Manuals / Symantec / Computer Equipment / Computer Accessories

Symantec 5 manual Setting up the node to run in secure mode, See Configuring LLT and GAB on

Models: 5

1 176

Download 176 pages 9.76 Kb

Page 126

126Adding and removing cluster nodes Adding a node to a cluster

Setting up the node to run in secure mode

You must follow this procedure only if you are adding a node to a cluster that is running in secure mode. If you are adding a node to a cluster that is not running in a secure mode, proceed with configuring LLT and GAB.

See “Configuring LLT and GAB” on page 128.

Table 7-2uses the following information for the following command examples.

Table 7-2	The command examples definitions
Name	Fully-qualified host name	Function
	(FQHN)
saturn	saturn.nodes.example.com	The new node that you are
		adding to the cluster.
RB1	RB1.brokers.example.com	The root broker for the
		cluster
RB2	RB2.brokers.example.com	Another root broker, not the
		cluster's RB

To verify the existing security setup on the node

1If node saturn is configured as an authentication broker (AB) belonging to a root broker, perform the following steps. Else, proceed to configuring the authentication broker on node saturn.

See “Configuring the authentication broker on node saturn” on page 127.

2Find out the root broker to which the node saturn belongs using the following command.

#vssregctl -l -q -b \ "Security\Authentication\Authentication Broker" \

-k "BrokerName"

3If the node saturn already belongs to root broker RB1, it is configured as part of the cluster. Proceed to setting up VCS related security configuration.

See “Setting up VCS related security configuration” on page 128.

4If the node saturn belongs to a different root broker (for example RB2), perform the following steps to remove the security credentials from node saturn.

■Kill /opt/VRTSat/bin/vxatd process.

■Remove the credential that RB2 has given to AB on node saturn.

Image 126

Symantec 5 manual Setting up the node to run in secure mode, See Configuring LLT and GAB on

Contents

Veritas Cluster Server Installation Guide Veritas Cluster Server Installation Guide Legal NoticeSymantec Corporation Ellis Street Mountain View, CA Technical Support Contacting Technical SupportCustomer service Licensing and registrationDocumentation feedback Maintenance agreement resources Additional enterprise servicesContents Contents Chapter Configuring VCS clusters for data integrity Chapter Adding and removing cluster nodes 121171 Index 173Contents About Veritas Cluster Server About VCS basicsThis chapter includes the following topics About multiple nodes About shared storageExample of a four-node VCS cluster See About the LLT and GAB configuration files on About LLT and GABAbout network channels for heartbeating About preexisting network partitions About VCS seedingAbout VCS notifications About VCS featuresVeritas Installation Assessment Service About global clustersAbout VCS optional components About I/O fencingYou can add the following optional components to VCS About Symantec Product Authentication Service AT About Cluster Manager Java Console See Preparing to configure the clusters in secure mode onSee Installing the Java Console on About Veritas Cluster Server Management ConsoleAbout VCS optional components Page About planning to install VCS Hardware requirements1lists the hardware requirements for a VCS cluster Required disk space Hardware requirements for a VCS clusterDescription Supported operating systems Kernel ArchitectureRequired Linux RPMs for VCS RhelSupported software Planning to install VCS Supported software About preparing to install VCS Preparing to configure the clusters in secure mode1depicts the flow of configuring VCS cluster in secure mode Workflow to configure VCS cluster in secure mode Preparatory tasks to configure a cluster in secure mode TasksThis task Installing the root broker for the security infrastructure See About Symantec Product Authentication Service AT on# ./installer Venus # vssat showalltrustedcreds Venus # vssat showprpl --pdrtype root \Creating encrypted files for the security infrastructure Venus # vssat showbrokerhashAddprpl command For example RootBroker # vssat createpkg \Performing preinstallation tasks Obtaining VCS license keys Task ReferenceHttps//licensing.symantec.com Setting up the private network You can use network switches instead of hubsPage Configuring SuSE network interfaces See About installing and configuring VCS on# cd /etc/sysconfig Run the commandWhere ethX is the interface name For example # ifconfig -aSetting up inter-system communication # ifconfig eth0# cd /etc/sysconfig/network Setting up ssh on cluster systems Accept the default location of ~/.ssh/iddsa# ssh-keygen -t dsa # chmod 755 ~/.ssh Setting up shared storageSee About setting up disk-based I/O fencing on # exec /usr/bin/ssh-agent $SHELL # ssh-addSetting the Path variable Setting the Manpath variableFor the C Shell csh or tcsh, type Setting the kernel.panic tunable Optimizing LLT media speed settings on private NICsCase of a panic, the node will reboot after 10 seconds Performing automated pre-installation check Mounting the product disc# mount -o ro /dev/cdrom /mnt/cdrom # ./installvcs -precheck galaxy nebula About installing and configuring VCS VCSTo configure Veritas Cluster Server you need Example galaxy, nebulaExample vcscluster27 To configure VCS clusters in secure mode optional, you need To configure Smtp email notification optional, you needVar/tmp/privatedir/roothash To configure Snmp trap notification optional, you need To configure global clusters optional, you needOptional VCS RPMs VRTSvcsmn Manual pages for VCS commands About the VCS installation programOptional features of the installvcs program See About preparing to install VCS onInstallvcs command usage takes the following form Interacting with the installvcs programAbout installvcs program command options Optional action ReferenceInstallvcs system1 system2... options Option and Syntax Description NooptionalpkgsInstalling VCS using installonly option Configuring VCS using configure option3lists the installation and the configuration tasks Installing and configuring VCS 5.0 RU3See Configuring the basic cluster on Overview of tasksStarting the software installation # ./installvcs -rsh Specifying systems for installationStart the installvcs program # cd /clusterserverLicensing VCS See Checking licensing information on the system onChoosing VCS RPMs for installation Enter keys for additional product featuresChoosing to install VCS RPMs or configure VCS Starting the software configuration See Configuring VCS using configure option on# ./installvcs -configure Specifying systems for configurationConfiguring the basic cluster # cd /dvdrom/clusterserverPage Configuring the cluster in secure mode Root@east.symantecexample.com East.symantecexample.comSymantecexample.com Root/roothashAdding VCS users Configuring Smtp email notificationEnter the user’s name, password, and level of privileges To add a user, enter y at the promptSee Configuring Snmp trap notification on If you do not want to add, answer n Configuring Snmp trap notificationSee Configuring global clusters on Verify and confirm the Smtp notification informationConfiguring global clusters Verify and confirm the Snmp notification informationInstalling VCS RPMs See Creating VCS configuration files onCreating VCS configuration files Verifying the NIC configurationCompleting the installation Starting VCSSet the Persistentname for all the NICs File description VCS node authentication broker Hardware requirements for the Java Console Installing the Java ConsoleSoftware requirements for the Java Console See Software requirements for the Java Console onNavigate to the folder that contains the RPMs Installing the Java Console on Linux for IBM PowerInstalling the Java Console on a Windows system # cd /mnt/cdrom/distarch/clusterserver/rpmsInstalling VCS Simulator on Windows systems Installing VCS SimulatorInstalling VCS Simulator on Unix systems Software requirements for VCS SimulatorReviewing the installation Verifying and updating licenses on the system Verifying the cluster after installationSee About verifying the VCS installation on Checking licensing information on the system# cd /opt/VRTS/bin Updating product licenses using vxlicinstReplacing a VCS demo license with a permanent license # hastop -all -forceStart VCS on each node Accessing the VCS documentationTo access the VCS documentation # hastartConfiguring VCS clusters for data integrity About configuring VCS clusters for data integrityAbout coordination