HA Failover in Oracle Cloud Infrastructure¶
Once you deploy a paior of BIG-IP VEs in OCI, you need the following to implement High Availability Failover.
Prerequisites¶
You need to consider the following, when implementing HA failover in OCI:
- Store scripts that you use for HA failover in the
/config/failoverdirectory. - You need to create a unique user for failover, similar to a system account. Avoid using your existing credentials. A new account is useful for auditing and tracking failover events versus user configuration changes.
- The user/group must allow for the following minimum policy:
- Group myHAgroup to use private-ips in compartment myCompartment
- Group myHAgroup to use public-ips in compartment myCompartment
- Group myHAgroup to use vnics in compartment myCompartment
- A public/private key pair
Deployment guidelines¶
You can find detailed download and installation instructions in the BIG-IPVE_Oracle.pdf file.
Important: The clock skew requirement includes all requests within OCI must occur within 5 minutes.
Deploying the BIG-IP must include an NTP configuration specifically for HA, and the OCI network must provide an NTP
server at the 169.254.169.254 IP address. Alternatively, you can use pool.ntp.org; however, the locally provided IP is
recommended, and will sync more closely with the API infrastructure.
Warning
This
pool.ntp.orgtool is not supported by F5 support.
Support guidelines¶
If you find an issue with using these HA Failover scripts, templates, instructions, or if you want to suggest a new/changed feature, in GitHub click the + More icon, and select New Issues. Be sure to include as much information as possible about what you found, how you found it, your environment, and other similar details.
The f5-oci-failover is released to the community under the Apache v2 license. It is distributed on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
