Enabling dynamic discovery for clustering

pf.operational.mode

Configure the operational mode of the PingFederate node. The value CLUSTERED_CONSOLE denotes an administrative console node. The value CLUSTERED_ENGINE denotes a runtime engine node.

A PingFederate cluster has only one administrative console node. When you scale your PingFederate infrastructure, set the pf.operational.mode property value to CLUSTERED_ENGINE to deploy additional PingFederate runtime engine nodes.

pf.cluster.tcp.discovery.initial.hosts

Remove any configured value. No IP addresses are required here.

pf.cluster.transport.protocol

Set the value to tcp.

pf.cluster.*

See the inline comments to configure the rest of the pf.cluster.* property values.

pf.cluster.NATIVE_S3_PING.region_name

The name of the region in which discovery should be attempted.

If no region is specified, only nodes in the same region as this node can be discovered.

pf.cluster.NATIVE_S3_PING.bucket_name

The name of the bucket in your Amazon S3 environment.

For information about buckets, see the Create a bucket documentation from Amazon.

pf.cluster.NATIVE_S3_PING.remove_all_data_on_view_change

When set to true (the default), JGroups cleans up data when it detects a view change.

For more information, see .jgroups.org/manual4/index.html//[].

pf.cluster.NATIVE_S3_PING.write_data_on_find

Default value of true resolves the issue where subclusters could fail to merge after a network partition.

pf.cluster.DNS_PING.dns_query

A DNS query to the DNS Server that obtains information about the cluster members. For example, jgroups-dns-ping.myproject.svc.cluster.local.

For more information, see .jgroups.org/manual4/index.html//[].

pf.cluster.AWS_PING.port_number

The port on which PingFederate listens for cluster communication.

The default value is ${pf.cluster.bind.port}, which pulls the value defined by the pf.cluster.bind.port property in the <pf_install>/pingfederate/bin/run.properties file.

pf.cluster.AWS_PING.port_range

The number of additional ports that PingFederate can probe when attempting to connect to other nodes in the event that it fails to connect to the port specified by the port_number property.

For example if the port_number property is 7600, a port_range property value of 0 means PingFederate will only try to connect at port 7600. If the port_range property value is set to 2, PingFederate will make up to two additional attempts, with the port value increasing by one each time. For example, if PingFederate fails to connect at port 7600, it will try at port 7601. If it fails again, it will try at port 7602.

The default value is 0.

pf.cluster.AWS_PING.regions

A comma separated list of EC2 regions in which PingFederate will attempt discovery.

If no regions are specified, only nodes in the same region as this node can be discovered. List all regions where you have nodes running.

For information about regions, see the AWS documentation on Regions, Availability Zones, and Local Zones.

pf.cluster.AWS_PING.tags

A comma separated list of EC2 tag names.

When specified, only EC2 instances that have been assigned with the specified tags can be discovered. If multiple tags are specified, only EC2 instances that have been assigned with all tags can be discovered.

For information about tags, see the documentation from Amazon (docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html).

pf.cluster.AWS_PING.filters

A semi-colon separated list of key value pairs of system metadata.

When specified, only EC2 instances that match the specified filters can be discovered. If multiple filters are specified, only EC2 instances that match all filters can be discovered.

Note that you can enter a comma separated list of values for each filter. In this case, a filter is considered a match if one of the values is satisfied. For example, if you enter: filters="instance-type=t2.small,t2.medium;architecture=x86_64", then only EC2 instances that have an instance-type of either t2.small or t2.medium and also an architecture of x86_64 can be discovered.

For information about filters, see the describe-instances documentation from Amazon.

pf.cluster.AWS_PING.access_key and pf.cluster.AWS_PING.secret_key

The access key and its secret key for the purpose of querying AWS for EC2 instances.

Applicable and required only if permissions to ec2:Describe* actions are associated with the access key.

Keys can be encrypted using the obfuscate utility (obfuscate.bat for Windows or obfuscate.sh for Linux), located in the <pf_install>/pingfederate/bin directory

pf.cluster.AWS_PING.log_aws_error_messages

When set to true (the default), error messages received from AWS are logged to the server log.

pf.cluster.SWIFT_PING.auth_type

The authentication type.

pf.cluster.SWIFT_PING.auth_url

The authentication URL.

pf.cluster.SWIFT_PING.username and pf.cluster.SWIFT_PING.password

The security credentials.

Password can be encrypted using the obfuscate utility (obfuscate.bat for Windows or obfuscate.sh for Linux), located in the <pf_install>/pingfederate/bin directory

pf.cluster.SWIFT_PING.tenant

The name of your OpenStack Keystone tenant.

pf.cluster.SWIFT_PING.container

The name of the root container.

For more information about each of the SWIFT_PING properties, see .org/manual/index.html//[jgroups.org/manual4/index.html#_swift_ping].

pf.cluster.SWIFT_PING.remove_all_data_on_view_change

When set to true (the default), JGroups cleans up data when it detects a view change.

For more information, see .org/manual/index.html//[jgroups.org/manual4/index.html#FILE_PING].