PingIntelligence

Setup ASE cluster (optional)

For production environments, Ping Identity recommends setting up a cluster of ASE nodes for improved performance and availability. NOTE: Enable NTP on each ASE node system. All cluster nodes must be in the same time zone.

To setup an ASE cluster node:

  1. Navigate to the config directory

  2. Edit ase.conf file:

    1. Set enable_cluster=true for all cluster nodes.

    2. Confirm that the parameter modeis the same on each ASE cluster node, either inline or sideband. If parameter mode values do not match, the nodes will not form a cluster.

  3. Edit the cluster.conf file:

    1. Configure cluster_id with an identical value for all nodes in a single cluster (for example, cluster_id=shopping)

    2. Enter port number in the cluster_manager_port parameter. ASE node uses this port number to communicate with other nodes in the cluster.

    3. Enter an IPv4 address or hostname with the port number for peer_node which is the first (or any existing) node in the cluster. Keep peer_node empty for the first cluster node.

    4. Provide the cluster_secret_key which must be the same in each cluster node. It must be entered on each cluster node before the nodes to connect to each other.

      Here is a sample cluster.conf file:

      ; API Security Enforcer's cluster configuration.
      ; This file is in the standard .ini format. The comments start with a
      ; semicolon (;).
      ; Section is enclosed in []
      ; Following configurations are applicable only if cluster is enabled
      ; with true in ase.conf
      ; unique cluster id.
      ; valid character class is [ A-Z a-z 0-9 _ - . / ]
      ; nodes in same cluster should share same cluster id
      cluster_id=ase_cluster
      
      ; cluster management port.
      cluster_manager_port=8020
      
      ; cluster peer nodes.
      ; a comma-separated list of hostname:cluster_manager_port or
      ; IPv4_address:cluster_manager_port
      ; this node will try to connect all the nodes in this list
      ; they should share same cluster id
      peer_node=
      
      ; cluster secret key.
      ; maximum length of secret key is 128 characters (deobfuscated length).
      ; every node should have same secret key to join same cluster.
      ; this field can not be empty.
      ; change default key for production.
      cluster_secret_key=OBF:AES:nPJOh3wXQWK/BOHrtKu3G2SGiAEElOSvOFYEiWfIVSdu
  4. After configuring an ASE node, start the node by running the following command:

    /opt/pingidentity/ase/bin/start.sh