Symantec Veritas Cluster Server One Installation Manual Download Page 95 | Manualshive

Page: 95 / 210

background image

95

Setting up authentication plug-ins for VCS One

Extending the credential expiry period

Extending the credential expiry period

By default, logged-in VCS One users have a credential that expires in 24-hours.
Users who need to run commands from within client-side scripts may require
longer-term credentials.

You may change the default 24-hour expiry period to a larger value (such as two
years) at the system level. Increasing the default value makes your job easier if
the number of users with distinct passwords is relatively large.

You may change the expiry period in the authentication broker. With this
approach, a user provides their password only once. They can run VCS One
(“ha”) commands without providing it until the end of the expiry period.

If you use this method, you must collect the credentials for these users quickly,
before the expiry period can be reset to the original limit. When you are
finished, you must reset the expiry period to its original setting. No matter how
quickly you complete this process, there is a time window when other users can
log in at the same time and acquire long-term credentials. Also, AT does not
support revoking a granted credential.

Due to these issues, change the expiry period in the authentication broker only
as a last resort and when the systems are not being used by users who should not
have an extended expiry period.

To extend the expiry period

1

Display the current expiry period by entering the following command:

#

/opt/VRTSvcsone/bin/haat showexpiryintervals -p

plugin_name

where

plugin_name

is the authentication plug-in name (that is, vx,

unixpwd, nis, nisplus, ldap, or pam).

2

Increase the expiry period by entering the following command:

#

/opt/VRTSvcsone/bin/haat setexpiryintervals -p

plugin_name

\

-t user -e

seconds

where

seconds

indicates an expiry period in seconds. To set it for two

years, use 63,072,000 seconds.

3

Verify the change by entering the following command:

#

/opt/VRTSvcsone/bin/haat showexpiryintervals -p

plugin_name

4

Have the users get new credentials.

5

Reset the expiry period to its original value. Enter the following:

#

/opt/VRTSvcsone/bin/haat setexpiryintervals -p

plugin_name

\

-t user -e 86400

6

where 86,400 indicates an expiry period of 86,400 seconds (24 hours).

Verify the change. Enter the following:

#

/opt/VRTSvcsone/bin/haat showexpiryintervals -p

plugin_name

«
...
93
94
95
96
97
...
»

Summary of Contents for Veritas Cluster Server One

Page 1: ...Veritas Cluster Server One Installation Guide AIX HP UX Linux Solaris 5 0...

Page 2: ...its use copying distribution and decompilation reverse engineering No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and...

Page 3: ...Symantec Corporation 350 Ellis Street Mountain View CA 94043 http www symantec com...

Page 4: ...assurance that delivers automatic software upgrade protection Global support that is available 24 hours a day 7 days a week Advanced features including Account Management Services For information abou...

Page 5: ...alization Product registration updates such as address or name changes General product information features language availability local dealers Latest information about product updates and upgrades In...

Page 6: ...ca semea symantec com North America and Latin America supportsolutions symantec com Symantec Early Warning Solutions These solutions provide early warning of cyber attacks comprehensive threat analysi...

Page 7: ...om the command line 24 About the Symantec Product Authentication Service 25 Removing earlier versions of the Symantec Product Authentication Service 25 Configuring ssh rsh or remsh before installing 2...

Page 8: ...olicy Master cluster 44 Naming the Policy Master cluster 45 Creating an ID for the Policy Master cluster 45 Configuring the heartbeat settings 45 Specifying the authentication services port number 46...

Page 9: ...deployment credential 67 Creating the deployment credential package 67 Adding the client to the VCS One cluster 68 Installing the client using a permanent credential 68 Installing the VCS One client 6...

Page 10: ...domain type 96 Chapter 8 Adding shared storage and testing disks for SCSI 3 compliance About adding shared storage 98 Requirements for adding shared storage 98 Adding storage devices 98 Testing disks...

Page 11: ...ated objects 115 Deprecated attributes 115 ManualMode restart for the VCS One cluster 115 User modified attribute properties 115 Upgrading the Policy Master 116 Adding a system to a VCS One 5 0 Policy...

Page 12: ...8 Uninstalling high availability agent software 128 Uninstalling Policy Master server software 128 Uninstalling the VCS One client software 130 Launching the installer 130 Specifying the system to uni...

Page 13: ...ication has failed 150 Reasons authentication might fail 150 Re authenticating the client 150 Installing Storage Foundation after installing the client on Linux 151 Troubleshooting I O fencing 152 vxf...

Page 14: ...CS One Policy Master with NetApp 175 Starting the installer 175 Reading the copyright information 175 Selecting a task 175 Selecting a Policy Master installation 176 Accepting the End User License Agr...

Page 15: ...189 Reviewing the package list 189 Choosing when to configure the client 190 Configuring the client 190 Starting the client 192 Appendix E Response file variables Appendix F Required packages Mandato...

Page 16: ...16 Contents...

Page 17: ...About installing VCS One Installing the VCS One agents Getting your VCS One licenses Setting up the Policy Master cluster hardware Opening the required ports Running installation prechecks About the S...

Page 18: ...l Testing shared storage devices and coordinator disks for compliance with SCSI 3 persistent reservations Configuring I O Fencing optional but recommended Installing the VCS One agents In addition to...

