How to change the owner of the NSX Manager Cluster VIP
Article ID: 376679
Updated On:
Products
Issue/Introduction
- The NSX Manager cluster VIP is owned by whichever node is the leader of the HTTPS group.
- There is no UI or API option to change the VIP owner.
- The node which owns the VIP can be seen on the NSX UI, System > Appliances.
- The current HTTPS leader can also be checked from admin cli
> get cluster status verbose
Group Type: HTTPSGroup Status: STABLE
Members: UUID FQDN IP STATUS cdb93642-####-####-####-####018cd727 nsx1 192.###.###.84 UP 51a13642-####-####-####-####6cc2a7ae nsx2 192.###.###.156 UP d0de3642-####-####-####-####d22e486b nsx3 192.###.###.54 UP
Leaders: SERVICE LEADER LEASE VERSION api cdb93642-####-####-####-018cd727 8####
Environment
VMware NSX
VMware NSX-T Data Center
Resolution
To manually prompt the failover of the VIP, you stop the auth service on the NSX Manager that currently owns the VIP:
- SSH to the NSX Manager that currently owns the VIP as the admin user.
- Run the command below to trigger the failover:
admin> stop service auth
Notes:
UI or API requests directed directly at this node will no longer be served.
VIP will be inaccessible until the failover has completed. - Use the command below to monitor the VIP owner:
admin> get cluster vip - Confirm the NSX UI is again accessible via the VIP.
- Confirm the status of auth service - it has likely been restarted by the watchdog service:
admin> get service auth
- If the service is not running, start it manually:
admin> start service auth
Notes:
- Failover of the VIP may take a few minutes to complete.
- If cli access is not available, restart of the NSX Manager that owns the VIP will trigger a failover.
- Once the auth service is stopped, one of the other two NSX Managers will then be elected as the HTTPS leader.
Feedback
