##// END OF EJS Templates
docs: updated scaling/cluster docs
marcink -
r3018:26521a96 stable
parent child Browse files
Show More
@@ -1,14 +1,14 b''
1 1 .. _apache-ws-ref:
2 2
3 3 Apache HTTP Server Configuration
4 4 --------------------------------
5 5
6 6 To set up your Apache Web Server for optimal performance and security, use
7 7 the information in the following sections.
8 8
9 9 .. toctree::
10 10
11 apache-conf-example
11 12 apache-diffie-hellman
12 apache-conf-example
13 13 apache-subdirectory
14 14 apache-wsgi-coding
@@ -1,143 +1,146 b''
1 1 Nginx Configuration Example
2 2 ---------------------------
3 3
4 4 Use the following example to configure Nginx as a your web server.
5 5
6 6
7 7 .. code-block:: nginx
8 8
9 9 ## rate limiter for certain pages to prevent brute force attacks
10 limit_req_zone $binary_remote_addr zone=dl_limit:10m rate=1r/s;
10 limit_req_zone $binary_remote_addr zone=req_limit:10m rate=1r/s;
11 11
12 12 ## custom log format
13 13 log_format log_custom '$remote_addr - $remote_user [$time_local] '
14 14 '"$request" $status $body_bytes_sent '
15 15 '"$http_referer" "$http_user_agent" '
16 16 '$request_time $upstream_response_time $pipe';
17 17
18 18 ## define upstream (local RhodeCode instance) to connect to
19 19 upstream rc {
20 20 # Url to running RhodeCode instance.
21 # This is shown as `- URL:` in output from rccontrol status.
21 # This is shown as `- URL: <host>` in output from rccontrol status.
22 22 server 127.0.0.1:10002;
23 23
24 24 # add more instances for load balancing
25 25 # server 127.0.0.1:10003;
26 26 # server 127.0.0.1:10004;
27 27 }
28 28
29 29 ## HTTP to HTTPS rewrite
30 30 server {
31 31 listen 80;
32 32 server_name rhodecode.myserver.com;
33 33
34 34 if ($http_host = rhodecode.myserver.com) {
35 35 rewrite (.*) https://rhodecode.myserver.com$1 permanent;
36 36 }
37 37 }
38 38
39 39 ## Optional gist alias server, for serving nicer GIST urls.
40 40 server {
41 41 listen 443;
42 42 server_name gist.myserver.com;
43 43 access_log /var/log/nginx/gist.access.log log_custom;
44 44 error_log /var/log/nginx/gist.error.log;
45 45
46 46 ssl on;
47 47 ssl_certificate gist.rhodecode.myserver.com.crt;
48 48 ssl_certificate_key gist.rhodecode.myserver.com.key;
49 49
50 50 ssl_session_timeout 5m;
51 51
52 52 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
53 53 ssl_prefer_server_ciphers on;
54 54 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
55 55
56 56 # strict http prevents from https -> http downgrade
57 57 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
58 58
59 59 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
60 60 #ssl_dhparam /etc/nginx/ssl/dhparam.pem;
61 61
62 62 rewrite ^/(.+)$ https://rhodecode.myserver.com/_admin/gists/$1;
63 63 rewrite (.*) https://rhodecode.myserver.com/_admin/gists;
64 64 }
65 65
66 66
67 67 ## MAIN SSL enabled server
68 68 server {
69 69 listen 443 ssl;
70 70 server_name rhodecode.myserver.com;
71 71
72 72 access_log /var/log/nginx/rhodecode.access.log log_custom;
73 73 error_log /var/log/nginx/rhodecode.error.log;
74 74
75 75 ssl on;
76 76 ssl_certificate rhodecode.myserver.com.crt;
77 77 ssl_certificate_key rhodecode.myserver.com.key;
78 78
79 79 ssl_session_timeout 5m;
80 80
81 81 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
82 82 ssl_prefer_server_ciphers on;
83 83 ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
84 84
85 85 # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
86 86 #ssl_dhparam /etc/nginx/ssl/dhparam.pem;
87 87
88 # example of proxy.conf can be found in our docs.
