Go to main content

Oracle® Solaris Cluster 4.3 Geographic Edition Installation and Configuration Guide

Exit Print View

Updated: February 2017
 
 

Configuring Trust Between Partner Clusters

Before you create a partnership between two clusters, you must configure the Geographic Edition framework for secure communication between the two clusters. The configuration must be reciprocal. For example, you must configure the cluster cluster-paris to trust the cluster cluster-newyork, and you must also configure the cluster cluster-newyork to trust the cluster cluster-paris.

How to Configure Trust Between Two Clusters

Note -  You can also perform this task by using the Oracle Solaris Cluster Manager browser interface. Click Partnerships, then click Add Partner Trust. For Oracle Solaris Cluster Manager log-in instructions, see How to Access Oracle Solaris Cluster Manager in Oracle Solaris Cluster 4.3 System Administration Guide.

Before You Begin

Ensure that the following conditions are met:

  • The cluster on which you want to create the partnership is running.

  • The geoadm start command has already been run on this cluster and the partner cluster. For more information about using the geoadm start command, see Enabling the Geographic Edition Framework.

  • The cluster name of the partner cluster is known.

  • The host information of the partner cluster is defined in the local hosts file. The local cluster needs to be able to reach the partner cluster by name.

  1. Assume the root role on a cluster node.
  2. Import the public keys from the remote cluster to the local cluster.

    Run the following command on one node of the local cluster to import the keys from the remote cluster to one node of the cluster.

    local-cluster# geops add-trust -c remote-cluster
    –c remote-cluster

    Specifies the logical hostname of the cluster with which to form a partnership. The logical hostname is used by the Geographic Edition framework and maps to the name of the remote partner cluster. For example, a remote partner cluster name might resemble cluster-paris.

    When you use this option with the add-trust or remove-trust subcommand, the option specifies the alias where the public keys on the remote cluster are stored. An alias for certificates on the remote cluster has the following pattern:

    remote-cluster.certificate[0-9]*

    Only keys that belong to the remote cluster should have an alias that matches this pattern.

    For more information about the geops command, refer to the geops (1M) man page.

  3. Repeat the preceding steps on a node of the remote partner cluster.
  4. Verify trust from one node of each cluster.
    Note -  You can also accomplish this step by using the Oracle Solaris Cluster Manager browser interface. Click Partnerships, then click Verify Partner Trust. For Oracle Solaris Cluster Manager log-in instructions, see How to Access Oracle Solaris Cluster Manager in Oracle Solaris Cluster 4.3 System Administration Guide. 
    # geops verify-trust -c remote-cluster

Next Steps

Configure the partnership. Go to Creating a Partnership.

See Also

To find out how to remove trust, see Removing Trust Between Partner Clusters in Oracle Solaris Cluster 4.3 Geographic Edition System Administration Guide.

Copyright © 2004, 2017, Oracle and/or its affiliates. All rights reserved. 
Previous
Next