From f20e8d562ed44b99a6c1efbce42b76ffa736f7e5 Mon Sep 17 00:00:00 2001 From: Toma Bilius Date: Mon, 22 Feb 2021 11:22:00 +0100 Subject: USERDOCAP-639 Update High Availability setup section Change-Id: I8bb01b6232f08c795a109b5d801d8eed2ca79188 Signed-off-by: Toma Bilius --- .../doc/advanced_configurations.xml | 222 ++++++++++----------- .../doc/images/high_av_setup.png | Bin 436204 -> 100018 bytes .../doc/upgrade_ena.xml | 10 +- 3 files changed, 116 insertions(+), 116 deletions(-) (limited to 'doc') diff --git a/doc/book-enea-nfv-access-getting-started/doc/advanced_configurations.xml b/doc/book-enea-nfv-access-getting-started/doc/advanced_configurations.xml index 74ff1dd..c85f30d 100644 --- a/doc/book-enea-nfv-access-getting-started/doc/advanced_configurations.xml +++ b/doc/book-enea-nfv-access-getting-started/doc/advanced_configurations.xml @@ -425,8 +425,8 @@ node0.1048576kB = 3 Installing the Enea uCPE Manager in High Availability Mode The following describes the setup needed for running the Enea uCPE - Manager in High Availabilty (HA) mode, with a MariaDB database cluster. - The desired setup is depicted in the following diagram: + Manager in High Availabilty (HA) mode, with a MariaDB database cluster. A + setup example is illustrated in the diagram below.
The High Availability setup @@ -439,10 +439,32 @@ node0.1048576kB = 3
+ The setup consists of two sub-clusters, placed in different + geographical locations. Each sub-cluster contains three MariaDB servers, + thus avoiding the split-brain problem. In this example, two of the + machines are running only MariaDB, while the rest are hosting a MariaDB + server and an Enea uCPE Manager instance. The entire network is hidden behind a + firewall that performs NAT. While in protection (cluster) mode, the + Enea uCPE Manager instances promote a Virtual IP (VIP) that represents the IP address of the + entire cluster. The firewall in this case will allocate a public IP for + the outside world that will be translated into the VIP. Also in this + example, the traffic towards the cluster from outside the firewall is done + through HTTPS, which will be translated to HTTP inside the private + network. + + + By default, communication to the Enea uCPE Manager is done with HTTPS. + To enable HTTP, go to System, Configuration, click on the Web Access tab and check the Enable HTTP checkbox. + +
Requirements for High Availability - - The following hardware is needed for deploying the base configuration: + + The following hardware is needed for deploying the base + configuration: @@ -480,39 +502,19 @@ node0.1048576kB = 3 - - - The Enea uCPE Manager machines should run CentOS 7, this is - the only currently supported version. - - - - All machines should be on the same subnet. For geographically - distributed servers, a VPN can be used. - - - - All VCPE devices will typically connect to the external IP - (WAN) address (exported by the Big-IP firewall). - - - - WAN traffic will be HTTPS, whereas internal communication will - be through HTTP. - - - - External clients (browsers using the GUI as well as clients - using the REST API) will connect to the external (WAN) - address. -
Firewall Rules - The following firewall configuration is needed: + Please refer to Firewall Configuration in the + Manual. + In addition, the following configuration is needed: @@ -532,8 +534,8 @@ SELINUXTYPE=targeted The following ports should be opened in the local firewall (not - Big-IP), for each Enea uCPE Manager machine: - + the one doing NAT), for each Enea uCPE Manager machine: + Ports for Enea uCPE Manager Machines @@ -552,7 +554,7 @@ SELINUXTYPE=targeted 80 (TCP) - HTTP (used by Big-IP firewall) + HTTP @@ -588,7 +590,8 @@ SELINUXTYPE=targeted
- For each MariaDB machine, the following firewall configuration is needed: + For MariaDB, the following ports must be opened (on each MariaDB + server, including the ones hosting the Enea uCPE Manager): Ports for MariaDB Machines @@ -633,7 +636,7 @@ SELINUXTYPE=targeted
The following ports should be accessible externally and translated - to the Virtual IP side as shown below (by the Big-IP firewall): + to the Virtual IP side as shown below: Ports for Virtual IP @@ -683,9 +686,9 @@ SELINUXTYPE=targeted
Installing High Availability - The Enea uCPE Manager can be installed in High Availability mode with - a MariaDB database cluster by performing the following steps. The mandatory - Java configuration is also detailed. + The Enea uCPE Manager can be installed in High Availability mode + with a MariaDB database cluster by performing the following steps. The + mandatory Java configuration is also detailed.
