Configuring engine nodes using an auto-registration file
Download a JSON Web Token (JWT) to enable a new engine node to automatically register itself at startup in PingAccess.
Before you begin
Make sure that you’ve configured an administrative node and a replica administrative node.
For a comprehensive overview of the steps necessary to set up a clustered environment, see Configuring a PingAccess cluster in the Clustering in PingAccess reference guide. |
Steps
-
Click Settings and then go to Clustering → Engine Registration.
-
If applicable, specify an HTTP Proxy for the engine.
To create an HTTP proxy, click +Create.
For more information about creating proxies, see Adding proxies.
-
If applicable, specify an HTTPS Proxy for the engine.
To create an HTTPS proxy, click +Create.
For more information about creating proxies, see Adding proxies.
-
Specify an Engine Trusted Certificate if a TLS-terminating network appliance, such as a load balancer, is placed between the engines and administrative node.
Select the certificate that the network appliance uses. The certificate helps establish a secure HTTP connection with the administrative node.
-
In the Token Duration field, enter the number of seconds for which the generated JWT is valid.
-
Click Download.
-
Add the JWT file to the engine node:
Choose from:
-
If the engine node is not a container, copy the JWT file to the
PA_Home/conf
directory. -
If the engine node is a container, inject the JWT as an environment variable named
REGISTRATION_TOKEN
.
-
-
Optional: Modify the name of the engine node:
Choose from:
-
If the engine node is not a container, open the
PA_Home/conf/engine-registration.properties
file and update the engine.admin.api.engineName value. -
If the engine node is a container, inject the engine node name as an environment variable named
ENGINE_NAME
.
-
-
Start the engine node.
Next steps
If you specified any proxies, enable the Use Proxy option for any sites, token providers, and third-party services that require the use of a proxy. For more information, see Adding sites and the Token provider section.