Edit Cluster Properties

Use the Edit task to change the Resources, Security, Tuning, and Other options for a cluster.

Fields

The first section contains the name of the selected cluster. You cannot change the name of the cluster.

Resources
The Resources section contains the controlling node name and multicast IP address for the selected cluster.
Cluster multicast address
Displays the IP address that is used by the PowerHA® SystemMirror software to send messages to peer nodes when a node failure occurs in a cluster.
Controlling node
Displays the default controlling node. You can select a different node to use as the communications link between a cluster and the Director UI. All actions performed with the Director UI are performed on the controlling node. For those changes to become effective on the other nodes in a cluster, you must synchronize the cluster. For additional information about synchronizing a cluster, see Verify and Synchronize a Cluster.
Repository
Displays the location that is used by PowerHA SystemMirror software to store configuration data.
Security
The Security section contains the security level and type of security certificate. The security settings that you configure determine the security level and methods that are used to secure cluster communications.
Security level
Select a security level from the menu.
Node Security Configuration
Indicates the type of certificate and associated key that the cluster uses for authentication and to provide secure communications. Select one of the following security node identity types for the new cluster:
  • Open SSL Certificates - Selecting this option indicates that the nodes within the cluster are to use certificates and associated public/private key pairs that were obtained from a public Certificate Authority, such as VeriSign.
  • SSH Certificates - Selecting this option indicates that the cluster is to use a certificate and associated encryption key. When you select this option you must also specify the absolute path and file names for the Certificate and the associated Key.
  • Self Signed Certificates - Selecting this option indicates that the nodes in the cluster are to use certificates and their associated public/private key pairs that are self-generated. This is the default setting.
Symmetric algorithm
Specifies the algorithm that is used to generate a symmetric key that is shared among the nodes in the cluster to encrypt communications within the cluster. Select one of the following algorithms to use for symmetric key generation:
  1. DES (Data Encryption Standard) - Generates a 56-bit symmetric key. This is the default setting.
  2. 3DES (Triple Data Encryption Algorithm) - Uses three DES keys to generate a longer, more secure symmetric key.
  3. AES (Advanced Encryption Standard) - Generates a symmetric key with a minimum size of 128 bits and provides the strongest encryption security.
Asymmetric algorithm
Displays the asymmetric algorithm type.
Automatically distribute certificates
Specifies whether certificates for the nodes within the cluster are to be distributed automatically.
Grace period
Specifies the length of time in which messages from an outdated symmetric or public key are valid and accepted by nodes within the cluster. An encryption key, whether a symmetric key or a public key from a certificate, is outdated when a new key is generated based on the periodic refresh rate. The format is hh:mm:ss.
Periodic refresh rate
Specifies the length of time before the certificates and keys for the nodes in the cluster are refreshed or regenerated. The format is hh:mm:ss. Use 0 to disable the field.
Certificate location
This field is available only when the Security node Identity is set to Custom Certificate/Key. Enter the absolute path and file name for the location of the custom certificate.
Key location
This field is available only when the Security node Identity is set to Custom Certificate/Key. Enter the absolute path and file name for the location of the key associated with the custom certificate.
Tuning
The Tuning section contains Heartbeat frequency and Grace period information.
Heartbeat frequency (milliseconds)
Controls the frequency in which the node communicates across the various enabled heart beating sources, as defined by hb_src_xxx attributes.

The value is in the number of milliseconds that a node may consider another node ’X’ to be DOWN if it receives no incoming heartbeats from node ’X’.

CAA uses this attribute to control the frequency of Gossip Packets, the aggregate heartbeat message sent by gateway servers in linked clusters and the interval based heartbeating algorithms that tick over SAN and DISK.

The value can be mentioned from 1000 to 20000. The default value is 5000.

Grace period (milliseconds)
Controls the behavior of the node monitor which periodically evaluates the set of activated heart beating sources to determine whether a node is UP or DOWN.

This attribute specifies the amount of time in milliseconds that the node monitor must wait after it makes the determination that another node is DOWN before posting it as DOWN. Default is 10000. Range of 5000-30000.
Other
The Other section contains verification and synchronization information.
Event timeout (seconds)
The Event timeout option is used to configure the expected time, in seconds, that is required to run a cluster event. After the Event timeout time expires, config_too_long informational messages are sent to a /tmp/hacmp.out file and the console. These messages indicate that the event required more run time than expected.
Automatically verify cluster configuration
To automatically verify a cluster configuration, select the Yes option from the pull-down menu. When the Yes option is selected, the automatic verification occurs once each day.
Hour (00-23)
To specify the hour when the cluster configuration is automatically verified, select the hour from the menu; where 00 is 12:00 a.m. and 23 is 11:00 p.m.