In case of a two-cluster global cluster setup, you can configure a Steward to prevent potential split-brain conditions, provided the proper network infrastructure exists.
See About the Steward process: Split-brain in two-cluster global clusters.
To configure the Steward process for clusters not running in secure mode
/opt/VRTSvcs/bin/
For example:
cluster cluster1938 ( UserNames = { admin = gNOgNInKOjOOmWOiNL } ClusterAddress = "10.182.147.19" Administrators = { admin } CredRenewFrequency = 0 CounterInterval = 5 Stewards = {"10.212.100.165"} }
# steward -start
To configure the Steward process for clusters running in secure mode
To verify that the wac process runs in secure mode, do the following:
Check the value of the wac resource attributes:
# hares -value wac StartProgram
The value must be "/opt/VRTSvcs/bin/wacstart - secure."
# hares -value wac MonitorProcesses
The value must be "/opt/VRTSvcs/bin/wac - secure."
List the wac process:
# ps -ef | grep wac
The wac process must run as "/opt/VRTSvcs/bin/wac - secure."
Install the VRTSvcs and VRTSperl rpms.
If the cluster UUID is not configured, configure it by using /opt/VRTSvcs/bin/uuidconfig.pl
.
On the system that is designated to run the Steward process, run the installvcs -securityonenode command.
The installer prompts for a confirmation if VCS is not configured or if VCS is not running on all nodes of the cluster. Enter y when the installer prompts whether you want to continue configuring security.
For more information about the -securityonenode option, see the Cluster Server Configuration and Upgrade Guide.
/opt/VRTSvcs/bin/steward_secure.pl
or perform the following steps:# unset EAT_DATA_DIR
# unset EAT_HOME_DIR
# /opt/VRTSvcs/bin/vcsauth/vcsauthserver/bin/vssat createpd -d VCS_SERVICES -t ab
# /opt/VRTSvcs/bin/vcsauth/vcsauthserver/bin/vssat addprpl -t ab -d VCS_SERVICES -p STEWARD -s password
# mkdir -p /var/VRTSvcs/vcsauth/data/STEWARD
# export EAT_DATA_DIR=/var/VRTSvcs/vcsauth/data/STEWARD
# /opt/VRTSvcs/bin/vcsat setuptrust -s high -b localhost:14149
# export EAT_DATA_DIR=/var/VRTSvcs/vcsauth/data/WAC
# vcsat setuptrust -b <IP_of_Steward>:14149 -s high
# export EAT_DATA_DIR=/var/VRTSvcs/vcsauth/data/STEWARD
# vcsat setuptrust -b <VIP_of_remote_cluster1>:14149 -s high
# vcsat setuptrust -b <VIP_of_remote_cluster2>:14149 -s high
# /opt/VRTSvcs/bin/steward -start -secure