Configuring active and passive administrative nodes
Learn how to configure active and passive admin consoles in the admin UI.
Before you begin
If you’re upgrading from a single-console cluster to a cluster with active and passive consoles:
-
Make a copy of the original console to use in creating passive consoles. This ensures that the passive consoles have the same configuration data archive as the original console, which reduces the size of the initial synchronization. This is similar to exporting and importing a configuration archive.
-
Delete the
pingfederate/server/default/data/instance/admin-node-mode.xml
file from the new passive node, if it exists. -
Because the synchronization action only copies over configuration and license settings, similar to replication engines, you must manually adjust the properties and configuration files for the passive nodes.
About this task
To configure active and passive admin consoles:
Steps
-
Edit the clustering properties of each node in the
<pf_install>/pingfederate/bin/run.properties
file.Learn more in Deploying cluster servers.
-
Enable and configure active and passive admin consoles in the
pingfederate/server/default/conf/cluster-admin-nodes-sync.conf
file.Review each property in this file to make sure the values for each node are correctly configured for your cluster.
The following table describes each file property:
Property Description enabled
Whether the active/passive admin nodes feature is enabled.
Values are
true
orfalse
.passive.node.data.sync.interval.secs
The interval in seconds between requests from the passive node to the active node to pull the saved configuration.
The default value is
10
.rpc.synchronization.data.timeout.milliseconds
The time in milliseconds before a data synchronization request times out.
The default value is
20000
.passive.node.configuration.reload.interval.secs
The interval in seconds between configuration reloads on a passive node.
The reload process locks the admin console from performing other tasks, and the process can be time-consuming, so reloads are not performed after every synchronization.
Reloads are performed periodically to allow you to discover configuration issues from the
server.log
file, if they arise.This value should be greater than
passive.node.data.sync.interval.secs
.The default value is
300
.active.node.last.successful.sync.warning
The interval in seconds since the active node’s last successful synchronization with a passive node before a warning is issued on the active admin console.
This value should be greater than the value for
passive.node.data.sync.interval.secs
.The default value is
25
. -
Optional: If you’re planning a fresh setup of PingFederate with active and passive admin consoles and hardware security modules (HSMs):
-
Decide which passive console will become active.
-
Start the designated passive console.
-
Switch the designated passive console to become active.
Refer to step 5 or Active and passive administrative console endpoints for instructions on switching a passive console to active.
-
After the active console is started, start the remaining consoles.
This ensures that the passive consoles can retrieve the default SSL server certificate from the active console so that passive consoles can start successfully.
-
-
For new installations of PingFederate, run the initial setup wizard on the node that you want to make active when you first start your cluster.
Learn more in Setting up PingFederate.
Run the initial setup wizard only on the passive node that you intend to make active.
After the wizard completes, it will automatically switch the console you run it on to an active node. Because you can only have one active admin node at a time, do not run the wizard on multiple passive nodes.
-
For existing PingFederate installations, switch a node to active mode:
-
Make sure the active/passive admin nodes feature is enabled in all of the admin nodes by setting the
enabled
parameter totrue
in thepingfederate/server/default/conf/cluster-admin-nodes-sync.conf
file on each node. -
Go to System → Cluster Management
-
Click the All Admin Consoles tab.
-
Click one of the listed admin consoles.
-
Click Switch to Active.
-