To complete the secure cluster configuration

1. On the first node, freeze all service groups except the ClusterService service group.

   # /opt/VRTSvcs/bin/haconf -makerw

   # /opt/VRTSvcs/bin/hagrp -list Frozen=0

   # /opt/VRTSvcs/bin/hagrp -freeze groupname -persistent 

   # /opt/VRTSvcs/bin/haconf -dump -makero

2. On the first node, stop the VCS engine.

   # /opt/VRTSvcs/bin/hastop -all -force

3. On all nodes, stop the CmdServer.

   # /opt/VRTSvcs/bin/CmdServer -stop

   # systemctl stop CmdServer

4. To grant access to all users, add or modify SecureClus=1 and DefaultGuestAccess=1 in the cluster definition.

   For example:

   To grant read access to everyone:

   Cluster clus1 (
   SecureClus=1
   DefaultGuestAccess=1
   )

   Or

   To grant access to only root:

   Cluster clus1 (
   SecureClus=1
   )

   Or

   To grant read access to specific user groups, add or modify SecureClus=1 and GuestGroups={} to the cluster definition.

   For example:

   cluster clus1 (
   SecureClus=1
   GuestGroups={staff, guest}

5. Modify /etc/VRTSvcs/conf/config/main.cf file on the first node, and add -secure to the WAC application definition if GCO is configured.

   For example:

   Application wac (
                   StartProgram = "/opt/VRTSvcs/bin/wacstart -secure"
                   StopProgram = "/opt/VRTSvcs/bin/wacstop"
                   MonitorProcesses = {"/opt/VRTSvcs/bin/wac -secure"}
                   RestartLimit = 3
                   )
   

6. On all nodes, create the /etc/VRTSvcs/conf/config/.secure file.

   # touch /etc/VRTSvcs/conf/config/.secure

7. On the first node, start VCS. Then start VCS on the remaining nodes.

   # /opt/VRTSvcs/bin/hastart

8. On all nodes, start CmdServer.

   # /opt/VRTSvcs/bin/CmdServer

   # systemctl start CmdServer

9. On the first node, unfreeze the service groups.

   # /opt/VRTSvcs/bin/haconf -makerw

   # /opt/VRTSvcs/bin/hagrp -list Frozen=1

   # /opt/VRTSvcs/bin/hagrp -unfreeze groupname -persistent

   # /opt/VRTSvcs/bin/haconf -dump -makero