In case of a two-cluster global cluster setup, you can configure a Steward to prevent potential split-brain conditions, provided the proper network infrastructure exists.
See About the Steward process: Split-brain in two-cluster global clusters.
To configure the Steward process for clusters not running in secure mode
/opt/VRTSvcs/bin/
For example:
cluster cluster1938 ( UserNames = { admin = gNOgNInKOjOOmWOiNL } ClusterAddress = "10.182.147.19" Administrators = { admin } CredRenewFrequency = 0 CounterInterval = 5 Stewards = {"10.212.100.165"} }
# steward -start
To configure the Steward process for clusters running in secure mode
See Prerequisites for clusters running in secure mode.
To verify that the wac process runs in secure mode, do the following:
Check the value of the wac resource attributes:
# hares -value wac StartProgram
The value must be "/opt/VRTSvcs/bin/wacstart - secure."
# hares -value wac MonitorProcesses
The value must be "/opt/VRTSvcs/bin/wac - secure."
List the wac process:
# ps -ef | grep wac
The wac process must run as "/opt/VRTSvcs/bin/wac - secure."
Install the VRTSvcs and VRTSperl RPMs.
If the cluster UUID is not configured, configure it by using /opt/VRTSvcs/bin/uuidconfig.pl
.
On the system that is designated to run the Steward process, run the installvcs -securityonenode command.
The installer prompts for a confirmation if VCS is not configured or if VCS is not running on all nodes of the cluster. Enter y when the installer prompts whether you want to continue configuring security.
For more information about the -securityonenode option, see the Cluster Server Configuration and Upgrade Guide.
/opt/VRTSvcs/bin/steward_secure.pl
or perform the following steps:# unset EAT_DATA_DIR
# unset EAT_HOME_DIR
# /opt/VRTSvcs/bin/vcsauth/vcsauthserver/bin/vssat createpd -d VCS_SERVICES -t ab
# /opt/VRTSvcs/bin/vcsauth/vcsauthserver/bin/vssat addprpl -t ab -d VCS_SERVICES -p STEWARD -s password
# mkdir -p /var/VRTSvcs/vcsauth/data/STEWARD
# export EAT_DATA_DIR=/var/VRTSvcs/vcsauth/data/STEWARD
# /opt/VRTSvcs/bin/vcsat setuptrust -s high -b localhost:14149
# export EAT_DATA_DIR=/var/VRTSvcs/vcsauth/data/WAC
# vcsat setuptrust -b <IP_of_Steward>:14149 -s high
# export EAT_DATA_DIR=/var/VRTSvcs/vcsauth/data/STEWARD
# vcsat setuptrust -b <VIP_of_remote_cluster1>:14149 -s high
# vcsat setuptrust -b <VIP_of_remote_cluster2>:14149 -s high
# /opt/VRTSvcs/bin/steward -start -secure