Hello, We have deployed Conjur V 12.7 and we have enabled multiple authenticators (jwt,k8s,iam etc) on our leader cluster and the cluster /info api endpoint shows the authenticators in enabled state. However when we query the follower /info api endpoint, it does not show any of the authenticators in enabled state. Replication is working as expected. Is there a reason why follower /info does not have the authenticators enabled ?
When we do an integration , Jenkins for example the Conjur Appliance URL can be a follower one correct ? If the authenticators are not enabled on the follower side, should we use the cluster url in the ‘Conjur Appliance URL’ section?
Thanks in Advance.
I hope you have found the answer by yourself by now. And if not
- Copy the yml file from leader to follower servers.
- Place it in the Conjur config directory and do
- evoke configuration apply
- Now Run a /info query using follower URL
If the Conjur Followers are deployed via Kubernetes/Openshift - you may want to consider mapping the conjur.yml file. Alternatively, we could try a similar approach if you are using a Conjur Follower as a VM and experiencing an error.
In example, lets say you have the following authenticators configured: “authn-k8s/dev-cluster-senko”, and “authn-jwt/gitlab-senko”
Try something like this on the Follower VM:
podman exec evoke variable set CONJUR_AUTHENTICATORS authn,authn-k8s/dev-cluster-senko,authn-jwt/gitlab-senko
Reference: Support Community
Hope this helps!