Removing a master server from Multi-Master cluster

You can remove a master server, which is no longer required in the IBM Security Guardium Key Lifecycle Manager Multi-Master cluster.

Before you begin

Before you delete master server details of the cluster, review the considerations and restrictions that are listed in the Requirements and considerations for multi-master configuration topic.

About this task

You cannot delete the primary master server of a cluster. You can delete a standby master server only if the cluster contains at least one more standby master server. IBM Security Guardium Key Lifecycle Manager Multi-Master cluster supports up to three standby master servers.

You can remove a master server (standby, non-HADR) from the cluster when it is offline. When the master server is online again, its state is the same as it was before it became a part of the cluster. The server no longer contains data from the cluster.

Note: The support for adding a non-HADR master server to a Multi-Master cluster will be deprecated in the later versions of IBM Security Guardium Key Lifecycle Manager. It is recommended to add a HADR master server to a Multi-Master cluster.

Use the IBM Security Guardium Key Lifecycle Manager Multi-Master page or Remove Master REST Service to delete a master.

Your role must have the permission to delete a master of the cluster.

Procedure

  1. Go to the appropriate page or directory.
    Graphical user interface
    1. Log on to the graphical user interface.
    2. On the Welcome page, click Administration > Multi-Master.
    REST interface
    Open a REST client.
  2. Delete the master details.
    Graphical user interface
    1. From the Masters table, select the master that you want to delete.
    2. Click Delete Master.
    3. On the Confirm dialog, read the confirmation message before you delete the master.
    4. Click OK.
    REST interface
    1. Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
    2. To run the Remove Master REST Service, send the HTTP POST request. Pass the user authentication identifier that you obtained in Step a along with the request message as shown in the following example.
      POST https://localhost:port/SKLM/rest/v1/ckms/config/nodes/removeNode
      Content-Type: application/json
      Accept: application/json
      Authorization: SKLMAuth userAuthId=139aeh34567m
      [
      {"clusterName": "multimaster"},
      {"type": "Node",
      "ipHostname" : "cimkc2b151",
      "httpPort" : "9443",
      "sklmUsername" : "sklmadmin",
      "sklmPassword" : "your_sklmadmin_password"}
      ]
  3. Restart WebSphere Application Server Liberty to refresh the configuration.
Troubleshooting: If the master server that you removed from the cluster is unreachable from the other master servers, the removal operation might not be clean and the removed master server might still have the cluster configuration. To clean up the master server, revert the master server by using the utility. For more information, see Reverting a master server of a Multi-Master cluster to a stand-alone server.

What to do next

Verify whether the master that you deleted is removed from the Masters table.