[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Node names in an OpenShift installation



Thanks Luke,


On Wed, Nov 6, 2013 at 1:04 PM, Luke Meyer <lmeyer redhat com> wrote:



From: "Arunabha Ghosh" <arunabha gh gmail com>
To: dpal redhat com
Cc: "Luke Meyer" <lmeyer redhat com>, dev lists openshift redhat com
Sent: Wednesday, November 6, 2013 3:14:59 PM
Subject: Re: Node names in an OpenShift installation


Thanks, Luke, Dmitri,

I think I'm beginning to understand. Please correct me if I'm wrong.

For every app foo-bar.domain.com the local DNS server for OpenShift maintains an entry pointing the domain to the IP address of the Node server on which the gear is hosted. When a client sshes to xyz foo-bar domain com the DNS server returns the correct IP of the node server. Hence ALL nodes need to have the same credentials to prevent ssh from complaining.

A few questions

1) I'm confused by the overloading of the term hostname in the docs. 

When a node is added with oo-register-dns -h node -d example.com -n 10.4.59.y -k ${keyfile}, the -h parameter is the fqdn of the node or it can be any name ? Also can an fqdn be specified in -n or does it need to be an externally routable IP address (for EC2) ?

That particular tool isn't too bright (it's just a convenience; ideally you'd define DNS for all your hosts somewhere else anyway).
You mean install DNS separately from OpenShift ? Seems like a good idea, but most of the install tools configure a DNS server along with the Broker. Is there any documentation on how to integrate OpenShift with an external DNS deployment ?

Also, how does the Broker discover newly added node hosts ? I thought it would be the oo-register-dns tool, but it looks like that just configures the DNS server.
 

The -h parameter should be the short name, e.g. node. It will get defined in the zone for the domain. If you put a FQDN in there it will not do what you expect. -n should be an IP (you're defining a DNS name here). Examples may help:
oo-register-dns -h node -d example.com -n 1.2.3.4
=> resolves node.example.com to  1.2.3.4
oo-register-dns -h node.example.com -d example.com -n 1.2.3.4
=> resolves node.example.com.example.com to  1.2.3.4
oo-register-dns -h node -d example.com -n foo.host.example.com
=> probably just blows up because you can't use a name as the target for an A record




2) How does an app hosted on multiple gears work ?

The first gear has a load balancer that balances traffic between the gears.



3) How does the system deal with DNS propagation delay ? Say a gear is moved from node 1 to node 2, a client could still attempt to connect to node 1. What prevents the ssh from succeeding on node 1 ?


ssh takes a user and host. When the gear is moved between nodes, that gear user is moved. So the ssh to node1 will fail because the gear user is no longer there.


Thanks,
Arunabha


On Wed, Nov 6, 2013 at 9:07 AM, Dmitri Pal <dpal redhat com> wrote:
On 11/05/2013 10:13 PM, Luke Meyer wrote:
> No, it doesn't mean they have the same hostname. It means they have the same host keys.
>
> Git users access their gears via ssh to the gear hostname. That doesn't change even if the gear moves to a new host. What ssh complains about is when the host keys change.

May be this can help:
http://cloud-mechanic.blogspot.com/2013/10/diversion-kerberos-freeipa-in-aws-ec2.html

>
> ----- Original Message -----
> From: "Arunabha Ghosh" <arunabha gh gmail com>
> To: dev lists openshift redhat com
> Sent: Tuesday, November 5, 2013 9:09:16 PM
> Subject: Node names in an OpenShift installation
>
>
>
> Hi,
> Going through the puppet installation documentation for OpenShift here, I came across this sentence.
>
> "All node hosts should identify as the same host, so that when gears are moved between hosts, ssh and git don’t give developers spurious warnings about the host keys changing."
>
>
> Does this mean that even if I have, say a hundred node hosts in my deployment, each node must have the same hostname (like node.mydomain.com ) ?
>
>
> Thanks,
> Arunabha
> _______________________________________________
> dev mailing list
> dev lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>
> _______________________________________________
> dev mailing list
> dev lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>
>


--
Thank you,
Dmitri Pal

Sr. Engineering Manager for IdM portfolio
Red Hat Inc.


-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/







[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]