Configure High Availability for Management Gateway

This section describes how to configure high availability for Management Gateway.

Management Gateway in High Availability Mode

High availability can be configured on the Management Gateway which allows it to operate without failing for a designated period of time during their egress data pipeline to OCI cloud services.

Perform Prerequisites for Management Gateway High Availability

In addition to completing Perform Prerequisites for Deploying Management Gateway, the following are required only when configuring Management Gateway in high availability mode:

  • Every Management Gateway belonging to a cluster should be in the same compartment.
  • Load balancer network should allow ingress from the Management Agents.
  • Load balancer network should allow egress to Management Gateways.

.

Download Software and Create Install Key for Management Gateway High Availability

Configure a Response File for Management Gateway High Availability

The Management Gateway installation requires a response file to read the parameters specific to your environment for the Management Gateway configuration to OCI, and indicate that this specific Management Gateway is part of the cluster.

Follow these steps:
  1. Review the response file parameters.

    For information, see Review Management Gateway Parameters.

  2. Create a response file.

    When creating a response file for Management Gateway high availability, FreeFormTags is a mandatory parameter. Ensure to include it with the name "GatewayGroup" and the cluster group name as its value in the response file. You can choose any preferred name for the cluster group. For example: GatewayCluster.

    All Management Gateways that will be part of the same cluster group should have the same value for the GatewayGroup key tag.

    See below an example of the Management Gateway response file:
    ManagementAgentInstallKey=Mi4w86dhNbK798J1cm4tMSxvY2lkMS5
    FreeFormTags = [{"GatewayGroup":"GatewayCluster"}]
    GatewayUsername=gatewayuser
    GatewayPassword=gatewaypassword

    For advanced configuration, see Advanced Configuration Management Gateway High Availability.

    For instructions about creating a response file, see Create a Response File for Management Gateway Installation.

Advanced Configuration Management Gateway High Availability

This section is only applicable if you chose Management Gateway automatic certificate creation. For information about it, see Configure Certificates for Management Gateway .

If the Management Gateway and the load balancer are configured in different domains when having a Management Gateway automatic certificate created then you need to perform the Management Gateway installation using the GatewayCertSubjectAltNames custom parameter with the required certificates subject alternate names per custom setup to enable certificate creation with proper domain for secure communication.

For example, if the load balancer is in domain phx.abc.com and the Management Gateway is in domain phx.bcd.com then the parameter looks like the following:

GatewayCertSubjectAltNames =*.phx.abc.com,*.phx.bcd.com
See below an example of the Management Gateway response file:
ManagementAgentInstallKey=Mi4w86dhNbK798J1cm4tMSxvY2lkMS5
FreeFormTags = [{"GatewayGroup":"GatewayCluster"}]
GatewayCertSubjectAltNames = *.phx.abc.com,*.phx.bcd.com
GatewayUsername=gatewayuser
GatewayPassword=gatewaypassword

Install and Configure Management Gateway High Availability

For instructions about installing Management Gateway, see Install Management Gateway on Linux RPM file.

Verify Management Gateway High Availability Configuration

To verify the high availability configuration:
  1. Open the Management Agent console and go to Agents and Gateways.
  2. Click the Management Gateway in high availability mode that you just deployed to open the Management Gateway details page.

    Under the Gateway information tab, go to Gateway Group to see the grouping for the Management Gateway in high availability mode.

    See below an example where the Gateway Group indicates that 3 Management Gateways are configured:

    Management Gateway details page

Post Installation Tasks for Management Gateway High Availability

The following tasks must be completed after configuring high availability for Management Gateway:

Set up Load Balancer for Management Gateway

You need to set up the load balancer for the newly installed Management Gateway.

Considerations:
  • Any load balancer can be used.
  • The Management Gateway(s) should be configured as backend for the load balancer.
  • Supported health check options:
    • TCP check on configured gateway port.
    • HTTPS check via invocation to https://<Gatewayhost>:<port>/healthcheck.

      This returns status 200 if the Management Gateway is healthy.

Configure Management Agents with Load Balancer

After installing the Management Gateway, you need to configure each Management Agent to use the load balancer.

In this case, since the Management Gateway is configured in high availability mode, you need to provide the load balancer host name using the GatewayServerHost parameter and the load balancer port number using the GatewayServerPort parameter when configuring the Management Agent.

See below an example of the Management Agent response file:

ManagementAgentInstallKey=Mi4w86dhNbK798J1cm4tMSxvY2lkMS5
GatewayServerHost=host.example.com
GatewayServerPort=9091
GatewayServerUser=gatewayuser
GatewayServerUser=gatewaypassword

Since the load balancer host and port information is provided, the Management Agent connects to one of the Management Gateway through the load balancer.

For information, see Configure Management Agents with Management Gateway.