Adding a non-HADR master server to a cluster

In IBM Security Guardium Key Lifecycle Manager, high-availability solution is implemented by using Multi-Master cluster configuration. Adding a non-HADR master server to a cluster is an optional step in setting up a Multi-Master environment.

Before you begin

Complete the following tasks:
Note: The support for adding a non-HADR master server to a Multi-Master cluster will be deprecated in the later versions of IBM Security Guardium Key Lifecycle Manager. It is recommended to add a HADR master server to a Multi-Master cluster.

About this task

The server from where you add the first standby master server to a cluster is configured as the primary master server. After the cluster is created with a minimum of one primary and one standby master server, you can add master servers from any of the master servers in the cluster. You can use the graphical user interface or REST interface to add a master server to the cluster. Your role must have the permission to add standby master servers to the Multi-Master cluster.

Procedure

  1. Go to the appropriate page or directory.
    Graphical user interface
    1. Log in to the graphical user interface.
    2. On the Welcome page, click Administration > Multi-Master > Masters > Add Master.
    REST interface
    Open a REST client.
  2. Add master server to the cluster.
    Graphical user interface
    1. Click the Basic Properties tab.
    2. On the Basic Properties dialog box, specify information for the master server that you are adding.
      Host name / IP address Specify the host name of the IBM Security Guardium Key Lifecycle Manager instance that is added to the cluster.
      IBM Security Guardium Key Lifecycle Manager user name Specify the name of the IBM Security Guardium Key Lifecycle Manager administrator. The administrator name is displayed by default.
      IBM Security Guardium Key Lifecycle Manager password Specify the password for the IBM Security Guardium Key Lifecycle Manager server administrator.
      UI port Specify the HTTPS port to access IBM Security Guardium Key Lifecycle Manager graphical user interface and REST services. The port number is displayed by default.
    3. If you want the primary master server to automatically accept the certificate of the master server that you are adding, select Accept host certificate automatically. Otherwise, import the certificate to the truststore of the primary master server. For instructions, see Importing a client device certificate.
      Note: By default, the certificate is not automatically accepted.
    4. Click Check Prerequisites. The master server performs some checks. For example, communication between the master server that you are adding and the current primary master server is successful, user login credentials are valid, and so on.
    5. Click Add.
    REST interface
    1. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
    2. Run the Check Prerequisites REST Service to ensure that the master server that you want to add meets all requirements and conditions that are defined for a Multi-Master configuration.
    3. Run the Add Master REST Service. For example:
      POST https://localhost:port/SKLM/rest/v1/ckms/config/nodes/addNodes
      [
      {
      "clusterName" : "multimaster",
      "primaryHadrPort" : "60020"
      },
      {
      "type" : "Node",
      "ipHostname": "cimkc2b151",
      "httpPort": "9443",
      "sklmUsername": "sklmadmin",
      "sklmPassword": "your_sklmadmin_password"
      "autoAccept": "Yes"
      }
      ]
    The primary master server restarts, and is temporarily unavailable. The status of the Db2 HADR configuration on the graphical user interface might be yellow for some time before it turns green.

What to do next

Viewing the configuration status of all master servers