Page 19: ...Demo A demo license that lets you use the product for 30 days for evaluation purposes only After 12 months the product auto disables high availability HA for the Policy Master and significantly reduce...

Page 20: ...ies At least 2 gigabytes of physical memory At least one network interface for private communication between the Policy Master cluster systems two links are desirable At least one network link between...

Page 21: ...ter 14151 Inbound Policy Master database 14157 Not modifiable Web server 14171 secure Inbound Web server admin port 14172 Inbound Authentication server 14159 Note If you upgrade from VCS One 2 0 1 to...

Page 22: ...ning installation prechecks For each software installation you can check the target systems before installation to verify that The system has enough disk space for the installation The product being i...

Page 23: ...mounted If the disc does not automatically mount you must mount it manually To mount the product disc manually on Linux 1 Log on and mount the product disc See Logging on and mounting the product dis...

Page 24: ...le you might see an error saying that your server is running on a platform that VCS One does not support If that happens check the Veritas Cluster Server One Release Notes for information about suppor...

Page 25: ...onments require the Symantec Product Authentication Service for trusted communications The Symantec Product Authentication Service is installed when you install VCS One VCS One uses an embedded broker...

Page 26: ...an the rsh suite of protocols Symantec recommends configuring a secure shell environment before installing VCS One and other Veritas products by Symantec The following is an example ssh setup procedur...

Page 27: ...sfer program SFTP is enabled on the target installation systems To enable SFTP the etc ssh sshd_config file must contain the following lines PermitRootLogin yes Subsystem sftp usr lib ssh sftp server...

Page 28: ...ce system that is also an installation target add the local system id_dsa pub key to the local authorized_keys file If the installation source system is not authenticated the installation may fail Add...

Page 29: ...shell program lets you log on to and execute commands on a remote system The remote system on which the rsh executes the command must be running the rsh daemon The rsh program is not secure for netwo...

Page 30: ...le rsh rlogin add the following line to etc inet inetd conf login stream tcp6 nowait root usr sbin in rlogind in rlogind shell stream tcp nowait root usr sbin in rshd in rshd shell stream tcp6 nowait...

Page 31: ...icient auth sufficient pam_rhosts_auth so 4 Enable the rsh server Enter the following chkconfig rsh on 5 Verify that rsh is set up correctly Enter the following exec usr bin rsh system_name LANG C ech...

Page 32: ...d domain name or IP address for each remote system having access to the local system For example if the root user must remotely access system1 from system2 you must add an entry for system2 companynam...

Page 33: ...t rsh is set up correctly Enter the following exec usr bin rsh system_name LANG C echo Symantec 2 1 2 1 Symantec The command should return Symantec If it does not there is an issue with rsh setup 4 To...

Page 34: ...34 Getting ready to install VCS One Configuring ssh rsh or remsh before installing...

Page 35: ...g and configuring the VCS One Policy Master This chapter includes the following topics Before you install the Policy Master Installing the Policy Master Configuring the Policy Master After you install...

Page 36: ...uration across reboots Configuring your IP addresses and NICs for Solaris To begin configuring your IP addresses and NICs for Solaris connect to the Policy Master system through the console To configu...

Page 37: ...ddress you need to plumb and netmask is your Policy Master netmask Preparing your network on Linux On Linux if the incorrect netmask is used to plumb the Base IP address the network may not work Syman...

Page 38: ...for the authentication service a number from 0 65536 The port must not be a port on which other applications listen Instead of providing an authentication service port number you can use the default p...

Page 39: ...iler for each Policy Master system File system path or NetApp filer to be used to store the VCS One configuration Note The installer exports the NetApp volume and mounts the mount point If the mount p...

Page 40: ...ng the Policy Master The Veritas Cluster Server One VCS One Policy Master software is on the VCS One software disc for the appropriate platform Note This release of VCS One does not support installing...

Page 41: ...on and configuration 7 Review the information on each page and press Enter to continue Specifying the target system You must specify the name of the target system for each Policy Master system To spec...

Page 42: ...tions of disk storage With Veritas Volume Manager you can configure share and manage your storage online Managing storage online optimizes storage I O performance without interrupting data availabilit...

Page 43: ...hether to configure the Policy Master right after the installation If you install Storage Foundation on Solaris you must reboot your machine and then proceed with the configuration To specify when to...

Page 44: ...licy Master on page 54 Starting the Policy Master configuration If you have not yet started the Policy Master configuration do so now To start the Policy Master configuration 1 Start the VCS One confi...

Page 45: ...for a private heartbeat link A private heartbeat link is a link that sends status information between systems within the Policy Master cluster Private heartbeats are generated every half second You ca...

Page 46: ...14159 for authentication services enter the following y If you want to specify a different port number for authentication services enter the following n At the next prompt enter the port number you wa...

Page 47: ...ou install on Solaris you must indicate if you want to use the mpathd that the operating system provides To specify whether to use the mpathd 1 At the mpathd prompt do one of the following If you want...

Page 48: ...ry For information about disaster recovery see Preparing to configure disaster recovery on page 39 Deciding when to configure disaster recovery You can configure disaster recovery during the VCS One i...

