Symantec XGS-4728F, Veritas Cluster Server One, VCS One Installation Manual

Download

Page 1

Veritas™ Cluster Server One Installation Guide

AIX, HP-UX, Linux, Solaris

5.0

Page 2

Veritas Cluster Server One Installation Guide

The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Product version: 5.0 Document version: 5.0.0

Legal Notice

trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is required to provide attribution to the third party (“Third Party Programs”). Some of the Third Party Programs are available under open source or free software licenses. The License Agreement accompanying the Software does not alter any rights or obligations you may have under those open source or free software licenses. Please see the Third Party Legal Notice file accompanying this Symantec product for more information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 "Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in Commercial Computer Software or Commercial Computer Software Documentation", as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.

Page 3

Symantec Corporation 350 Ellis Street Mountain View, CA 94043

http://www.symantec.com

Page 4

Technical Support

Symantec Technical Support maintains support centers globally. Technical Support’s primary role is to respond to specific queries about product features and functionality. The Technical Support group also creates content for our online Knowledge Base. The Technical Support group works collaboratively with the other functional areas within Symantec to answer your questions in a timely fashion. For example, the Technical Support group works with Product Engineering and Symantec Security Response to provide alerting services and virus definition updates.

Symantec’s maintenance offerings include the following:

■ A range of support options that give you the flexibility to select the right

amount of service for any size organization

■ Telephone and Web-based support that provides rapid response and

up-to-the-minute information

■ Upgrade assurance that delivers automatic software upgrade protection

■ Global support that is available 24 hours a day, 7 days a week

■ Advanced features, including Account Management Services

For information about Symantec’s Maintenance Programs, you can visit our Web site at the following URL:

www.symantec.com/techsupp

Contacting Technical Support

Customers with a current maintenance agreement may access Technical Support information at the following URL:

http://www.symantec.com/business/support/assistance_care.jsp

Before contacting Technical Support, make sure you have satisfied the system requirements that are listed in your product documentation. Also, you should be at the computer on which the problem occurred, in case it is necessary to replicate the problem.

When you contact Technical Support, please have the following information available:

■ Product release level

■ Hardware information

■ Available memory, disk space, and NIC information

■ Operating system

■ Version and patch level

■ Network topology

■ Router, gateway, and IP address information

■ Problem description:

Page 5

■ Error messages and log files

■ Troubleshooting that was performed before contacting Symantec

■ Recent software configuration changes and network changes

Licensing and registration

If your Symantec product requires registration or a license key, access our technical support Web page at the following URL:

www.symantec.com/techsupp

Customer service

Customer service information is available at the following URL:

www.symantec.com/techsupp

Customer Service is available to assist with the following types of issues:

■ Questions regarding product licensing or serialization

■ Product registration updates, such as address or name changes

■ General product information (features, language availability, local dealers)

■ Latest information about product updates and upgrades

■ Information about upgrade assurance and maintenance contracts

■ Information about the Symantec Buying Programs

■ Advice about Symantec's technical support options

■ Nontechnical presales questions

■ Issues that are related to CD-ROMs or manuals

Documentation feedback

Your feedback on product documentation is important to us. Send suggestions for improvements and reports on errors or omissions to

clustering_docs@symantec.com.

Include the title and document version (located on the second page), and chapter and section titles of the text on which you are reporting.

Page 6

Maintenance agreement resources

If you want to contact Symantec regarding an existing maintenance agreement, please contact the maintenance agreement administration team for your region as follows:

Asia-Pacific and Japan customercare_apac@symantec.c

Europe, Middle-East, and Africa semea@symantec.com

North America and Latin America supportsolutions@symantec.com

Additional enterprise services

Symantec offers a comprehensive set of services that allow you to maximize your investment in Symantec products and to develop your knowledge, expertise, and global insight, which enable you to manage your business risks proactively.

Enterprise services that are available include the following:

Symantec Early Warning Solutions These solutions provide early warning of cyber attacks,

comprehensive threat analysis, and countermeasures to prevent attacks before they occur.

Managed Security Services These services remove the burden of managing and monitoring

security devices and events, ensuring rapid response to real threats.

Consulting Services Symantec Consulting Services provide on-site technical

expertise from Symantec and its trusted partners. Symantec Consulting Services offer a variety of prepackaged and customizable options that include assessment, design, implementation, monitoring, and management capabilities. Each is focused on establishing and maintaining the integrity and availability of your IT resources.

Educational Services Educational Services provide a full array of technical training,

security education, security certification, and awareness communication programs.

To access more information about Enterprise services, please visit our Web site at the following URL:

www.symantec.com

Select your country or language from the site index.

Page 7

Contents

Chapter 1 Getting ready to install VCS One

About installing VCS One ..................................................................................18

Installing the VCS One agents ...........................................................................18

Getting your VCS One licenses ..........................................................................19

Setting up the Policy Master cluster hardware ...............................................20

Opening the required ports ................................................................................21

Running installation prechecks .........................................................................22

Logging on and mounting the product disc .............................................22

Mounting the product disc manually on Solaris .............................23

Mounting the product disc manually on Linux ...............................23

Mounting the product disc on AIX ....................................................23

Mounting the product disc on HP-UX ...............................................23

Running the prechecks ...............................................................................24

Running the prechecks from the installer menu ............................24

Running the prechecks from the command line .............................24

About the Symantec Product Authentication Service ...................................25

Removing earlier versions of the Symantec Product

Authentication Service .......................................................................25

Configuring ssh, rsh, or remsh before installing ............................................26

Configuring ssh ............................................................................................26

Restoring the password requirement between systems ........................ 28

Restoring the password requirement between AIX, HP-UX,

and Solaris systems .....................................................................29

Restoring the password requirement between Linux systems ..... 29

Configuring rsh or remsh ...........................................................................29

Configuring rsh on Solaris ..................................................................29

Modifying the .rhosts file on Solaris .................................................30

Configuring rsh on Linux ....................................................................31

Modifying the .rhosts file on Linux ...................................................31

Configuring remsh on HP-UX ............................................................32

Modifying the .rhosts file on HP-UX .................................................32

Configuring rsh on AIX .......................................................................32

Chapter 2 Installing and configuring the VCS One Policy Master

Before you install the Policy Master .................................................................36

Page 8

8 Contents

Installing patches ........................................................................................36

Preparing your network on Solaris ...........................................................36

Configuring your IP addresses and NICs for Solaris ...................... 36

Preserving the configuration across reboots ..................................37

Preparing your network on Linux ............................................................. 37

Preparing Policy Master cluster information .........................................37

Preparing your storage architecture ........................................................ 38

Preparing to install Veritas Storage Foundation ............................ 38

Preparing to configure NetApp filer ................................................. 39

Preparing to configure other shared storage architectures ......... 39

Preparing to configure disaster recovery ................................................ 39

Installing the Policy Master ............................................................................... 40

Launching the installer ...............................................................................40

Specifying the target system ..................................................................... 41

Specifying whether to install Storage Foundation ................................. 42

Selecting a license type ............................................................................... 42

Reviewing the package list ......................................................................... 43

Specifying when to configure the Policy Master ....................................43

Configuring the Policy Master ........................................................................... 44

Starting the Policy Master configuration ................................................44

Configuring the Policy Master cluster ...................................................... 44

Naming the Policy Master cluster ..................................................... 45

Creating an ID for the Policy Master cluster ................................... 45

Configuring the heartbeat settings ...................................................45

Specifying the authentication services port number ..................... 46

Confirming the Policy Master cluster configuration ..................... 46

Configuring virtual IP addresses for the Policy Master ........................ 46

Entering the NICs for the Policy Master virtual IP address .......... 47

Specifying whether to use the mpathd (Solaris only) ....................47

Entering the Policy Master virtual IP addresses and netmasks ... 47

Choosing a storage architecture to configure ......................................... 48

Configuring disaster recovery ...................................................................48

Deciding when to configure disaster recovery ................................ 48

Configuring disaster recovery as part of the installation and

configuration process ..................................................................49

Configuring disaster recovery after you install VCS One ............. 50

Configuring your storage architecture .....................................................51

Configuring Storage Foundation .......................................................51

Configuring NetApp Filer ...................................................................52

Configuring other shared storage architectures ............................54

Starting the Policy Master ..........................................................................54

After you install the Policy Master ................................................................... 55

Verifying the Policy Master installation .................................................. 55

Page 9

Setting the default platform in the VCS One cluster ..............................57

About configuring VCS One .......................................................................57

Chapter 3 Accessing the web console

Before you access the VCS One web console ...................................................60

Setting who can access the VCS One web console ..................................60

Accessing the VCS One web console .................................................................61

Recreating the SSL certificate ...........................................................................62

Chapter 4 Installing and configuring the VCS One client

Preparing to install the VCS One client ...........................................................64

General preparations (all platforms) ........................................................64

Platform-specific preparations ..................................................................64

Linux-specific preparations ...............................................................64

Solaris-specific preparations .............................................................65

Right before the installation ......................................................................66

Deciding about a credential installation ..........................................................66

Installing the client using a deployment credential ...............................67

Creating the deployment credential package ..................................67

Adding the client to the VCS One cluster .........................................68

Installing the client using a permanent credential ................................68

Installing the VCS One client ............................................................................69

Launching the installer ...............................................................................70

Specifying the target systems ....................................................................70

Reviewing the package list .........................................................................70

Specifying when to configure the client ...................................................71

Configuring the VCS One client .........................................................................71

Starting the client configuration ...............................................................71

Entering the virtual IP addresses for the client ......................................72

Deciding whether to configure the SSL library path ..............................72

Synchronizing the clock times on your systems .....................................73

Completing and verifying the installation ...............................................73

After you install the VCS One client .................................................................74

9Contents

Chapter 5 Performing unattended client installations

About response files ............................................................................................76

Installation using a response file ......................................................................77

Response file example .................................................................................76

Using a response file from a previous installation .................................76

Page 10

10 Contents

Chapter 6 Installing the Simulator

About the Simulator ............................................................................................80

Before you install the Simulator .......................................................................80

Installing the Simulator ..................................................................................... 80

Chapter 7 Setting up authentication plug-ins for VCS One

About authentication plug-ins ..........................................................................84

Supported authentication service types ..........................................................84

Displaying information about user names and domain names .................... 85

Case sensitivity ............................................................................................ 86

Length limits ................................................................................................ 86

Setting up vx authentication ............................................................................. 86

Setting up unixpwd authentication ..................................................................89

Setting up NIS or NIS+ authentication ............................................................89

Setting up LDAP authentication ....................................................................... 90

Setting up Windows Active Directory authentication ................................... 94

Setting up PAM authentication ......................................................................... 94

Extending the credential expiry period ........................................................... 95

Setting the default domain and domain type .................................................. 96

Chapter 8 Adding shared storage and testing disks for SCSI-3

compliance

About adding shared storage ............................................................................. 98

Requirements for adding shared storage ........................................................ 98

Adding storage devices ....................................................................................... 98

Testing disks for SCSI-3 compliance ................................................................99

Setting up and testing data disks ....................................................................100

Using additional vxfentsthdw options ...........................................................101

Testing system and device combinations ..............................................101

Testing all the disks in a disk group .......................................................102

Setting up Policy Master I/0 fencing .............................................................103

Setting up and testing the coordinator disks ........................................103

Setting up a disk group for coordinator disks ...............................103

Testing the coordinator disk group ................................................103

Creating I/O fencing configuration files and starting I/O fencing ....104

Setting the UseFence attribute to specify SCSI3 as its value ......104

About VCS One client I/O fencing ...................................................................105

Chapter 9 Adding a new or replacement system to the Policy

Master cluster

Prerequisites for the new or replacement system ........................................ 108

Page 11

About adding or replacing a system ...............................................................108

Adding a system to the Policy Master cluster ...............................................109

Setting up the hardware ...........................................................................109

Adding a system to the VCS One Policy Master cluster .......................110

Verifying that the VCS One Policy Master service group

is online .......................................................................................110

Starting the process of adding a system ........................................110

Specifying the target systems ..........................................................110

Configuring the Policy Master cluster ............................................111

Entering the NIC for the Policy Master virtual IP address ..........111

Entering the NICs for disaster recovery .........................................111

Verify the VCS One operations on the new system ......................111

Replacing a system in the VCS One Policy Master cluster ..................112

Chapter 10 Upgrading from VCS One 2.0.1 to 5.0

Overview ..............................................................................................................114

What the upgrade supports ......................................................................114

Operating system prerequisite ................................................................114

Not supported .............................................................................................114

Configuration changes ..............................................................................115

VAL-related objects ...........................................................................115

Deprecated attributes ........................................................................115

ManualMode restart for the VCS One cluster ...............................115

User-modified attribute properties .................................................115

Upgrading the Policy Master ...........................................................................116

Adding a system to a VCS One 5.0 Policy Master cluster ....................116

Exporting your VCS One 2.0.1 configurations ......................................116

Verifying VCS One operations on the new system .......................116

Exporting your configurations ........................................................116

Verifying that the exported configurations are saved to

the specified location .................................................................117

Deleting a system from your VCS One 2.0.1 Policy Master cluster ....117

Importing your 2.0.1 configurations to VCS One 5.0 ...........................118

Verifying that the 5.0 Policy Master packages are installed

on each system ...........................................................................118

Starting the import process .............................................................118

Specifying the target systems ..........................................................119

Deciding about Storage Foundation ................................................119

Specifying the location of the exported configurations ..............119

Completing the import process ........................................................120

Verifying that the configurations are imported to the

specified location .......................................................................120

Migrating your 2.0.1 configurations to VCS One 5.0 ............................120

11Contents

Page 12

12 Contents

Starting the migration ......................................................................121

Specifying the target systems ..........................................................121

Completing the migration process ..................................................121

(Optional) Creating an ID for the VCS One 5.0 Policy Master

cluster and specifying the virtual IP addresses ............................122

Verifying that the VCS One 5.0 Policy Master service group

is online .......................................................................................122

Creating an ID for the 5.0 Policy Master cluster and

specifying the virtual IP address .............................................122

Verify that the ID and virtual IP addresses were updated

successfully .................................................................................123

Upgrading the client .........................................................................................124

Backing up your 2.0.1 configurations .....................................................124

Uninstalling the 2.0.1 client on one system ..........................................124

Installing and configuring the 5.0 client ...............................................125

Upgrading the 2.0.1 client to 5.0 on additional systems .....................125

Chapter 11 Uninstalling VCS One software

Uninstalling the VCS One software ................................................................128

Uninstalling high availability agent software ......................................128

Uninstalling Policy Master server software ..........................................128

Uninstalling the VCS One client software .............................................130

Launching the installer .....................................................................130

Specifying the system to uninstall ..................................................130

Deciding about evacuating service groups ....................................131

Removing residual directories .........................................................131

Removing directories from a local zone on Solaris ...................... 131

Uninstalling the Simulator ..............................................................................132

Appendix A Reinstalling the Policy Master

Reattaching existing clients to the Policy Master ........................................ 134

Appendix B Sample Policy Master upgrade scenarios

Upgrade scenario overview ..............................................................................136

Upgrade scenario details ..................................................................................137

Performing a simplified upgrade and importing two new systems ...137

Installing the VCS One 5.0 Policy Master on two new systems ..137

Migrating configuration and database data to a new system ..... 138

Performing a simplified upgrade without importing systems ...........139

Deleting a VCS One 2.0.1 system and upgrading it to 5.0 ...........140

Migrating configuration and database data to a new system ..... 140

Page 13

Upgrading a 2.0.1 system and adding it to the 5.0 Policy

Master cluster .............................................................................140

Performing a verified upgrade and importing two new systems .......141

Installing the VCS One 5.0 Policy Master on two new systems ..141 Importing configuration and database data to the new systems 143

Verifying VCS One operations on the new systems .....................143

Migrating configuration and database data to the new systems 143

Performing a verified upgrade without importing systems ................144

Deleting a VCS One 2.0.1 system and upgrading it to 5.0 ............145

Importing configuration and database data to a new system .....145

Verifying VCS One operations on the new system .......................146

Migrating configuration and database data to a new system .....146

Upgrading a 2.0.1 system and adding it to the VCS One 5.0

Policy Master cluster .................................................................146

Appendix C Troubleshooting

Re-authenticating the client ............................................................................150

How to recognize if authentication has failed .......................................150

Reasons authentication might fail ..........................................................150

Re-authenticating the client ....................................................................150

Installing Storage Foundation after installing the client on Linux ...........151

Troubleshooting I/O fencing ...........................................................................152

vxfentsthdw fails when the SCSI TEST UNIT READY

command fails ....................................................................................152

vxfentsthdw fails when prior registration key exists on disk .............152

System panics to prevent potential data corruption ............................153

How vxfen driver checks for a pre-existing split

brain condition ...........................................................................153

Resolving an actual potential split brain condition .....................154

Resolving an apparent potential split brain condition ................154

Using the vxfenclearpre command to clear keys after split brain .....155

Adding or removing coordinator disks ...................................................156

How I/O fencing works in different situations ......................................158

13Contents

Appendix D Sample installation output

Installing the VCS One Policy Master with Storage Foundation ................162

Starting the installer .................................................................................162

Reading the copyright information ........................................................162

Selecting a task ...........................................................................................162

Selecting a Policy Master installation ....................................................163

Accepting the End User License Agreement .........................................163

Reviewing the installation and configuration requirements ..............163

Page 14

14 Contents

Entering the target systems .....................................................................164

Deciding about Storage Foundation installation ..................................164

Selecting a license type .............................................................................165

Reviewing the package list .......................................................................165

Choosing when to configure the Policy Master ....................................166

Configuring the VCS One Policy Master cluster ...................................167

Confirming the VCS One Policy Master cluster configuration ...........168

Configuring the Policy Master virtual IP addresses ............................. 168

Confirming the Policy Master virtual IP address configuration ........ 169

Choosing a storage architecture ..............................................................169

Deciding whether to configure disaster recovery ................................170

Configuring disaster recovery .................................................................170

Confirming the disaster recovery configuration .................................. 171

Installing packages ....................................................................................172

Starting Storage Foundation processes .................................................172

Configuring Storage Foundation .............................................................172

Confirming the Storage Foundation configuration ..............................173

Starting the Policy Master processes .....................................................174

Installing the VCS One Policy Master with NetApp .....................................175

Starting the installer .................................................................................175

Reading the copyright information ........................................................175

Selecting a task ..........................................................................................175

Selecting a Policy Master installation ....................................................176

Accepting the End User License Agreement .........................................176

Reviewing the installation and configuration requirements .............176

Entering the target systems .....................................................................178

Deciding about Storage Foundation installation ..................................178

Checking the licensing ..............................................................................178

