The nodes of a cluster have identical configurations, only a few parameters are different. When configuring clusters, all nodes are configured simultaneously, as if the cluster were a single host.
For each parameter that is different on the nodes of the cluster, links have to be used. It is also possible to link to a property of the cluster, in this case the link will be evaluated to a different value on each node. That way when the configuration is uploaded, each node will receive a configuration file containing the values relevant for the node.
Any parameter can be used as a property; usually parameters like the IP addresses of the interfaces are properties. New properties can be added any time to the cluster, not only during the initial configuration.
Naturally, not all links used in a cluster have to be links to cluster properties, regular links can be used as well. However, keep in mind that links to cluster properties are resolved to the corresponding property of the particular node. For example, a link to the Hostname
property of a cluster is resolved on each node to the hostname of the node (for example, to node_1
on the first node, and so on).
Note |
---|
The PKI of the site considers the cluster to be a single host, there is no difference between the individual nodes. |
As a result of using properties, adding new nodes to a cluster is very easy, since only the properties have to be filled with values for the new node.
When uploading configuration changes, or viewing and checking configurations, you can select on which node the operation shall be performed.
Controlling a service (for example, restarting/reloading) is possible on all nodes simultaneously, or only on the nodes specified in the selection window.
Status indicator icons on clusters behave identically to hosts, except that a blue led indicates a partial status, meaning that the nodes of the cluster are not all in the same state (for example, the configuration was not successfully uploaded to all nodes).
When configuring rules for PNS clusters, use links to the interfaces. From the clients' point of view this makes no difference, as the clients do not target the IP of the PNS host.
For non-transparent services, the rule must use the Service IP (that is, a link to the Service IP), because that is where the clients will send their requests to.
© 2021 BalaSys IT Security.
Send your comments to support@balasys.hu