Multiple Enterprise API (RaaS) nodes

Overview

This page explains how to configure multiple Enterprise API (RaaS) nodes that share a single PostgreSQL database and Redis node. This method is also sometimes called clustering.

These instructions demonstrate how to install the PostgreSQL and Redis services on the primary Enterprise API (RaaS) node using the Single-node installation scenario.

Note

Some high availability requirements may require consultation services.

Preparatory steps

In order to set up multiple Enterprise API (RaaS) nodes, all the Enterprise API (RaaS) nodes must:

  • Access the same PostgreSQL database
  • Share the same key space
  • Use the same /etc/raas/pki/.raas.key and /etc/raas/raas.secconf files

Before configuring multiple Enterprise API (RaaS) nodes, follow the steps to install two standalone Enterprise API (RaaS) nodes using the Single-node installation scenario. At the end of this scenario, both nodes should run SaltStack Enterprise in standalone mode, meaning each node has its own local version of PostgreSQL and Redis.

Configure the primary Enterprise API (RaaS) node

This section explains how to configure the first Enterprise API (RaaS) node to work with a second Enterprise API (RaaS) node.

To configure the first Enterprise API (RaaS) node:

  1. Follow the steps to install two standalone Enterprise API (RaaS) nodes using the Single-node installation scenario. At the end of this scenario, both nodes should run SaltStack Enterprise in standalone mode, meaning each node has its own local version of PostgreSQL and Redis.

  2. On the first Enterprise API (RaaS) node, stop the RaaS, Redis, and PostgreSQL services using the following commands:

    systemctl stop raas
    systemctl stop redis
    systemctl stop postgresql-12
    

    Note

    The command to stop PostgreSQL may differ if you are running a different version.

  3. On the first Enterprise API (RaaS) node, update your postgresql pg_hba.conf file to allow remote connections from the other Enterprise API (RaaS) node. To allow remote connections, append the following entry to the end of that file, replacing the example IP address with the IP address of the second Enterprise API (RaaS) node:

    # Allow connection from RaaS 2
    host all all 127.31.4.137/32 trust
    
  4. Update your /etc/redis.conf file to allow binding to all interfaces. By default, the bind is set to localhost. Add the following to your file:

    #bind 127.0.0.1
    
  5. Start the services and verify their status using the following commands:

    systemctl start postgresql-12
    systemctl status postgresql-12
    systemctl start redis
    systemctl status redis
    systemctl start raas
    systemctl status raas
    
  6. Access the Enterprise Console using the URL for the first Enterprise API (RaaS) node to confirm that SaltStack Enterprise is working properly on the first node.

After verifying you can access the Enterprise Console, proceed to the next section.

Configure the secondary Enterprise API (RaaS) node

This section explains how to configure the second Enterprise API (RaaS) node to work with the primary Enterprise API (RaaS) node.

To configure the second Enterprise API (RaaS) node:

  1. On the second Enterprise API (RaaS) node, stop the RaaS, Redis, and PostgreSQL services using the following commands:

    systemctl stop raas
    systemctl stop redis
    systemctl stop postgresql-12
    
  2. On the second Enterprise API (RaaS) node, update the /etc/raas/raas file to connect to the remote Redis and PostgreSQL services on the first Enterprise API (RaaS) node. The customer_id configuration should be identical on both nodes. The following shows an example configuration:

    customer_id: 43cab1f4-de60-4ab1-85b5-1d883c5c5d09
    sql:
      dialect: postgresql
      host: 172.31.8.237
      port: 5432
      driver: psycopg2
      ssl: True
    
    redis:
      url: redis://172.31.8.237:6379
    
  3. Copy the /etc/raas/pki/.raas.key and /etc/raas/secconf from the first node to the second node. Maintain the access and permissions, as shown in this example:

    # ls -l /etc/raas/raas.secconf
    -rw-------. 1 raas raas 313 Jan 21 17:21 /etc/raas/raas.secconf
    # ls -l /etc/raas/pki/.raas.key
    -rwx------. 1 raas raas 77 Jan 21 17:17 /etc/raas/pki/.raas.key
    
  4. Start the RaaS service and verify its status using the following commands:

    systemctl start raas
    systemctl status raas
    
  5. Access the Enterprise Console using the URL for the second Enterprise API (RaaS) node to confirm that SaltStack Enterprise is working properly on the second node.

After verifying you can access the Enterprise Console on the secondary node, proceed to the next section.

Test the configuration

To test whether your new system architecture is working correctly:

  1. To test the configuration, create a new object, such as a new target. Verify that the change is present on both nodes when you refresh the Enterprise Console.

  2. On the second Enterprise API (RaaS) node, disable the Redis and PostgreSQL services using the following commands:

    systemctl disable redis
    systemctl disable postgresql-12
    

You now have two instances of the Enterprise API (RaaS) node running. For troubleshooting, Contact Support.