How to replace a 2.5.0.3 standby appliance with 2.6 appliance in a cluster?
Originally Published: 2009-12-18
Article Number
Applies To
RSA Key Manager Appliance 2.5.0.3
A single RKM Appliance cluster containing one primary and a standby node
Issue
How to replace a 2.5.0.3 standby appliance (Dell 2950 hardware) with 2.6 appliance (Dell R-710 hardware) in a cluster?
Need to replace the standby appliance (with older hardware - Dell 2950) with new hardware (Dell R-710)
Resolution
1. Ensure that the cluster is in a healthy state. Ensure that the active/primary server can reach the standby server.
2. Pleases make a note of the network configuration of standby node.
3. Uninstall the standby, run uninstall command on the standby node $/opt/rsa/setup/uninstall, this will prompt:
Drop database on 'hostname'
DANGER: all keys will be lost!!!!
Type 'YES' to continue
This will uninstall the software and gracefully disconnect the standby from the primary.
4. Remove the standby node which was uninstalled in the previous step from the network and power off the same.
5. At this point of time Primary will be running in read only mode.
Note: If we want the primary server to be in write mode for some time, you can make the primary to accept the updates, refer to the section "2.5.1 Steps to make Primary accept updates" in the RKM Appliance troubleshooting guide, or follow these steps on the primary:
- su - oracle
- Connect to dgmgrl cli by command dgmgrl sys/passwd
- Disable fast start faiover in primary with the force option : DGMGRL> disable fast_start failover force;
- Connect to sqlplus / as sysdba and issue the command alter system set dg_broker_start=false;
- Shutdown the primary database with shutdown immediate command in sqlplus
- Startup the primary database with startup command in sqlplus. If the KMS GUI is failing (If we are getting this error while trying to access the KMS:You are not authorized to access this resource.), we might need to restart the clear trust (Access Manager). In that case, restart ClearTrust and then Tomcat.
6. Connect the new Appliance 2.6 (R-710 hardware) to the network
7. Ensure that there are no active client connections to primary when the replace secondary script is executed.
8. Run /opt/rsa/setup/sh/replace_secondary.sh on the newly added secondary node and provide the all the information prompted.
9. When prompted for Temporary IP, Netmask, and Gateway, you can use the same network configuration saved in step 2.
Note: RKM Appliance doesn't accept $, $$ in the password and space in security admin password .
10. After completing the replace secondary process , it is recommended to verify the status of the cluster
Note: We can find the log information of the replacing secondary in the /opt/rsa/setup/logs/replace_secondary.<timestamp>.log.
11. Do the following on the Primary node to verify the status of the above process:
#su - oracle
$dgmgrl sys/passwd
DGMGRL> show configuration verbose
Configuration
Name: Demorkm
Enabled: YES
Protection Mode: MaxAvailability
Fast-Start Failover: ENABLED
Databases:
Demorkmp - Primary database
Demorkms - Physical standby database
Fast-Start Failover target
Fast-Start Failover
Threshold: 30 seconds
Observer: m206.sqa.com
Shutdown Primary: FALSE
Current status for "Demorkm":
SUCCESS
12. Check if there is any time difference between the clocks of primary and stand by appliance. RKM may not function properly if they are different.
Note: To verify this view /etc/ntp.conf file on both the appliances, check for the line which is not commented and starts with "server" followed by the ntp server ip address or hostname:
cat /etc/ntp.conf (primary)
server 3.rpath.pool.ntp.org
cat /etc/ntp.conf (standby)
server 3.rpath.pool.ntp.org
If they are not pointing to the same ntp server run the following command to synch the clock (command needs to run 3 times):
"ntpdate -u <ntpserver>" (replace ntpserver with actual NTP hostname and should be same as for primary) .
For example:
service ntpd stop
ntpdate -u 3.rpath.pool.ntp.org
ntpdate -u 3.rpath.pool.ntp.org
ntpdate -u 3.rpath.pool.ntp.org
service ntpd start
Related Articles
How to add a standby appliance to an single primary running 2.7 SP1? Number of Views RSA SecurID Software Token 2.4 for iOS Quick Start (Italian) Number of Views RSA MFA Agent 3.0 for Microsoft AD FS Release Notes (Italian) Number of Views Unable to join a new cluster to a group; no failures are reported when joining the clusters Number of Views Unable to create schema. (class java.sql.SQLSyntaxErrorException: ORA-00959: tablespace 'INDX_256K' does not exist) initia… Number of Views
Trending Articles
How to download and install the AFX Server Archive in RSA Identity Governance & Lifecycle The Template ({Connector Template Name}) has missing file content error when creating AFX Connectors in RSA Identity Gover… Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide Troubleshooting RSA MFA Agent for Microsoft Windows
Don't see what you're looking for?
