HP UX System Adstration manual # cp localhost.pub root-192.10.25.12.pub, # cd /etc/cmcluster/csync

Page 33

This will create keys named localhost.priv and localhost.pub in the directory /var/opt/dsau/cfengine/ppkeys.

2.The public key, localhost.pub is then copied to root-package IP address.pub. For example,

# cp localhost.pub root-192.10.25.12.pub

where 192.10.25.12 is the relocatable IP address of the csync package.

3.This member’s localhost.pub is then used to create the member-specific keys for each member:

#cp localhost.pub root-member1 IP address.pub

#cp localhost.pub root-member2 IP address.pub

#cp localhost.pub root-member3 IP address.pub

#cp localhost.pub root-memberN IP address.pub

4.Finally, all the keys are copied to each member.

#ccp * /var/opt/dsau/cfengine/ppkeys

NOTE: ccp, a command-fanout command, performs a cluster copy, copying a command to all cluster members.

Configure and start cfservd

1.Configure the cfservd daemon to start at system startup. Edit /etc/rc.config.d/

cfservd and change the line CSYNC_CONFIGURED=0 to CSYNC_CONFIGURED=1.

2.Propagate this change cluster-wide:

#ccp /etc/rc.config.d/cfservd /etc/rc.config.d/cfservd

3.On the master server, start cfservd:

#/sbin/init.d/cfservd start

4.Repeat for the remaining cluster members. If you have configured the cluster for use with the DSAU command fanout tools, use the following command to start the daemons cluster-wide:

#cexec /sbin/init.d/cfservd start

Create the csync Package

To create the configuration synchronization package, modify the default package template files as appropriate for your Serviceguard environment. Note that the package must be called csync. Failure to do so will cause the Serviceguard automated operations to fail. For more information, refer to the section “Serviceguard Automation Features” (page 23).

Start by making the following changes:

1.Create the package directory cluster-wide:

#cexec mkdir /etc/cmcluster/csync

2.Copy the template package ASCII file and package control script to the /etc/ cmcluster/csync directory on the current member:

