EEM HA / failover / multiwrite cluster is normally created interactively. This document documents a step by step method to do the same silently, using a response file

Workload Automation AutoSys

Consider two EEM servers,  server1.example.com and server2.example.com

• Ensure both EEM UIs are accessible via browser
• Login to both EEM UIs to make sure they function individually first
• Do not proceed further if any of the UIs do not allow a login as eiamadmin
• Both servers should have same credential for eiamadmin
   
  NOTE: 
  
  • It is strongly recommended to stop igatewayd, dxserver and backup the SharedComponents folder (this folder normally contains dxserver, iTechnology, EmbeddedEntitlementsManager folders) before performing any of the steps in this document
  • The steps are for Unix platform, similar steps can be done for Windows platform too with slight changes to the way environment variables are set, as well as the invoking the eiam-clustersetup.bat (instead of eiam_clustersetup.jar) 
     

Below commands must be run as the Unix user attempting the cluster setup on each node before running the eiam-clustersetup:

cd /opt/CA/SharedComponents/EmbeddedEntitlementsManager/
export EIAM_HOME=`pwd`
export JAVA_HOME=$EIAM_HOME/jre
export PATH=$JAVA_HOME/bin:$EIAM_HOME/bin:$PATH
cd bin
 

NOTE: The java -jar eiam-clustersetup.jar   commands referenced in rest of this document must be executed from $EIAM_HOME/bin folder

1.  Get munged password for eiamadmin credential.  In the example below, test123 is the password for eiamadmin
   
   

   java -jar eiam-clustersetup.jar -m test123
Nov 21, 2024 3:47:25 PM IclUtil itechLibInit
INFO: iTechSDK initialized successfully
INFO  - munge value : {MUNGE2}HBEHBAsdHA==
    
   This munge value will be used as ADMIN_PASSWD value through out the rest of the configuration files

    

2. On server1,  create a file  /opt/CA/SharedComponents/EmbeddedEntitlementsManager/bin/reset.txt      This step is to reset multi-write on server1 first

   IS_PRIMARY=true
PRIMARY_HOSTNAME=server1.example.com
LOCAL_HOSTNAME=server1.example.com
ADMIN_PASSWD={MUNGE2}HBEHBAsdHA==
RESET_PRIMARY=true
HA_MODE=INTERNAL
DATA_DSA_PORT=509
 
## possible values for SYNC [NEW/DELTA]
SYNC=NEW
 
## Multiple comma sepatated nodes can be provided to ADD
#ADD=server1.example.com:509,server2.example.com:509
 
## Multiple comma separated nodes can be provided to REMOVE
#REMOVE=server1.example.com,server2.example.com
 
MODIFY_CERTS=false
## possible values for KEY_LENGTH [1024/2048/4096]
KEY_LENGTH=1024
## possible values for DIGEST_ALGORITHM [SHA1/SHA256/SHA384/SHA512]
DIGEST_ALGORITHM=SHA1
 

   #execute below command to reset primary  
java -jar eiam-clustersetup.jar -r reset.txt

3. On server2,  create a file  /opt/CA/SharedComponents/EmbeddedEntitlementsManager/bin/reset.txt      This step is to reset multi-write on server1 first
    
   IS_PRIMARY=true
PRIMARY_HOSTNAME=server2.example.com
LOCAL_HOSTNAME=server2.example.com
ADMIN_PASSWD={MUNGE2}HBEHBAsdHA==
RESET_PRIMARY=true
HA_MODE=INTERNAL
DATA_DSA_PORT=509
 
 
## possible values for SYNC [NEW/DELTA]
SYNC=NEW
 
## Multiple comma sepatated nodes can be provided to ADD
#ADD=server1.example.com:509,server2.example.com:509
 
## Multiple comma separated nodes can be provided to REMOVE
#REMOVE=server1.example.com,server2.example.com
 
MODIFY_CERTS=false
## possible values for KEY_LENGTH [1024/2048/4096]
KEY_LENGTH=1024
## possible values for DIGEST_ALGORITHM [SHA1/SHA256/SHA384/SHA512]
DIGEST_ALGORITHM=SHA1

    
#execute below command to reset primary on server2:
java -jar eiam-clustersetup.jar -r reset.txt

    

4. On server1,  create a file  /opt/CA/SharedComponents/EmbeddedEntitlementsManager/bin/addsecondary.txt    to add a reference to the secondary node

   IS_PRIMARY=true
PRIMARY_HOSTNAME=server1.example.com
LOCAL_HOSTNAME=server1.example.com
ADMIN_PASSWD={MUNGE2}HBEHBAsdHA==
ADD=server2.example.com:509
 
RESET_PRIMARY=false
HA_MODE=INTERNAL
DATA_DSA_PORT=509
 
## possible values for SYNC [NEW/DELTA]
SYNC=NEW
 
## Multiple comma separated nodes can be provided to REMOVE
#REMOVE=
 
MODIFY_CERTS=false
## possible values for KEY_LENGTH [1024/2048/4096]
KEY_LENGTH=2048
## possible values for DIGEST_ALGORITHM [SHA1/SHA256/SHA384/SHA512]
DIGEST_ALGORITHM=SHA1
 
#execute below command to reset primary on server1:
java -jar eiam-clustersetup.jar -r addsecondary.txt 

5. On server2,  create a file  /opt/CA/SharedComponents/EmbeddedEntitlementsManager/bin/sync.txt    to sync with primary node

   
   IS_PRIMARY=false
PRIMARY_HOSTNAME=server1.example.com
LOCAL_HOSTNAME=server2.example.com
#HOST_SELECTION=2
ADMIN_PASSWD={MUNGE2}HBEHBAsdHA==
SYNC=NEW
 
## Multiple comma sepatated nodes can be provided to ADD
#ADD=server2.example.com:509
 
## Multiple comma separated nodes can be provided to REMOVE
#REMOVE=server1.example.com,server2.example.com
 
MODIFY_CERTS=false
## possible values for KEY_LENGTH [1024/2048/4096]
KEY_LENGTH=2048
## possible values for DIGEST_ALGORITHM [SHA1/SHA256/SHA384/SHA512]
DIGEST_ALGORITHM=SHA1
 

   #execute below command to reset primary on server2:
java -jar eiam-clustersetup.jar -r  sync.txt 

    
6.  The two servers now should be in HA
   
   
   

7. Perform a basic test now to ensure it is setup correctly:

   1. Login to the primary EEM URL,  create a test policy or a dummy user

   2. Login to the secondary EEM URL, verify the above policy / user is created.  Make a change to this object (example: update the description field)

   3. Back on the primary EEM URL, the same change should now be visible.

Sample response file is located here  /opt/CA/SharedComponents/EmbeddedEntitlementsManager/samples/failovertool/failover.response

Interactive Failover setup is documented here