Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 12. Switch back to the primary site
These procedures switch back to the primary site back after a failover or switchover to the secondary site. In a setup as outlined in Concepts for active-passive deployments together with the blueprints outlined in Building blocks active-passive deployments.
12.1. When to use this procedure
These procedures bring the primary site back to operation when the secondary site is handling all the traffic. At the end of the chapter, the primary site is online again and handles the traffic.
This procedure is necessary when the primary site has lost its state in Data Grid, a network partition occurred between the primary and the secondary site while the secondary site was active, or the replication was disabled as described in the Switch over to the secondary site chapter.
If the data in Data Grid on both sites is still in sync, the procedure for Data Grid can be skipped.
See the Multi-site deployments chapter for different operational procedures.
12.2. Procedures
12.2.1. Data Grid Cluster
For the context of this chapter, Site-A is the primary site, recovering back to operation, and Site-B is the secondary site, running in production.
After the Data Grid in the primary site is back online and has joined the cross-site channel (see Deploy Data Grid for HA with the Data Grid Operator#verifying-the-deployment on how to verify the Data Grid deployment), the state transfer must be manually started from the secondary site.
After clearing the state in the primary site, it transfers the full state from the secondary site to the primary site, and it must be completed before the primary site can start handling incoming requests.
Transferring the full state may impact the Data Grid cluster perform by increasing the response time and/or resources usage.
The first procedure is to delete any stale data from the primary site.
- Log in to the primary site.
Shutdown Red Hat build of Keycloak. This action will clear all Red Hat build of Keycloak caches and prevents the state of Red Hat build of Keycloak from being out-of-sync with Data Grid.
When deploying Red Hat build of Keycloak using the Red Hat build of Keycloak Operator, change the number of Red Hat build of Keycloak instances in the Red Hat build of Keycloak Custom Resource to 0.
Connect into Data Grid Cluster using the Data Grid CLI tool:
Command:
oc -n keycloak exec -it pods/infinispan-0 -- ./bin/cli.sh --trustall --connect https://127.0.0.1:11222
oc -n keycloak exec -it pods/infinispan-0 -- ./bin/cli.sh --trustall --connect https://127.0.0.1:11222Copy to Clipboard Copied! Toggle word wrap Toggle overflow It asks for the username and password for the Data Grid cluster. Those credentials are the one set in the Deploy Data Grid for HA with the Data Grid Operator chapter in the configuring credentials section.
Output:
Username: developer Password: [infinispan-0-29897@ISPN//containers/default]>
Username: developer Password: [infinispan-0-29897@ISPN//containers/default]>Copy to Clipboard Copied! Toggle word wrap Toggle overflow NoteThe pod name depends on the cluster name defined in the Data Grid CR. The connection can be done with any pod in the Data Grid cluster.
Disable the replication from primary site to the secondary site by running the following command. It prevents the clear request to reach the secondary site and delete all the correct cached data.
Command:
site take-offline --all-caches --site=site-b
site take-offline --all-caches --site=site-bCopy to Clipboard Copied! Toggle word wrap Toggle overflow Output:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Check the replication status is
offline.Command:
site status --all-caches --site=site-b
site status --all-caches --site=site-bCopy to Clipboard Copied! Toggle word wrap Toggle overflow Output:
{ "status" : "offline" }{ "status" : "offline" }Copy to Clipboard Copied! Toggle word wrap Toggle overflow If the status is not
offline, repeat the previous step.WarningMake sure the replication is
offlineotherwise the clear data will clear both sites.Clear all the cached data in primary site using the following commands:
Command:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow These commands do not print any output.
Re-enable the cross-site replication from primary site to the secondary site.
Command:
site bring-online --all-caches --site=site-b
site bring-online --all-caches --site=site-bCopy to Clipboard Copied! Toggle word wrap Toggle overflow Output:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Check the replication status is
online.Command:
site status --all-caches --site=site-b
site status --all-caches --site=site-bCopy to Clipboard Copied! Toggle word wrap Toggle overflow Output:
{ "status" : "online" }{ "status" : "online" }Copy to Clipboard Copied! Toggle word wrap Toggle overflow
Now we are ready to transfer the state from the secondary site to the primary site.
- Log in into your secondary site.
Connect into Data Grid Cluster using the Data Grid CLI tool:
Command:
oc -n keycloak exec -it pods/infinispan-0 -- ./bin/cli.sh --trustall --connect https://127.0.0.1:11222
oc -n keycloak exec -it pods/infinispan-0 -- ./bin/cli.sh --trustall --connect https://127.0.0.1:11222Copy to Clipboard Copied! Toggle word wrap Toggle overflow It asks for the username and password for the Data Grid cluster. Those credentials are the one set in the Deploy Data Grid for HA with the Data Grid Operator chapter in the configuring credentials section.
Output:
Username: developer Password: [infinispan-0-29897@ISPN//containers/default]>
Username: developer Password: [infinispan-0-29897@ISPN//containers/default]>Copy to Clipboard Copied! Toggle word wrap Toggle overflow NoteThe pod name depends on the cluster name defined in the Data Grid CR. The connection can be done with any pod in the Data Grid cluster.
Trigger the state transfer from the secondary site to the primary site.
Command:
site push-site-state --all-caches --site=site-a
site push-site-state --all-caches --site=site-aCopy to Clipboard Copied! Toggle word wrap Toggle overflow Output:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Check the replication status is
onlinefor all caches.Command:
site status --all-caches --site=site-a
site status --all-caches --site=site-aCopy to Clipboard Copied! Toggle word wrap Toggle overflow Output:
{ "status" : "online" }{ "status" : "online" }Copy to Clipboard Copied! Toggle word wrap Toggle overflow Wait for the state transfer to complete by checking the output of
push-site-statuscommand for all caches.Command:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Output:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Check the table in this section for the Cross-Site Documentation for the possible status values.
If an error is reported, repeat the state transfer for that specific cache.
Command:
site push-site-state --cache=<cache-name> --site=site-a
site push-site-state --cache=<cache-name> --site=site-aCopy to Clipboard Copied! Toggle word wrap Toggle overflow Clear/reset the state transfer status with the following command
Command:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow Output:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow - Log in to the primary site.
Start Red Hat build of Keycloak.
When deploying Red Hat build of Keycloak using the Red Hat build of Keycloak Operator, change the number of Red Hat build of Keycloak instances in the Red Hat build of Keycloak Custom Resource to the original value.
Both Data Grid clusters are in sync and the switchover from secondary back to the primary site can be performed.
12.2.2. AWS Aurora Database
Assuming a Regional multi-AZ Aurora deployment, the current writer instance should be in the same region as the active Red Hat build of Keycloak cluster to avoid latencies and communication across availability zones.
Switching the writer instance of Aurora will lead to a short downtime. The writer instance in the other site with a slightly longer latency might be acceptable for some deployments. Therefore, this situation might be deferred to a maintenance window or skipped depending on the circumstances of the deployment.
To change the writer instance, run a failover. This change will make the database unavailable for a short time. Red Hat build of Keycloak will need to re-establish database connections.
To fail over the writer instance to the other AZ, issue the following command:
aws rds failover-db-cluster --db-cluster-identifier ...
aws rds failover-db-cluster --db-cluster-identifier ...12.2.3. Route53
If switching over to the secondary site has been triggered by changing the health endpoint, edit the health check in AWS to point to a correct endpoint (health/live). After some minutes, the clients will notice the change and traffic will gradually move over to the secondary site.
12.3. Further reading
See Concepts to automate Data Grid CLI commands on how to automate Infinispan CLI commands.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}