Reviewing the package list .......................................................................179

Choosing when to configure the Policy Master ....................................179

Configuring the VCS One Policy Master cluster ...................................180

Confirming the VCS One Policy Master cluster configuration ...........181

Configuring the Policy Master virtual IP addresses ............................. 181

Confirming the Policy Master virtual IP address configuration ........ 182

Choosing a storage architecture ..............................................................182

Configuring NetApp ..................................................................................183

Confirming the NetApp configuration ...................................................184

Deciding whether to configure disaster recovery ................................184

Showing configuration details .................................................................185

Starting the Policy Master processes .....................................................185

Installing the VCS One client ...........................................................................187

Starting the installer .................................................................................187

Reading the copyright information ........................................................187

Page 15

Selecting a task ...........................................................................................187

Selecting a client installation ...................................................................188

Accepting the End User License Agreement .........................................188

Reviewing the installation and configuration requirements ..............188

Entering the target systems .....................................................................189

Reviewing the package list .......................................................................189

Choosing when to configure the client ...................................................190

Configuring the client ...............................................................................190

Starting the client ......................................................................................192

Appendix E Response file variables

Appendix F Required packages

Mandatory package list for a Policy Master installation with

Storage Foundation ...................................................................................203

Mandatory package list for a Policy Master installation without

Storage Foundation ...................................................................................205

Mandatory client packages ..............................................................................206

15Contents

Index 207

Page 16

16 Contents

Page 17

Chapter

Getting ready to install VCS One

This chapter includes the following topics:

■ About installing VCS One

■ Installing the VCS One agents

■ Getting your VCS One licenses

■ Setting up the Policy Master cluster hardware

■ Opening the required ports

■ Running installation prechecks

■ About the Symantec Product Authentication Service

■ Configuring ssh, rsh, or remsh before installing

Page 18

18 Getting ready to install VCS One

About installing VCS One

Installing Veritas Cluster Server (VCS) One involves the following procedures:

■ Setting up the hardware for the Policy Master cluster

■ Setting up the network communications among systems

■ Setting up Symantec Product Authentication Service (AT)

■ Configuring shared storage

■ Creating the disk group and file system for VCS One Policy Master database

■ Installing the VCS One Policy Master and verifying the installation

■ Connecting the VCS One client systems to the Policy Master cluster using

the public network

■ Installing the VCS One client software on the client systems

■ Installing the agents

■ Installing the Simulator (optional)

■ Testing shared storage devices and coordinator disks for compliance with

SCSI-3 persistent reservations

■ Configuring I/O Fencing (optional, but recommended)

Installing the VCS One agents

In addition to the agents that are bundled with the product, VCS One provides agents for the management of key enterprise applications. Typically, agents start, stop, and monitor resources and report state changes. The high availability agents are located on the Veritas High Availability Agent Pack software disc that is included with VCS One. The Agent Pack disc contains the currently shipping agents and is released quarterly to add new agents. See the following documentation available on the Agent Pack disc:

■ For an overview of the supported high availability agents, read the Veritas

High Availability Agent Pack Getting Started Guide.

■ For installation instructions, read the agent installation and configuration

guides.

Page 19

Getting your VCS One licenses

VCS One is a licensed product.

Table 1-1 lists the VCS One license types.

Table 1-1 VCS One license types

VCS One license type Description

Demo A demo license that lets you use the product for

NFR A not-for-resale license, limited to one year.

19Getting ready to install VCS One

Getting your VCS One licenses

30 days for evaluation purposes only.

After 12 months, the product auto-disables high availability (HA) for the Policy Master and significantly reduces functionality.

Symantec partners and customers use this license for stack certification and testing.

After 12 months, the product auto-disables high availability (HA) for the Policy Master and significantly reduces functionality.

Permanent A permanent license.

Regardless of the license type, the VCS One functional modes are described in

Table 1-2.

Table 1-2 VCS One functional modes

VCS One functional modes Features

VCS One HA VCS One with all features enabled

VCS One Start VCS One with all features enabled except:

■ Auto-failover

■ Priority-based application availability

VCS One Start lets you manually start, stop, and move applications.

Note: If you choose VCS One Start, you must set the GrpFaultPolicy and NodeFaultPolicy attributes to NoFailover when you create a service group. For information about how to set these attributes when you create a service group, see the Veritas Cluster Server One User’s Guide.

Page 20

20 Getting ready to install VCS One

Setting up the Policy Master cluster hardware

The Policy Master manages the VCS One cluster. You must set up a Policy Master cluster with two systems to ensure high availability for the Policy Master. Each system in the Policy Master cluster is connected to shared storage and dedicated network links. Follow the instructions in this section to acquire and set up the hardware that is needed to run the Policy Master cluster.

To set up the Policy Master cluster hardware

1 Select two to four Solaris or Linux systems with the following capabilities:

■ At least 2 gigabytes of physical memory

■ At least one network interface for private communication between the

Policy Master cluster systems; two links are desirable.

■ At least one network link between the Policy Master and the VCS One

client systems. Two links are preferable.

2 Choose a storage architecture for the Policy Master configuration data.

See “Configuring your storage architecture” on page 51. If you use Storage Foundation, select a storage device for the Policy Master

configuration database. The device is shared between the two systems and should support SCSI-3 persistent reservations.

For information on how to connect and configure the storage at the appropriate time, see: “Adding storage devices” on page 98.

3 Connect the TCP/IP network to the client systems.

4 Use the ping utility to test the network connections.

Page 21

Opening the required ports

Before you install the VCS One Policy Master or client on Linux, you must open the ports that are specified in Table 1-3.

Table 1-3 VCS One required ports

21Getting ready to install VCS One

Opening the required ports

Host system VCS One compo-

nents

Policy Master system

Client system Client 14154 Inbound for messages

Policy Master 14151 Inbound

Policy Master database

Web server 14171 (secure) Inbound

Web server admin port

Authentication server

Port to open on host system

14157

Not modifiable

14172 Inbound

14159

Note: If you upgrade from VCS One 2.0.1 to VCS One 5.0, the default port number for the authentication broker is 2821.

Outbound/inbound port

Inbound and outbound

from the Policy Master

14151 Outbound for messages to

the Policy Master

Simulator system Simulator 14156 Inbound

Root broker on a private branch exchange (PBX) system

Symantec Product Authentication (AT) Service

1556

Page 22

22 Getting ready to install VCS One

Running installation prechecks

To open the required ports on Linux

1 Log on as a user who has the privileges to change the firewall configuration.

2 Set up the table of IP packet filter rules for each of the ports you want to

open. Enter the following:

iptables -I INPUT -p tcp --dport port -j ACCEPT iptables -I OUTPUT -p tcp --dport port -j ACCEPT

Where port is the port number. Specify INPUT for an inbound port, and

OUTPUT for an outbound port. For example, the commands to open the

required ports for the VCS One client on Linux are:

iptables -I INPUT -p tcp --dport 14154 -j ACCEPT iptables -I OUTPUT -p tcp --dport 14151 -j ACCEPT iptables -I OUTPUT -p tcp --dport 14159 -j ACCEPT

Running installation prechecks

For each software installation, you can check the target systems before installation to verify that:

■ The system has enough disk space for the installation.

■ The product being installed is not already installed.

Logging on and mounting the product disc

Follow the instructions in this section to mount the product disc on Solaris, Linux, AIX, or HP-UX.

To log on and mount the product disc

1 Log on as root on a system where you want to install VCS One.

2 Insert the product disc into a DVD drive connected to your system.

3 Mount the VCS One software disc. For details, see the appropriate section for

your platform:

■ For Solaris, see the next section “Mounting the product disc manually

on Solaris.”

■ For Linux, see “Mounting the product disc manually on Linux” on

page 23.

■ For AIX, see “Mounting the product disc on AIX” on page 23.

■ For HP-UX, see “Mounting the product disc on HP-UX” on page 23.

Page 23

Running installation prechecks

Mounting the product disc manually on Solaris

If Solaris volume management software is running on your system, the software disc automatically mounts as /cdrom/cdrom0.

If Solaris volume management software is not available to mount the product disc, you must mount it manually.

To mount the product disc manually on Solaris

1 Log on and mount the product disc.

2 Insert the disc and enter the following:

# mount -F hsfs -o ro /dev/dsk/c0t6d0s2 /cdrom/cdrom0 where c0t6d0s2 is the default address for the disc drive.

Mounting the product disc manually on Linux

The disc is automatically mounted. If the disc does not automatically mount, you must mount it manually.

23Getting ready to install VCS One

To mount the product disc manually on Linux

1 Log on and mount the product disc. See

“Logging on and mounting the product disc” on page 22.

2 Insert the disc and enter the following:

# mount -o ro /dev/cdrom /mnt/cdrom

Mounting the product disc on AIX

Mount the disc by determining the device access name of the DVD drive. The format for the device access name is cdx, where x is the device number.

To mount the product disc on AIX

1 Log on and mount the product disc. See

“Logging on and mounting the product disc” on page 22.

2 Insert the disc and enter the following:

# mkdir -p /cdrom # mount -V cdrfs -o ro /dev/cdx /cdrom

Mounting the product disc on HP-UX

To mount the product disc on HP-UX

1 Log on and mount the product disc. See

“Logging on and mounting the product disc” on page 22.

