The Advanced node failure detection function can reduce the number of failure scenarios that result in cluster partitions.
A Hardware Management Console (HMC) can be used with advanced node failure detection to prevent cluster partitions when a cluster node has actually failed.
Before you begin
Consult the requirements and restrictions before setting up advanced node failure detection in a cluster:
Using HMC with a Representational state transfer (REST) server requires a HMC minimum version of V8R8.5.0 to implement and configure advanced node failure detection. See Planning advanced node failure detection for hardware and software requirements.
The Add cluster monitor (ADDCLUMON) command must be used with the representational state transfer (REST) server. The PowerHA® graphical interface does not support REST servers.
Check the QSSLPCL system value. Verify that it is set correctly for the release currently running.
NOTE: An incorrect value in QSSLPCL may result in a CPFBBCB diagnostic message with reason code 4.
To allow a an HMC using REST server to notify IBM i cluster nodes of sudden partition changes or system failures, communication between the HMC and the cluster nodes must be enabled. A digital certificate from the HMC is required and a secure certificate keystore and access to the certificate, if necessary, must be created. This certificate from the HMC is copied and installed on every node in the cluster that requires monitoring.
The setup instructions include steps for creating a *SYSTEM certificate keystore. This keystore may have already been created. If so, the password is required. Ask your IBM® i administrator for the keystore and access information.
About this task
These steps guide you through obtaining the digital certificate of your HMC, storing it and referencing it to allow advanced node failure detection for the cluster node.
IMPORTANT: This guide describes steps making use of features of both HMC and of the Digital Certificate Manager. Changes to either of these products may cause portions of this guide to become invalid. If you suspect such changes are preventing you from following the steps outlined in this guide successfully, contact your technical support provider.
Procedure
Create a *SYSTEM certificate store to hold the digital certificates
To create the *SYSTEM certificate store, use the following steps:
Open the IBM Navigator for i and click Internet Configurations.
On the Internet Configurations page, click Digital Certificate Manager. You need to enter your user profile and password.
In the Digital Certificate Manager page, click Create New Certificate Store.
In the page that appears, you should have an option for *SYSTEM. Make sure that the button is selected and click Continue. If the *SYSTEM option is not there, you already have a *SYSTEM store created. Skip forward to: Select the *SYSTEM certificate store below.
Select No - Do not create a certificate in the certificate store.
Create a password for the *SYSTEM store and click Continue. The password is case-sensitive. It is recommended not to use special characters. This password is not attached to a user profile and it will not lock you out of the system after too many retries. You have successfully created the *SYSTEM store.
Determine the type of Certificate Used by the HMC
Importing Certificates into the System Certificate Store
Follow the instructions depending on the type of certificate used by the HMC.
Importing a Trusted Certificate into the System Certificate Store
To import a trusted certificate, follow the instructions in the IBM Documentation for Digital Certificate Manager.
Results
The selected security certificate is imported into the certificate store.
What to do next
After importing the certificates, sign on to your IBM i and use the command line to run the Add cluster monitor (ADDCLUMON) command to run the cluster configuration steps. For additional information about ADDCLUMON, see the Add Cluster Monitor (ADDCLUMON) command in the Knowledge Center.