Oracle® Solaris Cluster Geographic Edition Installation and Configuration Guide

Exit Print View

 
Updated: July 2014, E39666-01
 
 

Configuring Trust Between Partner Clusters

This section provides procedures to configure secure communication, or trust, between the two clusters you want to be in a partnership.

How to Configure Trust Between Two Clusters

Before you create a partnership between two clusters, you must configure Geographic Edition software for secure communication between the two clusters. The configuration must be reciprocal. For example, you must configure the cluster cluster-paris to trust the cluster cluster-newyork, and you must also configure the cluster cluster-newyork to trust the cluster cluster-paris.

Note -  You can also accomplish this procedure by using the Oracle Solaris Cluster Manager GUI. Click Partnerships and then click Add Partner Trust. For more information about Oracle Solaris Cluster Manager, see Chapter 13, Using the Oracle Solaris Cluster GUI, in Oracle Solaris Cluster System Administration Guide.

Before You Begin

Ensure that the following conditions are met:

  • The cluster on which you want to create the partnership is running.

  • The geoadm start command has already been run on this cluster and the partner cluster. For more information about using the geoadm start command, see Enabling the Geographic Edition Infrastructure.

  • The cluster name of the partner cluster is known.

  • The host information of the partner cluster is defined in the local hosts file. The local cluster needs to know how to reach the partner cluster by name.

  1. Assume the root role on a cluster node.
  2. Import the public keys from the remote cluster to the local cluster.

    Run the following command on one node of the local cluster to import the keys from the remote cluster to one node of the cluster.

    local-cluster# geops add-trust -c remote-cluster
    –c remotecluster

    Specifies the logical hostname of the cluster with which to form a partnership. The logical hostname is used by Geographic Edition software and maps to the name of the remote partner cluster. For example, a remote partner cluster name might resemble the following:

    cluster-paris

    When you use this option with the add-trust or remove-trust subcommand, the option specifies the alias where the public keys on the remote cluster are stored. An alias for certificates on the remote cluster has the following pattern:

    remotecluster.certificate[0-9]*

    Keys and only keys that belong to the remote cluster should have their alias match this pattern.

    For more information about the geops command, refer to the geops (1M) man page.

  3. Repeat the preceding steps on a node of the remote partner cluster.
  4. Verify trust from one node of each cluster.
    Note -  You can also accomplish this step by using the Oracle Solaris Cluster Manager GUI. Click Partnerships and then click Verify Partner Trust. For more information about Oracle Solaris Cluster Manager, see Chapter 13, Using the Oracle Solaris Cluster GUI, in Oracle Solaris Cluster System Administration Guide. 
    # geops verify-trust -c remotecluster

Next Steps

Configure the partnership. Go to Creating a Partnership.

See also

To remove trust, see Configuring Trust Between Partner Clusters.

Copyright © 2004, 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices
Previous
Next