 |
Index for
Section 8 |
|
 |
Alphabetical
listing for C |
|
 |
Bottom of
page |
|
cluster_map_create(8)
NAME
cluster_map_create - Creates or updates the cluster configuration map file
and distributes it to all member systems (provided on Production Server and
Available Server configurations only)
SYNOPSIS
/usr/sbin/cluster_map_create [cluster_name] [-full | -append]
FLAGS
-append
Forces each member system to append new hardware components to its
current cluster configuration map. Use this flag to add hardware
components to an existing cluster configuration map when a full rebuild
of the map would cause hardware that is temporarily down and
unavailable to be removed from the map.
-full
Forces each member system to reconstruct its current cluster
configuration map by invoking the SCSI CAM utility (scu) to derive its
SCSI bus and device configurations. When the cluster_map_create
utility is used with the -full option, it includes in the map only
those members and devices it can access. If it cannot access a
component, it omits it from the map. Use the -full option only when
you are certain that all member systems are up and operational. Use
the cnxshow utility to determine the status of member systems.
PARAMETER
cluster_name
Identifier string to be associated with the cluster configuration
map. The string must be no more than 63 alphanumeric characters
long and must begin with an alphabetic character.
The cluster_name must be unique in its network domain; it cannot
be the same name as that of any cluster member or nonmember
system. The Cluster Monitor utility uses this name when
displaying information from the map.
DESCRIPTION
You select a single member system on which to run the cluster_map_create
utility.
If a cluster configuration map file (/etc/CCM) does not already exist in
the cluster, the cluster_map_create utility creates it, distributes a copy
to each member system, and starts the submon process and trigger-action
daemon (tractd) on each member system. If the utility discovers an
existing cluster configuration map file in the cluster, it does nothing.
However, when the -full flag is specified, the cluster_map_create utility
always rebuilds and redistributes the cluster configuration map. (Note
that the cluster_map_create utility only starts the submon process and
tractd daemon when no cluster configuration map file previously existed.)
You must perform the following tasks before entering the cluster_map_create
command:
· You must configure all member systems, available server environments
(ASEs), and shared storage in the cluster.
· You must add the names of all member systems' cluster interconnect
interfaces to each member's /.rhosts file. This enables the
cluster_map_create utility root access to all member systems from any
member.
Note that configuring the members' .rhosts files in this way may leave the
cluster open to IP spoofing attacks (see CERT Advisory CA-95:01), in which
a system on one subnet attempts to impersonate a system on another subnet.
One way to avoid this problem is to remove member names from the /.rhosts
files after the cluster_map_create command completes. (However, if you
remove the member names from the /.rhosts files, you will not be able to
run external tools, such as the asemgr utility, on individual members by
dragging and dropping a tool icon on a member icon.)
Another way to secure the cluster against unauthorized IP input packets is
to ensure that only trusted systems occupy the cluster's primary network
(as is always the case with a Production Server configuration's cluster
interconnect), and to create an interface access filter configuration file
(ifaccess.conf) on each member system that denies access to the primary
network from each untrusted subnet.
The following procedure, when performed on each system directly connected
to the primary network, secures a subnet associated with the interface mc0.
This example assumes that the mc0 network interface is common to all
trusted systems. This will not be the case for all network technologies
that span multiple system types. Always use the network interface
identifier that is applicable to the system being configured.
To secure the subnet associated with the mc0 network interface, you must
place entries for all other subnet interfaces in the system's ifaccess.conf
file that deny them the ability to pass IP input packets onto the mc0
interface. In the following example, assume that the /etc/networks file or
NIS networks map has been set up to associate the subnet name trusted with
the interconnect interface mc0.
Assume the following:
· trusted is the trusted network. Hosts A and B access it by means of
the mc0 interface.
· Host A is connected to the untrusted network insecure1 by the ln0
interface.
· Host B is connected to the untrusted network insecure1 by the ln0
interface and to the untrusted network insecure2 by the ln1 interface.
The ifaccess.conf file on Host A would include the following lines:
ln0 trusted 255.255.255.0 deny # deny all packets from hosts that
# claim they originated from the
# secure net
The ifaccess.conf file on Host B would include the following lines:
ln0 trusted 255.255.255.0 deny # deny all packets from hosts that
# claim they originated from the
# secure net
ln1 trusted 255.255.255.0 deny # deny all packets from hosts that
# claim they originated from the
# secure net
FILE
/etc/CCM Cluster configuration map.
RELATED INFORMATION
Commands: asemgr(8), ccmtr(8), cmon(8), cnxshow(8), cluster_map_sync(8)
Files: ifaccess.conf(4), CCM(4)
|
Index for
Section 8 |
|
|
Alphabetical
listing for C |
|
 |
Top of
page |
|