Product Documentation
Creating a new domain for a cluster starts by creating a domain on any one node of the cluster and copying over all the keystores and the database from one Node to all the other nodes in the cluster. Assuming, there is a two-Node, please follow these steps to create a new domain for a clustered deployment
STEP #1 ON NODE 1
- Using the domain creation steps for the Standalone Node, create a domain on any one node (Lets assume SID=1 for reference).
- Create the backup for the domains table:
shell > mariadb-dump -u skfsdbuser -p --insert-ignore --no-create-info skfs domains fidopolicies> domains_policies_backup.db;
STEP #2 ON NODE 2
- Login as "strongkey" user.
- In Window 1, log into mysql database 'skfs' as the 'skfsdbuser' user:
shell> mariadb -u skfsdbuser -p skfs - Source the database dump to bring the new server up to date with the others in the cluster.
shell> source /usr/local/strongkey/dbdumps/domains_policies_backup.db - Copy the JWT and SAML keys from the first server to replace the keys on the other servers. These keys can be found in the /usr/local/strongkey/skfs/keystores directory:
shell> scp -r fidoserver1.<domain-name>:/usr/local/strongkey/skfs/keystores /usr/local/strongkey/skfs - Restart the Payara application server:
shell> sudo systemctl restart payara -
Create default SKFS users for the DID as "root" user. Move to the directory to where fidoserver distribution was extracted and run the following command:
shell> /usr/local/software/create-SKFS-Users.sh Usage: create-SKFS-Users.sh Options: did The SKFS did to create. bind-pass The default bind password for ldap skfs-user-pass The desired password for the default ldap users that will be created. skfs-ldif-path The full path to the skfs.ldif file (This should be located in the SKFS installation directory) Example shell> /usr/local/software/create-SKFS-Users.sh 9 Abcd1234! Abcd1234! /usr/local/software/skfs.ldif
NOTE: Please repeat Step #2 for every node in the cluster.