Cluster Commands

The Policy Manager command line interface includes the following cluster commands:

cluster diagnostics

cluster drop-subscriber

cluster list

cluster make-publisher

cluster make-subscriber

cluster reset-database

cluster set-cluster-passwd

cluster set-communication-mode

cluster set-cluster-passwd

cluster sync-cluster-passwd

cluster diagnostics

Use the cluster diagnostics command to run diagnostics on a Policy Manager cluster. This command supports both IPv4 and IPv6 management port addresses and uses port number 7432 to collect diagnostics data. Cluster diagnostics for both IPv4 and Ipv6 environments also include metrics for how much time was taken to establish a database connection to the publisher, and how much time was taken for HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. APIApplication Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. calls to the publisher. These Publisher database connection check and HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. connection check to host duration metrics are in hour:min:sec.microsec format.

Syntax

The command syntax for an IPv4 management address is:

On subscriber: appadmin# cluster diagnostics -c

On publisher: appadmin# cluster diagnostics -s

The command syntax for an IPv6 management address is:

[appadmin]# cluster diagnostics

Table 1: Cluster Diagnostics CLI Parameters

Parameter

Action/Description

-s

Starts server using management IPv4 address for cluster diagnostics.

-s -6

Starts server using management IPv6 address for cluster diagnostics.

-c

Starts client for cluster diagnostics with an IPv4 address..

-c -6

Starts client for cluster diagnostics with an IPv6 address.

-p

Runs pgmetrics.

-d

Specifies the database on which to run pgmetrics or reset statistics.

-r

Resets database statistics.

-q

Find and terminate queries.

-i

Use with the -q flag to view or terminate a query by its process ID (PID).

-t

Use with the -q flag and a time interval ( for example, 10 minutes) to display queries running longer than the specified time frame. The user then can terminate these queries by specifying their PIDs, or can enter the all option at the CLICommand-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. prompt to terminate all of the queries.

Examples

[appadmin]# cluster diagnostics -c 192.0.2.21

Enter Cluster Password for 192.0.2.21

 

Throughput 130914.19 kbps/sec

Configured MTU: 1500

Ping Lagency : 0.323333333333 ms

Publisher database connection check: [OK]

Publisher database connection time (HH:MM:SS.μs): 0:00:00.018555

Verify HTTPS connection to host - 192.0.2.21

HTTPS connection check to host : [OK]

Publisher API connection time (HH:MM:SS.μs): 0:00:00.274626

MTU check for 1400 payload size : [OK]

 

[appadmin]# cluster diagnostics -q -t 1 minutes The following 1 queries were found within the time interval provided

PID Query

1950565 SELECT * from ( SELECT timestamp,ct,(SELECT text '192.0.2.1') as server ip FROM dblink ('host=192.0.2.1 port=5432 dbname=tip sLogDb user=appuser password=123456789', 'SELECT date trunc(''DAY''Tl.timestamp AT TIME ZONE INTERVAL''+05:30'')as date, count(T1.id) as count FROM tips dashboard summary Tl WHERE ((((T1.id != ''0''))) AND (Tl.timestamp >=''2021-12-22 00:00:00.000+530'') AND (Tl.timestamp <= '2021-12-29 23:09 :24:944+530''))GROUP BY date ORDER BY date DESC' ) as tmpt ( timestamp timestamp with time zone, ct int) as t ORDER BY timestamp DESC

 

Type "all" to terminate all found queries, or the query Type "exit" to end query termination.

all Terminated PG backend 1950565 based on user input

 

cluster drop-subscriber

Use the drop-subscriber command to remove a specific subscriber node from the cluster.

 

This command does not support Stateless Address Auto-configuration (SLAACStateless Address Autoconfiguration. SLAAC provides the ability to address a host based on a network prefix that is advertised from a local network router through router advertisements.) IPv6 addresses.

Syntax

cluster drop-subscriber [-f] [-i <IP address>] -s

The following table describes the required and optional parameters for the drop-subscriber command:

Table 2: Drop-Subscriber Command Parameters

Parameter/Flag

Action/Description

-f

Enter the -f parameter to force Policy Manager to drop even the nodes that are down.

