9.1. Connecting from a Remote Machine
Provided Pacemaker is installed on a machine, it is possible to connect to the cluster even if the machine itself is not in the same cluster. To do this, one simply sets up a number of environment variables and runs the same commands as when working on a cluster node.
Table 9.1. Environment Variables Used to Connect to Remote Instances of the CIB
|
Environment Variable
|
Description
|
|---|
|
CIB_user
|
The user to connect as. Needs to be part of the hacluster group on the target host. Defaults to $USER.
|
|
CIB_passwd
|
The user’s password. Read from the command line if unset.
|
|
CIB_server
|
The host to contact. Defaults to localhost.
|
|
CIB_port
|
The port on which to contact the server; required.
|
|
CIB_encrypted
|
Encrypt network traffic; defaults to true.
|
So, if c001n01 is an active cluster node and is listening on 1234 for connections, and someguy is a member of the hacluster group, then the following would prompt for someguy's password and return the cluster’s current configuration:
# export CIB_port=1234; export CIB_server=c001n01; export CIB_user=someguy;
# cibadmin -Q
For security reasons, the cluster does not listen for remote connections by default. If you wish to allow remote access, you need to set the remote-tls-port (encrypted) or remote-clear-port (unencrypted) top-level options (ie., those kept in the cib tag, like num_updates and epoch).
Table 9.2. Extra top-level CIB options for remote access
|
Field
|
Description
|
|---|
|
remote-tls-port
|
Listen for encrypted remote connections on this port. Default: none
|
|
remote-clear-port
|
Listen for plaintext remote connections on this port. Default: none
|
