Configuring the Steward process (optional)


Configuring the Steward process (optional)
Prev	Configuring clusters for global cluster setup	Next

In case of a two-cluster global cluster setup, you can configure a Steward to prevent potential split-brain conditions, provided the proper network infrastructure exists.

See About the Steward process: Split-brain in two-cluster global clusters.

To configure the Steward process for clusters not running in secure mode

Identify a system that will host the Steward process.
Make sure that both clusters can connect to the system through a ping command.
Copy the file steward from a node in the cluster to the Steward system. The file resides at the following path:
/opt/VRTSvcs/bin/

In both clusters, set the Stewards attribute to the IP address of the system running the Steward process.

For example:

cluster cluster1938 (
UserNames = { admin = gNOgNInKOjOOmWOiNL }
ClusterAddress = "10.182.147.19"
Administrators = { admin }
CredRenewFrequency = 0
CounterInterval = 5
Stewards = {"10.212.100.165"}
}

On the system designated to host the Steward, start the Steward process:
```
# steward -start
```

To configure the Steward process for clusters running in secure mode

Verify that the prerequisites for securing Steward communication are met.
See Prerequisites for clusters running in secure mode.
To verify that the wac process runs in secure mode, do the following:
- Check the value of the wac resource attributes:
```
# hares -value wac StartProgram
```
  The value must be "/opt/VRTSvcs/bin/wacstart - secure."
```
# hares -value wac MonitorProcesses
```
  The value must be "/opt/VRTSvcs/bin/wac - secure."
- List the wac process:
```
# ps -ef | grep wac
```
  The wac process must run as "/opt/VRTSvcs/bin/wac - secure."
Identify a system that will host the Steward process.
Make sure that both clusters can connect to the system through a ping command.
Perform this step only if VCS is not already installed on the Steward system. If VCS is already installed, skip to step 5.
- Install the VRTSvcs and VRTSperl RPMs.
- If the cluster UUID is not configured, configure it by using /opt/VRTSvcs/bin/uuidconfig.pl.
- On the system that is designated to run the Steward process, run the installvcs -securityonenode command.
  
  The installer prompts for a confirmation if VCS is not configured or if VCS is not running on all nodes of the cluster. Enter y when the installer prompts whether you want to continue configuring security.
  
  For more information about the -securityonenode option, see the Cluster Server Configuration and Upgrade Guide.

Generate credentials for the Steward using /opt/VRTSvcs/bin/steward_secure.pl or perform the following steps:

# unset EAT_DATA_DIR

# unset EAT_HOME_DIR

# /opt/VRTSvcs/bin/vcsauth/vcsauthserver/bin/vssat createpd -d 
VCS_SERVICES -t ab

# /opt/VRTSvcs/bin/vcsauth/vcsauthserver/bin/vssat addprpl  -t ab 
-d VCS_SERVICES -p  STEWARD -s password

# mkdir -p /var/VRTSvcs/vcsauth/data/STEWARD

# export EAT_DATA_DIR=/var/VRTSvcs/vcsauth/data/STEWARD

# /opt/VRTSvcs/bin/vcsat setuptrust  -s high -b localhost:14149

Set up trust on all nodes of the GCO clusters:

# export EAT_DATA_DIR=/var/VRTSvcs/vcsauth/data/WAC

# vcsat setuptrust -b <IP_of_Steward>:14149 -s high

Set up trust on the Steward:

# export EAT_DATA_DIR=/var/VRTSvcs/vcsauth/data/STEWARD

# vcsat setuptrust -b <VIP_of_remote_cluster1>:14149 -s high

# vcsat setuptrust -b <VIP_of_remote_cluster2>:14149 -s high

On the system designated to run the Steward, start the Steward process:
```
# /opt/VRTSvcs/bin/steward -start -secure
```

To stop the Steward process

To stop the Steward process that is not configured in secure mode, open a new command window and run the following command:
```
# steward -stop
```
To stop the Steward process running in secure mode, open a new command window and run the following command:
```
# steward -stop -secure
```

Prev	Up	Next
Configuring additional heartbeat links (optional)	Home	Configuring service groups for global cluster setup