High Availability Mode Setup for Governance Engine

This section describes how to configure and start Governance Engine in high availability (HA) mode for IBM Digital Asset Haven.

Before you begin

Before configuring Governance Engine in HA mode, ensure that the following conditions are met.
LPAR and cryptographic prerequisites
  • Both LPARs use the same master key.
  • Local crypto domain passthrough is correctly configured on both LPARs.
Terraform variable consistency
Ensure that the following Terraform variables have identical values on both the active and backup LPARs:
  • SECRET
  • MKVP
Certificate and key files
Ensure that the following certificate and key files are present on the active LPAR at IBM_DIGITAL_ASSET_HAVEN_HYBRID/GOVERNANCE-ENGINE/contracts/pods/tls/:
  • ge.ca.cert.pem
  • ge.client.cert.pem
  • ge.client.key.pem
  • backup.ge.ca.cert.pem
  • backup.ge.cert.pem
  • backup.ge.key.pem
Ensure that the following certificate and key files are present on the backup LPAR at IBM_DIGITAL_ASSET_HAVEN_HYBRID/GOVERNANCE-ENGINE/contracts/pods/tls/:
  • backup.ge.ca.cert.pem
  • backup.ge.cert.pem
  • backup.ge.key.pem
Network prerequisites
  • Ensure that the IP addresses of all participating LPARs are allowlisted.
  • Verify network reachability between the active and backup LPARs.

Procedure

  1. Bring up the active Governance Engine server
    On the active LPAR, follow the procedure described in Step 9 of Bringing Governance Engine Online. Ensure that both of the following variables are set in terraform.tfvars:
    • BACKUP_SERVER_IPADDR (backup LPAR IP which connect to active LPAR)
    • BACKUP_SERVER_CNAME
    When both variables are provided, Governance Engine is initialized in HA mode.
  2. Bring up the backup Governance Engine server
    On the backup LPAR, follow the procedure described in Step 12 of Bringing Governance Engine Online. The backup server initializes in standby mode and synchronizes data from the active Governance Engine server.

What to do next

After both servers are running, verify that:
  • The active and backup Governance Engine instances are running successfully.
  • Synchronization between the active and backup instances is complete.
For health verification, see Enabling Governance Engine and confirm successful completion of the Governance Engine health check.