I can only answer about the AZ question. Afaik, etcd requires 3 nodes mininum, so that there is quorum majority. This way you will tolerate any 1 node going down. So in your example you can tolerate one of the AZs going down, the one where you have 1 node. Provided everything else is configured correctly. E.g. multi-az support in ELB etc. Also, keep in mind, that if an AZ goes down (honestly, it's kind of unlikely to happen though, a master going down is far more likely in our experience), the EBS volumes that were in the lost AZ won't be able to get mounted.
For running etcd as part of master, I have no experience. As well as with "atomic" flavor of openshift. We use the origin version, and just do "systemctl restart origin-master-api" and/or "systemctl restart origin-master-controllers", depending on what needs to be done. On Wed, Dec 14, 2016 at 11:25 PM, Pri <[email protected]> wrote: > Thanks Igor and Akram, I was able to configure with TCP on ELB. For HA > what if a region has only two availability zones? can we configure 2 > masters in one and 1 master in other AZ. > > I am not running etcd externally as of now, its embedded in master hosts > itself. Is this the right architecture? > > Also I have one more query, how to restart master if I make any change in > master-config.yaml. "systemctl restart atomic-openshift-master" doesn't > seem to work. > > Thanks, > Priya > > > On Thu, Dec 15, 2016 at 3:13 AM, Akram Ben Aissi <[email protected] > > wrote: > >> on more point: You need 3 masters for HA, unless you are running etcd >> externally. >> >> >> On 14 December 2016 at 18:25, Igor Katson <[email protected]> wrote: >> >>> Hi, Pri, here's how the setup works for us in prod: >>> >>> >>> - the master ELB MUST be configured to do TCP balancing on port 443. >>> Not HTTPS. You need to do TCP, because the masters do TLS termination and >>> SNI by themselves. >>> - the "openshift_master_cluster_hostname" variable is set to the >>> name of the ELB. Actually, in our setup it is an extra DNS record which >>> is >>> a CNAME to the ELB, so that we can change the ELB if needed. E.g. >>> "internal.openshift.youdomain" that is a CNAME to the ELB. >>> - the "openshift_master_cluster_public_hostname" is set to the >>> publicly-visible DNS name, that also points to this ELB. E.g. >>> "openshift.yourdomain", where you can get valid SSL certs issued. >>> >>> In case you have a public SSL cert, you may put smth like this into >>> inventory (make sure it's a valid json string): >>> "openshift_master_named_certificates": [ >>> { >>> "certfile": "your-cert-file-on-ansible-machine", // this may >>> include intermediate certs bundled >>> "keyfile": "your-key-file-on-ansible-machine" >>> } >>> ], >>> >>> On Wed, Dec 14, 2016 at 7:07 AM, Pri <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> I am setting openshift HA cluster with 2 masters and 2 nodes on AWS. I >>>> want my masters to be backed by Elastic load balancer. But it doesnt work >>>> when I give "openshift_master_cluster_hostname=<myELB>" as ELB >>>> hostname in ansible. So I tried giving one of the masters hostnames here >>>> which worked fine. After that I configured ELB on AWS and added 2 master >>>> instances. Now the problem is whenever I access openshift console using ELB >>>> hostname it just redirects me to master IP address which is not what we >>>> want, hostname on browser should always be consistent. >>>> >>>> Also I am not very sure which SSL certificate to configure on ELB when >>>> it listens of HTTPS port 443 for console access. >>>> >>>> >>>> Could you please help me with this? >>>> >>>> Thanks a lot for help >>>> >>>> Thanks, >>>> Priya >>>> >>>> _______________________________________________ >>>> dev mailing list >>>> [email protected] >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>> >>>> >>> >>> _______________________________________________ >>> dev mailing list >>> [email protected] >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>> >>> >> >
_______________________________________________ dev mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
