Admin renomination workflow

Topics

Before you begin

Verify that:

  • All members of the cluster, including the original and nominated worker node, are running Access Gateway v2020.8.3 or later. If you encounter a worker node that isn't running v2020.8.3 or later, an error resembling FAILED - Incompatible Node List - <incompatible Node hostname List>. Update worker nodes to version - 2020.8.3 or later returns and the renomination process gets terminated.
  • The nominated worker node is able to resolve all worker node DNS names.
    Likewise, worker nodes must be able to resolve the nominated node's DNS name.
  • You have access to the Access Gateway Command Line console.

    • Access Gateway can reach yum.oag.okta.com.
      You can test connectivity to the Access Gateway yum repository using the Access Gateway Management console.  
      To test connectivity:

      1. ssh to the Access Gateway Management console
        ssh oag-mgmt@admin
      2. Select 1-Network.
      3. Select 7- Connectivity test.
      4. When prompted, enter host: yum.oag.okta.com .
      5. When prompted, enter port: 443.

      Review connection successful to yum.oag.okta.commessage. In case of an error, confirm that the host yum.oag.okta.com is reachable using port 443 from the network where Access Gateway is deployed.

       

 

Perform admin renomination

 

Important Note

Important

While renomination is in progress, the Access Gateway Admin UI console is locked.
Attempts to access the Access Gateway Admin UI console result in a page similar to:

The following high availability management operations are supported:

  1. Nominate a worker to become cluster admin
  2. Authorize admin to begin renomination process
  3. Perform post renomination tasks

 

Info

Note

Before running the Renomination process, ensure that:

  • All nodes are reachable using SSH.
  • All nodes, including the admin, nominated worker and all other workers are running Access Gateway v2020.8.3 or later.

Nominate a worker to become cluster admin

On the worker node that you want to nominate as a cluster admin:

  1. Connect to the worker instance Access Gateway Management console.
    ssh oag-mgmt@[workder.tld]
  2. Select 5 - System.
  3. Select 8- High Availability Configuration.
  4. Select 7- Cluster Manager.

    The cluster management menu displays and is similar to:

    Access Gateway Cluster Manager(Worker)
    1 - Authorize Node Nomination
    2 - Authorize Node as Admin node
    
    X- Exit
    Choice: 
    Info

    Note

    Selecting 1-Authorize Node Nomination on a worker node results in an error stating, "Operation not supported on worker node, press any key to continue".
    Attempting to run Authorize Node Nomination process while an existing authorize is in progress results in an error, "Admin Nomination in progress for node - <nominatedNode Hostname>."

  1. Select 2 - Authorize Node as Admin node.
  2. The worker node then presents a confirmation dialog box. Enter Y to continue or n to abort.
    Note

    Note

    If the Cluster manager package isn't installed or supported on the admin node, an error message displays:
    Cluster Manager package was not found on Admin Node - OAG Version - 2020.7.0

    You must upgrade the admin node before continuing.

  3. The Admin node generates and displays an authorization code, which must be provided to the Worker node.
    Copy the following authorization code:
    The authorization token required to initiate setup for nominated admin node: worker-c:8ba1c123-715d-4b70-ab5d-0e41493bef73
    Copy the token and paste it on the adminnode when prompted.
    Press enter to continue. 

Authorize admin to begin renomination process

On the current admin node:

  1. Connect to the instance Access Gateway Management console.
    ssh oag-mgmt@[admin.tld].
  2. Select 5 - System.
  3. Select 8- High Availability Configuration.
  4. Select 7- Cluster Manager.
  5. The cluster management menu displays and is similar to:

    Access Gateway Cluster Management (Admin)
    1 - Authorize Node Nomination
    2 - Authorize Node as Admin node
    
    X- Exit
    Choice: 
  6. Select 1 - Authorize Node Nomination.
    Info

    Note

    Selecting 2-Authorize Node as Admin node on a admin node result in an error: Operation not supported on admin node, press any key to continue.
    Attempting to run the Authorize Node as Admin node process when an existing authorize is in progress results in the error: Admin Nomination in progress.

  7. The current admin node displays:
    NOTE: Please ensure that the admin node is ready for setup and you have the authorization 
    token displayed on the on the worker node. 
    
    Enter the authorization token displayed on the nominated admin node:
    
    Press the Enter key when complete. 
    

    The renomination process begins.

When complete, the existing admin becomes a standalone node.

The nominated worker then becomes the admin node for the updated cluster.

Perform post renomination tasks

You must perform the following steps after the rolling upgrade:

  1. Enter the IP address of the newly upgraded admin node into DNS as admin. Otherwise only the original admin instance is reachable.
  2. Decommission the original admin node or add the original admin node as a worker node to the updated cluster.