Good afternoon,
I was setting up auto failover in my lab using this link:
https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/Latest/en/Content/Deployment/HighAvailability/auto-failover-setup-continue.htm?tocpath=Setup|High%20Availability%20(HA) Clusters|_____6
I imported the policy it stated on the page:
---
- !policy
id: conjur/<my-cluster-name>
annotations:
# Overrides the cluster default TTL
ttl: <ttl-value>
body:
- !layer
- &hosts
- !host
id: <host1-id>
- !host
id: <host2-id>
- !host
id: <host3-id>
- !grant
role: !layer
member: *hosts
However when I went to enroll the master into the cluster, I kept getting this error.
error: Cluster name provided, but no cluster policy found
It makes me think that the master couldnt see the policy for some reason, I can verify that the policy exists by looking at the gui and using the cli.
dataplex
October 16, 2019, 1:39pm
2
Hello,
The id above where it says “my-cluster-name” needs to be changed to identify your cluster and be placed in the correct policy branch, which is conjur/cluster/my-cluster-name. As a best practice we recommend loading this into the root policy like so:
root.yml
---
- !policy
id: conjur/cluster/<my-cluster-name>
annotations:
# Overrides the cluster default TTL
ttl: 15
body:
- !layer
- &hosts
- !host
id: <host1-id>
- !host
id: <host2-id>
- !host
id: <host3-id>
- !grant
role: !layer
member: *hosts
Then you can enroll your cluster master:
evoke cluster enroll -n host1-id my-cluster-name
For example, if the cluster policy id is conjur/cluster/mylabcluster and the master host is conjur-master.lab.local you would run
evoke cluster enroll -n conjur-master.lab.local mylabcluster
HTH,
Ben Floyd
2 Likes
Thank you so much Ben for clearing the ambiguity, I got it working!
2 Likes
system
October 23, 2019, 2:08pm
4
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.