Mesh

[ramonck]

Hi,

I was thinking about putting with external facing servers instead of being local servers and then I can focus on firewall rules to make sure only those servers are ok for talking between each other.

I was wondering what do you think about this approach and if you think it's possible?

Great initiative.

[pioardi]

Hi @ramonck ,
Thanks to use ring election.

Yes, ring election is designed exactly for that since that the communication between the nodes is implemented using web sockets.

The examples are all on 1 machine for testing scope ;)

[ramonck]

Hi @pioardi ,
Thank you for the quick response.
I also have another question I read your article and everything else but something that I still have in the back of my mind is about the self-healing scenario.
I saw that the nodes do the self-healing but what about the processes that are running there so for example I have one process running on that server and the server go shutdown for maintanence or whatever is this process going to move to another server or do I have to do another spin-off of that process?
And once the server is back from patching or maintanence mode is it going to automatically come back into the pool of available nodes if I have a startup script? Or do I have to do something else besides the startup script?
I saw that you used different ports and I think this was because of that localhost situation I'm just going to focus on 1 port since it's on different servers is that ok as well?
Do you have any security suggestions like tokens or anything else besides the firewall rules configuration?

[pioardi]

@ramonck you are welcome .
So , yes different ports are for the local test, you can use the same port if you are running on more hosts.
For the self-healing feature , if you deploying to another node you will need to adjust the SEED_NODES configuration on other nodes and on the new node if your host will have a different name or ip address .
If you will redeploy to the same node you will not need to adjust the configuration .
Auto discovery would be a great feature to avoid this configuration adjustment and I would love if you to implement it .

I don' t have any particular security suggestions , of course if you are running the ring on more nodes you could need to adjust the firewall in ingress & egress from/to the nodes allowing only the needed traffic.

I have one question also for you , what are you going to design and implement with ring-election ? Let me know please :)

[ramonck]

Hi,
Regarding the seed configuration you can have a shared file between the servers using something like a mounted storage. It's not a big deal to not have auto-discovery because firewall needs to be configured so there will never be a no work scenario.
My idea initially is to test this out and see It working, if It works well this can be a better alternative to Docker Swarm , Kubernetes or SSI.
This can help people start another Facebook ir something like Whatsapp very cheap and fast. Once I get something going I will let you know.

[pioardi]

Yes @ramonck , so let me know how the things are going on .
I will close this issue, text me to [email protected] for any question ! :)