23c4805b7b238ba187973e84275019c018fde3f8
configuration/on-site-scripts/paris2024/upgrade-landscape.sh
| ... | ... | @@ -1,7 +1,7 @@ |
| 1 | 1 | #!/bin/bash |
| 2 | 2 | # Upgrades the entire landscape of servers to a new release ${RELEASE} |
| 3 | 3 | # The procedure works in the following steps: |
| 4 | -# - patch *.conf files in sap-p1-1:servers/[master|security_service] and sap-p1-2:servers/[replica|master|security_service] so |
|
| 4 | +# - patch *.conf files in sap-p1-1:servers/[master|security_service] and sap-p1-2:servers/[secondary_master|replica|master|security_service] so |
|
| 5 | 5 | # their INSTALL_FROM_RELEASE points to the new ${RELEASE} |
| 6 | 6 | # - Install new releases to sap-p1-1:servers/[master|security_service] and sap-p1-2:servers/[replica|master|security_service] |
| 7 | 7 | # - Update all launch configurations and auto-scaling groups in the cloud (update-launch-configuration.sh) |
| ... | ... | @@ -30,9 +30,9 @@ if [ $# -eq 0 ]; then |
| 30 | 30 | echo "Example: $0 -R build-202106041327 -k Jan" |
| 31 | 31 | |
| 32 | 32 | echo "The procedure works in the following steps:" |
| 33 | - echo " - patch *.conf files in sap-p1-1:servers/[master|security_service] and sap-p1-2:servers/[replica|master|security_service] so" |
|
| 33 | + echo " - patch *.conf files in sap-p1-1:servers/[master|security_service] and sap-p1-2:servers/[secondary_master|replica|master|security_service] so" |
|
| 34 | 34 | echo " their INSTALL_FROM_RELEASE points to the new ${RELEASE}" |
| 35 | - echo " - Install new releases to sap-p1-1:servers/[master|security_service] and sap-p1-2:servers/[replica|master|security_service]" |
|
| 35 | + echo " - Install new releases to sap-p1-1:servers/[master|security_service] and sap-p1-2:servers/[secondary_master|replica|master|security_service]" |
|
| 36 | 36 | echo " - Update all launch configurations and auto-scaling groups in the cloud (update-launch-configuration.sh)" |
| 37 | 37 | echo " - Tell all replicas in the cloud to stop replicating (stop-all-cloud-replicas.sh)" |
| 38 | 38 | echo " - Tell sap-p1-2 to stop replicating" |
| ... | ... | @@ -76,6 +76,7 @@ fi |
| 76 | 76 | echo " * Patching configurations on sap-p1-1 and sap-p1-2 to new release ${RELEASE} and installing" |
| 77 | 77 | patch_conf_and_install sap-p1-1 master |
| 78 | 78 | patch_conf_and_install sap-p1-1 security_service |
| 79 | +patch_conf_and_install sap-p1-2 secondary_master |
|
| 79 | 80 | patch_conf_and_install sap-p1-2 replica |
| 80 | 81 | patch_conf_and_install sap-p1-2 master |
| 81 | 82 | patch_conf_and_install sap-p1-2 security_service |
wiki/info/landscape/paris2024/olympic-setup.md
| ... | ... | @@ -258,7 +258,7 @@ On sap-p1-2 two SSH connections are maintained, with the following default port |
| 258 | 258 | |
| 259 | 259 | So the essential change is that the reverse forward from ``paris-ssh.sapsailing.com:8888`` now targets ``sap-p1-2:8888`` where we now assume the failover master to be running. |
| 260 | 260 | |
| 261 | -#### Operations with Internet failing |
|
| 261 | +#### Operations with Internet Failing |
|
| 262 | 262 | |
