Discovery
opHA 3 has different Authentication configurations to discover a peer:
- user/password
- user/sharedkey
For the user/password, it should be a valid user and password with permission over module_opcore_view module.
For the user/sharedkey:
- user must have permissions over module_opcore_view module. Used for authorisation.
- sharedkey should be one in omkd_secrets in opCommon.json in the poller. Used for authentication.
A token will be generated using this user and password to protect the shared key.
Peer Communication
opHA 3 needs to have the "token" method authentication setup in order to perform the internal communication.
It can be changed in opCommon.json setting in the pollers:
"auth_method_1" : "token",
It can also use auth_method_2 or auth_method_3.
After the change, omkd daemon should be restarted.
For this purpose, the following settings are sent from the poller to the primary:
"auth_token_key" : ["token"], "opha_api_user" : "omkapiha",
And they would be saved in the the registry in the primary, that will generate a token with this data to perform the communication.