88 89 include /etc/nginx/proxy.conf;
89 90
90 ## serve static files by Nginx, recommended for performance
91 ## uncomment to serve static files by Nginx, recommended for performance
91 92 # location /_static/rhodecode {
92 93 # gzip on;
93 94 # gzip_min_length 500;
94 95 # gzip_proxied any;
95 96 # gzip_comp_level 4;
96 97 # gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
97 98 # gzip_vary on;
98 99 # gzip_disable "msie6";
100 # alias /path/to/.rccontrol/community-1/static;
99 101 # alias /path/to/.rccontrol/enterprise-1/static;
100 102 # }
101 103
102 104 ## channelstream websocket handling
103 105 location /_channelstream {
104 106 rewrite /_channelstream/(.*) /$1 break;
105 107
106 108 proxy_pass http://127.0.0.1:9800;
107 109
108 110 proxy_connect_timeout 10;
109 111 proxy_send_timeout 10m;
110 112 proxy_read_timeout 10m;
111 113 tcp_nodelay off;
112 114 proxy_set_header Host $host;
113 115 proxy_set_header X-Real-IP $remote_addr;
114 116 proxy_set_header X-Url-Scheme $scheme;
115 117 proxy_set_header X-Forwarded-Proto $scheme;
116 118 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
117 119 gzip off;
118 120 proxy_http_version 1.1;
119 121 proxy_set_header Upgrade $http_upgrade;
120 122 proxy_set_header Connection "upgrade";
121 123 }
122 124
125 ## rate limit this endpoint to prevent login page brute-force attacks
123 126 location /_admin/login {
124 ## rate limit this endpoint
125 limit_req zone=dl_limit burst=10 nodelay;
127 limit_req zone=req_limit burst=10 nodelay;
126 128 try_files $uri @rhode;
127 129 }
128 130
129 131 location / {
130 132 try_files $uri @rhode;
131 133 }
132 134
133 135 location @rhode {
134 136 proxy_pass http://rc;
135 137 }
136 138
137 139 ## custom 502 error page. Will be displayed while RhodeCode server
138 140 ## is turned off
139 141 error_page 502 /502.html;
140 142 location = /502.html {
143 #root /path/to/.rccontrol/community-1/static;
141 144 root /path/to/.rccontrol/enterprise-1/static;
142 145 }
143 146 } No newline at end of file
@@ -1,14 +1,14 b''
1 1 .. _nginx-ws-ref:
2 2
3 3 Nginx HTTP Server Configuration
4 4 -------------------------------
5 5
6 6 To set up your Nginx Web Server for optimal performance and security, use
7 7 the information in the following sections.
8 8
9 9 .. toctree::
10 10
11 nginx-config-example
11 12 nginx-diffie-hellman
12 nginx-config-example
13 nginx-tuning
13 nginx-proxy-conf
14 14 nginx-url-prefix
@@ -1,33 +1,34 b''
1 .. _nginx-tuning:
1 .. _nginx-proxy-conf:
2 2
3 Nginx Tuning
4 ------------
3 Nginx Proxy Config
4 ------------------
5
5 6
6 7 Set the following properties in your ``/etc/nginx/proxy.conf`` so it does not
7 8 timeout during large pushes.
8 9
9 10 .. code-block:: nginx
10 11
11 12 proxy_redirect off;
12 13 proxy_set_header Host $http_host;
13 14
14 15 ## needed for container auth
15 16 # proxy_set_header REMOTE_USER $remote_user;
16 17 # proxy_set_header X-Forwarded-User $remote_user;
17 18
18 19 proxy_set_header X-Url-Scheme $scheme;
19 20 proxy_set_header X-Host $http_host;
20 21 proxy_set_header X-Real-IP $remote_addr;
21 22 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
22 23 proxy_set_header Proxy-host $proxy_host;
23 24 proxy_buffering off;
24 25 proxy_connect_timeout 7200;
25 26 proxy_send_timeout 7200;
26 27 proxy_read_timeout 7200;
27 28 proxy_buffers 8 32k;
28 29 # Set this to a larger number if you experience timeouts
29 30 client_max_body_size 1024m;
30 31 client_body_buffer_size 128k;
31 32 large_client_header_buffers 8 64k;
32 33 add_header X-Frame-Options SAMEORIGIN;
33 34 add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
@@ -1,14 +1,14 b''
1 1 .. _hg-lrg-loc:
2 2
3 Change the |hg| Large Files Location
4 ------------------------------------
3 |hg| Large Files Location
4 -------------------------
5 5
6 6 |RCE| manages |hg| larges files from the following default location
7 7 :file:`/home/{user}/repos/.cache/largefiles`. If you wish to change this, use
8 8 the following steps:
9 9
10 10 1. Open :menuselection:`Admin --> Settings --> VCS` as super-admin.
11 11
12 12 In section called `Mercurial Settings` you can change where the largefiles
13 13 objects should be stored.
