To enable a zone cluster to function as a member of a Geographic Edition partnership, the common agent container must be manually configured within the zone cluster.
This procedure configures common agent container security in a zone cluster to prepare the zone cluster for use in a cluster partnership.
Before You Begin
Ensure that the following conditions are met:
The zone cluster is created. See Configuring a Zone Cluster in Oracle Solaris Cluster Software Installation Guide.
You have read the requirements for using a zone cluster in a cluster partnership. See Zone Clusters.
Geographic Edition software is installed in the global cluster that supports the zone cluster you are configuring.
phys-schost# clzonecluster configure zoneclustername clzc:zoneclustername> add fs clzc:zoneclustername:fs> set special=/etc/cacao/instances/default/modules clzc:zoneclustername:fs> set dir=/etc/cluster/geocmass clzc:zoneclustername:fs> set type=lofs clzc:zoneclustername:fs> add options [ro,nodevices] clzc:zoneclustername:fs> set cluster-control=false clzc:zoneclustername:fs> end clzc:zoneclustername> verify clzc:zoneclustername> commit clzc:zoneclustername> exit phys-schost# clzonecluster reboot zoneclustername
This step ensures that security files for the common agent container are identical on all cluster nodes and that the copied files retain the correct file permissions.
Perform all steps in the zone cluster.
phys-schost# zlogin zoneclustername zcname#
zcname# /usr/sbin/cacaoadm stop
zcname# cacaoadm create-keys --force
zcname# tar cf /tmp/SECURITY.tar /etc/cacao/instances/default/security
Any security files that already exist in the /etc/cacao/instances/default/security directory are overwritten.
zcname# cd /etc/cacao/instances/default zcname# tar xf /tmp/SECURITY.tar
You must delete each copy of the tar file to avoid security risks.
zcname# rm /tmp/SECURITY.tar
zcname# cacaoadm set-param network-bind-address=0.0.0.0
zcname# /usr/sbin/cacaoadm enable zcname# /usr/sbin/cacaoadm start
phys-schost# cacaoadm status com.sun.cluster.geocontrol phys-schost# cacaoadm status com.sun.cluster.geoutilities phys-schost# cacaoadm status com.sun.cluster.notifier
If a module is loaded, command output would be similar to the following. You can safely ignore the message Module is not in good health.
Operational State:ENABLED Administrative State:LOCKED Availability Status: Module is not in good health.
If a module is not loaded, command output would be similar to the following.
Module com.sun.cluster.geocontrol has not been loaded. Cause of the problem:[DEPENDENCY]
See the Troubleshooting section at the end of this procedure.
zcname# exit phys-schost#
If a Geographic Edition module is not loaded, check that the zone-cluster configuration is correct. One possible cause for a module not to load is if the mapping for the /etc/cluster/geocmass loopback mount was not added to the zone cluster.
After you have verified that the configuration is complete and correct, and you have fixed any errors, do one of the following:
On each zone-cluster node, restart the common agent container.
zcnode# /usr/sbin/cacaoadm restart
From a global-cluster node, reboot the zone cluster.
phys-schost# clzonecluster reboot zoneclustername
After processing is complete on all zone-cluster nodes, check that the Geographic Edition modules are now loaded. If any modules are still not loaded, contact your Oracle service representative for assistance.