Configuring the on-premises gateway for high availability
Before you begin
Make sure that the standalone MinIO or Amazon Simple Storage Service (S3) instance is set up and you have obtained the credentials to access the MinIO or Amazon S3 API endpoint that is set up on the instance. The MinIO or Amazon S3 instance stores the configuration backup file. Contact your system administrator to obtain the credentials.
To configure the on-premises gateway instances for high availability
- Log on to an on-premises gateway instance that you want to consider as a primary instance.
- Navigate to the /IIGateway_INSTALL_DIR/hii directory.
- Open the docker-compose.yaml file or podman-compose.yaml file with an editor.
- Locate the mediator > environment section, and set the following properties:
- MINIO_ACCESS_KEY: MinIO or Amazon S3 access key
- MINIO_SECRET_KEY: MinIO or Amazon S3 secret key
MINIO_SERVER_URL: MinIO or Amazon S3 API endpoint URL
Example# MinIO
https://vx-push-dev26.abc.com:9000
# Amazon S3
https://s3.us-west-1.amazonaws.comMINIO_BUCKET_NAME: The name of bucket you want to create on the MinIO or Amazon S3 instance.
DATA_PUSH_INTERVAL: Interval in milliseconds in epoch format at which an on-premises gateway instance should push data to a MinIO or Amazon S3 bucket in a JSON file (default and minimum 300000 milliseconds).
The following file shows sample values:MINIO_ACCESS_KEY: "P3pWEoNUEmZB8i0zJAnC"
MINIO_SECRET_KEY: "SgA3ntRrdM3nzUGpvKjRMQ2FJZNHujfngxJgTb"
MINIO_SERVER_URL: "https://vx-push-dev26.abc.com:9000"
MINIO_BUCKET_NAME: "helix-hii-backup"
DATA_PUSH_INTERVAL: "300000"
- Save and close the file.
- (Applicable if you are using a MinIO instance) If the MinIO instance is using custom or CA-signed certificates, import them into the on-premises gateway.
- Restart the container service by using the following command:
For Docker deployments:
docker-compose down
docker-compose up -dFor Podman deployments:
podman-compose down
podman-compose -f podman-compose.yaml up -dWhen you restart the service, the instance is added as a primary instance and a MinIO or Amazon S3 bucket, helix-hii-backup is created. The bucket contains the configuration backup file, Leader_backup.json, which stores the instance configuration backup with timestamp. The backup file contains a tag for the on-premises instance.
- Log on to the remaining on-premises gateway instances and repeat steps 2 to 6.
The subsequent instances are added as secondary instances in the MinIO or Amazon S3 bucket.
To import the custom or CA-signed certificates into on-premises gateway
- Obtain the custom or CA-signed certificates from the MinIO server and save it in the <IIGateway_INSTALL_DIR>hii/conf/certs directory.
- Navigate to the /<IIGateway_INSTALL_DIR>/hii/conf/certs directory.
- Copy the cacerts file present in the swp-mediator container at /opt/java/lib/security to the /<IIGateway_INSTALL_DIR>/hii/conf/certs directory by using the following command:
For Docker deployments:
docker cp swp-mediator:/opt/java/lib/security/cacerts /<IIGateway_INSTALL_DIR>hii/conf/certs/cacertsFor Podman deployments:
podman cp swp-mediator:/opt/java/lib/security/cacerts /<IIGateway_INSTALL_DIR>hii/conf/certs/cacerts
Import the certificates into the copied cacerts file by using the keytool utility:
keytool -importcert -file minio.crt -keystore cacerts -alias minio- Navigate to the /IIGateway_INSTALL_DIR/hii directory.
- Open the docker-compose.yaml file or podman-compose.yaml file with a text editor.
- Search for the mediator section.
Add the following line to the volumes section:
- ./conf/certs/cacerts:/opt/java/lib/security/cacerts- Save and close the file.
- Go to Step 7 to continue configuring the on-premises gateway.