The structure of the company I am working for is based on the e-TOM framework, where each function relies on a distinct group, under a distinct manager, each with its own mandates and responsibilities.
Briefly in the model Engineering "develops" (for a buy product like McAfee Web Gateway it is just a matter of integration and settings), tests and delivers a solution, while Production administers it according to the provided instructions.
This means that we have several MWG nodes: 40 (two 20-node farms) for production, 2 for test and 2 for development. Each time a new rule must be implemented, or a new version must be deployed, the work is accomplished in our test plant, and only after a test-list is successful the configuration is deployed on the production servers by means of technical notes.
In this scenario it is therefore mandatory for us to periodically replicate the production configurations to our test nodes. This has been easy for the last ten years, up to a couple of years ago: a back-up run on any production node just needed to be loaded (policy only) to a clustered test node.
Unfortunately with the latest version (but the issue appeared before, approximately a couple of years ago) it is impossible to load a policy on a node which wasn't part of the cluster from which it was saved.
I could find useful instructions to restore a complete configuration, not only the policy but also all the other settings related to the single physical node, at the following post: https://community.mcafee.com/t5/Documents/Web-Gateway-Restoring-a-backup-after-a-Hardware-replacemen... .
The problem is that since the instructions do not only restore the policy but EVERY single setting from the originating node (which should then be restore by hand according to the test plant specific situation), I am then unable to access the GUI because I am not an administrator for the production systems.
KB70100 provides a way to replace or reset the GUI administrators from CLI, but as soon as I recreate the hash for the active configuration just after overwriting the administrators.xml file (/opt/mwg/bin/mwg-coordinator -F "file:in=`cat /opt/mwg/storage/active_configuration`") the node is restored to its previous configuration, before loading the production file, thus the whole operation becomes useless.
On the other hand simply replacing the value of the uuid on /etc/mwg causes the system to call the intial configuration wizard, while the proper configuration is missing, so it is not a good path.
Does anybody have an idea if there is a way to ideally just replicate the policies (along with the lists, templates and in general everything which is kept synchronised through nodes when in cluster) from a cluster to another?
Thank you very much for your attention.
Solved! Go to Solution.