Primeur Online Docs
Data One Installation Manager
Data One Installation Manager
  • 🚀GETTING STARTED
    • Introduction to the installation process
  • Data One Platform Modules vs Data One Platform Components
  • SYSTEM REQUIREMENTS
    • System requirements
      • Global system requirements - NEW! 🚀
      • DOIM system requirements
      • CEMAN system requirements
      • Data Watcher system requirements
      • STENG system requirements
      • DMZ Gateway system requirements
      • Data Shaper system requirements
      • Storage requirements
  • TOPOLOGY PATTERNS
    • Network topology recommendations
    • Data One common domain topology patterns
  • INSTALL DATA MOVER
    • Planning initial installation and master configuration
      • Data One runtime services, nodes, and components
    • Data Mover Domain Master Configuration reference
    • Performing initial installation and master configuration
      • Creating database objects for PostgreSQL
      • Creating database objects for Oracle
      • Executing the installer
      • Configuring load balancer rules for Data One WUI access on CEMAN
      • Configuring firewall rules
    • Running the system for the first time
      • Basic system control: starting, stopping and checking status
      • Launching Data One WUI
      • Wiring your STENG cluster together
  • INSTALL DATA SHAPER
    • Introduction to Data Shaper installation process
    • Planning Data Shaper installation
    • Data Shaper System Requirements
    • Data Shaper Domain Master Configuration reference
    • Performing Data Shaper initial installation and master configuration
      • Creating database objects for PostgreSQL
      • Creating database objects for Oracle
      • Executing Data Shaper installer
      • Configuring additional firewall rules for Data Shaper
  • CLI and Configuration files
    • dataone.sh reference
    • doim.sh reference
    • dataonedbmgr.sh reference
    • dataonedb.cfg reference
Powered by GitBook
On this page
  • Introduction
  • Relevant DMCFG variables for the load balancer configuration
  • Load balancer rules
  • Trusting of load balancer certificate by CEMAN
  1. INSTALL DATA MOVER
  2. Performing initial installation and master configuration

Configuring load balancer rules for Data One WUI access on CEMAN

Introduction

In clustered environments, access to the Data One WUI hosted on CEMAN nodes is mediated by a front-end load balancer that exposes a single logical address and port and then evenly distributes calls across all back-end CEMAN nodes.

This section describes how to configure such load balancer in a generic way, the described concepts must then be translated by the administrator into specific configuration directives for the specific load balancer product actually adopted.

Relevant DMCFG variables for the load balancer configuration

name
description

ceman_ip_balanced

External load balancer address, used by application via browser to reach Data One WUI

ceman_http_port_balanced

External load balancer HTTP/S port, used by application via browser to reach Data One WUI

IAM_PROXY_PORT

External load balancer HTTP/S port port, used behind-the-scenes by the browser to contact Data One WUI

ceman_https_port

Internal Data One WUI / CEMAN-core listening port

KEYCLOAK_HTTPS_PORT

Internal Data One IAM listening port

Load balancer rules

  1. Incoming calls to cemanip_balanced host at ceman_http_port_balanced port must be routed to each <cemanNode> at ceman_https_port in a round-robin fashion

  2. Incoming calls to cemanip_balanced host at IAM_PROXY_PORT port must be routed to each <cemanNode> at KEYCLOAK_HTTPS_PORT in a round-robin fashion

Where <cemanNode> can be any of the hostnames where CEMAN instances belonging to a CEMAN cluster are installed.

Trusting of load balancer certificate by CEMAN

As a final step, you need to retrieve the load balancer certificate chain and import it into CEMAN trust store available at <DATAONE_HOME>/wlp/usr/servers/<CEMAN_SERVER_NAME>/resources/security/key.p12.

Example

This is a simple example involving a self-signed certificate:

echo -n | openssl s_client -connect ceman_ip_balanced:ceman_http_port_balanced | openssl x509 > loadbal.cert

keytool -import -file loadbal.cert -alias loadbal -keystore \<DATAONE_HOME>/wlp/usr/servers/\<CEMAN_SERVER_NAME>/resources/security/key.p12 -storetype pkcs12 -storepass mypassord -noprompt

Will you use Data One for MFT with Data Mover? Additional rules will be needed.

These rules are the minimal set of rules required by the product to run. When using Data One for MFT with Data Mover you will define file transfer protocol servers that require additional load balancing traversal rules to be added, in a protocol-specific way.

PreviousExecuting the installerNextConfiguring firewall rules

Last updated 3 months ago