Go to main content

Administering the Disaster Recovery Framework for Oracle® Solaris Cluster 4.4

Exit Print View

Updated: June 2019

Removing Trust Between Partner Clusters

This section provides procedures to remove trust between partner clusters.

How to Remove Trust Between Two Clusters

Perform this procedure to remove trust from between two clusters.

Note -  You can also accomplish this procedure by using the Oracle Solaris Cluster Manager browser interface. Click Partnerships, highlight the name of the partnership, and click Remove Partner Trust. For Oracle Solaris Cluster Manager log-in instructions, see How to Access Oracle Solaris Cluster Manager in Administering an Oracle Solaris Cluster 4.4 Configuration.

Before You Begin

Ensure that the following conditions are met:

  • The cluster on which you want to remove trust is running.

  • The cluster name of the partner cluster is known.

  • The host information of the partner cluster must defined in the local host file. The local cluster needs to know how to reach the partner cluster by name.

  1. Log in to a cluster node.

    You must be assigned the Geo Management rights profile to complete this procedure. For more information, see Disaster Recovery Framework Rights Profiles in Installing and Configuring the Disaster Recovery Framework for Oracle Solaris Cluster 4.4.

  2. If there is a partnership configured between the two clusters, dissolve that partnership.

    Run the following command on both clusters:

    # geops leave
  3. On all nodes of both clusters, remove all keys for the remote cluster from the truststore file on the local node.
    # geops remove-trust -c remote-partner-cluster-name

    Perform this step on all the nodes of the local cluster, and then repeat this step on all nodes of the partner cluster.

    –c remote-partner-cluster-name

    Specifies the logical hostname of the cluster from which you want to remove the keys. The name for the remote cluster must be identical to the cluster name you specified when adding trust with the geops add-trust command. You do not need to specify the fully qualified name if the remote cluster is reachable by partial name.

    When you use this option with the add-trust or remote-trust subcommand, the option specifies the alias where the public keys on the remote cluster are stored. An alias for certificates on the remote cluster has the following pattern:


    Keys and only keys that belong to the remote cluster should have their alias match this pattern.

    For more information about the geops command, refer to the geops(8) man page.

  4. Repeat the preceding steps on a node of the remote partner cluster.