Auto-Provision a Gateway Node
This topic applies only to Gateways in the Appliance form factor. It does not work with Software Gateways.
gateway
This topic applies only to Gateways in the Appliance form factor. It does not work with Software Gateways.
This section describes how to configure a Gateway node "headlessly" from the command line, without using the Gateway main menu.
This topic is intended for system administrators or advanced technical users.
Prerequisites:
- The Gateway node is not configured. To confirm, use option7(Manager CA API Gateway status) on the Gateway Configuration Menu (Appliance). You should see "Node Not Configured".
- Networking is configured. For more information, see Option 1 - Configure Networking and System Time Settings.
- Database replication should be configured prior to headless configuration, if desired. For more information, see Configuring Cluster Database Replication.
- Appropriate database access is granted if the new node uses a remote DB host.
- Thessgconfiguser's password has been renewed.
Overview of Procedure
Configuring a Gateway node headlessly involves the following steps:
- Run thessgconfig-headlesscommand to create a properties template.
- Edit the template with information about the Gateway node.
- Run thethecommand to create a new Gateway node using the properties template.ssgconfig-headless
Step 1: Create a Properties Template
- Open a privileged shell.
- Run the following command to create a template file (for example, 'create-node.properties'):# /opt/SecureSpan/Gateway/config/bin/ssgconfig-headless create -template > create-node.propertiesYou can also run the command remotely as thessgconfiguser:# ssh ssgconfig@gatewayhost /opt/SecureSpan/Gateway/config/bin/ssgconfig-headless create -template > create-node.propertiesUse the 'help' command to display more information: "ssgconfig-headless help".
Step 2: Edit the Template File
Open the "create-node.properties" file in a text editor and add information about your Gateway node as required.
Tip:
The entries in this file will be familiar to those who have configured an Appliance Gateway.Note the following as you edit the template file:
- To configure both database and node, setconfigure.node=true. To configure only the database, setconfigure.node=false. To join a new node to an existing cluster, setconfigure.node=trueandconfigure.db=false.
- If configuring a Gateway node to join anexistingcluster, the following settings are not required and may be left blank (any values specified are ignored):
- database.admin.user
- database.admin.pass
- admin.user
- admin.pass
- cluster.host
Example properties for a standalone Gateway...
#### Headless config create template properties file #### ### Configure Database Failover Connection ### ## Database Failover Hostname #database.failover.host= ## Database Failover Port #database.failover.port=3306 ### Node Configuration ### ## Node Enabled State node.enable=true ## Configure the node.properties configure.node=true ### Cluster Configuration ### ## Cluster Hostname cluster.host=10.242.14.118 ## Cluster Passphrase cluster.pass=7layer ### Database Connection ### ## Creates the database configure.db=true ## The database type, either 'mysql' or 'embedded' database.type=mysql ## Database Hostname database.host=localhost ## Database Port database.port=3306 ## Database Name database.name=ssg ## Database Username database.user=gateway ## Database Password database.pass=7layer ## Administrative Database Username database.admin.user=root ## Administrative Database Password database.admin.pass=7layer ### SSM Administrative Account ### ## SSM Username admin.user=pmadmin ## SSM Password admin.pass=password
Example properties for a database master...
This creates a new Gateway node with a failover database connection.
#### Headless config create template properties file #### ### Configure Database Failover Connection ### ## Database Failover Hostname database.failover.host=failverhostname ## Database Failover Port database.failover.port=3306 ### Node Configuration ### ## Node Enabled State node.enable=true ## Configure the node.properties configure.node=true ### Cluster Configuration ### ## Cluster Hostname cluster.host=10.242.14.118 ## Cluster Passphrase cluster.pass=7layer ### Database Connection ### ## Creates the database configure.db=true ## The database type, either 'mysql' or 'embedded' database.type=mysql ## Database Hostname database.host=localhost ## Database Port database.port=3306 ## Database Name database.name=ssg ## Database Username database.user=gateway ## Database Password database.pass=7layer ## Administrative Database Username database.admin.user=root ## Administrative Database Password database.admin.pass=7layer ### SSM Administrative Account ### ## SSM Username admin.user=pmadmin ## SSM Password admin.pass=password
Example properties for connecting a second Gateway node to an existing cluster...
When installing the second Gateway node to join a cluster, ensure that the "configure.db" setting is set to false. This causes the node to connect to an existing database rather than trying to create a new one.
#### Headless config create template properties file #### ### Cluster Configuration ### ## Cluster Hostname cluster.host=clusterHostName ## Cluster Passphrase cluster.pass=ABCDEFGH ### Database Connection ### ## Creates the database configure.db=false ## The database type, either 'mysql' or 'embedded' database.type=mysql ## Database Hostname database.host=primaryDbHost ## Database Port database.port=3306 ## Database Name database.name=ssg ## Database Username database.user=gateway ## Database Password database.pass=ABCDEFGHIJ ## Administrative Database Username database.admin.user=root ## Administrative Database Password database.admin.pass=ABCDEFGHI ### Configure Database Failover Connection ### ## Database Failover Hostname database.failover.host=failoverDbHost ## Database Failover Port database.failover.port=3306 ### Node Configuration ### ## Node Enabled State node.enable=true ## Configure the node.properties configure.node=true ### SSM Administrative Account ### ## SSM Username admin.user=USERABCDEFG ## SSM Password admin.pass=USERPASSABCDEFG
Step 3: Create the Gateway Node
To create the Gateway node, run the following command:
# cat create-node.properties | /opt/SecureSpan/Gateway/config/bin/ssgconfig-headless create
You can also run the command remotely as the
ssgconfig
user:# cat create-node.properties | ssh ssgconfig@gatewayhost '/opt/SecureSpan/Gateway/config/bin/ssgconfig-headless create'
Advantage of running the command remotely: You can incorporate a script that uses
sed
to replace specific values in the file on the local side (for example, modifying the cluster.host
value or removing any passwords) before it is piped to the Gateway. (1) If you see the following error, check that the Gateway service is running:
Exception configuring gateway: Unexpected error saving configuration 'Could not send Message.'
(2) The output logs are located at: /opt/SecureSpan/Gateway/config/logs/config.log
Auto-Provisioning Other Entities
After auto provisioning the new node, you can auto provision the Gateway license and then publish key internal services such as the Gateway Management Service or Gateway REST Management Service. For more information, see: