How to reset the cluster key in both primary and secondary node?

The cluster key in Ezeelogin is used for master-slave communication and user add/edit functions. The cluster key is generated at the time of Ezeelogin installation. The private key of the cluster key is encrypted and saved in the Ezeelogin database and cannot be retrieved.

Cluster keys now support ed25519, ecdsa, dsa, and rsa key types starting from Ezeelogin version 7.37.8. Refer to the article to upgrade to the latest version.

After upgrading, make sure to regenerate the cluster key with the specified key type and both cluster nodes must support this key type.

1. Refer help option for regenerating the cluster key pair.

root@jumpserver:~# /usr/local/ezlogin/eztool.php -- -help

-regenerate_cluster_key : Regenerate Cluster SSH key (for connecting to cluster nodes)
-clssh_key_type : Cluster SSH key type (ed25519, ecdsa, dsa, rsa) for SSH to cluster nodes. Note: Both cluster nodes must support this key type. (only for -regenerate_cluster_key)

2.a: Enter the following command to reset the cluster key on Primary(master) Ezeelogin. This will regenerate ed25519 key by default.

root@jumpserver:~# /usr/local/ezlogin/eztool.php -regenerate_cluster_key

2.b: Enter the following command to reset the cluster key with specific key type.

root@jumpserver:~# /usr/local/ezlogin/eztool.php -regenerate_cluster_key -clssh_key_type rsa

The cluster private key is located at /usr/local/etc/ezlogin/id_clkey and cluster public key at /usr/local/etc/ezlogin/id_clkey.pub

How to reset the cluster key in secondary/slave node?

Reinstall the secondary/slave (cluster) node after resetting the cluster key on the primary/master node.

Make sure to sync the database before uninstalling slave node to prevent data loss.

1.Run below command to uninstall slave node.

root@slave_node:~# /usr/local/sbin/uninstall_ezlogin.php

2. Install secondary /slave node again.

root@slave_node:~# sh ezlogin_7.x.x.bin -- -secondary <ip_address of secondary node> -othernode <ip_address of master node>

Refer detailed article to install slave / secondary node.

FAQ:

1. Can we disable the slave server since we are currently using only the master node?

Certainly, the choice to disable the slave server is yours, but keep a note that data synchronization between the master and slave servers will not occur if the slave is disabled. It is recommended to keep both servers running and synchronized for real-time data updates, as changes made to the master server will automatically sync with the slave server.