The Failover API service allows you to enable an externally automated failover when the primary Address Manager fails. Automated failover APIs ensures that the DDI infrastructure is readily available and allows control, offering options for both manual and automated primary Address Manager server failover when an outage is detected.
If you enable the Failover API option, you can use the following Address Manager APIs:
- GET bam/v1/health
- PUT bam/v1/promote
- PUT bam/v1/managed-servers/takeover
- PUT bam/v1/managed-servers/{id}/takeover
For more information on these APIs, refer to the Address Manager API Guide.
Note: The failover API feature requires certificates for both the server (Address Manager) and
the client. Users can configure the failover API with self-signed certificates, or
certificates from a certificate authority. The client certificate chain and server certificate
chain are validated independently, and do not need to come from the same certificate
authority. The root and intermediate certificates required to verify the client certificate
must be uploaded to Address Manager as the
keystoreFile
. Ensure
that the client also has the necessary root and intermediate certificates to verify the server
certificate received from the Address Manager server.Example
#cloud-config
bluecat_service_config:
payload: |
{
"version": "1.3.0",
"services": {
"failoverApi": {
"configurations": [
{
"failoverApiConfiguration": {
"enable": true,
"keystore": {
"keystoreFile": "MIIQIQIBAzCCD+cGCSqGSIb3DQEHAaCCD9gEg...",
"passphrase": "key1"
},
"truststore": {
"truststoreFile": "MIIG0gIBAzCCBnwGCSqGSIb3DQEHAaCCBm0Eg...",
"passphrase": "trust1"
}
}
}
]
}
}
}
Parameters
enable
—set to true to enable the failover API service.- Under
keystore
, enter the following information:keystoreFile
—a base64 encoded PKCS certificate file (.p12) containing the Address Manager server's private key and the server certificate.passphrase
—enter the passphrase for the keystore file.
- Under
truststore
, enter the following information:truststoreFile
—a base64 encoded Java keystore file (.jks) containing the root and any intermediate certificates required to verify the client certificate used in the failover API call. When the Address Manager server receives the client certificate, it verifies the certificate using this trust store certificate chain.passphrase
—enter the passphrase for the truststore file.