Hi, Pri, here's how the setup works for us in prod:
- the master ELB MUST be configured to do TCP balancing on port 443. Not
HTTPS. You need to do TCP, because the masters do TLS termination and SNI
by themselves.
- the "openshift_master_cluster_hostname" variable is set to the name of
the ELB. Actually, in our setup it is an extra DNS record which is a CNAME
to the ELB, so that we can change the ELB if needed. E.g.
"internal.openshift.youdomain" that is a CNAME to the ELB.
- the "openshift_master_cluster_public_hostname" is set to the
publicly-visible DNS name, that also points to this ELB. E.g.
"openshift.yourdomain", where you can get valid SSL certs issued.
In case you have a public SSL cert, you may put smth like this into
inventory (make sure it's a valid json string):
"openshift_master_named_certificates": [
{
"certfile": "your-cert-file-on-ansible-machine", // this may
include intermediate certs bundled
"keyfile": "your-key-file-on-ansible-machine"
}
],
On Wed, Dec 14, 2016 at 7:07 AM, Pri <[email protected]> wrote:
> Hi,
>
> I am setting openshift HA cluster with 2 masters and 2 nodes on AWS. I
> want my masters to be backed by Elastic load balancer. But it doesnt work
> when I give "openshift_master_cluster_hostname=<myELB>" as ELB hostname
> in ansible. So I tried giving one of the masters hostnames here which
> worked fine. After that I configured ELB on AWS and added 2 master
> instances. Now the problem is whenever I access openshift console using ELB
> hostname it just redirects me to master IP address which is not what we
> want, hostname on browser should always be consistent.
>
> Also I am not very sure which SSL certificate to configure on ELB when it
> listens of HTTPS port 443 for console access.
>
>
> Could you please help me with this?
>
> Thanks a lot for help
>
> Thanks,
> Priya
>
> _______________________________________________
> dev mailing list
> [email protected]
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>
>
_______________________________________________
dev mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