| 263 | 263 | When the Internet connection fails, replicating the security service from ``security-service.sapsailing.com`` / ``rabbit.internal.sapsailing.com`` will no longer be possible. Neither will outbound replication to ``rabbit-eu-west-3.sapsailing.com`` be possible, and cloud replicas won't be able to reach the on-site master anymore through the ``paris-ssh.sapsailing.com:8888`` reverse port forward. This also has an effect on the local on-site replica which no longer will be able to reach ``rabbit-eu-west-3.sapsailing.com`` which provides the on-site replica with the operation stream under regular circumstances. |
| 264 | 264 | |
| ... | ... | @@ -321,8 +321,6 @@ server { |
| 321 | 321 | } |
| 322 | 322 | ``` |
| 323 | 323 | |
| 324 | - |
|
| 325 | - |
|
| 326 | 324 | ### Backup |
| 327 | 325 | |
| 328 | 326 | borgbackup is used to backup the ``/`` folder of both laptops towards the other machine. Folder where the borg repository is located is: ``/backup``. |
| ... | ... | @@ -383,7 +381,7 @@ I added the EPEL repository like this: |
| 383 | 381 | |
| 384 | 382 | Our "favorite" Availability Zone (AZ) in eu-west-3 is "1a" / "eu-west-3a". |
| 385 | 383 | |
| 386 | -The same host ``paris-ssh.sapsailing.com`` also runs a MongoDB 3.6 instance on port 10203. |
|
| 384 | +The same host ``paris-ssh.sapsailing.com`` also runs a MongoDB 4.4 instance on port 10203. |
|
| 387 | 385 | |
| 388 | 386 | For RabbitMQ we run a separate host, based on AWS Ubuntu 20. It brings the ``rabbitmq-server`` package with it (version 3.8.2 on Erlang 22.2.7), and we'll install it with default settings, except for the following change: In the new file ``/etc/rabbitmq/rabbitmq.conf`` we enter the line |
| 389 | 387 | |
| ... | ... | @@ -537,7 +535,7 @@ ADDITIONAL_JAVA_ARGS="${ADDITIONAL_JAVA_ARGS} -Dcom.sap.sse.debranding=true -Dpo |
| 537 | 535 | |
| 538 | 536 | ### Replicas |
| 539 | 537 | |
| 540 | -The on-site replica on ``sap-p1-2`` can be configured with a ``replica.conf`` file in ``/home/sailing/servers/replica``, using |
|
| 538 | +We plan to run with two master nodes on premise ("primary" vs. "failover"). So it is not considered a standard use case to run a replica on site. If an on-site replica is still desired on ``sap-p1-2`` it can be configured with a ``replica.conf`` file in ``/home/sailing/servers/replica``, using |
|
| 541 | 539 | |
| 542 | 540 | ``` |
| 543 | 541 | rm env.sh; cat replica.conf | ./refreshInstance auto-install-from-stdin |
| ... | ... | @@ -567,7 +565,7 @@ ADDITIONAL_JAVA_ARGS="${ADDITIONAL_JAVA_ARGS} -Dcom.sap.sse.debranding=true" |
| 567 | 565 | |
| 568 | 566 | (Adjust the release accordingly, of course). (NOTE: During the first production days of the event we noticed that it was really a BAD IDEA to have all replicas use the same DB set-up, all writing to the MongoDB PRIMARY of the "live" replica set in eu-west-1. With tens of replicas running concurrently, this led to a massive block-up based on MongoDB not writing fast enough. This gave rise to a new application server AMI which now has a MongoDB set-up included, using "replica" as the MongoDB replica set name. Now, each replica hence can write into its own MongoDB instance, isolated from all others and scaling linearly.) |
| 569 | 567 | |
| 570 | -In other regions, instead an instance-local MongoDB shall be used for each replica, not interfering with each other or with other databases: |
|
| 568 | +In the EC2 regions, instead an instance-local MongoDB is used for each replica, not interfering with each other or with other databases: |
|
| 571 | 569 | |
| 572 | 570 | ``` |
| 573 | 571 | INSTALL_FROM_RELEASE=build-202306271444 |