14 14
@@ -1,14 +1,14 b''
1 1 .. _git-lfs-loc:
2 2
3 Change the |git| LFS storage Location
4 -------------------------------------
3 |git| LFS storage Location
4 --------------------------
5 5
6 6 |RCE| manages |git| LFS files from the following default location
7 7 :file:`/home/{user}/repos/.cache/lfs_store`. If you wish to change this, use
8 8 the following steps:
9 9
10 10 1. Open :menuselection:`Admin --> Settings --> VCS` as super-admin.
11 11
12 12 In section called `Git Settings` you can change where the LFS
13 13 objects should be stored.
14 14
@@ -1,124 +1,126 b''
1 1 .. _increase-gunicorn:
2 2
3 Increase Gunicorn Workers
4 -------------------------
3 Configure Gunicorn Workers
4 --------------------------
5 5
6 6
7 |RCE| comes with `Gunicorn`_ packaged in its Nix environment.
8 Gunicorn is a Python WSGI HTTP Server for UNIX.
7 |RCE| comes with `Gunicorn`_ which is a Python WSGI HTTP Server for UNIX.
9 8
10 9 To improve |RCE| performance you can increase the number of `Gunicorn`_ workers.
11 This allows to handle more connections concurently, and provide better
10 This allows to handle more connections concurrently, and provide better
12 11 responsiveness and performance.
13 12
14 13 By default during installation |RCC| tries to detect how many CPUs are
15 14 available in the system, and set the number workers based on that information.
16 15 However sometimes it's better to manually set the number of workers.
17 16
18 17 To do this, use the following steps:
19 18
20 19 1. Open the :file:`home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
21 2. In the ``[server:main]`` section, increase the number of Gunicorn
22 ``workers`` using the following formula :math:`(2 * Cores) + 1`.
20 2. In the ``[server:main]`` section, change the number of Gunicorn
21 ``workers`` using the following default formula :math:`(2 * Cores) + 1`.
22 We however not recommend using more than 8-12 workers per server. It's better
23 to start using the :ref:`scale-horizontal-cluster` in case that performance
24 with 8-12 workers is not enough.
23 25
24 26 .. code-block:: ini
25 27
26 28 use = egg:gunicorn#main
27 29 ## Sets the number of process workers. You must set `instance_id = *`
28 30 ## when this option is set to more than one worker, recommended
29 31 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
30 32 ## The `instance_id = *` must be set in the [app:main] section below
31 33 workers = 4
32 34 ## process name
33 35 proc_name = rhodecode
34 36 ## type of worker class, one of sync, gevent
35 37 ## recommended for bigger setup is using of of other than sync one
36 38 worker_class = sync
37 39 ## The maximum number of simultaneous clients. Valid only for Gevent
38 40 #worker_connections = 10
39 41 ## max number of requests that worker will handle before being gracefully
40 42 ## restarted, could prevent memory leaks
41 43 max_requests = 1000
42 44 max_requests_jitter = 30
43 45 ## amount of time a worker can spend with handling a request before it
44 46 ## gets killed and restarted. Set to 6hrs
45 47 timeout = 21600
46 48
47 49 3. In the ``[app:main]`` section, set the ``instance_id`` property to ``*``.
48 50
49 51 .. code-block:: ini
50 52
51 53 # In the [app:main] section
52 54 [app:main]
53 55 # You must set `instance_id = *`
54 56 instance_id = *
55 57
56 58 4. Change the VCSServer workers too. Open the
57 59 :file:`home/{user}/.rccontrol/{instance-id}/vcsserver.ini` file.
58 60
59 61 5. In the ``[server:main]`` section, increase the number of Gunicorn
60 62 ``workers`` using the following formula :math:`(2 * Cores) + 1`.
61 63
62 64 .. code-block:: ini
63 65
64 66 ## run with gunicorn --log-config vcsserver.ini --paste vcsserver.ini
65 67 use = egg:gunicorn#main
66 68 ## Sets the number of process workers. Recommended
67 69 ## value is (2 * NUMBER_OF_CPUS + 1), eg 2CPU = 5 workers
68 70 workers = 4
69 71 ## process name
70 72 proc_name = rhodecode_vcsserver
71 73 ## type of worker class, currently `sync` is the only option allowed.
72 74 worker_class = sync
73 75 ## The maximum number of simultaneous clients. Valid only for Gevent
74 76 #worker_connections = 10
75 77 ## max number of requests that worker will handle before being gracefully
76 78 ## restarted, could prevent memory leaks
77 79 max_requests = 1000
78 80 max_requests_jitter = 30
79 81 ## amount of time a worker can spend with handling a request before it
80 82 ## gets killed and restarted. Set to 6hrs
81 83 timeout = 21600
82 84
83 85 6. Save your changes.
