When running multiple sets of servers in a multi-cluster Nomad deployment, ACL uses the authoritative_region configuration parameter to know which region is considered authoritative for ACL tokens.
What mechanism, if any, exists to migrate the authoritative_region to another region?
Hi @jonathan,
There is currently no automated method of performing this and requires modifying the server config files and performing a process restart.
This is something we have been discussing internally, so if you have thoughts or ideas on how this would look from a user perspective, please let us know.
Thanks,
jrasell and the Nomad team
Excellent! So it sounds like we simply remove authoritative_region configuration setting in the child cluster and then restart the child cluster?
We don’t need an automated mechanism. We just need to know the series of steps to follow.
Hi @jonathan,
That sounds like the correct approach.
It would be worth ensuring you have a way to ensure the replicated data state once you have made the failover. ACL policies, for example, are replicated from the authoritative region, therefore any writes happening at the time of failure may not succeed to the federated region.
Thanks,
jrasell and the Nomad team