Manual synchronization introduced in RSA Authentication Manager 8.2 Service Pack 1 patch 6
2 years ago
Originally Published: 2017-11-23
Article Number
000055763
Applies To
RSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.2 SP1 patch 6 or later
Issue
RSA Authentication Manager replication status reports the servers are out of sync. Synchronizing the primary instance database fails because the primary database dump is too big to be pushed to the replica instance in a timely fashion. This is probably due to the primary and replica instances being separated geographically.
Resolution
RSA Authentication Manager 8.2 Service Pack 1 patch 6 introduces a method of performing a manual transfer of the primary dump and the associated SHA-256 signature file to the replica instance.

The following instructions allow an administrator to perform the manual transfer of the primary dump and primary dump SHA-256 signature file to a single replica instance. Where there is more than one replica instance in the RSA Authentication Manager deployment, repeat the instructions for each replica instance that requires a sync.

When doing this procedure, only synchronize one replica instance at a time.


On a replica instance

  1. Enable Secure Shell on the Appliance.
  2. Log On to the Appliance Operating System with SSH.
  3. Launch an SSH client, such as PuTTY.
  4. Log in to the replica RSA Authentication Manager server as rsaadmin and enter the operating system password.

During Quick Setup, another username may have been selected. Use that username to log in.

login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Mon Apr 20 16:39:41 2020 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
  1. On the replica instance, go to /opt/rsa/am/utils:
cd /opt/rsa/am/utils
  1. Add a new global parameter to the replica instance using the command: 
./rsautil store -a add_config auth_manager.synchronization.manual_transfer.wait.minutes 15 GLOBAL 501

The global parameter auth_manager.synchronization.manual_transfer.wait.minutes is a timer delay providing fifteen (15) minutes for the administrator to perform a manual transfer of the primary dump and signature file to the replica instance. This value can be altered; however, fifteen minutes is more than enough time to move a 2GB primary dump with SHA-256 signature file to the replica instance.

  1. Download the SetupReplica.groovy file that is attached to this article and place the file into the /tmp folder of the replica instance. Use a secure FTP client (for example, WinSCP) to assist with the task of copying the SetupReplica.groovy file to /tmp.

The files ending with .groovy extensions are version-dependent with the version of RSA Authentication Manager. Use the file that is attached to this article only if you are running RSA Authentication Manager 8.2 Service Pack 1 patch 6. For any other versions, check with RSA Customer Support.

  1. Go to /opt/rsa/am/config/src/scripts/:
cd /opt/rsa/am/config/src/scripts/
  1. Preserve the existing SetupReplica.groovy script in the /opt/rsa/am/config/src/scripts folder by making a copy of the file with a new filename:
cp SetupReplica.groovy SetupReplica.groovy.bak
  1. Copy the replacement groovy file from /tmp into the /opt/rsa/am/config/src/scripts folder:
cp /tmp/SetupReplica.groovy /opt/rsa/am/config/src/scripts

  1. Restart the RSA Authentication Manager replica instance to activate the global parameter:

/opt/rsa/am/server/rsaserv restart all


On the primary instance

  1. Launch an SSH client, such as PuTTY.
  2. Log in to the replica RSA Authentication Manager server as rsaadmin and enter the operating system password.

Note that during Quick Setup, another username may have been selected. Use that username to login.

  1. Logon to the primary Operations Console and select Deployment Configuration > Instances > Status Report
  2. Click the Sync link in the Action column for the replica instance where you have the SSH session open.
  3. Wait for the task Starting database dump on primary to start.
  4. At the command line of the primary instance, go to /opt/rsa/am/replication/attachment_data_for_replica:
cd /opt/rsa/am/replication/attachment_data_for_replica
  1. In the /opt/rsa/am/replication/attachment_data_for_replica directory, the administrator finds a new directory that is named instance_<number>.
  2. Navigate into this directory:
cd <instance_number>

The primary_dump and primary_dump.sha256 is created in the instance_<number> directory. When the administrator sees the primary_dump.sha256 file, further tasks are required to get the primary_dump and primary_dump.sha256 files into the /opt/rsa/am/replication/attachment_data_from_primary directory on the replica instance.

This article provides instructions to use SFTP (a secure command-line FTP program). Alternatively, use a different secure FTP client (for example, WinSCP) to copy the primary_dump and primary_dump.sha256 files from the /opt/rsa/am/replication/attachment_data_for_replica/instance_<number> directory on the primary instance into the /opt/rsa/am/replication/attachment_data_from_primary directory on the replica instance.

Back on the replica instance

  1. Go to the /opt/rsa/am/replication/attachment_data_from_primary directory.
  2. Use the secure FTP program on the replica instance to connect to the primary instance:
sftp <IP_address_of_primary>
  1. In the secure FTP program, go to the local directory called /opt/rsa/am/replication/attachment_data_for_replica.
cd /opt/rsa/am/replication/attachment_data_for_replica
  1. List the contents of this directory to get the instance directory name.
sftp> ls
instance_810a23043f02a8c0293c1ae3674260f9   logs
  1. Now navigate into the instance_<number> directory:
sftp> cd instance_810a23043f02a8c0293c1ae3674260f9
  1. Manually transfer the primary dump and primary dump SHA-256 signature file to the replica instance using the get command:
get primary_dump
get primary_dump.sha256
  1. Check that the remote files on the primary instance are the same size as the files copied to the replica instance:
sftp> ls -lah 
drwx------    0 1000     1000         4.0K Dec 19 12:31 .
drwx------    0 1000     1000         4.0K Dec 19 12:26 ..
-rw-------    0 1000     1000         754M Dec 19 12:31 primary_dump
-rw-------    0 1000     1000          64B Dec 19 12:31 primary_dump.sha256
sftp> lls -alh 
total 755M
drwx------ 2 rsaadmin rsaadmin 4.0K Dec 19 12:33 .
drwxr-xr-x 5 rsaadmin rsaadmin 4.0K Dec 19 12:25 ..
-rw------- 1 rsaadmin rsaadmin 754M Dec 19 12:33 primary_dump
-rw------- 1 rsaadmin rsaadmin   64 Dec 19 12:33 primary_dump.sha256
  1. Where the files match in size, the administrator can exit the secure FTP program:
exit
  Back on the primary instance
  1. Go back to the web browser showing the Sync tasks in the primary Operations Console and monitor the completion of the tasks.
  2. After the task of starting the replica services has completed, click Done.
  3. Check the replication status of the replica instance. It is expected to be Normal.
Notes

 
Attachments
If the attachment does not open when clicked, please refresh the page and try again. You must be logged into view the file(s).

    Related Articles

    Trending Articles

    Don't see what you're looking for?