Skip to main content

cluster peer policy modify

Contributors
Suggest changes

Modify the policy configuration for the cluster peering service

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The cluster peer policy modify command modifies the prevailing policy settings. One setting governs whether unauthenticated cluster peer relationships can exist. The other setting specifies a minimum length for passphrases.

Parameters

[-is-unauthenticated-access-permitted {true|false}] - Is Unauthenticated Cluster Peer Access Permitted

Use this parameter to specify whether unauthenticated peering relationships are allowed to exist. Setting the parameter value to true allows such relationships to exist. Setting the value to false prevents both the creation of unauthenticated peering relationships as well as the modification of existing peering relationships to be unauthenticated. Setting the value to false is not possible if the cluster currently is in any unauthenticated relationships.

[-passphrase-minlength <integer>] - Passphrase Length Minimum

Use this parameter to specify a minimum length for passphrases as given to the cluster peer create or cluster peer modify commands in the future. The default value for this parameter is 8.

[-is-unencrypted-access-permitted {true|false}] - Is Unencrypted Cluster Peer Access Permitted

Use this parameter to specify whether peering relationships that do not use encryption are allowed to exist. Setting the parameter value to true allows such relationships to exist. Setting the value to false prevents the creation of unauthenticated peering relationships and the modification of existing peering relationships to be unauthenticated, as well as preventing unencrypted peering relationships from being created and the modification of existing peering relationships to be unencrypted. Setting the value to false is not possible if the cluster currently is in any unauthenticated or unencrypted relationships.

Examples

This example modifies the peering policy to disallow unauthenticated intercluster communications.

cluster1::> cluster peer policy show
Is Unauthenticated Cluster Peer Communication Permitted:  true
                        Minimum Length for a Passphrase:  8

cluster1::> cluster peer policy modify -is-unauthenticated-access-permitted false

cluster1::> cluster peer policy show
Is Unauthenticated Cluster Peer Communication Permitted:  false
                        Minimum Length for a Passphrase:  8