Manuals / Symantec / Computer Equipment / Computer Accessories

Symantec 5 manual About Symantec Product Authentication Service AT

Models: 5

1 176

Download 176 pages 9.76 Kb

Page 19

Introducing Veritas Cluster Server	19
About VCS optional components

Figure 1-4

Typical VCS setup with optional components

Symantec Product Authentication Service root broker

VCS Management Console management server

Optional

VCS cluster 1

VCS cluster 2

About Symantec Product Authentication Service (AT)

VCS uses Symantec Product Authentication Service (AT) to provide secure communication between cluster nodes and clients. It uses digital certificates for authentication and SSL to encrypt communication over the public network to secure communications.

AT uses the following brokers to establish trust relationship between the cluster components:

■Root broker

A root broker serves as the main registration and certification authority; it has a self-signed certificate and can authenticate other brokers. The root broker is only used during initial creation of an authentication broker.

A root broker can serve multiple clusters. Symantec recommends that you install a single root broker on a utility system. The utility system, such as an email server or domain controller, can be highly available.

■Authentication brokers

Authentication brokers serve as intermediate registration and certification authorities. Authentication brokers have root-signed certificates. Each node in VCS serves as an authentication broker.

See Symantec Product Authentication Service documentation for more information.

Image 19

Symantec 5 manual About Symantec Product Authentication Service AT

Contents

Veritas Cluster Server Installation Guide Legal Notice Veritas Cluster Server Installation GuideSymantec Corporation Ellis Street Mountain View, CA Contacting Technical Support Technical SupportLicensing and registration Customer serviceDocumentation feedback Additional enterprise services Maintenance agreement resourcesContents Contents Chapter Configuring VCS clusters for data integrity 121 Chapter Adding and removing cluster nodesIndex 173 171Contents About VCS basics About Veritas Cluster ServerThis chapter includes the following topics About shared storage About multiple nodesExample of a four-node VCS cluster About LLT and GAB See About the LLT and GAB configuration files onAbout network channels for heartbeating About VCS seeding About preexisting network partitionsAbout global clusters About VCS featuresVeritas Installation Assessment Service About VCS notificationsAbout I/O fencing About VCS optional componentsYou can add the following optional components to VCS About Symantec Product Authentication Service AT About Veritas Cluster Server Management Console See Preparing to configure the clusters in secure mode onSee Installing the Java Console on About Cluster Manager Java ConsoleAbout VCS optional components Page Hardware requirements About planning to install VCS1lists the hardware requirements for a VCS cluster Hardware requirements for a VCS cluster Required disk spaceDescription Kernel Architecture Supported operating systemsRhel Required Linux RPMs for VCSSupported software Planning to install VCS Supported software Preparing to configure the clusters in secure mode About preparing to install VCS1depicts the flow of configuring VCS cluster in secure mode Workflow to configure VCS cluster in secure mode Tasks Preparatory tasks to configure a cluster in secure modeThis task See About Symantec Product Authentication Service AT on Installing the root broker for the security infrastructure# ./installer Venus # vssat showprpl --pdrtype root \ Venus # vssat showalltrustedcredsVenus # vssat showbrokerhash Creating encrypted files for the security infrastructureAddprpl command RootBroker # vssat createpkg \ For examplePerforming preinstallation tasks Task Reference Obtaining VCS license keysHttps//licensing.symantec.com You can use network switches instead of hubs Setting up the private networkPage See About installing and configuring VCS on Configuring SuSE network interfaces# ifconfig -a Run the commandWhere ethX is the interface name For example # cd /etc/sysconfig# ifconfig eth0 Setting up inter-system communication# cd /etc/sysconfig/network Accept the default location of ~/.ssh/iddsa Setting up ssh on cluster systems# ssh-keygen -t dsa # exec /usr/bin/ssh-agent $SHELL # ssh-add Setting up shared storageSee About setting up disk-based I/O fencing on # chmod 755 ~/.sshSetting the Manpath variable Setting the Path variableFor the C Shell csh or tcsh, type Optimizing LLT media speed settings on private NICs Setting the kernel.panic tunableCase of a panic, the node will reboot after 10 seconds Mounting the product disc Performing automated pre-installation check# mount -o ro /dev/cdrom /mnt/cdrom # ./installvcs -precheck galaxy nebula VCS About installing and configuring VCSExample galaxy, nebula