs inside it. | |||
|
292 | search.location = /home/rcdev/storage/_index_data/index | |||
37 |
|
293 | |||
38 |
|
294 | |||
39 | .. note:: |
|
295 | .. note:: | |
40 |
|
296 | |||
41 | If you use custom caches such as `beaker.cache.auth_plugins.` it's recommended |
|
297 | If you use ElasticSearch it's by default shared, and simply running ES node is | |
42 | to set it to the memcached/redis or database backend so it can be shared |
|
298 | by default cluster compatible. | |
43 | across machines. |
|
299 | ||
|
300 | ||||
|
301 | 6) Optional: If you intend to use mailing all instances need to use either a shared | |||
|
302 | mailing node, or each will use individual local mailagent. Simply put node-1/2/3 needs | |||
|
303 | to use same mailing configuration. | |||
|
304 | ||||
|
305 | ||||
|
306 | ||||
|
307 | Setup rc-node-1 | |||
|
308 | ^^^^^^^^^^^^^^^ | |||
44 |
|
309 | |||
45 |
|
310 | |||
46 | It is recommended to create another dedicated |RCE| instance to handle |
|
311 | Configure `Nginx`_ as Load Balancer to rc-node-2/3. | |
47 | traffic from build farms or continuous integration servers. |
|
312 | Minimal `Nginx`_ example below: | |
|
313 | ||||
|
314 | .. code-block:: nginx | |||
|
315 | ||||
|
316 | ## define rc-cluster which contains a pool of our instances to connect to | |||
|
317 | upstream rc-cluster { | |||
|
318 | # rc-node-2/3 are stored in /etc/hosts with correct IP addresses | |||
|
319 | server rc-node-2:80; | |||
|
320 | server rc-node-3:80; | |||
|
321 | } | |||
|
322 | ||||
|
323 | server { | |||
|
324 | listen 80; | |||
|
325 | server_name rc-node-1; | |||
|
326 | ||||
|
327 | location / { | |||
|
328 | proxy_pass http://rc-cluster; | |||
|
329 | } | |||
|
330 | } | |||
|
331 | ||||
48 |
|
|
332 | ||
49 | .. note:: |
|
333 | .. note:: | |
50 |
|
334 | |||
51 | You should configure your load balancing accordingly. We recommend writing |
|
335 | You should configure your load balancing accordingly. We recommend writing | |
52 | load balancing rules that will separate regular user traffic from |
|
336 | load balancing rules that will separate regular user traffic from | |
53 | automated process traffic like continuous servers or build bots. |
|
337 | automated process traffic like continuous servers or build bots. Sticky sessions | |
|
338 | are not required. | |||
|
339 | ||||
|
340 | ||||
|
341 | Show which instance handles a request | |||
|
342 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |||
|
343 | ||||
|
344 | You can easily check if load-balancing is working as expected. Visit our main node | |||
|
345 | `rc-node-1` URL which at that point should already handle incoming requests and balance | |||
|
346 | it across node-2/3. | |||
|
347 | ||||
|
348 | Add a special GET param `?showrcid=1` to show current instance handling your request. | |||
|
349 | ||||
|
350 | For example: visiting url `http://rc-node-1/?showrcid=1` will show, in the bottom | |||
|
351 | of the screen` cluster instance info. | |||
|
352 | e.g: `RhodeCode instance id: rc-node-3-rc-node-3-3246` | |||
|
353 | which is generated from:: | |||
|
354 | ||||
|
355 | <NODE_HOSTNAME>-<INSTANCE_ID>-<WORKER_PID> | |||
|
356 | ||||
|
357 | ||||
|
358 | Using Celery with cluster | |||
|
359 | ^^^^^^^^^^^^^^^^^^^^^^^^^ | |||
54 |
|
360 | |||
55 | .. note:: |
|
361 | ||
|
362 | If `Celery` is used we recommend setting also an instance of Enterprise/Community+VCSserver | |||
|
363 | on the node that is running `RabbitMQ`_. Those instances will be used to executed async | |||
|
364 | tasks on the `rc-node-1`. This is the most efficient setup. `Celery` usually | |||
|
365 | handles tasks such as sending emails, forking repositories, importing | |||
|
366 | repositories from external location etc. Using workers on instance that has | |||
|
367 | the direct access to disks used by NFS as well as email server gives noticeable | |||
|
368 | performance boost. Running local workers to the NFS storage results in faster | |||
|
369 | execution of forking large repositories or sending lots of emails. | |||
56 |
|
370 | |||
57 | If Celery is used on each instance then you should run separate Celery |
|
371 | Those instances need to be configured in the same way as for other nodes. | |
58 | instances, but the message broker should be the same for all of them. |
|
372 | The instance in rc-node-1 can be added to the cluser, but we don't recommend doing it. | |
|
373 | For best results let it be isolated to only executing `Celery` tasks in the cluster setup. | |||
|
374 | ||||
|
375 | ||||
|
376 | .. _Gunicorn: http://gunicorn.org/ | |||
|
377 | .. _Whoosh: https://pypi.python.org/pypi/Whoosh/ | |||
|
378 | .. _Elasticsearch: https://www.elastic.co/.. | |||
|
379 | .. _RabbitMQ: http://www.rabbitmq.com/ | |||
|
380 | .. _Nginx: http://nginx.io | |||
|
381 | .. _Apache: http://nginx.io | |||
|
382 | .. _Redis: http://redis.io | |||
|
383 |
@@ -1,7 +1,7 b'' | |||||
1 | .. _user-session-ref: |
|
1 | .. _user-session-ref: | |
2 |
|
2 | |||
3 |
|
|
3 | User Session Performance | |
4 |
------------------------ |
|
4 | ------------------------ | |
5 |
|
5 | |||
6 | The default file-based sessions are only suitable for smaller setups, or |
|
6 | The default file-based sessions are only suitable for smaller setups, or | |
7 | instances that doesn't have a lot of users or traffic. |
|
7 | instances that doesn't have a lot of users or traffic. | |
@@ -24,8 +24,9 b' your :file:`/home/{user}/.rccontrol/{ins' | |||||
24 | beaker.session.type = ext:database |
|
24 | beaker.session.type = ext:database | |
25 | beaker.session.table_name = db_session |
|
25 | beaker.session.table_name = db_session | |
26 |
|
26 | |||
27 | # use just one of the following accoring to the type of database |
|
27 | # use just one of the following according to the type of database | |
28 | beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode |
|
28 | beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode | |
|
29 | # or | |||
29 | beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode |
|
30 | beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode | |
30 |
|
31 | |||
31 | beaker.session.sa.pool_recycle = 3600 |
|
32 | beaker.session.sa.pool_recycle = 3600 |
@@ -1,7 +1,7 b'' | |||||
1 | .. _adjust-vcs-mem-cache: |
|
1 | .. _adjust-vcs-mem-cache: | |
2 |
|
2 | |||
3 |
|
|
3 | VCSServer Memory Cache | |
4 |
---------------------- |
|
4 | ---------------------- | |
5 |
|
5 | |||
6 | The VCS Server mamory cache can be adjusted to work best with the resources |
|
6 | The VCS Server mamory cache can be adjusted to work best with the resources | |
7 | available to your |RCE| instance. If you find that memory resources are under |
|
7 | available to your |RCE| instance. If you find that memory resources are under |
1 | NO CONTENT: file was removed |
|
NO CONTENT: file was removed |
General Comments 0
You need to be logged in to leave comments.
Login now