Moodle on load balancer and MNet

Moodle on load balancer and MNet

by Uwe Böttcher -
Number of replies: 6

Hey people,

at my institution Moodle 2.x is being introduced and will be hosted on a load balancer (2 machines). We are planning on connecting Mahara via MNet to that Moodle. How can we do so? Both machines will have different ssl certificates and it cannot be determined which machine will respond to an access.

Do we have to connect Mahara to only one of the two machines? As I understand, user credentials will not be a problem as session management involves database tables.

Thanks,
Uwe

Average of ratings: -
In reply to Uwe Böttcher

Re: Moodle on load balancer and MNet

by Andrew Lyons -
Picture of Core developers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Testers
Hi Uwe,

You should be able to set up Mahara just as the standard Moodle/Mahara MNet guides suggest. There are a few guides out there, but the one typically recommended by the Mahara community is https://wiki.mahara.org/images/d/d5/Mahoodle.pdf.

Although MNet does use an SSL certificate, it's a certificate created by moodle itself and stored within the Moodle database specifically for the purposes of MNet. As long as both of your servers are sharing the same database, they will get the same certificate. The same can be said for Mahara.

As a side note, why will both machines have different SSL certificates?

Andrew
Average of ratings: Useful (1)
In reply to Andrew Lyons

Re: Moodle on load balancer and MNet

by Uwe Böttcher -

Hi Andrew,

I was told that both machines are different and would generate a different certificate. If the certificate is stored in the database and is shared by the machines, that assumption seems to be wrong. I already know how to setup a Mahoodle without a load balanced Moodle, so no news for me on that part.

I conclude that I can setup the Mahara machine with MNet as if there was only one Moodle machine and treating the load balancer as a single machine.

You say that Mahara handles MNet the same so that a load balancer could be implemented the same way as it was done with Moodle? Is session management for Mahara stored into the database as well?

Thanks a lot,
Uwe

Average of ratings: -
In reply to Uwe Böttcher

Re: Moodle on load balancer and MNet

by Andrew Lyons -
Picture of Core developers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Testers
Hi Uwe,

We used to run Mahara behind a load balancer. If your load balancer handles SSL negotiation then you may want to wait for Mahara 1.5.0 which will add ssl_proxy features. See https://bugs.launchpad.net/mahara/+bug/829674 for more info. We're currently in change freeze for Mahara with release timetabled sometime very soon now.

I'm afraid we haven't got session management into the database yet for Mahara - it's all on the filesystem which can cause contention issues on NFS shared storage. There's a bug open to fix this and I'm hoping that we'll have time to address this soon - See https://bugs.launchpad.net/mahara/+bug/785469 for more info.

That said, we also used to run mahara behind a load balancer with shared NFS storage and we didn't have any issues. With another of our customers though, the NFS storage caused locking issues so we've not been able to store sessions on NFS. I suspect that different implementations of NFS may suffer in different ways.

Andrew
Average of ratings: Useful (1)
In reply to Andrew Lyons

Re: Moodle on load balancer and MNet

by Uwe Böttcher -

Hi Andrew,

thanks for this explanation. Mahara behind a load balancer is not on our to do list, but might be there in near future; that's why I asked. I'll keep that nfs thing in mind.

Unfortunately I don't have the option to wait, as Mahara has to be available in the next weeks to enable the staff to get used to it before classes start again.

Best regards,
Uwe

Average of ratings: -
In reply to Uwe Böttcher

Re: Moodle on load balancer and MNet

by Andrew Lyons -
Picture of Core developers Picture of Moodle HQ Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Testers
Incindentally, it may be that you have a load balancer which terminates the client SSL and directs queries to the two frontends by opening a new SSL connection to each of them using their internal host names.

This might be used on an untrusted network for example where you want end-to-end encryption both between end users and the load balancer, and between the load balancer and the nodes.

It could be this certificate that you were warned about. MNet uses it's own certificate which is separate to the certificate used to negotiate a connection between end user client and server.

Andrew
Average of ratings: -
In reply to Andrew Lyons

Re: Moodle on load balancer and MNet

by Uwe Böttcher -

Hi Andrew,

I'm not able to access the load balanced Moodle 2.x right now; there are different admin groups for Moodle and Mahara. Right now I'm just guessing and collecting breadcrumbs...

As Moodle and the load balancer are in the same subsystem, I would think there is no ssl connection betwen them, but I might still be wrong.

I assume now that I will be able to connect Mahara to the load balanced system and that I won't have to care about which machine handles the request.

Thanks a lot for your help,
Uwe

Average of ratings: -