Enabling nodes to be added to a cluster
Before you can add a node to a cluster, you need to set a value for the Allow add to cluster (ALWADDCLU) network attribute.
Use the Change Network Attributes (CHGNETA) command on any server that you want to set up as a cluster node. The CHGNETA command changes the network attributes of a system. The ALWADDCLU network attribute specifies whether a node allows another system to add it as a node in a cluster.
Possible values follow:
- The value does not change. The system is shipped with a value of *NONE.
- No other system can add this system as a node in a cluster.
- Any other system can add this system as a node in a cluster.
- Any other system can add this system as a node in a cluster only after the cluster add request has been authenticated.
Note: *RQSAUT is recommended to improve authentication security.
The ALWADDCLU network attribute is checked to see if the node that is being added is allowed to be part of the cluster and whether to validate the cluster request through the use of X.509 digital certificates. A digital certificate is a form of personal identification that can be verified electronically. If validation is required, the requesting node and the node that is being added must have the following installed on the systems:
- IBM® i Option 34 (Digital Certificate Manager)
- IBM i Option 35 (CCA Cryptographic Service Provider)
When *RQSAUT is selected for the ALWADDCLU, the certificate authority trust list for the IBM i cluster security server application must be correctly set up. The server application identifier is QIBM_QCST_CLUSTER_SECURITY. At a minimum, add certificate authorities for those nodes that you allow to join the cluster.