HP Mini UX System Adstration 2.3.1.5Using the Wizard to Configure a Synchronization Client

NOTE: When adding members to a cluster, consider the following:

•When adding a member to a cluster that is configured as a highly available master server, the csync package must be running when the member is added. The add member processing task copies the configuration data from the package’s mounted filesystem to the new member’s /var/opt/dsau/cfengine directories. If the package is not running, the filesystem will not be accessible and the new member will not be properly configured. In that case, the administrator can manually configure the new member as follows:

1.Make sure that the csync package is running. If not, start it.

2.Log in to the member running the package.

3.Execute the following command exactly as shown:

/opt/dsau/bin/csync_dispatcher MEMBER_ADDED: member_hostname

For example, if the new member’s unqualified hostname is newhost, use the following command:

/opt/dsau/bin/csync_dispatcher MEMBER_ADDED: newhost

•When adding a member to the cluster that is configured as a highly available master server, the cfengine security key of the new member is distributed cluster-wide. This enables the new member to operate as an adoptive node. If the csync package fails over to the new member, the new member will correctly handle cfagent requests from all managed clients.

However, a cfrun executed from the new member will fail when contacting the managed clients. For cfrun to work properly, each managed client must have a copy of each cluster member’s key. (This is unlike cfagent on the managed client which needs only the key that corresponds to the IP address of the csync package.)

For the new member to issue cfrun requests, its key must be manually created on each managed client. There are two ways to distribute the key:

— Use the csync_wizard “Manage keys for cfengine clients” function, which regenerates keys for all systems. All managed clients must be reachable for the regeneration to complete.

— Copy existing member keys to the new member. This approach takes advantage of the fact that the new member’s key is identical to the keys for the other cluster members. On the managed client, any of the existing cluster member’s keys can be copied to the proper name for the newly added member.

For example,

#cd /var/opt/dsau/cfengine/ppkeys

#cp root-existing_member_IP_address.pub \ root-new_member_IP_address.pub

You can use the Configuration Synchronization Wizard to add managed clients to an existing cfengine configuration. Run the wizard on the master server, not the client system. When a Serviceguard cluster is the master server, run the wizard on the adoptive node for the csync package. When a Serviceguard cluster is configured as a highly available master server, adding new members to the cluster does not require using the wizard to configure those new members. They will be configured automatically. For more information, see “Serviceguard Automation Features” (page 23).

If the client is not a cluster member, to distribute cfengine keys securely, the client must be configured for non-interactive ssh access by the root account of the master server. The csshsetup tool (see csshsetup(1)) makes it easy to configure ssh access to a remote system. The csshsetup tool is used in the examples below.