Configuring Secure Clusters for Cross-Cluster Mirroring and Replication

Cross-cluster tickets are required on secure clusters that need to pull data from another secure cluster and on secure clusters that need to push data to another secure cluster. For example:
  • Volume mirroring is a pull operation. The volume data is pulled by the destination cluster from the source cluster. Because the destination cluster is performing the operation, the destination cluster receives a ticket that is generated on the source cluster.
  • Table and streams replication is a push operation. The table or stream data is pushed from the source cluster to the destination cluster. Because the source cluster is performing the operation, the source cluster receives a ticket that is generated on the destination cluster.

You can configure secure clusters for cross-cluster mirroring and replication manually (as described below) or automatically by running the configure-crosscluster.sh utility. If you choose to run the utility, the utility configures the clusters for both mirroring and replication in both directions. For more information, see configure-crosscluster.sh.

Setting up Secure Clusters Manually for Cross-Cluster Mirroring

To set up secure clusters for cross-cluster mirroring:
  1. Verify that the user for whom you are configuring access exists in the registry on both the clusters and has the following permissions:
    • Permissions to mirror volumes on the source cluster.
    • Permissions to create volumes on the destination cluster.
    You can set up access for the mapr user, who already has permissions to create volumes and mirror volumes.
  2. Log in to any node on source cluster and perform the following steps:
    1. Generate a cross-cluster ticket for the destination cluster for this user.
      For example, to generate a cross-cluster for destination cluster, run the following command on the source cluster:
      source$ /opt/mapr/bin/maprlogin generateticket -type crosscluster -out /tmp/crossclusterticket -user destinationclusteruser
    2. Copy the cross-cluster ticket file to any node on destination cluster.
      For example:
      source$ scp /tmp/crossclusterticket mapr@<dest-ip>:/tmp/sourceClusterTicketFile
  3. Log in to the node in destination cluster where the cross-cluster ticket was copied and perform the following steps:
    1. Merge the cross-cluster ticket file with the /opt/mapr/conf/maprserverticket file on the node.
      For example, to merge, run the following command:
      dest$ cat /tmp/sourceClusterTicketFile >> /opt/mapr/conf/maprserverticket
    2. Copy the /opt/mapr/conf/maprserverticket file to the CLDB nodes on the destination cluster.
  4. Perform the steps to verify configuration for mirroring.
You can now create mirror volumes on the destination cluster and set up a schedule to pull data from the volumes on the source cluster. However, you cannot create volumes on the source cluster that pull data from volumes in the destination cluster because the setup described above is unidirectional. In order to configure the clusters for bidirectional mirroring, repeat the steps above by switching the source and destination clusters. For example, suppose there are two clusters, clusterA and clusterB, and you performed the steps above for clusterA as the source cluster and clusterB as the destination cluster. After you complete the steps above, your destination cluster, clusterB can pull data from volumes on clusterA. In order for clusterA to mirror data on clusterB, perform the steps above with clusterB as the source cluster and clusterA as the destination cluster.

Setting up Secure Clusters Manually for Cross-Cluster Replication

To set up secure clusters for cross-cluster replication:
  1. Verify that the user, for whom you are configuring access, exists in the registry on the destination cluster.
  2. Log in to any node on the destination cluster and perform the following steps:
    1. Generate a cross-cluster ticket for the source cluster.
      For example, to generate a cross-cluster for the source cluster, run the following command on the destination cluster:
      dest$ /opt/mapr/bin/maprlogin generateticket -type crosscluster -out /tmp/crossclusterticket -user destinationclusteruser
    2. Copy the cross-cluster ticket file to any node on the source cluster.
      For example:
      dest$ scp /tmp/crossclusterticket mapr@<source-ip>:/tmp/sourceClusterTicketFile
  3. Log in to the node in the source cluster where the cross-cluster ticket was copied and perform the following steps:
    1. Merge the cross-cluster ticket file with the /opt/mapr/conf/maprserverticket file on the node.
      For example, to merge, run the following command:
      cat /tmp/destinationClusterTicketFile >> /opt/mapr/conf/maprserverticket
    2. Copy the /opt/mapr/conf/maprserverticket file to all the nodes on the source cluster.
  4. Configure the Gateway for table and streams replication.
  5. Perform the steps to verify configuration for replication.
You can now set up volumes on the source cluster to push data to replicas on the destination cluster. However, you cannot create replicas on the source cluster that get data from volumes in the destination cluster because the setup described above is unidirectional. In order to configure the clusters for bidirectional replication, repeat the steps above by switching the source and destination clusters. For example, suppose there are two clusters, clusterA and clusterB, and you performed the steps above for clusterA as the source cluster and clusterB as the destination cluster. After you complete the steps above, your source cluster, clusterA can push data to replicas on clusterB. In order for clusterB to replicate data on clusterA, perform the steps above with clusterB as the source cluster and clusterA as the destination cluster.

Verifying Cross-Cluster Configuration for Mirroring and Replication

You can verify the cross-cluster configuration for:
  1. Mirroring by logging in to a node on the destination cluster as the user for whom access was configured and creating a mirror volume on the destination cluster for a volume on the source cluster.
    You can create mirror volumes using MCS and/or the CLI.
  2. Replication by logging in to a node on the source cluster as the user for whom access was configured and creating a replica in the destination cluster for a volume, table, and stream on the source cluster.
    You can create replicas using MCS and the CLI. To set up replication on secure clusters for:
    • Tables, refer to documentation for MCS and/or the CLI.
    • Streams, refer to documentation for for MCS and/or the CLI.