Go to main content

Installing and Configuring the Disaster Recovery Framework for Oracle® Solaris Cluster 4.4

Exit Print View

Updated: January 2019
 
 

Configuring Trust Between Partner Clusters

This section provides procedures to configure secure communication, or trust, between the two clusters you want to be in a partnership.

How to Configure Trust Between Two Clusters

Before you create a partnership between two clusters, you must configure the Disaster Recovery framework for secure communication between the two clusters. The configuration must be reciprocal. For example, you must configure the cluster cluster-paris to trust the cluster cluster-newyork, and you must also configure the cluster cluster-newyork to trust the cluster cluster-paris.

Note -  You can also perform this task by using the Oracle Solaris Cluster Manager browser interface. Click Partnerships, then click Add Partner Trust. For Oracle Solaris Cluster Manager log-in instructions, see How to Access Oracle Solaris Cluster Manager in Administering an Oracle Solaris Cluster 4.4 Configuration.

Before You Begin

Ensure that the following conditions are met:

  • The cluster on which you want to create the partnership is running.

  • The geoadm start command has already been run on this cluster and the partner cluster. For more information about using the geoadm start command, see Enabling the Disaster Recovery Framework Infrastructure.

  • The cluster name of the partner cluster is known.

  • The host information of the partner cluster is defined in the local hosts file. The local cluster needs to know how to reach the partner cluster by name.

  1. Assume the root role on a cluster node.
  2. Import the public keys from the remote cluster to the local cluster.

    Run the following command on one node of the local cluster to import the keys from the remote cluster to one node of the cluster.

    local-cluster# geops add-trust -c remote-cluster
    –c remote-cluster

    Specifies the logical hostname of the cluster with which to form a partnership. The logical hostname is used by the Disaster Recovery framework and maps to the name of the remote partner cluster. For example, a remote partner cluster name might resemble the following:

    cluster-paris

    When you use this option with the add-trust or remove-trust subcommand, the option specifies the alias where the public keys on the remote cluster are stored. An alias for certificates on the remote cluster has the following pattern:

    remote-cluster.certificate[0-9]*

    Keys and only keys that belong to the remote cluster should have their alias match this pattern.

    For more information about the geops command, refer to the geops(8) man page.

  3. Repeat the preceding steps on a node of the remote partner cluster.
  4. Verify trust from one node of each cluster.
    Note -  You can also accomplish this step by using the Oracle Solaris Cluster Manager browser interface. Click Partnerships, then click Verify Partner Trust. For Oracle Solaris Cluster Manager log-in instructions, see How to Access Oracle Solaris Cluster Manager in Administering an Oracle Solaris Cluster 4.4 Configuration. 
    # geops verify-trust -c remote-cluster

Next Steps

Configure the partnership. Go to Creating a Partnership.

See Also

To remove trust, see Removing Trust Between Partner Clusters in Administering the Disaster Recovery Framework for Oracle Solaris Cluster 4.4.

Copyright © 2004, 2019, Oracle and/or its affiliates.  
Previous
Next