Helpful ReplyHot!Promote Slave to Master within 2 node failover HA cluster?

Author
dilic
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/02/20 01:28:54
  • Status: offline
2015/02/20 01:41:02 (permalink)
0

Promote Slave to Master within 2 node failover HA cluster?

Hello.
Is there an easy way to promote or change HA roles from SLAVE to MASTER in Fortigate (800c) 2 nodes HA failover cluster, within Fortigate gui or cmd commands/configuration?  
#1
iJake
Bronze Member
  • Total Posts : 45
  • Scores: 1
  • Reward points: 0
  • Joined: 2015/01/30 06:11:14
  • Status: offline
Re: Promote Slave to Master within 2 node failover HA cluster? 2015/02/20 01:57:29 (permalink)
0
I'm not sure if there's an easy way to do this, but you can set the priority higher on your secondary and enable device priority override?
 
The document below has details about HA override
http://docs-legacy.fortin...lp/HA_FGCP.081.30.html
#2
emnoc
Expert Member
  • Total Posts : 6210
  • Scores: 435
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: online
Re: Promote Slave to Master within 2 node failover HA cluster? 2015/02/20 01:58:49 (permalink)
0
Yes adjust the  HA priority so the now slave is higher than the now-active
 
I have "    set priority 255  " on my active and "    set priority 100 " on my  slave, so if I set the  priority to 99, the slave would be active if all of the monitor interface are in an up and ready
 
 

PCNSE 
NSE 
StrongSwan  
#3
Robin Svanberg
Bronze Member
  • Total Posts : 54
  • Scores: 8
  • Reward points: 0
  • Joined: 2013/03/17 14:20:57
  • Status: offline
Re: Promote Slave to Master within 2 node failover HA cluster? 2015/02/20 02:31:42 (permalink) ☄ Helpfulby pajaja 2021/09/22 06:20:16
5 (1)
dilic
Hello.
Is there an easy way to promote or change HA roles from SLAVE to MASTER in Fortigate (800c) 2 nodes HA failover cluster, within Fortigate gui or cmd commands/configuration?  




Per default (If you haven´t enabled device priority override") the HA Master election is based on the following:
 
1. Monitored port
2. System Uptime, the one that has been up for the longest time
3. Unit Priority, the one with the highest priority is master
4. Serialnumber, the highest serial number is master
 
The easiest way is to reset the uptime on the master by running the command "diagnose sys ha reset-uptime". If you change the priority a failover will not occur.
 
If you have enabled device priority override the system uptime isn´t part of the election and it will in that case use the Unit priority number.
 
A reboot of the primary unit will also cause a failover :) But if you have enabled device priority override the unit with the highest priority will be the master when it´s back online.
 
#4
dilic
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/02/20 01:28:54
  • Status: offline
Re: Promote Slave to Master within 2 node failover HA cluster? 2015/02/20 04:01:20 (permalink) ☄ Helpfulby Aigarz 2016/10/06 00:35:44
0
Robin Svanberg
dilic
Hello.
Is there an easy way to promote or change HA roles from SLAVE to MASTER in Fortigate (800c) 2 nodes HA failover cluster, within Fortigate gui or cmd commands/configuration?  




Per default (If you haven´t enabled device priority override") the HA Master election is based on the following:
 
1. Monitored port
2. System Uptime, the one that has been up for the longest time
3. Unit Priority, the one with the highest priority is master
4. Serialnumber, the highest serial number is master
 
The easiest way is to reset the uptime on the master by running the command "diagnose sys ha reset-uptime". If you change the priority a failover will not occur.
 
If you have enabled device priority override the system uptime isn´t part of the election and it will in that case use the Unit priority number.
 
A reboot of the primary unit will also cause a failover :) But if you have enabled device priority override the unit with the highest priority will be the master when it´s back online.
 




Hmm,
I didn't enabled device priority override. So, if  I just execute "diagnose sys ha reset-uptime" in cmd shell, that will do the trick. Cause I'm on the MASTER node by default in HA failover cluster.  
 
Or I'm must go first on Master node by executing commands:
 
#config global
# get system ha status
     Model: FortiGate-800C
     Mode: a-p
     Group: 0
     Debug: 0
     ses_pickup: enable, ses_pickup_delay=disable
     Master:130 CWa01 FG800Cxxxxxxxxx7 1
     Slave :140 CWb01 FG800Cxxxxxxxxx9 0
     number of vcluster: 1
     vcluster 1: work 169.254.0.2
     Master:0 FG800Cxxxxxxxxx7
     Slave :1 FG800Cxxxxxxxxx9
# exec ha manage 1
# diagnose sys ha reset-uptime
 
Please confirm right procedure ...
As you can see, node which I want to promote to MASTER, has alredy  higher priority (140) ...
 