points About I/O fencing componentsAbout data disks See About data disks onAbout setting up disk-based I/O fencing 1illustrates the tasks involved to configure I/O fencingWorkflow to configure disk-based I/O fencing I/O fencing configuration files include Preparing to configure disk-based I/O fencing Initializing disks as VxVM disks # fdisk -l# vxddladm listsupport all LibnamevidpidIdentifying disks to use as coordinator disks Checking shared disks for I/O fencingExample specifies the CDS format Verifying that the nodes have access to the same disk Testing the shared disks for SCSI-3See Testing the disks using vxfentsthdw utility on Testing the disks using vxfentsthdw utility See Removing permissions for communication on# /opt/VRTSvcs/vxfen/bin/vxfentsthdw If you use rsh for communication # /opt/VRTSvcs/vxfen/bin/vxfentsthdw -nDev/sdr # vxdg init vxfencoorddg sdx sdy sdz Setting up disk-based I/O fencing manuallySetting up coordinator disk groups # vxdg -g vxfencoorddg set coordinator=onCreating I/O fencing configuration files For raw device configurationDeport the coordinator disk group Modifying VCS configuration to use I/O fencing Make a backup copy of the main.cf fileStop VCS on all nodes Start VCS Verifying I/O fencing configuration# hacf -verify /etc/VRTSvcs/conf/config # /etc/init.d/vxfen startRemoving permissions for communication # vxfenadm -dPage About verifying the VCS installation About the LLT and GAB configuration filesGalaxy Nebula About the VCS configuration file main.cf Sample main.cf file for VCS clusters Page Sample main.cf file for global clusters ClusterAddress = Gcoip requires csgnic Wac requires gcoipApplication wac IP gcoip NIC csgnic See Setting the Path variable on Verifying the LLT, GAB, and VCS configuration filesVerify the content of the configuration files Verifying LLT, GAB, and cluster operationOutput on galaxy resembles Verifying LLTSee Verifying the cluster on Output on nebula resemblesEth1 UP Verifying GAB Output resemblesVerifying the cluster Verifying the cluster nodes Current Eth1 UP eth2 UP About adding and removing nodes Adding a node to a clusterSetting up the hardware See Adding a license key onPreparing for a manual installation when adding a node Installing VCS RPMs for a manual installation See Mounting the product disc onAdding a license key Checking licensing information on the systemSLES10/ppc64, required Rpms See Configuring the authentication broker on node saturn on Setting up the node to run in secure modeSee Configuring LLT and GAB on See Setting up VCS related security configuration onConfiguring the authentication broker on node saturn Configuring LLT and GAB Setting up VCS related security configurationOn the new system, run the command # /sbin/lltconfig -cIf the file on one of the existing nodes resembles To verify GAB On the new node, run the command Adding the node to the existing clusterAdd the new system to the cluster Stop VCS on the new node Removing a node from a clusterStarting VCS and verifying the cluster Start VCS on the new nodeVerifying the status of nodes and service groups Deleting the departing node from VCS configuration Check the status of the systems and the service groups# hastatus -summary # hagrp -switch grp3 -to nebula # hagrp -dep# haconf -makerw # hagrp -unlink grp4 grp1 Delete the node from the cluster Save the configuration, making it read onlyCheck the status # hagrp -delete grp4Modifying configuration files on each remaining node Removing security credentials from the leaving node# /etc/init.d/gab stop # /etc/init.d/llt stop Stop GAB and LLTTo determine the RPMs to remove, enter # rpm -qa grep VrtsRemove the LLT and GAB configuration files # rm /etc/llttab # rm /etc/gabtab # rm /etc/llthostsAbout installing VCS on a single node Creating a single-node cluster using the installer programTasks to create a single-node cluster using the installer Preparing for a single node installationStarting the installer for the single node cluster See Starting the software installation onSee Licensing VCS on Installing the VCS software manually on a single nodeCreating a single-node cluster manually Set the path variableVerifying single-node operation Renaming the LLT and GAB startup filesModifying the startup files # hastart -onenodeAdding a node to a single-node cluster Setting up a node to join the single-node cluster Installing VxVM or VxFS if necessaryDisplay the service groups currently configured Configuring the shared storageSee Setting up shared storage on Bringing up the existing nodeStop VCS on Node a Configuring LLTFreeze the service groups Rename the GAB and LLT startup files so they can be usedLLT directives Setting up /etc/llthostsSetting up /etc/llttab See LLT directives onAdditional considerations for LLT LLT directivesDirective Description Reconfigure VCS on the existing nodes Configuring GAB when adding a node to a single node clusterReconfiguring VCS on the existing node Starting LLT and GABVerifying configuration on both nodes Start the VCS on Node B Unfreeze the service groupsImplement the new two-node configuration Verify that VCS is up on both nodesPage About the uninstallvcs program Preparing to uninstall VCSSee About adding and removing nodes on Uninstalling VCS 5.0 RU3 # cd /opt/VRTS/install # ./uninstallvcsRemoving VCS 5.0 RU3 RPMs Running uninstallvcs from the VCS 5.0 RU3 disc Uninstallvcs program is not available in /opt/VRTS/install Configuring LLT over UDP Using the UDP layer for LLTWhen to use LLT over UDP Following checklist is to configure LLT over UDPBroadcast address in the /etc/llttab file Link command in the /etc/llttab fileSee Sample configuration links crossing IP routers on See Broadcast address in the /etc/llttab file onSet-addr command in the /etc/llttab file Table A-2describes the fields of the set-addr commandConfiguring the netmask for LLT Selecting UDP ports# setparms ipaddress For second network interface Configuring the broadcast address for LLTSample configuration direct-attached links # cat /etc/llttabUDP File for Node 1 resemblesSample configuration links crossing IP routers Figure A-2Performing automated VCS installations /etc/llttab file on Node 0 resemblesOr, in the case of an integer value Syntax in the response fileExample response file Or, in the case of a listResponse file variable definitions Table A-3 Response file variables Variable Description$CPICFGOPTLICENSE $CPICFGOPTPKGPATH $CPICFGKEYS Table A-3 See Installing and configuring VCS 5.0 RU3 on $CPICFGOPTUNINSTALL# ./installvcs -responsefile /tmp/installvcs-uui.response Index GAB RAM VCS