JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Cluster Geographic Edition System Administration Guide
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Preface

1.  Introduction to Administering the Geographic Edition Software

2.  Before You Begin

3.  Administering the Geographic Edition Infrastructure

4.  Administering Access and Security

5.  Administering Cluster Partnerships

Configuring Trust Between Partner Clusters

How to Configure Trust Between Two Clusters

How to Remove Trust Between Two Clusters

Creating and Modifying a Partnership

How to Create a Partnership

How to Modify Partnership Properties

Joining an Existing Partnership

How to Join a Partnership

Adding a New Cluster Node

How to Add a New Node to a Cluster in a Partnership

Renaming a Cluster Node

Renaming a Cluster That Is in a Partnership

How to Rename a Cluster That Is in a Partnership

Leaving or Deleting a Partnership

How to Leave a Partnership

Resynchronizing a Partnership

How to Resynchronize a Partnership

6.  Administering Heartbeats

7.  Administering Protection Groups

8.  Monitoring and Validating the Geographic Edition Software

9.  Customizing Switchover and Takeover Actions

10.  Script-Based Plug-Ins

A.  Standard Geographic Edition Properties

B.  Legal Names and Values of Geographic Edition Entities

C.  Disaster Recovery Administration Example

D.  Takeover Postconditions

E.  Troubleshooting Geographic Edition Software

F.  Deployment Example: Replicating Data With MySQL

G.  Error Return Codes for Script-Based Plug-Ins

Index

Configuring Trust Between Partner Clusters

Before you create a partnership between two clusters, you must configure the Geographic Edition software for secure communication between the two clusters. The configuration must be reciprocal. For example, you must configure the cluster cluster-paris to trust the cluster cluster-newyork, and you must also configure the cluster cluster-newyork to trust the cluster cluster-paris.

How to Configure Trust Between Two Clusters

Before You Begin

Ensure that the following conditions are met:

  1. Become superuser or assume a role that is assigned the Geo Management RBAC rights profile.

    For more information about RBAC, see Geographic Edition Software and RBAC.

    Note - If you use a role with Geo Management RBAC rights, ensure that the /var/cluster/geo ACLs are correct on each node of both partner clusters. If necessary, become superuser on the cluster node and set the correct ACLs.

    # chmod A+user:username:rwx:allow /var/cluster/geo

    The /var/cluster/geo directory must have the correct access control lists (ACL) applied for compatibility between the Geo Management RBAC rights profile and Oracle Data Guard.

  2. Import the public keys from the remote cluster to the local cluster.

    Running this command on one node of the local cluster imports the keys from the remote cluster to one node of the cluster. 

    # geops add-trust -c remotepartnerclustername
    -c remotepartnerclustername[.domainname]

    Specifies the logical hostname of the cluster with which to form a partnership. The logical hostname is used by the Geographic Edition software and maps to the name of the remote partner cluster. For example, a remote partner cluster name might resemble the following:

    cluster-paris

    If the clusters are on different domains, also specify the fully qualified domain name. For example, two clusters in a partnership that have different domains might resemble the following:

    cluster-paris.france
cluster-newyork.usa

    When you use this option with the add-trust or remote-trust subcommand, the option specifies the alias where the public keys on the remote cluster are stored. An alias for certificates on the remote cluster has the following pattern:

    remotepartnercluster.certificate[0-9]*

    Keys and only keys that belong to the remote cluster should have their alias match this pattern.

    For more information about the geops command, refer to the geops(1M) man page.

  3. Repeat the preceding steps on a node of the remote partner cluster.

    If you choose to use Oracle Solaris Cluster Manager, skip this step. Oracle Solaris Cluster Manager handles all nodes in a single operation.

  4. Verify trust from one node of each cluster.
    # geops verify-trust -c remotepartnerclustername[.domainname]

    This command verifies the trust from the node on which you run the command to all nodes of the partner cluster. If you choose to use Oracle Solaris Cluster Manager, it verifies the trust from all nodes of the local cluster to all nodes of the partner cluster

See Also

For a complete example of how to configure and join a partnership, see Example 5-4.

How to Remove Trust Between Two Clusters

Before You Begin

Ensure that the following conditions are met:

  1. Become superuser or assume a role that is assigned the Geo Management RBAC rights profile.

    For more information about RBAC, see Geographic Edition Software and RBAC.

    Note - If you use a role with Geo Management RBAC rights, ensure that the /var/cluster/geo ACLs are correct on each node of both partner clusters. If necessary, become superuser on the cluster node and set the correct ACLs.

    # chmod A+user:username:rwx:allow /var/cluster/geo

    The /var/cluster/geo directory must have the correct access control lists (ACL) applied for compatibility between the Geo Management RBAC rights profile and Oracle Data Guard.

  2. If there is a partnership configured between the two clusters, dissolve that partnership.

    Run the following command on both clusters:

    # geops leave
  3. On all nodes of both clusters, remove all keys for the remote cluster from the truststore file on the local node. 
    # geops remove-trust -c remotepartnerclustername

    Perform this step on all the nodes of the local cluster, and then repeat this step on all nodes of the partner cluster.

    -c remotepartnerclustername

    Specifies the logical hostname of the cluster from which you want to remove the keys. The name for the remote cluster must be identical to the cluster name you specified when adding trust with the geops add-trust command. You do not need to specify the fully qualified name if the remote cluster is reachable by partial name.

    When you use this option with the add-trust or remote-trust subcommand, the option specifies the alias where the public keys on the remote cluster are stored. An alias for certificates on the remote cluster has the following pattern:

    remotepartnercluster.certificate[0-9]*

    Keys and only keys that belong to the remote cluster should have their alias match this pattern.

    For more information about the geops command, refer to the geops(1M) man page.

    If you choose to use Oracle Solaris Cluster Manager, it handles all nodes of a cluster in a single operation.

  4. Repeat the preceding steps on a node of the remote partner cluster.
Copyright © 2004, 2011, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous Next