-i <IP Address>

Specify the Management IP address of the node. If this IP address is not specified and the current node is a subscriber, Policy Manager drops the current node.

NOTE: The IP address of the subscriber to be dropped must be passed in the correct format. The IP address format depends on the cluster communication mode: If the mode is ipv4, use the subscriber's IPv4 address, otherwise if the mode is ipv6, use the subscriber's IPv6 address. To verify which cluster communication mode is configured, use the cluster list command.

-s

Restricts resetting the database on the dropped node.

By default, Policy Manager drops the current node—if it's a subscriber—from the cluster.

Example

The following example removes the IP address 192.xxx.1.1 from the cluster:

[appadmin]# cluster drop-subscriber -f -i 192.xxx.1.1 -s

cluster list

Use the cluster list command to list all the nodes in the cluster, and show whether cluster high availability is enabled or disabled. The cluster list command also indicates the cluster communication mode (IPv4 or IPv6), and indicates whether a standby publisher and failover wait time been defined.

Syntax

cluster list

Example

The following example lists all the nodes in a cluster:

[appadmin]# cluster list

[appadmin@v6-7152-6192]# cluster list

Cluster Commuication Mode: ipv4

Cluster high-availability : ENABLED, Failover wait-time : 8, Standby Publisher : 198.51.100.7

Publisher  : Management port IP=198.51.100.3 IPv6=2001:DB8:200:7::150  Data port IP=203.0.113.190 [local machine]

Subscriber : Management port IP=198.51.100.5 IPv6=2001:DB8:200:7::152  Data port IP=203.0.113.192 

Subscriber : Management port IP=198.51.100.7 IPv6=2001:DB8:200:7::153  Data port IP=203.0.113.194 

cluster make-publisher

Use the cluster make-publisher command to promote a specific subscriber to be the publisher in the same cluster.

Before you promote a subscriber to publisher, add the HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. server certificate of the subscriber to the trust list and ensure sure all the servers in the cluster have this certificate in the Trust list. This step is not required if the HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. server certificates for all the nodes in the cluster are signed by a certificate authority (CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.)

 

 

When running this command, do not close the shell or interrupt the command execution.

Example

The following example promotes a subscriber to publisher status:

[appadmin]# cluster make-publisher

********************************************************

* WARNING: Executing this command will promote the *

* current machine (which must be a subscriber in the *

* cluster) to the cluster publisher. Do not close the *

* shell or interrupt this command execution. *

********************************************************

Continue? [y|n]: y

To continue the make-publisher operation, enter y.

cluster make-subscriber

Run the cluster make-subscriber command on a standalone publisher to make the standalone node a subscriber node and add it to the cluster. If a cluster is configured with a standby publisher, add the HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. server certificate of the standby publisher to the Trust list and ensure sure all the servers in the cluster have this certificate in the Trust list. This step is not required if the HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. server certificates for all the nodes in the cluster are signed by a certificate authority (CACertificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate.)

 

This command does not support Stateless Address Auto-configuration (SLAACStateless Address Autoconfiguration. SLAAC provides the ability to address a host based on a network prefix that is advertised from a local network router through router advertisements.) IPv6 addresses.

Syntax

cluster make-subscriber -i <IP-address> [-l] [-b] [-V]

The following table describes the required and optional parameters for the make-subscriber command:

Table 3: Cluster Make-Subscriber Command Parameter

Parameter/Flag

Action/Description

-b

Instructs Policy Manager to skip making a backup of the publisher before you make it a subscriber.

-i <IP-address>

Specify the publisher's IP address.

NOTE: This parameter allows both IPv4 and IPv6 addresses.

-l

Restores the local log database after this operation. This parameter is optional.

-V

Instructs Policy Manager to not verify the publisher certificate.

Example

The following example converts the node with IP address 192.xxx.1.1 to a subscriber node and restores the local log database:

[appadmin]# cluster make-subscriber –i 192.xxx.1.1 -l

cluster reset-database

Use the reset-database command to reset the local database and erase its configuration.


