Solution Overview
A new API Edge Updater service exposes a basic auth API in the Cequence UAP platform to detect switching between Cequence UAP instances. When this basic auth API detects a switch, configurations reload across all services. This behavior refreshes the OAuth tokens and restores connectivity.
Configuration requirements
High Availability (HA) configurations for the Cequence UAP platform support exactly two instances of the Cequence UAP platform. Both instances must run the same version and have similar configurations. Particularly, configure the Cequence Defender to use OAuth authentication for both Cequence UAP platform instances.
How Switching Works
On startup, the Cequence Defender connects to the primary instance of the Cequence UAP platform. When Cequence Defender detects a change in the identity of the Cequence UAP platform, the Cequence Defender saves its current connection information, then connects to the new instance of the Cequence UAP platform. When the identity of the Cequence UAP platform changes, the Cequence Defender uses the stored connection information to reestablish the connection.
Monitoring and Troubleshooting
Active Edge Verification
- Check "active" key in conf/api-edge-config.json
- Enable debug logging to view UAP URLs in helper log files
Switch Event Monitoring
Monitor api-edge-config-updater.log for switch events:
- Successful switch: "new uap config entry found with key: apiedge_1" indicates matching entry found and switch initiated
- Failed switch: "new uap config entry not found; cannot switch to new uap!" indicates inability to switch
- Debug details: UAP identity details available at debug log level