On Thu, Dec 15, 2016 at 2:25 AM, Pri <priyanka4opensh...@gmail.com> wrote:
> Thanks Igor and Akram, I was able to configure with TCP on ELB. For HA > what if a region has only two availability zones? can we configure 2 > masters in one and 1 master in other AZ. > > I am not running etcd externally as of now, its embedded in master hosts > itself. Is this the right architecture? > How do you have your Ansible inventory configured? What's your Ansible hosts file look like? > Also I have one more query, how to restart master if I make any change in > master-config.yaml. "systemctl restart atomic-openshift-master" doesn't > seem to work. > If you have multiple masters you need to: * change it on all masters * restart atomic-openshift-master-controllers and -api -- the -master service doesn't run/do anything in an HA/multi-master cluster. > > Thanks, > Priya > > > On Thu, Dec 15, 2016 at 3:13 AM, Akram Ben Aissi <akram.benai...@gmail.com > > wrote: > >> on more point: You need 3 masters for HA, unless you are running etcd >> externally. >> >> >> On 14 December 2016 at 18:25, Igor Katson <igor.kat...@gmail.com> wrote: >> >>> Hi, Pri, here's how the setup works for us in prod: >>> >>> >>> - the master ELB MUST be configured to do TCP balancing on port 443. >>> Not HTTPS. You need to do TCP, because the masters do TLS termination and >>> SNI by themselves. >>> - the "openshift_master_cluster_hostname" variable is set to the >>> name of the ELB. Actually, in our setup it is an extra DNS record which >>> is >>> a CNAME to the ELB, so that we can change the ELB if needed. E.g. >>> "internal.openshift.youdomain" that is a CNAME to the ELB. >>> - the "openshift_master_cluster_public_hostname" is set to the >>> publicly-visible DNS name, that also points to this ELB. E.g. >>> "openshift.yourdomain", where you can get valid SSL certs issued. >>> >>> In case you have a public SSL cert, you may put smth like this into >>> inventory (make sure it's a valid json string): >>> "openshift_master_named_certificates": [ >>> { >>> "certfile": "your-cert-file-on-ansible-machine", // this may >>> include intermediate certs bundled >>> "keyfile": "your-key-file-on-ansible-machine" >>> } >>> ], >>> >>> On Wed, Dec 14, 2016 at 7:07 AM, Pri <priyanka4opensh...@gmail.com> >>> wrote: >>> >>>> Hi, >>>> >>>> I am setting openshift HA cluster with 2 masters and 2 nodes on AWS. I >>>> want my masters to be backed by Elastic load balancer. But it doesnt work >>>> when I give "openshift_master_cluster_hostname=<myELB>" as ELB >>>> hostname in ansible. So I tried giving one of the masters hostnames here >>>> which worked fine. After that I configured ELB on AWS and added 2 master >>>> instances. Now the problem is whenever I access openshift console using ELB >>>> hostname it just redirects me to master IP address which is not what we >>>> want, hostname on browser should always be consistent. >>>> >>>> Also I am not very sure which SSL certificate to configure on ELB when >>>> it listens of HTTPS port 443 for console access. >>>> >>>> >>>> Could you please help me with this? >>>> >>>> Thanks a lot for help >>>> >>>> Thanks, >>>> Priya >>>> >>>> _______________________________________________ >>>> dev mailing list >>>> dev@lists.openshift.redhat.com >>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>>> >>>> >>> >>> _______________________________________________ >>> dev mailing list >>> dev@lists.openshift.redhat.com >>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev >>> >>> >> > > _______________________________________________ > dev mailing list > dev@lists.openshift.redhat.com > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev > >
_______________________________________________ dev mailing list dev@lists.openshift.redhat.com http://lists.openshift.redhat.com/openshiftmm/listinfo/dev