Page 49: ...very you are prompted to specify if you want to continue 2 Do one of the following If you are prompted about continuing with fewer than two unique virtual IP addresses go to step 3 If you are not prom...

Page 50: ...nd netmask are correct Enter the following y Configuring disaster recovery after you install VCS One Follow these steps to configure disaster recovery after you install and configure VCS One To config...

Page 51: ...k group and volume must not be in use by other applications The disk group must also be free of any volumes that are in use by other applications To configure Storage Foundation 1 Enter a disk group f...

Page 52: ...11 If you are prompted to clean up the shared storage directories enter the following y Configuring NetApp Filer Follow the instructions in this section to configure Network Appliance filer NFS to st...

Page 53: ...ve mounted something on the mount point you specified the installer asks you if you want to unmount it Do one of the following If you are prompted to unmount the mount point go to step 10 If you are n...

Page 54: ...llow the steps in this section to set up the configuration database using shared storage or using local storage To set up the configuration database 1 Enter the mount point for the configuration datab...

Page 55: ...n 1 Check the state of the Policy Master service group on each system Enter the following opt VRTSvcsone bin haadmin state The output should show the PMSG is ONLINE on one system OFFLINE on the other...

Page 56: ...ice vcsonedb VCS One database pm Policy Master daemon atd Symantec Product Authentication Service daemon VCSOneWeb VCS One web console pmdg The database and repository disk group pmvol The volume for...

Page 57: ...opt VRTSvcsone bin haclus modify DefaultPlatform platform About configuring VCS One Each system in a VCS One cluster has a unique host name and IP address In addition VCS One uses attributes to match...

Page 58: ...ser level attribute VCSOneClientName lists the VCS One client system with which the user is registered A user can only register with one system in the VCS One cluster See the Veritas Cluster Server On...

Page 59: ...Chapter 3 Accessing the web console This chapter includes the following topics Before you access the VCS One web console Accessing the VCS One web console Recreating the SSL certificate...

Page 60: ...r caching Disable the pop up blocker Enable ActiveX controls Internet Explorer only Install a supported Flash version See the Veritas Cluster Server One Release Notes for supported Flash versions Enab...

Page 61: ...er failover operation 2 In the web browser click the VCS One web console link 3 In the Log on page specify the following details In the Select Language box select the appropriate language In this rele...

Page 62: ...che Tomcat 6 0 SSL Configuration instructions available on the Internet To recreate the SSL certificate you can use Java Keytool or another tool of your choice For your convenience the Java Keytool ut...

Page 63: ...pter includes the following topics Preparing to install the VCS One client Preparing to install the VCS One client Installing the VCS One client Configuring the VCS One client Installing the client us...

Page 64: ...latform on which you would install the client Platform specific preparations Before you begin to install the VCS One client ensure that the following general preparations are ready in advance Uninstal...

Page 65: ...been completely installed including an initial boot of the zone before installing the VCS One client If you install the VCS One client on Solaris 10 systems running non global zones Ensure that opt is...

Page 66: ...ifying the Policy Master installation on page 55 Choose the appropriate installation software disc Installation software discs are provided for each platform type Mount the software disc on the system...

Page 67: ...yment credential package You can use the create_deployment_credential option to create the deployment credential package on the shared storage The clients copy and execute that credential package to a...

Page 68: ...deployment credential package you must add the client system to the VCS One cluster To add the client to the VCS One cluster 1 From the Policy Master enter the following opt VRTSvcsone bin hasys add s...

Page 69: ...s not perform an installation 4 Copy created credential packages to a system where you plan to install the VCS One client Make a note of where you copy the files 5 Install or configure the VCS One cli...

Page 70: ...installed any file system soft links in the directory opt VRTS bin are overridden on the system Running VCS and VCS One on the same system is not a supported configuration 5 Accept the End User Licen...

Page 71: ...ent configuration on page 71 Entering the virtual IP addresses for the client on page 72 Deciding whether to configure the SSL library path on page 72 Synchronizing the clock times on your systems on...

Page 72: ...rmanent credential package enter the following y If you have a deployment credential enter the following n 5 At the deployment credential package prompt do one of the following If you have a permanent...

Page 73: ...figuring the client enter n 3 If you want to synchronize the clock times use the ntpdate command For example enter the following rdate ntphost Completing and verifying the installation To complete and...

Page 74: ...authenticate your clients do not change the Symantec Product Authentication Service AT ClusterName attribute value after you have deployed your clients VCS One clients connect to the Policy Master clu...

Page 75: ...Chapter 5 Performing unattended client installations This chapter includes the following topics About response files Installation using a response file...

Page 76: ...DE STANDALONE CPI CFG OPT INSTALLCONFIG 1 CPI CFG SYSTEMS qw redhat1 redhat2 redhat3 CPI CFG UPI VCSONECD CPI CFG VCSONECD_CC_ATPORT 14159 CPI CFG VCSONECD_CLUSTERIP qw 10 198 92 127 CPI CFG VCSONECD_...

Page 77: ...stem where you plan to run another installation When you run the install program use the responsefile response_file option To perform an installation using a response file 1 Edit the response file and...

