[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: openshift 3.3 HA cluster



Hi Erik,

Thanks for response. Below is my ansible inventory, Please suggests if this needs to be modified for HA

# Create an OSEv3 group that contains the master, nodes, etcd, and lb groups.
# The lb group lets Ansible configure HAProxy as the load balancing solution.
# Comment lb out if your load balancer is pre-configured.
[OSEv3:children]
masters
nodes
etcd

# Set variables common for all OSEv3 hosts
[OSEv3:vars]
ansible_ssh_user=root
deployment_type=openshift-enterprise
openshift_pkg_version=-3.3.1.5
openshift_master_console_port=443
openshift_master_api_port=443
openshift_image_tag=v3.3.1.5
# Uncomment the following to enable htpasswd authentication; defaults to
# DenyAllPasswordIdentityProvider.
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]

# Native high availbility cluster method with optional load balancer.
# If no lb group is defined installer assumes that a load balancer has
# been preconfigured. For installation the value of
# openshift_master_cluster_hostname must resolve to the load balancer
# or to one or all of the masters defined in the inventory if no load
# balancer is present.
openshift_master_cluster_method=native
openshift_master_cluster_hostname=elbhostname
openshift_master_cluster_public_hostname=elbhostname
openshift_registry_selector='region=infra'
openshift_hosted_router_selector='region=infra'

# override the default controller lease ttl
#osm_controller_lease_ttl=30

# host group for masters
[masters]
masterhost1
masterhost2

# host group for etcd
[etcd]
masterhost1
masterhost2


# host group for nodes, includes region info
[nodes]
infranodehost openshift_node_labels="{'region': 'infra', 'zone': 'default'}" openshift_schedulable=true
masterhost1 openshift_node_labels="{'region': 'master1', 'zone': 'default'}" openshift_schedulable=true
masterhost2 openshift_node_labels="{'region': 'master2', 'zone': 'default'}" openshift_schedulable=true

Thanks,
Priya

On Tue, Dec 20, 2016 at 3:23 AM, Erik Jacobs <ejacobs redhat com> wrote:
On Thu, Dec 15, 2016 at 2:25 AM, Pri <priyanka4openshift gmail com> wrote:
Thanks Igor and Akram, I was able to configure with TCP on ELB. For HA what if a region has only two availability zones?  can we configure 2 masters in one and 1 master in other AZ.

I am not running etcd externally as of now, its embedded in master hosts itself. Is this the right architecture? 

How do you have your Ansible inventory configured? What's your Ansible hosts file look like? 


Also I have one more query, how to restart master if I make any change in master-config.yaml. "systemctl restart atomic-openshift-master" doesn't seem to work.

If you have multiple masters you need to:

* change it on all masters
* restart atomic-openshift-master-controllers and -api -- the -master service doesn't run/do anything in an HA/multi-master cluster. 

Thanks,
Priya


On Thu, Dec 15, 2016 at 3:13 AM, Akram Ben Aissi <akram benaissi gmail com> wrote:
on more point: You need 3 masters for HA, unless you are running etcd externally.


On 14 December 2016 at 18:25, Igor Katson <igor katson gmail com> wrote:
Hi, Pri, here's how the setup works for us in prod:

  • the master ELB MUST be configured to do TCP balancing on port 443. Not HTTPS. You need to do TCP, because the masters do TLS termination and SNI by themselves.
  • the "openshift_master_cluster_hostname" variable is set to the name of the ELB. Actually, in our setup it is an extra DNS record which is a CNAME to the ELB, so that we can change the ELB if needed. E.g. "internal.openshift.youdomain" that is a CNAME to the ELB.
  • the "openshift_master_cluster_public_hostname" is set to the publicly-visible DNS name, that also points to this ELB. E.g. "openshift.yourdomain", where you can get valid SSL certs issued.
 In case you have a public SSL cert, you may put smth like this into inventory (make sure it's a valid json string):
      "openshift_master_named_certificates": [
        {
          "certfile": "your-cert-file-on-ansible-machine",  // this may include intermediate certs bundled
          "keyfile": "your-key-file-on-ansible-machine"
        }
      ],

On Wed, Dec 14, 2016 at 7:07 AM, Pri <priyanka4openshift gmail com> wrote:
Hi,

I am setting openshift HA cluster with 2 masters and 2 nodes on AWS. I want my masters to be backed by Elastic load balancer. But it doesnt work when I give "openshift_master_cluster_hostname=<myELB>" as ELB hostname in ansible. So I tried giving one of the masters hostnames here which worked fine. After that I configured ELB on AWS and added 2 master instances. Now the problem is whenever I access openshift console using ELB hostname it just redirects me to master IP address which is not what we want, hostname on browser should always be consistent.

Also I am not very sure which SSL certificate to configure on ELB when it listens of HTTPS port 443 for console access.


Could you please help me with this?

Thanks a lot for help

Thanks,
Priya

_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev



_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev




_______________________________________________
dev mailing list
dev lists openshift redhat com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]