cluster peer create
Create a new cluster peer relationship
Description
The cluster peer create command establishes a peer relationship between two clusters. Cluster peering enables independent clusters to coordinate and exchange data.
Before creating a new cluster peer relationship, make sure that both clusters are individually healthy and that there are no other peer relationships between the two clusters that might interfere with the new relationship.
You can create a cluster peer relationship using the IPv4 or IPv6 protocol. You may not use both protocols within a single relationship.
Use the cluster show and cluster peer show commands on each cluster to display health, peering eligibility, and peering information about the two clusters.
Parameters
- [-peer-addrs <Remote InetAddress>, ...] - Remote Intercluster Addresses
- Use this parameter to specify the names or IP addresses of the logical interfaces used for intercluster communication. Separate the addresses with commas.
The addresses you provide here are associated with the remote cluster until you modify or delete the relationship, regardless of whether the addresses are valid. Make sure to provide addresses which you know will remain available on the remote cluster. You can use the hostnames of the remote cluster's intercluster addresses, the IP addresses of the remote cluster's intercluster LIFs or both.
- [-username <text>] - Remote User Name
- Use this optional parameter to specify a username that runs a reciprocal cluster peer create command on the peered cluster. If you choose not to use the reciprocal creation option, by not supplying a username for reciprocal creation, you must run cluster peer create again on the remote cluster to complete the peering relationship.
If you specify the username for the remote cluster, you will be prompted to enter the associated remote password. These credentials are not stored, they are used only during creation to authenticate with the remote cluster and to enable the remote cluster to authorize the peering request. The provided username's profile must have access to the console application in the remote cluster.
Use the security login role show and security login show commands on each cluster to find user names and their privilege levels.
- [-no-authentication [true]] - Do Not Use Authentication
- Use this optional parameter when omitting the -username parameter to indicate that you will create an unauthenticated peering relationship.
- [-timeout <integer>] - Operation Timeout (seconds) (privilege: advanced)
- Use this optional parameter to specify a timeout value for peer communications. Specify the value in seconds. The default timeout value is 60 seconds.
- [-address-family {ipv4|ipv6}] - Address Family of Relationship
- Use this optional parameter to specify the address family of the cluster peer relationship. The default is based on existing relationships, existing local intercluster LIFs belonging to a particular address-family, and the addresses supplied to the cluster peer create command.
- [-offer-expiration {MM/DD/YYYY HH:MM:SS | {1..7}days | {1..168}hours | PnDTnHnMnS | PnW}] - Passphrase Match Deadline
- Specifying cluster peer create normally creates an offer to establish authentication with a cluster that is a potential cluster peer to this cluster. Such offers expire unless they are accepted within some definite time. Use this optional parameter to specify the date and time at which this offer should expire, the time after which the offer will no longer be accepted.
- [-rpc-connect-timeout <integer>] - Timeout for RPC Connect (seconds) (privilege: advanced)
- Use this optional parameter to specify a timeout value for the RPC connect during peer communications. Specify the value in seconds. The default timeout value is 10 seconds.
- [-update-ping-timeout <integer>] - Timeout for Update Pings (seconds) (privilege: advanced)
- Use this optional parameter to specify a timeout value for pings while updating remote cluster information. Specify the value in seconds. The default timeout value is 5 seconds. This parameter applies only to cluster peer relationships using the IPv4 protocol.
- [-ipspace <IPspace>] - IPspace for the Relationship
- Use this optional parameter to specify the IPspace within which the cluster peering relationship is to operate. The default is to use the 'Default' IPspace.
- [-local-name <Cluster name>] - Peer Cluster Local Name
- Use this optional parameter to specify a unique local name to identify the remote cluster that is being peered. The local name must conform to the same rules as a cluster name. The default value is the remote cluster name.
- [-generate-passphrase [true]] - Use System-Generated passphrase
- Use this optional parameter alone to create cluster peer offer for the unidentified clusters or use it along with -peer-addrs option to automatically generate the passphrase for the cluster peer operation with the peer cluster.
- [-initial-allowed-vserver-peers <Vserver Name>, ...] - Vservers allowed for auto peering
- Use this optional parameter to specify the list of Vservers for which reciprocal Vserver peering with peer cluster should be enabled. Upon the time of successful peering, Vserver peer permission entries will be created for the peer cluster for the specified list of Vservers.
- [-encryption-protocol-proposed {none|tls-psk}] - Encryption Protocol To Be Used In Inter-Cluster Communication
- Use this optional parameter to specify how this cluster should use encryption in data connections to the other cluster. Specify 'tls-psk' to specify that TLS should be used with a Pre-Shared Key. Specify 'none' to use no encryption. Where authentication is used, the default is 'tls-psk'. Where authentication is not used, the default is 'none'.
