Distributed Systems Administration Utilities User's Guide, Linux, March 2009
NOTE: When adding members to a cluster, consider the following:
• When adding a member to a cluster that is configured as a highly available master server,
the csync package must be running when the member is added. The add member processing
task copies the configuration data from the package’s mounted filesystem to the new
member’s /var/opt/dsau/cfengine directories. If the package is not running, the
filesystem will not be accessible and the new member will not be properly configured. In
that case, the administrator can manually configure the new member as follows:
1. Make sure that the csync package is running. If not, start it.
2. Log in to the member running the package.
3. Execute the following command exactly as shown:
/opt/dsau/bin/csync_dispatcher MEMBER_ADDED: member_hostname
For example, if the new member’s unqualified hostname is newhost, use the following
command:
/opt/dsau/bin/csync_dispatcher MEMBER_ADDED: newhost
• When adding a member to the cluster that is configured as a highly available master server,
the cfengine security key of the new member is distributed clusterwide. This enables the
new member to operate as an adoptive node. If the csync package fails over to the new
member, the new member will correctly handle cfagent requests from all managed clients.
However, a cfrun executed from the new member will fail when contacting the managed
clients. For cfrun to work properly, each managed client must have a copy of each cluster
member’s key. (This is unlike cfagent on the managed client which needs only the key
that corresponds to the IP address of the csync package.)
For the new member to issue cfrun requests, its key must be manually created on each
managed client. There are two ways to distribute the key:
— Use the csync_wizard “Manage keys for cfengine clients” function, which regenerates
keys for all systems. All managed clients must be reachable for the regeneration to
complete.
— Copy existing member keys to the new member. This approach takes advantage of the
fact that the new member’s key is identical to the keys for the other cluster members.
On the managed client, any of the existing cluster member’s keys can be copied to the
proper name for the newly added member.
For example,
# cd /var/opt/dsau/cfengine/ppkeys
# cp root-existing_member_IP_address.pub \
root-new_member_IP_address.pub
2.3.1.5 Using the Wizard to Configure a Synchronization Client
You can use the Configuration Synchronization Wizard to add managed clients to an existing
cfengine configuration. Run the wizard on the master server, not the client system. When a
Serviceguard cluster is the master server, run the wizard on the adoptive node for the csync
package. When a Serviceguard cluster is configured as a highly available master server, adding
new members to the cluster does not require using the wizard to configure those new members.
They will be configured automatically. For more information, see “Serviceguard Automation
Features” (page 27).
If the client is not a cluster member, to distribute cfengine keys securely, the client must be
configured for non-interactive ssh access by the root account of the master server. The csshsetup
tool (see csshsetup(1)) makes it easy to configure ssh access to a remote system. The csshsetup
tool is used in the examples below.
28 Configuration Synchronization