7.2 Adding Peer Cluster Credentials

Clusters must be able to authenticate to themselves and to peer clusters. In order for one cluster to connect to a second cluster, the first cluster must be able to authenticate to the second cluster. For each node, add the authentication credentials (user name and password) of the user that the selected cluster will use to authenticate to a selected peer cluster.

Configure peer cluster credentials on one node in each peer cluster in the business continuity cluster:

  1. Log in as the root user on the cluster node where you want to add peer credentials in this cluster, then open a terminal console.

    You can use any node in the cluster to specify credentials.

  2. At the command prompt, enter

    cluster connections <cluster_name>
    

    For example, this lists the BCC peer clusters and credential information. At this point, the credentials have not been provided and are reported as invalid.

    cluster connections cluster1
    
    Connection status for cluster: cluster1
      Cluster Name             Username             Connection Status
      cluster1                 <unknown>          Invalid Credentials
      cluster2                 <unknown>          Invalid Credentials
    
  3. Verify that all clusters are present in the list.

    If the clusters are not present, the Identity Manager drivers are not synchronized.

    If synchronization is in progress, wait for it to complete, then try cluster connections again.

    If you need to synchronize, see Synchronizing Identity Manager Drivers.

  4. For each cluster in the list, enter the following command at the command prompt, then enter the bccadmin user name and password when you are prompted:

    cluster credentials <cluster_name>
    

    For example, issue the command once for each peer cluster:

    cluster credentials cluster1
    Enter the credentials for the specified cluster. Press CTRL+C to cancel.
    Username: bccadmin
    Password: 
    Please wait...
    The credentials for cluster cluster1 have been saved.
    
    cluster credentials cluster2
    Enter the credentials for the specified cluster. Press CTRL+C to cancel.
    Username: bccadmin
    Password: 
    Please wait...
    The credentials for cluster cluster2 have been saved.
    

    If you created different BCC Administrator users for each peer cluster, you will provide the respective credentials for each cluster.

  5. Verify that the peer clusters are recognized as being members of the same BCC. Enter the cluster connections command and cluster view command to view the status.

    For example, on cluster1:

    cluster connections cluster1
    
    Connection status for cluster: cluster1
      Cluster Name             Username             Connection Status
      cluster1                 bccadmin                            OK
      cluster2                 bccadmin                            OK
    
    cluster view
    
          Cluster cluster1
          This node c1_node1 [epoch 1 master node c1_node2]
          Cluster nodes [c1_node1, c1_node2]
          BCC peer clusters [cluster1, cluster2]
    

    If you created different BCC Administrator users for each peer cluster, each peer cluster would report a different user name in the cluster connections command.

  6. Add the BCC Administrator user to the ncsgroup for the cluster. Repeat the following steps for every node in the peer cluster:

    1. As the root user, open the /etc/group file in a text editor.

    2. Locate the line that reads ncsgroup, then modify it to include the bccadmin user.

      For example, change

      ncsgroup:!:107:
      

      to

      ncsgroup:!:107:bccadmin
      

      For example, change

      ncsgroup:!:107:bccd
      

      to

      ncsgroup:!:107:bccd,bccadmin
      

      The file should contain one of the above lines, but not both.

      Notice the group ID number of the ncsgroup. In this example, the number 107 is used. This number can be different for each cluster node.

    3. Save the /etc/group file.

    4. At the server console prompt, enter the following to verify that the bccadmin user is a member of the ncsgroup.

      id bccadmin 
      
  7. Repeat the previous steps on a node in each peer cluster in turn.

    The nodes in the other peer clusters know about the peer clusters, but they do not yet have the credentials needed to connect.

  8. (Optional) Use iManager to verify that the peer clusters are communicating their status.

    1. Log in to iManager as the BCC administrator.

    2. Select Clusters > My Clusters.

      BCC-enabled clusters are identified by a check in the BCC column.

    3. Click the cluster name of a peer cluster.

    4. Select the BCC Manager tab.

      The connection status is good for this peer cluster. There are no BCC-enabled resources at this time.

    5. Return to the My Clusters page, select another peer cluster, then go to its BCC Manager tab.

      The connection status is good for the other peer cluster. There are no BCC-enabled resources at this time.