# cmapplyconf -v -C /etc/cmcluster/cluster.config
For more information, see Managing Serviceguard, latest edition at http://www.hp.com/go/
Setting up security
From Continentalclusters, all the nodes in all the clusters must be able to communicate with one another using SSH.
When Continentalclusters is installed, a special Continentalclusters user group, conclgrp, and a special user, conclusr are created using groupadd and useradd commands.
NOTE: The conclusr is used by Continentalclusters software for inter node communication. All Continentalclusters commands and operations must be performed as root user only. When a node is no longer part of Continentalclusters configuration, the user must be deleted from the removed node.
To set up the SSH environment for Continentalclusters on all the nodes of all the clusters:
1.Set a password for the Continentalclusters user. By default, the Continentalclusters user is conclusr.
a.Log in as root user.
b.Set the password for conclusr on the node.
# passwd conclusr
2.Set up SSH equivalence between the nodes in the Continentalclusters.
a.Log in to any node in the Continentalclusters as conclusr.
b.Create a text file and add the Fully Qualified Domain Names (FQDN) of all the nodes in all the clusters to be configured in the Continentalclusters.
For example, consider a Continentalclusters with two clusters, Cluster A and Cluster B, each having two nodes, Node 1 and Node 2. Create a text file
Node1.cup.hp.com
Node2.cup.hp.com
Node1.ind.hp.com
Node2.ind.hp.com
c.Run the following Serviceguard command to create and distribute the SSH keys: csshsetup
The SSH keys set up trust among all the Continentalclusters nodes. This command also prompts for the password of the user conclusr, for every node specified in the file created in step 2b. Enter the password when prompted.
After the keys are created and distributed, the SSH connection is tested. If errors are detected in the SSH connection, an error message appears. Rectify the error on the node, and run the following command:
csshsetup -r -k rsa -f <host-list-file>
3.The conclusr must have a USER_ROLE of MONITOR. All users on a node have this role by default. To confirm if conclusr has MONITOR access, on every node that belongs to Continentalclusters, log in as conclusr and run the following command:
# cmviewcl
In case conclusr user does not have MONITOR access, the execution of the command fails with the following error:
# cmviewcl
Creating the Serviceguard clusters at both the sites | 11 |