Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Products
See all
Community resources
Interests
See all
Community resources
Top groups
Explore all groups
Community resources
Deleted user
0 / 0 points
Next:
badges earned
Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.
Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Sign up for free Log in
Atlassian Community Hero Image Collage

Crowd load-balancing

Onesto Services
Onesto Services Oy Feb 08, 2012

Based on unofficial(?) information it would seem that while Crowd does not officially support clustering, there might be some setups where it can be made to work.

The set-up that we have in mind is:

  • Two MySQL servers with failover. The cluster has a virtual IP that always points to the active node.
  • Two Crowd servers behind a load balancer. The Crowd instances would be configured to use the database server's virtual IP for database connections.
  • Applications only perform authentication through the load balancer. For administration tasks we can directly connect to just one of the Crowd nodes.

So my questions are:

  • Can we expect Crowd to work reliably in this kind of setup?
  • Do we need to disable authorization caching in Crowd?
  • Are there other caching considerations?
  • Do we need separate licenses for the load-balanced Crowd instances?
Answer
Watch
Like Daniel Borcherding likes this
1343 views

3 answers

1 accepted

1 vote
Answer accepted
Graham Bakay
Graham Bakay Mar 04, 2012

We do exactly this, except we also do administration tasks through the LB.

Answers:

1. Yes, although multi-step wizards (adding an application) don't work correctly if passed back through different servers (via LB). We turn off LB for the minute or so it takes to add a new application. Modifying an applicaiton works through the LB.

2. No.

3. Yes, you need to make sure you are using a Database Cache (not Memory) for Authentication Token Storage.

4. No, or at least that was what was mentioned in the forums years ago when I asked.

Cheers,

Graham.

Reply
Reply
0 votes
Hao Doan
Hao Doan Apr 17, 2019 • edited May 06, 2020

I know this question was back in 2012, but I just wanted to give everyone else who is looking for the solution just like me. Here's how I solved it.

The way I solved it is to add the load balancer IP address(es) that it trying to connect. If you look at the crowd log, you'll see the ip from the load balancer to the application, see below. Once I added the IP it's coming from in the crowd application/confluence/remote addresses and then restart confluence. I was able to login.   

example log from Crowd: Client with address '10.0.15.210' is forbidden from making requests to application 'confluence'

I'm using AWS Load Balancer and EC2. It's connecting to my Confluence via internal IP instead of the DNS name. You don't need to change the crowd.properties and I have it set to the DNS name. You just need to add the internal IP that load balancer is requesting. 

View More Comments
jj1978
jj1978 May 06, 2020

And when the load balancer IP changes your configuration fails.

Like
Hao Doan
Hao Doan May 06, 2020 • edited

Load Balancer shouldn't get new IPs randomly. It's set once you created one. If you worried, then add the entire VPC like 10.0.0.0./16. 

Like
jj1978
jj1978 May 06, 2020

Depends on your LB, NLB can have static IPs (but only public IP and one per AZ), ALB's and Classic can't. If an LB becomes unhealthy  etc you will be switched seamlessly to a healthy one with new IPs (it's the cloud and how AWS guarantee high levels of availability), hence why you should use your LB DNS.

Your suggestion of using VPC CIDR is a valid alternative.

Like Hao Doan likes this
Reply

Suggest an answer

Log in or Sign up to answer
Crowd
Crowd
TAGS
Community showcase
Molly Bronstein
Molly Bronstein
Published in Jira Service Management

JSM June Challenge #2: Share how your business teams became ITSM rockstars

For JSM June Challenge #2, share how your non-technical teams like HR, legal, marketing, finance, and beyond started using Jira Service Management! Tell us: Did they ask to start using it or...

306 views 9 7
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you