CloudCenter 4.8 has reached End of Life (EOL) as of November 14, 2018. See End of Support Notices for additional context.

Install CCM HA Using Appliance

 

CCM HA installation is tested and verified for AWS, OpenStack, and VMware clouds.


To configure CCM in HA mode, you must use the following roles:

  • Database: MGMTPOSTGRES_MASTER and MGMTPOSTGRES_SLAVE (and if required, MGMTPOSTGRES_VIP)

  • CCM: CCM_SA_PRIMARY and CCM_SA_SECONDARY

    Do not use the CCM or CCM_SA roles as those roles DO NOT allow you to configure high availability. See Virtual Appliance Overview and High Availability Best Practices for additional context.

  • Loadbalancer: CCM_LB

Unable to render {include} The included page could not be found.

Unable to render {include} The included page could not be found.

CCM_SA_PRIMARY/SECONDARY – Exchange CCM SSH Keys

To exchange the SSH keys between the CCM_SA_PRIMARY and CCM_SA_SECONDARY servers, follow this procedure using root permissions.

  1. On the CCM_SA_PRIMARY and the CCM_SA_SECONDARY instances, execute the following commands to generate a new SSH key on each instance. 

    ssh-keygen -t rsa
    cd ~/.ssh
    cat id_rsa.pub >> authorized_keys
    chmod 600 authorized_keys
  2. Copy the id_rsa.pub content from both the CCM instances and paste the content into the authorized_keys file.

  3. Verify mutual SSH access between the CCM_SA_PRIMARY and CCM_SA_SECONDARY by running the following command on each VM.

    ssh root@<CCM_SA_PRIMARY/CCM_SA_SECONDARY>

CCM_PRIMARY – Configure HA Wizard Properties

To configure high availability for CCM_SA_PRIMARY, follow this procedure.

  1. Invoke the CCM wizard as a root user (see Virtual Appliance Process > Cloud-Specific Setup Details for a sample setup).

    Prior to CloudCenter 4.8.2, cliqruser credentials were used for SSH configuration.

    Effective CloudCenter 4.8.2, root user credentials are used for SSH configuration.

    Wizard Path
    /usr/local/cliqr/bin/ccm_config_wizard.sh
  2. Configure the HA properties.

    Write this down for future reference!

    Write down the Field details in a printed version of the Installation Approach > Your Notes section for later use.

    Wizard Menu

    Field

    Description

    DB – Configure Database



    DB IP or Hostname

    The VIP/EIP for the master database and slave database. See Phase 1: Prepare Infrastructure > Cloud Nuances for additional context.

    When you configure the MGMTPOSTGRES_MASTER – Configure High Availability Properties, you would have configured the VIP/EIP address for the db_config_wizard already. Similarly, you must provide the EIP/VIP address for the CCM_SA_PRIMARY and the CCM_SA_SECONDARY servers.

    DB Username
    and
    DB Password

    The following credentials are pre-populated:

    • Default username = cliqr (can be changed – manually change the password on MGMTPOSTGRES VMs or RDS and then update the username in the CCM through the database config wizard.

      Be sure to change the PostgresDB password and update the db.properties file to reflect the correct password.

    • Default password = cliqr (can be changed)

      Be sure to change the default password immediately after your first login. See PostgreSQL Password for additional context.

    Configure_HA


    Primary Node Private IPThe IP address of the primary CCM VM
    Secondary Node Private IP The IP address of the secondary CCM VM

    Mgmtserver DNS Name

    Use the DNS or IP of the CCM_LB – Used by the CCO VM to communicate with the CCM VM.

  3. Once the details are entered, the database server begins replication configuration between the database servers followed by HA configuration and finally presents the following status messages.

    • Configuring CCM HA ...
    • Restart server (with the progress bar)
    • Configured CCM HA successfully
  4. Restart the secondary CCM server and corresponding CloudCenter services.
  5. Exit the CCM configuration wizard.

Back to: CCM HA

CCM_LB – HAProxy Installers

Use a plain clean OS image (such as CentOS7) to install a load balancer.

See CCM and Database Firewall Rules > CCM_LB Ports for the complete list of ports that need to be open for your deployment.

If you configure a load balancer for any CloudCenter component, be aware that the firewalId is enabled by default and you must explicitly disable it to ensure that the CloudCenter component(s) can communicate with the load balancer. See Firewall Rules Overview for additional context.

 Here is a sample configuration to load balance a CentOS7.x VM with HAProxy for the CCM.

  1. SSH into the VM instance using the key pair that you used to launch the VM.
  2. Install HAProxy as the root user. 

    yum install -y haproxy
    
  3. Create .pem files for haproxy configuration for CCM_LB in the CCM Primary server.
    1. Run the following commands.

      sudo -i 
      cd /usr/local/cliqr/ssl/ccm
      cat ccm.crt ccm.key >> mgmtserver.pem 
      cat ca_root.crt ccm.key >> ca.pem

      You can name the mgmtserver and ca pem files as required for your environment, however, be sure to append them with the .pem extension.

       

    2. Place the mgmtserver.pem and ca.pem files created earlier to the CCM_LB server in the  /etc/haproxy location.


  4. Append the following details to the HAProxy config file.

    vi /etc/haproxy/haproxy.cfg        
                                                          
    # configuration to listen on 443 with SSL certs and loadbalance
    frontend https-in
        mode http
        log global
        bind *:443 ssl crt /etc/haproxy/mgmtserver.pem ca-file /etc/haproxy/ca.pem
        default_backend ccms
    
    # configuration to listen on 8443 with SSL certs and loadbalance
    frontend httpsalt-in
        mode tcp
        bind *:8443
        default_backend nodes
    
    backend ccms
        balance roundrobin
        mode    http
        log global
        option httplog
        cookie SVR insert preserve nocache
        server  ccm1 <CCM_SA_PRIMARY_IP>:443 check cookie ccm1 ssl verify none
        server  ccm2 <CCM_SA_SECONDARY_IP>:443 check cookie ccm2 ssl verify none
    
    backend nodes
        mode tcp
        balance roundrobin
        option ssl-hello-chk
        server  ccm1 <CCM_SA_PRIMARY_IP>:8443 check
        server  ccm2 <CCM_SA_SECONDARY_IP>:8443 check
    
  5. Start the HAProxy service and verify that the status response is active.

    systemctl start haproxy
    systemctl status haproxy
  6. At this point, you must use HTTPS to invoke the CCM server. For example:

    https://<CCM_LB_IP>

    The following option is an alternative step to the HTTPS step above

    Optional. To view the HA proxy status use the following configuration to access the ha_proxy from a web browser. These stats allow you to view the status of the nodes from a web browser and allows admins to drain/stop nodes without accessing the VMs directly.

    https://CCM_LB_IP:9000/haproxy_stats

    listen stats 0.0.0.0:9000 #Listen on all IP's on port 9000
     mode http
     balance
     timeout client 5000
     timeout connect 4000
     timeout server 30000
    
    #This is the virtual URL to access the stats page
     stats uri /haproxy_stats
    
    #Authentication realm. This can be set to anything. Escape space characters with a backslash.
     stats realm HAProxy\ Statistics
    
    #The user/pass you want to use. Change this password!
     stats auth admin:<password>
    
    #This allows you to take down and bring up back end servers.
     #This will produce an error on older versions of HAProxy.
     stats admin if TRUE

Back to: CCM (Required)

  • No labels
© 2017-2019 Cisco Systems, Inc. All rights reserved