How to reset cluster keys in ezeelogin Master-slave Configuration ?
How to reset the cluster key in both primary and secondary node?
The cluster key in Ezeelogin is used for master-slave communication and user add/edit functions. The cluster key is generated at the time of Ezeelogin installation. The private key of the cluster key is encrypted and saved in the Ezeelogin database and cannot be retrieved.
Cluster keys now support ed25519, ecdsa, dsa, and rsa key types starting from Ezeelogin version 7.37.8. Refer to the article to upgrade to the latest version.
After upgrading, make sure to regenerate the cluster key with the specified key type and both cluster nodes must support this key type.
1. Refer help option for regenerating the cluster key pair.
root@jumpserver:~# /usr/local/ezlogin/eztool.php -- -help
-regenerate_cluster_key : Regenerate Cluster SSH key (for connecting to cluster nodes)
-clssh_key_type : Cluster SSH key type (ed25519, ecdsa, dsa, rsa) for SSH to cluster nodes. Note: Both cluster nodes must support this key type. (only for -regenerate_cluster_key)
2.a: Enter the following command to reset the cluster key on Primary(master) Ezeelogin. This will regenerate ed25519 key by default.
root@jumpserver:~# /usr/local/ezlogin/eztool.php -regenerate_cluster_key
or
2.b: Enter the following command to reset the cluster key with specific key type.
root@jumpserver:~# /usr/local/ezlogin/eztool.php -regenerate_cluster_key -clssh_key_type rsa
The cluster private key is located at /usr/local/etc/ezlogin/id_clkey and cluster public key at /usr/local/etc/ezlogin/id_clkey.pub
How to reset the cluster key in secondary/slave node?
1.Run below command to uninstall slave node.
root@slave_node:~# /usr/local/sbin/uninstall_ezlogin.php
2. Install secondary /slave node again.
root@slave_node:~# sh ezlogin_7.x.x.bin -- -secondary <ip_address of secondary node> -othernode <ip_address of master node>
FAQ:
1. Can we disable the slave server since we are currently using only the master node?
Certainly, the choice to disable the slave server is yours, but keep a note that data synchronization between the master and slave servers will not occur if the slave is disabled. It is recommended to keep both servers running and synchronized for real-time data updates, as changes made to the master server will automatically sync with the slave server.