Configuring control of secondary interfaces in HA deployments

If you use iSCSI and a dedicated network interface in a high-availability (HA) deployment, you must ensure that the secondary interface is not managed by the HA process. Configure the management of the secondary interface to ensure that if a failover to the secondary HA host occurs, the interface always remains active.

Before you begin

Ensure that the following conditions are met:

  • Separate IP addresses for the dedicated iSCSI network interface on each of the HA servers. The IP addresses must be on different networks.

    Separate IP addresses prevent IP address conflicts when the network interfaces are active on both HA hosts at the same time. The iSCSI software and drivers can access the external storage at startup and during the HA failover. Also, the external volume can be successfully mounted when the HA node switches from standby to active.

    For more information about configuring network interfaces, see Configuring network interfaces.

  • The primary and secondary appliances are configured.

    For more information, see the IBM® QRadar High Availability Guide.

  • iSCSI storage is configured.
  • NetworkManager is disabled by typing the following command. 
    systemctl status NetworkManager

Procedure

  1. On the primary host, use SSH to log in to the QRadar® Console as the root user.
  2. Disable the QRadar HA service control of network interface.
    1. Go to the /opt/qradar/ha/interfaces/ directory

      The directory contains a list of files that have a name that starts with ifcfg-. One file exists for each interface that is controlled by QRadar HA processes.

    2. Delete the file that is used to access your iSCSI storage network.

      Deleting the file removes control of the interface from the HA processes.

  3. Re-enable operating system-level control of the network interfaces.
    1. Go to the /etc/sysconfig/network-scripts directory.
    2. Open the ifcfg- file for the interface that connects to your iSCSI network.
    3. To ensure that the network interface is always active, change the value for the ONBOOT parameter to ONBOOT=yes.
  4. To restart the iSCSI services, type the following command: 
    systemctl restart iscsi
  5. Repeat these steps for the HA secondary appliance.
  6. Optional: To test access to your iSCSI storage from your secondary appliance, use the ping command: 
    ping <iscsi_server_ip_address>