Configuring high availability for Web GUI

Learn how to configure high availability (HA) for Web GUI on your geo-redundant Netcool® Operations Insight® on Red Hat® OpenShift® deployment.

Before you begin

Before you configure HA for Web GUI, ensure that port 16311 is exposed for the webgui pod on the primary and backup clusters, as described in Geo-redundancy ports in a cloud deployment.
Create services for primary and backup web GUIs and object servers on both clusters.
  • Pods on the primary cluster need to access the backup web GUI and object server through a service that points to the load balancer address for those entities on the backup cluster. Similarly, the pods on the backup cluster need to access the primary web GUI and object server through a service that points to the load balancer address on the primary cluster.
  • The following example yaml file creates a service on the primary cluster that points to the load balancer on the backup cluster.
apiVersion: v1
kind: Service
metadata:
  name: backup-objserv-agg-backup
  namespace: $primary-namespace
spec:
  externalName: $loadbalancer-address-backup-cluster
  internalTrafficPolicy: Cluster
  sessionAffinity: None
  type: ExternalName

About this task

By configuring HA, you can continually monitor your network even if a cluster is unavailable for any reason, for example, due to a disaster or maintenance schedule at the site. If such an incident occurs, the Web GUI server on the other site can continue to provide event management. To enable HA for Web GUI, import the openshift-service-serving-signer certificate to each node on both primary and backup clusters.
Complete the following steps to configure and enable HA for Web GUI.

Procedure

  1. On the backup cluster, get the trusted signer certificate of the backup cluster by running the following command:
    oc get secret -n openshift-service-ca signing-key -o jsonpath='{.data.tls\.crt}' | base64 -d
  2. Copy the openshift-service-serving-signer to a temporary file. Copy the entire content of the certificate that is listed between --BEGIN CERTIFICATE-- and --END CERTIFICATE--, as in the following example:
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
  3. On the primary cluster, create a webgui-trusted-cas.yaml file. Add the openshift-service-serving-signer that you copied to the temporary file to the webgui-trusted-cas.yaml file, as in the following example:
    apiVersion: v1
    kind: ConfigMap
    metadata:
      labels:
        managedByUser: "true"
      name: <release_name>-webgui-trusted-cas
    data:
      cluster-ca.crt: |
        -----BEGIN CERTIFICATE-----
        // PASTE THE COPIED CERTIFICATE HERE
        -----END CERTIFICATE-----
    Where <release_name> is the name of your IBM® Netcool Operations Insight on OpenShift deployment on the primary cluster.
  4. On the primary cluster, apply the trusted signer certificate.
    oc apply -f webgui-trusted-cas.yaml
  5. On the primary cluster, get the trusted signer certificate of the primary cluster by running the following command:
    oc get secret -n openshift-service-ca signing-key -o jsonpath='{.data.tls\.crt}' | base64 -d
  6. Copy the openshift-service-serving-signer to a temporary file. Copy the entire content of the certificate that is listed between --BEGIN CERTIFICATE-- and --END CERTIFICATE--, as in the following example:
    -----BEGIN CERTIFICATE-----
    ...
    -----END CERTIFICATE-----
  7. On the backup cluster, create a webgui-trusted-cas.yaml file. Add the openshift-service-serving-signer that you copied to the temporary file to the webgui-trusted-cas.yaml file, as in the following example:
    apiVersion: v1
    kind: ConfigMap
    metadata:
      labels:
        managedByUser: "true"
      name: <release_name>-webgui-trusted-cas
    data:
      cluster-ca.crt: |
        -----BEGIN CERTIFICATE-----
        // PASTE THE COPIED CERTIFICATE HERE
        -----END CERTIFICATE-----
    Where <release_name> is the name of your IBM Netcool Operations Insight on OpenShift deployment on the backup cluster.
  8. On the backup cluster, apply the trusted signer certificate.
    oc apply -f webgui-trusted-cas.yaml

Results

You configured HA for Web GUI in your geo-redundancy setup.