#cd /etc/cmcluster/csync

#cp /opt/dsau/share/serviceguard/templates/csync.conf.template csync.conf

#cp /dsau/share/serviceguard/templates/csync.script.template csync

#chmod +x csync

2.3 Configuring cfengine

33

Page 32 Page 34
Image 33
Page 32 Page 34
Contents Distributed Systems Administration Utilities Users Guide Copyright 2009 Hewlett-Packard Development Company, L.P Table of Contents HP-Supported Open Source pdsh Options Index List of Figures Syslog-ngLog-Forwarding ConfigurationConsolidated Logging Commands Target Node Error MessagesList of Tables Intended Audience About this DocumentTypographic Conventions Related InformationProduct Support HP Encourages Your Comments Introduction Configuration Synchronization Command Distributed Systems Administration Utilities CommandsConsolidated Logging Commands Command Fanout CommandsOpen Source cfengine Commands Utility Setup CommandOpen Source pdsh Commands Open Source ComponentsDistributed Systems Administration Utilities Manual Pages Open Source syslog-ng CommandDsau Manual Page Sections Cfengine Overview Configuration SynchronizationConfiguration Synchronization Cfengine Daemons and CommandsCfengine Overview Cfengine Master Server Deployment ModelsUsing the Configuration Synchronization Wizard Configuring cfengineConfiguration Data for csyncwizard # /opt/dsau/sbin/csyncwizardWizard displays the following introductory screen Wizard proceeds to configure the system as a master server # /opt/dsau/sbin/csyncwizard Configuration Synchronization Configuring cfengine Would you like to manage clients? N Serviceguard Automation Features Cluster Configuration Notes for cfengineVar/opt/dsau/cfengine/inputs directory Opt/dsau/bin/csyncdispatcher Memberadded newhost Using the Wizard to Configure a Synchronization ClientWhen prompted, enter the name of the client to add Manual ConfigurationManually Configuring a Standalone Synchronization Server Start by creating the directory# mkdir -p /var/opt/dsau/cfenginemaster/inputs # cp localhost.pub root-10.0.0.5.pub # /opt/dsau/sbin/cfkey # /var/opt/dsau/cfengine/ppkeys# cfagent --no-lock --verbose --no-splay # /sbin/init.d/cfservd start# cfrun -- --inform # cfrun -v -- --verbose# mkdir -p /csync/dsau/cfenginemaster/masterfiles Initial Serviceguard Package PreparationList Managed Clients in cfrun.hosts Policyhost = csync.abc.xyz.com# /opt/dsau/sbin/cfkey Edit the cfservd.conf File# cp localhost.pub root-192.10.25.12.pub # ccp /etc/rc.config.d/cfservd /etc/rc.config.d/cfservd# ccp * /var/opt/dsau/cfengine/ppkeys # cexec /sbin/init.d/cfservd start# ccp csync csync.conf /etc/cmcluster/csync Test the configuration by performing the following stepsApply the package and start it # cmapplyconf -P csync.conf # cmmodpkg -e csyncOn a managed client, use the command Configuring a Synchronization Managed ClientChoosing a Synchronization Invocation Method Security NotesCsync Network Port Usage Key ExchangeEncryption Encryption Checksum alertsLogging Options Disabling Use of cfengineChecksum Alerts # /sbin/init.d/cfservd stopSyntax error due to missing or superfluous spaces Cfengine Troubleshooting#cfagent -K Unable to connect to a cfengine client or masterCfagent -d, -d1, -d2, or -d3 cfservd Cfrun Introduction to syslog Consolidated LoggingSyslog Message Format 2describes syslog Facilities MessagesLog Consolidation Overview Message FilteringImproved Log Consolidation Syslog Co-existence Etc/cmcluster/package-name/package-name.log Syslog-ng Log Consolidator Configuration Log Consolidation ConfigurationUsing the Log Consolidation Wizard Configuration Data for clogwizardOpt/dsau/sbin/clogwizard Where N is the expected number of clients Answer yes y or press Enter. The next question isAnswer yes y. The wizard then prompts If these choices are correct, continue Next prompt is Log files that reside on this cluster can be consolidated Consolidated package logs would be located here Cluster Configuration Notes for clog Minimizing Message Loss During Failover Or press Enter. The next question is Configuring a Log Forwarding Client Using clogwizardEnter the ssh port to be used for port forwarding Manually Configuring a Standalone Log Consolidation Server Manually Configuring Log Consolidation# /sbin/init.d/syslogd stop # /sbin/init.d/syslogd start Replace the %UDPLOOPBACKLOG% token withFor example, for TCP Change the Clogconfigured line to Create the following symbolic linkIf using the TCP protocol, add Add the following linesLog Consolidation Configuration SYSLOGDOPTS=-D -N KEEPALIVE% tokens with appropriate values UDPLOOPBACKSOURCE% and %UDPLOOPBACKLOG% tokens Creating the clog Package If consolidating package logs of this cluster, addIf using VxVM, comment out the LVM Volume Group line Testing and Starting the clog Package Distribute it cluster-wideThen use cmviewcl to make sure it is running Manually Configuring Log Forwarding Clients Using VxVM Instead of LVMManually Configuring a Standalone Log Forwarding Client Ln -sf /etc/syslog-ng.conf.client /etc/syslog-ng.conf # /sbin/init.d/syslog-ng start # cpp /etc/rc.config.d/syslogd /etc/rc.config.d Destination dsyslog%TYPE% %TYPE%%IP%port%PORT% If using ssh port forwarding, add If using the TCP protocol, add the following linesOtherwise, if using the UDP protocol, add Create the following symbolic link on each cluster memberForwarding Ascii Log Data Start syslog-ngon all cluster members usingFor the filter line For the destination lineFor the log line Consolidating Package Logs on the Log Consolidation ServerDisabling Log Consolidation Perform the following steps to disable log consolidationDisabling a Standalone Log Consolidation System #/sbin/init.d/syslogd stopDisabling a Standalone Log Forwarding Client Disabling a Serviceguard Cluster Log Consolidation System#/sbin/init.d/syslogd start # /sbin/init.d/syslog-ng stop#/sbin/init.d/syslogd stop #/sbin/init.d/syslogd start Disabling a Serviceguard Cluster Log Forwarding ClientSecuring Consolidated Logs Log File ProtectionsSsh Port Forwarding Using Bastille to Harden the System Clog Network Port Usage# cd /opt/ssh/etc # ccp sshhost* /opt/ssh/etc Viewing System and Consolidated Logs Using the System and Consolidated Log ViewerStarting System Management Homepage To log in to the System Management Homepage, navigate toViewing System and Consolidated Logs Page Parallel Distributed Shell Command FanoutAll nodes Pdsh Utility WrappersSystems Cwall displays a wall1M broadcast message on multiple hostsRemote Shell Security Setup Security ConfigurationSsh Security Setup # csshsetup -r -f memberslist.txtSsh Command Messages Command Fanout TroubleshootingRsh Command Messages Target Node Error MessagesHP-Supported Open Source pdsh Options Page Cfanouthosts IndexLVM UDP
Top Page Image Contents