.. _appliance_redundancy: ================ Redundant setup ================ .. index:: Redundancy Two appliances may be setup in a redundant scenario based on the MySQL master-master-replication. On an existing ``Appliance A`` the setup is started and pushed to an fresh ``Appliance B``. After a successful setup the data is synchronized from ``A`` to ``B`` and vice versa. The communication between the appliances will be encrypted using IPSec. .. note:: As the communication between the two redundant partners is done via IPSec, please assure that IPSec between the two partners is possible! The Appliance Web UI shows the status of the configured redundancy. Setup redundancy ---------------- .. note:: During the setup of the redundancy the webserver needs to be restarted. So - to make the setup more robust - the setup is started from the command line. .. warning:: All token data on ``Appliance B`` will be lost! Run the following steps: 1. Login to your ``Appliance A`` and issue the following command:: appliance_configure.py -c setup_redundancy -p Welcome to the redundancy wizard. Please make sure that timer_entropyd is running. Do you want to setup IPSec-based encryption between the machines? [y/n] y You will have to verify the partner hostkey fingerprint and give the partner's root password in order to start the setup process. Since the SSH command only waits for input for a certain time, please make sure that: * the partner hostkey fingerprint * the partner root password are close at hand. You can find the partner hostkey fingerprint at http://10.76.126.196:8443/ at System-Advanced-Redundancy. Please hit RETURN to continue: The SSH fingerprints of each appliance can also be viewed in the Appliance Web UI. Please assure that you have the root password and the fingerprint of ``Appliance B`` available. 2. Now you are asked to confirm, that the fingerprint of ``Appliance B`` is correct:: The authenticity of host '10.76.126.196 (10.76.126.196)' can't be established. RSA key fingerprint is 4c:bc:02:9f:e8:27:01:bc:64:c7:6e:0e:bc:cb:5e:1a. Are you sure you want to continue connecting (yes/no)? .. note:: If the fingerprints do not match, this is not your ``Appliance B`` you are talking to! Please contact your reseller, you might be the victim of a man-in-the-middle attack! If the fingerprints match, you can enter the root password of ``Appliance B``. 3. Now all necessary data are transferred from ``Appliance A`` to ``Appliance B`` via SSH. Somme messages are displayed during the transfer. If any error occurs you can check the logfile ``/var/log/lseappliance/appliance.log``. 4. Finally you will get the message:: Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.76.126.196' (RSA) to the list of known hosts. root@10.76.126.196's password: Success! Terminating the SSH tunnel ... (this is expected!) At this point the redundancy is setup successfully and the communication for the replication is done encrypted via IPSec. Congratulations, you are done! Known Errors ------------ There is a timeout when entering the root password of ``Appliance B``. Then you might get a message like this:: A SSH error occurred: ---- BEGIN ---- Warning: Permanently added '10.76.126.196' (RSA) to the list of known hosts. Connection closed by 10.76.126.196 ---- END ---- It's possible that this happened due to the SSH server timeout. Since the redundancy setup process hasn't been started yet, it's safe to re-run `appliance_configure.py -c setup_redundancy -p 10.76.126.196`. You can just rerun the setup. Reverting Redundancy -------------------- If you want to quit using the redundancy, you need to execute this command on *both* appliances:: appliance_configure.py -c reset_redundancy Now both appliances will work as a single appliance without knowing the other partner anymore.