To configure Veritas Cluster Server you needExample vcscluster27 To configure Smtp email notification optional, you need To configure VCS clusters in secure mode optional, you needVar/tmp/privatedir/roothash To configure global clusters optional, you need To configure Snmp trap notification optional, you needOptional VCS RPMs See About preparing to install VCS on About the VCS installation programOptional features of the installvcs program VRTSvcsmn Manual pages for VCS commandsOptional action Reference Interacting with the installvcs programAbout installvcs program command options Installvcs command usage takes the following formInstallvcs system1 system2... options Nooptionalpkgs Option and Syntax DescriptionConfiguring VCS using configure option Installing VCS using installonly optionOverview of tasks Installing and configuring VCS 5.0 RU3See Configuring the basic cluster on 3lists the installation and the configuration tasksStarting the software installation # cd /clusterserver Specifying systems for installationStart the installvcs program # ./installvcs -rshSee Checking licensing information on the system on Licensing VCSEnter keys for additional product features Choosing VCS RPMs for installationChoosing to install VCS RPMs or configure VCS See Configuring VCS using configure option on Starting the software configuration# cd /dvdrom/clusterserver Specifying systems for configurationConfiguring the basic cluster # ./installvcs -configurePage Configuring the cluster in secure mode Root/roothash East.symantecexample.comSymantecexample.com Root@east.symantecexample.comTo add a user, enter y at the prompt Configuring Smtp email notificationEnter the user’s name, password, and level of privileges Adding VCS usersSee Configuring Snmp trap notification on Verify and confirm the Smtp notification information Configuring Snmp trap notificationSee Configuring global clusters on If you do not want to add, answer nVerify and confirm the Snmp notification information Configuring global clustersSee Creating VCS configuration files on Installing VCS RPMsVerifying the NIC configuration Creating VCS configuration filesStarting VCS Completing the installationSet the Persistentname for all the NICs File description VCS node authentication broker See Software requirements for the Java Console on Installing the Java ConsoleSoftware requirements for the Java Console Hardware requirements for the Java Console# cd /mnt/cdrom/distarch/clusterserver/rpms Installing the Java Console on Linux for IBM PowerInstalling the Java Console on a Windows system Navigate to the folder that contains the RPMsSoftware requirements for VCS Simulator Installing VCS SimulatorInstalling VCS Simulator on Unix systems Installing VCS Simulator on Windows systemsReviewing the installation Checking licensing information on the system Verifying the cluster after installationSee About verifying the VCS installation on Verifying and updating licenses on the system# hastop -all -force Updating product licenses using vxlicinstReplacing a VCS demo license with a permanent license # cd /opt/VRTS/bin# hastart Accessing the VCS documentationTo access the VCS documentation Start VCS on each nodeAbout configuring VCS clusters for data integrity Configuring VCS clusters for data integritySee About data disks on About I/O fencing componentsAbout data disks About coordination points1illustrates the tasks involved to configure I/O fencing About setting up disk-based I/O fencingWorkflow to configure disk-based I/O fencing I/O fencing configuration files include Preparing to configure disk-based I/O fencing # fdisk -l Initializing disks as VxVM disksLibnamevidpid # vxddladm listsupport allChecking shared disks for I/O fencing Identifying disks to use as coordinator disksExample specifies the CDS format Testing the shared disks for SCSI-3 Verifying that the nodes have access to the same diskSee Testing the disks using vxfentsthdw utility on See Removing permissions for communication on Testing the disks using vxfentsthdw utility# /opt/VRTSvcs/vxfen/bin/vxfentsthdw # /opt/VRTSvcs/vxfen/bin/vxfentsthdw -n If you use rsh for communicationDev/sdr # vxdg -g vxfencoorddg set coordinator=on Setting up disk-based I/O fencing manuallySetting up coordinator disk groups # vxdg init vxfencoorddg sdx sdy sdzFor raw device configuration Creating I/O fencing configuration filesDeport the coordinator disk group Make a backup copy of the main.cf file Modifying VCS configuration to use I/O fencingStop VCS on all nodes # /etc/init.d/vxfen start Verifying I/O fencing configuration# hacf -verify /etc/VRTSvcs/conf/config Start VCS# vxfenadm -d Removing permissions for communicationPage About the LLT and GAB configuration files About verifying the VCS installationGalaxy Nebula About the VCS configuration file main.cf Sample main.cf file for VCS clusters Page Sample main.cf file for global clusters ClusterAddress = Wac requires gcoip Gcoip