Page 24

24 Getting ready to install VCS One

Running installation prechecks

2 Determine the block device file for the DVD drive. Enter the following:

3 Make a note of the device file as it applies to your system.

4 Create a directory in which to mount the software disc and mount the disc

5 Verify that the disc is mounted. Enter the following:

Running the prechecks

You can run installation prechecks on the installer utility menu or from the command line. The installation precheck utility performs preinstallation checks on the systems you specify.

If there is an error, the utility provides error details. For example, you might see an error saying that your server is running on a platform that VCS One does not support. If that happens, check the Veritas Cluster Server One Release Notes for information about supported platforms.

# ioscan -fnC disk

using the appropriate drive name. For example, enter the following: # mkdir -p /dvdrom # /usr/sbin/mount -F cdfs /dev/dsk/c3t2d0 /dvdrom

# mount

Running the prechecks from the installer menu

To run the prechecks from the installer menu, navigate to the directory that contains the product installer and follow these steps.

To run the prechecks on the installer menu

1 Go to the directory for your platform. Enter the following:

■ On Solaris (10 SPARC 64-bit), enter the following:

# cd /cdrom/cdrom0/sol_sparc

■ On Linux (RHEL 5 x86_64), enter the following:

# cd /mnt/cdrom/rhel5_x86_64

2 From the software disc, start the installer. Enter the following:

./installer

3 From the installer menu, perform a preinstallation check. Press P.

Running the prechecks from the command line

To run the prechecks from the command line, navigate to the directory that contains the product installer and follow these steps.

Page 25

About the Symantec Product Authentication Service

Note that running installvcsonepm or installvcsonecd -precheck from /opt/VRTS/install does not work. Run it from the software disc as indicated.

To run the prechecks from the command line

1 Go to the cluster_server_one directory. Enter the following:

cd cluster_server_one

2 Enter the Policy Master installation command with the -precheck option,

specifying the systems on which to install. Enter the following:

./installvcsonepm -precheck sysA

3 Enter the client installation command with the -precheck option,

specifying the systems on which to install. Enter the following:

./installvcsonecd -precheck sysB sysC sysD

About the Symantec Product Authentication Service

25Getting ready to install VCS One

Symantec Product Authentication Service provides a hierarchy of brokers that issue credentials. These brokers allow trusted communications between users and processes on the Policy Master systems and client systems. All VCS One environments require the Symantec Product Authentication Service for trusted communications. The Symantec Product Authentication Service is installed when you install VCS One.

VCS One uses an embedded broker model where the root broker and authentication broker are always running on the active Policy Master system. The Symantec Product Authentication Service issues credentials to the Policy Master, the VCS One client processes, and all users in the VCS One cluster.

Symantec Product Authentication Service supports third-party private domain repositories, such as LDAP and Active Directory.

For information on setting up authentication with third-party private domain repositories, see Chapter 7, “Setting up authentication plug-ins for VCS One” on

page 83.

Removing earlier versions of the Symantec Product Authentication Service

If you have an earlier version of the Symantec Product Authentication Service installed, you must remove it before installing VCS One. The Symantec Product Authentication Service is installed when you install VCS One.

On your Policy Master and client systems, remove all VRTSatclient and VRTSatserver packages, including credentials and the /var/VRTSat and

Page 26

26 Getting ready to install VCS One

Configuring ssh, rsh, or remsh before installing

/var/VRTSat_lhc directories, before installing VCS One. Before removing them, ensure that they are not in use by other products.

Configuring ssh, rsh, or remsh before installing

You can install VCS One on remote systems using either secure shell (ssh) or remote shell (rsh). You can use remsh (for client installations on HP-UX only). Symantec recommends using ssh.

Configuring ssh

The ssh program lets you log on to a remote system and execute commands on it. It enables encrypted communications and an authentication process between two untrusted hosts over an insecure network. The ssh program is the preferred method of remote communication because it is more secure than the rsh suite of protocols. Symantec recommends configuring a secure shell environment before installing VCS One and other Veritas products by Symantec. The following is an example ssh setup procedure.

Before you enable ssh, read the ssh documentation and online manual pages. If you have questions or issues about your ssh configuration, contact your operating system support provider. For access to online manuals and other resources, visit the OpenSSH Web site at:

http://openssh.org

To configure ssh

1 Log on as root on the system where you plan to run the installation.

2 Navigate to the root directory. Enter the following:

cd /

3 Generate a DSA key pair. Enter the following:

ssh-keygen -t dsa

4 At the prompt, press Enter to accept the default location of /.ssh/id_dsa.

Typically, this location is the following:

■ For AIX, HP-UX, and Solaris:

/.ssh/id_dsa

■ For Linux:

/root/.ssh/id_dsa

5 At the passphrase prompt, do not enter one. Press Enter.

6 Press Enter again.

Page 27

Configuring ssh, rsh, or remsh before installing

7 Ensure that the /.ssh directory is on all target installation systems. Go to

the root directory and enter the following:

ls /.ssh/

If you do not see /.ssh directory, you must create it on all the target systems and set the write permission to root only. Enter the following:

cd / mkdir /.ssh

8 Change the permissions of the /.ssh directory. Do one of the following:

■ For AIX, HP-UX, and Solaris, enter the following:

chmod 700 /.ssh

■ For Linux, enter the following:

chmod 700 /root/.ssh

9 Append the public key from the source system to the authorized_keys file on

the target system, using secure file transfer. Do the following, in this order:

■ Make sure the secure file transfer program (SFTP) is enabled on the

target installation systems. To enable SFTP, the /etc/ssh/sshd_config file must contain the

following lines:

PermitRootLogin yes Subsystem sftp /usr/lib/ssh/sftp-server

■ If these lines are not there, add them and restart ssh.

■ From the source system, use SFTP to move the public key to a

temporary file on the target system. Enter the following:

sftp target_system

■ At the “Are you sure you want to connect?” prompt, enter yes.

Output similar to the following is displayed:

Warning: Permanently added 'system2,10.182.00.00' (DSA) to the list of known hosts. root@system2 password:

■ Enter the target system’s root password.

■ At the SFTP prompt, enter the following:

sftp> put /.ssh/id_dsa.pub.hostname

where hostname is the name of the system from which you are copying.

■ Quit the SFTP session. Enter the following:

sftp> quit

■ Start the ssh session on the target system. On the source system, enter

the following:

ssh target_system

27Getting ready to install VCS One

Page 28

28 Getting ready to install VCS One

Configuring ssh, rsh, or remsh before installing

■ At the password prompt, enter the target system’s root password.

■ After you log on to the target system, append the id_dsa.pub file to

■ After the id_dsa.pub public key file is copied to the target system and

■ Log out of the ssh session. Enter the following: exit

■ When you install from a source system that is also an installation

the authorized key file. Do one of the following: For AIX, HP-UX, and Solaris, enter the following:

cat /id_dsa.pub.hostname >> /.ssh/authorized_keys

where hostname is the name of the system from which you are copying.

For Linux, enter the following:

cat /id_dsa.pub.hostname >> /root/.ssh/authorized_keys2

where hostname is the name of the system from which you are copying.

added to the authorized_keys files, delete it. On the target system, enter the following:

rm /id_dsa.pub.hostname

target, add the local system id_dsa.pub key to the local authorized_keys file. If the installation source system is not

authenticated, the installation may fail. Add the local system id_dsa.pub key to the local authorized_keys

file. Do one of the following: For AIX, HP-UX, and Solaris, enter the following:

cat /.ssh/id_dsa.pub >> /.ssh/authorized_keys

For Linux, enter the following:

cat /.ssh/id_dsa.pub >> /root/.ssh/authorized_keys2

10 Verify that you can connect to the target system. On the source system,

enter the following:

ssh target_system uname -a

The command should execute from the source system to the target system without the system requesting a passphrase or password.

11 Repeat step 10 on each target system.

Restoring the password requirement between systems

If you configure ssh to enable passwordless communications between systems during an installation, you can restore the password requirement when the installation is finished.

For instructions, see the section appropriate to your operating system:

Page 29

Configuring ssh, rsh, or remsh before installing

■ “Restoring the password requirement between AIX, HP-UX, and Solaris

systems”

■ “Restoring the password requirement between Linux systems”

Restoring the password requirement between AIX, HP-UX, and Solaris systems

To restore the password requirement between AIX, HP-UX, and Solaris systems

◆ Remove the id_dsa.pub.hostname entry you appended to the file

/.ssh/authorized_keys on all systems where you added it.

Restoring the password requirement between Linux systems

To restore the password requirement between Linux systems

◆ Remove the id_dsa.pub.hostname entry you appended to the file

/root/.ssh/authorized_keys2 on all systems where you added it.

29Getting ready to install VCS One

Configuring rsh or remsh

The rsh (remote shell) program lets you log on to and execute commands on a remote system. The remote system on which the rsh executes the command must be running the rsh daemon.

The rsh program is not secure for network use, because it sends unencrypted information over the network. The ssh program is the preferred method of remote communication because it is more secure than the rsh suite of protocols.

See “Configuring ssh” on page 26.

If you run rsh with the basename “remsh,” rsh checks for the file

/usr/bin/remsh. If this file exists, rsh uses remsh is an alias for rsh. If /usr/bin/remsh does not exist, rsh uses remsh as a host name.

Before you enable rsh, read the rsh documentation and online manual pages. If you have questions or issues about your rsh configuration, see the operating system documentation.

