Adding a Data Node to an HA Cluster - TufinOS

Overview

This procedure is for adding a data node to an existing TOS Aurora cluster running on TufinOS. If you have not yet installed TOS Aurora, on the primary data node, start with the appropriate clean install procedure.

For all other installation paths such as upgrade or other platforms, see the menu for the appropriate procedure.

You do not need to install TOS on non-primary data nodes.

For more information on high availability, see High Availability.

Prerequisites

  • You cannot use IP Tables. All IP tables rules will be flushed when adding the node.

  • Your primary data node must also be deployed on TufinOS.

  • You must know the resources you will need - CPU cores, RAM, disk space and the load-model parameter, provided by your account team based on the procedure Calculate resources - clean install.

  • You will need to allow access to required Ports and Services.
  • If you intend to use syslog, allocate a syslog VIP on the same subnet as your primary VIP.
  • The node's network IP must be on the same subnet as the cluster primary VIP.

  • Give the node a unique hostname in the cluster - use the command below, replacing <mynode> with your preferred name:

  • [<ADMIN> ~]$ sudo hostnamectl set-hostname <mynode>
    sudo hostnamectl set-hostname <mynode>
  • You need to configure a separate partition for /opt,, and the boot disk needs at least 300 GB of available storage. The /opt partition will contain your data, which will increase over time. Most of your available disk space should be allocated to this partition and the minimum is determined by the load model parameter (small, medium, large) provided by your account team. Minimum sizes for all partitions:

    Minimum Partition Sizes

    Boot disk

    /opt/

    (Small)*

    /opt/

    (Medium)*

    /opt/

    (Large)*

    Central cluster / remote cluster primary data node / HA data nodes 300 GB 80 GB 170 GB 370 GB
    Worker node (central and remote clusters) 150 GB 70 GB 70 GB 70 GB

    *Small, medium and large refer to the load model parameter provided by your account team.

    We recommend allocating /opt partition all remaining disk space after you have partitioned the boot disk and etcd.

Tufin Appliance Requirements

VMware Requirements

  • Your ESX host must be running VMware ESXi 6.5, 6.7, 7.0 or 8.0 only. ESXi 8.0 requires TufinOS 4.20 or later
  • Your ESX host disk(s) must be SSD with 7,500 IOPS and 250MB/s throughput, or higher.

Downloads

This section is only relevant for VMWare. Tufin appliances come pre-installed with TufinOS. If you wan to update TufinOS to the latest version, see Update TufinOS 4.x to 4.40

  1. Download the TufinOS 4.40 installation package from the Download Center.

  2. The downloaded files are in .tgz format <FILENAME>.tgz.

  3. Extract the TufinOS image from its archive.
  4. [<ADMIN> ~]$ sudo tar xzvf <FILENAME>.tgz
    sudo tar xzvf <FILENAME>.tgz

    The run file name includes the release, version, build number, and type of installation.

    TufinOS ISO file example: TufinOS-4.40-4368238-x86_64-Final.iso

    TufinOS USB file example: TufinOS-4.40-4368238-x86_64-Final.usb.img

  5. Verify the integrity of the TufinOS installation package.

    [<ADMIN> ~]# sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-Final.iso.sha256
    sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-Final.iso.sha256
    [<ADMIN> ~]# sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-Final.usb.img.sha256
    sha256sum -c TufinOS-X.XX-XXXXXX-x86_64-Final.usb.img.sha256

    The output should return OK

Procedure

Before you proceed, read and understand Prerequisites - this may prevent unexpected failures.