Hi Erik,
Thanks for response. Below is my ansible inventory, Please suggests if this
needs to be modified for HA
# Create an OSEv3 group that contains the master, nodes, etcd, and lb
groups.
# The lb group lets Ansible configure HAProxy as the load balancing
solution.
# Comment lb out if your load balancer is pre-configured.
[OSEv3:children]
masters
nodes
etcd
# Set variables common for all OSEv3 hosts
[OSEv3:vars]
ansible_ssh_user=root
deployment_type=openshift-enterprise
openshift_pkg_version=-3.3.1.5
openshift_master_console_port=443
openshift_master_api_port=443
openshift_image_tag=v3.3.1.5
# Uncomment the following to enable htpasswd authentication; defaults to
# DenyAllPasswordIdentityProvider.
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login':
'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider',
'filename': '/etc/origin/master/htpasswd'}]
# Native high availbility cluster method with optional load balancer.
# If no lb group is defined installer assumes that a load balancer has
# been preconfigured. For installation the value of
# openshift_master_cluster_hostname must resolve to the load balancer
# or to one or all of the masters defined in the inventory if no load
# balancer is present.
openshift_master_cluster_method=native
openshift_master_cluster_hostname=elbhostname
openshift_master_cluster_public_hostname=elbhostname
openshift_registry_selector='region=infra'
openshift_hosted_router_selector='region=infra'
# override the default controller lease ttl
#osm_controller_lease_ttl=30
# host group for masters
[masters]
masterhost1
masterhost2
# host group for etcd
[etcd]
masterhost1
masterhost2
# host group for nodes, includes region info
[nodes]
infranodehost openshift_node_labels="{'region': 'infra', 'zone':
'default'}" openshift_schedulable=true
masterhost1 openshift_node_labels="{'region': 'master1', 'zone':
'default'}" openshift_schedulable=true
masterhost2 openshift_node_labels="{'region': 'master2', 'zone':
'default'}" openshift_schedulable=true
Thanks,
Priya
On Tue, Dec 20, 2016 at 3:23 AM, Erik Jacobs <[email protected]> wrote:
> On Thu, Dec 15, 2016 at 2:25 AM, Pri <[email protected]> wrote:
>
>> Thanks Igor and Akram, I was able to configure with TCP on ELB. For HA
>> what if a region has only two availability zones? can we configure 2
>> masters in one and 1 master in other AZ.
>>
>> I am not running etcd externally as of now, its embedded in master hosts
>> itself. Is this the right architecture?
>>
>
> How do you have your Ansible inventory configured? What's your Ansible
> hosts file look like?
>
>
>> Also I have one more query, how to restart master if I make any change in
>> master-config.yaml. "systemctl restart atomic-openshift-master" doesn't
>> seem to work.
>>
>
> If you have multiple masters you need to:
>
> * change it on all masters
> * restart atomic-openshift-master-controllers and -api -- the -master
> service doesn't run/do anything in an HA/multi-master cluster.
>
>>
>> Thanks,
>> Priya
>>
>>
>> On Thu, Dec 15, 2016 at 3:13 AM, Akram Ben Aissi <
>> [email protected]> wrote:
>>
>>> on more point: You need 3 masters for HA, unless you are running etcd
>>> externally.
>>>
>>>
>>> On 14 December 2016 at 18:25, Igor Katson <[email protected]> wrote:
>>>
>>>> Hi, Pri, here's how the setup works for us in prod:
>>>>
>>>>
>>>> - the master ELB MUST be configured to do TCP balancing on port
>>>> 443. Not HTTPS. You need to do TCP, because the masters do TLS
>>>> termination
>>>> and SNI by themselves.
>>>> - the "openshift_master_cluster_hostname" variable is set to the
>>>> name of the ELB. Actually, in our setup it is an extra DNS record which
>>>> is
>>>> a CNAME to the ELB, so that we can change the ELB if needed. E.g.
>>>> "internal.openshift.youdomain" that is a CNAME to the ELB.
>>>> - the "openshift_master_cluster_public_hostname" is set to the
>>>> publicly-visible DNS name, that also points to this ELB. E.g.
>>>> "openshift.yourdomain", where you can get valid SSL certs issued.
>>>>
>>>> In case you have a public SSL cert, you may put smth like this into
>>>> inventory (make sure it's a valid json string):
>>>> "openshift_master_named_certificates": [
>>>> {
>>>> "certfile": "your-cert-file-on-ansible-machine", // this
>>>> may include intermediate certs bundled
>>>> "keyfile": "your-key-file-on-ansible-machine"
>>>> }
>>>> ],
>>>>
>>>> On Wed, Dec 14, 2016 at 7:07 AM, Pri <[email protected]>
>>>> wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> I am setting openshift HA cluster with 2 masters and 2 nodes on AWS. I
>>>>> want my masters to be backed by Elastic load balancer. But it doesnt work
>>>>> when I give "openshift_master_cluster_hostname=<myELB>" as ELB
>>>>> hostname in ansible. So I tried giving one of the masters hostnames here
>>>>> which worked fine. After that I configured ELB on AWS and added 2 master
>>>>> instances. Now the problem is whenever I access openshift console using
>>>>> ELB
>>>>> hostname it just redirects me to master IP address which is not what we
>>>>> want, hostname on browser should always be consistent.
>>>>>
>>>>> Also I am not very sure which SSL certificate to configure on ELB when
>>>>> it listens of HTTPS port 443 for console access.
>>>>>
>>>>>
>>>>> Could you please help me with this?
>>>>>
>>>>> Thanks a lot for help
>>>>>
>>>>> Thanks,
>>>>> Priya
>>>>>
>>>>> _______________________________________________
>>>>> dev mailing list
>>>>> [email protected]
>>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> dev mailing list
>>>> [email protected]
>>>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>>>>
>>>>
>>>
>>
>> _______________________________________________
>> dev mailing list
>> [email protected]
>> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
>>
>>
>
_______________________________________________
dev mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