Installing and configuring the MariaDB cluster @@ -700,6 +703,27 @@ SELINUXTYPE=targeted How to install MariaDB + + Install the MariaDB official yum repository. Create a file + named mariadb.repo in + /etc/yum.repos.d/ with the following + content:# MariaDB 10.5 CentOS repository list - created 2021-02-16 08:46 UTC +# http://downloads.mariadb.org/mariadb/repositories/ +[mariadb] +name = MariaDB +baseurl = http://yum.mariadb.org/10.5/centos7-amd64 +gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB +gpgcheck=1 + + + + For more information about setting the repository, + consult Downloads + - Setting up MariaDB Repositories. + + + Make sure the following packages are installed: @@ -716,43 +740,43 @@ galera-4-26.4.6-1.el7.centos.x86_64 Copy the wsrep template: - [root@localhost ~]# cp /usr/share/mysql/wsrep.cnf /etc/my.cnf.d + [root@localhost ~]# cp /usr/share/mysql/wsrep.cnf /etc/my.cnf.d + - Change the following configuration: + Change the following configuration in + /etc/my.cnf.d/wsrep.cnf: # Full path to wsrep provider library or 'none' -wsrep_provider=/usr/lib64/galera-4/libgalera_smm.so +wsrep_provider=/usr/lib64/galera-4/libgalera_smm.so # Provider specific configuration options #wsrep_provider_options= # Logical cluster name. Should be the same for all nodes. -wsrep_cluster_name="ucpemanager" +wsrep_cluster_name="ucpemanager" # Group communication system handle -wsrep_cluster_address="gcomm://192.168.10.11,192.168.10.12,..,192.168.10.16" +wsrep_cluster_address="gcomm://192.168.10.11,192.168.10.12,..,192.168.10.16" # Human-readable node name (non-unique). Hostname by default. -wsrep_node_name=Node1 -# current node's name. set node name for each server in the cluster +wsrep_node_name=Node1 # current node's name. set node name for each server in the cluster # Base replication <address|hostname>[:port] of the node. # The values supplied will be used as defaults for state transfer receiving, # listening ports and so on. Default: address of the first network interface. -wsrep_node_address=192.168.10.11 -#current node's interface IP . must be set for each node in the cluster +wsrep_node_address=192.168.10.11 #current node's interface IP . must be set for each node in the cluster - Steps 2 and 3 must be performed for each MariaDB node in - the cluster. + Steps 2, 3 and 4 must be performed for each MariaDB node + in the cluster. - Bootstrap the first node in the cluster (identified by - Node1 for example), by running: + Bootstrap the first node in the cluster (referred to as + Node1 in this example), by running: [root@localhost ~]# galera_new_cluster @@ -796,30 +820,30 @@ MariaDB [(none)]> show status like 'wsrep_cluster_conf_%'; [root@localhost ~]# mysql_secure_installation -Switch to unix_socket authentication [Y/n] Y +Switch to unix_socket authentication [Y/n] Y Enabled successfully! Reloading privilege tables.. ... Success! … -Change the root password? [Y/n] Y +Change the root password? [Y/n] Y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! … -Remove anonymous users? [Y/n] Y +Remove anonymous users? [Y/n] Y ... Success! … -Disallow root login remotely? [Y/n] Y +Disallow root login remotely? [Y/n] Y ... Success! … -Remove test database and access to it? [Y/n] Y (optional) +Remove test database and access to it? [Y/n] Y (optional) - Dropping test database... ... Success! - Removing privileges on test database... ... Success! -Reload privilege tables now? [Y/n] Y +Reload privilege tables now? [Y/n] Y ... Success! Cleaning up... @@ -847,54 +871,21 @@ TO 'enea'@'%' IDENTIFIED BY 'somepassword' WITH GRANT OPTION;
