Refreshing registration keys on the coordination points for server-based fencing

Replacing keys on a coordination point (CP server) when the Veritas Cluster Server (VCS) cluster is online involves refreshing that coordination point's registrations. You can perform a planned refresh of registrations on a CP server without incurring application downtime on the VCS cluster. You must refresh registrations on a CP server if the CP server agent issues an alert on the loss of such registrations on the CP server database.

The following procedure describes how to refresh the coordination point registrations.

To refresh the registration keys on the coordination points for server-based fencing

  1. Ensure that the VCS cluster nodes and users have been added to the new CP server(s). Run the following commands:
    # cpsadm -s cp_server -a list_nodes
    # cpsadm -s cp_server -a list_users

    If the VCS cluster nodes are not present here, prepare the new CP server(s) for use by the VCS cluster.

    See the Veritas Cluster Server Installation Guide for instructions.

  2. Ensure that fencing is running on the cluster in customized mode using the coordination points mentioned in the /etc/vxfenmode file.

    If the /etc/vxfenmode.test file exists, ensure that the information in it and the /etc/vxfenmode file are the same. Otherwise, vxfenswap utility uses information listed in /etc/vxfenmode.test file.

    For example, enter the following command:

    # vxfenadm -d
    ================================
    Fencing Protocol Version: 201
    Fencing Mode: CUSTOMIZED
    Cluster Members:
    * 0 (galaxy)
    1 (nebula)
    RFSM State Information:
    node 0 in state 8 (running)
    node 1 in state 8 (running)
  3. List the coordination points currently used by I/O fencing :
    # vxfenconfig -l
  4. Copy the /etc/vxfenmode file to the /etc/vxfenmode.test file.

    This ensures that the configuration details of both the files are the same.

  5. Run the vxfenswap utility from one of the nodes of the cluster.

    The vxfenswap utility requires a secure ssh connection to all the cluster nodes. Use -n to use rsh instead of default ssh.

    For example:

    # vxfenswap [-n]

    The command returns:

    VERITAS vxfenswap version <version> <platform>
    The logfile generated for vxfenswap is
    /var/VRTSvcs/log/vxfen/vxfenswap.log.
    19156
    Please Wait...
    VXFEN vxfenconfig NOTICE Driver will use customized fencing
    - mechanism cps
    Validation of coordination points change has succeeded on
    all nodes.
    You may commit the changes now.
    WARNING: This may cause the whole cluster to panic
    if a node leaves membership before the change is complete.
  6. You are then prompted to commit the change. Enter y for yes.

    The command returns a confirmation of successful coordination point replacement.

  7. Confirm the successful execution of the vxfenswap utility. If CP agent is configured, it should report ONLINE as it succeeds to find the registrations on coordination points. The registrations on the CP server and coordinator disks can be viewed using the cpsadm and vxfenadm utilities respectively.

    Note that a running online coordination point refreshment operation can be canceled at any time using the command:

    # vxfenswap -a cancel