Configuring rsh on Solaris

To configure rsh on Solaris

1 Determine the rsh/rlogin status. Do one of the following:

■ On Solaris 10, enter the following:

inetadm | grep -i login

Page 30

30 Getting ready to install VCS One

Configuring ssh, rsh, or remsh before installing

If the service is enabled, the following line is displayed:

enabled online svc:/network/login:rlogin

If the service is disabled, the following line is displayed:

disabled disabled svc:/network/login:rlogin

■ On Solaris 9, enter the following:

cat /etc/inet/inetd.conf | grep rsh

The inetadm command does not work on Solaris 9. If the service is enabled, the following information is displayed:

RSHD - rsh daemon (BSD protocols) shell stream tcp nowait root /usr/sbin/in.rshd in.rshd shell stream tcp6 nowait root /usr/sbin/in.rshd in.rshd

2 Enable and disable rsh/rlogin. Do one of the following:

■ On Solaris 10, do one of the following:

To enable rsh/rlogin, enter the following:

inetadm -e rlogin

To disable rsh/rlogin, enter the following:

inetadm -d rlogin

■ On Solaris 9:

To enable rsh/rlogin, add the following line to /etc/inet/inetd.conf:

shell stream tcp nowait root /usr/sbin/in.rshd in.rshd shell stream tcp6 nowait root /usr/sbin/in.rshd in.rshd

To disable rsh/rlogin, delete the above line.

Restart inetd. Enter the following:

/usr/bin/pkill -HUP inetd

3 Verify that rsh is set up correctly. Enter the following:

exec /usr/bin/rsh system_name "LANG=C echo Symantec 2>&1" 2>&1

Symantec

The command should return “Symantec.” If it does not, there is an issue with rsh-setup.

Modifying the .rhosts file on Solaris

A separate .rhosts file is in the $HOME directory of each user. You must modify the .rhosts file for each user who remotely accesses the system using rsh.

Make sure that each line of the .rhosts file contains a fully-qualified domain name or IP address for each remote system having access to the local system. For example, if the root user must remotely access system1 from system2, you must add an entry for system2.companyname.com in the .rhosts file on system1.

Page 31

Configuring ssh, rsh, or remsh before installing

To modify the .rhosts file on Solaris

1 Enter the following:

echo "system2.companyname.com" >> $HOME/.rhosts

2 To ensure security, delete the .rhosts file from each user’s $HOME directory.

Enter the following:

rm -f $HOME/.rhosts

Configuring rsh on Linux

To configure rsh on Linux

1 Make sure the rsh and rsh-server packages are installed. Enter the following:

rpm -qa | grep rsh

2 If it is not already in the file, enter the following command to append the

line “rsh” to the /etc/securetty file. Enter the following:

echo "rsh" >> /etc/securetty

3 In the /etc/pam.d/rsh file for the pam_rhosts_auth.so entry, change the

“auth” type from “required” to “sufficient.”

auth sufficient pam_rhosts_auth.so

31Getting ready to install VCS One

4 Enable the rsh server. Enter the following:

chkconfig rsh on

5 Verify that rsh is set up correctly. Enter the following:

exec /usr/bin/rsh system_name "LANG=C echo Symantec 2>&1" 2>&1

Symantec

The command should return “Symantec.” If it does not, there is an issue with rsh-setup.

Modifying the .rhosts file on Linux

A separate .rhosts file is in the $HOME directory of each user. You must modify the .rhosts file for each user who remotely accesses the system using rsh.

To modify the .rhosts file on Linux

1 Enter the following:

echo "system2.companyname.com" >> $HOME/.rhosts

Page 32

32 Getting ready to install VCS One

Configuring ssh, rsh, or remsh before installing

2 Remove the “rsh” entry in the /etc/securetty file.

3 Disable the rsh server. Enter the following:

chkconfig rsh off

4 To ensure security, delete the .rhosts file from each user’s $HOME directory.

Enter the following:

rm -f $HOME/.rhosts

Configuring remsh on HP-UX

Remote shell (remsh) functionality is enabled automatically after installing an HP-UX system.

Modifying the .rhosts file on HP-UX

A separate .rhosts file is in the $HOME directory of each user. You must modify the .rhosts file for each user who remotely accesses the system using remsh.

To modify the .rhosts file on HP-UX

1 Enter the following:

echo "system2.companyname.com" >> $HOME/.rhosts

2 To ensure security, delete the .rhosts file from each user’s $HOME

directory. Enter the following:

rm -f $HOME/.rhosts

For more information on configuring remsh, see the operating system documentation and the remsh(1M) manual page.

Configuring rsh on AIX

To configure rsh on AIX

1 Enable rsh. Create a /.rhosts file on each target system. Add a line to the

file specifying the full domain name of the source system. For example, add the following line:

sysname.domainname.com root

2 Change permissions on the /.rhosts file to 600. Enter the following:

chmod 600 /.rhosts

Page 33

Configuring ssh, rsh, or remsh before installing

3 Verify that rsh is set up correctly. Enter the following:

exec /usr/bin/rsh system_name "LANG=C echo Symantec 2>&1" 2>&1

Symantec

The command should return “Symantec.” If it does not, there is an issue with rsh-setup.

4 To ensure security, delete the /.rhosts file from each target system. Enter

the following:

rm -f /.rhosts

33Getting ready to install VCS One

Page 34

34 Getting ready to install VCS One

Configuring ssh, rsh, or remsh before installing

Page 35

Chapter

Installing and configuring the VCS One Policy Master

This chapter includes the following topics:

■ Before you install the Policy Master

■ Installing the Policy Master

■ Configuring the Policy Master

■ After you install the Policy Master

Page 36

36 Installing and configuring the VCS One Policy Master

Before you install the Policy Master

For all platforms, you must perform the necessary preinstallation tasks.

See Chapter 1, “Getting ready to install VCS One”.

Before you install on Linux, you must enable the required ports.

See “Opening the required ports” on page 21.

Installing patches

Before you install the Policy Master, install the required operating system patches. See the Veritas Cluster Server One Release Notes for the required operating systems patches.

Preparing your network on Solaris

Before you configure the Policy Master on Solaris, you must configure your IP addresses and NICs for a Solaris Policy Master installation. You must also preserve the configuration across reboots.

Configuring your IP addresses and NICs for Solaris

To begin configuring your IP addresses and NICs for Solaris, connect to the Policy Master system through the console.

To configure your IP addresses and NICs for Solaris

1 Configure test IP address on the base of each NIC. Do not use the

command. Enter the following:

# ifconfig pm_nic plumb test_ip netmask netmask broadcast

+ deprecated -failover up

where pm_nic is the Policy Master NIC, test_ip is the IP address for that NIC (and the IP address that you use to test your network connection), and netmask is your Policy Master netmask.

2 If you need additional IP addresses on the Policy Master NIC, such as host IP

addresses, you can plumb the other IP addresses. Enter the following:

# ifconfig pm_nic addif additional_ip netmask netmask up

where pm_nic is the Policy Master NIC, and additional_ip is any additional IP address you need to plumb, and netmask is your Policy Master netmask.

addif

Page 37

Before you install the Policy Master

Preserving the configuration across reboots

To preserve your configuration across reboots

1 Save your test IP address on the base of each NIC. Do not use the addif

command. Enter the following at the beginning of the /etc/hostname.pm_nic file:

test_ip netmask netmask broadcast + deprecated -failover up \

where pm_nic is the Policy Master NIC, test_ip is the IP address for that NIC (and the IP address that you use to test your network connection), and netmask is your Policy Master netmask.

2 If you need additional IP addresses on the Policy Master NIC, such as host IP

addresses, you can plumb the other IP addresses. Enter the following lines in the /etc/hostname.pm_nic file, after the line you entered in step 1:

addif additional_ip netmask netmask broadcast + up

where pm_nic is the Policy Master NIC, additional_ip is any additional IP address you need to plumb, and netmask is your Policy Master netmask.

37Installing and configuring the VCS One Policy Master

Preparing your network on Linux

On Linux, if the incorrect netmask is used to plumb the Base IP address, the network may not work. Symantec recommends using MultiNICA Performance Mode in the Policy Master service group (PMSG). MultiNICA Performance Mode requires a unique Base IP address with the correct Netmask addresses plumbed on the required NICs.

See the Veritas Cluster Server One Bundled Agents Reference Guide for information about MultiNICA Performance Mode.

Preparing Policy Master cluster information

Before you install the Policy Master software, have the following information ready:

■ Names of the systems to install the Policy Master software

Make sure that you can ping each system name from each of the Policy Master systems.

If the Policy Master systems are in the same time zone, clock times on each system must be within 30 minutes of one another. If the clock times are more than 30 minutes apart, the installation may fail. Use the ntpdate command to synchronize clock times.

■ A unique name for the Policy Master cluster, such as vcsonepm_cluster.

Page 38

38 Installing and configuring the VCS One Policy Master

Before you install the Policy Master

The name can be up to 128 characters long, and must start with an alphanumeric character. It can only contain the following characters: A-Z, a-z, 0-9, ‘_’ and ‘-’. The name cannot contain the following reserved words: “cluster,” “system,” “group,” “resource,” and “type.”

■ A numerical ID for the Policy Master cluster (a number from 0 - 65535). For

example: 11. If your configuration has multiple Policy Master clusters (including VCS

clusters), each ID must be unique. In a configuration that has only one Policy Master system, you do not need

to provide a numerical ID.

■ Names of two or more private NICs on each system.

In a configuration that has only one Policy Master system, you do not need to provide any private NIC information.

■ A port number for the authentication service (a number from 0 - 65536). The

port must not be a port on which other applications listen. Instead of providing an authentication service port number, you can use the

default port (14159).

