Hi Pri, as stated initially, if you want HA, you will need at least 3 etcd servers which, in your case, implies 3 masters.
Akram On 3 January 2017 at 08:10, Pri <[email protected]> wrote: > Hi Erik, Akram, > > I would like to hear from you on this. Would you be able to look at the > above inventory and let me know if that right for High availability > OpenShift architecture. > > Thanks a lot for help! > > Thanks, > Priy > > On Wed, Dec 21, 2016 at 11:47 AM, Pri <[email protected]> > wrote: > >> Hi Erik, >> >> Thanks for response. Below is my ansible inventory, Please suggests if >> this needs to be modified for HA >> >> # Create an OSEv3 group that contains the master, nodes, etcd, and lb >> groups. >> # The lb group lets Ansible configure HAProxy as the load balancing >> solution. >> # Comment lb out if your load balancer is pre-configured. >> [OSEv3:children] >> masters >> nodes >> etcd >> >> # Set variables common for all OSEv3 hosts >> [OSEv3:vars] >> ansible_ssh_user=root >> deployment_type=openshift-enterprise >> openshift_pkg_version=-3.3.1.5 >> openshift_master_console_port=443 >> openshift_master_api_port=443 >> openshift_image_tag=v3.3.1.5 >> # Uncomment the following to enable htpasswd authentication; defaults to >> # DenyAllPasswordIdentityProvider. >> openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': >> 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', >> 'filename': '/etc/origin/master/htpasswd'}] >> >> # Native high availbility cluster method with optional load balancer. >> # If no lb group is defined installer assumes that a load balancer has >> # been preconfigured. For installation the value of >> # openshift_master_cluster_hostname must resolve to the load balancer >> # or to one or all of the masters defined in the inventory if no load >> # balancer is present. >> openshift_master_cluster_method=native >> openshift_master_cluster_hostname=elbhostname >> openshift_master_cluster_public_hostname=elbhostname >> openshift_registry_selector='region=infra' >> openshift_hosted_router_selector='region=infra' >> >> # override the default controller lease ttl >> #osm_controller_lease_ttl=30 >> >> # host group for masters >> [masters] >> masterhost1 >> masterhost2 >> >> # host group for etcd >> [etcd] >> masterhost1 >> masterhost2 >> >> >> # host group for nodes, includes region info >> [nodes] >> infranodehost openshift_node_labels="{'region': 'infra', 'zone': >> 'default'}" openshift_schedulable=true >> masterhost1 openshift_node_labels="{'region': 'master1', 'zone': >> 'default'}" openshift_schedulable=true >> masterhost2 openshift_node_labels="{'region': 'master2', 'zone': >> 'default'}" openshift_schedulable=true >> >> Thanks, >> Priya >> >> On Tue, Dec 20, 2016 at 3:23 AM, Erik Jacobs <[email protected]> wrote: >> >>> On Thu, Dec 15, 2016 at 2:25 AM, Pri <[email protected]> >>> wrote: >>> >>>> Thanks Igor and Akram, I was able to configure with TCP on ELB. For HA >>>> what if a region has only two availability zones? can we configure 2 >>>> masters in one and 1 master in other AZ. >>>> >>>> I am not running etcd externally as of now, its embedded in master >>>> hosts itself. Is this the right architecture? >>>> >>> >>> How do you have your Ansible inventory configured? What's your Ansible >>> hosts file look like? >>> >>> >>>> Also I have one more query, how to restart master if I make any change >>>> in master-config.yaml. "systemctl restart atomic-openshift-master" doesn't >>>> seem to work. >>>> >>> >>> If you have multiple masters you need to: >>> >>> * change it on all masters >>> * restart atomic-openshift-master-controllers and -api -- the -master >>> service doesn't run/do anything in an HA/multi-master cluster. >>> >>>> >>>> Thanks, >>>> Priya >>>> >>>> >>>> On Thu, Dec 15, 2016 at 3:13 AM, Akram Ben Aissi < >>>> [email protected]> wrote: >>>> >>>>> on more point: You need 3 masters for HA, unless you are running etcd >>>>> externally. >>>>> >>>>> >>>>> On 14 December 2016 at 18:25, Igor Katson <[email protected]> >>>>> wrote: >>>>> >>>>>> Hi, Pri, here's how the setup works for us in prod: >>>>>> >>>>>> >>>>>> - the master ELB MUST be configured to do TCP balancing on port >>>>>> 443. Not HTTPS. You need to do TCP, because the masters do TLS >>>>>> termination >>>>>> and SNI by themselves. >>>>>> - the "openshift_master_cluster_hostname" variable is set to the >>>>>> name of the ELB. Actually, in our setup it is an extra DNS record >>>>>> which is >>>>>> a CNAME to the ELB, so that we can change the ELB if needed. E.g. >>>>>> "internal.openshift.youdomain" that is a CNAME to the ELB. >>>>>> - the "openshift_master_cluster_public_hostname" is set to the >>>>>> publicly-visible DNS name, that also points to this ELB. E.g. >>>>>> "openshift.yourdomain", where you can get valid SSL certs issued. >>>>>> >>>>>> In case you have a public SSL cert, you may put smth like this into >>>>>> inventory (make sure it's a valid json string): >>>>>> "openshift_master_named_certificates": [ >>>>>> { >>>>>> "certfile": "your-cert-file-on-ansible-machine", // this >>>>>> may include intermediate certs bundled >>>>>> "keyfile": "your-key-file-on-ansible-machine" >>>>>> } >>>>>> ], >>>>>> >>>>>> On Wed, Dec 14, 2016 at 7:07 AM, Pri <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi, >>>>>>> >>>>>>> I am setting openshift HA cluster with 2 masters and 2 nodes on AWS. >>>>>>> I want my masters to be backed by Elastic load balancer. But it doesnt >>>>>>> work >>>>>>> when I give "openshift_master_cluster_hostname=<myELB>" as ELB >>>>>>> hostname in ansible. So I tried giving one of the masters hostnames here >>>>>>> which worked fine. After that I configured ELB on AWS and added 2 master >>>>>>> instances. Now the problem is whenever I access openshift console using >>>>>>> ELB >>>>>>> hostname it just redirects me to master IP address which is not what we >>>>>>> want, hostname on browser should always be consistent. >>>>>>> >>>>>>> Also I am not very sure which SSL certificate to configure on ELB >>>>>>> when it listens of HTTPS port 443 for console access. >>>>>>> >>>>>>> >>>>>>> Could you please help me with this? >>>>>>> >>>>>>> Thanks a lot for help >>>>>>> >>>>>>> Thanks, >>>>>>> Priya >>>>>>> >>>>>>> _______________________________________________ >>>>>>> dev mailing list >>>>>>> [email protected] >>>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> dev mailing list >>>>>> [email protected] >>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>>> >>>>>> >>>>> >>>> >>>> _______________________________________________ >>>> dev mailing list >>>> [email protected] >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>> >>>> >>> >> >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
