Hi Erik, Akram,
I would like to hear from you on this. Would you be able to look at the
above inventory and let me know if that right for High availability
OpenShift architecture.
Thanks a lot for help!
Thanks,
Priy
On Wed, Dec 21, 2016 at 11:47 AM, Pri <priyanka4opensh...@gmail.com> wrote:
> Hi Erik,
>
> Thanks for response. Below is my ansible inventory, Please suggests if
> this needs to be modified for HA
>
> # Create an OSEv3 group that contains the master, nodes, etcd, and lb
> groups.
> # The lb group lets Ansible configure HAProxy as the load balancing
> solution.
> # Comment lb out if your load balancer is pre-configured.
> [OSEv3:children]
> masters
> nodes
> etcd
>
> # Set variables common for all OSEv3 hosts
> [OSEv3:vars]
> ansible_ssh_user=root
> deployment_type=openshift-enterprise
> openshift_pkg_version=-3.3.1.5
> openshift_master_console_port=443
> openshift_master_api_port=443
> openshift_image_tag=v3.3.1.5
> # Uncomment the following to enable htpasswd authentication; defaults to
> # DenyAllPasswordIdentityProvider.
> openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login':
> 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider',
> 'filename': '/etc/origin/master/htpasswd'}]
>
> # Native high availbility cluster method with optional load balancer.
> # If no lb group is defined installer assumes that a load balancer has
> # been preconfigured. For installation the value of
> # openshift_master_cluster_hostname must resolve to the load balancer
> # or to one or all of the masters defined in the inventory if no load
> # balancer is present.
> openshift_master_cluster_method=native
> openshift_master_cluster_hostname=elbhostname
> openshift_master_cluster_public_hostname=elbhostname
> openshift_registry_selector='region=infra'
> openshift_hosted_router_selector='region=infra'
>
> # override the default controller lease ttl
> #osm_controller_lease_ttl=30
>
> # host group for masters
> [masters]
> masterhost1
> masterhost2
>
> # host group for etcd
> [etcd]
> masterhost1
> masterhost2
>
>
> # host group for nodes, includes region info
> [nodes]
> infranodehost openshift_node_labels="{'region': 'infra', 'zone':
> 'default'}" openshift_schedulable=true
> masterhost1 openshift_node_labels="{'region': 'master1', 'zone':
> 'default'}" openshift_schedulable=true
> masterhost2 openshift_node_labels="{'region': 'master2', 'zone':
> 'default'}" openshift_schedulable=true
>
> Thanks,
> Priya
>
> On Tue, Dec 20, 2016 at 3:23 AM, Erik Jacobs <ejac...@redhat.com> wrote:
>
>> On Thu, Dec 15, 2016 at 2:25 AM, Pri <priyanka4opensh...@gmail.com>
>> wrote:
>>
>>> Thanks Igor and Akram, I was able to configure with TCP on ELB. For HA
>>> what if a region has only two availability zones? can we configure 2
>>> masters in one and 1 master in other AZ.
>>>
>>> I am not running etcd externally as of now, its embedded in master hosts
>>> itself. Is this the right architecture?
>>>
>>
>> How do you have your Ansible inventory configured? What's your Ansible
>> hosts file look like?
>>
>>
>>> Also I have one more query, how to restart master if I make any change
>>> in master-config.yaml. "systemctl restart atomic-openshift-master" doesn't
>>> seem to work.
>>>
>>
>> If you have multiple masters you need to:
>>
>> * change it on all masters
>> * restart atomic-openshift-master-controllers and -api -- the -master
>> service doesn't run/do anything in an HA/multi-master cluster.
>>
>>>
>>> Thanks,
>>> Priya
>>>
>>>
>>> On Thu, Dec 15, 2016 at 3:13 AM, Akram Ben Aissi <
>>> akram.benai...@gmail.com> wrote:
>>>
>>>> on more point: You need 3 masters for HA, unless you are running etcd
>>>> externally.
>>>>
>>>>
>>>> On 14 December 2016 at 18:25, Igor Katson <igor.kat...@gmail.com>
>>>> wrote:
>>>>
>>>>> Hi, Pri, here's how the setup works for us in prod:
>>>>>
>>>>>
>>>>> - the master ELB MUST be configured to do TCP balancing on port
>>>>> 443. Not HTTPS. You need to do TCP, because the masters do TLS
>>>>> termination
>>>>> and SNI by themselves.
>>>>> - the "openshift_master_cluster_hostname" variable is set to the
>>>>> name of the ELB. Actually, in our setup it is an extra DNS record
>>>>> which is
>>>>> a CNAME to the ELB, so that we can change the ELB if needed. E.g.
>>>>> "internal.openshift.youdomain" that is a CNAME to the ELB.
>>>>> - the "openshift_master_cluster_public_hostname" is set to the
>>>>> publicly-visible DNS name, that also points to this ELB. E.g.
>>>>> "openshift.yourdomain", where you can get valid SSL certs issued.
>>>>>
>>>>> In case you have a public SSL cert, you may put smth like this into
>>>>> inventory (make sure it's a valid json string):
>>>>> "openshift_master_named_certificates": [
>>>>> {
>>>>> "certfile": "your-cert-file-on-ansible-machine", // this
>>>>> may include intermediate certs bundled
>>>>> "keyfile": "your-key-file-on-ansible-machine"
>>>>> }
>>>>> ],
>>>>>
>>>>> On Wed, Dec 14, 2016 at 7:07 AM, Pri <priyanka4opensh...@gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I am setting openshift HA cluster with 2 masters and 2 nodes on AWS.
>>>>>> I want my masters to be backed by Elastic load balancer. But it doesnt
>>>>>> work
>>>>>> when I give "openshift_master_cluster_hostname=<myELB>" as ELB
>>>>>> hostname in ansible. So I tried giving one of the masters hostnames here
>>>>>> which worked fine. After that I configured ELB on AWS and added 2 master
>>>>>> instances. Now the problem is whenever I access openshift console using
>>>>>> ELB
>>>>>> hostname it just redirects me to master IP address which is not what we
>>>>>> want, hostname on browser should always be consistent.
>>>>>>
>>>>>> Also I am not very sure which SSL certificate to configure on ELB
>>>>>> when it listens of HTTPS port 443 for console access.
>>>>>>
>>>>>>
>>>>>> Could you please help me with this?
>>>>>>
>>>>>> Thanks a lot for help
>>>>>>
>>>>>> Thanks,
>>>>>> Priya
>>>>>>
>>>>>> _______________________________________________
>>>>>> dev mailing list
>>>>>> dev@lists.openshift.redhat.com
>>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> dev mailing list
>>>>> dev@lists.openshift.redhat.com
>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>>>>>
>>>>>
>>>>
>>>
>>> _______________________________________________
>>> dev mailing list
>>> dev@lists.openshift.redhat.com
>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>>>
>>>
>>
>
_______________________________________________
dev mailing list
dev@lists.openshift.redhat.com
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