Page 78: ...78 Performing unattended client installations Installation using a response file Note If any older versions of VRTS RPMs or packages are on the target system installation using the response file fails...

Page 79: ...Chapter 6 Installing the Simulator This chapter includes the following topics About the Simulator Before you install the Simulator Installing the Simulator...

Page 80: ...es Choose any installation software disc The Windows Simulator is available under the simulator directory on each VCS One installation software disc Installing the Simulator The Simulator included in...

Page 81: ...he VCS One Simulator software is installed in the specified directory 7 To begin installation click Next The VCS One Simulator installation wizard takes a few minutes to install the software 8 When th...

Page 82: ...82 Installing the Simulator Installing the Simulator...

Page 83: ...ce types Displaying information about user names and domain names Setting up vx authentication Setting up unixpwd authentication Setting up NIS or NIS authentication Setting up LDAP authentication Set...

Page 84: ...on plug in to validate the identities within a particular domain Table 7 1 lists the authentication service types and corresponding authentication plug ins supported by VCS One Table 7 1 Authenticatio...

Page 85: ...ng command opt VRTSvcsone bin haat showplugininfo p plugin_type where plugin_type is the authentication plug in type that is vx unixpwd nis nisplus ldap or pam The output looks similar to the followin...

Page 86: ...ndows and LDAP limit user names and domain names to 79 ASCII characters or less If you use non ASCII characters the limit varies Setting up vx authentication To set up Symantec Private Domain vx authe...

Page 87: ...ter the following opt VRTSvcsone bin haat showpd t ab d domain_name grep domain_name where domain_name in grep domain_name is the domain name you are searching for such as VCSONE_USERS 2 On the active...

Page 88: ...ation broker by entering the following command haat setuptrust b host port PBXPort PBXServiceID s low medium high 7 On the client system authenticate the user by entering the following command haat au...

Page 89: ...d roles for the user by entering the following command opt VRTSvcsone bin hauser addrole unixuser vcsone_cluster_name ServerFarmObjectGuest 3 Test that the user s log in credentials work by running a...

Page 90: ...CLI program that lets you configure the LDAP plug in for the authentication broker Use haldapconf to connect to the enterprise LDAP server and detect the default parameters for searching users and gro...

Page 91: ...name p ldap_server_port u search_user g search_group f attribute_list_file m admin_username w admin_password l loglevel where s ldap_server_name specifies the name of the LDAP server This option is re...

Page 92: ...connection to the LDAP server l loglevel generates a log file named haldapconf debug loglevel determines the amount of information that goes into the log The value of loglevel ranges from 0 to 4 The h...

Page 93: ...n1 3 Add the LDAP domain by running the following command to configure authentication This command reads and runs the AT CLI generated by haldapconf c in step 2 opt VRTSvcsone bin haldapconf x f at_cl...

Page 94: ...AP See Setting up LDAP authentication on page 90 Setting up PAM authentication Pluggable Authentication Modules PAM authenticate users on the Policy Master system No set up is required for the PAM dom...

Page 95: ...n log in at the same time and acquire long term credentials Also AT does not support revoking a granted credential Due to these issues change the expiry period in the authentication broker only as a l...

Page 96: ...e lab1 com is a Windows Active Directory domain and nis lab2 com where lab2 is a NIS domain By default the unixpwd and pam domain types do not require a domain name They assume the authentication brok...

Page 97: ...es the following topics About adding shared storage Requirements for adding shared storage Adding storage devices Testing disks for SCSI 3 compliance Setting up and testing data disks Using additional...

Page 98: ...ordinator disks Two switches for I O connection redundancy Adding storage devices For the Policy Master in a production environment you need to add a minimum of three coordinator disks in addition to...

Page 99: ...y be different By using a command to check the serial number of the disk you can verify that a specific disk is the same one as seen from each system This is important when you have added many disks U...

Page 100: ...ach system A given disk may have a different name on each system To test data disks using vxfentsthdw 1 Make sure the two systems are connected to the storage device you are testing and that the syste...

Page 101: ...8 1 Options for vxfentsthdw vxfentsthdw option Description When to use m The default option that may be used with the r option With m vxfentsthdw runs in the interactive mode For testing a few disks o...

Page 102: ...e Testing all the disks in a disk group To test all the disks in a disk group 1 Create a temporary disk group for testing the disks For example create a disk group called blue_disks_dg that includes a...

Page 103: ...e disk group starting with a single disk and add other disks to the group To set up a disk group for coordinator disks 1 Create a disk group with a single disk For example enter the following vxdg ini...

Page 104: ...1 Deport the disk group Enter the following vxdg deport vxfencoorddg 2 Import the disk group to prevent it from being imported automatically when the system reboots Enter the following vxdg t import v...

Page 105: ...Multiple systems in the VCS One cluster use a common shared storage Due to a network fault one of these systems loses its connectivity with the Policy Master cluster In the meantime the Policy Master...

Page 106: ...106 Adding shared storage and testing disks for SCSI 3 compliance About VCS One client I O fencing...

Page 107: ...or replacement system to the Policy Master cluster This chapter includes the following topics Prerequisites for the new or replacement system About adding or replacing a system Adding a system to the...

