How to Change the IP address of a GCO cluster for secure environment

book

Article ID: 100060551

calendar_today

Updated On:

Description

Description

How to Change the IP address of a GCO cluster (gcoip) for secure environment.

Solution

Configuration:

Prod (Primary) site :

cluster PROD (
        ClusterAddress = "192.168.10.150"
        DefaultGuestAccess = 1
        SecureClus = 1
        HacliUserLevel = COMMANDROOT
        )

remotecluster DR (
        ClusterAddress = "192.168.10.250"
        )

heartbeat Icmp (
        ClusterList = { DR }
        Arguments @DR = { "192.168.10.250" }
        )
group ClusterService (
        SystemList = { server101 = 0, server102 = 1 }
        AutoStartList = { server101, server102 }
        OnlineRetryLimit = 3
        OnlineRetryInterval = 120
        )
 

       Application wac (
       StartProgram = "/opt/VRTSvcs/bin/wacstart -secure"
       StopProgram = "/opt/VRTSvcs/bin/wacstop"
       MonitorProcesses = { "/opt/VRTSvcs/bin/wac -secure" }
       RestartLimit = 3
       )

       IP gcoip (
       Device = ens32
       Address = "192.168.10.150"
       NetMask = "255.255.255.0"
       )

       NIC gconic (
       Device = ens32
       )

DR(Secondary) site :
cluster DR (
        ClusterAddress = "192.168.10.250"
        DefaultGuestAccess = 1
        SecureClus = 1
        HacliUserLevel = COMMANDROOT
        )

remotecluster PROD (
        ClusterAddress = "192.168.10.150"
        )

heartbeat Icmp (
        ClusterList = { PROD }
        Arguments @PROD = { "192.168.10.150" }
        )

group ClusterService (
        SystemList = { drserver201 = 0, drserver202 = 1 }
        AutoStartList = { drserver201, drserver202 }
        OnlineRetryLimit = 3
        OnlineRetryInterval = 120
        )

        Application wac (
        StartProgram = "/opt/VRTSvcs/bin/wacstart -secure"
        StopProgram = "/opt/VRTSvcs/bin/wacstop"
        MonitorProcesses = { "/opt/VRTSvcs/bin/wac -secure" }
        RestartLimit = 3
        )

        IP gcoip (
        Device = ens32
        Address = "192.168.10.250"
        NetMask = "255.255.255.0"
        )
        
        NIC gconic (
        Device = ens32
        )


1. Perform the steps below at both sites on any one node of the cluster

[root@ ~]# /opt/VRTSvcs/bin/gcoconfig
Service group (ClusterService) already exists. Do you want to reconfigure Global Cluster Option?[y,n,q] (y)
Configuring existing NIC resource (gconic) of service group (ClusterService) for Global Cluster Option.
Do you want to use NIC ens32 for Global Cluster Option?[y,n,q] (y)
Configuring existing IP resource (gcoip) of service group (ClusterService) for Global Cluster Option.
Do you want to use IP 192.168.10.150 for Global Cluster Option?[y,n,q] (y) n
Enter the Virtual IP address for the Global Cluster Option: 192.168.20.251
Enter the netmask for IP 255.255.255.0 (255.255.255.0): 255.255.255.0
Configuring existing Application resource (wac) of service group (ClusterService) for Global Cluster Option.

Offlining group ClusterService

VCS NOTICE V-16-1-50733 Attempting to offline group on system server101

Modifying IP resource (gcoip) of group ClusterService

Onlining group ClusterService

VCS NOTICE V-16-1-50735 Attempting to online group on system server101
[root@ ~]#

Note: Follow the same step on the Secondary site as well.