■ One or more virtual IP addresses for the systems in the Policy Master

cluster.

Note: In a Policy Master cluster system, the virtual and physical IP addresses must be different.

■ Netmasks that the virtual IP addresses use.

■ Public NICs on each Policy Master system.

■ Base IP addresses on each of the public NICs.

Preparing your storage architecture

Symantec recommends that you set up a storage architecture to store your configuration data. You must configure shared storage in order for the Policy Master to fail over from one system to another. Prepare the information that VCS One requires to set up your storage architecture.

Preparing to install Veritas Storage Foundation

Before you install Storage Foundation, have the following system information ready:

■ The name of the disk group to be created.

Page 39

Before you install the Policy Master

■ Names of one or more disks that are part of the disk group. Use short disk

names.

■ Name of the volume that needs to be created within the disk group.

■ Size of the volume that needs to be created. For example, 4400240 (number

of blocks), 2G, or 240M.

■ Mount point where the volume is mounted.

Preparing to configure NetApp filer

Before you install NetApp filer, have the following system information ready:

■ Mount point where the volume is mounted.

■ IP address or host name for the NetApp filer.

■ Access method for the NetApp filer (rsh, ssh, or api).

■ User name for accessing the NetApp filer.

■ Password for accessing the NetApp filer (for API access mode).

39Installing and configuring the VCS One Policy Master

■ IP address or host name for the NIC connected to the NetApp filer for each

Policy Master system.

■ File system path or NetApp filer to be used to store the VCS One

configuration.

Note: The installer exports the NetApp volume and mounts the mount point. If the mount point is already mounted, the installer prompts you before unmounting it forcibly.

Preparing to configure other shared storage architectures

If you do not install Storage Foundation or NetApp filer when you install VCS One, you can configure another storage architecture. For example, you can configure local storage, or a customized shared storage architecture. Before you configure your storage architecture, mount the shared storage on each system and note the shared storage mount point. For example, /PM.

Preparing to configure disaster recovery

Disaster recovery uses global clustering to protect against the types of outages that large-scale natural disasters cause. In such situations, VCS One global clusters migrate applications to remote clusters located considerable distances apart.

Page 40

40 Installing and configuring the VCS One Policy Master

Installing the Policy Master

If you configure disaster recovery, VCS One monitors events between clusters. Using disaster recovery, the global cluster is aware of the state of the service groups in the global cluster at all times.

To configure disaster recovery, have the following information ready:

■ Two or more unique virtual IP addresses dedicated to disaster recovery. (If

you do not want to configure separate virtual IP addresses for disaster recovery, you can use the Policy Master virtual IP addresses.)

■ If you configure additional virtual IP addresses, obtain the netmask for each

virtual IP address.

■ A NIC for each unique virtual IP address. (If your Policy Master is set up with

redundant NICs, you do not need a dedicated NIC for disaster recovery.)

Installing the Policy Master

The Veritas Cluster Server One (VCS One) Policy Master software is on the VCS One software disc for the appropriate platform.

Note: This release of VCS One does not support installing the Policy Master on Solaris with zones configured. On Solaris, you must install the Policy Master on a system free of zones.

The VCS One installer installs the Policy Master, and, (optionally) Storage Foundation. The installer also gives you the option to configure NetApp filer and disaster recovery.

The installation procedures are in the following subsections:

■ “Launching the installer” on page 40

■ “Specifying the target system” on page 41

■ “Specifying whether to install Storage Foundation” on page 42

■ “Selecting a license type” on page 42

■ “Specifying when to configure the Policy Master” on page 43

Launching the installer

Launch the VCS One installer to install the Policy Master. You can configure the Policy Master during the installation process, or you can come back and configure it after the installation is complete.

Page 41

Installing the Policy Master

To launch the VCS One installer

1 Log on as root on one of the Policy Master cluster systems.

2 On the VCS One software disc, change directories to the platform-specific

directory. Enter the following:

# cd platform

where platform is the platform-specific directory, such as RHEL5_x86_64 or sol_sparc.

3 On the software disc, start the installer script. Enter the following:

# ./installer

4 From the Task menu, select the following task:

Install/Upgrade a Product

5 From the list of products, select Veritas Cluster Server One by

Symantec - Policy Master

6 Accept the End User License Agreement (EULA). At the EULA prompt, enter

the following: y. The installer provides information about the installation and configuration.

41Installing and configuring the VCS One Policy Master

7 Review the information on each page and press Enter to continue.

Specifying the target system

You must specify the name of the target system for each Policy Master system.

To specify the target system

1 At the system names prompt, enter the names of the systems on which you

want to install the VCS One Policy Master. Separate each name with a space. Do not enter fully-qualified domain names or IP addresses. For example, enter the following: sys1 sys2

Note: If you install the Policy Master on a single system, you only need to enter one system name.

If you install the Policy Master on a single system, you see a prompt.

2 Do one of the following:

If you install the Policy Master on multiple systems

If you install the Policy Master on a single system

Go to the next section, “Specifying whether to install

Storage Foundation.”

At the single node confirmation prompt, enter y. Then go to the next section, “Specifying whether to

install Storage Foundation.”

Page 42

42 Installing and configuring the VCS One Policy Master

Installing the Policy Master

Specifying whether to install Storage Foundation

You can optionally install and configure Storage Foundation to store the VCS One Policy Master configuration database.

Note: On Solaris, VCS One supports Storage Foundation 5.0MP1 and above. On Linux, VCS One does not support versions of Storage Foundation before Storage Foundation 5.0 MP2.

Veritas Storage Foundation by Symantec includes Veritas File System by Symantec (VxFS) and Veritas Volume Manager by Symantec (VxVM) with varying feature levels.

Veritas File System is a high performance journaling file system that provides easy management and quick-recovery for applications. Veritas File System delivers scalable performance, continuous availability, increased I/O throughput, and structural integrity.

Veritas Volume Manager removes the physical limitations of disk storage. With Veritas Volume Manager, you can configure, share, and manage your storage online. Managing storage online optimizes storage I/O performance without interrupting data availability. Veritas Volume Manager also provides easy-to-use, online storage management tools to reduce downtime.

To specify whether to install Storage Foundation

◆ Read the information and decide if you want to install and use Storage

Foundation to store the VCS One configuration. At the Storage Foundation prompt, if you want to install Storage Foundation packages, enter y.

Selecting a license type

If you do not have a license installed, you must select a license type.

For more information on licensing, see Veritas Cluster Server One Release Notes.

To select a license type

◆ Do one of the following:

■ If the installer finds your license, you are not asked to select a license

type. Go to the next section, “Reviewing the package list.”

■ If you are asked to select a license type (demo, NFR, or permanent), type

the number corresponding to your license type. Then, go to the next section, “Reviewing the package list.”

Page 43

Reviewing the package list

The installer provides a list of packages to be installed.

To review the package list

◆ Read each page listing the packages to be installed and press Enter to

continue. For a list of the packages, see Appendix F, “Required packages” on

page 203.

Specifying when to configure the Policy Master

On Linux, you must specify whether to configure the Policy Master right after the installation, or complete the installation and configure the Policy Master later.

On Solaris, if do not install Storage Foundation, you must specify whether to configure the Policy Master right after the installation. If you install Storage Foundation on Solaris, you must reboot your machine and then proceed with the configuration.

43Installing and configuring the VCS One Policy Master

Installing the Policy Master

To specify when to configure the Policy Master

1 Do one of the following:

If you install the Policy Master on Linux

If you install the Policy Master on Solaris, and you do not install Storage Fou ndat ion

If you install the Policy Master on Solaris, and install Storage Foundation (or locally-mounted storage)

Proceed to step 2.

Reboot your system.

After you reboot, go to the next section: “Configuring

the Policy Master.”

2 At the VCS One configuration readiness prompt, do one of the following:

To configure the Policy Master as part of the installation process

Enter the following: y.

Go to the next section, “Configuring the Policy

Master.”

Page 44

44 Installing and configuring the VCS One Policy Master

Configuring the Policy Master

To install Policy Master now, but configure it later

Enter the following: n.

The installer installs the packages, and you can configure the Policy Master later. When you are ready to configure, see the next section:

“Configuring the Policy Master.”

Configuring the Policy Master

During the configuration process, you configure your Policy Master cluster. The installer also gives you the option to configure disaster recovery, and Storage Foundation or NetApp.

The configuration procedures are in the following subsections:

■ “Starting the Policy Master configuration” on page 44

■ “Configuring the Policy Master cluster” on page 44

■ “Specifying the authentication services port number” on page 46

■ “Configuring virtual IP addresses for the Policy Master” on page 46

■ “Choosing a storage architecture to configure” on page 48

■ “Configuring disaster recovery” on page 48

■ “Configuring your storage architecture” on page 51

■ “Starting the Policy Master” on page 54

Starting the Policy Master configuration

If you have not yet started the Policy Master configuration, do so now.

To start the Policy Master configuration

1 Start the VCS One configuration. Enter the following:

# ./installvcsonepm -configure

2 Enter the names of the systems on which you want to configure the VCS One

Policy Master. Separate each name with a space. Do not enter fully-qualified domain names or IP addresses. For example, enter the following: sys1

sys2

Configuring the Policy Master cluster

You must provide a host name for the Policy Master cluster. If you install the Policy Master on two or more systems, you must also provide a numerical ID number and configure heartbeat settings.