Page 108: ...r software to the new system See Installing the VCS One Policy Master on page 36 If you are replacing a system use the same identity as the system it is replacing including the same Hostname IP addres...

Page 109: ...aster cluster with two systems use independent hubs for private network connections replacing crossover cables if used If you already use independent hubs connect the two Ethernet controllers on the n...

Page 110: ...vcsone bin haadmin state 2 Check that the Policy Master packages are installed on the system that you are adding to the Policy Master cluster Enter the following rpm qa grep vcsone Starting the proces...

Page 111: ...system From the list of NIC devices discovered on your systems select any NIC that is up and running on a public network For example enter the following On Linux eth0 On Solaris x64 bge0 2 At the Pol...

Page 112: ...named system1 The steps for adding a system may vary depending on your configuration To replace a system on the VCS One Policy Master cluster 1 Edit the VCS configuration file main cf Enter the follo...

Page 113: ...Chapter 10 Upgrading from VCS One 2 0 1 to 5 0 This chapter includes the following topics Overview Upgrading the Policy Master Upgrading the client...

Page 114: ...One 5 0 Operating system prerequisite Before you upgrade check that you are running an operating system that VCS One 5 0 supports If necessary install or upgrade to a supported operating system For i...

Page 115: ...tributes ClusterName and ClusterDomainName Policy Master cluster attributes LinkedFrame system attribute GTQDisplayName group attribute NumCPU LDom resource attribute ManualMode restart for the VCS On...

Page 116: ...s Adding a system to a VCS One 5 0 Policy Master cluster See Chapter 9 Adding a new or replacement system to the Policy Master cluster for instructions on adding a system to your Policy Master cluster...

Page 117: ...luster To delete a system from your VCS One 2 0 1 Policy Master cluster 1 Navigate to the VCS One directory on your root broker system For example navigate to the following location root my_machine2 c...

Page 118: ...5 0 Policy Master packages are installed on each system To verify that the 5 0 Policy Master packages are installed on each system After you install the 5 0 Policy Master packages on each system in th...

Page 119: ...on all Policy Master systems you must confirm that you want to continue without installing Storage Foundation To decide about Storage Foundation Do one of the following Specifying the location of the...

Page 120: ...page 48 Starting the Policy Master on page 54 Verifying that the configurations are imported to the specified location To verify that the configurations are imported to the specified location Enter t...

Page 121: ...s For example enter the following my_machine1 my_machine2 2 At the system names prompt enter the names of the target VCS One 5 0 systems to which you want to migrate the 2 0 1 configurations Separate...

Page 122: ...r cluster and specify the Policy Master virtual IP addresses Verifying that the VCS One 5 0 Policy Master service group is online To verify that the VCS One 5 0 Policy Master service group is online E...

Page 123: ...virtual IP addresses for the Policy Master For example enter the following 192 168 1 102 9 Enter the netmask for the Policy Master virtual IP address For example enter the following 255 255 252 0 10 V...

Page 124: ...e a backup directory on each client system Enter the following mkdir backup 2 Copy the vcsone conf file into the backup directory for each system Enter the following cp etc VRTSvcsone vcsone conf back...

Page 125: ...a Product 4 From the list of products select Veritas Cluster Server One by Symantec Client Daemon VCS One Client 5 Follow the instructions for installing the client software See Chapter 4 Installing...

Page 126: ...126 Upgrading from VCS One 2 0 1 to 5 0 Upgrading the client...

Page 127: ...Chapter 11 Uninstalling VCS One software This chapter includes the following topics Uninstalling the VCS One software Uninstalling the Simulator...

Page 128: ...are The uninstallation script uninstalls the Policy Master which configures and manages the VCS One environment The uninstallation script can also optionally uninstall Veritas Storage Foundation Verit...

Page 129: ...irm that you are sure about uninstalling the VCS One Policy Master Enter the following y Entering n aborts the uninstallation The program stops the Policy Master If you are installing on Solaris you m...

Page 130: ...cts installed replace the removed soft links See Setting up the Policy Master cluster hardware on page 20 Launching the installer Launching the installer 1 On the system where the VCS One client is in...

Page 131: ...Enter one of the following y or n Removing residual directories Symantec recommends that you remove the following residual VCS One program directories opt VRTSvcsone etc VRTSvcsone and var VRTSvcsone...

Page 132: ...fault Simulator instance do one of the following At the Windows command prompt run the following batch file script installation_location VCSOne stopsim bat At the Windows command prompt enter the foll...

Page 133: ...Appendix A Reinstalling the Policy Master This appendix includes the following topic Reattaching existing clients to the Policy Master...

Page 134: ...r on page 36 5 Freeze the Policy Master service group PMSG opt VRTSvcsone bin haadmin freeze 6 Kill the process vcsoneatd opt VRTSvcsone bin pkill 9 vcsoneatd bin 7 Restore the VxSS configuration on a...

Page 135: ...Appendix B Sample Policy Master upgrade scenarios This chapter includes the following topics Upgrade scenario overview Upgrade scenario details...

Page 136: ...enario for a test environment only After you upgrade to VCS One 5 0 using this scenario you cannot roll your configuration back to VCS One 2 0 1 This scenario has no verification phase and does not re...

