Product SiteDocumentation Site

Chapter 9. Advanced Configuration

Table of Contents

9.1. Connecting to the Cluster Configuration from a Remote Machine
9.2. Specifying When Recurring Actions are Performed
9.3. Moving Resources
9.3.1. Manual Intervention
9.3.2. Moving Resources Due to Failure
9.3.3. Moving Resources Due to Connectivity Changes
9.3.4. Resource Migration
9.4. Reusing Rules, Options and Sets of Operations
9.5. Reloading Services After a Definition Change

9.1. Connecting to the Cluster Configuration from a Remote Machine

Provided Pacemaker is installed on a machine, it is possible to connect to the cluster even if the machine itself is not a part of it. To do this, one simply sets up a number of environment variables and runs the same commands as you would when working on a cluster node.
Table 9.1. Environment Variables Used to Connect to Remote Instances of the CIB
Environment Variable Description
CIB_user The user to connect as. Needs to be part of the hacluster group on the target host. Defaults to $USER
CIB_passwd The user's password. Read from the command line if unset
CIB_server The host to contact. Defaults to localhost.
CIB_port The port on which to contact the server. Required.
CIB_encrypted Encrypt network traffic. Defaults to true.

So if c001n01 is an active cluster node and is listening on 1234 for connections, and someguy is a member of the hacluster group. Then the following would prompt for someguy's password and return the cluster's current configuration:
	 export CIB_port=1234; export CIB_server=c001n01; export CIB_user=someguy; cibadmin -Q 
For security reasons, the cluster does not listen remote connections by default. If you wish to allow remote access, you need to set the remote-tls-port (encrypted) or remote-clear-port (unencrypted) top-level options (ie. those kept in the cib tag , like num_updates and epoch).
Table 9.2. Extra top-level CIB options for remote access
Field Description
remote-tls-port Listen for encrypted remote connections on this port. Default: none
remote-clear-port Listen for plaintext remote connections on this port. Default: none