Overview
The following error may sometimes show up when trying to pair two ScaleArc machines into a HA cluster.
Solution
Diagnosis
This happens if the machines use Active Directory (AD) for authentication and the password for the AD service stored in the SQLite database file is corrupted in one of the two machines you're trying to pair. This can be established by checking the value for the admin_password
column in the ad_lb_setup_info
table in the SQLite database for both machines. This column should store the AD password in encrypted form instead of being empty or having the value of 'none'.
Steps To Fix
Once it is established that the admin_password column doesn't have the encrypted password, you need to update the password. Get an encrypted password from a different ScaleArc installation & update it the password for both the machines you are trying to pair.
- Start a SQLite session with sqlite <sqlite_file_path>.
- To copy a password, once in the terminal execute SQL normally. Execute select * from lb_ad_setup_info and copy the value of admin_password from an installation.
- On each of the machines you are trying to pair, execute update lb_ad_setup_info set admin_password=<password copied in the previous step>.
On a Kerberized environment, it is necessary for the AD to be up for ScaleArc to be able to process traffic as the Kerberized clusters offload the authentication. There are some alerts that clear up immediately, for example the ones that appear when a database server is down or the replication is broken. Once the failure condition is resolved, the alert clears up automatically.
If you're pairing machines that use AD into a HA cluster, it is recommended to pair them before configuring AD. This document has more information on setting up an HA cluster.
Testing
HA pairing operation should work normally. Once done, you can also start a HA failover to see if the secondary becomes the primary or not.
Comments
0 comments
Please sign in to leave a comment.