9.3 Changing Peer Cluster Credentials

You can change the credentials that are used by one peer cluster to connect to another peer cluster. You might need to do this if the administrator user name or password changes for any clusters in the business continuity cluster. To do this, you change the user name and password for the administrative user that the selected cluster uses to connect to another selected peer cluster.

Configure the new peer cluster credentials on one node in each peer cluster in the business continuity cluster:

  1. Log in as the root user on the cluster node where you want to add peer credentials in this cluster, then open a terminal console.

    You can use any node in the cluster to specify credentials.

  2. At the command prompt, enter

    cluster connections <cluster_name>
    

    For example, this lists the BCC peer clusters and credential information. At this point, the credentials have been changed but not entered for the peer clusters. They are reported as invalid.

    cluster connections cluster1
    
    Connection status for cluster: cluster1
      Cluster Name             Username             Connection Status
      cluster1                 <unknown>          Invalid Credentials
      cluster2                 <unknown>          Invalid Credentials
    
  3. For each cluster in the list, enter the following command at the command prompt, then enter the bccadmin user name and password when you are prompted.

    cluster credentials <cluster_name>
    

    For example, issue the command once for each peer cluster:

    cluster credentials cluster1
    Enter the credentials for the specified cluster. Press CTRL+C to cancel.
    Username: bccadmin
    Password: 
    Please wait...
    The credentials for cluster cluster1 have been saved.
    
    cluster credentials cluster2
    Enter the credentials for the specified cluster. Press CTRL+C to cancel.
    Username: bccadmin
    Password: 
    Please wait...
    The credentials for cluster cluster2 have been saved.
    

    If you created different BCC Administrator users for each peer cluster, you will provide the respective credentials for each cluster.

  4. Verify that the peer clusters are recognized as being members of the same BCC. Enter the cluster connections command and cluster view command to view the status.

    For example, on cluster1:

    cluster connections cluster1
    
    Connection status for cluster: cluster1
      Cluster Name             Username             Connection Status
      cluster1                 bccadmin                            OK
      cluster2                 bccadmin                            OK
    
    cluster view
    
          Cluster cluster1
          This node c1_node1 [epoch 1 master node c1_node2]
          Cluster nodes [c1_node1, c1_node2]
          BCC peer clusters [cluster1, cluster2]
    

    If you created different BCC Administrator users for each peer cluster, each peer cluster would report a different user name in the cluster connections command.

  5. Add the BCC Administrator user to the ncsgroup for the cluster. Repeat the following steps for every node in the peer cluster:

    1. As the root user, open the /etc/group file in a text editor.

    2. Locate the line that reads ncsgroup, then modify it to include the bccadmin user.

      For example, change

      ncsgroup:!:107:
      

      to

      ncsgroup:!:107:bccadmin
      

      For example, change

      ncsgroup:!:107:bccd
      

      to

      ncsgroup:!:107:bccd,bccadmin
      

      The file should contain one of the above lines, but not both.

      Notice the group ID number of the ncsgroup. In this example, the number 107 is used. This number can be different for each cluster node.

    3. Save the /etc/group file.

    4. At the server console prompt, enter the following to verify that the bccadmin user is a member of the ncsgroup.

      id bccadmin 
      
  6. Repeat the previous steps on a node in each peer cluster in turn.

    The nodes in the other peer clusters know about the peer clusters, but they do not yet have the credentials needed to connect.