Hi all,
After I setup HA Cluster Controller , I was able to deploy deploy , router (on second vm).
I deployed services , service policy after router followed by identity for windows.
I was able to enrolled successfully and even consumed the services (dial).
However , unliked my single node setup previously , in zac , all my identity api session was grey out except my login admin.
windows-identity - api grey out , Connected
ziti router- api grey out , Connected
Please note that router under Router tab in ZAC all shown connected (api and router)
I have yet to conifgure any OIDC which will be next but I like to clarify if I missed anything ?
Anyone to confirm this is normal behavior in HA setup? So far my enrollments works well. Can access services / policies / terminator works as intended.
I just want to ensure this is something ZAC / HA Controllers behaviors due to sessions are being handled slightly differently in HA setup.
It is weird that in command line I also can't see any api sessions.
I believe someone else recently brought this up as well. I couldn't find the discourse post. I know that overall, some things are definitely changing with HA. The "has api session" and "has edge router connection" flags are probably going to change.
I will mention it again to the team. I thought I had made an issue to track, but I think we definitely need an issue to track for "online status" of identities...
Just want to update here in case someone else like me found same issue and looking around for an answers.
After looking up for days I found few posts related to api sessions grey out (inactive) .
From the answers, in HA setup api sessions no longer persist hence the second green dot showing connected will be the current indicator if it is connected etc.
Apologies if I asked this question as I tried to search the forums but couldn't found one subject headline that could lead me to the answer above until persistent looking .
Lastly once again thanks for this nice solution and all the hard work. Continue to explore......
With OIDC sessions, which are required for HA, we don't have persistent state for api sessions in the controller. There are still api session events generated, if you need to diagnose a user issue.
You can track if an identity is connected to an edge router, as described in the release notes.
I created an issue here for the ZAC, to use the "hasEdgeRouterConnection" property to indicate online status (if the network/identity support that property).
Will be sure to get this updated & released in the next couple days.
cheers