You configure the backup cluster for geo-redundancy as described here.
Before you begin
Ensure that you have set up the primary cluster before completing these steps to set up the
backup cluster.
About this task
To configure the backup cluster to run MirrorMaker and connect securely to the primary Kafka
broker, complete the following steps:
- Copy or create duplicate secrets for the Kafka client credentials and certificate.
- Configure MirrorMaker to run and communicate securely with the primary cluster.
Remember: In a geo-redundant primary/backup pairing, MirrorMaker setup is required
only on the backup cluster.
Procedure
- On the backup cluster, copy or create duplicate secrets for the Kafka client
credentials and certificate.
- Create a secret to store the CA certificate and key that were used on the primary
cluster. Any name can be used for the secret, but must be given as
global.internalCaCertificate.secretName in the values file.
Assuming myCertificate.crt and myCertificate.key have already been
created:
oc create secret tls ca-cert --cert=./myCertificate.crt --key=myCertificate.key
- Create a secret to store the Kafka client credentials that were previously configured
to give access to the primary cluster. Any name can be used for the secret, but must be given as
global.mirrorMaker.remoteKafkaClientUserSecret in the values file.
oc create secret generic kafka-remote-client-credentials --from-literal=username=kafkaClient --from-literal=password=clientPassword
- Configure MirrorMaker to run and communicate securely with the primary cluster.
- Configure MirrorMaker on the backup cluster to communicate securely with the primary
cluster.
The primary cluster itself is unsecured, but is internal to OCP. The certificate is only for
connection to the backup cluster, although the same certificate would be used if the primary Kafka
was secured.
global.internalCaCertificate.secretName: ca-cert
- Set up the following MirrorMaker values on the backup cluster:
- mirrorMaker.enabled
- True or false. Controls whether to deploy
MirrorMaker.
- mirrorMaker.localCluster
- The bootstrap address of the local cluster is the name of the backup cluster's Kafka service,
which will be
{releaseName}-kafka
- mirrorMaker.remoteCluster
- The bootstrap address of the remote
cluster
- The name section of 'mirrorMaker.remoteCluster' must match the value configured on the primary
cluster in
ibm-hdm-analytics-dev.kafka.externalAccess.hosts
- mirrorMaker.topicNames
- A list of topic names required to populate the remote search database
Example:
global.mirrorMaker.enabled: true
global.mirrorMaker.localCluster: noi-kafka:9092
global.mirrorMaker.remoteCluster: kafka.apps.{clusterName}.cp.fyre.ibm.com:19093
global.mirrorMaker.remoteKafkaClientUserSecret: kafka-remote-client-credentials
global.mirrorMaker.replicas: 1
global.mirrorMaker.topicNames: itsm.resources.json,itsm.nodes.json
Additional
parameters:
- mirrorMaker.localClusterAlias
- The alias of the local cluster.
- The default value of the localClusterAlias is backup.
- mirrorMaker.remoteClusterAlias
- The alias of the remote cluster.
- The default value of the remoteClusterAlias is primary.