Managing cluster configuration

From the Cluster Configuration management page, administer cluster support for the appliance.

Before you begin

Configure the browser to allow pop-up windows if you want to export files.

About this task

The Cluster Configuration page is not available in the LMI when the appliance runs in a Docker environment.

About the Stand-alone option:

  • It is the default setting on the appliance.
  • You can choose it in the following situations:
    • The appliance is a primary master with no other node in the cluster.
    • The appliance is a node in a cluster, but it is in stand-alone mode for recovery purposes.
  • The corresponding Primary Master default IP address on the appliance is 127.0.0.1.
  • These initial settings indicate that by default the appliance operates as a stand-alone cluster with a single node.
  • If you do not want this appliance to be the primary master, but rather a node in an existing cluster, follow the steps in Join the current appliance to the cluster.
  • When the Stand-alone option is selected, the First Port field is enabled and the fields under Masters for All Services are disabled.
About the Multi-node option:
  • To use this appliance as the primary master of a cluster with multiple nodes, you must set the Multi-mode option.
  • When the Multi-node option is selected:
    • If the appliance is the primary master, the First Port field is enabled.
    • If the appliance is not the primary master, the First Port field is disabled.
Note: Cluster configuration updates do not take effect until you deploy the changes through the local management interface.

Procedure

  1. From the top menu of the local management interface, select Manage System Settings > Cluster Configuration. A list of the nodes in the cluster is under Nodes.
  2. Take any of the following actions and click Save. Clicking Save submits all configuration changes from the General, Session Cache, and Database tabs.
    Add a description to a cluster node
    1. Select the node.
    2. Click Edit Description.
    3. Enter the description for the node.
    Specify an appliance to be the primary master of a cluster
    1. Select the General tab.
    2. To make the current node the primary master:
      • If the appliance is in stand-alone mode, select Multi-node.
      • If the appliance is a non-primary node in a cluster, click Make Primary Master.
    View and update the current cluster general configuration
    Note: You can perform the update operation only through the primary master local management interface.
    1. Select the General tab.
    2. Edit the current configuration.
    View and update the current cluster session cache configuration
    Note: You can perform the update operation only through the primary master local management interface.

    The distributed session cache is one of the cluster services. It is used by the IBM Security Access Manager appliance to distribute session data. You must configure the distributed session cache settings for the cluster on the primary master.

    1. Select the Session Cache tab.
    2. Edit the current settings.
    View and update the current runtime database configuration
    The runtime database stores runtime data.
    Note: You can perform the update operation only through the primary master local management interface.
    1. Select the Database tab.
    2. Edit the current settings.

      If you change the location of the runtime database from Local to the cluster to Remote to the cluster, Database Maintenance displays the following error message: 

      System Error FBTRBA091E The retrieval failed because 
  the resource cannot be found.
      Complete the following steps to restart the local management interface:
      1. Use an ssh session to access the local management interface.
      2. Log in as the administrator.
      3. Type lmi, and press Enter.
      4. Type restart, and press Enter.
      5. Type exit, and press Enter.
    Export the cluster signature file from the cluster master

    The signature file contains connection and security information. A node uses this file to register with the cluster master server and participate in the cluster.

    Note: You can generate the cluster signature file only on the primary master.
    1. On the General tab, click Export.
      Note: If the Stand-alone option is selected, the cluster is a stand-alone cluster and the Export function is not available. To export the cluster signature file, select the Multi-node option.
    2. Confirm the save operation to export the cluster signature file to your local drive.
    Join the current appliance to the cluster
    This process is referred to as registration. To review the registration rules, see Cluster registration.
    Note: You must perform this operation through the local management interface of the appliance that is joining the cluster.
    1. On the General tab, select the Multinode option, and then click Join Cluster.
    2. Set the Cluster Identifier.
      Note: For more information about the Cluster Identifier, see Cluster general configuration reference.
    3. In the Join Cluster window, click Browse to select the cluster signature file, which you exported from the primary master. See Export the cluster signature file from the cluster master.
    4. To join the cluster as a restricted node, check Join as restricted node. See Managing restricted nodes in a cluster.
    5. Click Join Cluster.
    View the status of all nodes
    On the Overview tab, all cluster nodes are displayed under Nodes.
    • Accessible indicates whether the node can be contacted.
    • Synchronized indicates whether the node is running with the current cluster configuration. If this column is empty, it means that the current configuration information cannot be obtained from the primary master.
    • Master indicates whether the node is a cluster master.
    Remove a node or a secondary master node from the cluster
    This process is referred to as unregistration. The cluster configuration prohibits deleting a node that is acting as a master.
    Note: Perform this operation through the local management interface of the primary master.
    1. Take one of the following actions:
      • To remove a node, select the node you want to remove from Nodes on the Overview tab.
      • To remove a secondary master node:
        1. Delete the secondary master from Master for All Services on the General tab.
        2. Select the node you want to remove from Nodes on the Overview tab.
    2. Click Delete.
    3. To force the removal of the node even if the node cannot be reached, select the Force.
    4. Click Yes.
    Replicate settings across the cluster
    You can enable the replication of the IBM® Security Access Manager runtime settings and certificate database settings. After you enable the replication option, you can no longer update runtime and certificate database settings from the non-primary nodes.
    Note: Perform this operation through the local management interface of the primary master.
    1. Select the Replication tab and take one of the following actions:
      • For runtime settings, click Runtime component.
      • For certificate database settings, click Certificate databases.
    2. Select Replicate with Cluster.
    3. Click Yes.
  3. Deploy the changes.