Highlighted
rochfo Super Contributor.
Super Contributor.
1243 views

Move Collector to a different Sentinel Server

I was trying to do this using the ./configure.sh util on the CM I wan't to move. It can connect fine to the sentinel server and pull back the cert but it won't accept the 'admin' password. I know it's correct as I've added new CMs to it and I can log in with it. I am trying to move a CM from an existing Sentinel Server to a completely separate one. Is this possible without reinstalling the CM? I can netcat to the [tcp/8443 - tcp/61616] ports fine on the Sentinel Server I want to move to from the CM I want to move.

1. Standard configuration
2. Custom configuration

Select the configuration method [1] => 2
Server Hostname or IP Address => XXXXX
Enter the Sentinel server communication channel port number [61616] =>
Enter the Sentinel web server port number [8443] =>

Connecting to Sentinel server XXXXX:61616.

Getting the client keystore file from XXXXX. This might take some time...
Certificate type: X.509 Issued by: XXXXX, O=broker Issued to: XXXXX, O=broker
xx:xx:xx:xx:xx:xx:xx:xx:xx:
============================================================================================================================================================

Would you like to accept this certificate ? yes/no => yes

Enter the user name with Administrator role => admin
Enter the password for "admin" =>
ERROR: Failed to connect to XXXXX:8443

Error getting the client keystore file.
Invalid JMS username or password for collectormanager.
Refer to /var/opt/novell/sentinel/log/install.log for detailed error messages.
0 Likes
8 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Move Collector to a different Sentinel Server

Your thread title mentions moving a collector, but the rest of your post
seems to be talking more about moving a Collector Manager (CM) service, or
at least installing a new one. Could you please explain why you are doing
what you are doing?

If you want a collector to be on a different CM, this is the wrong way to
do it, but you can do so easily within Event Source Management (ESM). If
you want to setup a new CM, then what you are doing looks close, but of
course you have that error. I am not sure why you would want to move a
CM, but I doubt what you are trying will work.

Since configure.sh does not work on any old Linux box, I presume you first
installed some software. What steps, precisely, did you take prior to
this step? Which Linux distribution (and version/patch) are you on? Is
the new CM that worked also using the same steps, distribution, etc.?

On 08/27/2018 05:24 AM, rochfordp wrote:
>
> I was trying to do this using the ./configure.sh util on the CM I wan't
> to move. It can connect fine to the sentinel server and pull back the
> cert but it won't accept the 'admin' password. I know it's correct as
> I've added new CMs to it and I can log in with it. I am trying to move a
> CM from an existing Sentinel Server to a completely separate one. Is


It may be possible, but I have never seen a way to do it, and would bet it
is unsupported. What is the reason for moving the service, though?
Upgrading OS? Changing IP? Something else?

> this possible without reinstalling the CM? I can netcat to the [tcp/8443
> - tcp/61616] ports fine on the Sentinel Server I want to move to from
> the CM I want to move.


Is the netcat test that you did using the same IP as the one reported to
NOT work in the error message? I could probably assume you only XXXXX'd
out one IP address, but assuming gets people in trouble. On the other
hand, the error seems to point at something other than transport layer issues:

> ERROR: Failed to connect to XXXXX:8443
>
> Error getting the client keystore file.


If there is a problem with a truststore then that is where you will need
to look, though I think we should start with answering the "why" behind
all of this first.

> Invalid JMS username or password for collectormanager.
> Refer to /var/opt/novell/sentinel/log/install.log for detailed error
> messages.


Anything interesting in that log file?

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
rochfo Super Contributor.
Super Contributor.

Re: Move Collector to a different Sentinel Server

Thanks for the response, I am working with appliance images so the relevant Sentinel applications are on them.

I have two separate Sentinel installations, one production and one as a backup/test. I want to test moving a Collector Manager from the backup Sentinel install to the production one. Why? In the event the production Sentinel server is down I can move the collector to a different Sentinel host with little work; we don't have a HA option. The connectivity test is from the Collector Manager I want to move to the production Sentinel server to see if it works.

I may have just answered my own question here going back over this. The Collector Manager I am trying to move is running Sentinel 8.2, production is 8.1; assume this is the issue.

Nothing in the logs bar what is reported already re: keystore issue

Hope that makes sense.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Move Collector to a different Sentinel Server

On 08/27/2018 08:24 AM, rochfordp wrote:
>
> I have two separate Sentinel installations, one production and one as a
> backup/test. I want to test moving a Collector Manager from the backup
> Sentinel install to the production one. Why? In the event the production
> Sentinel server is down I can move the collector to a different Sentinel


Do you really mean moving a collector, or do you mean a Collector Manager
(CM) here?

> host with little work; we don't have a HA option. The connectivity test
> is from the Collector Manager I want to move to the production Sentinel
> server to see if it works.


It should probably be pointed out that the Collector Manager (CM) is
mostly configuration-less when it comes to what it will run. When a CM
loads, it connects to Sentinel (the main "reporting" service) and asks
that service what it should do. The CM itself does not know what to do,
so moving it from one environment to another will not bring the old stuff
with it, or adopt any new stuff automatically (since a new CM has no
collectors running out of the box). As a result, i do not think this will
ever do what you want it to do.

If you want to be able to handle the crash of a CM (hardware failure
perhaps) you may want to virtualize it so you can easily start up the
VM/appliance on another host. Otherwise, doing good backups of the entire
filesystem should let you restore with the old CM's identity fairly quickly.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
rochfo Super Contributor.
Super Contributor.

Re: Move Collector to a different Sentinel Server

Thanks for the responses. It is a fully virtualised environment.

Possibly different slant then. Can I take a config backup from sentinelserverA and restore it to sentineserverB (different hostnames/IPs)?
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Move Collector to a different Sentinel Server

I think it may be good to review the business case for your current
actions/attempts. If you want to have a backup/test environment that
matches production, it would probably be best to just clone the
virtualized system, isolated it (network wise), and fire it up. Tada!

On the other hand, if you want some way to quickly recover a box that has
crashed, then backups or some kind of VM snapshot is probably best. If
you were to setup a new Collector Manager (CM) system, that system will
have a unique GUID/UUID, so when it talks to Sentinel it will be seen as a
new system, and will not take over the configuration of the old system.
If you were to restore the old system's software (binaries, configuration,
etc.) to the new system, essentially making the new system the same as the
old system, then turning it on would probably get the configuration data
(collectors, connectors, etc.) from the main environment.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
rochfo Super Contributor.
Super Contributor.

Re: Move Collector to a different Sentinel Server

We're just looking at what optinos there are with Sentinel, ultimately we will probably do something like async replication using Veeam
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Move Collector to a different Sentinel Server

Sure, but options to accomplish what goal? I have probably just missed it
in your previous posts, but I'm looking for why you are trying to move the
Collector Manager (CM), or maybe just a single collector within a CM, in
the first place. There is a backup/restore script with Sentinel, but it
explicitly states in the documentation that it is not made for a Collector
Manager (CM).

You may also want to investigate using Event Source Management (ESM) which
is the thick client for managing collector/connectors as you can export
configuration data from there. Depending on your needs, that may be useful.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
rochfo Super Contributor.
Super Contributor.

Re: Move Collector to a different Sentinel Server

To bring the VM guests up on the secondary Host in the event of failure. Works fine, we've tested it this morning.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.