[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: openshift 3.3 HA cluster



I can only answer about the AZ question. Afaik, etcd requires 3 nodes mininum, so that there is quorum majority. This way you will tolerate any 1 node going down. So in your example you can tolerate one of the AZs going down, the one where you have 1 node. Provided everything else is configured correctly. E.g. multi-az support in ELB etc.
Also, keep in mind, that if an AZ goes down (honestly, it's kind of unlikely to happen though, a master going down is far more likely in our experience), the EBS volumes that were in the lost AZ won't be able to get mounted.

For running etcd as part of master, I have no experience. As well as with "atomic" flavor of openshift. We use the origin version, and just do "systemctl restart origin-master-api" and/or "systemctl restart origin-master-controllers", depending on what needs to be done.

On Wed, Dec 14, 2016 at 11:25 PM, Pri <priyanka4openshift gmail com> wrote:
Thanks Igor and Akram, I was able to configure with TCP on ELB. For HA what if a region has only two availability zones?  can we configure 2 masters in one and 1 master in other AZ.

I am not running etcd externally as of now, its embedded in master hosts itself. Is this the right architecture? 

Also I have one more query, how to restart master if I make any change in master-config.yaml. "systemctl restart atomic-openshift-master" doesn't seem to work.

Thanks,
Priya


On Thu, Dec 15, 2016 at 3:13 AM, Akram Ben Aissi <akram benaissi gmail com> wrote:
on more point: You need 3 masters for HA, unless you are running etcd externally.


On 14 December 2016 at 18:25, Igor Katson <igor katson gmail com> wrote:
Hi, Pri, here's how the setup works for us in prod:

  • the master ELB MUST be configured to do TCP balancing on port 443. Not HTTPS. You need to do TCP, because the masters do TLS termination and SNI by themselves.
  • the "openshift_master_cluster_hostname" variable is set to the name of the ELB. Actually, in our setup it is an extra DNS record which is a CNAME to the ELB, so that we can change the ELB if needed. E.g. "internal.openshift.youdomain" that is a CNAME to the ELB.
  • the "openshift_master_cluster_public_hostname" is set to the publicly-visible DNS name, that also points to this ELB. E.g. "openshift.yourdomain", where you can get valid SSL certs issued.
 In case you have a public SSL cert, you may put smth like this into inventory (make sure it's a valid json string):
      "openshift_master_named_certificates": [
        {
          "certfile": "your-cert-file-on-ansible-machine",  // this may include intermediate certs bundled
          "keyfile": "your-key-file-on-ansible-machine"
        }
      ],

On Wed, Dec 14, 2016 at 7:07 AM, Pri <priyanka4openshift gmail com> wrote:
Hi,

I am setting openshift HA cluster with 2 masters and 2 nodes on AWS. I want my masters to be backed by Elastic load balancer. But it doesnt work when I give "openshift_master_cluster_hostname=<myELB>" as ELB hostname in ansible. So I tried giving one of the masters hostnames here which worked fine. After that I configured ELB on AWS and added 2 master instances. Now the problem is whenever I access openshift console using ELB hostname it just redirects me to master IP address which is not what we want, hostname on browser should always be consistent.

Also I am not very sure which SSL certificate to configure on ELB when it listens of HTTPS port 443 for console access.


Could you please help me with this?

Thanks a lot for help

Thanks,
Priya

_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev



_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]