From the Cluster Configuration management page, administer
cluster support for the appliance.
Before you begin
Configure the browser to allow pop-up windows if
you want to export files.
About this task
The Cluster Configuration page is not available in the LMI when the appliance
runs in a Docker environment.
About the Stand-alone option:
- It is the default setting on the appliance.
- You can choose it in the following situations:
- The appliance is a primary master with no other node in the cluster.
- The appliance is a node in a cluster, but it is in stand-alone
mode for recovery purposes.
- The corresponding Primary Master default
IP address on the appliance is
127.0.0.1
.
- These initial settings indicate that by default the appliance
operates as a stand-alone cluster with a single node.
- If you do not want this appliance to be the primary master, but
rather a node in an existing cluster, follow the steps in Join the current appliance
to the cluster.
- When the Stand-alone option is selected,
the First Port field is enabled
and the fields under Masters for All Services are
disabled.
About the
Multi-node option:
- To use this appliance as the primary master of
a cluster with multiple nodes, you must set the Multi-mode option.
- When the Multi-node option is selected:
- If the appliance is the primary master, the First Port
field is enabled.
- If the appliance is not the primary master, the First
Port field is disabled.
Note: Cluster configuration updates do not take effect
until you deploy the changes through the local management
interface.
Procedure
- From the top menu of the local management interface, select . A list of the nodes in the cluster is under
Nodes.
- Take any of the following actions and click Save.
Clicking Save submits all configuration
changes from the General, Session
Cache, and Database tabs.
- Add a description to a cluster node
-
- Select the node.
- Click Edit Description.
- Enter the description for the node.
- Specify an appliance to be the primary master of a cluster
-
- Select the General tab.
- To make the current node the primary master:
- If the appliance is in stand-alone mode, select
Multi-node.
- If the appliance is a non-primary node in a cluster, click Make
Primary Master.
- View and update the current cluster general configuration
-
Note: You can perform the update operation only
through the primary master local management interface.
- Select the General tab.
- Edit the current configuration.
- View and update the current cluster session cache configuration
-
Note: You can perform the update operation only
through the primary master local management interface.
The distributed session cache is one of the cluster
services. It is used by the IBM Security Access Manager appliance to
distribute session data. You must configure the
distributed session cache settings for the cluster
on the primary master.
- Select the Session Cache tab.
- Edit the current settings.
- View and update the current runtime database configuration
- The runtime database stores runtime data.
Note: You can perform
the update operation only through the primary master
local management interface.
- Select the Database tab.
- Edit the current settings.
If you change the location of the
runtime database from Local to the
cluster to Remote to
the cluster, Database
Maintenance displays the following error message:
System Error FBTRBA091E The retrieval failed because
the resource cannot be found.
Complete
the following steps to restart the local management interface:
- Use an ssh session to access the local management
interface.
- Log in as the administrator.
- Type lmi, and press Enter.
- Type restart, and press Enter.
- Type exit, and press Enter.
- Export the cluster signature file from the cluster master
-
The signature file contains connection and
security information. A node uses this file to register
with the cluster master server and participate in the cluster.
Note: You can generate the cluster signature file only
on the primary master.
- On the General tab, click Export.
Note: If the Stand-alone option is
selected, the cluster is a stand-alone cluster and the Export function is not available. To export
the cluster signature file, select the Multi-node option.
- Confirm the save operation to export the cluster signature file
to your local drive.
- Join the current appliance to the cluster
- This process is referred to as registration. To review the registration rules, see Cluster registration.
Note: You must perform this operation through the local management interface of the appliance that
is joining the cluster.
- On the General tab, select the Multinode option,
and then click Join Cluster.
- Set the Cluster Identifier.
- In the Join Cluster window, click Browse to select
the cluster signature file, which you exported from the primary master. See Export the cluster signature file from the cluster
master.
- To join the cluster as a restricted node, check
Join as restricted node. See Managing restricted nodes in a cluster.
- Click Join Cluster.
- View the status of all nodes
- On the Overview tab, all cluster nodes
are displayed under Nodes.
- Accessible indicates whether the node can
be contacted.
- Synchronized indicates whether the node
is running with the current cluster configuration. If this column
is empty, it means that the current configuration information cannot
be obtained from the primary master.
- Master indicates whether the node is a
cluster master.
- Remove a node or a secondary master node from the cluster
- This process is referred to as unregistration. The
cluster configuration prohibits deleting a node that
is acting as a master.
Note: Perform this operation
through the local management interface of the primary
master.
- Take one of the following actions:
- To remove a node, select the node you want to remove from
Nodes on the Overview
tab.
- To remove a secondary master node:
- Delete the secondary master from Master for All
Services on the General tab.
- Select the node you want to remove from Nodes
on the Overview tab.
- Click Delete.
- To force the removal of the node even if the node cannot be reached,
select the Force.
- Click Yes.
- Replicate settings across the cluster
- You can enable the replication of the IBM® Security Access Manager runtime settings
and certificate database settings. After you enable
the replication option, you can no longer update runtime
and certificate database settings from the non-primary
nodes.
Note: Perform this operation through the local management
interface of the primary master.
- Select the Replication tab and take one
of the following actions:
- For runtime settings, click Runtime component.
- For certificate database settings, click Certificate
databases.
- Select Replicate with Cluster.
- Click Yes.
- Deploy the changes.