9.1. Connecting from a Remote Machine
Provided Pacemaker is installed on a machine, it is possible to connect to the cluster even if the machine itself is not in the same cluster. To do this, one simply sets up a number of environment variables and runs the same commands as when working on a cluster node.
Table 9.1. Environment Variables Used to Connect to Remote Instances of the CIB
Environment Variable
|
Default
|
Description
|
---|
CIB_user
|
$USER
|
The user to connect as. Needs to be part of the haclient group on the target host.
|
CIB_passwd
|
|
The user’s password. Read from the command line if unset.
|
CIB_server
|
localhost
|
|
CIB_port
|
|
The port on which to contact the server; required.
|
CIB_encrypted
|
TRUE
|
Whether to encrypt network traffic
|
So, if c001n01 is an active cluster node and is listening on port 1234 for connections, and someuser is a member of the haclient group, then the following would prompt for someuser's password and return the cluster’s current configuration:
# export CIB_port=1234; export CIB_server=c001n01; export CIB_user=someuser;
# cibadmin -Q
For security reasons, the cluster does not listen for remote connections by default. If you wish to allow remote access, you need to set the remote-tls-port
(encrypted) or remote-clear-port
(unencrypted) CIB properties (i.e., those kept in the cib
tag, like num_updates
and epoch
).
Table 9.2. Extra top-level CIB properties for remote access
Field
|
Default
|
Description
|
---|
remote-tls-port
|
none
|
Listen for encrypted remote connections on this port.
|
remote-clear-port
|
none
|
Listen for plaintext remote connections on this port.
|