9 Enable or Disable Two-Site Redundancy Support

This chapter provides information about how to enable or disable Two Site Redundancy feature.

9.1 Enable Two-Site Redundancy Support

To enable the Two-Site Redundancy, follow the steps outlined below:

Prerequisites

  • Two independent centralized sites with network connectivity are required for enabling the Two-Site Redundancy feature.

    Note:

    Only IPv4 network is supported.
  • Both sites must have different databases.
  • Both clusters should be able to communicate with one another.
  • All changes in charts should be done in the management group helm charts.
  • Certificates for the Redundancy Service must be created.
  • TLS and MTLS should be enabled for both primary and secondary sites. For information, see "Implementing OCNADD Security Recommendations and Guidelines, TLS Configuration, MTLS Configuration" section in Oracle Communications Network Analytics Suite Security Guide.

Update Parameters in Helm Chart

Note:

Optional: If Egress Annotation Required

If the CNE version requires Egress Annotation to allow traffic outside the cluster, set the below parameter to true on both mated sites.

  1. Go to the release folder and edit the ocnadd-custom-values-mgmt-group.yaml created for management group installation.
  2. Set global.ocnaddredundancyagent.egress to true.
  3. Run helm chart upgrade:
    helm upgrade <release_name> <management_chart_path> -f <custom_values_path> -n <management_namespace>

To Enable Static Loadbalancer IP of Redundancy Agent

If a user wants to enable a static LoadBalancerIP for redundancy agent, they should set the following parameters in their configuration:

ocnaddredundancyagent.ocnaddredundancyagent.staticLoadBalancer.enabled: false           ## Change this to true
ocnaddredundancyagent.ocnaddredundancyagent.staticLoadBalancer.staticIP: 10.121.44.8    ## Update this with static IP
  1. To enable Two-Site Redundancy feature in the primary site, perform the following steps:
    1. Go to the release folder and edit the ocnadd-custom-values-mgmt-group.yaml created for the management group installation.
      
global.ocnaddredundancyagent.enabled: false         ## Change this to true
 
global.deployment.primary_site: false               ## Change this to true

      Note:

      • When Oracle Communication Certificate Manager (OCCM) is used to create the TLS certificates, the following steps need to be performed to enable or disable two-site redundancy instead of running Helm upgrades in Steps 2 and 6:
        1. Uninstall the management group in the primary/secondary site.
        2. Reinstall the management group in the primary/secondary site.

        To update the Redundancy Agent's Load Balancer IP in the certificate, see the section "Adding/Updating Load Balancer IPs in SAN through OCCM" in the Oracle Communications Network Analytics Data Director Installation, Upgrade, and Fault Recovery Guide.

      • Since OCCM is used to create the certificates, skip Steps 4 and 8.
  2. Run helm upgrade in the Primary Site:
    helm upgrade <management-release-name> -f ocnadd-custom-values-<mgmt-group>.yaml --namespace <release-namespace> <helm_chart>
    For example:
    helm upgrade ocnadd-mgmt -f ocnadd-custom-values-mgmt-group.yaml --namespace ocnadd-deploy ocnadd_mgmt
  3. Verify the deployment post helm upgrade:
    kubectl get po,svc -n <management-namespace>

    For example:

    kubectl get po,svc -n ocnadd-mgmt
    Sample output:
    
NAME                                          READY   STATUS             RESTARTS        AGE
pod/ocnaddredundancyagent-ffddd67b9-nrkrh     1/1     Running            0               64m
 
 
NAME                             TYPE           CLUSTER-IP        EXTERNAL-IP    PORT(S)                           AGE
service/ocnaddredundancyagent    LoadBalancer   10.233.63.98      10.25.219.64   13000:32421/TCP,9000:32676/TCP    35d

    After the upgrade, the ocnaddredundancyagent service should have an External-IP assigned to it, and the pod should be in a running state.

  4. Follow the procedure "Update SAN Entries for Redundancy Agent" to update the External-IP obtained in the previous step.
  5. To enable the Two-Site Redundancy feature in the secondary site, perform the following steps:
    Go to the release folder and edit the ocnadd-custom-values-mgmt-group.yaml created for the management group installation.
    
global.ocnaddredundancyagent.enabled: false         ## Change this to true
 
global.deployment.primary_agent_ip: 10.10.10.10     ## Change this to External-IP of ocnaddredundancyagent service set in Primary Ex: 10.25.219.64
  6. Run helm upgrade in the Secondary Site:
    helm upgrade <management-release-name> -f ocnadd-custom-values-<mgmt-group>.yaml --namespace <release-namespace> <helm_chart>

    For example:

    helm upgrade ocnadd-mgmt -f ocnadd-custom-values-mgmt-group.yaml --namespace ocnadd-deploy ocnadd_mgmt
  7. Verify the deployments in the Secondary Site:
    kubectl get po,svc -n <management-namespace>

    For example:

    kubectl get po,svc -n ocnadd-mgmt
    Sample output:
    
NAME                                          READY   STATUS             RESTARTS        AGE
pod/ocnaddredundancyagent-ffddd67b9-nrkrh     1/1     Running            0               64m
 
 
NAME                             TYPE           CLUSTER-IP         EXTERNAL-IP     PORT(S)                           AGE
service/ocnaddredundancyagent    LoadBalancer   10.233.24.112      10.25.225.149   13000:32421/TCP,9000:32676/TCP    35d

    After the upgrade, the ocnaddredundancyagent service should have an External-IP assigned to it, and the pod should be in a running state.

