Failover API - BlueCat Integrity - 9.6.0

VM Installation Guide

Locale
English
Product name
BlueCat Integrity
Version
9.6.0

The Failover API service allows you to enable an externally automated failover when the primary Address Manager fails. Automated failover APIs ensures that the DDI infrastructure is readily available and allows control, offering options for both manual and automated primary Address Manager server failover when an outage is detected.

If you enable the Failover API option, you can use the following Address Manager APIs:

  • GET bam/v1/health
  • PUT bam/v1/promote
  • PUT bam/v1/managed-servers/takeover
  • PUT bam/v1/managed-servers/{id}/takeover

For more information on these APIs, refer to the Address Manager API Guide.

Note: The failover API feature requires certificates for both the server (Address Manager) and the client. Users can configure the failover API with self-signed certificates, or certificates from a certificate authority. The client certificate chain and server certificate chain are validated independently, and do not need to come from the same certificate authority. The root and intermediate certificates required to verify the client certificate must be uploaded to Address Manager as the keystoreFile. Ensure that the client also has the necessary root and intermediate certificates to verify the server certificate received from the Address Manager server.

Example

#cloud-config
bluecat_service_config:
    payload: |
    {
        "version": "1.3.0",
        "services": {        
            "failoverApi": {
              "configurations": [
                {
                  "failoverApiConfiguration": {
                    "enable": true,
                    "keystore": {
                      "keystoreFile": "MIIQIQIBAzCCD+cGCSqGSIb3DQEHAaCCD9gEg...",
                      "passphrase": "key1"
                    },
                    "truststore": {
                      "truststoreFile": "MIIG0gIBAzCCBnwGCSqGSIb3DQEHAaCCBm0Eg...",
                      "passphrase": "trust1"
                    }
                  }
                }
              ]
            }    
        }
    }
Parameters
  • enable—set to true to enable the failover API service.
  • Under keystore, enter the following information:
    • keystoreFile—a base64 encoded PKCS certificate file (.p12) containing the Address Manager server's private key and the server certificate.
    • passphrase—enter the passphrase for the keystore file.
  • Under truststore, enter the following information:
    • truststoreFile—a base64 encoded Java keystore file (.jks) containing the root and any intermediate certificates required to verify the client certificate used in the failover API call. When the Address Manager server receives the client certificate, it verifies the certificate using this trust store certificate chain.
    • passphrase—enter the passphrase for the truststore file.