Use the Edit task to change the Resources, Security, Tuning,
and Other options for a cluster.
Fields
The first section contains the name
of the selected cluster. You cannot change the name of the cluster.
- Resources
- The Resources section contains the controlling
node name and multicast IP address for the selected cluster.
- Controlling node
- Displays the default controlling node. You can select a different
node to use as the communications link between a cluster and the Director
UI. All actions performed with the Director UI are performed on the
controlling node. For those changes to become effective on the other
nodes in a cluster, you must synchronize the cluster. For additional
information about synchronizing a cluster, see Verify and Synchronize a Cluster.
- Cluster multicast address
- Displays the IP address that is used by the PowerHA® SystemMirror software to
send messages to peer nodes when a node failure occurs in a cluster
with no sites.
- Active Repository disk
- Displays the location that is used by PowerHA SystemMirror software to
store configuration data for clusters with no sites.
- Security
- The Security section contains the security
level and type of security certificate. The security settings that
you configure determine the security level and methods that are used
to secure cluster communications.
- Security level
- Select a security level from the menu.
- Node Security Configuration
- Indicates the type of certificate and associated key that the
cluster uses for authentication and to provide secure communications.
Select one of the following security node identity types for the new
cluster:
- Open SSL Certificates - Selecting this option indicates that the
nodes within the cluster are to use certificates and associated public/private
key pairs that were obtained from a public Certificate Authority,
such as VeriSign.
- SSH Certificates - Selecting this option indicates that the cluster
is to use a certificate and associated encryption key. When you select
this option you must also specify the absolute path and file names
for the Certificate and the associated Key.
- Self Signed Certificates - Selecting this option indicates that
the nodes in the cluster are to use certificates and their associated
public/private key pairs that are self-generated. This is the default
setting.
- Symmetric algorithm
- Specifies the algorithm that is used to generate a symmetric key
that is shared among the nodes in the cluster to encrypt communications
within the cluster. Select one of the following algorithms to use
for symmetric key generation:
- DES (Data Encryption Standard) - Generates a 56-bit symmetric
key. This is the default setting.
- 3DES (Triple Data Encryption Algorithm) - Uses three DES keys
to generate a longer, more secure symmetric key.
- AES (Advanced Encryption Standard) - Generates a symmetric key
with a minimum size of 128 bits and provides the strongest encryption
security.
- Asymmetric algorithm
- Displays the asymmetric algorithm type.
- Automatically distribute certificates
- Specifies whether certificates for the nodes within the cluster
are to be distributed automatically.
- Periodic refresh rate
- Specifies the length of time before the certificates and keys
for the nodes in the cluster are refreshed or regenerated. The format
is hh:mm:ss. Use 0 to
disable the field.
- Grace period
- Specifies the length of time in which messages from an outdated
symmetric or public key are valid and accepted by nodes within the
cluster. An encryption key, whether a symmetric key or a public key
from a certificate, is outdated when a new key is generated based
on the periodic refresh rate. The format is hh:mm:ss.
- Certificate location
- This field is available only when the Security node
Identity is set to Custom Certificate/Key. Enter
the absolute path and file name for the location of the custom certificate.
- Key location
- This field is available only when the Security node
Identity is set to Custom Certificate/Key. Enter
the absolute path and file name for the location of the key associated
with the custom certificate.
- Tuning
- The Tuning section contains Heartbeat frequency
and Grace period information.
- Heartbeat frequency (seconds)
- Controls the frequency in which the node communicates across the
various enabled heart beating sources, as defined by hb_src_xxx attributes.
The
value is in the number of seconds that a node may consider another
node ’X’ to be DOWN if it receives no incoming heartbeats from node
’X’.
CAA uses this attribute to control the frequency of Gossip
Packets, the aggregate heartbeat message sent by gateway servers in
linked clusters and the interval based heartbeating algorithms that
tick over SAN and DISK.
The value can be mentioned 1 to 20.
The default value is 5.
- Grace period (seconds)
- Controls the behavior of the node monitor which periodically evaluates
the set of activated heart beating sources to determine whether a
node is UP or DOWN.
This attribute specifies the amount of
time in seconds that the node monitor must wait after it makes the
determination that another node is DOWN before posting it as DOWN.
Default is 10. Range of 5-30.
- Site heartbeat frequency (seconds)
- Specifies the time in seconds for the health management layer
to wait before declaring the inter site link as failed.
A site
failure detection could drive switch to another link and continue
the communication. If all the links have failed, the preparation for
declaring the site as failed starts.
Hence site failure is declared
when the last link fails and potentially the specified time in seconds
has elapsed.
Site failure indication time is the addition of
the values specified by the Node failure detection timeout and Link
failure detection timeout and Node failure
grace time fields.
- Other
- The Other section contains verification
and synchronization information.
- Automatically verify cluster configuration
- To automatically verify a cluster configuration, select the Yes option
from the pull-down menu. When the Yes option is
selected, the automatic verification occurs once each day.
- Hour (00-23)
- To specify the hour when the cluster configuration is automatically
verified, select the hour from the menu; where 00 is
12:00 a.m. and 23 is 11:00 p.m.
- Inter-Site recovery
- Select the inter-site recovery for resource groups.
This is
the action that the PowerHA SystemMirror takes
when a resource group cannot be brought to online state on its primary
site.
The default action is to fallover the resource group to
its backup site.
Select the Notify option
if you want PowerHA SystemMirror to
run the notify method instead of inter-site fallover during a resource
failure. This option makes the resource group move into Error state
during failure.
- Notify script or executable
- The full pathname of a user defined method to display the notification
when the resource fails. Configuring this method is strongly recommended
when the failure action of Notify is used.