Configure High Availability for Management Gateway
This section describes how to configure high availability for Management Gateway.
High availability can be configured on the Management Gateway which allows it to operate without failing for a designated period of time during their egress data pipeline to OCI cloud services.
- Perform Prerequisites for Management Gateway High Availability
- Download Software and Create Install Key for Management Gateway High Availability
- Configure a Response File for Management Gateway High Availability
- Install and Configure Management Gateway High Availability
- Verify Management Gateway High Availability Configuration
- Post Installation Tasks for Management Gateway High Availability
Perform Prerequisites for Management Gateway High Availability
In addition to completing Perform Prerequisites for Deploying Management Gateway, the following are required only when configuring Management Gateway in high availability mode:
- Every Management Gateway belonging to a cluster should be in the same compartment.
- Load balancer network should allow ingress from the Management Agents.
- Load balancer network should allow egress to Management Gateways.
.
Download Software and Create Install Key for Management Gateway High Availability
Configure a Response File for Management Gateway High Availability
The Management Gateway installation requires a response file to read the parameters specific to your environment for the Management Gateway configuration to OCI, and indicate that this specific Management Gateway is part of the cluster.
- Review the response file parameters.
For information, see Review Management Gateway Parameters.
- Create a response file.
When creating a response file for Management Gateway high availability,
FreeFormTagsis a mandatory parameter. Ensure to include it with the name"GatewayGroup"and the cluster group name as its value in the response file. You can choose any preferred name for the cluster group. For example: GatewayCluster.All Management Gateways that will be part of the same cluster group should have the same value for the
GatewayGroupkey tag.See below an example of the Management Gateway response file:ManagementAgentInstallKey=Mi4w86dhNbK798J1cm4tMSxvY2lkMS5 FreeFormTags = [{"GatewayGroup":"GatewayCluster"}] GatewayUsername=gatewayuser GatewayPassword=gatewaypasswordFor advanced configuration, see Advanced Configuration Management Gateway High Availability.
For instructions about creating a response file, see Create a Response File for Management Gateway Installation.
Advanced Configuration Management Gateway High Availability
This section is only applicable if you chose Management Gateway automatic certificate creation. For information about it, see Configure Certificates for Management Gateway .
If the Management Gateway and the load balancer are configured in different domains when
having a Management Gateway automatic certificate created then you need to perform the
Management Gateway installation using the GatewayCertSubjectAltNames
custom parameter with the required certificates subject alternate names per custom setup
to enable certificate creation with proper domain for secure communication.
For example, if the load balancer is in domain phx.abc.com and the
Management Gateway is in domain phx.bcd.com then the parameter looks
like the following:
GatewayCertSubjectAltNames =*.phx.abc.com,*.phx.bcd.comManagementAgentInstallKey=Mi4w86dhNbK798J1cm4tMSxvY2lkMS5
FreeFormTags = [{"GatewayGroup":"GatewayCluster"}]
GatewayCertSubjectAltNames = *.phx.abc.com,*.phx.bcd.com
GatewayUsername=gatewayuser
GatewayPassword=gatewaypasswordInstall and Configure Management Gateway High Availability
For instructions about installing Management Gateway, see Install Management Gateway on Linux RPM file.
Verify Management Gateway High Availability Configuration
- Open the Management Agent console and go to Agents and Gateways.
- Click the Management Gateway in high availability mode that you just
deployed to open the Management Gateway details page.
Under the Gateway information tab, go to Gateway Group to see the grouping for the Management Gateway in high availability mode.
See below an example where the Gateway Group indicates that 3 Management Gateways are configured:
Post Installation Tasks for Management Gateway High Availability
Set up Load Balancer for Management Gateway
You need to set up the load balancer for the newly installed Management Gateway.
- Any load balancer can be used.
- The Management Gateway(s) should be configured as backend for the load balancer.
- Supported health check options:
- TCP check on configured gateway port.
- HTTPS check via invocation to
https://<Gatewayhost>:<port>/healthcheck.This returns
status 200if the Management Gateway is healthy.
Configure Management Agents with Load Balancer
After installing the Management Gateway, you need to configure each Management Agent to use the load balancer.
In this case, since the Management Gateway is configured in high
availability mode, you need to provide the load balancer host name using the
GatewayServerHost parameter and the load balancer port number
using the GatewayServerPort parameter when configuring the
Management Agent.
See below an example of the Management Agent response file:
ManagementAgentInstallKey=Mi4w86dhNbK798J1cm4tMSxvY2lkMS5
GatewayServerHost=host.example.com
GatewayServerPort=9091
GatewayServerUser=gatewayuser
GatewayServerUser=gatewaypasswordSince the load balancer host and port information is provided, the Management Agent connects to one of the Management Gateway through the load balancer.
For information, see Configure Management Agents with Management Gateway.