Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor


SEO Metadata
titleSet up high availability for Digital Access component

Smart ID Digital Access component supports high availability and failover that provides powerful flexibility and scalability. With this mode, Digital Access component will switch to a redundant service once the primary one has stopped working.

This article describes the setup of high availability for two or more Digital Access services with a Smart ID docker compose deployment setup.

Smart ID Digital Access component supports distributed mode to enable high availability. With this mode, Digital Access will switch to a redundant service once the primary one has stopped working. Thereby, not only one but several redundant services are supported. 

The deployment steps mentioned in Deploy Smart ID apply to single node setup only. If you want to configure Digital Access in distributed mode or high availability, follow the steps below for deployment on every node.This article describes the setup of high availability for two or more Digital Access services with a Smart ID docker compose deployment setup.

Expandall

Prerequisites

Expand
titlePrerequisites

The following prerequisites apply:

  • Make sure all the required firewall ports are open.
  • This setup uses the bridge network mode.
  • You have copied the Smart ID deployment folder and followed steps from Deploy Smart ID document till the "Initialize your deployment" section.

Step-by-step instruction

Update docker-compose.yml for all services

Refer the docker compose changes from the below section to be done for all services for all nodes you would want to add.
Make sure all service names are different for every node and they should match the ones you give in admin GUI while adding new services.

Expand
titleAdministration service


Code Block
titledocker-compose.yml
services:
  smartid-da-admin:
    env_file: ../../smartid.env
    image: "${SMARTID_REPO_DOCKER}/smartid-digitalaccess/administration-service:${SMARTID_VERSION}"
    restart: always
    container_name: "smartid-da-admin"
    ports:
      - "8443:8443"
      - "8300:8300"
    volumes:
      - ../DA-data:/etc/nexus:z
      - ../config/da-admin-customize.conf:/opt/nexus/administration-service/config/customize.conf:ro
    logging:
      driver: json-file
      options:
        max-size: 10m
    networks:
      - smartid_backend

networks:
  smartid_backend:
    external:
      name: smartid_backend



Expand
titlePolicy service


Code Block
titledocker-compose.yml
services:
  smartid-da-policy:
    env_file: ../../smartid.env
    image: "${SMARTID_REPO_DOCKER}/smartid-digitalaccess/policy-service:${SMARTID_VERSION}"
    restart: always
    container_name: "smartid-da-policy"
    ports:
      - "4443:4443"
      - "8301:8301"
    volumes:
      - ../DA-data:/etc/nexus:z
    logging:
      driver: json-file
      options:
        max-size: 10m
    networks:
      - smartid_backend

networks:
  smartid_backend:
    external:
      name: smartid_backend



Expand
titleAuthentication service


Code Block
titledocker-compose.yml
services:
  smartid-da-auth:
    env_file: ../../smartid.env
    image: "${SMARTID_REPO_DOCKER}/smartid-digitalaccess/authentication-service:${SMARTID_VERSION}"
    environment:
      - IMPLICITLY_TRUST_RADIUS_CLIENT=true
    restart: always
    container_name: "smartid-da-auth"
    ports:
      - "8302:8302"
      - "18118-18126:18118-18126/udp"
    volumes:
      - ../DA-data:/etc/nexus:z
      - ../config/da-auth-customize.conf:/opt/nexus/authentication-service/config/customize.conf:ro
    logging:
      driver: json-file
      options:
        max-size: 10m
    networks:
      - smartid_backend

networks:
  smartid_backend:
    external:
      name: smartid_backend



Expand
titleDistribution service


Code Block
titledocker-compose.yml
services:
  smartid-da-dist:
    env_file: ../../smartid.env
    image: "${SMARTID_REPO_DOCKER}/smartid-digitalaccess/distribution-service:${SMARTID_VERSION}"
    restart: always
    container_name: "smartid-da-dist"
    ports:
      - "8303:8303"
      - "9443:9443"
    volumes:
      - ../DA-data:/etc/nexus:z
    logging:
      driver: json-file
      options:
        max-size: 10m
    networks:
      - smartid_backend

networks:
  smartid_backend:
    external:
      name: smartid_backend



Expand
titleAccess point


Code Block
titledocker-compose.yml
services:
  smartid-da-accesspoint:
    env_file: ../../smartid.env
    image: "${SMARTID_REPO_DOCKER}/smartid-digitalaccess/access-point:${SMARTID_VERSION}"
    restart: always
    container_name: "smartid-da-accesspoint"
    ports:
      - "443:10443"
      - "80:8090"
    volumes:
      - ../DA-data:/etc/nexus:z
    logging:
      driver: json-file
      options:
        max-size: 10m
    networks:
      - smartid_backend

networks:
  smartid_backend:
    external:
      name: smartid_backend


In Digital Access Admin

Expand
titleDo updates in Digital Access Admin
  1. Start the admin service and all other services.


