Explanation
The correct answer is A. On the new Leader, generate a Standby seed for the old Leader node and add it to the cluster member list. Rebuild the old Leader as a new Standby and then re-enroll the node to the cluster.
This is the recommended way to repair the cluster health after an auto-failover event, according to the CyberArk Sentry Secrets Manager documentation1. This method reuses the original Leader as a new Standby, without affecting the new Leader or the other Standby. The steps are as follows:
On the new Leader, generate a Standby seed for the old Leader node using the command evoke seed standby <old-leader-fqdn>. This will create a file named <old-leader-fqdn>.tar in the current directory.
On the new Leader, add the old Leader node to the cluster member list using the command evoke cluster add <old-leader-fqdn>.
On the old Leader server, stop and remove the container using the commands docker stop
<container-name> and docker rm <container-name>.
On the old Leader server, copy the Standby seed file from the new Leader using the command scp
<new-leader-fqdn>:<old-leader-fqdn>.tar .
On the old Leader server, create a new container using the same name as the one you just destroyed, and load the Standby seed file using the command docker run --name <container-name> -d --restart=always
-v /var/log/conjur:/var/log/conjur -v /opt/conjur/backup:/opt/conjur/backup -p "443:443" -p "5432:5432"
-p "1999:1999" cyberark/conjur:latest seed fetch <new-leader-fqdn> <old-leader-fqdn>.tar On the old Leader server, re-enroll the node to the cluster using the command evoke cluster enroll
<old-leader-fqdn>
The other options are not correct, as they either involve unnecessary or harmful steps, such as rebuilding the new Leader or the other Standby, or re-uploading the auto-failover policy in replace mode, which may cause data loss or inconsistency.