- [-applications {snapmirror|flexcache}, ...] - Peering Applications
- List of peering applications for initially alllowed vservers.
Examples
This example creates a peer relationship between cluster1 and cluster2. This reciprocal create executes the create command on both the local cluster and the remote cluster. The cluster peer create command can use the hostnames of cluster2's intercluster addresses, the IP addresses of cluster2's intercluster LIFs, or both. Note that the admin user's password was typed at the prompt, but was not displayed.
cluster1::> cluster peer create -peer-addrs cluster2-d2,10.98.234.246 -username admin
Remote Password:
cluster1::> cluster peer show -instance
Peer Cluster Name: cluster2
Remote Intercluster Addresses: cluster2-d2, 10.98.234.246
Availability of the Remote Cluster: Available
Remote Cluster Name: cluster2
Active IP Addresses: 10.98.234.246, 10.98.234.243
Cluster Serial Number: 1-80-123456
Address Family of Relationship: ipv4
Authentication Status Administrative: no-authentication
Authentication Status Operational: absent
Last Update Time: 02/05 21:05:41
IPspace for the Relationship: Default
Encryption for Inter-Cluster Communication: none
This example shows coordinated peer creation. The cluster peer create command was issued locally on each cluster. This does not require you to provide the username and password for the remote cluster. There is a password prompt, but if you are logged in as the admin user, you may simply press enter.
cluster1::> cluster peer create -peer-addrs cluster2-d2, 10.98.234.246 -no-authentication
Remote Password:
NOTICE: Addition of the local cluster information to the remote cluster has
failed with the following error: not authorized for that command. You may
need to repeat this command on the remote cluster.
cluster1::> cluster peer show
Peer Cluster Name Cluster Serial Number Availability Authentication
------------------------- --------------------- -------------- --------------
cluster2 1-80-123456 Available absent
cluster2::> cluster peer create -peer-addrs cluster1-d2 -no-authentication
Remote Password:
NOTICE: Addition of the local cluster information to the remote cluster has
failed with the following error: not authorized for that command. You may
need to repeat this command on the remote cluster.
cluster2::> cluster peer show
Peer Cluster Name Cluster Serial Number Availability Authentication
------------------------- --------------------- -------------- --------------
cluster1 1-80-654321 Available absent
This example shows a reciprocal cluster peer create over IPv6 addresses, that establishes a cluster peer relationship with an IPv6 address family.
cluster1::> cluster peer create -peer-addrs FD20:8B1E:B255:C222:6A17:0BBD:E92C:4523 -username admin
Remote Password:
cluster1::> cluster peer show -instance
Address Family of Relationship: ipv6
Peer Cluster Name: cluster2
Remote Intercluster Addresses: FD20:8B1E:B255:C222:6A17:0BBD:E92C:4523
Availability of the Remote Cluster: Available
Remote Cluster Name: cluster2
Active IP Addresses: FD20:8B1E:B255:C222:6A17:0BBD:E92C:4523
Cluster Serial Number: 1-80-123456
Address Family of Relationship: ipv6
Authentication Status Administrative: no-authentication
Authentication Status Operational: absent
Last Update Time: 02/05 21:05:41
IPspace for the Relationship: Default
Encryption for Inter-Cluster Communication: none
This example shows creation of an authenticated peering relationship. It is an example of using the coordinated method to create a cluster peer relationship. The cluster peer create command is issued locally on each cluster. Before executing this pair of commands, a passphrase to be used with the commands is chosen and given at the prompts. The passphrase can be any text; it is prompted for twice on each cluster, and all four copies of the passphrase must agree. The passphrase does not echo on the screen. The passphrase must be longer than the minimum length as specified by the cluster peer policy on both clusters.
cluster1::> cluster peer create -peer-addrs cluster2-d2, 10.98.234.246
Enter the passphrase:
Enter the passphrase again:
Notice: Now use the same passphrase in the "cluster peer create" command in the
other cluster.
cluster1::> cluster peer show
Peer Cluster Name Cluster Serial Number Availability Authentication
------------------------- --------------------- -------------- --------------
cluster2 - Unavailable pending
cluster2::> cluster peer create -peer-addrs cluster1-d2
Enter the passphrase:
Enter the passphrase again:
cluster2::> cluster peer show
Peer Cluster Name Cluster Serial Number Availability Authentication
------------------------- --------------------- -------------- --------------
cluster1 1-80-654321 Available ok
This example creates a peer relationship between cluster1 and cluster2. This reciprocal create executes the create command on both the local cluster and the remote cluster. The cluster peer create command can use the hostnames of cluster2's intercluster addresses, the IP addresses of cluster2's intercluster LIFs or both. Note that the admin user's password was typed at the prompt, but was not displayed. The -local-name parameter is specified to create a local name used to identify the peer cluster in cases where the name of the peer cluster is not unique or not descriptive.
