Creates a new peer domain definition.
To create a peer domain definition...
mkrpdomain [-t TS_port] [-g GS_port] [ -Q quorum_type | quorum_type_name ] [-c] [-m fanout] [ -k cssk_type [-r refresh_interval] ] [ –6 ] [ -C cluster_type -R repository_disk [ -D shared_disk1[,shared_disk2…] ] ] [-h] [-TV] peer_domain node_name1 [node_name2 ... ]
mkrpdomain -f │ -F { file_name │ "–" } [-t TS_port] [-g GS_port] [-Q {quorum_type | quorum_type_name}] [-c] [-m fanout] [ -k cssk_type [-r refresh_interval] ] [ –6 ] [ -C cluster_type -R repository_disk [ -D shared_disk1[,shared_disk2…] ] ] [-h] [-TV] peer_domain
The mkrpdomain command creates a new peer domain definition with the name specified by the peer_domain parameter. The nodes specified by node_name are defined to the new peer domain. A peer domain can be used to provide high-availability services when configuring application and system resources.
The preprpnode command must have been run on each of the nodes to be defined to the peer domain. The preprpnode command prepares the security environment for the peer domain operations. See the preprpnode command for more information about peer domain definition requirements. Only those nodes that have the appropriate security setup will be successfully defined to the peer domain.
lsrsrc -c IBM.PeerDomain AvailableQuorumTypes
You can use the -k flag to set the cluster shared secret key (CSSK). The CSSK is used for message authentication in the peer domain. By default, the CSSK is disabled (that is, set to CSSKTYPE_None). To enable message authentication, use a CSSK value such as CSSKTYPE_DES_MD5 with the -k flag. Enabling message authentication will affect performance. The complexity of the encryption algorithm determines the effect.
Message authentication also requires that the time-of-day clocks (TODs) of the nodes in the peer domain are synchronized — according to the system time — to within two minutes of each other. When the nodes' TODs are synchronized across the peer domain, this function helps to defend against message replay attacks. If the nodes' TODs are not synchronized to within two minutes of each other, messages passed between a sending node and a receiving node with a time difference that is longer than two minutes will be discarded.
When message authentication is enabled using the -k flag, a key refresh interval can be specified using the -r flag. By default, the key is refreshed daily.
chrsrc -c IBM.RSCTParameters CSSKType=cssk_type
lsrsrc -c IBM.RSCTParameters CSSKType
runact -c IBM.PeerDomain UpdateKey
For information about setting up and managing CSSK settings, see the Administering RSCT guide.
Use the -6 flag to establish a peer domain in which the IPv6 addresses that are configured on the nodes' network interfaces will be visible as resources in IBM®.NetworkInterface class. These IPv6 addresses will not be used for heartbeating or internal peer domain operations. If the -6 flag is not specified, no IPv6 addresses will be visible as resources in IBM.NetworkInterface.
The mkrpdomain command does not bring the peer domain online automatically. To bring the peer domain online, run the startrpdomain command. You can add nodes to the peer domain using the addrpnode command. To remove nodes from the peer domain, use the rmrpnode command.
A node can be defined in more than one peer domain but it can be online in only one peer domain at a time.
By default, if the mkrpdomain command fails on any node, it will fail on all nodes. The -c flag overrides this behavior, so that the mkrpdomain command will run on the other nodes, even if it fails on one node.
lsrsrc -c IBM.PeerDomain AvailableQuorumTypes
The valid values are: Use -f "-" or -F "-" to read the node names from standard input.
The default refresh interval is one day. The minimum refresh interval is 30 seconds. The maximum refresh interval is 30 days.
The -r flag can only be specified when the -k flag is used.
You must be running RSCT 2.4.7.1 or later to use this flag.
The user of the mkrpdomain command needs write permission to the IBM.PeerDomain resource class on each node that is to be defined to the peer domain. This is set up by running the preprpnode command on each node that is to be defined to the domain, specifying the name of the node on which the user will run mkrpdomain.
Any node to be defined to the peer domain must be reachable from the node on which this command runs.
This command is part of the Reliable Scalable Cluster Technology (RSCT) fileset for AIX.
When the -f "-" or -F "-" flag is specified, this command reads one or more node names from standard input.
When the -h flag is specified, this command's usage statement is written to standard output. All verbose messages are written to standard output.
All trace messages are written to standard error.
mkrpdomain ApplDomain nodeA
mkrpdomain ApplDomain nodeA nodeB nodeC
mkrpdomain -t 1200 -g 2400 ApplDomain nodeA nodeB
mkrpdomain -k CSSKTYPE_DES_MD5 ApplDomain nodeA nodeB
mkrpdomain -f /pd/pdnodes.config ApplDomain
where
the contents of /pd/pdnodes.config are: # peer domain nodes for mkrpdomain
nodeA # dev node
nodeB # dev node
nodeC # prod node
nodeD # test node
nodeE # test node
mkrpdomain -f /pd/pdnodes.config ApplDomain
where
the contents of /pd/pdnodes.config are: # peer domain nodes for mkrpdomain
nodeA @QB # dev node
nodeB @!Q # dev node
nodeC @!Q!P # prod node
nodeD @!P # test node
nodeE @Q # test node
The /etc/services file is modified.