| Table of Contents |
|---|
Discovery
opHA 3 has two different Authentication configurations to discover a peer:
- user/password
- user/sharedkey
For the user/password, it should be a valid user and password with permission permissions over module_opcore_view module.
For the user/sharedkey:
- user must have permissions over module_opcore_view module. Used for authorisation.
- sharedkey should be one in
omkd_secretsin opCommon.json in the poller. Used for authentication.
...
opHA 3 needs to have the "token" authentication method authentication setup in order to perform the internal communication.
...
| Code Block |
|---|
"auth_token_key" : ["tokenForAnotherTrustedTP"], "opha_api_user" : "omkapiha", |
And they would be saved in the the registry in the primary, that will generate a token with this data to perform the communication.
Upgrade Poller configurations
After upgrade of any of the poller configurations:
- omkd should be restarted (In the poller).
- The Poller should be Rediscovered from the Primary.
SSL Configuration
Urls
On the peer discovery, we specify the url of the peer. The peer, is going to provide to the poller the url for their communications.
If we specify a discovery url using https but this is not set in the pollers configuration, the internal communications will go into http. It can be changed in the poller in opCommon.json in the setting:
| Code Block |
|---|
"opha_url_base" : "https://myserver.com", |
If we set this property, we also need to change:
| Code Block |
|---|
"opha_hostname" : "myservername", |
After the change, we would need to upgrade the poller configurations.
SSL Certificates
If the certificate is self signed, there are a couple of settings that can be changed to avoid validation. But this is not recommended in production environments:
| Code Block |
|---|
"opha_allow_insecure" : 1, |
And for editing remote nodes:
| Code Block |
|---|
"omk_ua_insecure" : 1, |