10.2 Peer Clusters

10.2.1 Administration of Peer Clusters Is Not Functional

This problem is normally caused by the BCC Administrator user not having file system rights to the cluster administration files. For information, see the following:

10.2.2 Peer Cluster Communication Is Not Working

If BCC communication between peer clusters is not functioning, the problem might be caused by one of the following conditions:

  • The credentials for the remote cluster have not been set.

    You cannot use iManager on a server in one tree to set credentials for a BCC cluster in another tree. This is because BCC and iManager use the tree key to encrypt the credentials. Setting credentials by using iManager in a different tree uses an invalid tree encryption.

  • A firewall is blocking port 5988 or 5989 (CIM communications using OpenWBEM).

10.2.3 Cluster Connection States

The connection state numbers are recorded in a log file that you can use to view connection and status changes for BCC.

The default path to the log file on Linux is /var/log/messages. The administrator might have changed this path from the default. Search for BCCD to view BCC-related messages and entries in the log file.

There are several different cluster connection states:

Table 10-1 BCC Connection States

BCC Connection State

Number

Description

Possible Actions

Normal

0

The connections between clusters are functioning normally.

None required.

Authenticating

1

BCC is in the process of authenticating to a peer cluster.

Wait until the authentication process is finished.

Invalid Credentials

2

You entered the wrong user name or password for the selected peer cluster.

Enter the correct user name and password that this cluster will use to connect to the selected peer cluster.

Cannot Connect

3

This cluster cannot connect to the selected peer cluster.

Ping the peer cluster to see if it is up and reachable.

Ensure that Novell Cluster Services is running on the servers in the peer cluster, then ensure that BCC is running on the peer clusters.

Ensure that OpenWBEM is running on the peer cluster.

Ensure that a firewall is not preventing access on OpenWBEM ports 5988 and 5989.

Ensure that the Admin file system is running. To do this, enter etc/init.d/adminfs status.

Not Authorized

4

The connected user does not have sufficient rights for permissions.

Assign the appropriate trustee rights to the user who will manage your BCC. For information, see Assigning Trustee Rights for the BCC Administrator User to the Cluster Objects.

Connection Unknown

5

The connection state between clusters is unknown.

This connection state might be caused by any number of problems, including a severed cable or link problems between geographic sites.

10.2.4 Driver Port Number Conflicts

If your Identity Manager driver or drivers will not start, check for a port number conflict. Identity Manager driver port numbers must not be the same as other driver port numbers in the cluster or ports being used by other services such as Apache.

To check driver port numbers:

  1. Log in to iManager as the BCC Administrator user.

  2. Go to the Identity Manager page.

  3. Click Identity Manager Administration > Identity Manager Overview.

  4. Select Search Entire Tree, then click Search.

  5. Select the driver you want to check by clicking the red Cluster Sync icon.

  6. Click the icon again, then click the Identity Manager tab (if it is not already selected).

  7. In the Authentication context field, view and if necessary change the port numbers next to the IP address.

    For example, the Authentication context field might contain a value similar to 10.1.1.12:2003:2003. In this example, the first port number (2003) is the port number for the corresponding Identity Manager driver on the cluster that this cluster is synchronizing with. The second port number (2003) is the port number for the Identity Manager driver on this cluster.

    These port numbers should be the same, but should not be the same as the port numbers for other Identity Manager drivers on either this or the remote cluster.

  8. If you change the port numbers, restart the driver by clicking the upper-right corner of the Cluster Sync icon, then click Restart driver.

  9. If you changed the port number in Step 7, change the port numbers to be the same for the corresponding driver in the other cluster.

    You can do this by repeating the process for the Identity Manager driver on the other cluster.

10.2.5 Security Equivalent User

If resources or peers do not appear in peer clusters in your BCC, it is possible that either a cluster resource synchronization driver is not security equivalent to a user with administrative rights to the cluster.

NOTE:Rather than using the eDirectory Admin user to administer your BCC, you should consider creating another user with sufficient rights to the appropriate contexts in your eDirectory tree to manage your BCC.

The Driver object must have sufficient rights to any object it reads or writes in the following containers:

  • The Identity Manager driver set container.

  • The container where the Cluster object resides.

  • The container where the Server objects reside.

    If server objects reside in multiple containers, this must be a container high enough in the tree to be above all containers that contain server objects. The best practice is to have all server objects in one container.

  • The container where the cluster pool and volume objects are placed when they are synchronized to this cluster. This container is sometimes referred to as the landing zone. The NCP server objects for the virtual server of a BCC-enabled resource are also placed in the landing zone.

To make the Cluster Resource Synchronization Driver object the security equivalent to a User object with administrative rights:

  1. Log in as the BCC Administrator user.

  2. Go to the Identity Manager page.

  3. Click Identity Manager Administration > Identity Manager Overview.

  4. Choose Search Entire Tree, then click Search.

  5. Select the driver you want to check by clicking the red Cluster Sync icon.

  6. Click the icon again, then click the Identity Manager tab if it is not already selected.

  7. Click Security Equals, then view or add a user as needed to be its security equivalent.

  8. Repeat Step 5 through Step 7 for the other drivers in your BCC.

Ensure that the BCC Administrator user is a LUM-enabled user. To LUM-enable a user, see Managing User and Group Objects in eDirectory in the OES 11 SP1: Novell Linux User Management Administration Guide.

10.2.6 Clusters Cannot Communicate

If the clusters in your BCC cannot communicate with each other, it is possible that the User object you are using to administer your BCC does not have sufficient rights to the Cluster objects for each cluster. To resolve this problem, ensure that the BCC Administrator user is a trustee of the Cluster objects and has at least Read and Write rights to the All Attributes Rights property.

  1. Log in as the BCC Administrator user.

  2. In Roles and Tasks, click Rights, then click Modify Trustees.

  3. Browse to select the Cluster object name, then click OK.

  4. Click OK to view the trustee information for the selected object.

  5. If the BCC Administrator user is not listed as a trustee, click the Add Trustee button, browse and select the User object, then click OK.

  6. Click Assigned Rights for the BCC Administrator user, then ensure that the Read and Write check boxes are selected for the All Attributes Rights property.

  7. Click Done to save your changes.

  8. Repeat Step 2 through Step 7 for the other Cluster objects in your BCC.