 
 
 
#5
emnoc
Expert Member
  • Total Posts : 6210
  • Scores: 435
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: online
Re: Promote Slave to Master within 2 node failover HA cluster? 2015/02/20 04:13:06 (permalink)
5 (1)
Do it on the current master, that's all that you have to do and the new master will be selected.
 
ken

PCNSE 
NSE 
StrongSwan  
#6
dilic
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/02/20 01:28:54
  • Status: offline
Re: Promote Slave to Master within 2 node failover HA cluster? 2015/02/20 04:22:27 (permalink)
0
Thank you ...
Command "diagnose sys ha reset-uptime" did the trick ...
#7
howardsinc
Bronze Member
  • Total Posts : 15
  • Scores: 6
  • Reward points: 0
  • Joined: 2014/11/21 09:59:06
  • Status: offline
Re: Promote Slave to Master within 2 node failover HA cluster? 2016/02/24 05:23:37 (permalink)
0
I know this is solved but here is a handy trick for the lab.
 
while you are testing only, a useful command to force a unit to become the Master is:
 
'diagnose sys ha set-as-master enable'
 
(page 43) this command is only to be used in a lab environment. 
http://docs.fortinet.com/...igate-ha-526.pdf 

JNCIA, CCNP R/S, NSE4 , NSE7, Associate of (ISC)²
#8
ede_pfau
Expert Member
  • Total Posts : 6501
  • Scores: 563
  • Reward points: 0
  • Joined: 2004/03/09 01:20:18
  • Location: Heidelberg, Germany
  • Status: offline
Re: Promote Slave to Master within 2 node failover HA cluster? 2016/02/24 05:44:44 (permalink)
0
'set-as-master' is in v5.2.5 and newer only.
 
Does it actually trigger a failover, or does it only 'enable' the slave unit to become master when failing over the next time?

Ede

" Kernel panic: Aiee, killing interrupt handler!"
#9
netmin
Gold Member
  • Total Posts : 209
  • Scores: 22
  • Reward points: 0
  • Joined: 2013/11/28 13:49:12
  • Location: NE, Germany
  • Status: offline
Re: Promote Slave to Master within 2 node failover HA cluster? 2016/02/24 10:53:04 (permalink)
0
It enforces a failover...I had posted an example some time ago, here: https://forum.fortinet.com/FindPost/113598
 
The 5.2.0 What's New Guide mentions it in short:
"HA failover can now be enabled and disabled using the following CLI commands:
• diagnose sys ha set-as-master enable: immediately enables the local FortiGate
unit as the HA master."
#10
ede_pfau
Expert Member
  • Total Posts : 6501
  • Scores: 563
  • Reward points: 0
  • Joined: 2004/03/09 01:20:18
  • Location: Heidelberg, Germany
  • Status: offline
Re: Promote Slave to Master within 2 node failover HA cluster? 2016/02/25 04:11:46 (permalink)
0
OK, thanks for clarifying. "immediately enables" for me does not translate to "switches".

Ede

" Kernel panic: Aiee, killing interrupt handler!"
#11
nbctcp
Silver Member
  • Total Posts : 103
  • Scores: 4
  • Reward points: 0
  • Joined: 2015/03/05 04:48:26
  • Location: Indonesia
  • Status: offline
Re: Promote Slave to Master within 2 node failover HA cluster? 2019/12/17 11:44:36 (permalink)
0
"diagnose sys ha set-as-master enable" no longer available on 6.2.2
any alternative command
#12
scerazy
Gold Member
  • Total Posts : 194
  • Scores: 2
  • Reward points: 0
  • Joined: 2009/12/22 14:09:01
  • Status: offline
Re: Promote Slave to Master within 2 node failover HA cluster? 2021/08/03 03:32:49 (permalink)
0
diagnose sys ha reset-uptime
and
diagnose sys ha checksum recalculate
 
I can run it on current master (secondary unit in ha), but absolutely nothing happens
 
Rebooted my current slave (Primary unit with higher priority), still nothing, no master/slave flip
 
Version: FortiGate-300E v6.4.6,build1879,210520 (GA)
post edited by scerazy - 2021/08/03 03:57:46
#13
Jump to:
© 2021 APG vNext Commercial Version 5.5