1 - Creating a TAC using the CLI Manager

The steps to create a TAC using the CLI Manager.

About Creating a TAC using the CLI

Before creating a TAC, ensure that the SSH Authentication type is set to Public key or Password + PublicKey.

If you are using cloned machines to join a cluster, it is necessary to rotate the keys on all cloned nodes before joining the cluster.

If the cloned machines have proxy authentication, two factor authentication, or TAC enabled, it is recommended to use new machines. This avoids any limitations or conflicts, such as, inconsistent TAC, mismatched node statuses, conflicting nodes, and key rotation failures due to keys in use.

For more information about rotating the keys, refer here.

How to create the TAC using the CLI Manager

To create a cluster using the CLI Manager:

  1. In the ESA CLI Manager, navigate to Tools > Clustering > Trusted Appliances Cluster.

    The following screen appears.

    Cluster Services Creation Screen

  2. Select Create: Create new cluster.

    The screen to select the communication method appears.

    Set Communication Method Screen

  3. Select Set preferred method to set the preferred communication method.

    • Select Manage local methods to add, edit, or delete a communication method.
    • For more information about managing communication methods for local node, refer here.
  4. Select Done.

    The Cluster Services screen appears and the cluster is created.

2 - Joining an Existing Cluster using the CLI Manager

The steps to join a TAC using the CLI Manager.

If you are using cloned machines to join a cluster, it is necessary to rotate the keys on all cloned nodes before joining the cluster.

If the cloned machines have proxy authentication, two factor authentication, or TAC enabled, it is recommended to use new machines. This avoids any limitations or conflicts, such as, inconsistent TAC, mismatched node statuses, conflicting nodes, and key rotation failures due to keys in use.

For more information about rotating the keys, refer here.

Important : When assigning a role to the user, ensure that the Can Create JWT Token permission is assigned to the role.
If the Can Create JWT Token permission is unassigned to the role of the required user, then joining the cluster operation fails.
To verify the Can Create JWT Token permission, from the ESA Web UI navigate to Settings > Users > Roles.

To join a cluster using the CLI Manager:

  1. In the ESA CLI Manager, navigate to Tools > Clustering > Trusted Appliances Cluster.

  2. In the Cluster Services screen, select Join: Join an existing cluster.

    The following screen appears.

    Join an Existing Cluster

  3. Enter the IP address of the target node in the Node text box.

  4. Enter the credentials of the user of the target node in the Username and Password text boxes.

    • Ensure that the user has administrative privileges.
    • Select Advanced to manage communication or set the preferred communication method.
      For more information about managing communication methods, refer here.
  5. Select Join.

    The node is joined to an existing cluster.

3 - Cluster Operations

Execute the standard set of commands or copy files from the local node to other nodes in the cluster.

Using Cluster Operations, you can execute the standard set of commands or copy files from the local node to other nodes in the cluster. You can only execute the commands or copy files to the nodes that are directly connected to the local node.

The following figure displays the Cluster Operations screen.

Cluster Operations

Executing Commands using the CLI Manager

This section describes the steps to execute commands using the CLI Manager.

To execute commands using the CLI Manager:

  1. In the CLI Manager, navigate to Tools > Trusted Appliances Cluster > Cluster Operations: Execute Commands/Deploy Files.

  2. Select Execute.

    The Select command screen appears with the following list of commands:

    • Display top 10 CPU Consumers
    • Display top 10 memory Consumers
    • Report free disk space
    • Report free memory space
    • Display TCP/UDP network information
    • Display performance and system counters
    • Display cluster tasks
    • Manually enter a command
  3. Select the required command and select Next.

    The following screen appears.

    Select Target Nodes

  4. Select the target node and select Next.

    The Summary screen displaying the output of the selected command appears.

Copying Files from Local Node to Remote Node

This section describes the steps to copy files from local node to remote node.

To copy files from local node to remote nodes:

  1. In the CLI Manager, navigate to Tools > Trusted Appliances Cluster > Cluster Operations: Execute Commands/Deploy Files .

    The screen with the appliances connected to the cluster appears.

  2. Select Put Files.

    The list of files in the current directory appears. Select Directory to change the current directory

  3. Select the required file and select Next.

    The Target Path screen appears.

    Target Path Screen

  4. Select the required option and select Next.

    The following screen appears.

  5. Select the target node and select Next.

    The Summary screen confirming the file to be deployed appears.

  6. Select Next.

    The files are deployed to the target nodes.

4 - Managing a site

Steps to manage a site.