84 86 7. Restart your |RCE| instances, using the following command:
85 87
86 88 .. code-block:: bash
87 89
88 90 $ rccontrol restart '*'
89 91
90 92
91 93 Gunicorn Gevent Backend
92 94 -----------------------
93 95
94 96 Gevent is an asynchronous worker type for Gunicorn. It allows accepting multiple
95 97 connections on a single `Gunicorn`_ worker. This means you can handle 100s
96 98 of concurrent clones, or API calls using just few workers. A setting called
97 99 `worker_connections` defines on how many connections each worker can
98 100 handle using `Gevent`.
99 101
100 102
101 103 To enable `Gevent` on |RCE| do the following:
102 104
103 105
104 106 1. Open the :file:`home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
105 107 2. In the ``[server:main]`` section, change `worker_class` for Gunicorn.
106 108
107 109
108 110 .. code-block:: ini
109 111
110 112 ## type of worker class, one of sync, gevent
111 113 ## recommended for bigger setup is using of of other than sync one
112 114 worker_class = gevent
113 115 ## The maximum number of simultaneous clients. Valid only for Gevent
114 116 worker_connections = 30
115 117
116 118
117 119 .. note::
118 120
119 121 `Gevent` is currently only supported for Enterprise/Community instances.
120 122 VCSServer doesn't yet support gevent.
121 123
122 124
123 125
124 126 .. _Gunicorn: http://gunicorn.org/
@@ -1,8 +1,8 b''
1 1 .. _db-session-ref:
2 2
3 Increase Database Performance
4 -----------------------------
3 Database Performance
4 --------------------
5 5
6 6 For tuning PostgreSQL we recommend reading: http://www.revsys.com/writings/postgresql-performance.html
7 7
8 8 For tuning MySQL we recommend reading: http://www.tecmint.com/mysql-mariadb-performance-tuning-and-optimization/ No newline at end of file
@@ -1,22 +1,21 b''
1 1 .. _rhodecode-tuning-ref:
2 2
3 3 Tuning |RCE|
4 4 ============
5 5
6 6 To customize your |RCE| |version| installation for maximum performance you
7 7 may find some of the following methods useful.
8 8
9 9 .. toctree::
10 10
11 11 tuning-gunicorn
12 12 tuning-vcs-memory-cache
13 13 tuning-user-sessions-performance
14 14 tuning-increase-db-performance
15 tuning-scale-horizontally
16 tuning-increase-cache-size
15 tuning-scale-horizontally-cluster
17 16 tuning-mount-cache-memory
18 17 tuning-change-encoding
19 18 tuning-change-large-file-dir
20 19 tuning-change-lfs-dir
21 20 tuning-hg-auth-loop
22 21
@@ -1,58 +1,383 b''
1 .. _scale-horizontal:
1 .. _scale-horizontal-cluster:
2
2 3
3 Scale Horizontally
4 ------------------
4 Scale Horizontally / RhodeCode Cluster
5 --------------------------------------
5 6
6 7 |RCE| is built in a way it support horizontal scaling across multiple machines.
7 There are two main pre-requisites for that:
8 There are three main pre-requisites for that:
8 9
9 - Shared storage that each machine can access.
10 - Shared DB connection across machines.
10 - Shared storage that each machine can access. Using NFS or other shared storage system.
11 - Shared DB connection across machines. Using `MySQL`/`PostgreSQL` that each node can access.
12 - |RCE| user sessions and caches need to use a shared storage (e.g `Redis`_/`Memcached`)
11 13
12 14
13 15 Horizontal scaling means adding more machines or workers into your pool of
14 16 resources. Horizontally scaling |RCE| gives a huge performance increase,
15 especially under large traffic scenarios with a high number of requests. This
16 is very beneficial when |RCE| is serving many users simultaneously,
17 especially under large traffic scenarios with a high number of requests.
18 This is very beneficial when |RCE| is serving many users simultaneously,
17 19 or if continuous integration servers are automatically pulling and pushing code.
20 It also adds High-Availability to your running system.
21
22
23 Cluster Overview
24 ^^^^^^^^^^^^^^^^
25
26 Below we'll present a configuration example that will use two separate nodes to serve
27 |RCE| in a load-balanced environment. The 3rd node will act as a shared storage/cache
28 and handle load-balancing. In addition 3rd node will be used as shared database instance.
29
30 This setup can be used both in Docker based configuration or with individual
31 physical/virtual machines. Using the 3rd node for Storage/Redis/PostgreSQL/Nginx is
32 optional. All those components can be installed on one of the two nodes used for |RCE|.
