After the set up of BCC and enabling it on peer clusters, the cluster view on one or more nodes shows only one peer cluster as configured instead of showing all the peer clusters. However, the cluster view on other nodes correctly shows all the peer clusters configured. To view the correct cluster view on all nodes of the BCC peer cluster where the issue is seen, execute the command cluster refresh -p.
This problem is normally caused by the BCC Administrator user not having file system rights to the cluster administration files. For information, see the following:
If BCC communication between peer clusters is not functioning, the problem might be caused by one of the following conditions:
The credentials for the remote cluster have not been set.
You cannot use iManager on a server in one tree to set credentials for a BCC cluster in another tree. This is because BCC and iManager use the tree key to encrypt the credentials. Setting credentials by using iManager in a different tree uses an invalid tree encryption.
A firewall is blocking port 5988 or 5989 (CIM communications using OpenWBEM).
The connection state numbers are recorded in a log file that you can use to view connection and status changes for BCC.
The default path to the log file on Linux is /var/log/messages. Search for BCCD to view BCC-related messages and entries in the log file.
There are several different cluster connection states:
Table 10-1 BCC Connection States
BCC Connection State |
Number |
Description |
Possible Actions |
---|---|---|---|
Normal |
0 |
The connections between clusters are functioning normally. |
None required. |
Authenticating |
1 |
BCC is in the process of authenticating to a peer cluster. |
Wait until the authentication process is finished. |
Invalid Credentials |
2 |
You entered the wrong user name or password for the selected peer cluster. |
Enter the correct user name and password that this cluster will use to connect to the selected peer cluster. |
Cannot Connect |
3 |
This cluster cannot connect to the selected peer cluster. |
Ping the peer cluster to see if it is up and reachable. Ensure that Novell Cluster Services is running on the servers in the peer cluster, then ensure that BCC is running on the peer clusters. Ensure that OpenWBEM is running on the peer cluster. Ensure that a firewall is not preventing access on OpenWBEM ports 5988 and 5989. Ensure that the Admin file system is running. To do this, enter systemctl status adminfs. |
Not Authorized |
4 |
The connected user does not have sufficient rights for permissions. |
Assign the appropriate trustee rights to the user who will manage your BCC. For information, see Assigning Trustee Rights for the BCC Administrator User to the Cluster. |
Connection Unknown |
5 |
The connection state between clusters is unknown. |
This connection state might be caused by any number of problems, including a severed cable or link problems between geographic sites. |
If your Identity Manager driver or drivers will not start, check for a port number conflict. Identity Manager driver port numbers must not be the same as other driver port numbers in the cluster or ports being used by other services such as Apache.
To check driver port numbers:
Log in to iManager as the BCC Administrator user.
Go to the Identity Manager page.
Click Identity Manager Administration > Identity Manager Overview.
Select Search Entire Tree, then click Search.
Select the driver you want to check by clicking the red Cluster Sync icon.
Click the icon again, then click the Identity Manager tab (if it is not already selected).
In the Authentication context field, view and if necessary change the port numbers next to the IP address.
For example, the Authentication context field might contain a value similar to 10.1.1.12:2003:2003. In this example, the first port number (2003) is the port number for the corresponding Identity Manager driver on the cluster that this cluster is synchronizing with. The second port number (2003) is the port number for the Identity Manager driver on this cluster.
These port numbers should be the same, but should not be the same as the port numbers for other Identity Manager drivers on either this or the remote cluster.
If you change the port numbers, restart the driver by clicking the upper-right corner of the Cluster Sync icon, then click Restart driver.
If you changed the port number in Step 7, change the port numbers to be the same for the corresponding driver in the other cluster.
You can do this by repeating the process for the Identity Manager driver on the other cluster.
If resources or peers do not appear in peer clusters in your BCC, it is possible that either a cluster resource synchronization driver is not security equivalent to a user with administrative rights to the cluster.
NOTE:Rather than using the eDirectory Admin user to administer your BCC, you should consider creating another user with sufficient rights to the appropriate contexts in your eDirectory tree to manage your BCC.
The Driver object must have sufficient rights to any object it reads or writes in the following containers:
The Identity Manager driver set container.
The container where the Cluster object resides.
The container where the Server objects reside.
If server objects reside in multiple containers, this must be a container high enough in the tree to be above all containers that contain server objects. The best practice is to have all server objects in one container.
The container where the cluster pool and volume objects are placed when they are synchronized to this cluster. This container is sometimes referred to as the landing zone. The NCP server objects for the virtual server of a BCC-enabled resource are also placed in the landing zone.
To make the Cluster Resource Synchronization Driver object the security equivalent to a User object with administrative rights:
Log in as the BCC Administrator user.
Go to the Identity Manager page.
Click Identity Manager Administration > Identity Manager Overview.
Choose Search Entire Tree, then click Search.
Select the driver you want to check by clicking the red Cluster Sync icon.
Click the icon again, then click the Identity Manager tab if it is not already selected.
Click Security Equals, then view or add a user as needed to be its security equivalent.
Repeat Step 5 through Step 7 for the other drivers in your BCC.
Ensure that the BCC Administrator user is a LUM-enabled user. To LUM-enable a user, see Managing User and Group Objects in eDirectory
in the OES 23.4: Linux User Management Administration Guide.
If the clusters in your BCC cannot communicate with each other, it is possible that the User object you are using to administer your BCC does not have sufficient rights to the Cluster objects for each cluster. To resolve this problem, ensure that the BCC Administrator user is a trustee of the Cluster objects and has at least Read and Write rights to the All Attributes Rights property.
Log in as the BCC Administrator user.
In Roles and Tasks, click Rights, then click Modify Trustees.
Browse to select the Cluster object name, then click OK.
Click OK to view the trustee information for the selected object.
If the BCC Administrator user is not listed as a trustee, click the Add Trustee button, browse and select the User object, then click OK.
Click Assigned Rights for the BCC Administrator user, then ensure that the Read and Write check boxes are selected for the All Attributes Rights property.
Click Done to save your changes.
Repeat Step 2 through Step 7 for the other Cluster objects in your BCC.