    Code Block
    titleExample: Start Dígital Access Administration service
    cd <SMARTIDHOME>/compose/digitalaccess/administration-service
    docker-compose up -d
    


  2. Log in to the admin UI and change the internal host of all services so that they are able to communicate with admin and are also reachable from other nodes to other services.
  3. Make sure the port for each added service match the ports in docker-compose.yml.
  4. Go to Manage System > Administration service and check the Listen on all interfaces checkbox. Restart the admin service.
  5. Add the required services for high availability and note down the ID of the services.
  6. Go to Manage System, and for all the services, check the Listen on all interfaces and Distribute key files automatically checkboxes.
  7. Publish the changes.

Edit LocalConfiguration.xml of all services

Expand
titleEdit LocalConfiguration.xml for all services
  1. Update LocalConfiguration.xml of each service on the same host as admin service to have the correct mHost value for the administration service. Also, update LocalConfiguration.xml of newly added services on other nodes. For example, if you add a new policy service in admin, then the LocalConfiguration.xml of it would look like below. Change the <id> tag value and mId of the new service to match the one in the admin GUI. Make sure that the mHost of the admin service is correct.
Code Block
titleExample: LocalConfiguration.xml of 2nd policy service
collapsetrue
<?xml version="1.0" encoding="UTF-8"?><com>
  <portwise>
    <core>
      <id>7</id>
    </core>
    <policy>
      <node>
        <object key="c000ejp1m5" name="Administration Service" trans="gi3d4lmzfh1c" ver="50600">
          <attribute name="mAllInterfaces" type="boolean" value="true"/>
          <attribute name="mPort" type="integer" value="8300"/>
          <attribute name="mHost" type="string" value="<admin-hostname>"/>
          <attribute name="mType" type="integer" value="5"/>
          <attribute name="mId" type="integer" value="1"/>
        </object>
        <object key="aaaaaaa" name="Policy service 2" trans="abgfh" ver="50600">
          <attribute name="mAllInterfaces" type="boolean" value="true"/>
          <attribute name="mPort" type="integer" value="8301"/>
          <attribute name="mHost" type="string" value="policy2-hostname"/>
          <attribute name="mHTTPLogSettings" type="container" value="logsettings">
            <attribute name="mEventLogLevel" type="string" value="OFF"/>
            <attribute name="mLocalCount" type="integer" value="2"/>
            <attribute name="mAuthenticationTiming" type="boolean" value="false"/>
            <attribute name="mFileLogLevel" type="string" value="OFF"/>
            <attribute name="mFileSizeRotationEnabled" type="boolean" value="true"/>
            <attribute name="mCentralLimit" type="integer" value="15000000"/>
            <attribute name="mLocalLimit" type="integer" value="5000000"/>
            <attribute name="mDateRotationEnabled" type="boolean" value="false"/>
            <attribute name="mCentralCount" type="integer" value="5"/>
          </attribute>
          <attribute name="mType" type="integer" value="1"/>
          <attribute name="mId" type="integer" value="7"/>
        </object>
      </node>
    </policy>
  </portwise>
</com> 



Expand
titleStart Digital Access
  1. Stop and start the modified Digital Access services by going into the wanted component folder:

    Code Block
    titleDigital Access - services location
    <SMARTIDHOME>/compose/digitalaccess/accesspoint
    <SMARTIDHOME>/compose/digitalaccess/policy-service
    <SMARTIDHOME>/compose/digitalaccess/administration
    <SMARTIDHOME>/compose/digitalaccess/distribution-service
    


    Code Block
    titleRestart Dígital Access Administration service
    cd <SMARTIDHOME>/compose/digitalaccess/administration-service
    docker-compose down
    docker-compose up -d
    


  2. In case there are errors in the logs related to connection not successful, restart the services and check again.


This article includes updates for Digital Access 6.3.0 and and Smart ID 22.10.x.

Note

This will be part of the next minor Smart ID release for 22.10.x when it is released.