application commands
cluster peer modify
Suggest changes
PDFs
Modify cluster peer relationships
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The cluster peer modify command modifies the attributes of a peering relationship. When you modify a peer relationship and specify -peer-addrs , all of the remote addresses must respond, must be intercluster addresses, and must belong to the remote cluster that is being modified; or the modification request is denied.
Parameters
-cluster <text>- Peer Cluster Name-
Use this parameter to specify the peering relationship to modify by specifying the name of the peered cluster.
[-peer-addrs <Remote InetAddress>,…]- Remote Intercluster Addresses-
Use this parameter to specify the names or IP addresses of the logical interfaces used for intercluster communication. Separate the addresses with commas. The list of addresses you provide replaces the existing list of addresses.
[-address-family {ipv4|ipv6}]- Address Family of Relationship-
Use this parameter to specify the address family of the names specified with the peer-addrs parameter.
[-timeout <integer>]- Operation Timeout (seconds) (privilege: advanced)-
Use this parameter to specify a timeout value for peer communications. Specify the value in seconds.
[-auth-status-admin {no-authentication|revoked|use-authentication}]- Authentication Status Administrative-
Use this parameter to adjust the authentication in use for the peer relationship. The defined values for this field are as follows.
-
no-authentication - The cluster peer relationship uses no authentication.
-
use-authentication - The cluster peer relationship is to be authenticated. After you use this value, you will be prompted for a passphrase to be used in determining a new authentication key, just as in the authenticated cluster peer create command or you can use the option generate-passphrase to automatically generate the passphrase.
-
revoked - The cluster peer relationship is no longer to be trusted. Peering communication with this cluster peer is suspended until the two clusters set their
auth-status-adminattributes either both tono-authenticationor both touse-authentication.
Changes should be reflected on both clusters involved in a peering relationship.
-
[-rpc-connect-timeout <integer>]- Timeout for RPC Connect (seconds) (privilege: advanced)-
Use this optional parameter to specify a timeout value for the RPC connect during peer communications. Specify the value in seconds.
[-update-ping-timeout <integer>]- Timeout for Update Pings (seconds) (privilege: advanced)-
Use this optional parameter to specify a timeout value for pings while updating remote cluster information. Specify the value in seconds. This parameter applies only to cluster peer relationships using the IPv4 protocol.
[-ipspace <IPspace>]- IPspace for the Relationship-
Use this optional parameter to specify that cluster peering communication for this remote cluster is to be done using local intercluster LIFs that are on ports in the named IPspace.
[-generate-passphrase <true>]- Use System-Generated passphrase-
Use this optional parameter along with
-auth-status-adminoption'suse-authenticationto automatically generate the passphrase which can be used for cluster peer operation. [-encryption-protocol-proposed {none|tls-psk}]- Encryption For Inter-Cluster Communication-
Use this parameter to adjust the encryption of connections in use for the peer relationship. The defined values for this field are as follows.
-
tls-psk - Use TLS with a Pre-Shared Key.
-
none - Use no encryption.
-
Examples
This example modifies the peering relationship to use a new IP address in the remote cluster for intercluster communications and revoke authentication.
View existing cluster peer configuration using following command :
cluster1::> cluster peer show -instance
Peer Cluster Name: cluster2
Remote Intercluster Addresses: cluster2-d2, 10.98.234.246
Availability of the Remote Cluster: Available
Remote Cluster Name: cluster2
Active IP Addresses: 10.98.234.246, 10.98.234.243
Cluster Serial Number: 1-80-123456
Remote Cluster Nodes: cluster2-01, cluster2-02
Remote Cluster Health: true
Unreachable Local Nodes: -
Address Family of Relationship: ipv4
Authentication Status Administrative: use-authentication
Authentication Status Operational: ok
Last Update Time: 02/05 21:05:41
IPspace for the Relationship: Default
Encryption for Inter-Cluster Communication: tls-psk
Modify the cluster peer configuration using following command :
cluster1::> cluster peer modify -cluster cluster2 -peer-addrs cluster2-d2,10.98.234.264 -auth-status-admin revoked
Warning: This will discard the authentication key.
Warning: You are removing authentication from the peering relationship with
cluster "cluster2". Use the "cluster peer modify" command on
cluster "cluster2" with the "-auth-status-admin
no-authentication" parameter to complete authentication removal from
the peering relationship.
Do you want to continue?{y|n}:y
The following example modifies the peering relationship to use authentication with -generate-passphrase option.
cluster1::> cluster peer modify -cluster cluster2
-auth-status-admin use-authentication -generate-passphrase
Notice: Use the below system-generated passphrase in the "cluster peer modify"
command in the other cluster.
Passphrase: UCa+6lRVICXeL/gq1WrK7ShR
Expiration Time: 6/7/2017 09:16:10 +5:30
Peer Cluster Name: cluster2
Warning: make a note of the passphrase - it cannot be displayed again.
Until then, the operational authentication state of the relationship remains as "pending".
cluster1::> cluster peer offer show
Allowed
Peer Cluster Name Authentication Creation Expiration Vserver Peers
--------------------- -------------- ------------------- ------------------- --------------
cluster2 ok-and-offer 6/7/2017 08:16:10 6/7/2017 09:16:10 -
Modify cluster peer relationship in cluster2 with use-authentication option and use the auto-generated passphrase.
cluster2::> cluster peer modify -cluster cluster2 -auth-status-admin use-authentication
Notice: Use a auto-generated passphrase or choose a passphrase of 8 or more characters.
To ensure the authenticity of the peering relationship, use a phrase or sequence
of characters that would be hard to guess.
Enter the passphrase:
Confirm the passphrase: