I have an HA pair of APMs, acting as a OAuth authorization server. By default, devices in HA should synchronized OAuth tokens from Active to Standby. But I don't see issued tokens on Standby device.
The statemirror.mirrorsession system database variable set in "enabled".
:Active:In Sync] ~ # tmsh show apm oauth token-details db-instance <db_name>
:Standby:In Sync] ~ # tmsh show apm oauth token-details db-instance <db_name>
No synchronization errors (Failed to initiate DB synchronization (ERR_DB)) in logs.
How can I check, that token synchronization is successful and issued OAuth tokens existing on both device in cluster?
I think the problem is that.
To synchronize access policies between multiple devices, you configure a Sync-Only device group, which includes the devices between which you want to synchronize access policies. Device group setup requires establishing trust relationships between devices and creating a device group. You set the devices in each group to use Automatic Sync and Full Sync, and then synchronize access policies one at a time, resolving conflicts as you go.
Important: Sync-Only groups must be configured before you pair Active-Standby devices. To add an Active-Standby device pair to a Sync-Only device group, first you must reset the trust between the devices. Next, you must remove the devices from the Sync-Failover device group. Next, you must add both devices to a Sync-Only device group. Finally, add the devices as an Active-Standby pair to the Sync-Failover group.
Hello, Angelo. I'm not clearly understand your considerations. My devices is in one trust domain and in one Sync-Failover device group.
As I can see here, "HA supports real-time synchronization of the BIG-IP configuration, including the OAuth database, and switching over seamlessly when needed."
Why we need additional Syn-Only device group?
I think you are right, you don't need an additional Sync-Only device group.
Try to check the statemirror.mirrorsession system database variable, it should be enable
list /sys db statemirror.mirrorsessions