Page 137: ...enario has no verification phase and requires you to import two new systems This upgrade scenario has the shortest down time and the fewest steps Installing the VCS One 5 0 Policy Master on two new sy...

Page 138: ...s over the systems Enter the following installvcsonepm installonly For more information about installing Policy Master systems see Chapter 2 Installing and configuring the VCS One Policy Master on pag...

Page 139: ...Use this upgrade scenario for a test environment only After you upgrade to VCS One 5 0 using this scenario you cannot roll your configuration back to VCS One 2 0 1 This scenario has no verification p...

Page 140: ...g systems see Veritas Cluster Server One Release Notes 3 Upgrade Node2 to VCS One 5 0 Enter the following installvcsonepm installonly See Installing the VCS One 5 0 Policy Master on two new systems on...

Page 141: ...e this upgrade scenario for a test environment or production environment If the VCS One 5 0 Policy Master upgrade fails you can roll your configuration back to VCS One 2 0 1 This scenario requires a v...

Page 142: ...re the systems Use the installonly option to install the VCS One packages over the systems Enter the following installvcsonepm installonly For more information about installing Policy Master systems s...

Page 143: ...age 118 Verifying VCS One operations on the new systems Verify the VCS One operations on Node3 and Node4 for as long as you choose The verification period can last from several minutes to days To veri...

Page 144: ...assumes that you have a 2 0 1 Policy Master cluster with two systems This scenario requires a verification phase During the verification phase both the VCS One 2 0 1 and the 5 0 Policy Master clusters...

Page 145: ...f Node2 is running a supported operating system skip to step 4 If Node2 is not running a supported operating system install or upgrade to a supported operating system Then go to step 4 For information...

Page 146: ...new system see Migrating your 2 0 1 configurations to VCS One 5 0 on page 120 Upgrading a 2 0 1 system and adding it to the VCS One 5 0 Policy Master cluster Follow the instructions in this section t...

Page 147: ...ut installing Policy Master systems see Chapter 2 Installing and configuring the VCS One Policy Master on page 35 3 Add Node1 to the 5 0 Policy Master cluster Enter the following installvcsonepm addno...

Page 148: ...148 Sample Policy Master upgrade scenarios Upgrade scenario details...

Page 149: ...Appendix C Troubleshooting This appendix includes the following topics Re authenticating the client Installing Storage Foundation after installing the client on Linux Troubleshooting I O fencing...

Page 150: ...product installer does not display an error message during installation but the installer log contains the following message haat execpkg ERROR V 18 7135 Failed to execute package The installer log fi...

Page 151: ...alling Storage Foundation after installing the client on Linux If after installing the VCS One client on Linux you later install Storage Foundation 5 0 using the Storage Foundation installer the follo...

Page 152: ...disk array does not support returning success for a SCSI TEST UNIT READY command when another host has the disk reserved using SCSI 3 persistent reservations vxfentsthdw fails when prior registration...

Page 153: ...it discovers system 2 is registered with them Given this conflicting information about system 2 system 1 does not join the VCS One cluster and returns an error from vxfenconfig The message is similar...

Page 154: ...s down and there is no heartbeat between them In the following example system 2 is down and system 1 is ejected and there is no heartbeat between the two systems To resolve an apparent potential split...

Page 155: ...e Policy Master cluster that access shared storage This prevents data corruption 2 Start the script cd opt VRTSvcs vxfen bin vxfenclearpre 3 Read the script s introduction and warning and then run it...

Page 156: ...disk group 1 Log in as root user on one of the systems in the Policy Master cluster 2 If VCS is running shut it down hastop all 3 Stop I O fencing on all systems Do one of the following On Solaris et...

Page 157: ...if it complies with SCSI 3 persistent reservations See Setting up and testing coordinator disks on page 83 8 Deport the disk group Enter the following vxdg deport cat etc vxfendg 9 On each system in...

Page 158: ...ack Both private networks function again after event above Continues to work Crashes It cannot start the database because it cannot write to the data disks Restore the private networks and reboot Node...

Page 159: ...S One cluster This causes the I O fencing device driver to prevent Node B from joining the VCS One cluster Node B console displays the following Potentially a preexisting split brain Dropping out of t...

Page 160: ...cluster Races for a majority of coordinator disks It fails because only one of three coordinator disks is available Removes itself from the VCS One cluster Operates as long as all systems stay in the...

Page 161: ...Sample installation output This appendix includes the following topics Installing the VCS One Policy Master with Storage Foundation Installing the VCS One Policy Master with NetApp Installing the VCS...

Page 162: ...ter the following installer rsh Reading the copyright information Installation Program Copyright c 2009 Symantec Corporation All rights reserved Symantec the Symantec Logo are trademarks or registered...

Page 163: ...file present on media y n q n y Reviewing the installation and configuration requirements Veritas Cluster Server One 5 0 0 by Symantec VCS One Policy Master installation and configuration documentati...

Page 164: ...l disaster recovery configuration One or more virtual IP addresses Netmasks for each of the virtual IP addresses Public NICs to be used on each system for the virtual IP addresses Press Enter to conti...

