High-Availability does not appear to share state when logging in

structurizr / onpremises

Structurizr on-premises installation

https://docs.structurizr.com/onpremises

MIT License

140 stars 54 forks source link

High-Availability does not appear to share state when logging in #5

Closed cowboygneox closed 1 year ago

cowboygneox commented 1 year ago

It appears that the onpremise node is expecting some kind of state, perhaps a cookie, when logging in. Speculation: when running two pods in a round-robin load balancer, it is possible to login to the pod that didn't originate the token.

Is there some kind of HA setting I'm missing?

I have S3 configured and working.

cowboygneox commented 1 year ago

https://structurizr.com/help/on-premises/faq doesn't provide any additional information.

simonbrowndotje commented 1 year ago

I imagine the problem is the round-robin load balancer. Short term, you'll either need to configure sticky sessions instead, or setup session replication/clustering in Apache Tomcat (assuming you're using that). Longer term, we could add a way to configure session state to be stored outside the web server (e.g. in Redis), but that's not available at the moment.

cowboygneox commented 1 year ago

Would it be possible to document this? My understanding of high-availability is that sessions won't be bound to single instance of the server, so I would at least state that caveat in any documentation of HA.

simonbrowndotje commented 1 year ago

I've added support for storing HTTP sessions in Redis, which is available in the latest version of the on-premises installation, and this should provide a way to share session information across pods when using a round-robin load balancer. See https://structurizr.com/share/18571/documentation#http-sessions for more details.

cowboygneox commented 1 year ago

Excellent work! Which release is this in?

It really says a lot about your group when you can accomplish this kind of improvement. Kudos, really!

simonbrowndotje commented 1 year ago

Thanks, you're welcome. 2860 onwards -> https://structurizr.com/help/changelog

cowboygneox commented 1 year ago

I integrated this change, but it appears that using a Redis password is mandatory. This makes local development more difficult as you have to then wire in a config into the container with a password (no easy env var). Is it possible to remove that restriction?

simonbrowndotje commented 1 year ago

Just leaving the password empty should work:

structurizr.redis.password=

cowboygneox commented 1 year ago

Ah I tried structurizr.redis.password="". I'll try again in a bit.

cowboygneox commented 1 year ago

Confirmed working. Awesome! Thanks!