Skip to main content
Skip table of contents

Cluster: Add a Node to an Existing Cluster

Preconditions for Adding Nodes

  • You can only add newly set up nodes to which no one has yet logged in.

  • If you add a node that has not been newly provisioned, an error message is displayed after you click on Fetch TLS Fingerprint.

  • If you want to add a new cluster node to an existing cluster, all existing nodes must be connected.

Proceed as follows to create a first cluster node or to add a node to an existing cluster:

  1. Log in to your Keyfactor Next Generation Hardware Appliance.

  2. Open the Cluster page.

  3. In the section Cluster Members, click Unlock to make changes.

  4. Click Add Cluster Node to open the Add Cluster Node dialog:

    • Enter the Cluster Node Address of the new node as IPv4 or IPv6 address or as FQDN.

    • Click Fetch Fingerprint to get the TLS fingerprint of the new node.
      The TLS fingerprint will be displayed.

    • Compare the indicated TLS fingerprint with the TLS fingerprint shown on the front display of the new node.

    • If the two fingerprints are identical, confirm this by activating the option TLS Fingerprint matches. The field OTP will become editable.

    • Enter the OTP for the new node.

    • Click Add Cluster Node to confirm your entries and create the new node.

After the new node has been added, the VPN between the nodes will be created and the new node will receive information about the cluster configuration and the HSM type.

In the section Cluster Members, the new node appears with the connectivity status Initializing, which changes to Connecting and finally to Connected. At the same time, the LTID (Last Transaction ID) of all nodes will converge.

When the new node appears as Connected, the cluster is operational.

Resolving Cluster Node Addresses

When a node is added to a new cluster, two entries are added to the cluster configuration.

  • The address for the new node

  • and the adjusted address for Node1.

The entry for the address of the newly added node is exactly as specified. The current network configuration of Node1 is used to decide which of the available addresses of Node1 is selected for the cluster configuration.

The rules for the Node1 address in the cluster configuration are as follows:

  1. You enter an IPv4 address for the new node → pick the IPv4 address of Node1.

  2. You enter an IPv6 address for the new node → pick the IPv6 address of Node1.

  3. You enter a hostname for the new node and

    1. Node1 has a hostname → we pick the hostname of Node1.

    2. Node1 does not have a hostname and

      • The hostname of the new node only resolves to IPv4 → pick the IPv4 address of Node1.

      • The hostname of the new node only resolves to IPv6 → pick the IPv6 address of Node1.

      • The hostname of the new node resolves to IPv4 and IPv6 → pick the IPv6 address of Node1.

Switch between Cluster Nodes

As soon as a cluster is configured you will find a drop down node selection list in the title bar:

The list offers the following:

  • Node1: The name in the title bar is the name of the cluster node you are currently connected to.

  • Cluster nodes in list: The list contains all available cluster nodes, excluding the node to which you are currently connected. Click any node to switch to its Webconf.

  • Configure cluster: To switch to the Cluster page of the node you are currently connected to, click Configure cluster.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close