Updating KeyControl IP Addresses on a VM
If the KeyControl nodes in a cluster change, you need to update the IP address list on each Policy Agent unless you have specified a KeyControl Mapping for the VMs. KeyControl Mapping changes are done in the KeyControl webGUI and are communicated to the VM on the VM's next heartbeat. For more information, see Creating a KeyControl Mapping.
Procedure
Log into each server connected to this KeyControl cluster as root and enter the following command:
# hcl updatekc kc_hostname[:port],kc_hostname[:port],kc_hostname[:port],...
Where kc_hostname,kc_hostname,kc_hostname... is a comma-separated list of the KeyControl node IP addresses or hostnames and port is an optional port number (the default is port 443). If you are entering the command on Windows, use quotes around the list of hostnames.
The list you specify overwrites any existing list on the Policy Agent. So if the Policy Agent is currently connected to three KeyControl nodes and you remove one, just specify the two remaining nodes with the updatekc command. The third node will be removed automatically.
For example, in Linux you could specify:
# hcl updatekc kc-chicago,10.238.66.234,kc-bangalore:447
For example, in Windows you could specify:
C:\> hcl updatekc "kc-1,kc-2"
To verify the connection status, enter the hcl status command, as shown:
# hcl status Summary --------------------------------------------------- KeyControl: kc-1:443 KeyControl list: kc-1:443,kc-2:443 Status: Connected
|
Follow us: |
