 |
Index for
Section 8 |
|
 |
Alphabetical
listing for C |
|
 |
Bottom of
page |
|
cluster_map_sync(8)
NAME
cluster_map_sync - Ensures that any or all member systems are using the
most recent version of the cluster configuration map (provided on
Production Server and Available Server configurations only)
SYNOPSIS
/usr/sbin/cluster_map_sync [-all] [-delay delay-time]
FLAGS
-all
Forces each member system to update its cluster configuration map file
(/etc/CCM) to the most recent version in use in the cluster.
-delay delay-time
Forces the command to wait an interval of delay-time seconds before
querying other member systems for the vintage of their cluster
configuration map files. This allows the cluster_map_sync command to
be automatically executed during cluster reboots.
DESCRIPTION
The cluster_map_sync utility synchronizes the cluster configuration map
file (/etc/CCM) across all member systems. After determining which cluster
members are currently up, it compares the dates of the cluster
configuration map file each member is using. It selects the most recent
map file to be copied to the system from which the cluster_map_sync file
was executed.
If the -all flag is specified, the cluster_map_sync command upgrades the
cluster configuration map on each member system.
The cluster_map_sync utility requires that the names of all members'
cluster interconnect interfaces be present in each member's /.rhosts file.
This enables the cluster_map_sync utility root access to all member systems
from any member.
Note that configuring the members' .rhosts files in this way may leave the
cluster open to IP spoofing attacks (see CERT Advisory CA-95:01), in which
a system on one subnet attempts to impersonate a system on another subnet.
To secure the cluster against unauthorized IP input packets, only trusted
systems can occupy the cluster's primary network (as is always the case
with a Production Server configuration's cluster interconnect), and create
an interface access filter configuration file (ifaccess.conf) on each
member system that denies access to the primary network from each untrusted
subnet.
The following procedure, when performed on each system directly connected
to the primary network, secures a subnet associated with the interface mc0.
This example assumes that the mc0 network interface is common to all
trusted systems. This will not be the case for all network technologies
that span multiple system types. Always use the network interface
identifier that is applicable to the system being configured.
To secure the subnet associated with the mc0 network interface, you must
place entries for all other subnet interfaces in the system's ifaccess.conf
file that deny them the ability to pass IP input packets onto the mc0
interface. In the following example, assume that the /etc/networks file or
NIS networks map has been set up to associate the subnet name trusted with
the interconnect interface mc0.
Assume the following:
· trusted is the trusted network. Hosts A and B access it by means of
the mc0 interface.
· Host A is connected to the untrusted network insecure1 by the ln0
interface.
· Host B is connected to the untrusted network insecure1 by the ln0
interface and to the untrusted network insecure2 by the ln1 interface.
The ifaccess.conf file on Host A would include the following line:
ln0 trusted 255.255.255.0 deny # deny all packets from hosts that
# claim they originated from the
# secure net
The ifaccess.conf file on Host B would include the following lines:
ln0 trusted 255.255.255.0 deny # deny all packets from hosts that
# claim they originated from the
# secure net
ln1 trusted 255.255.255.0 deny # deny all packets from hosts that
# claim they originated from the
# secure net
If you secure the primary network in this manner, you can add the
cluster_map_sync command to the system startup script to help ensure that
all member systems are running with the most recent cluster configuration
map.
FILE
/etc/CCM Cluster configuration map.
RELATED INFORMATION
Commands: asemgr(8), ccmtr(8), cmon(8), cnxshow(8) cluster_map_create(8)
File: ifaccess.conf(4), CCM(4)
|
Index for
Section 8 |
|
|
Alphabetical
listing for C |
|
 |
Top of
page |
|