  8. Follow the procedure "Update SAN Entries for Redundancy Agent" to update the External-IP obtained in the previous step.
  9. Proceed to the OCNADD UI to create Mate Configuration for the available worker groups. For more information about creating mate configuration using OCNADD UI, see Redundancy section.

9.2 Disable Two-Site Redundancy Support

To disable the Two-Site redundancy, perform the following steps:

  1. Delete the mate configuration for each of the mated worker group pair from the primary site UI.
  2. <Optional> Perform the cleanup on the secondary site by removing the consumer feed, filter, Kafka feed, and correlation configuration. This step can be skipped if the user wants to keep the configurations.
  3. To disable Two-Site Redundancy feature in the secondary site, perform the following steps:
    Go to the release folder and edit the ocnadd-custom-values-mgmt-group.yaml created for management group installation.
    global.ocnaddredundancyagent.enabled: true         ## Change this to false
  4. Run helm upgrade in the Secondary Site:
    helm upgrade <management-release-name> -f ocnadd-custom-values-<mgmt-group>.yaml --namespace <release-namespace> <helm_chart>

    For example:

    helm upgrade ocnadd-mgmt -f ocnadd-custom-values-mgmt-group.yaml --namespace ocnadd-deploy ocnadd_mgmt
  5. Verify that ocnaddredundancyagent service and pods are removed from the management namespace of the secondary site:
    kubectl get po,svc -n <management-namespace>
  6. Now, to disable Two-Site Redundancy feature in the primary site, perform the following steps:
    Go to the release folder and edit the ocnadd-custom-values-mgmt-group.yaml created for the management group installation.
    global.ocnaddredundancyagent.enabled: true         ## Change this to false
  7. Run helm upgrade in the Primary Site:
    helm upgrade <management-release-name> -f ocnadd-custom-values-<mgmt-group>.yaml --namespace <release-namespace> <helm_chart>

    For example:

    helm upgrade ocnadd-mgmt -f ocnadd-custom-values-mgmt-group.yaml --namespace ocnadd-deploy ocnadd_mgmt
  8. Verify that ocnaddredundancyagent service and pods are removed from the management namespace of the primary site:
    kubectl get po,svc -n <management-namespace>

9.3 Update SAN Entries for Redundancy Agent

Follow the steps below to update SAN Entries for Redundancy Agent:

  1. Navigate to the ssl_certs folder of the target release.
  2. Edit the management_service_values file located at the path demoCA/dd_mgmt_worker_services/<management_group_namespace> to add the IP address as a SAN entry in the redundancy agent service section.
    
    ...
    ...
    [ocnaddredundancyagent]
    client.commonName=ocnaddredundancyagent-client
    server.commonName=ocnaddredundancyagent
    DNS.1=*.ocnaddredundancyagent.mgmt-doc.svc.ocnadd-vcne3
    DNS.2=ocnaddredundancyagent
    DNS.3=ocnaddredundancyagent.mgmt-doc
    IP.1=124.x.x.1 <Loadbalancer IP of Redundancy Agent>     ## Add IP.1
 
    ##end
  3. Edit the default_values/renew_cert_files and comment all the DD services except ocnaddredundancyagent.
    # This files contain the list of services for which certificate needs to be renewed
# The service name should be exactly same for which the certificates has been initially generated
# defaultDays is number of days upto which certificate should be renewed. Certificate for all listed
# service will be updated with this value.
 
defaultDays=365
 
#kafka-broker
#zookeeper
#ocnaddthirdpartyconsumer
#oraclenfproducer
#ocnadduirouter
#ocnaddadminservice
#ocnaddalarm
#ocnaddconfiguration
#ocnaddhealthmonitoring
#ocnaddscpaggregation
#ocnaddnrfaggregation
#ocnaddseppaggregation
#ocnaddbsfaggregation
#ocnaddpcfaggregation
#adapter
#ocnaddcorrelation
#ocnaddfilter
#ocnaddbackuprestore
ocnaddredundancyagent
  4. Run the generate_certs.sh script with the -ren or --renew option:
    ./generate_certs.sh -cacert <path to>/cacert.pem -cakey <path to>/cakey.pem --renew
  5. Enter the management group namespace when prompted.
    Enter kubernetes namespace: <management_namespace>
  6. Enter the passphrase for CAkey when prompted.
    Enter passphrase for CA Key file: <passphrase>
  7. The certificates for ocnaddredundancyagent service with the given IP as SAN will be renewed, and the secrets for it will also be updated.
  8. A rolling update will be triggered for the ocnaddredundancyagent service to take up the latest certificates in effect.