Installing the Java SDK - The following steps describe the installation of Java 11 SDK on - the CentOS 7 machines that will run the Enea uCPE Manager - installation: - - - - Install the following packages: - - java-11-openjdk-devel-11.0.10.0.9-0.el7_9.x86_64 -java-11-openjdk-11.0.10.0.9-0.el7_9.x86_64 - - - - Check that java points to the current JRE: - - root@localhost ~]# java -version -openjdk version "11.0.10" 2021-01-19 LTS -OpenJDK Runtime Environment 18.9 (build 11.0.10+9-LTS) -OpenJDK 64-Bit Server VM 18.9 (build 11.0.10+9-LTS, mixed mode, sharing) - - If it doesn't, then check the alternatives, and make sure - that java points to the JDK11 installation: - - [root@localhost ~]# alternatives --config java - - - - Set the JAVA_HOME environment variable - and update paths: - - export JAVA_HOME=$(dirname $(dirname $(readlink $(readlink $(which javac))))) -export PATH=$PATH:$JAVA_HOME/bin -export CLASSPATH=.:$JAVA_HOME/jre/lib:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar - - As an alternative, the variables can be written into the - .bashrc file, so that they load every time a - console is opened. To enable these settings for all users, add the - variables to /etc/environment. - - - - The JAVA_HOME variable should point - to: - - [root@localhost ~]# echo $JAVA_HOME -/usr/lib/jvm/java-11-openjdk-11.0.10.0.9-0.el7_9.x86_64 - - + Please refer to Configuring OpenJDK and + PostgreSQL in the + Manual, for details on how to install and configure Java OpenJDK. + + Make sure the JAVA_HOME variable points to the + OpenJDK 11 installation: + + [root@localhost ~]# echo $JAVA_HOME +/usr/lib/jvm/java-11-openjdk-11.0.10.0.9-0.el7_9.x86_64 +
@@ -902,7 +893,8 @@ export CLASSPATH=.:$JAVA_HOME/jre/lib:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar

These steps must be taken on each of the CentOS 7 machines that - will host the Enea uCPE Manager. + will host the Enea uCPE Manager. The Enea uCPE Manager will be installed + and the setup for the external database cluster will be prepared. As the root user, go to the distribution folder of the Enea uCPE Manager, and run: @@ -911,12 +903,12 @@ export CLASSPATH=.:$JAVA_HOME/jre/lib:$JAVA_HOME/lib:$JAVA_HOME/lib/tools.jar

N External database selected, getting user information ... Press 1 for PostgreSQL, 2 for MariaDB, 3 for SQL Server, 4 for Oracle and 5 \ -for MySQL: 2 +for MySQL: 2 Specify database server name(s) or IP Address(es): \ -192.168.10.11,192.168.10.12,…,192.168.10.16 *(see note) +192.168.10.11,192.168.10.12,…,192.168.10.16 *(see note) Specify database ID (or name) [ucpemanager]: Specify database server port [3306]: Specify database user name [root]: enea @@ -930,10 +922,10 @@ Installing ucpemanager service .. Specify service username [ucpemanager]: Specify service password [ucpemanager]: somepassword … -Specify the IP address of the local interface: 192.168.10.11 -Is this server part of a cluster? [Y/N]: Y +Specify the IP address of the local interface: 192.168.10.11 +Is this server part of a cluster? [Y/N]: Y Specify the name of the cluster [ucpemanager]: -Specify the shared (virtual) cluster IP address: 192.168.10.10 +Specify the shared (virtual) cluster IP address: 192.168.10.10 Specify the netmask for the cluster IP address [255.255.255.0]: HA Configuration files modified successfully. Configuration complete. @@ -963,8 +955,8 @@ Configuration complete. - We start with the assumption that - ucpeManager-1is the "PRIMARY" server. + We start with the assumption that ucpeManager-1 + is the "PRIMARY" server. diff --git a/doc/book-enea-nfv-access-getting-started/doc/images/high_av_setup.png b/doc/book-enea-nfv-access-getting-started/doc/images/high_av_setup.png index e2edd67..23cc973 100644 Binary files a/doc/book-enea-nfv-access-getting-started/doc/images/high_av_setup.png and b/doc/book-enea-nfv-access-getting-started/doc/images/high_av_setup.png differ diff --git a/doc/book-enea-nfv-access-getting-started/doc/upgrade_ena.xml b/doc/book-enea-nfv-access-getting-started/doc/upgrade_ena.xml index 2f5801c..1b714f2 100644 --- a/doc/book-enea-nfv-access-getting-started/doc/upgrade_ena.xml +++ b/doc/book-enea-nfv-access-getting-started/doc/upgrade_ena.xml @@ -1,4 +1,4 @@ - + Upgrading Enea NFV Access @@ -71,6 +71,14 @@ Enea_NFV_Access_uCPEManager_<version>-build<build_number>.tar.gz + For an example on how to upgrade an Enea uCPE Manager installation in a + High Availability setup, consult Upgrading a High Availability Deployment in the + Manual. +
Restoring a previous Enea uCPE Manager Installation -- cgit v1.2.3-54-g00ecf