33 We'll use following naming for our nodes:
34
35 - `rc-node-1` (NFS, DB, Cache node)
36 - `rc-node-2` (Worker node1)
37 - `rc-node-3` (Worker node2)
38
39 Our shares NFS storage in the example is located on `/home/rcdev/storage` and
40 it's RW accessible on **each** node.
41
42 In this example we used certain recommended components, however many
43 of those can be replaced by other, in case your organization already uses them, for example:
44
45 - `MySQL`/`PostgreSQL`: Aren't replaceable and are the two only supported databases.
46 - `Nginx`_ on `rc-node-1` can be replaced by: `Hardware Load Balancer (F5)`, `Apache`_, `HA-Proxy` etc.
47 - `Nginx`_ on rc-node-2/3 acts as a reverse proxy and can be replaced by other HTTP server
48 acting as reverse proxy such as `Apache`_.
49 - `Redis`_ on `rc-node-1` can be replaced by: `Memcached`
50
51
52 Here's an overview what components should be installed/setup on each server in our example:
53
54 - **rc-node-1**:
55
56 - main storage acting as NFS host.
57 - `nginx` acting as a load-balancer.
58 - `postgresql-server` used for database and sessions.
59 - `redis-server` used for storing shared caches.
60 - optionally `rabbitmq-server` for `Celery` if used.
61 - optionally if `Celery` is used Enterprise/Community instance + VCSServer.
62 - optionally mailserver that can be shared by other instances.
63 - optionally channelstream server to handle live communication for all instances.
64
65
66 - **rc-node-2/3**:
67
68 - `nginx` acting as a reverse proxy to handle requests to |RCE|.
69 - 1x RhodeCode Enterprise/Community instance.
70 - 1x VCSServer instance.
71 - optionally for testing connection: postgresql-client, redis-client (redis-tools).
72
73
74 Before we start here are few assumptions that should be fulfilled:
75
76 - make sure each node can access each other.
77 - make sure `Redis`_/`MySQL`/`PostgreSQL`/`RabbitMQ`_ are running on `rc-node-1`
78 - make sure both `rc-node-2`/`3` can access NFS storage with RW access
79 - make sure rc-node-2/3 can access `Redis`_/`PostgreSQL`, `MySQL` database on `rc-node-1`.
80 - make sure `Redis`_/Database/`RabbitMQ`_ are password protected and accessible only from rc-node-2/3.
81
18 82
19 83
20 If you scale across different machines, each |RCM| instance
21 needs to store its data on a shared disk, preferably together with your
22 |repos|. This data directory contains template caches, a full text search index,
23 and is used for task locking to ensure safety across multiple instances.
24 To do this, set the following properties in the :file:`rhodecode.ini` file to
25 set the shared location across all |RCM| instances.
84 Setup rc-node-2/3
85 ^^^^^^^^^^^^^^^^^
86
87 Initially before `rc-node-1` we'll configure both nodes 2 and 3 to operate as standalone
88 nodes with their own hostnames. Use a default installation settings, and use
89 the default local addresses (127.0.0.1) to configure VCSServer and Community/Enterprise instances.
90 All external connectivity will be handled by the reverse proxy (`Nginx`_ in our example).
91
92 This way we can ensure each individual host works,
93 accepts connections, or do some operations explicitly on chosen node.
94
95 In addition this would allow use to explicitly direct certain traffic to a node, e.g
96 CI server will only call directly `rc-node-3`. This should be done similar to normal
97 installation so check out `Nginx`_/`Apache`_ configuration example to configure each host.
98 Each one should already connect to shared database during installation.
99
100
101 1) Assuming our final url will be http://rc-node-1, Configure `instances_id`, `app.base_url`
102
103 a) On **rc-node-2** find the following settings and edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
104
105 .. code-block:: ini
106
107 ## required format is: *NAME-
108 instance_id = *rc-node-2-
109 app.base_url = http://rc-node-1
110
111
112 b) On **rc-node-3** find the following settings and edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
113
114 .. code-block:: ini
115
116 ## required format is: *NAME-
117 instance_id = *rc-node-3-
118 app.base_url = http://rc-node-1
119
120
121
122 2) Configure `User Session` to use a shared database. Example config that should be
123 changed on both node 2 and 3. Edit :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini`
124
125 .. code-block:: ini
126
127 ####################################
128 ### BEAKER SESSION ####
129 ####################################
130
131 ## Disable the default `file` sessions
132 #beaker.session.type = file
133 #beaker.session.data_dir = %(here)s/data/sessions
134
135 ## use shared db based session, fast, and allows easy management over logged in users
136 beaker.session.type = ext:database
137 beaker.session.table_name = db_session
138 # use our rc-node-1 here
139 beaker.session.sa.url = postgresql://postgres:qweqwe@rc-node-1/rhodecode
140 beaker.session.sa.pool_recycle = 3600
141 beaker.session.sa.echo = false
142
143 In addition make sure both instances use the same `session.secret` so users have
144 persistent sessions across nodes. Please generate other one then in this example.
