Multiple SSE API (RaaS) servers

Overview

This topic explains how to configure multiple Enterprise API RaaS servers that share a single PostgreSQL database and Redis server. This method is also sometimes called clustering.

These instructions demonstrate how to install the PostgreSQL and Redis services on the primary Enterprise API (RaaS) server using the Single-node installation scenario.

Note

Some high availability requirements may require consultation services.

Preparatory steps

In order to set up multiple Enterprise API (RaaS) servers, all the Enterprise API (RaaS) servers must:

  • Access the same PostgreSQL database
  • Share the same key space
  • Use the same /etc/raas/pki/.raas.key and /etc/raas/raas.secconf files

Before configuring multiple Enterprise API (RaaS) servers, follow the steps to install two standalone SaltStack Enterprise servers using the Single-node installation scenario. At the end of this scenario, both servers should run SaltStack Enterprise in standalone mode, meaning each server has its own local version of PostgreSQL and Redis.

Configure the primary Enterprise API (RaaS) server

This section explains how to configure the first Enterprise API (RaaS) server to work with a second Enterprise API (RaaS) server.

To configure the first Enterprise API (RaaS) server:

  1. Follow the steps to install two standalone SaltStack Enterprise servers using the Single-node installation scenario. At the end of this scenario, both servers should run SaltStack Enterprise in standalone mode, meaning each server has its own local version of PostgreSQL and Redis.

  2. On the first Enterprise API (RaaS) server, stop the RaaS, Redis, and PostgreSQL services using the following commands:

    systemctl stop raas
    systemctl stop redis
    systemctl stop postgresql-12
    

    Note

    The command to stop PostgreSQL may differ if you are running a different version.

  3. On the first Enterprise API (RaaS) server, update your postgresql pg_hba.conf file to allow remote connections from the other Enterprise API (RaaS) server. To allow remote connections, append the following entry to the end of that file, replacing the example IP address with the IP address of the second Enterprise API (RaaS) server:

    # Allow connection from RaaS 2
    host all all 127.31.4.137/32 trust
    
  4. Update your /etc/redis.conf file to allow binding to all interfaces. By default, the bind is set to localhost. Add the following to your file:

    #bind 127.0.0.1
    
  5. Start the services and verify their status using the following commands:

    systemctl start postgresql-12
    systemctl status postgresql-12
    systemctl start redis
    systemctl status redis
    systemctl start raas
    systemctl status raas
    
  6. Access the Enterprise Console using the URL for the first Enterprise API (RaaS) server to confirm that SaltStack Enterprise is working properly on the first server.

After verifying you can access the Enterprise Console, proceed to the next section.

Configure the secondary Enterprise API (RaaS) server

This section explains how to configure the second Enterprise API (RaaS) server to work with the primary Enterprise API (RaaS) server.

To configure the second Enterprise API (RaaS) server:

  1. On the second Enterprise API (RaaS) server, stop the RaaS, Redis, and PostgreSQL services using the following commands:

    systemctl stop raas
    systemctl stop redis
    systemctl stop postgresql-12
    
  2. On the second Enterprise API (RaaS) server, update the /etc/raas/raas file to connect to the remote Redis and PostgreSQL services on the first Enterprise API (RaaS) server. The customer_id configuration should be identical on both servers. The following shows an example configuration:

    customer_id: 43cab1f4-de60-4ab1-85b5-1d883c5c5d09
    sql:
      dialect: postgresql
      host: 172.31.8.237
      port: 5432
      driver: psycopg2
      ssl: True
    
    redis:
      url: redis://172.31.8.237:6379
    
  3. Copy the /etc/raas/pki/.raas.key and /etc/raas/secconf from the first server to the second server. Maintain the access and permissions, as shown in this example:

    # ls -l /etc/raas/raas.secconf
    -rw-------. 1 raas raas 313 Jan 21 17:21 /etc/raas/raas.secconf
    # ls -l /etc/raas/pki/.raas.key
    -rwx------. 1 raas raas 77 Jan 21 17:17 /etc/raas/pki/.raas.key
    
  4. Start the Enterprise API (RaaS) service and verify its status using the following commands:

    systemctl start raas
    systemctl status raas
    
  5. Access the Enterprise Console using the URL for the second Enterprise API (RaaS) server to confirm that SaltStack Enterprise is working properly on the second server.

After verifying you can access the Enterprise Console on the secondary server, proceed to the next section.

Test the configuration

To test whether your new system architecture is working correctly:

  1. To test the configuration, create a new object, such as a new target. Verify that the change is present on both servers when you refresh the Enterprise Console.

  2. On the second Enterprise API (RaaS) server, disable the Redis and PostgreSQL services using the following commands:

    systemctl disable redis
    systemctl disable postgresql-12
    

You now have two instances of the Enterprise API (RaaS) server running. For troubleshooting, Contact Support.