Sample modified Output:

IP gcoip (
        Device = ens32
        Address = "192.168.10.151"
        NetMask = "255.255.255.0"
        )

Application wac (
        StartProgram = "/opt/VRTSvcs/bin/wacstart"
        StopProgram = "/opt/VRTSvcs/bin/wacstop"
        MonitorProcesses = { "/opt/VRTSvcs/bin/wac" }
        RestartLimit = 3
        )

2. Verify if the new IP has been plumbed on the node

3. Update the values of the StartProgram and MonitorProcesses attributes of the wac resource at both sites

#haconf -makerw
#hares -modify wac StartProgram "/opt/VRTSvcs/bin/wacstart -secure"
#hares -modify wac MonitorProcesses "/opt/VRTSvcs/bin/wac -secure"
#haconf -dump -makero

Note: As gcoconfig would update the wac resource, we have to add the secure attribute back to it.

Sample modified output:

Application wac (
        StartProgram = "/opt/VRTSvcs/bin/wacstart -secure"
        StopProgram = "/opt/VRTSvcs/bin/wacstop"
        MonitorProcesses = { "/opt/VRTSvcs/bin/wac -secure" }
        RestartLimit = 3
        )


4. Update the values for the local/remote cluster IP's on both sites.


syntax: 

#haclus -modify attr value [-clus remote_cluster_name]

From primary site:

#haclus -modify ClusterAddress 192.168.10.251 -clus DR   <<< remote cluster ip

#haclus -modify ClusterAddress 192.168.10.151           <<<< local cluster ip

haclus -display DR

#Attribute            Value
AdministratorGroups
Administrators
CID
ClusState             INIT
ClusterAddress        192.168.10.251        <<<<<
ClusterName           DR
ClusterUUID
ConnectTimeout        300
DeclaredState
EngineVersion         0.0.0.000
Guests
OperatorGroups
Operators
RemoteConnectInterval 5
SocketTimeout         180
SourceFile            ./main.cf
VCSFeatures           NONE
VCSMode               UNKNOWN_MODE
WACPort               14155
 

From DR site:

#haclus -modify ClusterAddress 192.168.10.151 -clus PROD  <<< remote cluster ip

#haclus -modify ClusterAddress 192.168.10.251           <<<< local cluster ip

 

5. Update the values of the ICMP Resource (Heartbeat) on both sites.
 

syntax:

# /opt/VRTSvcs/bin/hahb -modify Icmp Arguments -clus

Primary:

/opt/VRTSvcs/bin/hahb -modify Icmp Arguments 192.168.20.251 -clus DR

/opt/VRTSvcs/bin/hahb -display
#HB Attribute Scope Value
Icmp AYAInterval global 60
Icmp AYARetryLimit global 3
Icmp AYATimeout global 30
Icmp AgentState global ON
Icmp Arguments DR 192.168.10.251              <<<< 
Icmp CleanTimeout global 300
Icmp ClusterList global DR
Icmp InitTimeout global 300
Icmp LogDbg global
Icmp StartTimeout global 300
Icmp State DR DOWN
Icmp StopTimeout global 300

Secondary:

/opt/VRTSvcs/bin/hahb -modify Icmp Arguments 192.168.20.151 -clus PROD

 

6. Establish trust between both clusters

For example, in a VCS global cluster environment with two clusters, perform the following steps to establish trust between the clusters:

  • On each node of the first cluster, enter the following command: #/opt/VRTSvcs/bin/vcsauth/vcsauthserver/bin/vssat setuptrust -b IP_address_of_the_second_cluster:14149 -s medium

     

  • The command obtains and displays the security certificate and other details of the root broker of the second cluster.

    If the details are correct, enter y at the command prompt to establish trust. For example:

    The hash of the above credential is b36a2607bf48296063068e3fc49188596aa079bb

    Do you want to trust the above?(y/n) y

  • On each node of the second cluster, enter the following command: #/opt/VRTSvcs/bin/vcsauth/vcsauthserver/bin/vssat setuptrust -b IP_address_of_the_first_cluster:14149 -s medium

  • The command obtains and displays the security certificate and other details of the root broker of the first cluster.

    If the details are correct, enter y at the command prompt to establish trust.

 

7. Restart the wac resource

#hares -offline wac -sys

#hares -online wac -sys

 

Issue/Introduction

How to Change the IP address of a GCO cluster for secure environment
Powered by Wolken Software