For a high-availability cluster to function, the database
servers must establish trusted connection with each other. Secure
connections between cluster servers by using a trusted-host file on
each cluster server and including the connection security option in sqlhosts file
entries.
About this task
The secure ports that are specified in sqlhosts files
are used only for communication between database servers. Client applications
cannot connect to secure ports.
Procedure
To configure a trusted environment for replication, complete
the following steps for each cluster server:
- Edit the sqlhosts file on each host
that contains a cluster server:
- Add an entry for each cluster server that is running
on that host, and include the s=6 option.
- Add an entry for each other cluster server that participates
in the cluster, and do not include the s=6 option.
- Set the
nettype
field of the sqlhosts file
or registry and the NETTYPE configuration parameter to a network protocol
such as ontlitcp or onsoctcp so that the database servers on two different
computers can communicate with each other. Do not specify
a non-network protocol such as onipcshm, onipcstr, or onipcnmp.
- Specify trusted-host information.
Trusted-host
information can be specified in the following ways:
- Create a hosts.equiv file in the $ONEDB_HOME/etc directory,
and then manually add entries to the file.
- Create a trusted-host file in the $ONEDB_HOME/etc directory,
and then manually add entries to the file. You must set the REMOTE_SERVER_CFG
configuration parameter to the trusted-host file's name and set the
S6_USE_REMOTE_SERVER_CFG configuration parameter to
1
.
- Run the admin() or task() function
with the cdr add trustedhost argument, and specify
trusted-host information. Trusted-host information that is specified
by the cdr add trustedhost argument propagates
to all servers in the high-availability cluster. Do not run this function
if you have manually entered trusted-host information on any of the
database servers in a high-availability cluster or Enterprise Replication
domain.
- Create a server alias for running utilities and client
applications.
For example, set the ONEDB_SERVER environment variable to the alias to
run utilities such as onstat and client applications such as
DB-Access.