Page 165: ...cense 2 NFR License 3 Permanent License Select a License flavor to install 1 3 q 1 License key successfully registered on redhat95243 License key successfully registered on pilotvmred9 Reviewing the p...

Page 166: ...xfen Veritas I O Fencing VRTSvcsonedb Veritas Cluster Server One by Symantec Configuration Database VRTSvcsonemg Veritas Cluster Server One by Symantec Message Catalogs VRTSvcs Veritas Cluster Server...

Page 167: ...are configured to run the Policy Master from the Policy Master cluster The VCS One Policy Master cluster provides high availability to the Policy Master To configure the Policy Master cluster the fol...

Page 168: ...vcsonepm_cluster Cluster ID 12312 Broker Port 14159 Private Heartbeat NICs for redhat95243 link1 eth1 link2 eth2 Private Heartbeat NICs for pilotvmred9 link1 eth1 link2 eth2 Configuring the Policy Mas...

Page 169: ...IP 10 198 94 158 b q 255 255 248 0 Confirming the Policy Master virtual IP address configuration Veritas Cluster Server One 5 0 0 by Symantec Policy Master configuration verification Virtual IP 1 Vir...

Page 170: ...ber 1 3 q 1 Deciding whether to configure disaster recovery Veritas Cluster Server One 5 0 0 by Symantec A VCS One global cluster links the individual VCS One clusters at separate sites and enables wi...

Page 171: ...des for IP 10 200 58 209 y n q y Enter the netmask for IP 10 200 58 209 b q 255 255 248 0 Enter a nic for IP 10 200 58 210 on redhat95243 b q eth0 Would you like to use the same NIC eth0 on all PM nod...

Page 172: ...s on pilotvmred9 Done Starting the vxrelocd process on pilotvmred9 Done Starting the vxconfigbackupd process on pilotvmred9 Done Configuring Storage Foundation Veritas Cluster Server One 5 0 0 by Syma...

Page 173: ...dhat95243 Done No volumes in pmdg on redhat95243 Enter a volume for the Configuration Database b q pmvol Checking volume pmvol in pmdg on redhat95243 Does not exist Enter a size for the volume pmvol i...

Page 174: ...on pilotvmred9 Done Configure vcsone conf on redhat95243 Done Configure vcsone conf on pilotvmred9 Done Configure ATD on redhat95243 Done Configure ATD on pilotvmred9 Done Configure vcs run mode file...

Page 175: ...allation Program Copyright c 2009 Symantec Corporation All rights reserved Symantec the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U S and o...

Page 176: ...figuration requirements Veritas Cluster Server One 5 0 0 by Symantec VCS One Policy Master installation and configuration documentation You can install the VCS One Policy Master on one or more nodes E...

Page 177: ...nt IP address or hostname of the NetApp filer Type of access to the NetApp filer rsh requires passwordless communication between the Policy Master node and NetApp filer ssh requires passwordless commu...

Page 178: ...stallation on thoropt159 Not installed Deciding about Storage Foundation installation Veritas Cluster Server One 5 0 0 by Symantec Storage Foundation installation While installing the VCS One PM you c...

Page 179: ...Agents VRTSvcsmg Veritas Cluster Server Message Catalogs VRTSvcsonemn Veritas Cluster Server One by Symantec Man Pages VRTSpmmag Veritas Cluster Server PMM Agents VRTSvcsonec Veritas Cluster Server O...

Page 180: ...the Policy Master from the Policy Master cluster The VCS One Policy Master cluster provides high availability to the Policy Master To configure the Policy Master cluster the following information is...

Page 181: ...r Name vcsonepm_cluster Cluster ID 65530 Broker Port 14159 Private Heartbeat NICs for thoropt158 link1 eth0 link2 eth1 Private Heartbeat NICs for thoropt159 link1 eth0 link2 eth1 Is this information c...

Page 182: ...on Virtual IP 1 Virtual IP 10 182 14 6 Netmask 255 255 240 0 NIC s under thoropt158 1 NIC eth2 IP 10 182 7 218 NIC s under thoropt159 1 NIC eth2 IP 10 182 7 219 Is this information correct y n q y Cho...

Page 183: ...ng filer Password for accessing filer in case of API access mode IP address hostname for the NIC connected to the filer for each Policy Master system File System Path on NetApp filer used to store the...

Page 184: ...not clean up these directories VCS One may be improperly configured and fail to start up The installer will quit if the shared storage directories are not clean Do you wish to perform cleanup y n q y...

Page 185: ...59 Done Configure sysname on thoropt158 Done Configure sysname on thoropt159 Done Configure main xml on thoropt158 Done Configure main xml on thoropt159 Done Change some type attributes on thoropt158...

Page 186: ...is required to encrypt passwords in the responsefile Enter five or more characters to be used as an encryption key 123456 This key must be retained in a secure file and referenced using the enckeyfile...

Page 187: ...mantec the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U S and other countries Other names may be trademarks of their respective owners The L...

Page 188: ...One client installation and configuration documentation Be sure to establish passwordless communication between the system that runs the installation script and the target installation systems You can...

Page 189: ...t95241 Checking installed rpms on redhat95244 Reviewing the package list Veritas Cluster Server One 5 0 0 by Symantec The following VCS One Client rpms will be installed VRTSperl Veritas Perl 5 10 Red...

