Product SiteDocumentation Site

Chapter 9. Advanced Configuration

Table of Contents

9.1. Connecting from a Remote Machine
9.2. Specifying When Recurring Actions are Performed
9.3. Handling Resource Failure
9.3.1. Failure Counts
9.3.2. Failure Response
9.4. Moving Resources
9.4.1. Moving Resources Manually
9.4.2. Moving Resources Due to Connectivity Changes
9.4.3. Migrating Resources
9.5. Tracking Node Health
9.5.1. Node Health Attributes
9.5.2. Node Health Strategy
9.5.3. Measuring Node Health
9.6. Reloading Services After a Definition Change

9.1. Connecting from a Remote Machine

Provided Pacemaker is installed on a machine, it is possible to connect to the cluster even if the machine itself is not in the same cluster. To do this, one simply sets up a number of environment variables and runs the same commands as when working on a cluster node.

Table 9.1. Environment Variables Used to Connect to Remote Instances of the CIB

Environment Variable Default Description
CIB_user
$USER
The user to connect as. Needs to be part of the haclient group on the target host.
CIB_passwd
The user’s password. Read from the command line if unset.
CIB_server
localhost
The host to contact
CIB_port
The port on which to contact the server; required.
CIB_encrypted
TRUE
Whether to encrypt network traffic

So, if c001n01 is an active cluster node and is listening on port 1234 for connections, and someuser is a member of the haclient group, then the following would prompt for someuser's password and return the cluster’s current configuration:
# export CIB_port=1234; export CIB_server=c001n01; export CIB_user=someuser;
# cibadmin -Q
For security reasons, the cluster does not listen for remote connections by default. If you wish to allow remote access, you need to set the remote-tls-port (encrypted) or remote-clear-port (unencrypted) CIB properties (i.e., those kept in the cib tag, like num_updates and epoch).

Table 9.2. Extra top-level CIB properties for remote access

Field Default Description
remote-tls-port
none
Listen for encrypted remote connections on this port.
remote-clear-port
none
Listen for plaintext remote connections on this port.