Configuring the backup cluster for geo-redundancy

You configure the backup cluster for geo-redundancy as described here.

Before you begin

Ensure that you have set up the primary cluster before completing these steps to set up the backup cluster.

About this task

To configure the backup cluster to run MirrorMaker and connect securely to the primary Kafka broker, complete the following steps:
  1. Copy or create duplicate secrets for the Kafka client credentials and certificate.
  2. Configure MirrorMaker to run and communicate securely with the primary cluster.
Remember: In a geo-redundant primary/backup pairing, MirrorMaker setup is required only on the backup cluster.

Procedure

  1. On the backup cluster, copy or create duplicate secrets for the Kafka client credentials and certificate.
    1. Create a secret to store the CA certificate and key that were used on the primary cluster. Any name can be used for the secret, but must be given as global.internalCaCertificate.secretName in the values file.
      Assuming myCertificate.crt and myCertificate.key have already been created:
      
      oc create secret tls ca-cert --cert=./myCertificate.crt --key=myCertificate.key
    2. Create a secret to store the Kafka client credentials that were previously configured to give access to the primary cluster. Any name can be used for the secret, but must be given as global.mirrorMaker.remoteKafkaClientUserSecret in the values file.
      oc create secret generic kafka-remote-client-credentials --from-literal=username=kafkaClient --from-literal=password=clientPassword
  2. Configure MirrorMaker to run and communicate securely with the primary cluster.
    1. Configure MirrorMaker on the backup cluster to communicate securely with the primary cluster.
      The primary cluster itself is unsecured, but is internal to OCP. The certificate is only for connection to the backup cluster, although the same certificate would be used if the primary Kafka was secured.
      global.internalCaCertificate.secretName: ca-cert
      
    2. Set up the following MirrorMaker values on the backup cluster:
      mirrorMaker.enabled
      True or false. Controls whether to deploy MirrorMaker.
      mirrorMaker.localCluster
      The bootstrap address of the local cluster is the name of the backup cluster's Kafka service, which will be {releaseName}-kafka
      mirrorMaker.remoteCluster
      The bootstrap address of the remote cluster
      The name section of 'mirrorMaker.remoteCluster' must match the value configured on the primary cluster in ibm-hdm-analytics-dev.kafka.externalAccess.hosts
      mirrorMaker.topicNames
      A list of topic names required to populate the remote search database
      Example:
      global.mirrorMaker.enabled: true
      global.mirrorMaker.localCluster: noi-kafka:9092
      global.mirrorMaker.remoteCluster: kafka.apps.{clusterName}.cp.fyre.ibm.com:19093
      global.mirrorMaker.remoteKafkaClientUserSecret: kafka-remote-client-credentials
      global.mirrorMaker.replicas: 1
      global.mirrorMaker.topicNames: itsm.resources.json,itsm.nodes.json
      
      Additional parameters:
      mirrorMaker.localClusterAlias
      The alias of the local cluster.
      The default value of the localClusterAlias is backup.
      mirrorMaker.remoteClusterAlias
      The alias of the remote cluster.
      The default value of the remoteClusterAlias is primary.