PingAccess

Configuring replica administrative nodes

Configure one PingAccess node as a replica administrative node to provide an alternative if the administrative node fails.

About this task

The key pair that you create for the CONFIG QUERY listener must include both the administrative node and the replica administrative node. To make sure the replica administrative node is included, you can either use a wildcard certificate or define subject alternative names in the key pair that use the replica administrative node’s DNS name. For more information, see step 2c in Configuring a PingAccess cluster.

If you use a replica administrative node in your configuration, configure the replica administrative node before defining the engine nodes, or the bootstrap.properties files generated for the engine nodes will not include information about the replica administrative node.

Steps

  1. Click Settings and then go to Clustering → Administrative Nodes.

  2. In the Host field, in the Replica Administrative Node section, enter the host and port for the replica administrative node.

    This name and port pair must match either a subject alternative name in the key pair or be considered a match for the wildcard specified if the key pair uses a wildcard in the common name.

  3. If applicable, specify an HTTP Proxy for the engine.

    For more information about creating proxies, see Adding proxies.

    1. Click Create to create an HTTP proxy.

  4. If applicable, specify an HTTPS Proxy for the engine.

    For more information about creating proxies, see Adding proxies.

    1. Click Create to create an HTTPS proxy.

  5. Specify the Replica Administrative Node Trusted Certificate if a TLS-terminating network appliance, such as a load balancer, is placed between the engines and administrative node.

    Select the certificate that the network appliance uses. The certificate helps establish a secure HTTP connection with the administrative node.

  6. Click Save & Download to download the <replicaname>_data.zip file for the replica administrative node.

    PingAccess automatically generates and downloads a public and private key pair into the bootstrap.properties file for the node. The public key is indicated in this window.

  7. Copy the downloaded file to the replica administrative node’s <PA_HOME> directory and extract it.

  8. If the replica administrative node is running on a Linux host, run the command chmod 400 conf/pa.jwk.

  9. Edit <PA_HOME>/conf/run.properties on the replica administrative node and change the pa.operational.mode value to CLUSTERED_CONSOLE_REPLICA.

    This property is case-sensitive.

  10. Start the replica administrative node.

  11. Verify replication has completed by monitoring the <PA_HOME>/log/pingaccess.log file and looking for the message Configuration successfully synchronized with administrative node.