Page 45

Configuring the Policy Master

Naming the Policy Master cluster

You must specify a unique name to identify the Policy Master cluster.

To name the Policy Master cluster

◆ At the cluster name prompt, enter a unique name for the Policy Master

cluster. For example, enter the following: my_cluster.

Creating an ID for the Policy Master cluster

If you install the Policy Master on more than one system, you must create an ID for the Policy Master cluster.

To create an ID for the Policy Master cluster

◆ At the cluster ID prompt, enter a unique ID between 0-65535. For example,

enter the following: 65000

Configuring the heartbeat settings

If you install the Policy Master on more than one system, you must designate at least one NIC for a private heartbeat link. A private heartbeat link is a link that sends status information between systems within the Policy Master cluster. Private heartbeats are generated every half second.

You can optionally designate a NIC for a low-priority heartbeat link. Low priority heartbeats are generated every second and do not send status information. If none of the high-priority links work, low-priority links are automatically promoted to high-priority links.

45Installing and configuring the VCS One Policy Master

To configure the heartbeat settings

1 At the first heartbeat prompt, enter the NIC for the first private heartbeat

2 At the second heartbeat prompt, specify if you want to configure a second

3 If you configure a second private heartbeat, enter the NIC. For example,

link on your VCS One cluster. For example, enter the following:

■ (On Linux) eth0

■ (On Solaris x64) bge0

Type y to confirm the NIC entry.

private heartbeat link. Type y or n.

enter the following:

■ (On Linux) eth1

■ (On Solaris x64) bge1

Type y to confirm the NIC entry.

Page 46

46 Installing and configuring the VCS One Policy Master

Configuring the Policy Master

4 At the low priority heartbeat prompt, specify if you want to configure a low

priority heartbeat link. Type y or n.

5 If you configured a low priority heartbeat, enter the NIC. For example, enter

the following:

■ (On Linux) eth2

■ (On Solaris x64) bge2

Type y to confirm the NIC entry.

6 At the all systems prompt, specify if you want to use the same NICs for

private heartbeat links on all systems. Type y or n.

Specifying the authentication services port number

You must specify if you want to use the default port number for authentication services.

To specify the authentication services port number

◆ At the authentication services port number prompt, do one of the following:

■ If you want to use the default port number (14159) for authentication

services, enter the following: y.

■ If you want to specify a different port number for authentication

services, enter the following: n. At the next prompt, enter the port number you want to use. For example, enter the following: 14001.

Confirming the Policy Master cluster configuration

At the cluster configuration verification prompt, verify that the name, ID, broker port, and NIC information is correct.

(The broker port is the authentication services port number you set in the section “Specifying the authentication services port number.” )

To confirm the Policy Master cluster configuration

◆ At the Policy Master cluster configuration verification prompt, confirm that

the configuration information is correct. Enter y.

Configuring virtual IP addresses for the Policy Master

You must enter the NICs for the Policy Master virtual IP address. If you install on Solaris, you must specify if you want to use the mpathd. You must also enter the Policy Master virtual IP addresses and netmasks.

Page 47

Configuring the Policy Master

Entering the NICs for the Policy Master virtual IP address

To enter the NICs for the Policy Master virtual IP address

1 Enter the NIC for the Policy Master Virtual IP address to use on your system.

From the list of NIC devices that are discovered on your systems, select any NIC that is up and running on a public network. For example, enter the following:

■ (On Linux) eth0

■ (On Solaris x64) bge0

2 At the all nodes prompt, specify if you want to use the same NIC on all Policy

Master systems. Do one of the following:

■ To use the same NIC on all Policy Master systems, enter y.

■ To select your NICs one-by-one for each Policy Master system, enter n.

Specifying whether to use the mpathd (Solaris only)

If you install on Solaris, you must indicate if you want to use the mpathd that the operating system provides.

47Installing and configuring the VCS One Policy Master

To specify whether to use the mpathd

1 At the mpathd prompt, do one of the following:

■ If you want to use the mpathd, enter y.

Then go to step 2.

■ If you do not want to use the mpathd, enter n.

Then go to the next section, “Choosing a storage architecture to

configure.”

2 If you use the mpahtd, enter its absolute path. For example, enter the

following:

/sbin/in.mpathd

Entering the Policy Master virtual IP addresses and netmasks

To enter the Policy Master virtual IP addresses and netmasks

1 Enter one or more Policy Master virtual IP addresses. For example, enter the

following: 192.168.1.20 192.168.1.21

2 Enter the netmasks for the virtual IP addresses you entered. Review the

information. For example, enter the following: 255.255.248.0.

3 At the Policy Master configuration verification prompt, confirm that the

virtual IP addresses, netmasks, and NICs are correct. Enter the following: y.

Page 48

48 Installing and configuring the VCS One Policy Master

Configuring the Policy Master

Choosing a storage architecture to configure

Symantec recommends that you use a shared storage architecture for storing the configuration database. You can configure Storage Foundation if you are in the process of installing Storage Foundation, or it is already on your system. Otherwise, you can configure NetApp filer or another storage architecture.

To select and configure a storage architecture

1 At the Storage Architecture prompt, select the storage architecture you want

to configure.

2 See Table 2-1 for details on the remaining configuration tasks.

Table 2-1 VCS One configuration task details

To configure Complete these tasks

Storage Foundation as part of the installation and configuration process

Storage Foundation when it is already installed on your system

NetApp filer, or another storage architecture

Configuring disaster recovery

Follow the steps in this section to specify if you want to configure disaster recovery.

For information about disaster recovery, see “Preparing to configure disaster

recovery” on page 39.

Deciding when to configure disaster recovery

You can configure disaster recovery during the VCS One installation and configuration process, or you can configure it after installing and configuring VCS One.

1 “Configuring disaster recovery” on page 48

2 “Configuring Storage Foundation” on page 51

3 “Starting the Policy Master” on page 54

1 “Configuring Storage Foundation” on page 51

2 “Configuring disaster recovery” on page 48

3 “Starting the Policy Master” on page 54

1 “Configuring your storage architecture” on

page 51

2 “Configuring disaster recovery” on page 48

3 “Starting the Policy Master” on page 54

Page 49

Configuring the Policy Master

Specify when to configure disaster recovery

◆ At the VCS One disaster recovery configuration prompt, do one of the

following:

49Installing and configuring the VCS One Policy Master

If you want to configure disaster recovery as part of the VCS One installation and configuration process

If you do not want to configure disaster recovery, or if you want to configure disaster recovery after you install and configure VCS One

Enter the following: y.

Go to the next section, “Configuring disaster recovery

as part of the installation and configuration process.”

Enter the following: n.

To configure disaster recovery after you install the Policy Master, see the section:

“Configuring disaster recovery after you install VCS One” on page 50.

Configuring disaster recovery as part of the installation and configuration process

Follow these steps to configure disaster recovery during the installation and configuration process. To configure disaster recovery later, see:

“Configuring disaster recovery after you install VCS One” on page 50.

To configure disaster recovery

1 Enter one or more virtual IP addresses, separated by a space. For example,

enter the following:

192.168.1.15 192.168.1.16. Symantec recommends dedicating two or more unique virtual IP addresses

to disaster recovery. If you dedicate fewer than two unique virtual IP addresses to disaster recovery, you are prompted to specify if you want to continue.

2 Do one of the following:

3 Do one of the following:

■ If you are prompted about continuing with fewer than two unique

virtual IP addresses, go to step 3.

■ If you are not prompted about continuing with fewer than two unique

virtual IP addresses, go to step 5.

■ To add more virtual IP addresses, enter the following: n. Go back to

step 1.

■ To continue with fewer than two unique virtual IP addresses, enter the

following: y. Go to step 4.

Page 50

50 Installing and configuring the VCS One Policy Master

Configuring the Policy Master

4 Do one of the following:

If the virtual IP address is already configured, and you see the disaster recovery configuration verification prompt

If you do not see the disaster recovery configuration verification prompt

Skip to step 8

Go to step 5

5 For each unique virtual IP address, enter the NIC. For example, enter the

following:

■ (On Linux) eth0

■ (On Solaris x64) bge0

You are prompted to specify if you want to use the same NIC for all Policy Master systems.

6 At the all nodes prompt, do one of the following:

■ If you want to use the same NIC on all Policy Master systems, type y.

■ If you want to use different NICs on the different Policy Master

systems, type n. Then specify a NIC for each system.

7 For each unique virtual IP address, enter the netmask. For example, enter

the following: 255.255.248.0.

8 At the disaster recovery configuration verification prompt, verify that the

virtual IP address, NIC, and netmask are correct. Enter the following: y.

Configuring disaster recovery after you install VCS One

Follow these steps to configure disaster recovery after you install and configure VCS One.

To configure disaster recovery after installing and configuring VCS One

1 Launch the VCS One disaster recovery installer. Enter the following:

# ./installvcsonepm -configuredr

2 Enter the name of the system on which you want to configure disaster

recovery. For example, enter the following: sys1.

3 Follow the disaster recovery installation steps.

See: “Configuring disaster recovery as part of the installation and

configuration process” on page 49.

4 Verify that the disaster recovery service group is online. Enter the following:

# /opt/VRTSvcsone/bin/hagrp -state

Page 51

Configuring your storage architecture

This section provides storage architecture configuration instructions. For information on configuring your storage architecture, select the appropriate link:

“Configuring Storage Foundation” on page 51

“Configuring NetApp Filer” on page 52

“Configuring other shared storage architectures” on page 54

Configuring Storage Foundation

When you configure Storage Foundation, you are prompted to specify a disk group for the configuration database. A disk group is a collection of disks that share a common configuration (for example, the configuration objects that belong to a single database).

