You can remove a master server, which is no longer required in the IBM Security Guardium Key Lifecycle Manager Multi-Master cluster.
About this task
You cannot delete the primary master server of a cluster. You can delete a standby master server
only if the cluster contains at least one more standby master server. IBM Security Guardium Key Lifecycle Manager Multi-Master cluster supports up to three
standby master servers.
You can remove a master server (standby, non-HADR) from the cluster when it is
offline. When the master server is online again, its state is the same as it was before it became a
part of the cluster. The server no longer contains data from the cluster.
Note: The support for adding a non-HADR master server to a Multi-Master
cluster will be deprecated in the later versions of IBM Security Guardium Key Lifecycle Manager. It is recommended to add a HADR master server to
a Multi-Master cluster.
Use the IBM Security Guardium Key Lifecycle Manager
Multi-Master page or Remove Master REST Service to delete a
master.
Your role must have the permission to delete a master of the cluster.
Procedure
-
Go to the appropriate page or directory.
- Graphical user interface
- Log on to the graphical user interface.
- On the Welcome page, click .
- REST interface
- Open a REST client.
-
Delete the master details.
- Graphical user interface
- From the Masters table, select the master that you want to delete.
- Click Delete Master.
- On the Confirm dialog, read the confirmation message before you delete the
master.
- Click OK.
- REST interface
- Obtain a unique user authentication identifier to access IBM Security Guardium Key Lifecycle Manager REST services. For more information about the
authentication process, see Authentication process for REST services.
- To run the Remove Master REST Service, send the HTTP POST request. Pass the
user authentication identifier that you obtained in
Step a
along with the request
message as shown in the following
example.POST https://localhost:port/SKLM/rest/v1/ckms/config/nodes/removeNode
Content-Type: application/json
Accept: application/json
Authorization: SKLMAuth userAuthId=139aeh34567m
[
{"clusterName": "multimaster"},
{"type": "Node",
"ipHostname" : "cimkc2b151",
"httpPort" : "9443",
"sklmUsername" : "sklmadmin",
"sklmPassword" : "your_sklmadmin_password"}
]
-
Restart WebSphere Application Server Liberty to refresh the
configuration.
Troubleshooting: If the master server that you removed from the cluster
is unreachable from the other master servers, the removal operation might not be clean and the
removed master server might still have the cluster configuration. To clean up the master server,
revert the master server by using the utility. For more information, see
Reverting a master server of a Multi-Master cluster to a stand-alone server.
What to do next
Verify whether the master that you deleted is removed from the Masters table.