This is correct. I am guessing you also will need fully resolving forward DNS, and it looks like you are using shortnames from a hosts file.
Erik M Jacobs, RHCA Principal Technical Marketing Manager, OpenShift Red Hat, Inc. Phone: 646.462.3745 Email: [email protected] AOL Instant Messenger: ejacobsatredhat Twitter: @ErikonOpen Freenode: thoraxe On Tue, Jan 3, 2017 at 3:18 AM, Akram Ben Aissi <[email protected]> wrote: > Hi Pri, > > as stated initially, if you want HA, you will need at least 3 etcd servers > which, in your case, implies 3 masters. > > Akram > > > On 3 January 2017 at 08:10, Pri <[email protected]> wrote: > >> Hi Erik, Akram, >> >> I would like to hear from you on this. Would you be able to look at the >> above inventory and let me know if that right for High availability >> OpenShift architecture. >> >> Thanks a lot for help! >> >> Thanks, >> Priy >> >> On Wed, Dec 21, 2016 at 11:47 AM, Pri <[email protected]> >> wrote: >> >>> Hi Erik, >>> >>> Thanks for response. Below is my ansible inventory, Please suggests if >>> this needs to be modified for HA >>> >>> # Create an OSEv3 group that contains the master, nodes, etcd, and lb >>> groups. >>> # The lb group lets Ansible configure HAProxy as the load balancing >>> solution. >>> # Comment lb out if your load balancer is pre-configured. >>> [OSEv3:children] >>> masters >>> nodes >>> etcd >>> >>> # Set variables common for all OSEv3 hosts >>> [OSEv3:vars] >>> ansible_ssh_user=root >>> deployment_type=openshift-enterprise >>> openshift_pkg_version=-3.3.1.5 >>> openshift_master_console_port=443 >>> openshift_master_api_port=443 >>> openshift_image_tag=v3.3.1.5 >>> # Uncomment the following to enable htpasswd authentication; defaults to >>> # DenyAllPasswordIdentityProvider. >>> openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': >>> 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', >>> 'filename': '/etc/origin/master/htpasswd'}] >>> >>> # Native high availbility cluster method with optional load balancer. >>> # If no lb group is defined installer assumes that a load balancer has >>> # been preconfigured. For installation the value of >>> # openshift_master_cluster_hostname must resolve to the load balancer >>> # or to one or all of the masters defined in the inventory if no load >>> # balancer is present. >>> openshift_master_cluster_method=native >>> openshift_master_cluster_hostname=elbhostname >>> openshift_master_cluster_public_hostname=elbhostname >>> openshift_registry_selector='region=infra' >>> openshift_hosted_router_selector='region=infra' >>> >>> # override the default controller lease ttl >>> #osm_controller_lease_ttl=30 >>> >>> # host group for masters >>> [masters] >>> masterhost1 >>> masterhost2 >>> >>> # host group for etcd >>> [etcd] >>> masterhost1 >>> masterhost2 >>> >>> >>> # host group for nodes, includes region info >>> [nodes] >>> infranodehost openshift_node_labels="{'region': 'infra', 'zone': >>> 'default'}" openshift_schedulable=true >>> masterhost1 openshift_node_labels="{'region': 'master1', 'zone': >>> 'default'}" openshift_schedulable=true >>> masterhost2 openshift_node_labels="{'region': 'master2', 'zone': >>> 'default'}" openshift_schedulable=true >>> >>> Thanks, >>> Priya >>> >>> On Tue, Dec 20, 2016 at 3:23 AM, Erik Jacobs <[email protected]> wrote: >>> >>>> On Thu, Dec 15, 2016 at 2:25 AM, Pri <[email protected]> >>>> wrote: >>>> >>>>> Thanks Igor and Akram, I was able to configure with TCP on ELB. For HA >>>>> what if a region has only two availability zones? can we configure 2 >>>>> masters in one and 1 master in other AZ. >>>>> >>>>> I am not running etcd externally as of now, its embedded in