-
Notifications
You must be signed in to change notification settings - Fork 66
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Active/Active XSite fencing. Resolves keycloak/keycloak#29303
- User alert routing enabled on ROSA clusters - PrometheusRule used to trigger AWS Lambda webhook in the event of a split-brain so that only a single site remains in the global accelerator endpoints - Global Accelerator scripts refactored to use OpenTofu when creating AWS resources - Task created to deploy/undeploy Active/Active - Task created to simulate split-brain scenarios - 'active-active' flag added to GH actions to differentiate between active/passive and active/active deployments - 'active-active' and 'active-passive' tags added to crossdc-tests to allow different behaviours/tests to be executed for the given deployment type. - Active/Active specific test cases added. Testsuite now interacts directly with k8s clusters in order to have greater control over deployments being tested. This is necessary so that we can simulate split-brain scenarios between sites. - Daily scheduled job updated to run tests against both active/passive and active/active deployments Signed-off-by: Ryan Emerson <remerson@redhat.com> Co-authored-by: Michal Hajas <mhajas@redhat.com> Co-authored-by: Pedro Ruivo <pruivo@users.noreply.github.com> Signed-off-by: Ryan Emerson <remerson@redhat.com>
- Loading branch information
1 parent
6e81de2
commit d612cda
Showing
49 changed files
with
1,703 additions
and
279 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
../../../../../provision/opentofu/modules/aws/accelerator/src/stonith_lambda.py |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
73 changes: 73 additions & 0 deletions
73
doc/kubernetes/modules/ROOT/pages/running/bring-active-site-online.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
= Bring Active/Active site offline | ||
:description: This guide describes how to bring an Active/Active site online so that it can process client requests. | ||
|
||
{description} | ||
|
||
== When to use procedure | ||
|
||
This procedure describes how to re-add a Keycloak site to the Global Accelerator, after it has previously been taken offline, | ||
so that it can once again service client requests. | ||
|
||
== Procedure | ||
|
||
Follow these steps to re-add a Keycloak site to the AWS Global Accelerator so that it can handle client requests. | ||
|
||
=== Global Accelerator | ||
|
||
. Determine the ARN of the Network Load Balancer (NLB) associated with the site to be brought online | ||
+ | ||
include::partial$nlb-arn.adoc[] | ||
+ | ||
. Update the Accelerator EndpointGroup to include both sites | ||
|
||
include::partial$accelerator-endpoint-group.adoc[] | ||
+ | ||
.Output: | ||
[source,bash] | ||
---- | ||
{ | ||
"EndpointGroups": [ | ||
{ | ||
"EndpointGroupArn": "arn:aws:globalaccelerator::606671647913:accelerator/d280fc09-3057-4ab6-9330-6cbf1f450748/listener/8769072f/endpoint-group/a30b64ec1700", | ||
"EndpointGroupRegion": "eu-west-1", | ||
"EndpointDescriptions": [ | ||
{ | ||
"EndpointId": "arn:aws:elasticloadbalancing:eu-west-1:606671647913:loadbalancer/net/a3c75f239541c4a6e9c48cf8d48d602f/5ba333e87019ccf0", | ||
"Weight": 50, | ||
"HealthState": "HEALTHY", | ||
"ClientIPPreservationEnabled": false | ||
} | ||
], | ||
"TrafficDialPercentage": 100.0, | ||
"HealthCheckPort": 443, | ||
"HealthCheckProtocol": "TCP", | ||
"HealthCheckIntervalSeconds": 30, | ||
"ThresholdCount": 3 | ||
} | ||
] | ||
} | ||
---- | ||
+ | ||
.. Update the EndpointGroup to include the existing Endpoint and the NLB retrieved in step 1. | ||
+ | ||
.Command: | ||
[source,bash] | ||
---- | ||
aws globalaccelerator update-endpoint-group \ | ||
--endpoint-group-arn arn:aws:globalaccelerator::606671647913:accelerator/d280fc09-3057-4ab6-9330-6cbf1f450748/listener/8769072f/endpoint-group/a30b64ec1700 \ | ||
--region us-west-2 \ | ||
--endpoint-configurations ' | ||
[ | ||
{ | ||
"EndpointId": "arn:aws:elasticloadbalancing:eu-west-1:606671647913:loadbalancer/net/a3c75f239541c4a6e9c48cf8d48d602f/5ba333e87019ccf0", | ||
"Weight": 50, | ||
"ClientIPPreservationEnabled": false | ||
}, | ||
{ | ||
"EndpointId": "arn:aws:elasticloadbalancing:eu-west-1:606671647913:loadbalancer/net/a49e56e51e16843b9a3bc686327c907b/9b786f80ed4eba3d", | ||
"Weight": 50, | ||
"ClientIPPreservationEnabled": false | ||
} | ||
] | ||
' | ||
---- |
Oops, something went wrong.