145
146 .. code-block:: ini
147
148 # use an unique generated long string
149 beaker.session.secret = 70e116cae2274656ba7265fd860aebbd
150
151 3) Configure stored cached/archive cache to our shared NFS `rc-node-1`
26 152
27 153 .. code-block:: ini
28 154
29 cache_dir = /shared/path/caches # set to shared location
30 search.location = /shared/path/search_index # set to shared location
155 # note the `_` prefix that allows using a directory without
156 # remap and rescan checking for vcs inside it.
157 cache_dir = /home/rcdev/storage/_cache_dir/data
158 # note archive cache dir is disabled by default, however if you enable
159 # it also needs to be shared
160 #archive_cache_dir = /home/rcdev/storage/_tarball_cache_dir
161
162
163 4) Change cache backends to use `Redis`_ based caches. Below full example config
164 that replaces default file-based cache to shared `Redis`_ with Distributed Lock.
165
166
167 .. code-block:: ini
168
169 #####################################
170 ### DOGPILE CACHE ####
171 #####################################
172
173 ## `cache_perms` cache settings for permission tree, auth TTL.
174 #rc_cache.cache_perms.backend = dogpile.cache.rc.file_namespace
175 #rc_cache.cache_perms.expiration_time = 300
176
177 ## alternative `cache_perms` redis backend with distributed lock
178 rc_cache.cache_perms.backend = dogpile.cache.rc.redis
179 rc_cache.cache_perms.expiration_time = 300
180 ## redis_expiration_time needs to be greater then expiration_time
181 rc_cache.cache_perms.arguments.redis_expiration_time = 7200
182 rc_cache.cache_perms.arguments.socket_timeout = 30
183 rc_cache.cache_perms.arguments.host = rc-node-1
184 rc_cache.cache_perms.arguments.password = qweqwe
185 rc_cache.cache_perms.arguments.port = 6379
186 rc_cache.cache_perms.arguments.db = 0
187 rc_cache.cache_perms.arguments.distributed_lock = true
188
189 ## `cache_repo` cache settings for FileTree, Readme, RSS FEEDS
190 #rc_cache.cache_repo.backend = dogpile.cache.rc.file_namespace
191 #rc_cache.cache_repo.expiration_time = 2592000
192
193 ## alternative `cache_repo` redis backend with distributed lock
194 rc_cache.cache_repo.backend = dogpile.cache.rc.redis
195 rc_cache.cache_repo.expiration_time = 2592000
196 ## redis_expiration_time needs to be greater then expiration_time
197 rc_cache.cache_repo.arguments.redis_expiration_time = 2678400
198 rc_cache.cache_repo.arguments.socket_timeout = 30
199 rc_cache.cache_repo.arguments.host = rc-node-1
200 rc_cache.cache_repo.arguments.password = qweqwe
201 rc_cache.cache_repo.arguments.port = 6379
202 rc_cache.cache_repo.arguments.db = 1
203 rc_cache.cache_repo.arguments.distributed_lock = true
204
205 ## cache settings for SQL queries, this needs to use memory type backend
206 rc_cache.sql_cache_short.backend = dogpile.cache.rc.memory_lru
207 rc_cache.sql_cache_short.expiration_time = 30
208
209 ## `cache_repo_longterm` cache for repo object instances, this needs to use memory
210 ## type backend as the objects kept are not pickle serializable
211 rc_cache.cache_repo_longterm.backend = dogpile.cache.rc.memory_lru
212 ## by default we use 96H, this is using invalidation on push anyway
213 rc_cache.cache_repo_longterm.expiration_time = 345600
214 ## max items in LRU cache, reduce this number to save memory, and expire last used
215 ## cached objects
216 rc_cache.cache_repo_longterm.max_size = 10000
217
218
219 4) Configure `Nginx`_ as reverse proxy on `rc-node-2/3`:
220 Minimal `Nginx`_ config used:
221
31 222
32 ####################################
33 ### BEAKER CACHE ####
34 ####################################
35 beaker.cache.data_dir = /shared/path/data # set to shared location
36 beaker.cache.lock_dir = /shared/path/lock # set to shared location
223 .. code-block:: nginx
224
225 ## rate limiter for certain pages to prevent brute force attacks
226 limit_req_zone $binary_remote_addr zone=req_limit:10m rate=1r/s;
227
228 ## custom log format
229 log_format log_custom '$remote_addr - $remote_user [$time_local] '
230 '"$request" $status $body_bytes_sent '
231 '"$http_referer" "$http_user_agent" '
232 '$request_time $upstream_response_time $pipe';
233
234 server {
235 listen 80;
236 server_name rc-node-2;
237 #server_name rc-node-3;
238
239 access_log /var/log/nginx/rhodecode.access.log log_custom;
240 error_log /var/log/nginx/rhodecode.error.log;
241
242 # example of proxy.conf can be found in our docs.
