Configuring the Global Policy Master

This topic describes how to configure a cluster as the global policy master from the CLI, REST API, and Control System.

Setting the Global Policy Master from the Control System

Complete the following steps in the Control System to set a cluster as the global policy master:
  1. Click the Security Settings icon.
  2. Click the PBS Mode setting.
  3. Select the PBS Mode as Master from the drop-down.
  4. Click Submit to save the setting.

Setting the Global Policy Master from the CLI or REST API

Complete the following steps from the CLI or REST API to set a cluster as the global policy master:
Run the following command to set a cluster as the global policy master:
maprcli config save -values '{"cldb.pbs.global.master":"1"}'
Send a request of type POST. For example, to designate a cluster as the global policy master, send a request similar to the following:
curl -X POST 'https://<hostname>:8443/rest/config/save?values={"cldb.pbs.global.master":"1"}' --user <username>:<password>

Changing the Global Policy Master Cluster

If the cluster designated as the global policy master goes offline or fails, there is no automatic fail-over or recovery for security policies. In such a scenario, promote one of the member security-policy clusters as the new master. When the original master cluster comes back up, set it as a member cluster.

You can identify the role of a cluster from the Control System or by running the following command:
maprcli dashboard info -json | grep globalPolicyMaster
To elect a new global policy master, perform the following steps:
  1. Verify that the cluster you plan to promote to global policy master is set as a member. If the cluster is a member, the value of cldb.pbs.global.master on the cluster is 0. If the cluster is master, the value is 1.
  2. Verify that no policies are being created or modified on the current master cluster.
  3. Export all policies from the current global policy master and then import them to the cluster you will promote to global policy master.
  4. Demote the original global policy master cluster to a member, by setting cldb.pbs.global.master to 0.
  5. Promote the member cluster to global policy master by setting cldb.pbs.global.master to 1.