cluster1::> create -peer-addrs 10.98.191.193 -username admin -local-name locallyUniqueName
cluster1::> cluster peer show
Peer Cluster Name Cluster Serial Number Availability Authentication
------------------------- --------------------- -------------- --------------
locallyUniqueName 1-80-000011 Available absent
cluster1::> cluster peer show -instance
Peer Cluster Name: locallyUniqueName
Remote Intercluster Addresses: 10.98.191.193
Availability of the Remote Cluster: Available
Remote Cluster Name: cluster2
Active IP Addresses: 10.98.191.193
Cluster Serial Number: 1-80-000011
Address Family of Relationship: ipv4
Authentication Status Administrative: no-authentication
Authentication Status Operational: absent
Last Update Time: 02/05 21:05:41
IPspace for the Relationship: Default
Encryption for Inter-Cluster Communication: none
The following example create a peer relationship between cluster1 and cluster2 using system-generated passphrases:
cluster1::> cluster peer create -peer-addrs 10.98.191.193 -generate-passphrase
Passphrase: UCa+6lRVICXeL/gq1WrK7ShR
Peer Cluster Name: cluster2
Initial Allowed Vserver Peers: -
Expiration Time: 6/7/2020 09:16:10 +5:30
Intercluster LIF IP: 10.140.106.185
Warning: make a note of the passphrase - it cannot be displayed again.
cluster1::> cluster peer show
Peer Cluster Name Cluster Serial Number Availability Authentication
------------------------- --------------------- -------------- --------------
cluster2 - Unavailable pending
cluster2::> cluster peer create -peer-addrs 10.140.106.185
Enter the passphrase:
Clusters cluster1 and cluster2 are peered.
cluster2::> cluster peer show
Peer Cluster Name Cluster Serial Number Availability Authentication
------------------------- --------------------- -------------- --------------
cluster1 1-80-654321 Available ok
The following example creates a cluster peer offer from cluster1 for an anonymous cluster using system-generated passphrase with offer expiration period of two days and the cluster2 uses the offer from cluster2 with the system-generated passphrase:
cluster1::> cluster peer create -generate-passphrase -offer-expiration 2days
Passphrase: UCa+6lRVICXeL/gq1WrK7ShR
Peer Cluster Name: Clus_7ShR (temporary generated)
Initial Allowed Vserver Peers: -
Expiration Time: 6/9/2020 08:16:10 +5:30
Intercluster LIF IP: 10.140.106.185
Warning: make a note of the passphrase - it cannot be displayed again.
cluster1::> cluster peer show
Peer Cluster Name Cluster Serial Number Availability Authentication
------------------------- --------------------- -------------- --------------
Clus_7ShR - Unidentified pending
cluster2::> cluster peer create -peer-addrs 10.140.106.185
Enter the passphrase:
Clusters cluster1 and cluster2 are peered.
cluster2::> cluster peer show
Peer Cluster Name Cluster Serial Number Availability Authentication
------------------------- --------------------- -------------- --------------
cluster1 1-80-654321 Available ok
Cluster "cluster1" creates an offer with initial-allowed-vserver-peers option set to Vservers "vs1" and "vs2". And the peer cluster "cluster2" uses the offer and creates peer relationship with cluster1, upon the successful peer relationship establishment, Vserver peer permission entries are created for the Vservers "vs1" and "vs2" in cluster "cluster1" for the peer cluster "cluster2". The following example describes the usage of initial-allowed-vserver-peers option in the cluster peer creation workflow:
cluster1::> cluster peer create -generate-passphrase -initial-allowed-vserver-peers vs1,vs2
Passphrase: UCa+6lRVICXeL/gq1WrK7ShR
Peer Cluster Name: Clus_7ShR (temporary generated)
Initial Allowed Vserver Peers: vs1,vs2
Expiration Time: 6/7/2020 09:16:10 +5:30
Intercluster LIF IP: 10.140.106.185
Warning: make a note of the passphrase - it cannot be displayed again.
cluster1::> cluster peer show
Peer Cluster Name Cluster Serial Number Availability Authentication
------------------------- --------------------- -------------- --------------
Clus_7ShR - Unidentified pending
cluster2::> cluster peer create -peer-addrs 10.140.106.185
Enter the passphrase:
Clusters cluster1 and cluster2 are peered.
cluster2::> cluster peer show
Peer Cluster Name Cluster Serial Number Availability Authentication
------------------------- --------------------- -------------- --------------
cluster1 1-80-654321 Available ok
cluster1::> vserver peer permission show
Peer Cluster Vserver Applications
------------------- -------------------- --------------------
cluster2
vs1 snapmirror
vs2 snapmirror
2 entries were displayed.