JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Cluster Geographic Edition System Administration Guide     Oracle Solaris Cluster 4.1
search filter icon
search icon

Document Information

Preface

1.  Introduction to Administering the Geographic Edition Software

2.  Before You Begin

3.  Administering the Geographic Edition Infrastructure

4.  Administering Access and Security

5.  Administering Cluster Partnerships

Configuring Trust Between Partner Clusters

How to Configure Trust Between Two Clusters

How to Remove Trust Between Two Clusters

Creating and Modifying a Partnership

Introduction to Creating and Modifying a Partnership

How to Create a Partnership

How to Modify Partnership Properties

Joining an Existing Partnership

How to Join a Partnership

Adding a New Cluster Node

How to Add a New Node to a Cluster in a Partnership

Renaming a Cluster Node

Renaming a Cluster That Is in a Partnership

How to Rename a Cluster That Is in a Partnership

Leaving or Deleting a Partnership

How to Leave a Partnership

Resynchronizing a Partnership

How to Resynchronize a Partnership

6.  Administering Heartbeats

7.  Administering Protection Groups

8.  Monitoring and Validating the Geographic Edition Software

9.  Customizing Switchover and Takeover Actions

10.  Script-Based Plug-Ins

A.  Standard Geographic Edition Properties

B.  Legal Names and Values of Geographic Edition Entities

C.  Disaster Recovery Administration Example

D.  Takeover Postconditions

E.  Troubleshooting Geographic Edition Software

F.  Deployment Example: Replicating Data With MySQL

G.  Error Return Codes for Script-Based Plug-Ins

Index

Configuring Trust Between Partner Clusters

Before you create a partnership between two clusters, you must configure the Geographic Edition software for secure communication between the two clusters. The configuration must be reciprocal. For example, you must configure the cluster cluster-paris to trust the cluster cluster-newyork, and you must also configure the cluster cluster-newyork to trust the cluster cluster-paris.

This section contains the following procedures:

How to Configure Trust Between Two Clusters

Before You Begin

Ensure that the following conditions are met:

  1. Log in to a cluster node.

    You must be assigned the Geo Management RBAC rights profile to complete this procedure. For more information about RBAC, see Geographic Edition Software and RBAC.

  2. Import the public keys from the remote cluster to the local cluster.

    Running this command on one node of the local cluster imports the keys from the remote cluster to one node of the cluster.

    # geops add-trust -c remotepartnerclustername
    -c remotepartnerclustername[.domainname]

    Specifies the logical hostname of the cluster with which to form a partnership. The logical hostname is used by the Geographic Edition software and maps to the name of the remote partner cluster. For example, a remote partner cluster name might resemble the following:

    cluster-paris

    If the clusters are on different domains, also specify the fully qualified domain name. For example, two clusters in a partnership that have different domains might resemble the following:

    cluster-paris.france
    cluster-newyork.usa

    When you use this option with the add-trust or remote-trust subcommand, the option specifies the alias where the public keys on the remote cluster are stored. An alias for certificates on the remote cluster has the following pattern:

    remotepartnercluster.certificate[0-9]*

    Keys and only keys that belong to the remote cluster should have their alias match this pattern.

    For more information about the geops command, refer to the geops(1M) man page.

  3. Repeat the preceding steps on a node of the remote partner cluster.
  4. Verify trust from one node of each cluster.
    # geops verify-trust -c remotepartnerclustername[.domainname]

    This command verifies the trust from the node on which you run the command to all nodes of the partner cluster.

See Also

For a complete example of how to configure and join a partnership, see Example 5-4.

How to Remove Trust Between Two Clusters

Before You Begin

Ensure that the following conditions are met:

  1. Log in to a cluster node.

    You must be assigned the Geo Management RBAC rights profile to complete this procedure. For more information about RBAC, see Geographic Edition Software and RBAC.

  2. If there is a partnership configured between the two clusters, dissolve that partnership.

    Run the following command on both clusters:

    # geops leave
  3. On all nodes of both clusters, remove all keys for the remote cluster from the truststore file on the local node.
    # geops remove-trust -c remotepartnerclustername

    Perform this step on all the nodes of the local cluster, and then repeat this step on all nodes of the partner cluster.

    -c remotepartnerclustername

    Specifies the logical hostname of the cluster from which you want to remove the keys. The name for the remote cluster must be identical to the cluster name you specified when adding trust with the geops add-trust command. You do not need to specify the fully qualified name if the remote cluster is reachable by partial name.

    When you use this option with the add-trust or remote-trust subcommand, the option specifies the alias where the public keys on the remote cluster are stored. An alias for certificates on the remote cluster has the following pattern:

    remotepartnercluster.certificate[0-9]*

    Keys and only keys that belong to the remote cluster should have their alias match this pattern.

    For more information about the geops command, refer to the geops(1M) man page.

  4. Repeat the preceding steps on a node of the remote partner cluster.