Running Commands on Remote Secure Clusters

Describes how to manage multiple secure clusters from one secure cluster.

About this task

You can manage a number of secure clusters by running maprcli commands from one cluster only, if you do not want to log into each secure cluster separately and run maprcli commands locally on them.

For example, suppose that you needed to manage the two secure clusters A and B. One method of doing so would be to log into each cluster separately and run commands locally on each. However, it is possible to log into A only and manage both clusters from A, running commands locally for A and remotely for B. When you type the maprcli commands, you would use the -cluster parameter in those commands to specify which cluster you want the commands to run on.

One scenario in which this method can be helpful is in setting up and managing table replication between two secure clusters. You could decide whether to run all commands from a secure source cluster or a secure destination cluster.

To configure two secure clusters for management from a single secure cluster:

Procedure

  1. Choose which secure cluster you want to run commands from. In the rest of these steps, this cluster is referred to as the administrative cluster.
  2. Configure the administrative cluster for communicating with the other clusters by editing mapr-clusters.conf on each node in the cluster. See mapr-clusters.conf
  3. For each remote secure cluster, follow these steps.
    1. Copy the ssl_truststore from the /opt/mapr/conf directory of the remote secure cluster into a temporary directory on the administrative cluster.
    2. On the administrative cluster, merge the ssl_truststore of the remote cluster with the ssl_truststore of the administrative cluster by using the /opt/mapr/server/manageSSLKeys.sh utility. For example, if you copied the ssl_truststore file of the remote secure cluster as /tmp/remote_ssl_truststore, you would use this command to merge the files: /opt/mapr/server/manageSSLKeys.sh merge /tmp/remote_ssl_truststore /opt/mapr/conf/ssl_truststore
    3. Copy the merged ssl_truststore file to every node on the administrative cluster.
  4. Run the maprlogin utility from the administrative cluster to obtain maprtickets for each of the remote clusters.

Results

You can now use maprcli on the administrative cluster to run commands on the remote clusters. The following commands, executed from a node in the administrative cluster, mount the volume named test-volume from the cluster named remotecluster2 as path /test:
maprlogin password -cluster remotecluster2
maprcli volume mount -cluster remotecluster2 -name test-volume -path /test