Using Site Management, you can perform the following operations:

  • Obtain Site Information
  • Add a site
  • Remove sites added to the cluster, if more than one site exists in the cluster
  • Rename a site
  • Set the master site

The following screen shows the Site Management screen.

Site Management Screen

View a Site

You can view the information for all the sites in the cluster by selecting Show sites information. When a cluster is created, a master site with site1 is created by default. The following screen displays the Site Information screen.

Site Information Screen

Adding Sites to a Cluster

This section describes the steps to add multiple sites to a cluster from the CLI Manager.

To add a site to a cluster:

  1. On the CLI Manager, navigate to Tools > Trusted Appliances Cluster > Site Management > Add Site.

    The following screen appears.

    Add New Site Name Screen

  2. Select OK.

    The new site is added.

Renaming a Site

This section describes the steps to rename a site from the CLI Manager.

To rename a site:

  1. On the CLI Manager, navigate to Tools > Trusted Appliances Cluster > Site Management > Update Cluster Site Settings.

  2. Select the required site and select Rename.

    The Rename Site screen appears.

  3. Type the required site name and select OK.

    The site is renamed.

Setting a Master Site from the CLI Manager

This section describes the steps to set a master site from the CLI Manager.

To set a master site from the CLI Manager:

  1. On the CLI Manager, navigate to Tools > Trusted Appliances Cluster > Site Management > Set Master Site.

    The Set Master Site screen appears.

  2. Select the required site and select Set Master.

    A message Operation has been completed successfully appears and the new master site is set. An empty cluster site does not contain any node. You cannot set an empty cluster site as a master site.

Deleting a Cluster Site

This section describes the steps to delete a cluster site from the CLI Manager. You can only delete an empty cluster site.

To delete a cluster site:

  1. In the CLI Manager of the node hosting the appliance cluster, navigate to Tools > Trusted Appliances Cluster > Site Management > Remove: Remove Cluster sites(s).

    The Remove Site screen appears.

  2. Select the required site and select Remove.

  3. Select OK.

    The site is deleted.

5 - Node Management

Details about Node Management.

Using Node Management, you can:

  • List the nodes - The same option as List Nodes menu, refer here.
  • Add a node to the cluster - If your appliance is a part of the cluster, and you want to add a remote node to this cluster.
  • Update cluster information - For updating the identification entries.
  • Manage communication method of the nodes.
  • Remove a remote node from the cluster.

5.1 - Show Cluster Nodes and Status

View the status of all the nodes in the cluster.

The following table describes the fields that appear on the status screen.

FieldDescription
HostnameHostname of the node
AddressIP address of the node
LabelLabel assigned to the node
TypeBuild version of the node
StatusOnline/Blocked/Offline
Node MessagesMessages that appear for the node
ConnectionConnection setting of the node (On/Off)

5.2 - Viewing the Cluster Status using the CLI Manager

View the status of all the nodes in a cluster.

To view the status of the nodes in a cluster using the CLI Manager:

  1. In the CLI Manager, navigate to Tools > Trusted Appliances Cluster > Node Management > List Nodes.

    The screen displaying the status of the nodes appears.

    View Options for Nodes

  2. Select Change View to change the view.

    The list of different reports is as follows:

    • List View: Displays the list of all the nodes.
    • Labels View: Displays a grouped view of the nodes.
    • Status View: Displays the status of the nodes.
    • Report view: Displays the cluster diagnostics, network or connectivity issues, and generate error or warning messages if required.

5.3 - Adding a Remote Node to a Cluster

The steps to add a remote node to a cluster.

To add a remote node to the cluster:

  1. In the CLI Manager of the node hosting the cluster, navigate to Tools > Trusted Appliances Cluster > Node Management > Add Node: Add a remote node to this cluster.

    The Add Node screen appears.

    Add a remote Node

  2. Enter the credentials of the local node user, which must have administrative privileges, into the Username and Password text boxes.

  3. Type the preferred communication method on the Preferred Method text box.

  4. Type the accessible communication method of the target node in the Reachable Address text box.

  5. Type the credentials of the target node user in the Username and Password text boxes.

  6. Select OK.

The node is invited to the cluster.

5.4 - Updating Cluster Information using the CLI Manager

The steps to update Cluster Information.

It is recommended not to change the name of the node after you create the cluster task.

To update cluster information:

  1. In the CLI Manager of the node hosting the cluster, navigate to Tools > Trusted Appliances Cluster > Node Management > Update Cluster Information.

    The Update Cluster Information screen appears.

