Use the Edit task to change the Resources, Security, Tuning,
and Other options for a cluster.
Fields
The first section contains the name
of the selected cluster. You cannot change the name of the cluster.
- Resources
- The Resources section contains the controlling
node name and multicast IP address for the selected cluster.
- Cluster multicast address
- Displays the IP address that is used by the PowerHA® SystemMirror software to
send messages to peer nodes when a node failure occurs in a cluster.
- Controlling node
- Displays the default controlling node. You can select a different
node to use as the communications link between a cluster and the Director
UI. All actions performed with the Director UI are performed on the
controlling node. For those changes to become effective on the other
nodes in a cluster, you must synchronize the cluster. For additional
information about synchronizing a cluster, see Verify and Synchronize a Cluster.
- Repository
- Displays the location that is used by PowerHA SystemMirror software to
store configuration data.
- Security
- The Security section contains the security
level and type of security certificate. The security settings that
you configure determine the security level and methods that are used
to secure cluster communications.
- Security level
- Select a security level from the menu.
- Node Security Configuration
- Indicates the type of certificate and associated key that the
cluster uses for authentication and to provide secure communications.
Select one of the following security node identity types for the new
cluster:
- Open SSL Certificates - Selecting this option indicates that the
nodes within the cluster are to use certificates and associated public/private
key pairs that were obtained from a public Certificate Authority,
such as VeriSign.
- SSH Certificates - Selecting this option indicates that the cluster
is to use a certificate and associated encryption key. When you select
this option you must also specify the absolute path and file names
for the Certificate and the associated Key.
- Self Signed Certificates - Selecting this option indicates that
the nodes in the cluster are to use certificates and their associated
public/private key pairs that are self-generated. This is the default
setting.
- Symmetric algorithm
- Specifies the algorithm that is used to generate a symmetric key
that is shared among the nodes in the cluster to encrypt communications
within the cluster. Select one of the following algorithms to use
for symmetric key generation:
- DES (Data Encryption Standard) - Generates a 56-bit symmetric
key. This is the default setting.
- 3DES (Triple Data Encryption Algorithm) - Uses three DES keys
to generate a longer, more secure symmetric key.
- AES (Advanced Encryption Standard) - Generates a symmetric key
with a minimum size of 128 bits and provides the strongest encryption
security.
- Asymmetric algorithm
- Displays the asymmetric algorithm type.
- Automatically distribute certificates
- Specifies whether certificates for the nodes within the cluster
are to be distributed automatically.
- Grace period
- Specifies the length of time in which messages from an outdated
symmetric or public key are valid and accepted by nodes within the
cluster. An encryption key, whether a symmetric key or a public key
from a certificate, is outdated when a new key is generated based
on the periodic refresh rate. The format is hh:mm:ss.
- Periodic refresh rate
- Specifies the length of time before the certificates and keys
for the nodes in the cluster are refreshed or regenerated. The format
is hh:mm:ss. Use 0 to
disable the field.
- Certificate location
- This field is available only when the Security node
Identity is set to Custom Certificate/Key. Enter
the absolute path and file name for the location of the custom certificate.
- Key location
- This field is available only when the Security node
Identity is set to Custom Certificate/Key. Enter
the absolute path and file name for the location of the key associated
with the custom certificate.
- Tuning
- The Tuning section contains Heartbeat frequency
and Grace period information.
- Heartbeat frequency (milliseconds)
- Controls the frequency in which the node communicates across the
various enabled heart beating sources, as defined by hb_src_xxx attributes.
The
value is in the number of milliseconds that a node may consider another
node ’X’ to be DOWN if it receives no incoming heartbeats from node
’X’.
CAA uses this attribute to control the frequency of Gossip
Packets, the aggregate heartbeat message sent by gateway servers in
linked clusters and the interval based heartbeating algorithms that
tick over SAN and DISK.
The value can be mentioned from 1000
to 20000. The default value is 5000.
- Grace period (milliseconds)
- Controls the behavior of the node monitor which periodically evaluates
the set of activated heart beating sources to determine whether a
node is UP or DOWN.
This attribute specifies
the amount of time in milliseconds that the node monitor must wait
after it makes the determination that another node is DOWN before
posting it as DOWN. Default is 10000. Range of 5000-30000.
- Other
- The Other section contains verification
and synchronization information.
- Event timeout (seconds)
- The Event timeout option is used to configure the expected time,
in seconds, that is required to run a cluster event. After the Event
timeout time expires, config_too_long informational
messages are sent to a /tmp/hacmp.out file and
the console. These messages indicate that the event required more
run time than expected.
- Automatically verify cluster configuration
- To automatically verify a cluster configuration, select the Yes option
from the pull-down menu. When the Yes option is
selected, the automatic verification occurs once each day.
- Hour (00-23)
- To specify the hour when the cluster configuration is automatically
verified, select the hour from the menu; where 00 is
12:00 a.m. and 23 is 11:00 p.m.