Phacility Cluster Devices
This describes the devices we deploy in the Phacility Cluster, and some related things which aren't technically devices.
Device Classes
Device Class | Pool Size | Description | Notes |
---|---|---|---|
admin | 1 | Admin Application Server | Serves admin.phacility.com. |
alb | 1 | Admin Load Balancer | ELB for admin.phacility.com. |
bastion | 1 | SSH Bastion Host | Bastion host for ops commands. |
clb | 1 | Corp Site LB | Load balances phacility.com requests. |
corp | 1 | Corp Site | Serves phacility.com requests. |
db | 1 | Database Server | Runs MySQL. |
lb | 1 | Web Load Balancer | ELB for instances. |
nlb | 1 | Notification Load Balancer | ELB for websockets. |
notify | 1 | Notifications | Aphlict notification server. |
repo | 1 | Repos/Daemons | Terminates VCS HTTP/SSH traffic. |
vault | 1 | SSH Load Balancer | Load balances VCS SSH requests. |
web | 1 | Application Server | Terminates normal HTTP traffic. |
Storage Classes
Storage Class | Count | Notes |
---|---|---|
adata | 1 | Administrative server working storage. |
bak | 1 | Stores backups. |
data | 1 | Database server working storage. |
store | 1 | Repository working storage. |
Service Classes
Service Class | Count | Notes |
---|---|---|
repox | 1 | Repository cluster service, may have multiple devices. |
dbx | 1 | Database cluster service, may have multiple devices. |
Device: admin
Listening Port | Interface | Notes |
---|---|---|
22 | Internal | Operational SSH access. |
80 | Internal | Accepts requests from alb and web devices. |
These servers host admin.phacility.com and run the Instances application.
Instances in the cluster also make calls here to retrieve configuration.
Currently, a maximum of one admin device is supported, because some details about database credentials are assumed. Minor software changes are required to expand the size of this pool.
Device: alb
Listening Port | Interface | Notes |
---|---|---|
80 | Public Internet | Serves http://admin.phacility.com |
443 | Public Internet | Serves https://admin.phacility.com |
These are ELBs which sit in front of the admin pool and terminate SSL for public requests to the web UI.
Device: bastion
Listening Port | Interface | Notes |
---|---|---|
22 | Public Internet | Gatekeeper for operational access. |
For details on bastion hosts, see Phacility Cluster Bastion.
Device: clb
Listening Port | Interface | Notes |
---|---|---|
80 | Public Internet | Serves phacility.com corporate site. |
443 | Public Internet | Serves phacility.com corporate site. |
These are ELBs which sit in front of the corp pool and terminate SSL for corporate site requests.
Device: corp
Listening Port | Interface | Notes |
---|---|---|
22 | Internal | Operational SSH access. |
80 | Internal | Serves phacility.com corporate site. |
These are web application servers which serve corporate site requests.
These are currently launched into the block002 subnet because it's part of the us-west-1c availability zone, where we historically have reserved instances. It's desirable to spread across multiple availability zones in the long run, anyway.
Device: db
Listening Port | Interface | Notes |
---|---|---|
22 | Internal | Operational SSH access. |
3306 | Internal | Provides MySQL services. |
These database servers run MySQL.
Device: lb
Listening Port | Interface | Notes |
---|---|---|
80 | Public Internet | Serves phacility.com wildcard DNS. |
443 | Public Internet | Serves phacility.com wildcard DNS. |
These are ELBs which sit in front of the web pool and terminate SSL for instance requests.
Device: nlb
Listening Port | Interface | Notes |
---|---|---|
22280 | Public Internet | Forwards websockets to notify hosts. |
This does TCP forwarding of websocket requests.
Device: notify
Listening Port | Interface | Notes |
---|---|---|
22280 | Internal | Notification client port. |
22281 | Internal | Notification server port. |
Runs an Aphlict notification server.
Device: repo
Listening Port | Interface | Notes |
---|---|---|
22 | Internal | Operational SSH access. |
80 | Internal | Serves Conduit requests from web hosts. |
2223 | Internal | Serves SSH requests from web hosts. |
These devices store and serve repositories, and run daemons.
Device: vault
Listening Port | Interface | Notes |
---|---|---|
22 | Public Internet | Serves vault.phacility.com over SSH, forwarding requests to the web tier. |
2222 | Internal | Operational SSH access. |
These devices are SSH load balancers. They're implemented as normal hosts running HAProxy instead of as ELBs because ELBs can not forward inbound traffic on port 22.
Eventually, it would be nice to either merge these into the ELBs (if ELBs support forwarding port 22 in the future) or merge the ELBs into these (if we have some stronger reasoning for running our own load balancers).
The cost of having these machines in a separate class is twofold: the raw cost of more moving parts, and we have to serve SSH from vault.phacility.com (which we can direct here via DNS) instead of directly from instance domains. If we could merge the HTTP and SSH load balancing, we could accept both HTTP and SSH traffic on instance domains.
(We could serve SSH traffic on instance domains on a nonstandard port which the ELBs do support, but this seems worse to me than serving from a dedicated domain. We could also serve from both, so instance@vault.phacility.com and instance@instance.phacility.com:2345 would both work.)
Device: web
Listening Port | Interface | Notes |
---|---|---|
22 | Internal | Operational SSH access. |
80 | Internal | Serves HTTP application traffic from lb balancers. |
2223 | Internal | Serves SSH application traffic from vault balancers. |
These are standard application web servers.
- Last Author
- epriestley
- Last Edited
- Feb 16 2015, 8:05 PM