High availability (snap/2.8/CLI)

2.7 2.8 2.9
Snap CLI ~ UI CLI ~ UI CLI ~ UI
Packages CLI ~ UI CLI ~ UI CLI ~ UI

This page describes how to provide high availability (HA) for MAAS at both region and rack levels. In the context of MAAS, there are four types of HA:

  1. BMC (node power cycling)
  2. DHCP
  3. PostgreSQL
  4. API services

Four questions you might have:

  1. How do I make rack controllers highly available?
  2. How do I enable highly-available BMC?
  3. How do I enable highly-available DHCP services?
  4. How do I make region controllers highly available?
  5. How do I enable highly-available PostgreSQL?
  6. How do I enable highly-available API services?
  7. How do I enable load balancing for API services?

Make rack controllers highly available

You need to install multiple rack controllers to achieve real high availability. Once that’s done, you automatically gain highly-available BMC control, and you can also enable highly-available DHCP.

Enable highly-available BMC

HA for BMC control (node power cycling) is provided out-of-the-box, once a second rack controller is present. MAAS will automatically identify which rack controller is responsible for a BMC and set up communication accordingly.

Enable highly-available DHCP services

DHCP HA affects the way MAAS manages node, including enlistment, commissioning and deployment. It enables primary and secondary DHCP instances to serve the same VLAN. This VLAN replicates all lease information is between rack controllers. MAAS-managed DHCP is a requirement for DHCP HA.

If you are enabling DHCP for the first time after adding a second rack controller, please read Enabling DHCP. On the other hand, if you have already enabled DHCP on your initial rack controller, you’ll need to reconfigure DHCP.

To reconfigure DHCP after adding a new rack controller, use the following sequence of commands:

vid=$(maas maas subnets read | jq -r '.[] | select(.cidr == "10.0.0.0/24") | .vlan.vid')
fabric_name=$(maas maas subnets read | jq -r '.[] | select(.cidr == "10.0.0.0/24") | .vlan.fabric')
query=".[] | select(.name == \"$fabric_name\") | .id"
fabric_id=$(maas maas fabrics read | jq "$query")
maas maas ipranges create type=reserved start_ip=10.0.0.3 end_ip=10.0.0.49
maas maas ipranges create type=dynamic start_ip=10.0.0.50 end_ip=10.0.0.99
maas maas vlan update ${fabric_id} ${vid} primary_rack=$(hostname) dhcp_on=true

Be sure to substitute the sample values for those of your own environment.

Configure multiple region endpoints

MAAS will automatically discover and track all reachable region controllers in a single cluster of rack controllers It will also attempt to automatically connect to them if the one in use becomes inaccessible. Administrators can alternatively specify multiple region-controller endpoints for a single rack controller by adding entries to /var/snap/maas/current/rackd.conf. For example:
.
.
.
maas_url:
- http://<ip 1>:/MAAS/
- http://<ip 2>:/MAAS/
.
.
.

The setup of highly-available DHCP is now complete. Note that, for HA purposes, DHCP provisioning will take into account multiple DNS services when there is more than one region controller on a single region.

Make region controllers highly available

Implementing highly-available region control involves setting up two highly-available services:

  1. PostgreSQL HA
  2. Secondary API server(s)

Load balancing is optional, but is highly recommended.

Enable highly-available PostgreSQL

MAAS stores all state information in the PostgreSQL database. It is therefore recommended to run it in HA mode. Configuring HA for PostgreSQL is external to MAAS. You will, therefore, need to study the PostgreSQL documentation^ and implement the variant of HA that makes you feel most comfortable.

A quick treatment of PostgreSQL HA: hot standby is provided here for convenience only. This summary will give you an idea of the command line implementation of HA with PostgreSQL.

Each region controller uses up to 40 connections to PostgreSQL in high load situations. Running two region controllers requires no modifications to the max_connections in postgresql.conf. More than two region controllers require that max_connections be adjusted to add 40 more connections per added region controller.

Enable highly-available API services

Setting up high-availability using snaps is relatively easy:

  1. Set up PostgreSQL for high-availability as explained above. PostgreSQL should run outside of the snap.

  2. Install the MAAS snap on each machine you intend to use as a rack or region controller. You’ll need the MAAS shared secret, located here, /var/snap/maas/common/maas/secret, on the first region controller you set up.

  3. Initialise the snap as a rack or region controller. Note that if you intend to use a machine as a region controller, you’ll need to tell MAAS how to access your PostgreSQL database host with the following four arguments:

  4. --database-host DATABASE_HOST

  5. --database-name DATABASE_NAME

  6. --database-user DATABASE_USER

  7. --database-pass DATABASE_PASS

Load balancing with HAProxy (optional)

You can add load balancing with HAProxy^ load-balancing software to support multiple API servers. In this setup, HAProxy provides access to the MAAS web UI and API.

If you happen to have Apache running on the same server where you intend to install HAProxy, you will need to stop and disable apache2, because HAProxy binds to port 80.

Install

sudo apt install haproxy

Configure

Configure each API server’s load balancer by copying the following into /etc/haproxy/haproxy.cfg (see the upstream configuration manual (external link) as a reference). Replace $PRIMARY_API_SERVER_IP and $SECONDARY_API_SERVER_IP with their respective IP addresses:

frontend maas
    bind    *:80
    retries 3
    option  redispatch
    option  http-server-close
    default_backend maas

backend maas
    timeout server 90s
    balance source
    hash-type consistent
    server localhost localhost:5240 check
    server maas-api-1 $PRIMARY_API_SERVER_IP:5240 check
    server maas-api-2 $SECONDARY_API_SERVER_IP:5240 check

where maas-api-1 and maas-api-2 are arbitrary server labels.

Now restart the load balancer to have these changes take effect:

sudo systemctl restart haproxy

The configuration of region controller HA is now complete.

The API server(s) must be now be referenced (e.g. web UI, MAAS CLI) using port 80 (as opposed to port 5240).