ArangoSync Master

The ArangoSync Master is responsible for managing all synchronization, creatingtasks and assigning those to the ArangoSync Workers.

At least 2 instances must be deployed in each datacenter.One instance will be the “leader”, the other will be an inactive slave. When theleader is gone for a short while, one of the other instances will take over.

With clusters of a significant size, the sync master will require asignificant set of resources. Therefore it is recommended to deploy the _sync masters_on their own servers, equiped with sufficient CPU power and memory capacity.

To start an ArangoSync Master using a systemd service, use a unit like this:

  1. [Unit]
  2. Description=Run ArangoSync in master mode
  3. After=network.target
  5. [Service]
  6. Restart=on-failure
  7. EnvironmentFile=/etc/arangodb.env
  8. EnvironmentFile=/etc/arangodb.env.local
  9. LimitNOFILE=8192
  10. ExecStart=/usr/sbin/arangosync run master \
  11.     --log.level=debug \
  12.     --cluster.endpoint=${CLUSTERENDPOINTS} \
  13.     --cluster.jwtSecret=${CLUSTERSECRET} \
  14.     --server.keyfile=${CERTIFICATEDIR}/tls.keyfile \
  15.     --server.client-cafile=${CERTIFICATEDIR}/client-auth-ca.crt \
  16.     --server.endpoint=https://${PRIVATEIP}:${MASTERPORT} \
  17.     --server.port=${MASTERPORT} \
  18.     --master.endpoint=${PUBLICMASTERENDPOINTS} \
  19.     --master.jwtSecret=${MASTERSECRET} \
  20.     --mq.type=direct
  21. TimeoutStopSec=60
  23. [Install]
  24. WantedBy=multi-user.target

When using the kafka type message queue, replace —mq.type=direct with —mq.type=kafkaand add the following arguments.

  1.     --mq.kafka-addr=${KAFKAENDPOINTS} \
  2.     --mq.kafka-client-keyfile=${CERTIFICATEDIR}/kafka-client.key \
  3.     --mq.kafka-cacert=${CERTIFICATEDIR}/tls-ca.crt

The sync master needs a TLS server certificate and aIf you want the service to create a TLS certificate & client authenticationcertificate, for authenticating with ArangoSync Masters in another datacenter,for every start, add this to the Service section.

  1. ExecStartPre=/usr/bin/sh -c "mkdir -p ${CERTIFICATEDIR}"
  2. ExecStartPre=/usr/sbin/arangosync create tls keyfile \
  3.     --cacert=${CERTIFICATEDIR}/tls-ca.crt \
  4.     --cakey=${CERTIFICATEDIR}/tls-ca.key \
  5.     --keyfile=${CERTIFICATEDIR}/tls.keyfile \
  6.     --host=${PUBLICIP} \
  7.     --host=${PRIVATEIP} \
  8.     --host=${HOST} \
  9.     --host=${CLUSTERDNSNAME}
  10. ExecStartPre=/usr/sbin/arangosync create client-auth keyfile \
  11.     --cacert=${CERTIFICATEDIR}/tls-ca.crt \
  12.     --cakey=${CERTIFICATEDIR}/tls-ca.key \
  13.     --keyfile=${CERTIFICATEDIR}/kafka-client.key \
  14.     --host=${PUBLICIP} \
  15.     --host=${PRIVATEIP} \
  16.     --host=${HOST}

The ArangoSync Master must be reachable on a TCP port ${MASTERPORT} (used with —server.port option).This port must be reachable from inside the datacenter (by sync workers and operations)and from inside of the other datacenter (by sync masters in the other datacenter).

Note that other sync masters in the same datacenter will contact this sync masterthrough the endpoint specified in —server.endpoint.Sync masters (&sync workers) from the other datacenter will contains this sync masterthrough the endpoint specified in —master.endpoint.

Since the sync masters can be CPU intensive when running lots of databases & collections,it is recommended to run them on dedicated machines with a lot of CPU power.

Consider these machines “pets”.