Promoting a Secondary Authentication Manager to Primary

If the Primary Authentication Manager is down due to a system failure, you can use the steps in this section to resume authentication services by promoting a Secondary Authentication Manager to Primary. These steps can also be used if a Primary system needs to be taken offline for some reason, such as for maintenance.

NOTE: These steps require that you have installed the Powertech Multi-Factor Authentication Authentication Manager and Data Services on both a Primary and Secondary system, and initiated replication of the Primary on the Secondary (see Installing the Authentication Manager and Data Services).

Recovering from a System Failure

Use the following instructions to stop replicating data on the Secondary system and promote it to the Primary Authentication Manager in response to failure of the Primary Authentication Manager system. If the Primary system is still running, and you would like to promote the Secondary system for another reason, see Promoting the Secondary Authentication Manager while the Primary is Running.

Recovering from a System Failure on Windows

On the system running a/the Secondary Authentication Manager:

  1. Run the following command in C:\Program Files\Help Systems\Powertech MFA:
    standby2master.bat

    This command sets postgres to stop replicating data and become the Primary Manager.

  2. Run the following command in C:\Program Files\Help Systems\Powertech MFA\consul:
    config_ds -ip ip address
  3. Restart the discovery service: 'HSServiceDiscovery'.
  4. Execute the following:
    5. set_ds_primary -ip current ip-port discovery port
    NOTE: The default discovery port is 8500.

    The above command sets some internal variables that tells Powertech Multi-Factor Authentication where the new postgres master (Primary) is located.

  5. Execute the following:
    6. pckz_props_consolidate
  6. Restart the Authentication Manager Service 'HelpSystemsPowertechMFAManager'.

On the original Primary system:

  1. Run the following command: 

    master2standby.sh -a ip address of new Primary server -p database port of new Primary server

  2. Run the following command in C:\Program Files\Help Systems\Powertech MFA\consul:
    3. config_ds -ip ip address -mode agent -primary_ip primary ip address

  3. Browse to the Powertech MFA\consul\config directory and remove "bootstrap.json".

  4. Restart the discovery service.

Recovering from a System Failure on Linux

If the Primary system has crashed, and the purpose of promotion is recovery, skip to step 3. If the Primary system is still running, and the purpose of promotion is, for example, maintenance, stop the 'HelpSystemsPowertechMFADatabase' service.

On the system running a/the Secondary Authentication Manager:

  1. Run the following command in /opt/helpsystems/PowertechMFA:
    standby2master.bat

    This command sets postgres to stop replicating data and become the Primary Manager.

  2. Run the following command in /opt/helpsystems/PowertechMFA/consul:
    config_ds -ip ip address
  3. Restart the discovery service: 'HelpSystemsPowertechMFADiscovery'.
  4. Execute the following:
    5. set_ds_primary -ip current ip-port discovery port
    NOTE: The default discovery port is 8500.

    The above command sets some internal variables that tells Powertech Multi-Factor Authentication where the new postgres master (Primary) is located.

    pckz_props_consolidate
  5. Restart the Authentication Manager Service 'HelpSystemsPowertechMFAManager'.

On the original Primary system:

  1. Run the following command: 

    master2standby.sh -a ip address of new Primary server -p database port of new Primary server

  2. Run the following command in /opt/helpsystems/PowertechMFA/consul:
    3. config_ds -ip ip address -mode agent -primary_ip primary ip address

  3. Browse to the Powertech MFA/consul/config directory and remove "bootstrap.json".

  4. Restart the discovery service.

Promoting the Secondary Authentication Manager while the Primary is Running

Use the following instructions to stop replicating data on the Secondary system and promote it to the Primary Authentication Manager when the Primary is still running. You might do this in order to perform maintenance on the Primary system. If the Primary system has crashed, and you would like to promote the Secondary system, see Recovering from a System Failure, above.

Promoting a Secondary Manager to Primary on Windows

  1. Login to the system running a/the Secondary Authentication Manager.
  2. Run the following command in C:\Program Files\Help Systems\Powertech MFA:
    standby2master.bat

    This command sets postgres to stop replicating data and become the Primary Manager.

  3. Run the following command in C:\Program Files\Help Systems\Powertech MFA\consul:
    set_ds_primary -ip current ip -port discovery port
    NOTE: The default discovery port is 8500.

    This command sets some internal variables that tells Powertech Multi-Factor Authentication where the new postgres master (Primary) is located.

  4. On the Primary, run: 

    master2standby.bat -a ip address of new Primary server -p database port of new Primary server

  5. Restart the manager service 'HelpSystems Powertech MFA Manager' on Secondary system.
  6. Open Insite and select Powertech Multi-Factor Authentication from the Navigation Pane, then choose Managers.
  7. Click the system that was just promoted to Primary (it will still be listed as a Backup). The Edit Managers screen appears.
  8. Set Primary to On.
  9. Click Save.

Promoting a Secondary Manager to Primary on Linux

  1. Login to the system running a/the Secondary Authentication Manager.
  2. Run the following command in /opt/helpsystems/PowertechMFA:
    standby2master.sh

    This command sets postgres to stop replicating data and become the Primary Manager.

  3. Run the following command in /opt/helpsystems/PowertechMFA/consul:
    set_ds_primary -ip current ip -port discovery port
    NOTE: The default discovery port is 8500.

    This command sets some internal variables that tells Powertech Multi-Factor Authentication where the new postgres master (Primary) is located.

  4. On the Primary server, run: 

    master2standby.sh -a ip address of new Primary server -p database port of new Primary server

  5. Restart the manager service 'HelpSystemsPowertechMFAManager' on Secondary system.
  6. Open Insite and select Powertech Multi-Factor Authentication from the Navigation Pane, then choose Managers.
  7. Click the system that was just promoted to Primary (it will still be listed as a Backup). The Edit Managers screen appears.
  8. Set Primary to On.
  9. Click Save.

Copyright © HelpSystems, LLC.
All trademarks and registered trademarks are the property of their respective owners.