requires csgnicApplication wac IP gcoip NIC csgnic Verifying LLT, GAB, and cluster operation Verifying the LLT, GAB, and VCS configuration filesVerify the content of the configuration files See Setting the Path variable onOutput on nebula resembles Verifying LLTSee Verifying the cluster on Output on galaxy resemblesEth1 UP Output resembles Verifying GABVerifying the cluster Verifying the cluster nodes Current Eth1 UP eth2 UP Adding a node to a cluster About adding and removing nodesSee Adding a license key on Setting up the hardwarePreparing for a manual installation when adding a node See Mounting the product disc on Installing VCS RPMs for a manual installationChecking licensing information on the system Adding a license keySLES10/ppc64, required Rpms See Setting up VCS related security configuration on Setting up the node to run in secure modeSee Configuring LLT and GAB on See Configuring the authentication broker on node saturn onConfiguring the authentication broker on node saturn Setting up VCS related security configuration Configuring LLT and GAB# /sbin/lltconfig -c On the new system, run the commandIf the file on one of the existing nodes resembles Adding the node to the existing cluster To verify GAB On the new node, run the commandAdd the new system to the cluster Start VCS on the new node Removing a node from a clusterStarting VCS and verifying the cluster Stop VCS on the new nodeVerifying the status of nodes and service groups Check the status of the systems and the service groups Deleting the departing node from VCS configuration# hastatus -summary # hagrp -dep # hagrp -switch grp3 -to nebula# haconf -makerw # hagrp -unlink grp4 grp1 # hagrp -delete grp4 Save the configuration, making it read onlyCheck the status Delete the node from the clusterRemoving security credentials from the leaving node Modifying configuration files on each remaining node# rpm -qa grep Vrts Stop GAB and LLTTo determine the RPMs to remove, enter # /etc/init.d/gab stop # /etc/init.d/llt stop# rm /etc/llttab # rm /etc/gabtab # rm /etc/llthosts Remove the LLT and GAB configuration filesCreating a single-node cluster using the installer program About installing VCS on a single nodeSee Starting the software installation on Preparing for a single node installationStarting the installer for the single node cluster Tasks to create a single-node cluster using the installerSet the path variable Installing the VCS software manually on a single nodeCreating a single-node cluster manually See Licensing VCS on# hastart -onenode Renaming the LLT and GAB startup filesModifying the startup files Verifying single-node operationAdding a node to a single-node cluster Installing VxVM or VxFS if necessary Setting up a node to join the single-node clusterBringing up the existing node Configuring the shared storageSee Setting up shared storage on Display the service groups currently configuredRename the GAB and LLT startup files so they can be used Configuring LLTFreeze the service groups Stop VCS on Node aSee LLT directives on Setting up /etc/llthostsSetting up /etc/llttab LLT directivesLLT directives Additional considerations for LLTDirective Description Starting LLT and GAB Configuring GAB when adding a node to a single node clusterReconfiguring VCS on the existing node Reconfigure VCS on the existing nodesVerifying configuration on both nodes Verify that VCS is up on both nodes Unfreeze the service groupsImplement the new two-node configuration Start the VCS on Node BPage Preparing to uninstall VCS About the uninstallvcs programSee About adding and removing nodes on # cd /opt/VRTS/install # ./uninstallvcs Uninstalling VCS 5.0 RU3Removing VCS 5.0 RU3 RPMs Running uninstallvcs from the VCS 5.0 RU3 disc Uninstallvcs program is not available in /opt/VRTS/install Following checklist is to configure LLT over UDP Using the UDP layer for LLTWhen to use LLT over UDP Configuring LLT over UDPSee Broadcast address in the /etc/llttab file on Link command in the /etc/llttab fileSee Sample configuration links crossing IP routers on Broadcast address in the /etc/llttab fileTable A-2describes the fields of the set-addr command Set-addr command in the /etc/llttab fileSelecting UDP ports Configuring the netmask for LLT# setparms ipaddress # cat /etc/llttab Configuring the broadcast address for LLTSample configuration direct-attached links For second network interfaceFile for Node 1 resembles UDPFigure A-2 Sample configuration links crossing IP routers/etc/llttab file on Node 0 resembles Performing automated VCS installationsOr, in the case of a list Syntax in the response fileExample response file Or, in the case of an integer valueTable A-3 Response file variables Variable Description Response file variable definitions$CPICFGOPTLICENSE $CPICFGOPTPKGPATH $CPICFGKEYS Table A-3 $CPICFGOPTUNINSTALL See Installing and configuring VCS 5.0 RU3 on# ./installvcs -responsefile /tmp/installvcs-uui.response Index GAB RAM VCS