Page 190: ...rmation that you entered Enter n to repeat a question set and modify your entries Changes are implemented after you provide and confirm all the configuration information and the VCS One Client install...

Page 191: ...r configure and use the rsh option Checking ssh communication with 10 198 92 127 Linux 2 6 18 53 el5 Checking network speed with 10 198 92 127 OK Checking vcsoneatd process Running Checking vcsoneatd...

Page 192: ...95241 to the Policy Master configuration Done Configuring ATD on redhat95244 Creating an ATD principal for redhat95244 Done Retrieve broker port from 10 198 92 127 Done Authenticating redhat95244 Chec...

Page 193: ...193 Sample installation output Installing the VCS One client Installation Success Configuration Success Startup Success VCS One Client installation operation successful...

Page 194: ...194 Sample installation output Installing the VCS One client...

Page 195: ...UPI VCSONECD A two dimension scalar is a variable with a single value and the variable to the left of the equal sign has two dimensions CPI CFG OPT CONFIGURE 1 Table E 1 describes response file varia...

Page 196: ...INSTALLONLY 2 dimen scalar Optional Installs RPMs but does not configure or start the product CPI CFG OPT KEYFILE 2 dimen scalar Optional Defines the location of an ssh keyfile used to communicate wit...

Page 197: ...recognized for configuration when a secure environment prevents all systems from being installed at once CPI CFG UPI 1 dimen scalar Required An abbreviation defining the product to be installed uninst...

Page 198: ...OLARISMPATH 1 dimen scalar Optional Defines whether to use the multipathing functionality of the Solaris operating system daemon CPI CFG VCSONEPM_CLEANUP STORAGE 1 dimen scalar Required Defines whethe...

Page 199: ...st Required Defines the NICs for each of the corresponding virtual IPs If you use the same NIC on all systems enter ALL CPI CFG VCSONEPM_PMDB_SF CONFIG 1 dimen scalar Optional Designates that the inst...

Page 200: ...ONEPM_PM_NIC 1 dimen scalar Required Defines the NICs for each corresponding virtual IP address CPI CFG VCSONEPM_PM_VIP 1 dimen list Required Lists the virtual IP addresses on which the Policy Master...

Page 201: ...variable definitions for create_deployment_credential Variable Dimen Type Definition CPI CFG VCSONECD_DC_CLUST ERIP 1 dimen scalar Required Lists virtual IP addresses on which the Policy Master is li...

Page 202: ...for which credentials are to be created CPI CFG VCSONECD_CC_PLATF ORM 1 dimen scalar Required Lists the platforms for which credentials are to be created CPI CFG VCSONECD_CC_CLUST ERIP 1 dimen scalar...

Page 203: ...the Policy Master is installed with Storage Foundation Table F 1 Mandatory Policy Master packages with Storage Foundation Package Description VRTSperl Veritas Perl 5 10 redistribution VRTSvlic Verita...

Page 204: ...e System common package VRTSvxfsplatform Veritas File System platform specific package VRTSfsman Veritas File System manual pages VRTSfssdk Veritas File System software developer kit VRTSfsmnd Veritas...

Page 205: ...ble F 1 Mandatory Policy Master packages with Storage Foundation continued Package Description Table F 2 Mandatory Policy Master packages without Storage Foundation Package Description VRTSperl Verita...

Page 206: ...Sspt Veritas software support tools Table F 2 Mandatory Policy Master packages without Storage Foundation continued Package Description Table F 3 Mandatory client packages Package Description VRTSperl...

Page 207: ...H 26 29 31 32 UNIX Policy Master 44 46 48 49 51 52 54 VCS for I O fencing 104 VCS One client 68 71 72 73 coordinator disks creating disk group 104 setting up 103 testing 103 createcredential option fo...

Page 208: ...ng 134 Policy Master cluster adding a system to 109 displaying status with haadmin 55 modifying default platform type with haclus modify 57 modifying name of with haclus modify 57 verifying installati...

Page 209: ...wd authentication setting up 89 UseFence attribute setting 104 user names about 85 V VCS One license 19 VCS One client daemon packages 206 VCS One client daemon software installing 67 70 VCS One Simul...

Page 210: ...210 Index...

Reviews:

No comments

Related manuals for Veritas Cluster Server One

Brand: IBM Pages: 128

Brand: Galleon Pages: 47

Brand: CNET Pages: 2

Brand: Discover Video Pages: 148

Brand: IBM Pages: 1730

Brand: LOOQS Pages: 69

HL-3400CN Series

Brand: Brother Pages: 280

Brand: Brother Pages: 308

2200W - NC Print Server

Brand: Brother Pages: 75

Brand: Brother Pages: 148

HL-3400CN Series

Brand: Brother Pages: 8

DSTni-XPress DR

Brand: Lantronix Pages: 2

Brand: AMX Pages: 44

MAX Communication Server ACM 6.0

Brand: Altigen Pages: 448

Brand: MPC Pages: 120

Brand: Cascadia Pages: 54

Brand: Digitus Pages: 13

Brand: Digitus Pages: 24

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands