Configuring Secure Clusters for Running Commands Remotely
Describes how to configure secure clusters to access them all from a single cluster and run commands remotely on them.
About this task
You can configure a number of secure clusters to access them all from one cluster. You
need not log into each secure cluster separately and run maprcli
commands locally on them.
For example, suppose you need to manage two secure clusters, clusterA and clusterB. One
method is to log into each cluster separately and run commands locally on each. However,
it is possible to log into clusterA only and manage both clusters from clusterA, running
commands locally for clusterA and remotely for clusterB. When you type the
maprcli
commands, you must use the -cluster
parameter in those commands to specify the cluster on which you want the commands to
run.
You can configure the secure clusters for remote access manually (as described in the
following section) or automatically by running the
configure-crosscluster.sh
utility. If you run the
configure-crosscluster.sh
utility, the utility configures the
clusters for running commands remotely in both directions. See configure-crosscluster.sh
for more
information.
Prerequisite
About this task
Ensure that you have the relevant ports open for secure cluster communication.
Setting Up Secure Clusters Manually for Cross-Cluster Access
About this task
To manually configure two secure clusters for remote access:
Procedure
-
Log in to the secure cluster from which you want to run commands.
In the rest of this procedure, this cluster is referred to as clusterA and the remote cluster is referred to as clusterB.
-
Configure clusterA for communicating with the other clusters by editing
mapr-clusters.conf
file on each node clusterA to specify the hostname or IP address of the CLDB nodes on the other clusters.For example, suppose:- clusterA’s
/opt/mapr/conf/mapr-clusters.conf
file contains the following:clusterA.cluster.com secure=true perfnode50.lab:7222
- clusterB’s
/opt/mapr/conf/mapr-clusters.conf
file contains the following:clusterB.cluster.com secure=true perfnode100.lab:7222
Perform the following steps to configure the nodes on the clusters:
Seemapr-clusters.conf
. - clusterA’s
-
Perform the following steps on clusterA to ensure that the
ssl_truststore
file has signers for all the clusters: -
Perform the following steps on clusterB only if you want to set up access
to clusterA from clusterB:
-
For crossclusters to work using the Control System, place the mapruserticket of the remote cluster
into the local cluster.
- Verify access by running remote commands on clusterA.
Verifying Access to run Remote Commands
Procedure
-
Log in to any node on clusterA and run the
maprlogin
utility from clusterA to obtain user ticket for accessing the remote cluster.For example, to obtain tickets for managing the remote cluster from clusterA, run the following command::# /opt/mapr/bin/maprlogin password -cluster clusterB.cluster.com
-
Verify access by running remote commands on clusterA.
For example, the following command, executed from a node in clusterA, lists the volumes on clusterB:
# /opt/mapr/bin/maprcli volume list -cluster clusterB.cluster.com