SSL key distribution

After the keys are initially created on one VM or vPar Host, all other VM or vPar Hosts must use the same client.public key. Each VM or vPar guest generates its own server.public key, therefore, a unique name for each VM or vPar guest must be used , to rename the server.public key. For example, # mv server.public server_[guest name].public.

To distribute keys between VM or vPar Hosts and VM or vPar guests:

a.Copy the client.public file from the VM or vPar Host directory /etc/cmcluster/ cmappmgr to all VM or vPar guests in the /opt/hp/cmappserver directory.

b.Copy the uniquely-named server.public file from all VM or vPar guests to the VM or vPar Hosts in directory /etc/cmcluster/cmappmgr. For example, server.public renamed to server_mmpf121.public.

c.Copy all key files from the initial /etc/cmcluster/cmappmgr VM or vPar Host directory to the same directory on all other VM or vPar Host nodes

2.Configure the cmappmgr.conf file on VM or vPar Host.

The file /etc/cmappmgr.conf on the VM or vPar Host is used to specify location information for the SSL keys used for cmappmgr to cmappserver communications from the VM or vPar Host. An example of keyStore location (for example, client.private), the VM or vPar guest name from which the trustStore was obtained (for example, guest mmpf121), and the name of the trustStore file (for example, server_mmpf121.public) is shown below:

###############################################################

#(C) Copyright 2008 Hewlett-Packard Development Company, L.P.

#@(#) SG cmappmgr Configuration File

#@(#) Product Name : HP SG cmappmgr conf file

#@(#) Product Version : %%SG_VERSION%%

#@(#) Patch Name : %%SG_PATCH%%

#

###############################################################

keyStore=/etc/cmcluster/cmappmgr/client.private

#If unspecified, the default value is /etc/client.private keyStorePassword=

#If unspecified, the default value is clientpw

#Specify node name where the trustStore comes from, followed by a ":", e.g., mmpf121: trustStore=/etc/cmcluster/cmappmgr/server_mmpf121.public trustStorePassword=public

#If unspecified, the default value is /etc/server.public

#If unspecified, the default value is public

3.Install cmappserver depots on VM or vPar guests.

To install cmappserver on VM or vPar guests that are running applications, the cmappserver depot software must be copied from the VM or vPar Host directory /opt/hp/serviceguard/ cmappserver to the VM or vPar guest to be monitored. The destination for copying the depot software depends on the VM or vPar guest type being monitored.

For HP-UX guests (subdirectory 11iv2 or 11iv3):

Copy the depot cmappserver.depot from the VM or vPar Host to the /tmp directory on the VM or vPar guest.

To install the required files in the /opt/hp/cmappserver directory, in the VM or vPar guest, run the command swinstall -s /tmp/cmappserver.depot

CMAPPSERVER.

For Linux VM or vPar guests (subdirectory redhat or sles):

Copy the rpm file from the VM or vPar Host to a local directory on the VM or vPar guest.

To install the required files in the /opt/hp/cmappserver directory in the VM or vPar guest, run the command rpm -i cmappserver_rhel5_ia64.rpm (for Red Hat) or

rpm -i cmappserver_sles_ia64.rpm (for SLES 10),

24 Configuring guest application monitoring service

Page 24
Image 24
HP Serviceguard Toolkit for Integrity Virtual Servers manual Cmappserver, Rpm -i cmappserverslesia64.rpm for Sles