Configuring multimaster cluster settings for oracle key vault
url: https://docs.oracle.com/en/database/oracle/key-vault/21.9/okvag/managing_multimaster.html#GUID-C7E721E2-5438-4858-94FD-1DC3858754F0
4.0 Applying a setting across multimaster cluster involves:
1. remove node level setting to reflect the cluster level setting
4.1 Managing oracle key vault multimaster setup:
We can add, remove, disable, enable cluster nodes and manage node conflicts and replications.
4.2 Setting up a cluster:
1. convert the standalone okv to initial node
2. add more nodes as candidate nodes to cluster
4.2.1 convert the standalone okv to initial node.
4.2.2 Create first node of a cluster:
Initial node: can be either a standalone OKV setup or primary node of active-standby setup
Until a new node is added, this node acts in read - only restricted mode.
1. Login to web UI console as system admin user
http://192.168.194.122
2. Goto system tab
3. click on backup & restore
4. Ensure a remote backup is secured
5. Once remote backup finishes; go to cluster tab
6. Verify server IP
7. Select "YES" for First node of cluster option
8. Enter node name, this cant be changed later
9. Enter cluster name
10. Enter cluster subgroup name
In our case:
Clustername: voracle-okv-cl01
cluster subgroup name: voracle-okv-cl01-sg01
4.2.3 Adding nodes to the cluster:
We can add at max 1 more read write node to pair with controller or initial node.
1. Login to web UI console as system admin user
http://192.168.194.122 [controller node]
2. Goto system tab
3. click on backup & restore
4. Ensure a remote backup is secured
5. Firewall ports are opened as mentioned in OKV guide (in local lan, it shouldnt be concern)
6. Goto cluster tab
7. Click on management tab from left navigation bar
8. Click add under cluster details
9. Add cluster node details to the "add candidate node section"
10. enter the recovery passphrase of controller node
11. Add candidate node section details:
a. Add as read/write pair : yes
b. Node id: unique id auto populated (leave it as is)
c. Node name: enter unique name for the candidate node; again auto populated with server name
d. cluster subgroup: keep the original here, since the DC is same and the servers are build only for HA not DR
e. cluster name: auto populated
f. IP address
g. Certificate of the candidate node:
i. open a new broweser window with system admin credential; login to
https://192.168.194.123 [candidate node]
ii. First node of the cluster: No
iii. Enter recovery passphrase from controller node
iv. IP of the controller node
v. certificate of the controller node: open a new controller browser and on bottom of the screen - you should see the certificate available, just copy the certificate content
vi. come back to the candidate browser node: paste the certificate from controller node
vii. now after validation of recovery passphrase and certificate, click convert to candidate node
viii. once conversion is complete, a new certificate appears on this page
h. copy this certificate to controller node browser now, paste under candidate node certificate section
i. Click add node
No comments:
Post a Comment