243 include /etc/nginx/proxy.conf;
244
245 ## serve static files by Nginx, recommended for performance
246 location /_static/rhodecode {
247 gzip on;
248 gzip_min_length 500;
249 gzip_proxied any;
250 gzip_comp_level 4;
251 gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/json application/xml application/rss+xml font/truetype font/opentype application/vnd.ms-fontobject image/svg+xml;
252 gzip_vary on;
253 gzip_disable "msie6";
254 #alias /home/rcdev/.rccontrol/community-1/static;
255 alias /home/rcdev/.rccontrol/enterprise-1/static;
256 }
257
258
259 location /_admin/login {
260 limit_req zone=req_limit burst=10 nodelay;
261 try_files $uri @rhode;
262 }
263
264 location / {
265 try_files $uri @rhode;
266 }
267
268 location @rhode {
269 # Url to running RhodeCode instance.
270 # This is shown as `- URL: <host>` in output from rccontrol status.
271 proxy_pass http://127.0.0.1:10020;
272 }
273
274 ## custom 502 error page. Will be displayed while RhodeCode server
275 ## is turned off
276 error_page 502 /502.html;
277 location = /502.html {
278 #root /home/rcdev/.rccontrol/community-1/static;
279 root /home/rcdev/.rccontrol/enterprise-1/static;
280 }
281 }
282
283
284 5) Optional: Full text search, in case you use `Whoosh` full text search we also need a
285 shared storage for the index. In our example our NFS is mounted at `/home/rcdev/storage`
286 which represents out storage so we can use the following:
287
288 .. code-block:: ini
289
290 # note the `_` prefix that allows using a directory without
291 # remap and rescan checking for vcs inside it.
292 search.location = /home/rcdev/storage/_index_data/index
37 293
38 294
39 295 .. note::
40 296
41 If you use custom caches such as `beaker.cache.auth_plugins.` it's recommended
42 to set it to the memcached/redis or database backend so it can be shared
43 across machines.
297 If you use ElasticSearch it's by default shared, and simply running ES node is
298 by default cluster compatible.
299
300
301 6) Optional: If you intend to use mailing all instances need to use either a shared
302 mailing node, or each will use individual local mailagent. Simply put node-1/2/3 needs
303 to use same mailing configuration.
304
305
306
307 Setup rc-node-1
308 ^^^^^^^^^^^^^^^
44 309
45 310
46 It is recommended to create another dedicated |RCE| instance to handle
47 traffic from build farms or continuous integration servers.
311 Configure `Nginx`_ as Load Balancer to rc-node-2/3.
312 Minimal `Nginx`_ example below:
313
314 .. code-block:: nginx
315
316 ## define rc-cluster which contains a pool of our instances to connect to
317 upstream rc-cluster {
318 # rc-node-2/3 are stored in /etc/hosts with correct IP addresses
319 server rc-node-2:80;
320 server rc-node-3:80;
321 }
322
323 server {
324 listen 80;
325 server_name rc-node-1;
326
327 location / {
328 proxy_pass http://rc-cluster;
329 }
330 }
331
48 332
49 333 .. note::
50 334
51 335 You should configure your load balancing accordingly. We recommend writing
52 336 load balancing rules that will separate regular user traffic from
53 automated process traffic like continuous servers or build bots.
337 automated process traffic like continuous servers or build bots. Sticky sessions
338 are not required.
339
340
341 Show which instance handles a request
342 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
343
344 You can easily check if load-balancing is working as expected. Visit our main node
345 `rc-node-1` URL which at that point should already handle incoming requests and balance
346 it across node-2/3.
347
348 Add a special GET param `?showrcid=1` to show current instance handling your request.
349
350 For example: visiting url `http://rc-node-1/?showrcid=1` will show, in the bottom
351 of the screen` cluster instance info.
