Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

ClearPass manual Cluster Failover - resore process

This thread has been viewed 6 times

  • 1.  ClearPass manual Cluster Failover - resore process

    Posted Jan 14, 2016 08:29 PM

    I've been configuring a ClearPass cluster without automatic failover, and I'm curious to know the correct process for restoring to the original state following a manual failover...

     

    CP1 = Publisher

    CP2 = Subscriber

     

    Scenario: CP1 fails (data centre gets hit by an asteroid) and CP2 is manually promoted to Publisher.

     

    What is the correct way to eventually rebuild CP1 and re-add to the cluster as Publisher, without loosing any configuration changes that have been made while CP2 has been Publisher?

     

     

    I'm guessing the following?

    1) Re-add CP1 as subscriber to CP2

    2) Shutdown CP2

    3) Promote CP1 to subscriber

    4) Reset database on CP2 and make subscriber to CP1

     

     



  • 2.  RE: ClearPass manual Cluster Failover - resore process
    Best Answer

    Posted Jan 14, 2016 11:31 PM

    Chris,

     

    Did you read my CPPM Clustering TechNote, page 44-45 covers what you need to do.

     

    But basically.....

    • on CP2 you likely have to force drop the CP1 node
    • on CP1 in the cli 'cluster reset-database'
    • reload CP1
    • re-add CP1 node to cluster
    • then after they have sync'd you'll have to promote the nodes as required.