7 Configuring High Availability for ODI on Oracle Cloud Marketplace

This chapter helps you to configure High Availability (HA) topology for Oracle Data Integrator on Oracle Cloud Marketplace. The sections in this chapter outline the concepts and steps that are important for designing high availability deployment.

It contains the following sections:

• Setting Up 2-Node Cluster for High Availability
• Configuring Horizontal Clustering
• Enabling Incoming Ports and Services

7.1 Setting Up 2-Node Cluster for High Availability

Follow the below steps to setup 2-node cluster for ODI on Oracle Cloud Marketplace.

Prerequisites

Go through the following prerequisites before setting up 2-Node Cluster for High Availability. Make sure you have the following before setting up 2-Node Cluster for High Availability:

1. OCI Virtual Cloud Network (VCN) setup that supports communication with all the compute instances created in its subnet.
   • All the communication channels are through private IPs.
   • External communication established outside the subnet are through public IPs.
   • Ably configured for Ingress/Egress.
2. ADB or DBaaS instance created in the same subnet and VCN as described in Step 1.
3. ODI compute instance 1 created in the same subnet and VCN as described in Step 1.
4. ODI compute instance 2 created in the same subnet and VCN as described in Step 1.
5. Firewall configurations in all the compute instances that are part of the cluster.
   • Enabling Incoming Ports and Services (through firewall commands).

7.2 Configuring Horizontal Clustering

Follow the below steps for configuring Horizontal 2-Node Clustering for ODI on Oracle Cloud Marketplace.

1. Node-1 and Node-2 have middleware home installed on the same path and have the same ODI version.
2. Node 1 - Install ODI schemas using RCU
   • Here you will be providing the DBaaS or ADW connection credentials.
3. Node 1 - Create ODI Domain ($ODI_DOMAIN_HOME) with Horizontal Clustering using JEE Agent template.
   • RCU association - STB schemas created in step (2)
   • Managed Servers - ODI_Server1 on Node1 with port 8001 ; ODI_Server 2 on Node 2 with port 8001
   • Cluster Topology - ODI_Cluster1 with nodes (ODI_Server1, ODI_Server2)
   • Node Manager Topology
     1. Node Manager on Node-1 (AdminServer; ODI_Server1).
     2. Node Manager on Node-2 (ODI_Server2).
4. On Node-1
   • Start the Admin Server.
   • Start the node manager from $ODI_DOMAIN_HOME/bin.
   • Pack the domain using pack.sh (with managed=true).
5. On Node-2
   • Unpack the domain in the same domain path of step (3), $ODI_DOMAIN_HOME.
   • Start the node manager from $ODI_DOMAIN_HOME/bin.

     Note:

     Before starting the node manager, in the nodemanager.properties file, set the property SecureListener=false and make sure the listner port is matching with the configured port.
6. Load Balancer Setup with OCI (using OCI console)
   • Configure Load Balancer with Backend Sets and Listener.
     1. Backend Sets : Add two ODI compute instances and specify the managed server port address (8001 in the example)
     2. Listener : This the front-end address that ODI repository queries for communicating with the agent. Based on your need it can be any of the following :
        • Public IPs : https with certificates
        • Private IPs : http with (NO SSL)
7. Associate Load Balancer Agent in ODI repository
   • In the ODI Studio, navigate to Create a new agent and configure the following parameters :
     1. OracleDIAgent with Load Balancer Listener Host Address
     2. Load Balancer Port Address
     3. webapp(context)- oraclediagent
     4. agent work repository (workrep)- jdbc/odiMasterRepository or jdbc/odiWorkRepository
   • Node-1 or Node-2 through WLS Console : Configure Coherence cache configuration.
     • Through WLS Admin Console - Configure Coherence cache properties for UNICAST clustering in JAVA_OPTIONS for managed server startup.
       1. tangosol.coherence.localport configuration parameter defines the port which a node in the cluster can use for coherence cluster. It is connected by agent nodes to detect coherence cluster existence and other coherence communication.
       2. All the ODI Agents deployed on a cluster must be connected to the same Coherence cluster cloud. This enables the agents to share the knowledge of the tasks performed by each of them as well as allow for Scheduling Service migration when needed. Following properties are introduced to configure the Coherence listen addresses.
          • oracle.odi.coherence.wkaN : The host name of a Managed Server.
          • oracle.odi.coherence.wkaN.port : Coherence Unicast port configured on that Managed Server.
          • Where N = 1..10
       3. Sample Configuration

          For Example:
          Node 1: 
          
          "-Dtangosol.coherence.localport=8095
          -Doracle.odi.coherence.wka1=<MS1_HOSTNAME>
          -Doracle.odi.coherence.wka1.port=8095
          -Doracle.odi.coherence.wka2=<MS2_HOSTNAME>
          -Doracle.odi.coherence.wka2.port=8096"
          
          Node 2: 
          
          "-Dtangosol.coherence.localport=8096
          -Doracle.odi.coherence.wka1=<MS1_HOSTNAME>
          -Doracle.odi.coherence.wka1.port=8095
          -Doracle.odi.coherence.wka2=<MS2_HOSTNAME>
          -Doracle.odi.coherence.wka2.port=8096"

8. Node-1 or Node-2 through WLS console - Start both the managed servers (ODI_Server1 and ODI_Server2) from the console through node managers.

Note:

1. The above steps are guidelines for setting up HA Cluster with 2 nodes. The same procedure can be extended to have any number of nodes in the cluster.
2. Load balancer created can either be private or public. It is always recommended to configure public end-points with SSL. For more information on this, refer to Overview of Load Balancing.
3. The subnets can be regional or specific to an Availability domain. For maximum availability, Oracle recommends you to configure regional subnets. For more information, refer to VCNs and Subnets.

7.3 Enabling Incoming Ports and Services

For establishing communication between the instances, you need to ensure that the underlying Security List (associated with VCN), has all the IP protocols enabled.

The following is an example of security list that enables communication within the instances participating in High Availability (HA) cluster:

Note:

All the instances participating either directly or indirectly should be following the below ingress and egress rules.

Table 7-1 Ingress and Egress Rules Table

Stateless	Source	IP Protocol	Source Port Range	Destination Port Range	Type and Code	Allows	Comments
No	0.0.0.0/0	TCP	All	22	Nil	TCP traffic for ports: 22 SSH Remote Login Protocol	For SSH communication we need to open port # 22.
No	0.0.0.0/0	ICMP	Nil	Nil	3,4	ICMP traffic for: 3, 4 Destination Unreachable: Fragmentation Needed and Don't Fragment was Set	ICMP is a supporting protocol and at the minimum, ingress rules should allow for type 3, 4 and 8. For more information on ICMP protocols, refer to the IANA list.
No	10.0.0.0/16	ICMP	Nil	Nil	3	ICMP traffic for: 3 Destination Unreachable	ICMP is a supporting protocol and at the minimum, ingress rules should allow for type 3, 4 and 8. For more information on ICMP protocols, refer to the IANA list.
No	0.0.0.0/0	ICMP	Nil	Nil	8	ICMP traffic for: 8 Echo	ICMP is a supporting protocol and at the minimum, ingress rules should allow for type 3, 4 and 8. For more information on ICMP protocols, refer to theIANA list.
No	0.0.0.0/0	TCP	All	1521	Nil	TCP traffic for ports: 1521	Port 1521 is for database traffic.
No	0.0.0.0/0	TCP	All	443	Nil	TCP traffic for ports: 443 HTTPS	Port 443 is the SSL traffic.
No	0.0.0.0/0	TCP	All	7001	Nil	TCP traffic for ports: 7001	WLS Admin Server communication port.
No	0.0.0.0/0	TCP	All	8001	Nil	TCP traffic for ports : 8001	Managed Server communication port for all nodes.
No	0.0.0.0/0	TCP	All	5556	Nil	TCP traffic for ports : 5556	Node Manager Port in Node1.
No	0.0.0.0/0	TCP	All	5557	Nil	TCP traffic for ports : 5557	Node Manager Port in Node2.
No	0.0.0.0/0	UDP	All	7574	Nil	UDP traffic for ports : 7574	WLS Cluster port
No	0.0.0.0/0	TCP	All	8095	Nil	TCP traffic for ports : 8095	Oracle Coherence port on Node1.
No	0.0.0.0/0	TCP	All	8096	Nil	TCP traffic for ports : 8096	Oracle Coherence port on Node2.

Firewall Rules

Even after setting the ingress and egress rules, in some cases the instances may not allow the incoming traffic. This is because of the firewall associated with the instance. Ensure to enable all the communication ports by configuring the firewall.

The following is an example of firewall commands for the above ingress/egress ports (that has enabled port communication) :

Firewall command to enable port communication between the nodes (run on both machines):

sudo firewall-cmd --permanent --new-service=odiwls
sudo firewall-cmd --permanent --service=odiwls --set-description="ODI WLS server"
sudo firewall-cmd --permanent --service=odiwls --add-port=7001/tcp
sudo firewall-cmd --permanent --add-service=odiwls
sudo firewall-cmd --reload

sudo firewall-cmd --permanent --new-service=odimanagedwls
sudo firewall-cmd --permanent --service=odimanagedwls --set-description="ODI WLS Managed Server"
sudo firewall-cmd --permanent --service=odimanagedwls --add-port=8001/tcp
sudo firewall-cmd --permanent --add-service=odimanagedwls
sudo firewall-cmd --reload

sudo firewall-cmd --permanent --new-service=odiwlsnodemgr1
sudo firewall-cmd --permanent --service=odiwlsnodemgr --set-description="ODI WLS Node Manager1"
sudo firewall-cmd --permanent --service=odiwlsnodemgr --add-port=5556/tcp
sudo firewall-cmd --permanent --add-service=odiwlsnodemgr1
sudo firewall-cmd --reload

sudo firewall-cmd --permanent --new-service=odiwlsnodemgr2
sudo firewall-cmd --permanent --service=odiwlsnodemgr --set-description="ODI WLS Node Manager2"
sudo firewall-cmd --permanent --service=odiwlsnodemgr --add-port=5557/tcp
sudo firewall-cmd --permanent --add-service=odiwlsnodemgr2
sudo firewall-cmd --reload

sudo firewall-cmd --permanent --new-service=odiwlscluster
sudo firewall-cmd --permanent --service=odiwlscluster --set-description="ODI WLS cluster"
sudo firewall-cmd --permanent --service=odiwlscluster --add-port=7574/udp
sudo firewall-cmd --permanent --add-service=odiwlscluster
sudo firewall-cmd --reload

sudo firewall-cmd --permanent --new-service=odiwlscoherencewk1
sudo firewall-cmd --permanent --service=odiwlscoherencewk1 --set-description="ODI WLS coherence WKA1"
sudo firewall-cmd --permanent --service=odiwlscoherencewk1 --add-port=8095/tcp
sudo firewall-cmd --permanent --add-service=odiwlscoherencewk1
sudo firewall-cmd --reload

sudo firewall-cmd --permanent --new-service=odiwlscoherencewk2
sudo firewall-cmd --permanent --service=odiwlscoherencewk2 --set-description="ODI WLS coherence WKA2"
sudo firewall-cmd --permanent --service=odiwlscoherencewk2 --add-port=8096/tcp
sudo firewall-cmd --permanent --add-service=odiwlscoherencewk2
sudo firewall-cmd --reload