2.3.1.2.1. ON Core principal primary

Note

ON Principal with primary role is only configured in architectures with one or more workers. This can be found in HA architectures.

The following steps explain the process that should be followed in order to configure a principal node.

Before executing any configuration, we must stop the following services:

systemctl stop opennac
systemctl stop gearmand
systemctl stop httpd
systemctl stop radiusd

Note

Remember to perform the Basic Configuration before proceeding.

  1. Edit the /etc/my.cnf file and uncomment the “Replication (Principal)” section, make sure the server-id is 1.

vim /etc/my.cnf
../../../_images/princiaplconf.png


  1. Restart mysql service.

systemctl restart mysqld

  1. Access mysql.

mysql -u root -p<mysql_root_password> opennac
../../../_images/ddbbin.png


  1. Grant permissions to the different workers, execute the following command for each worker and use its IP address.

GRANT REPLICATION SLAVE ON *.* TO 'onworker'@'<worker_ip>' IDENTIFIED BY '<password>';
../../../_images/grantpermissionsprincipal.png


Note

  • Remember that it is important that this password is unique and that it should be stored somewhere safe, like a password vault.

  • This password will be used to configure all workers.

  1. Grant privileges

GRANT ALL PRIVILEGES ON opennac.* TO 'admin'@'<worker_ip>' identified by '<admin_password>';
../../../_images/grantprivilegesprincipal.png


Note

  • Run for each worker with its own IP address.

  • The admin_password will be the same that is stored in the file ‘/usr/share/opennac/api/application/configs/application.ini’, from each worker, is the value of the field ‘resources.multidb.dbW.password’.

../../../_images/principaldbpass.png


  1. Flush privileges

flush privileges;
../../../_images/flushprivileges.png


  1. Still inside mysql, check the master status, mind the file and position for later use. After that exit from Mysql.

show master status;

exit
../../../_images/masterstatus.png


Note

Remember that the file and position values will be used in the Worker configuration.

  1. Generate a dump of OpenNAC Enterprise database.

mysqldump -u root -p<mysql_root_password> opennac > opennac.sql

  1. Insert the firewall rule into the master’s iptables.

vim /etc/sysconfig/iptables

Add the following line (where the worker_ip is the ip of the core that contains the replicated database).

-A INPUT -s <worker_ip> -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
../../../_images/iptables.png


Note

You need to configure a rule for each worker device with its own IP address.

  1. Restart iptables service

systemctl restart iptables

  1. Now, send this dump to all the workers (where the worker_ip is the ip of the core that contains the replicated database).

scp opennac.sql root@<worker_ip>: