Configuring a PingAccess cluster
Install and configure PingAccess on each node in a cluster, including the administrative node, a replica administrative node, and one or more engine nodes.
About this task
The initial node you configure becomes the administrative node, which you will use to configure the rest of the cluster.
Setting the |
Steps
-
Install PingAccess on each cluster node.
-
Configure the administrative node:
-
Open the
conf/run.properties
file in a text editor and change thepa.operational.mode
value toCLUSTERED_CONSOLE
.This property is case-sensitive.
-
Start PingAccess.
-
Follow steps 1-14 of Generating new key pairs to create a new key pair for the CONFIG QUERY listener.
Make the following adjustments to steps 4-5:
-
To complete step 4, enter the DNS name of the administrative node in the Common Name field.
-
To complete step 5, enter both the DNS name of the replica administrative node and the DNS name of the administrative node in the Subject Alternative Names field. Alternately, configure the Subject Alternative Names field as a wildcard certificate.
You can use an Internet Protocol (IP) address as the common name or in the Subject Alternative Names field, as long as those values are used in the administrative node fields on the Administrative Nodes configuration page.
You will need this key pair in step 3a to set up the replica administrative console.
-
-
Follow steps 1-4 of Assigning key pairs to HTTPS listeners to assign the key pair you just created to the CONFIG QUERY listener.
-
Follow steps 1-6 in Configuring administrative nodes to configure the administrative node settings, then review the What to do next section. Make the following adjustment to step 2:
-
To complete step 2, define the primary administrative node as a
host:port
pair in the Host field.The host you specify must be a resolvable DNS name for the node or the node’s IP address. The port must be the TCP port that PingAccess listens to for the administrative interface. By default, this port is 9090.
-
-
Follow steps 1-14 of Generating new key pairs to create a new key pair for the ADMIN listener. Make the following adjustments to steps 4-5:
-
To complete step 4, enter the DNS name of the administrative node in the Common Name field.
-
To complete step 5, enter both the DNS name of the replica administrative node and the DNS name of the administrative node in the Subject Alternative Names field. Alternately, configure the Subject Alternative Names field as a wildcard certificate.
You can use an IP address as the common name or in the Subject Alternative Names field as long as those values are used in the administrative node fields on the Administrative Nodes configuration page.
-
-
Follow steps 1-4 of Assigning key pairs to HTTPS listeners to assign the key pair you just created to the ADMIN listener.
-
Restart PingAccess.
-
-
Configure the replica administrative node.
If you add a replica administrative node after you deploy the cluster, you must update the configuration for each engine node.
-
Complete steps 1-11 of Configuring replica administrative nodes. Make the following adjustments to step 2 and step 5:
-
To complete step 2, the host you specify must be a resolvable DNS name for the node or the node’s IP address. The port must be the TCP port that PingAccess listens to for the administrative interface. By default, this port is 9090.
-
To complete step 5, select the key pair that you created for the CONFIG QUERY listener in step 2c of this topic as the Replica Administrative Node Trusted Certificate.
-
-
-
Configure the engine nodes in the cluster one at a time. For each engine node:
-
Complete steps 1-10 of Configuring engine nodes.
-
On the engine node, open the
conf/run.properties
file in a text editor and change thepa.operational.mode
value toCLUSTERED_ENGINE
. -
Complete step 11 of Configuring engine nodes.
If you specified a proxy for the engine node, also see the What to do next section.
Alternately, you can configure each engine node with an auto-registration file. For more information, see Configuring engine nodes using an auto-registration file.
-
Next steps
-
Go to Settings → System → Clustering to check your cluster’s status. If everything is configured properly, the cluster engine nodes and the replica administrative node should display a green status icon, indicating that the cluster is operational. For more information about status icons, see Clustering in PingAccess.
-
Optionally, you can configure each node in the cluster to run PingAccess as a service. This set-up prompts PingAccess to run automatically when you start a node. For more information, see Running PingAccess as a service in Installing and Uninstalling PingAccess.