Skip to main content

Illumio Core 22.2 Install, Configure, Upgrade

Add a New Member to an Existing Supercluster

This topic explains how to add one or more new members to an existing Supercluster.

Before You Begin: Runtime Configuration

Before you add a new member to your PCE Supercluster, be aware of the following runtime_env.yml configurations:

  • The value of the parameter service_discovery_encryption_key in the runtime_env.yml file must be exactly the same on all nodes on all PCEs in your Supercluster.

  • You do not need to configure the public IP addresses of other PCEs under the cluster_public_ips parameter. Supercluster PCEs automatically exchange their configured public IP addresses with each other, which get programmed by the VEN to allow workloads to migrate between PCEs.

Optional

Depending on your deployment environment, you might need to make the following changes to the runtime_env.yml file on each PCE in the Supercluster.

When the nodes of each PCE use multiple IP addresses or they use IP addresses other than the one advertised on the node for communication with other PCEs, such as having a NAT between the PCEs in your Supercluster, configure this optional parameter:

  • supercluster.node_public_ip: The public IP address of this node is advertised to other PCEs in your Supercluster deployment. This IP address must be reachable from all other Supercluster PCEs that you want to join. This parameter must be set on all nodes in each PCE. When your PCE is deployed in a public cloud, such as AWS, this must be a public IP address.

Install Members

Install each new member of your Supercluster by following the exact same procedures you use when installing a standalone PCE, except do not create a domain during deployment.

For information about installing a PCE, see the PCE Installation and Upgrade Guide.

Join Each Member to the Supercluster

Important

If you are adding multiple new PCEs, you must join only one member at a time, and complete all steps before joining the next member. Ensure that each member is at runlevel 2 before joining.

  1. If necessary, on any node, bring all nodes to runlevel 2:

    sudo -u ilo-pce illumio-pce-ctl set-runlevel 2

  2. On any node, run the following command while you wait for all nodes to reach runlevel 2:

    sudo -u ilo-pce illumio-pce-ctl status --wait

  3. On any core node or the data0 node of the member cluster, join the member to the Supercluster (identified by the leader's FQDN):

    sudo -u ilo-pce illumio-pce-ctl supercluster-join leader_pce_fqdn

    While this command runs, the PCE temporarily sets the runlevel to 1. If the command is interrupted, you might unexpectedly see runlevel 1.

    Important

    Running this command can take an hour or more depending on the number of PCEs in your Supercluster and size of the PCE database. If this command fails due to network latency, do not proceed until you can run the command again and it executes successfully.

  4. Repeat step 3 for all members you want to join to the Supercluster.

  5. On all PCEs, restart the PCEs in the Supercluster:

    sudo -u ilo-pce illumio-pce-ctl cluster-restart

  6. On all PCEs, bring the PCEs to runlevel 5:

    sudo -u ilo-pce illumio-pce-ctl set-runlevel 5
See also: