Security

Reply
Occasional Contributor I

ClearPass test/dev instance from production cluster

We have a 5 server CP production cluster.  We have a test instance that consists of a single node into which we've imported the production config and logs.

 

This has worked well to allow me to try potential changes from the production configuration, but I would like to be able to test the new patch 7 before applying it to production.  The problem is that importing the production config into the test instance means that the other members of the cluster were carried over and the patch fails to apply:

ERROR: Cluster nodes are not in sync. Ensure all nodes in cluster are in sync and retry.
ERROR: Patch update will be aborted. Exiting..

 

This makes some sense in that the other members of the cluster appear to be down, but it prevents me from testing the patch outside production.

 

It appears that I might be able to delete the other cluster subscribers though the deletion process actually contacts the subscriber and requests it to drop itself - thankfully the subscriber doesn't recognize the test CP as its publisher so it refuses.  I then tried to delete the backup publisher but it refuses because it is part of the Virtual IP definition.  I don't feel comfortable changing those settings because that could potentially interfere with the production publishers which could be catastrophic.

 

Is there any way to import the configuration from a production CP cluster into a singular CP test instance in such a way that I will be able to install the patch?

 

The only idea I have left at this point which seems pretty tedious would be to wipe the test CP, build it from scratch and install patch 7 and then import the production CP configuration.  I'm a little worried that the configuration will refuse to import because the versions will be different.

 

Hints, suggestions, or actual experience would be most appreciated.

Contributor I

Re: ClearPass test/dev instance from production cluster

What we did with our test box was to join it as a subscriber to our production cluster and then removed it from the cluster. The test box then had the production config.

Occasional Contributor I

Re: ClearPass test/dev instance from production cluster

Sorry, shouldn't have left this alone so long.

 

 

Maybe there is more to your picture that you didn't describe, but I wonder if your test instance carried with it additional members of the cluster because that is what stymied me from testing the next patch.  It seems pretty hard to get them out of the config on the test system.

Re: ClearPass test/dev instance from production cluster

Why not building a VM with same exact image as your prod but never join it to the cluster and load a config backup on it, then upgrade it ?

ACMP, ACCP, BCNE
Contributor I

Re: ClearPass test/dev instance from production cluster

In our case after removing the test box from the cluster no other production subscriber or publisher information was carried over but the services and other config was the same as production.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: