EEM failover setup using response file

Document ID : KB000030769
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction: 

This document guides on the procedure on how to setup EEM servers in failover mode using a response file.

Background:  

EEM servers can be installed and setup as individual standalone servers as well EEM can be configured in failover mode. In this document the process of setting up EEM in failover mode using response file is being looked into.

Environment:  

EEM version 12.51 CR02 and above installed on Windows or Linux Platforms, support this type of setup. This setup does not replicate the external LDAP configuration, this would have to be manually configured.

Instructions: 

Before you execute the failover tool by providing the response file as an input file, perform the following steps:

Step1 :

Synchronize the system time of all servers in the failover setup.

Step2:

Verify that all CA EEM Servers are configured in the same security mode, non-FIPS or FIPS-only.

Step 3:

Verify that DNS lookup resolves hostnames of all the servers in the failover setup.

Step 4:

Set the following environment variable(s) if not already done:

Set EIAM_HOME, JAVA_HOME, DXHOME as follows:

Windows

set EIAM_HOME=<installation_path_of_<eiam>>
set JAVA_HOME=%EIAM_HOME%\jre
set DXHOME=<path_to_dxserver_location>
set PATH=%EIAM_HOME%/jre\bin;%DXHOME%\bin;%PATH%

UNIX

export EIAM_HOME=<installation_path_of_<eiam>>
export JAVA_HOME=$EIAM_HOME/jre
export DXHOME=<path_to_dxserver_location>
export PATH=$EIAM_HOME/jre/bin:$DXHOME/bin:$PATH

Step 5:

Go the following location EIAM_HOME/samples/failovertool folder. In this folder the sample response file exists. Edit this file to suite the requirement.

Notes: Towards the end of this document the sample response file is provided. and also the parameters require modification based upon the EEM server where this is available/copied to. The parameters are explained after end of the sample response file.

 

Step 6:

 

For setting up the EEM servers in failover using the response file use the following command:

 

EIAM_HOME\bin>java -jar eiam-clustersetup.jar -r "<Location of the response file>/<response file name>"


Additional Information

Below is the sample response file and the explanation.

## Failover tool response file

IS_PRIMARY=true
PRIMARY_HOSTNAME=primary.ca.com
LOCAL_HOSTNAME=primary.ca.com
ADMIN_PASSWD={MUNGE2}CRAZGVQ=

RESET_PRIMARY=false
## possible values for HA_MODE are [INTERNAL/EXTERNAL]
HA_MODE=INTERNAL
DATA_DSA_PORT=509

## possible values for SYNC [NEW/DELTA]
SYNC=NEW

## Multiple comma sepatated nodes can be provided to ADD
#ADD=server1.ca.com:509,server2.ca.com:509

## Multiple comma separated nodes can be provided to REMOVE
#REMOVE=server1.ca.com,server2.ca.com

MODIFY_CERTS=false
## possible values for KEY_LENGTH [1024/2048/4096]
KEY_LENGTH=1024
## possible values for DIGEST_ALGORITHM [SHA1/SHA256/SHA384/SHA512]
DIGEST_ALGORITHM=SHA1

The response file can be modified to suit your requirements.

Usage and Explanation of the parameters.

Note: Do not delete any of the variables provided in the sample response file.

IS_PRIMARY=true
The IS_PRIMARY variable needs to set to 'true' only on the EEM server that will be designated as the primary EEM server. On all the other EEM servers that would be part of the failover configuration, this needs to be set to 'false'.

PRIMARY_HOSTNAME=hostname.ca.com

This variable contains the name of the primary EEM server, this has to be the fully qualified domain name of the server. Here hostname.ca.com is the FQDN for the primary EEM server. This variable needs to be enabled on all the EEM servers that are part of the failover configuration.

LOCAL_HOSTNAME=hostname.ca.com
This is the name of the host which is being configured to be part of the failover EEM configuration. In case of the primary EEM server the FQDN of the primary EEM server, in case this file is being modified on the secondary EEM server, this variable will have the FQDN of the secondary EEM server

ADMIN_PASSWD={MUNGE2}CRAZGVQ=
This is the EiamAdmin user password of the primary EEM server. Even in the response file in the secondary EEM server, this variable will have the primary EEM server's EiamAdmin password. This password can be either in encrypted format or in plain text format.
The command to generate the munge2 password (java –jar eiam-clustersetup.jar –m <plain-text-password>), this needs to be executed from the 'bin' directory of EIAM_HOME

RESET_PRIMARY=false
This needs to be 'true' in Primary EEM server only. In the response file on the secondary server, this can be set to 'false'.

## possible values for HA_MODE are [INTERNAL/EXTERNAL]
HA_MODE=INTERNAL

DATA_DSA_PORT=509
This is the port number defined during installation of EEM, modify this only in case the DSA port is different from the default value of 509, and provide the same port number as was specified during the EEM installation.

## possible values for SYNC [NEW/DELTA]
SYNC=NEW
This variable will set to NEW in case of newly configured failover node.
Important! When you reconfigure the servers for failiover, specify the following value for the synchronization mode to sync the secondary servers with the primary server DELTA, secondary node will be synced to update configurations.

The section below is for adding / removing secondary EEM nodes to the primary

## Multiple comma separated nodes can be provided to ADD
ADD=server1.ca.com:509,server2.ca.com:509
The host names provided in here must be in FQDN format, followed by the DSA port number on that host. This variable is only valid on the primary EEM server, on rest of the servers, this variable needs to be commented out.

## Multiple comma separated nodes can be provided to REMOVE
REMOVE=server1.ca.com,server2.ca.com
The host names provided in here must be in FQDN format. This variable is only valid on the primary EEM server, on rest of the servers, this variable needs to be commented out.

MODIFY_CERTS=false

If this is set to ‘true’, then modify the below variables appropriately. The variables that get effected if this is set to true are ‘KEY_LENGTH=1024’ and ‘DIGEST_ALGORITHM’.
“modifycerts, Generates the server certificates with the specified key length and digest algorithm, and replaces the existing certificates with the new certificates in the CA iTechnology iGateway folder. This option is available only when you run the tool on the primary server.” 

## possible values for KEY_LENGTH [1024/2048/4096]
KEY_LENGTH=1024

## possible values for DIGEST_ALGORITHM [SHA1/SHA256/SHA384/SHA512], this needs to be same across all the EEM servers which are in failover configuration.
DIGEST_ALGORITHM=SHA1