Security

I have been upgrading a clearpass cluster from 6.2 to 6.3 and one of the nodes is down. The publisher is showing it with a "cluster sync" as "in progress". Is there any way to clear this as I want to cliuster another device but it will not sync two devices at the same time?

Have you tried to "drop subscriber" from the Administration --> Server Config area?

 

You can also force this via SSH.

Yes, I've tried that, and although it goes through the motions it still shows as "in progress". I've also tried restarting all the services - again no effect. I would like to reboot the device but as we have one device down and one device unable to join the cluster I'm not willing to take that chance with a live setup.

Sorry, what is the CLI command to drop the device - Its worth giving this a try.

Here is an example:

cluster drop-subscriber -i 192.168.1.16 -f

Unfortunately this didn't work either.

I would open a case then...

A case is open - I just wanted to chack if there was a way of sorting this out myself. I will update if there are any useful results.

TAC have said that at Midnight the Publisher will give up trying to sync the device and we will be able to cluster the other device.

I've just checked this morning and TAC were wrong, this did not happen, so I still looking for any suggestions.

I had an issue with cppm after doing a config import from a old version. In the end Tac found out it was an invalid tagging of endpoints that was not compatible with the later version. The result was when the clustering was attempted a database replay was done and this prevented the full clustering procedure from completing.

The trouble with the failed sync is that (TAC tell me) the devices are on different versions. After upgrading the device that was unable to join we have discovered another issue. Anyone think of upgrading their must bear in mind that if you use VMWare you cannot dynamically increase the size of the inactive disk. This is what we've done and the device does not upgrade onto the new bigger hard drive - it simply upgrades using the previously used smaller one without giving any errors.

See this link for determining the drives and their usage -

https://arubanetworkskb.secure.force.com/pkb/articles/FAQ/Is-it-possible-to-delete-the-standby-drive-of-CPPM-after-upgrade

 

You can list the images on the disk using the command - system boot-image -l

and you can boot between the versions using, for example - system boot-image 6.2.0.123

TAC have also said that you must also reset the databases for the subscriber nodes which could take up to four hours for a large setup.

 

I wonder why none of these things are documented, if we had have known all this at the start we could have planned all this and saved ourselves a lot of hassle and loss of face with the customer. Aruba's lack of documentation bites us in the *** again.

Also does anyone know where I can download the 6.3 user guide?

 

Check out the support.arubanetworks.com link there is a goldmine of documentation there.

Nicholas Sheridan
EBRD Networks
Desk: +44 (0) 20 7338 6996
Mobile: +44 (0) 7551 126097
Mail: sheridan@ebrd.com

______________________________________________________________
This message may contain privileged information. If you have received this message by mistake, please keep it confidential and return it to the sender.
Although we have taken steps to minimise the risk of transmitting software viruses, the EBRD accepts no liability for any loss or damage caused by computer viruses and would advise you to carry out your own virus checks.
The contents of this e-mail do not necessarily represent the views of the EBRD.

It states in the VM guide that the drives must be the same size. I know that it's frustrating when there are issues but it is all documented. We have been constantly adding docs you just need to check often.

There is also a very large amount of information on arubapedia.

https://afp.arubanetworks.com

http://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/Command/Core_Download/Default.aspx?EntryId=12579

http://support.arubanetworks.com/Documentation/tabid/77/DMXModule/512/EntryId/12829/Default.aspx

Thanks for the link to the guide - I was looking in the wrong place - my fault. We had asked Aruba for details of moving to 6.3 from 6.2 and were given the doc in your other link - installing/upgrading. I was not aware of the VMWare disk operations so would not have known to look for this. My point is Aruba should have provided this when we asked about the process. Perhaps it should be combined with the other document.