The Advanced node failure detection function can reduce the number of failure scenarios that result in cluster partitions.
A Hardware Management Console (HMC) can be used with advanced node failure detection to prevent cluster partitions when a cluster node has actually failed.
Before you begin
Consult the requirements and restrictions before setting up advanced node failure detection in a cluster:
Using HMC with a Representational state transfer (REST) server requires a HMC minimum version of V8R8.5.0 to implement and configure advanced node failure detection. See Planning advanced node failure detection for hardware and software requirements.
The Add cluster monitor (ADDCLUMON) command must be used with the representational state transfer (REST) server. The PowerHA® graphical interface does not support REST servers.
Check the QSSLPCLsystem QSSLPCL system value. Verify that it is set correctly for the release currently running.
Note |
---|
NOTE: An incorrect value in QSSLPCL may result in a CPFBBCB diagnostic message with reason code 4. |
To allow a an HMC using REST server to notify IBM i cluster nodes of sudden partition changes or system failures, communication between the HMC and the cluster nodes must be enabled. A digital certificate from the HMC is required and a secure certificate keystore and access to the certificate, if necessary, must be created. This certificate from the HMC is copied and installed on every node in the cluster that requires monitoring.
The setup instructions include steps for creating a *SYSTEM certificate keystore. This keystore may have already been created. If so, the password is required. Ask your IBM® i administrator for the keystore and access information.
About this task
These steps guide you through obtaining the digital certificate of your HMC, storing it and referencing it to allow advanced node failure detection for the cluster node.
Warning |
---|
IMPORTANT: This guide describes steps making use of features of both HMC and of the Digital Certificate Manager. Changes to either of these products may cause portions of this guide to become invalid. If you suspect such changes are preventing you from following the steps outlined in this guide successfully, contact your technical support provider. |
Procedure
Create a *SYSTEM certificate store to hold the digital certificates
To create the *SYSTEM certificate store, use the following steps:
Expand | ||||
---|---|---|---|---|
| ||||
Procedure
ResultThe *SYSTEM certificate store is created on the node. |
Determine the type of Certificate Used by the HMC
Importing Certificates into the System Certificate Store
Follow the instructions depending on the type of certificate used by the HMC.
Expand | ||
---|---|---|
| ||
Extract the self-signed certificates to the IBM iBegin by extracting the digital certificates for the HMC and copying them to the IBM® i system in the cluster node with these steps:
|
...
|
...
|
...
|
...
|
...
|
...
|
Warning |
---|
Important: The CHGATR command should only be used on IBM i 7.4. It is not necessary to use the CHGATR command on IBM i 7.2 or 7.3. |
...
Select the *SYSTEM certificate store in Digital Certificate Manager
|
...
In the Digital Certificate Manager page, click Create New Certificate Store.
...
|
...
Select No - Do not create a certificate in the certificate store.
...
|
...
|
...
Import the HMC certificates into the |
...
*SYSTEM certificate store.
|
Importing a Trusted Certificate into the System Certificate Store
To import a trusted certificate, follow the instructions in the IBM Documentation for Digital Certificate Manager.
Results
The selected security certificate is imported into the security certificate store.
What to do next
After importing the certificates, sign on to your IBM i and use the command line to run the Add cluster monitor (ADDCLUMON) command to run the cluster configuration steps. For additional information about ADDCLUMON, see the Add Cluster Monitor (ADDCLUMON) command in the Knowledge Center.