Adding a Data Node to an HA Cluster - TufinOS

Overview

This procedure is for adding a worker node to an existing TOS Aurora cluster running on TufinOS. If you have not yet installed TOS Aurora, on the primary data node, start with the appropriate clean install procedure.

For all other installation paths such as upgrade or other platforms, see the menu for the appropriate procedure.

You do not need to install TOS on non-primary data nodes.

For more information on high availability, see High Availability.

Prerequisites

  • This procedure must be performed by an experienced Linux administrator with knowledge of network configuration.

  • To ensure optimal performance and reliability, the required resources need to be allocated exclusively to TOS. If resources become unavailable, this will affect TOS performance. Do not oversubscribe resources.

  • You cannot use IP Tables. All IP tables rules will be flushed when adding the node.

  • Your primary data node must also be deployed on TufinOS.

  • You must know the resources you will need - CPU cores, RAM, disk space and the load-model parameter, provided by your account team based on the procedure Calculate resources - clean install.

  • If you intend to use syslog, allocate a syslog VIP on the same subnet as your primary VIP.

  • (On-premises deployments only) The node's network IP must be on the same subnet as the cluster primary VIP.

  • Give the node a unique hostname in the cluster - use the command below, replacing <mynode> with your preferred name:

  • [<ADMIN> ~]$ sudo hostnamectl set-hostname <mynode>
    sudo hostnamectl set-hostname <mynode>

Tufin Appliance Requirements

VMware Requirements

  • Your ESX host must be running VMware ESXi 6.5, 6.7, 7.0 or 8.0 only. ESXi 8.0 requires TufinOS 4.20 or later
  • Your ESX host disk(s) must be SSD with 7,500 IOPS and 250MB/s throughput, or higher.

Downloads

This section is only relevant for VMWare. Tufin appliances come pre-installed with TufinOS. If you wan to update TufinOS to the latest version, see Update TufinOS 4.x to 4.40

  1. Download the TufinOS 4.40 installation package from the Download Center.

  2. The downloaded files are in .tgz format <FILENAME>.tgz.

  3. Extract the TufinOS image from its archive.
  4. [<ADMIN> ~]$ sudo tar xzvf <FILENAME>.tgz
    sudo tar xzvf <FILENAME>.tgz

    The run file name includes the release, version, build number, and type of installation.

    TufinOS ISO file example: TufinOS-4.40-4368238-x86_64-Final.iso

    TufinOS USB file example: TufinOS-4.40-4368238-x86_64-Final.usb.img

  5. Verify the integrity of the TufinOS installation package.

    [<ADMIN> ~]# sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-Final.iso.sha256
    sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-Final.iso.sha256
    [<ADMIN> ~]# sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-Final.usb.img.sha256
    sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-Final.usb.img.sha256

    The output should return OK

Move The etcd Database to A Separate Disk

The etcd database should be on a separate disk to improve the stability of TOS Aurora and reduce latency. Moving the etcd database to a separate disk ensures that the kubernetes database has access to all the resources required to ensure an optimal TOS performance. This will require some down time as you are going to have to shut down TOS before separating the disks.

See Move etcd - HA Non-Cloud VM

Procedure

Before you proceed, read and understand Prerequisites - this may prevent unexpected failures.