Configuration in appsettings.json

Configuring the HA cluster consists of the following steps:

Set up the nodes for the MetaDefender® MFT in appsettings.json. (See Initial Setup section).
Test the failover (See Manually triggered failover section)
Setting up the Raft listener endpoint
Specify Cluster Settings

See the detailed instructions below.

Setting up the Raft listener endpoint

The Raft endpoint is used by the cluster peers to communicate with each other, and elect a leader based on the Raft consensus protocol. This ensures, that only a single leader can initiate a failover mechanism, avoiding conflicts. The non-leader peers still can serve requests, without managing the failover of the MetaDefender® MFT nodes.

To add a new Raft endpoint for the cluster communication, edit the appsettings.json file. Under the section Kestrel:Endpoints, a section named ReverseProxyalready exists by default, this is used for proxying traffic to MetaDefender MFT HA Controller™. The new endpoint should listen on a free port, which is different than the port defined in the ReverseProxy section. In this example we defined port 5000 on which the the cluster listener is working.

Raft endpoint example

appsettings.json
    
xxxxxxxxxx
 
{  // ...,  "Kestrel": {    "Endpoints": {      "ReverseProxy": {        "Url": "http://0.0.0.0:8100"      },      "Raft": {            "Url": "http://0.0.0.0:5000"      }    }  },  // ...}
Copy

Specify Cluster Settings

Cluster Settings can be set up in the appsettings.json as well. This is not present in the file by default, it should be added manually, if cluster behavior is needed. The name of the section must be ClusterSettings. This section is used to specify all the peers in the cluster.

ClusterSettings properties:

IgnoreCertificateErrors is a boolean field. In case when using HTTPS, it can be set to false. This makes testing easier. Default value is false. In production environment it is recommended to be false.
Peers: List of peers including the current.
- Address: The endpoint of the peer on which its Raft URL is configured.
- ApiKey: This is the ApiKey used for the peer. It is configured in the localpeer.json file located in the installation directory. This file should be automatically generated by the installer, and must exist on all peers where ha_controller_product_name_short is installed. If the ApiKey does not match the actual ApiKey of the peer, it will not be able to function within the cluster.

Example configuration

The following example shows what the configuration should look like in a cluster configuration setup:

ClusterSettings section added. The peers should contain all the peers, including the local peer's endpoint.
Raft section added to the Kestrel endpoints.

appsettings.json
    
​x
 
{  "HighAvailabilitySettings": {    "HealthCheckInterval": "00:00:01",    "NumberOfFailedHealthChecksBeforeFailover": 2,    "NodeManagerClientTimeout": "00:00:30",    "ApplicationClientTimeout": "00:02:00",    "Nodes": [      {        "Name": "MFT1",        "ApplicationAddress": "http://<your.host-1.address.local>:8010",        "NodeManagerAddress": "http://<your.host-1.address.local>:8010/node_manager/",        "ApiKey": "<your-api-key-1>"      },      {        "Name": "MFT2",        "ApplicationAddress": "http://<your.host-2.address.local>:8010",        "NodeManagerAddress": "http://<your.host-2.address.local>:8010/node_manager/",        "ApiKey": "<your-api-key-2>"      }    ]  },  "AllowedHosts": "*",  "Kestrel": {    "Endpoints": {      "ReverseProxy": {        "Url": "http://0.0.0.0:8100"      },      "Raft": {        "Url": "http://0.0.0.0:5000"      }    }  },   "ClusterSettings": {    "IgnoreCertificateErrors": false,    "Peers": [      {        "Address": "http://<controller-1.address.local>:5000",        "ApiKey": "peer1-api-key"      },      {        "Address": "http://<controller-2.address.local>:5000",        "ApiKey": "peer2-api-key"      },      {        "Address": "http://<controller-3.address.local>:5000",        "ApiKey": "peer3-api-key"      }    ]  },   "Logs": {    "MinimumLevel": {      "Default": "Information",      "Override": {        "Microsoft": "Warning",        "System": "Warning"      }    },    "WriteTo": [      {        "Name": "File",        "Args": {          "path": "Logs\\ha-controller.log",          "fileSizeLimitBytes": 104857600,          "rollOnFileSizeLimit": true,          "retainedFileCountLimit": 30,          "outputTemplate": "[{Timestamp:yyyy-MM-dd HH:mm:ss.fff} {Level:u3}] {Message:lj} {Exception:j}{NewLine}"        }      }    ]  }}
Copy

HTTPS

Enabling HTTPS on the Raft endpoint is similar to enable in the ReverseProxyendpoint. See the Configuration section.

For further details see Configure endpoints for the ASP.NET Core Kestrel web server | Microsoft Learn

HTTPS example

appsettings.json
    
xxxxxxxxxx
 
{  ...   "Kestrel": {    "Endpoints": {      "ReverseProxy": {        "Url": "https://0.0.0.0:8100",        "Certificate": {          "Path": "<path to .pem/.crt file>",          "KeyPath": "<path to .key file>"        }      },      "Raft": {        "Url": "https://0.0.0.0:5000",        "Certificate": {          "Path": "<path to .pem/.crt file>",          "KeyPath": "<path to .key file>"        }      }    }  }    ...}
Copy

Last updated on

Was this page helpful?