master >>>>> hosts itself. Is this the right architecture? >>>>> >>>> >>>> How do you have your Ansible inventory configured? What's your Ansible >>>> hosts file look like? >>>> >>>> >>>>> Also I have one more query, how to restart master if I make any change >>>>> in master-config.yaml. "systemctl restart atomic-openshift-master" doesn't >>>>> seem to work. >>>>> >>>> >>>> If you have multiple masters you need to: >>>> >>>> * change it on all masters >>>> * restart atomic-openshift-master-controllers and -api -- the -master >>>> service doesn't run/do anything in an HA/multi-master cluster. >>>> >>>>> >>>>> Thanks, >>>>> Priya >>>>> >>>>> >>>>> On Thu, Dec 15, 2016 at 3:13 AM, Akram Ben Aissi < >>>>> [email protected]> wrote: >>>>> >>>>>> on more point: You need 3 masters for HA, unless you are running etcd >>>>>> externally. >>>>>> >>>>>> >>>>>> On 14 December 2016 at 18:25, Igor Katson <[email protected]> >>>>>> wrote: >>>>>> >>>>>>> Hi, Pri, here's how the setup works for us in prod: >>>>>>> >>>>>>> >>>>>>> - the master ELB MUST be configured to do TCP balancing on port >>>>>>> 443. Not HTTPS. You need to do TCP, because the masters do TLS >>>>>>> termination >>>>>>> and SNI by themselves. >>>>>>> - the "openshift_master_cluster_hostname" variable is set to the >>>>>>> name of the ELB. Actually, in our setup it is an extra DNS record >>>>>>> which is >>>>>>> a CNAME to the ELB, so that we can change the ELB if needed. E.g. >>>>>>> "internal.openshift.youdomain" that is a CNAME to the ELB. >>>>>>> - the "openshift_master_cluster_public_hostname" is set to the >>>>>>> publicly-visible DNS name, that also points to this ELB. E.g. >>>>>>> "openshift.yourdomain", where you can get valid SSL certs issued. >>>>>>> >>>>>>> In case you have a public SSL cert, you may put smth like this into >>>>>>> inventory (make sure it's a valid json string): >>>>>>> "openshift_master_named_certificates": [ >>>>>>> { >>>>>>> "certfile": "your-cert-file-on-ansible-machine", // this >>>>>>> may include intermediate certs bundled >>>>>>> "keyfile": "your-key-file-on-ansible-machine" >>>>>>> } >>>>>>> ], >>>>>>> >>>>>>> On Wed, Dec 14, 2016 at 7:07 AM, Pri <[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> I am setting openshift HA cluster with 2 masters and 2 nodes on >>>>>>>> AWS. I want my masters to be backed by Elastic load balancer. But it >>>>>>>> doesnt >>>>>>>> work when I give "openshift_master_cluster_hostname=<myELB>" as >>>>>>>> ELB hostname in ansible. So I tried giving one of the masters hostnames >>>>>>>> here which worked fine. After that I configured ELB on AWS and added 2 >>>>>>>> master instances. Now the problem is whenever I access openshift >>>>>>>> console >>>>>>>> using ELB hostname it just redirects me to master IP address which is >>>>>>>> not >>>>>>>> what we want, hostname on browser should always be consistent. >>>>>>>> >>>>>>>> Also I am not very sure which SSL certificate to configure on ELB >>>>>>>> when it listens of HTTPS port 443 for console access. >>>>>>>> >>>>>>>> >>>>>>>> Could you please help me with this? >>>>>>>> >>>>>>>> Thanks a lot for help >>>>>>>> >>>>>>>> Thanks, >>>>>>>> Priya >>>>>>>> >>>>>>>> _______________________________________________ >>>>>>>> dev mailing list >>>>>>>> [email protected] >>>>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> _______________________________________________ >>>>>>> dev mailing list >>>>>>> [email protected] >>>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> dev mailing list >>>>> [email protected] >>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>>> >>>>> >>>> >>> >> >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
