4.5. Connecting from a Remote Machine
Provided Pacemaker is installed on a machine, it is possible to connect to the cluster even if the machine itself is not in the same cluster. To do this, one simply sets up a number of environment variables and runs the same commands as when working on a cluster node.
Table 4.1. Environment Variables Used to Connect to Remote Instances of the CIB
| Environment Variable | Default | Description |
|---|
|
CIB_user
|
$USER
|
The user to connect as. Needs to be part of the haclient group on the target host.
|
|
CIB_passwd
|
|
The user’s password. Read from the command line if unset.
|
|
CIB_server
|
localhost
|
|
|
CIB_port
|
|
The port on which to contact the server; required.
|
|
CIB_encrypted
|
TRUE
|
Whether to encrypt network traffic
|
So, if c001n01 is an active cluster node and is listening on port 1234 for connections, and someuser is a member of the haclient group, then the following would prompt for someuser's password and return the cluster’s current configuration:
# export CIB_port=1234; export CIB_server=c001n01; export CIB_user=someuser;
# cibadmin -Q
For security reasons, the cluster does not listen for remote connections by default. If you wish to allow remote access, you need to set the remote-tls-port (encrypted) or remote-clear-port (unencrypted) CIB properties (i.e., those kept in the cib tag, like num_updates and epoch).
Table 4.2. Extra top-level CIB properties for remote access
| Field | Default | Description |
|---|
|
remote-tls-port
|
none
|
Listen for encrypted remote connections on this port.
|
|
remote-clear-port
|
none
|
Listen for plaintext remote connections on this port.
|
The Pacemaker version on the administration host must be the same or greater than the version(s) on the cluster nodes. Otherwise, it may not have the schema files necessary to validate the CIB.