352 e.g: `RhodeCode instance id: rc-node-3-rc-node-3-3246`
353 which is generated from::
354
355 <NODE_HOSTNAME>-<INSTANCE_ID>-<WORKER_PID>
356
357
358 Using Celery with cluster
359 ^^^^^^^^^^^^^^^^^^^^^^^^^
54 360
55 .. note::
361
362 If `Celery` is used we recommend setting also an instance of Enterprise/Community+VCSserver
363 on the node that is running `RabbitMQ`_. Those instances will be used to executed async
364 tasks on the `rc-node-1`. This is the most efficient setup. `Celery` usually
365 handles tasks such as sending emails, forking repositories, importing
366 repositories from external location etc. Using workers on instance that has
367 the direct access to disks used by NFS as well as email server gives noticeable
368 performance boost. Running local workers to the NFS storage results in faster
369 execution of forking large repositories or sending lots of emails.
56 370
57 If Celery is used on each instance then you should run separate Celery
58 instances, but the message broker should be the same for all of them.
371 Those instances need to be configured in the same way as for other nodes.
372 The instance in rc-node-1 can be added to the cluser, but we don't recommend doing it.
373 For best results let it be isolated to only executing `Celery` tasks in the cluster setup.
374
375
376 .. _Gunicorn: http://gunicorn.org/
377 .. _Whoosh: https://pypi.python.org/pypi/Whoosh/
378 .. _Elasticsearch: https://www.elastic.co/..
379 .. _RabbitMQ: http://www.rabbitmq.com/
380 .. _Nginx: http://nginx.io
381 .. _Apache: http://nginx.io
382 .. _Redis: http://redis.io
383
@@ -1,66 +1,67 b''
1 1 .. _user-session-ref:
2 2
3 Increase User Session Performance
4 ---------------------------------
3 User Session Performance
4 ------------------------
5 5
6 6 The default file-based sessions are only suitable for smaller setups, or
7 7 instances that doesn't have a lot of users or traffic.
8 8 They are set as default option because it's setup-free solution.
9 9
10 10 The most common issue of file based sessions are file limit errors which occur
11 11 if there are lots of session files.
12 12
13 13 Therefore, in a large scale deployment, to give better performance,
14 14 scalability, and maintainability we recommend switching from file-based
15 15 sessions to database-based user sessions or Redis based sessions.
16 16
17 17 To switch to database-based user sessions uncomment the following section in
18 18 your :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
19 19
20 20
21 21 .. code-block:: ini
22 22
23 23 ## db based session, fast, and allows easy management over logged in users
24 24 beaker.session.type = ext:database
25 25 beaker.session.table_name = db_session
26 26
27 # use just one of the following accoring to the type of database
27 # use just one of the following according to the type of database
28 28 beaker.session.sa.url = postgresql://postgres:secret@localhost/rhodecode
29 # or
29 30 beaker.session.sa.url = mysql://root:secret@127.0.0.1/rhodecode
30 31
31 32 beaker.session.sa.pool_recycle = 3600
32 33 beaker.session.sa.echo = false
33 34
34 35
35 36 and make sure you comment out the file based sessions.
36 37
37 38 .. code-block:: ini
38 39
39 40 ## types are file, ext:memcached, ext:database, and memory (default).
40 41 #beaker.session.type = file
41 42 #beaker.session.data_dir = %(here)s/data/sessions/data
42 43
43 44
44 45 The `table_name` will be automatically created on specified database if it isn't yet existing.
45 46 Database specified in the `beaker.session.sa.url` can be the same that RhodeCode
46 47 uses, or if required it can be a different one. We recommend to use the same database.
47 48
48 49
49 50
50 51 To switch to reds-based user sessions uncomment the following section in
51 52 your :file:`/home/{user}/.rccontrol/{instance-id}/rhodecode.ini` file.
52 53
53 54 .. code-block:: ini
54 55
55 56 ## redis sessions
56 57 beaker.session.type = ext:redis
57 58 beaker.session.url = localhost:6379
58 59
59 60
60 61 and make sure you comment out the file based sessions.
61 62
62 63 .. code-block:: ini
63 64
64 65 ## types are file, ext:memcached, ext:database, and memory (default).
65 66 #beaker.session.type = file
66 67 #beaker.session.data_dir = %(here)s/data/sessions/data No newline at end of file
@@ -1,8 +1,8 b''
1 1 .. _adjust-vcs-mem-cache:
2 2
3 Adjusting VCS Memory Cache
4 --------------------------
3 VCSServer Memory Cache
4 ----------------------
5 5
6 6 The VCS Server mamory cache can be adjusted to work best with the resources
7 7 available to your |RCE| instance. If you find that memory resources are under
8 8 pressure, see the :ref:`vcs-server-maintain` section for details.
1 NO CONTENT: file was removed
General Comments 0
You need to be logged in to leave comments. Login now