Configuring replica administrative nodes
Configure one PingAccess node as a replica administrative node to provide an alternative if the administrative node fails.
About this task
The key pair that you create for the CONFIG QUERY listener must include both the administrative node and the replica administrative node. To make sure the replica administrative node is included, you can either use a wildcard certificate or define subject alternative names in the key pair that use the replica administrative node’s DNS name. For more information, see step 2c in Configuring a PingAccess cluster.
If you use a replica administrative node in your configuration, configure the replica administrative node before defining the engine nodes, or the |
Steps
-
Click Settings and then go to Clustering → Administrative Nodes.
-
In the Host field, in the Replica Administrative Node section, enter the host and port for the replica administrative node.
This name and port pair must match either a subject alternative name in the key pair or be considered a match for the wildcard specified if the key pair uses a wildcard in the common name.
-
If applicable, specify an HTTP Proxy for the engine.
Click Create to create an HTTP proxy.
For more information about creating proxies, see Adding proxies.
-
If applicable, specify an HTTPS Proxy for the engine.
Click Create to create an HTTPS proxy.
For more information about creating proxies, see Adding proxies.
-
Specify the Replica Administrative Node Trusted Certificate if a TLS-terminating network appliance, such as a load balancer, is placed between the engines and administrative node.
Select the certificate that the network appliance uses. The certificate helps establish a secure HTTP connection with the administrative node.
-
Click Save & Download to download the
replicaname_data.zip
file for the replica administrative node.PingAccess automatically generates and downloads a public and private key pair into the
bootstrap.properties
file for the node. The public key is indicated in this window. -
Copy the downloaded file to the replica administrative node’s
PA_HOME
directory and extract it. -
If the replica administrative node is running on a Linux host, run the command
chmod 400 conf/pa.jwk
. -
Edit
PA_HOME/conf/run.properties
on the replica administrative node and change thepa.operational.mode
value toCLUSTERED_CONSOLE_REPLICA
.This property is case-sensitive.
-
Start the replica administrative node.
-
Verify replication has completed by monitoring the
PA_HOME/log/pingaccess.log
file and looking for the messageConfiguration successfully synchronized with administrative node
.