Whenever I've seen the topic of HA come up, it's always been similar to what Nick just said. There really doesn't seem to be a good way to get true high availability.
It seems the best you can do is "shard" your guacamole+guacd stacks so that a failure in one of them only takes out a small portion of your end users. Since the loss of a tomcat server means all guacd sessions passing through it are toast.. to get the best "sharding", the logic to me seems to encourage lots of small guacamole+guacd paired servers... If you scale horizontally like this (which obviously allows for weaker/cheaper individual servers).. then losing 1 of 10 servers impacts only 10% of users. On Sat, Oct 7, 2023, 7:18 PM Nick Couchman <[email protected]> wrote: > > > On Sat, Oct 7, 2023 at 4:23 PM Maciej Konigsman > <[email protected]> wrote: > >> Hi, >> >> I would like to run Guacamole in HA. >> I identified four services to achieve HA: >> 1. Load balancer >> 2. Web UI (Tomcat) >> 3. Guacd >> 4. DB (MySQL) >> >> I know how to configure HA for 1, 2 and 4 >> I'm having an issue with understanding/finding documentation or examples >> for guacd. My main concern is how to keep a session (including recording) >> if a container with guacd fails or gets restarted. >> > > The first thing to note would be that there's no way to > synchronize session information between instances of guacd. So, if a system > running guacd crashes, or guacd itself crashes completely, you won't be > able to maintain those sessions - the users will get disconnected and will > have to re-establish connections with working guacd instances. This is also > true of the Web UI (Tomcat) portion of Guacamole - users logged in and > sessions established on one of the Web front-ends will not be visible to or > synchronized with sessions and users on the other web front-end. This will > also impact your ability use connection sharing effectively, as users on > one web front-end and/or guacd instance will not be able to share their > connections with users who happen to log in to a different web front end, > or who connect through a different guacd. > > As far as how to load-balance guacd, you can use a network load balancer > (like HAProxy) and then use session "stickiness" to make sure that your web > front-end systems get consistently connected to the same guacd instance. > > -Nick > >>
