Adding a standby master server to a cluster

In IBM Guardium Key Lifecycle Manager, high-availability solution is implemented by using Multi-Master cluster configuration. IBM Guardium Key Lifecycle Manager Multi-Master cluster must contain a primary master server and a standby master server. Add a standby master server to the cluster for setting up a Multi-Master environment.

Before you begin

Before you add a standby master server to the cluster, review the considerations and restrictions that are listed in the Requirements and considerations for Multi-Master configuration topic.

About this task

To provide continuous data availability to all the IBM Guardium Key Lifecycle Manager instances in a Multi-Master cluster, Db2 high-availability disaster recovery (HADR) configuration is used. Db2 HADR is a database replication feature that provides a high-availability solution. HADR protects against data loss by replicating data changes from a source database, called primary, to a target database, called the standby. Db2 HADR supports up to three standby databases in your Multi-Master setup.

The server from where you add the first standby master server to a cluster is configured as the primary master server. After the cluster is created with a minimum of one primary and one standby master server, you can add master servers from any of the master servers in the cluster. Your role must have the permission to add standby master servers to the Multi-Master cluster.

To add a standby master server to a cluster when another master server in the cluster is out of network or unreachable, you can use the REST interface only. For more information about the REST API, see REST service for adding a master when other master in the cluster is not reachable.

Procedure

  • Using the graphical user interface
    1. Log in to the graphical user interface.
    2. On the home page, click the menu icon (Menu icon) at the upper left of the page.
    3. Click Data redundancy > Multi-Master.
    4. On the Multi-Master page, click Configure. On the confirmation window, click OK.
    5. On the Add master window, set the following properties to add a standby server to the Multi-Master cluster.
      Host name or IP adress Specify the host name or IP address of the IBM Guardium Key Lifecycle Manager standby master server that is added to the cluster.
      User name Specify the name of the IBM Guardium Key Lifecycle Manager administrator. The administrator name is displayed by default.
      Password Specify the password for the IBM Guardium Key Lifecycle Manager server administrator.
      UI port Specify the HTTPS port to access IBM Guardium Key Lifecycle Manager graphical user interface and REST services. The port number is displayed by default.
      HADR port Specify the port number for the standby HADR database to communicate with the primary HADR database.
    6. If you want the primary master server to automatically accept the certificate of the master server that you are adding, select Accept host certificate automatically. Otherwise, import the certificate to the truststore of the primary master server.
      For instructions, see Importing an encryption endpoint certificate.
      Note: By default, the certificate is not automatically accepted.
    7. Click Check prerequisites. The master server performs some checks. For example, communication between the standby master server that you are adding and the current primary master server is successful, user login credentials are valid, and so on.
    8. Click Add.
  • Using REST APIs
    1. Open a REST client.
    2. Obtain a unique user authentication identifier to access IBM Guardium Key Lifecycle Manager REST services. For more information about the authentication process, see Authentication process for REST services.
    3. Run Check Prerequisites REST Service to ensure that the master server that you want to add meets all requirements and conditions that are defined for IBM Guardium Key Lifecycle Manager Multi-Master configuration.
    4. Run Add Master REST Service as shown in the following example. 
      POST https://localhost:port/GKLM/rest/v1/ckms/config/nodes/addNodes
[
{
"clusterName" : "multimaster",
"hadrPort" : "60020"
},
{
"type" : "Standby",
"ipHostname"   :  "cimkc2b151",
"httpPort"     :  "9443",
"sklmUsername" :  "sklmadmin",
"sklmPassword" :  "your_sklmadmin_password"
"standbyPriorityIndex" : "1",
"autoAccept"   : "Yes"
}
]
    The primary master server restarts, and is temporarily unavailable. The status of the Db2 HADR configuration on the graphical user interface might be yellow for some time before it turns green.

What to do next

Viewing the configuration status of all master servers