Distributed Systems Administration Utilities User's Guide, Linux, March 2009
update.conf and cfagent.conf define the master configuration synchronization server to
be the registered DNS name for the relocatable IP address of the package. When managed clients
run cfagent (see cfagent(8)), cfagent connects to cfservd on the package’s adoptive node.
Thus the cluster members themselves are all managed clients. The member hosting the package
additionally acts as the master server for the policy files.
When booting the cluster, each member will start a client cfservd. This is the cfservd that
responds to cfrun requests. When the package starts on a member, that cfservd now has
access to the filesystem of the package and becomes the master cfservd that serves the policy
files to all managed clients. This cfservd is monitored by the package. If cfservd fails, the
package will attempt to restart on another member. That member’s cfservd will then become
the master cfservd.
Halting the package does not stop the cfservd daemon on the adoptive member since the
expectation is that the daemon is present to respond to future cfrun requests. Also, unlike some
other high availability services, if the csync package is down or unavailable, remote clients are
not adversely impacted. The clients continue to run with their currently defined configurations.
The administrator would need to make sure the package is up and running in order to distribute
any new configuration instructions to the managed clients.
The wizard automates cfengine key distribution to all cluster members. For a detailed description
of key distribution steps performed, refer to “Security Notes” (page 40).
2.3.1.4 Serviceguard Automation Features
The Distributed Systems Administration Utilities require Serviceguard 11.17 or later. With
Serviceguard 11.17 or later, when members are added to or deleted from the cluster, the
configuration synchronization tools automatically take the appropriate configuration actions.
Specifically:
• When adding a member to the cluster, the new member is automatically configured to
participate in configuration synchronization. The following configuration actions occur
automatically on the added member:
1. /etc/rc.config.d/cfservd is changed to set CSYNC_CONFIGURED to 1.
2. The appropriate cfengine public/private keys are created for the new member and
placed in the member's /var/opt/dsau/cfengine/ppkeys directory. The new keys
for this member are also distributed to the /var/opt/dsau/cfengine/ppkeys
directories on the other cluster members.
3. The new member’s /var/opt/dsau/cfengine/inputs directory is populated.
4. cfservd is started on the new member.
5. The package files are copied to SGCONF/csync/ on the new member. The SGCONF
path is defined in the /etc/cmcluster.conf file.
6. A cfagent synchronization run is performed on the master to populate the master’s
/var/opt/dsau/cfengine/inputs directory.
7. A cfagent synchronization run is performed on the newly added member.
If there are any errors when performing these automated actions, messages are posted to
syslog on the master server. Use cmviewcl -p csync to determine which member is
currently the master server. Alternatively, if the cluster is using consolidated logging, check
for messages in the consolidated syslog.
• When deleting a member from a cluster, the public key of the deleted member is deleted
from the /var/opt/dsau/cfengine/ppkeys directory clusterwide.
• The administrator can define cfengine groups or classes that enumerate all the members of
a particular Serviceguard cluster. These class definitions are not updated automatically and
the administrator must manually update the cfagent.conf and related files for cluster
membership changes.
2.3 Configuring cfengine 27