Thanks for sharing your

quentinperceval · ‎11-12-2013

Hi,

I finally solve my step #4 problem !

Here is the way :

- On a member of the cluster, do logconfig > hostkeyconfig > host, and copy the ssh-dss key of all the machine in the cluster.

- Add these keys in logconfig > hostkeyconfig > new, with their associated IP/hostname (one key at the time).

With this configuration, every machine can leave and join the cluster without human action following my previsous script.


#1) Remove ESA1 from the cluster
 ssh backup@<IP_ESA1> "clustermode cluster; clusterconfig removemachine <hostname_ESA1>"
#2) Download standalone configuration file
 filename=`ssh  backup@<IP_ESA1> "saveconfig no" | grep xml | sed "s/\"//g" | sed "s/\.$//"`
  scp backup@<IP_ESA1>:$filename
#3) Add ESA1 as a future CCS cluster user on ESA2
 ssh backup@<IP_ESA2> "clustermode cluster;clusterconfig prepjoin  new <serial_ESA1> <hostname_ESA1>  \"<fingerprint_ESA1>\";commit CCS"
#4) Put ESA1 back into the cluster
 ssh backup@<IP_ESA1> "clusterconfig join --port=2222 <IP_ESA2> Main_Group"

Thank you for all your answers

Best Regards

Quentin

Jacqueline Fleming · ‎03-13-2014

Thanks for sharing your experience with the community! I wanted to let you know that Cisco is working to provide an even better solution for loading configurations for Clsutered ESAs.

In the upcoming release of AsyncOS 8.5.0, there is a new feature that allows loading configuration files saved from a Cluster to a machine that is currently part of a Cluster. I'd encourage interested parties to review the Release Notes, available here:

http://www.cisco.com/c/en/us/support/security/email-security-appliance/products-release-notes-list.html

- Jackie

Re: Restore cluster configuration