Click on the Regions option in your JCA > Cluster menu section to see the hardware structure of the platform:
- Regions (or hardware regions) - independent hardware sets from different data centers; each region can contain multiple host groups
- Host Groups (or environment regions) - a separate set of servers (hosts) within the confines of a particular region with its own options, efficiency, and rules for resources charging
Here, all the crucial information on Regions is displayed through the following columns:
- Name of a hardware region or comprised host group(s)
- Domain assigned to the region
- SSL certificates configuration for the hardware region
- Subnet provided for the region
- Migration shows if users should be able to migrate environments from/to the current hardware region
- Status of a region/host group (could be either ACTIVE or under MAINTENANCE)
- Description with some optional information on a region or host group
Use the tools panel above the regions list to perform the following operations:
Add New Region
Follow the next steps to add a new hardware region to your Jelastic cluster:
Note: Before adding a new region, consider the following prerequisites:
- hosts must be configured according to hardware requirements
- at least two internal and two external IPs must be reserved for shared load balancers (resolvers)
- new region domain delegation must be done to the IPs from the previous point and according to DNS Zones Delegation
- firewall should be checked and, if necessary, set up
1. Click the Add Region button at the top pane of the Regions section:
Within the opened Add Region frame, you need to fulfill the required details.
2. Within the first Region Setting section, specify the following information:
Unique Name - unique identifier for the region (c**annot be changed later)
Display Name - changeable region alias, which is displayed in JCA (10 characters max)
Domain - hostname assigned to a new regionNote: The appropriate domain name should be purchased beforehand using any preferred domain registrar.
Status - the initial state should be set as MAINTENANCE to avoid false monitoring alerts during region addition
Subnet - a dedicated internal subnet for the user nodes and traffic routing between different hardware regions
Start and End IP - range of the IP addresses for containers created in this region (cannot exceed the specified subnet)
Description - short information on the current hardware region displayed in JCA (optional)
Allow migration from/to regions - tick the checkbox to allow environments migration from/to this region by end-usersNote: This parameter controls the permission for migration across different hardware regions; herewith, transferring between host groups of the same region cannot be disabled.
3. In the Name Servers section, you need to state a pair (or several pairs) of Public IPv4 and Internal IPv4. These addresses will be used by shared load balancers as a region entrance point and, at the same time, its internal and external DNS server.
4. The last Docker Host Settings section configures a separate Docker Engine module for this particular hardware region:
- Host - domain or IP of your Docker Host
- SSH and TCP Port - ports for connections via the appropriate protocols
- Login and Password - access credentials for the Docker Host
Once all the settings are specified, confirm the creation by clicking the Add button.
Add New Host Group
To add a new host group, follow the instructions below.
1. Click the Add Host Group button at the top of the Regions panel.
2. Within the opened Add Host Group dialog, fill in the given fields to provide the required data:
- Unique Name - unique identifier for the host group (c**annot be changed later)
- Display Name - changeable host group name displayed in JCA and at the end-users' dashboard (10 characters max)
- Status - initial state of the host group, i.e. the one set after creation (ACTIVE or MAINTENANCE)
- Description - short information on the current host group displayed in JCA (optional)
- Region - hardware region this host group should be assigned to (use the drop-down list to select an existing one or to jump to the Add Region dialog)
Click Add to proceed.
3. If internal routing between regions is already set up, proceed to step 6. If not, VPN tunnels and GRE links must be created.
3.1. Install required software and create keys at the infrastructure host:
As a result of this command, you’ll get a key. Later on in this guide, we’ll refer to it as $(infranode key).
Repeat this step on the user hosts of the new region to get $(usernode key).
3.2. Create the following configs:
- /etc/ipsec.d/default.conf on user hosts
- /etc/ipsec.d/$(infranode hostname).conf on user hosts
- /etc/ipsec.d/default.conf on infra hosts
- /etc/ipsec.d/$(usernode hostname).conf on infra hosts
3.3. Enable ipsec and configure the tunnels:
- on the user host
- on the infra host
Note: Run the following command to ensure that ipsec is set before proceeding to the next step:
You should see active tunnels in the output, for example:
3.4. Create GRE links:
- on the user host
- on the infra host
4. Set up internal routing. The BIRD Internet Routing Daemon can be used to automate the process.
Install bird on the infra and user hosts:
Set up bird config:
Repeat this step on the other hosts in the region.
5. Configure the /etc/sysctl.conf file.
6. Next, add a host to this newly created host group.
6.1. Check /etc/vz/vz.conf. If the VE_ROUTE_SRC_DEV parameter is commented or indicates an incorrect device, fix the issue and save the file.
6.2. If your DOCKER_HOST is on the docker-engine host and you deploy vz7 host, add the next line to the /etc/yum.conf file:
6.3. Check routes from the new region to infra/user hosts in this and other regions. It could be set automatically via the bird daemon.
6.4. Start the host installation via JCA.
7. Configure shared load balancers (SLB).
7.1. Add a region network to the jelastic.net.subnetworks system settings in JCA.
7.2. Add SLB IPs (both external and internal) to the jelastic.isolation.infra.ips and jelastic.isolation.infra.ips.all system settings in JCA. If isolation is enabled on the platform, you need to disable and re-enable it to apply these new settings.
7.3. In order to create a shared load balancer for the new region, connect to a new host and create the config.ini file:
7.4. Download the create_docker.sh script.
Edit it to specify the platform version in the DOCKER_VERSION=""; line.
For example, if deploying a region to Jelastic 5.9-3, set it as follows: DOCKER_VERSION=“5.9-3”;
7.5. Run the script to create a new shared load balancer.
Add all regions' networks to this SLB via the /var/lib/jelastic/customizations/ipconfig.cfg file.
7.6. Update ZooKeeper environment variables (/.jelenv) by adding shared load balancer’s internal IP to OPT_JELASTIC_IPS and new network to JELASTIC_NETWORK. Restart the ZooKeeper service to apply changes.
7.7. Fix nameservers for SLB containers.
7.8. Check all infrastructure containers and manually add region network and routes.
7.9. Run service discovery:
Check results in /vz/root/$new_resolver_CTID/var/log/discovery.log and, if everything is ok, disable discovery:
8. Provide Let’s Encrypt SSL certificates via JCA.
9. If needed, apply customizations and run J-runner tests for the new region.
10. Synchronize new SLBs in the patcher.
11. Finally, assign the host group to the appropriate user Groups via the Regions & Pricing tab.
Afterward, your host group will appear in the topology wizard of the Dev dashboard as a new environment region.
Edit Region/Host Group
You can adjust the existing regions and host groups by simply double-clicking on the required item or using the Edit button at the top of the Regions panel.
Within the corresponding region/host group Edit dialog, you can adjust everything (same as for the addition) except the Unique Name value.
Apply changes with the Save button at the bottom-right corner of the frame.
SSL Certificates for Regions
Using the SSL column within the Regions section, you can Add Certificates for your hardware regions or manage the already configured ones:
- Edit - allows switching between the Let’s Encrypt and custom SSL certificates
- Update - provides a new LE certificate for the hardware region (this option is hidden for custom SSL)
- Remove - detaches certificate from the region
1. While adding or editing your certificate, you can choose between two options:
- Use Let’s Encrypt - automatically fetch and apply certificates from the Let’s Encrypt free and open Certificate Authority
- Upload Custom Certificates - upload valid RSA-based Server Key, Intermediate Certificate (CA), and Domain Certificate files to automatically apply them. Self-signed certificates can be used as well, e.g. for testing purposes
Click Save to confirm changes.
2. If needed, you can configure the Let’s Encrypt certificates provisioning via the certain System Settings:
- jelastic.letsencrypt.renewal.days - displays an alert at JCA if any of the SSL certificates are valid for fewer days than a provided value (21, by default)
- qjob.ssl_checker.cron_schedule - checks the status of the Let’s Encrypt SSL certificates for hardware regions and automatically updates those, which are valid for fewer days than specified in the jelastic.letsencrypt.renewal.days setting; the default value is 0 0 15 * * ?, i.e. this job is run daily at 15:00
- hcore.platform.admin.username - sets platform admin email address, which, in case any issue occurs, receives notification from Let’s Encrypt
To update or remove a certificate, select the appropriate option from the list, and confirm the action via the pop-up window.
Remove Region/Host Group
No longer needed regions and host groups can be deleted with the help of the Remove button at the top tools panel.
Confirm your decision via the appeared pop-up window.