Running this command erases the Policy Manager configuration and resets the database to its default configuration—all the configured data will be lost.

 

When running this command, do not close the shell or interrupt the command execution.

Syntax

cluster reset-database

Example

The following example reset the database:

[appadmin]# cluster reset-database

**********************************************************

* WARNING: Running this command will erase the Policy Manager *

* configuration and leave the database with default *

* configuration. You will lose all the configured data. *

* Do not close the shell or interrupt this command *

* execution. *

*********************************************************

Continue? [y|n]: y

To continue the reset-database operation, enter y.

cluster set-communication-mode

Click the drop-down list and select either ipv4 or ipv6 as the mode of commuication for all cluster operations. If the value of this parameter is set to ipv6, all database and APIApplication Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. calls will use IPv6 addresses for cluster communication. If the value is set to ipv4, it will use IPv4 for database and APIApplication Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. calls instead. The default value of the cluster communication mode will depend on the IP address configured on the appliance during installation or upgrade. If the appliance has only an IPv6 address, the default cluster communication mode will be IPv6. If the appliance has both IPv4 and IPv6 addresses configured, or if only an IPv4 address is configured, then the default cluster communication mode will be IPv4.

Whenever the cluster communication mode is changed, it performs the following validations:

Configuration checks to verify an IP address in the correct format is configured for the interface.

Certificate checks to verify the database certificates have the correct IP address in the SAN field.

Certificate checks to verify the HTTPSHypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. certificates have the correct IP address in the SAN field.

Syntax

cluster set-communication-mode [ipv4/ipv6]

Example

The following example lists all the nodes in a cluster:

[appadmin]# cluster set-communication-mode ipv4

********************************************************

* *

* WARNING: Executing this command will change *

* the format of the IP address used for all *

* cluster communications and can cause *

* the cluster to go out of sync. *

* *

* Please reset certificates on all nodes *

* and reboot each node to ensure cluster is in sync. *

* *

* Do not close the shell or interrupt this command *

* execution. *

* *

********************************************************

Continue? [y|n]: y

cluster set-cluster-passwd

Use the cluster set-cluster-passwd command to change the cluster password on all nodes in the cluster. You may only issue this command from the publisher.

 

Setting the cluster password changes the appadmin password for all the nodes in the cluster

Syntax

cluster set-cluster-passwd

Example

The following example changes the cluster password on the publisher:

[appadmin]# cluster set-cluster-passwd

cluster set-cluster-passwd

Continue? [y|n]: y

Enter Cluster Passwd: college.162

Re-enter Cluster Passwd: college.162

INFO - Password changed on local (publisher) node

Cluster password changed

cluster set-standby-publisher

Use the cluster set-standby-publisher command to set a standby publisher for cluster high availability. You may only issue this command from the publisher.

Syntax

cluster set-standby-publisher [-i <IP Address>]|[-t <Failover wait time>]

Table 4: Cluster Make-Subscriber Command Parameters

Parameter/Flag

Action/Description

-i <IP Address>

Management IP Address of the server to be configured as standby publisher.

NOTE: This parameter accepts both IPv4 and IPv6 addresses.

-t <Failover wait time>

Specify the time (in minutes) that the standby publisher must wait before it assumes the role of publisher after the primary publisher becomes unreachable. This parameter prevents the standby publisher from taking over when the publisher is temporarily unavailable during a restart. The default failover wait time is 10 minutes.

Example

The following example defines a standby publisher and sets the failover wait time to five minutes:

[appadmin]# cluster set-standby-publisher -i 10.21.4.33 -t 5

failover time = 5

cluster sync-cluster-passwd

Use the cluster sync-cluster-passwd command to synchronize the cluster (appadmin) password currently set on the publisher with all the subscriber nodes in the cluster.

 

Synchronizing the cluster password changes the appadmin password for all the nodes in the cluster

Syntax

cluster sync-cluster-passwd

Example

The following example synchronizes the cluster password:

[appadmin]# cluster sync-cluster-passwd

Continue? [y|n]: y

Enter Password: college.205

Re-enter Password: college.205