Updated on 2024-09-24 GMT+08:00

Enabling HA

A bastion host supports dual-node high availability (HA). After HA is enabled, the secondary node will take over the service if the primary node breaks down.

This topic describes how to enable dual-node HA backup.

Constraints

  • The primary node must be configured first. After the primary node is configured and the configuration takes effect, configure the secondary node and ensure that the primary and secondary nodes use the internal network for HA synchronization configuration.
  • After the HA configuration on the secondary node is complete, the historical data is cleared regardless of whether there is configuration data on the secondary node, and the configuration data of the primary node is synchronized to the secondary node.

Prerequisites

  • You have the management permissions for the System module.
  • You have prepared two bastion hosts, and both of them use the same license.

Procedure

  1. Log in to your bastion host.
  2. Choose System > Sysconfig > HA.

    Figure 1 HA

  3. View the HA status. By default, the HA status is Disabled.

    If you purchase a primary/standby instance, do not disable HA, or logins will fail.

  4. Click Enable next to Status.

    In the displayed Enable HA dialog box, configure the network information for the primary and secondary nodes.
    Table 1 Parameters for enabling the HA function

    Parameter

    Description

    Initial role

    The working status of the node. This parameter can be set to Primary node or Secondary node.

    You need to configure the basion host that functions as the primary node first.

    HA cluster authcode

    The value is automatically generated by the system and is used for mutual verification between the primary and secondary nodes.

    • When configuring HA parameters for the primary node, record the verification key of the HA group and configure the parameters for the secondary node accordingly.
    • The value is a string consisting of 8 to 20 digits or letters.

    Secondary node IP

    When configuring HA parameters for the primary node, enter the IP address of the bastion host that functions as the secondary node.

    Primary node IP

    When configuring HA parameters for the secondary node, enter the IP address of the bastion host that functions as the primary node.

    HA Key

    When configuring HA parameters on the primary node, enter the key for mutual authentication between the primary and secondary nodes.

    Float IP

    Enter an unused IP address that is in the same network range as the fixed IP address of the current bastion host. A mask must be added to the end of the floating IP address.

    A floating IP address is the logical IP address of the two bastion hosts. When you access this IP address, you will automatically log in to one of the bastion hosts, usually the primary node.

    Float IP Interface

    Select the network interface where the fixed IP address of the bastion host is located.

    HA Interface

    This interface is the same as that of the floating IP interface.

  5. Click OK and then restart the system for the configuration to take effect.

Effective Conditions

Restart the primary and secondary nodes for the HA configuration to take effect.

  • Before the restart, the Running Status is Standalone, indicating that the configuration does not take effect.
  • After the restart, the HA backup cannot take effect until the primary node discovers the IP address of the secondary node and the Running Status of the secondary node changes to Online.

Follow-up Operations

To disable the dual-node HA function, click Disable next to Status in each system.

Save the settings and restart the two bastion hosts. HA is disabled after the restart.