Cluster Mode Setup
Cluster mode allows you to connect multiple automation agents and analytics collection servers to distribute the load and ensure fault tolerance of the system. This is especially useful when working with large volumes of data, as it helps prevent data loss and improves scalability.
Cluster mode is configured using the cluster.json configuration file.
Example of a cluster.json configuration for automation agents:
{
"components": {
"excluded":[
"com.operavix.subsystem.automationagent"
]
},
"network": {
"current": {
"name": 1,
"port": 7000,
"ssl":{
"cert_chain_path":"ssl/n1.crt",
"private_key_path":"ssl/n1.key"
}
},
"nodes": [
{
"name": 2,
"target": "192.168.1.2:7000",
"ssl_certificate_path":"ssl/n2.crt"
}
]
}
}
Configuring a Two-Node Cluster Network
To configure a two-node cluster, specify connection parameters for each node in the cluster.json file. Below is an example configuration for automation agents.
Assume there are two servers with the following DNS names:
- n1.local — primary server
- n2.local — external agent
Configuring Over HTTP
For the n1.local server:
- Set its internal name to
"1"("name": 1). Only numbers from 1 to 127 are allowed - Open port 7000 (
"port": 7000) to receive requests from other nodes - In the
"nodes"block, define available nodes and how to reach them. Specify that node"2"can be accessed at"n2.local:7000"
This URL does not contain the HTTP and HTTPS protocols.
Example:
cluster.json (n1.local)
{
"network": {
"current": {
"name": 1,
"port": 7000,
},
"nodes": [
{
"name": 2,
"target": "n2.local:7000"
}
]
}
}
For the n2.local server:
- Set its internal name to
"2"("name": 2) - Open port 7000 (
"port": 7000) - In the
"nodes"block, specify that node"1"is accessible at"n1.local:7000"
Example:
cluster.json (n2.local)
{
"network": {
"current": {
"name": 2,
"port": 7000,
},
"nodes": [
{
"name": 1,
"target": "n1.local:7000"
}
]
}
}
The examples above omit the module activation settings (the "components" field). This must be configured in a separate file.
Configuring over HTTPS
Add the "ssl" block under "current" with the following fields:
"cert_chain_path"— the file with the Operavix server certificate"private_key_path"— the file with the Operavix server private key"trust_certs"— list of trusted certificates
This configures an HTTPS server on node n1.local, listening on port 7000 with certificate n1.crt and private key n1.key.
When the "ssl" block is present, the cluster operates in encrypted mode: all communication occurs over HTTPS, and authentication uses client certificates.
In the "trust_certs" field, specify the certificate of the remote server — n2.crt, not the local one. This ensures mutual certificate exchange and verifies that connections are made only to trusted nodes.
Example:
cluster.json (n1.local)
{
"network": {
"current": {
"name": 1,
"port": 7000,
"ssl":{
"cert_chain_path":"ssl/n1.crt",
"private_key_path":"ssl/n1.key",
"trust_certs": [
"ssl/n2.crt"
]
}
},
"nodes": [
{
"name": 2,
"target": "n2.local:7000"
}
]
}
}
The HTTPS configuration for n2.local is similar:
- Set up HTTPS on port 7000 with certificate
n2.crtand private keyn2.key - Specify that node
"1"is reachable at"n1.local:7000" - In
"trust_certs", include the remote server's certificate:n1.crt
cluster.json (n2.local)
{
"network": {
"current": {
"name": 2,
"port": 7000,
"ssl":{
"cert_chain_path":"ssl/n2.crt",
"private_key_path":"ssl/n2.key",
"trust_certs": [
"ssl/n1.crt"
]
}
},
"nodes": [
{
"name": 1,
"target": "n1.local:7000"
}
]
}
}
Generating Self-Signed Certificates for Cluster Mode
The following steps describe how to generate self-signed certificates on Linux. The output file names correspond to the setup described in Configuring a Two-Node Cluster Network.
Generate a private key and certificate for the n1.local server:
openssl req -x509 -nodes -newkey rsa:2048 -outform PEM -subj "/CN=n1.local" -keyout n1.key -out n1.crt
Generate a private key and certificate for the n2.local server:
openssl req -x509 -nodes -newkey rsa:2048 -outform PEM -subj "/CN=n2.local" -keyout n2.key -out n2.crt
Was the article helpful?