Cluster management#
A NethServer 8 cluster is composed of one leader node and multiple worker nodes.
All nodes are managed through the Web user interface, which operates on the leader node.
An NS8 cluster consisting solely of the leader node is a fully functional system. Worker nodes can be added or removed at any time.
The VPN network chosen during the initial leader node setup determines the limit on the number of possible cluster nodes. Note that a node’s VPN IP is never released once allocated: removing a node does not free its VPN IP address.
The default VPN network 10.5.4.0/24
supports up to 254 cluster nodes.
In theory, the maximum number of nodes in an NS8 cluster is limited only by the VPN network size. However, it is advisable to add nodes gradually to avoid degrading the leader’s performance due to increasing workload.
Add a node#
You can add (join) a worker node to an existing cluster. The process consists of three steps:
install the new node
obtain the join code from the leader node
enter the join code into the worker node
First, prepare a machine with the same Linux distribution used for the leader node, then follow the install instruction until the login to the Web user interface.
After the login on the worker node, click the Join cluster button.
Ensure the node Fully Qualified Domain Name (FQDN) is correct, and respects the DNS requirements.
On the leader node, access the Nodes
page and click on Add node to cluster and copy the join code from the dialog box.
Return to the worker node and paste the code inside the Join code
field and click the
Join cluster button.
If the leader node does not have a valid TLS certificate, remember to disable the TLS certification validation
option before
clicking the join button.
When the node registration is complete, you can return to the leader user interface and install applications running on the new worker node.
Remove a node#
Worker nodes can be removed from the cluster. Before removing a given
worker node, ensure no account provider replica is running on it. In the
Domains and users
page, for each domain follow the N providers
link to see the node where a provider replica is installed on, then remove
it.
Warning
If the node is not reachable, or is not responding, the provider replica removal must be completed manually after the node removal.
Access the Nodes
page, go to the three-dots menu of the node and click
on Remove from cluster
to open a confirmation window. Applications
installed on the node are listed: review that list carefully because node
removal is not recoverable.
If the node removal window is confirmed by pushing the I understand, remove node button, the node and its applications are disconnected, their authorizations are revoked and they cannot access the cluster any more.
When a node is removed from the cluster the applications running on it are not affected and they are left in a running state. Shutdown and switch off the node to finalize the node removal.
Change FQDN#
A node’s FQDN is typically set during the post-installation steps. If it becomes necessary to change the FQDN later, follow these steps:
Access the
Nodes
page and navigate to the three-dots menu of the corresponding node card.Select the
Set FQDN
action.
If you are changing the leader node’s FQDN, an additional validation procedure will check if the new FQDN is correctly resolved by all worker nodes.
If you are changing a worker node’s FQDN, this validation is not enforced. However, it is still necessary to correctly register the new FQDN in the DNS as outlined in DNS configuration.
Promote a node to leader#
Adding and removing nodes may necessitate changing the cluster leader node.
A suitable leader node must be reachable by all other worker nodes.
Every worker node must correctly resolve the leader’s FQDN, which must be consistent across all worker nodes.
Depending on the state of the current leader node, there are two procedures to promote a node to the leader role:
Reachable leader node
Unreachable leader node
After promoting a leader, it is necessary to perform these additional tasks:
Reset the cluster backup password. For more information, see Cluster backup.
Additionally, refer to the note in Audit trail regarding node promotion.
Note
Promoting a new leader entails changes to the System logs configuration. For more details, refer to Logs persistence.
Reachable leader node#
If the current leader node is functioning properly, follow these steps:
Access the
Nodes
page.Open the three-dots menu of the node to promote and click on
Promote to leader
.
The Check node connectivity
checkbox verifies the connection of the
old leader with the designated one. Since the VPN connection cannot be
probed, only an HTTPS connection is attempted. This may fail due to
intervening network devices (e.g., NAT and port-forwarding setups). If you
are certain that the configuration is correct, you can disable the check,
but proceed at your own risk!
When the confirmation string is typed, the I understand, promote the node button becomes active, allowing you to complete the node promotion.
Unreachable leader node#
If the current leader node is not reachable, run a command on any other worker node. Be prepared for this situation by enabling SSH, console, or Cockpit terminal root access to the nodes.
For example, to promote the node with ID 3
, run the following command
on every worker node:
switch-leader --node 3
If the command fails because the VPN endpoint of node 3 is not defined or
is incorrect, use the optional --endpoint
parameter, for example:
switch-leader --node 3 --endpoint node3.example.net:55820
The VPN endpoint parameter consists of an address (name or IP) prefix and
a UDP port number suffix, separated by a colon :
.
Administrators#
Cluster administrators can fully manage the cluster. It’s recommended to create a personal user for each cluster administrator. All actions executed by a cluster administrator are collected inside a security Audit trail.
To add a new cluster administrator go to the Settings
page and select the Cluster administrators
card.
Then click on Create admin button and fill the required fields.
An administrator can’t delete its own user. To delete an administrator, you must log in with another existing cluster administrator.
Administrators can change their own password from the Account
card inside the Settings
page.
Two-factor authentication (2FA)#
Two-factor authentication (2FA) can be used to add an extra layer of security required to access the cluster management user interface.
The administrator can enable 2FA from the Account
card inside the Settings
page by clicking
the Enable 2FA button.
The user will have to:
download and install the preferred 2FA application on the smartphone
scan the QR code with the 2FA application
generate a new code and copy it inside the verification field, then click Verify code
Smartphone applications#
There are several commercial and open source 2FA applications:
Available for both Android and iOS:
FreeOTP: available for both Android and iOS
Authenticator: available on iOS only
2FAS: available for both Android and iOS
Reset the cluster administrator password#
If you are locked out of the web user interface and you can still access a
system command-line shell as root
(e.g. by the system recovery console
or SSH), run the following command to disable 2FA and reset the password:
api-cli run alter-user --data '{"user":"admin","set":{"password":"Nethesis,1234","2fa":false}}'
Replace the admin
and Nethesis,1234
default credentials as needed.
Audit trail#
Inside the audit trail page, cluster administrators can inspect all actions executed by any other administrator. Each event of the audit trail contains at least:
date and time of the action
user name of the cluster administrator
name of the action
Audit trail events can be filtered by user, date, action type, and custom text match.
Note
Audit trail information is stored in the leader node disk. In case of new leader promotion the audit trail information in the old leader is no longer accessible.