    Update Cluster Information screen

  2. Type the name of the node in the Name text box.

  3. Type the information describing the node in the Description text box.

  4. Type the required label for the node in the Labels text box.

  5. Select OK.

The details of the node are updated.

5.5 - Managing Communication Methods for Local Node

The steps to add, edit and delete a communication method.

Every node in a network is identified using a unique identifier. A communication method is a qualifier for the remote nodes in the network to communicate with the local node.

There are two standard methods by which a node is identified:

  • Local IP Address of the system (ethMNG)
  • Host name

The nodes joining a cluster use the communication method to communicate with each other. The communication between nodes in a cluster occur over one of the accessible communication methods.

Adding a Communication Method from the CLI Manager

This section describes the steps to add a communication method from the CLI Manager.

To add a communication method from the CLI Manager:

  1. In the ESA CLI Manager, navigate to Tools > Clustering > Trusted Appliances Cluster.

  2. In the Cluster Services screen, select Node Management: Add/Remove Cluster Nodes/ Information.

  3. In the Node Management screen, select Manage node’s local communication methods.

  4. In the Select Communication Method screen, select Add.

  5. Type the required communication method and select OK.

The new communication method is added.

Ensure that the length of the text is less than or equal to 64 characters.

Editing a Communication Method from the CLI Manager

This section describes the steps to edit a communication method from the CLI Manager.

To add a communication method from the CLI Manager:

  1. In the ESA CLI Manager, navigate to Tools > Clustering > Trusted Appliances Cluster.

  2. In the Cluster Services screen, select Node Management: Add/Remove Cluster Nodes/ Information.

  3. In the Node Management screen, select Manage node’s local communication methods.

  4. In the Select Communication Method screen, select the communication method to edit and select Edit.

  5. In the Edit method screen, enter the required changes and select OK.

The changes to the communication method are complete.

Deleting a Communication Method from the CLI Manager

This section describes the steps to delete a communication method from the CLI Manager.

To delete a communication method from the CLI Manager:

  1. In the ESA CLI Manager, navigate to Tools > Clustering > Trusted Appliances Cluster.

  2. In the Cluster Services screen, select Node Management: Add/Remove Cluster Nodes/ Information.

  3. In the Node Management screen, select Manage node’s local communication methods.

  4. In the Select Communication Method screen, select the required communication method and select Delete.

The communication method of the node is deleted.

5.6 - Managing Local to Remote Node Communication

You can select the method that a node uses to communicate with another node in a network. The communication methods of all the nodes are visible across the cluster. You can select the specific communication mode to connect with a specific node in the cluster. In the Node Management screen, you can set the communication between a local node and remote node in a cluster.

You can also set the preferred method that a node uses to communicate with other nodes in a network. If the selected communication method is not accessible, then the other available communication methods of the target node are used for communication.

Selecting a Local to Remote Node Communication Method

This section describes the steps to select a local to remote node communication method.

To select a local to remote node communication method:

  1. In the ESA CLI Manager, navigate to Tools > Clustering > Trusted Appliances Cluster.

  2. In the Cluster Services screen, select Node Management: Add/Remove Cluster Nodes/ Information.

  3. In the Node Management screen, select Manage local to other nodes communication methods.

  4. In the Manage local to other nodes communication method, select the required node for which you want to change the communication method.

  5. Select Change.

  6. Select the required communication method and select Choose. If a new communication must be added so it can be chosen as the required communication method, select Add New to add it.

  7. Select Ok.

The communication method is selected to communicate with the remote node in the cluster.

Changing a Local to Remote Node Communication Method

This section describes the steps to change a local to remote node communication method.

To change a local to remote node communication method:

  1. In the ESA CLI Manager, navigate to Tools > Clustering > Trusted Appliances Cluster.

  2. In the Cluster Services screen, select Node Management: Add/Remove Cluster Nodes/ Information.

  3. In the Node Management screen, select Manage local to other nodes communication methods.

  4. In the Manage local to other nodes communication method screen, select a remote node and select Change.

    The following screen appears.

  5. Select the required communication method.

  6. Select Choose.

The new local to other nodes communication methods is set.

5.7 - Removing a Node from a Cluster using CLI Manager

The steps to remove a remote node from a cluster.

Before attempting to remove a node, verify if it is associated with a cluster task. If a node is associated with a cluster task that is based on the hostname or IP address, then the Remove a (remote) cluster node operation will not remove node from the cluster. Ensure that you delete all such tasks before removing any node from the cluster.

To remove a node from a cluster using the CLI Manager:

  1. In the ESA CLI Manager, navigate to Tools > Trusted Appliances Cluster.

  2. In the Cluster Services screen, select Node Management: Add/Remove Cluster Nodes/Information.

    The following screen appears.

    Remove an Existing Cluster Node

  3. Select Remove: Delete a (remote) cluster node and select OK.

    The screen displaying the nodes in the cluster appears.

  4. Select the required node and select OK.

    The following screen appears.

    Confirmation and Removal of Node from Cluster

  5. Select OK.

  6. Select REFRESH to view the updated status.

5.8 - Uninstalling Cluster Services

The steps to uninstall the cluster services on a node.

Before attempting to remove a node, verify if it is associated with a cluster task. If a node is associated with a cluster task that is based on the hostname or IP address, then the Uninstall Cluster Services operation will not uninstall the cluster services on the node. Ensure that you delete all such tasks before uninstalling the cluster services.

To remove a node from a cluster using the CLI Manager:

  1. In the ESA CLI Manager, navigate to Tools > Trusted Appliances Cluster.

  2. In the Cluster Services screen, select 7 Uninstall : Uninstall Cluster Services.

  3. A confirmation message appears.

  4. Select Yes.

    The cluster services are uninstalled.

6 - Trusted Appliances Cluster

A Trusted Appliances cluster can be used to transfer data from one node to other nodes regardless of their location, as long as standard SSH access is supported. This mechanism allows you to run remote commands on remote cluster nodes, transfer files to remote nodes and export configurations to remote nodes. Trusted appliances clusters are typically used for disaster recovery. The trusted appliance cluster can be configured and controlled using the Appliance Web UI as well as the Appliance CLI.

Clustering details are fully explained in section Trusted Appliances Cluster (TAC). In that section you will find information how to:

  • Setup a trusted appliances cluster
  • Add the appliance to an existing trusted appliances cluster
  • Remove an appliance from the trusted appliances cluster
  • Manage cluster nodes
  • Run commands on cluster nodes

Using the cluster maintenance, you can perform the following functions:

  • List cluster nodes
  • Update cluster keys
  • Redeploy local cluster configuration to all nodes
  • Review cluster service interval
  • Execute commands as OS root user

6.1 - Updating Cluster Key

The steps to generate a new set of the cluster SSH keys.

Before you begin

Ensure that all the nodes in the cluster are active, before changing the cluster key.
If a new key is deployed to a node that is unreachable, then connect the node to the cluster. In this scenario, remove the node from the cluster and re-join the cluster.

Generate a new set of the cluster SSH keys to the nodes that are directly connected to the local node. This ensures that the trusted appliance cluster is secure.

To re-generate cluster keys:

  1. In the ESA CLI Manager, navigate to Tools > Clustering > Trusted Appliances Cluster > Maintenance: Update Cluster Settings.

    The following screen appears.

  2. Select New Cluster Keys.

    A message to re-generate the cluster keys appears.

  3. Select Yes.

    The new keys are deployed to the nodes that are directly connected.

6.2 - Redeploy Local Cluster Configuration to All Nodes

You can redeploy the local cluster configuration to force it to be applied on all connected nodes. Usually there is no need for such operation since the configurations are synchronized automatically. However, if the cluster status service is stopped or you want to force a specific configuration, then you can use this option to force the configuration.

When you select to Redeploy local cluster configuration to all nodes in the Update Cluster dialog box, the operation is performed at once with no confirmation.

6.3 - Cluster Service Interval

The cluster provides an auto-update mechanism that runs in the background as a background service which is responsible for updating local and remote cluster configurations and cluster health checks.

You can specify the cluster service interval in the Cluster Service Interval dialog box.

Cluster Service Interval dialog box

The interval (in seconds) specifies the sleep time between cluster background updates/operations. For example, if the specified value is 120 seconds, then every two minutes the cluster service will update its status and synchronize its cluster configuration with the other nodes (if changes identified).

6.4 - Execute Commands as OS Root User

By default, the cluster user is a restricted user which means that the cluster commands will be restricted by the OS. There are scenarios where you would like to disable these restrictions and allow the cluster user to run as the OS root user.

Using the details in the table below, you can specify whether to execute the commands as root or as a restricted user.

You can specify…To…
YesAlways execute commands as the OS root user. It is less secure, risky if executing the wrong command.
NoAlways execute commands as non-root restricted user. It is more secure, but not common for many scenarios.
AskAlways be asked before a command is executed.