Skip to end of metadata
Go to start of metadata

When a single WSO2 product is providing a service, a session object is created and remains in the memory of the WSO2 product. However, in a clustered environment, where you could have multiple WSO2 product servers fronted by a load balancer to balance the load among these products, the situation is a little different.

If WSO2 server A does task X, WSO2 server B does task Y and WSO2 server C does task Z, and each one has a session object, there is no way for one WSO2 server to know what the other is doing. So, in order to synchronize between these servers, sticky sessions are used.

A sticky session ensures that all interactions with the WSO2 servers happen on one product server only, even though there are other WSO2 product servers present in the cluster. So the session object will be the same for the duration of the interaction. For more information, see Sticky Sessions with Manager Nodes.

Applying Sticky Session  

Sticky Sessions are applied in WSO2 Mesos Artifacts by default. Follow the instructions below only if you need to customize the default sticky session.

Update the Mesos Artifacts and Puppet Hiera data as following to enable sticky sessions:

Step 1 - Update the Mesos Artifacts

  1. Download WSO2 Mesos Artifacts 1.0.0 distribution from the GitHub repository.
  2. Unzip the distribution to a place of your choice. Let's refer to this location as <MESOS_HOME> hereafter.

  3. Sticky sessions can be configured by adding the following labels to the application definition.
    For example, consider an application with following port mappings:

    "portMappings": [
        "name": "hazelcast",
        "containerPort": 0,
        "hostPort": 0,
        "servicePort": 10220,
        "protocol": "tcp"
        "name": "servlet-http",
        "containerPort": 9763,
        "servicePort": 10208,
        "protocol": "tcp"
        "name": "servlet-https",
        "containerPort": 9443,
        "servicePort": 10209,
        "protocol": "tcp"

    Based on the above example, if Port 9443 needs to be configured with sticky session, as the port index for port 9443 is 2 (as the port index starts with 0) the following labels are required to enable sticky sessions. Furthermore, note that HAPROXY_2_ implies that the settings are applied to the port index 2 (i.e., the 9443 port).

    "labels": {
      "HAPROXY_2_GROUP": "marathon-lb",
      "HAPROXY_2_BACKEND_SERVER_OPTIONS": "  server {serverName} {host_ipv4}:{port}{cookieOptions} ssl verify none \n",
      "HAPROXY_2_BACKEND_STICKY_OPTIONS": "  cookie JSESSIONID prefix nocache \n",
      "HAPROXY_2_STICKY": "true",
      "HAPROXY_2_SSL_CERT": "/etc/ssl/wso2demo.pem",
      "HAPROXY_2_MODE": "http"

    For a detailed description on the above labels, see the marathon-lb documentation.

    The following are the corresponding HAProxy configs which are generated in the marathon-lb.

    frontend wso2am-api-store_10209
      bind *:10209 ssl crt /etc/ssl/wso2demo.pem
      mode http
      use_backend wso2am-api-store_10209
    backend wso2am-api-store_10209
      balance roundrobin
      mode http
      option forwardfor
      http-request set-header X-Forwarded-Port %[dst_port]
      http-request add-header X-Forwarded-Proto https if { ssl_fc }
      cookie JSESSIONID prefix nocache
      server 192_168_30_80_14957 check cookie d1e1b3d058 ssl verify none

Step 2 - Update in the Puppet Modules

  1. Download the Puppet Modules and copy the required packs into the modules by following the steps 1.1 and 1.2 which are described in the Build the Product Docker image section for this purpose.ation as <PUPPET_HOME> hereafter.
  2. Configure the following Hiera data in the <PUPPET_HOME>/hieradata/dev/platform/mesos.yaml file to enable the sticky session.

        enabled : true # Enable importing certificate to client trust store.
        cert_file: 'wso2demo.crt' # Name of the certificate file
        trust_store_password: 'wso2carbon' #Trust Store password

Step 3 - Build the Docker image

Follow step 1.3 in the Build the Product Docker image section for this purpose.

How Sticky Session Works

WSO2 Mesos Artifacts ships a custom Docker image with preloaded self-signed certificate. This certificate is used to verify the SSL connection between the WSO2 server and the Marathon load balancer. Puppet adds this certificate to the client-trust-store.jks at the time the Docker image is built.

  • No labels