Note: For the Policy Master to fail over from one system to another, the disk group and volume must not be in use by other applications. The disk group must also be free of any volumes that are in use by other applications.

51Installing and configuring the VCS One Policy Master

Configuring the Policy Master

To configure Storage Foundation

1 Enter a disk group for the configuration database. For example, enter the

following: pmdg.

2 Do one of the following:

If you are not prompted to enter disk names

If you are prompted to enter disk names

Go to step 5.

Go to step 3.

3 At the disk prompt, enter the names of the disks in the disk group. Separate

disk names with a space. For example, enter the following: sdb sdb2. The Policy Master uses the names you enter to create the disk group.

4 At the initialization prompt, choose to initialize the disks. Enter the

following: y. You are prompted to specify a volume for the configuration database. A

volume is a virtual disk device that appears to applications, databases, and file systems. A volume is like a physical disk partition. However, a volume does not have the physical limitations of a disk partition.

Page 52

52 Installing and configuring the VCS One Policy Master

Configuring the Policy Master

5 Enter the name of the volume for the configuration database. For example,

enter the following: pmvol.

6 Do one of the following:

If you are prompted to enter the volume size

If you are not prompted to enter the volume size

Go to step 7.

Go to step 8.

7 Enter the volume size. For example, enter the following: 200M.

8 Do one of the following:

■ If the volume is not mounted, go to step 9 and enter the mount point.

■ If the volume is already mounted, go to step 10 and verify your

configuration.

9 Enter the mount point for the configuration database. For example, enter

the following: /PM.

10 At Storage Foundation configuration verification prompt, enter the

following: y. If the installer uses an existing disk group for the configuration database,

you are prompted about cleaning up the shared storage directories.

11 If you are prompted to clean up the shared storage directories, enter the

following: y.

Configuring NetApp Filer

Follow the instructions in this section to configure Network Appliance filer (NFS) to store your configuration information. Only Network Appliance filers are supported as NetApp servers.

To configure Network Appliance Filer

1 Enter the mount point for the configuration database. For example, enter

the following: /software/vcsone. The installer mounts the mount point. If the mount point is already

mounted, you can choose to unmount it through the installer.

2 Enter the fully-qualified host name or IP address for the NetApp Filer. For

example, enter the following: netapp3.veritas.com.

3 Select an access method (rsh, ssh, or api).

4 Enter the name of the user who accesses the Network Appliance filer. For

example, enter the following: root.

Page 53

Configuring the Policy Master

5 Enter the password for accessing the Network Appliance filer. At the

prompt, enter the password again.

6 For each Policy Master system, enter the host name or IP address for each

NIC that is connected to the NetApp Filer. For example, enter the following:

# thoropt158.

7 On the NetApp filer you designate to store the VCS One configuration, enter

the exported file system pathname. For example, enter the following:

# /vol/name_of_volume /name_of_directory_path

8 At the API over SSL prompt, do one of the following:

■ If you do not want to use API over SSL, enter the following: n.

■ If you want to use API over SSL, enter the following: y. At the prompt,

enter the SSL library path. The path should be on a local disk, and must contain the libcrypto.so and libssl.so library files. For example, enter the following: /usr/lib.

9 If you have mounted something on the mount point you specified, the

installer asks you if you want to unmount it. Do one of the following:

■ If you are prompted to unmount the mount point, go to step 10.

■ If you are not prompted to unmount the mount point, go to step 11.

53Installing and configuring the VCS One Policy Master

10 At the prompt for unmounting the mount point, do one of the following:

■ If you do not want to unmount the mount point, enter the following: n.

■ If you want to unmount the mount point, enter the following: y.

11 Confirm that the Network Appliance filer configuration is correct. Enter the

following: y. If the installer uses an existing Network Appliance filer for the

configuration database, you are prompted about cleaning up the shared storage directories.

12 Do one of the following:

If you are not prompted to clean up the shared storage directories

If you are prompted to clean up the shared storage directories

Go to:

“Starting the Policy Master” on page 54.

Clean up the shared storage directories to prevent the installation from failing. At the prompt for performing cleanup, enter the following: y.

Then, go to:

“Starting the Policy Master” on page 54.

Page 54

54 Installing and configuring the VCS One Policy Master

Configuring the Policy Master

Configuring other shared storage architectures

The VCS One Policy Master uses a database to store configuration information. If you do not install Storage Foundation or NetApp, you can choose another option for shared storage. You can also store the configuration database using local storage.

If you do not configure Storage Foundation or Network Appliance filer to store your configuration data, keep in mind the following:

■ VCS One does not automatically mount your storage configuration. You

must manually mount the storage on each system in the Policy Master cluster.

■ If VCS One faults because it fails to connect to the database directory, you

must troubleshoot the issue manually.

Follow the steps in this section to set up the configuration database using shared storage, or using local storage.

To set up the configuration database

1 Enter the mount point for the configuration database. For example, enter

the following: /PM.

2 Do one of the following:

If you are not prompted to clean up the shared storage directories

If you are prompted to clean up the shared storage directories

Starting the Policy Master

You must start the Policy Master after the configuration process.

To start the Policy Master

◆ At the Start VCS One Policy Master processes prompt, enter y to start them.

The VCS One Policy Master starts and reports success or failure. The following directory contains the path to the log files, the summary file,

and the response file that the installation creates:

/var/VRTS/install/logs/

Go to the next section:

“Starting the Policy Master.”

At the prompt for performing cleanup, enter the following: y.

Then, go to the next section:

“Starting the Policy Master.”

Page 55

After you install the Policy Master

After you install the Policy Master, see the following sections for information about the next installation steps:

■ “Verifying the Policy Master installation,” in the next section

■ “Setting the default platform in the VCS One cluster” on page 57

■ “About configuring VCS One” on page 57

Verifying the Policy Master installation

Once you install the Policy Master, is a good idea to verify the Policy Master installation. Verifying the installation checks if all of the Policy Master systems, service groups, and resources are up and running.

To verify the Policy Master installation

1 Check the state of the Policy Master service group on each system. Enter the

following:

# /opt/VRTSvcsone/bin/haadmin -state

The output should show the PMSG is ONLINE on one system, OFFLINE on the other.

55Installing and configuring the VCS One Policy Master

After you install the Policy Master

2 Verify that the PMSG is online on one system and offline on the other. Enter

the following:

# /opt/VRTSvcsone/bin/haadmin -status -summary

3 Display the status of each of the PMSG resources on each system. Enter the

following:

# /opt/VRTSvcsone/bin/haadmin -status

The status of each resource in the Policy Master service group displays.

For a new installation, the output of the haadmin -status command shows the following:

■ All systems are running.

■ NIC resources are ONLINE on all systems.

■ All other resources are ONLINE on one system and OFFLINE on the other.

Table 2-3 describes the resources in the haadmin -status output when the

Policy Master uses Storage Foundation for storing configuration information.

Page 56

56 Installing and configuring the VCS One Policy Master

After you install the Policy Master

Note: If you use the “other shared storage” option, the pmdg, pmvol, and pmmount resources may not exist. If you use Network Appliance filer, the pmdg

resource may not exist.

Table 2-3 PMSG resources when the Policy Master uses Storage Foundation

Resource Description

pmip Policy Master virtual IP address

pmnic Policy Master virtual IP address NIC device

vcsonedb VCS One database

pm Policy Master daemon

atd Symantec Product Authentication Service daemon

VCSOneWeb VCS One web console

pmdg The database and repository disk group

pmvol The volume for the file system containing the database

pmmount The file system mount point

Table 2-4 describes the PMSG resources in the haadmin -status output when

the Policy Master uses NetApp for storing configuration information.

Table 2-4 PMSG resources when the Policy Master uses NetApp

Resource Description

pmip Policy Master virtual IP address

pmnic Policy Master virtual IP address NIC device

vcsonedb VCS One database

pm Policy Master daemon

atd Symantec Product Authentication Service daemon

pmmount Mount point for the volume/qtree exported from NetApp filer

when NetApp is selected for shared storage

pmexport Exports and deports the volume/qtree on NetApp filer to

active and passive Policy Master systems, respectively

Page 57

After you install the Policy Master

Table 2-4 PMSG resources when the Policy Master uses NetApp (continued)

Resource Description

pmfiler Monitors ICMP connectivity between the Policy Master and

the NetApp filer

VCSOneWeb VCS One web console

Table 2-5 describes the DRSG resources in the haadmin -status output when

the Policy Master uses disaster recovery. The table contains the resources you see when you configure two virtual IP addresses for disaster recovery.

Table 2-5 DRSG resources when the Policy Master uses disaster recovery

Resource Description

DRSG Disaster recovery service group

dr_app The DRApp resource that manages the disaster recovery

service group (DRSG

57Installing and configuring the VCS One Policy Master

drip1 Disaster recovery virtual IP address 1

drip2 Disaster recovery virtual IP address 2

drnic1 NIC device for disaster recovery virtual IP address 1

drnic2 NIC device for disaster recovery virtual IP address 2

Setting the default platform in the VCS One cluster

You may want to make changes at the VCS One cluster level. For example, you can set the default platform to match the platform that is most prevalent in your VCS One cluster. If you set the default platform, fewer users have to specify the platform name.

To set the default platform in the VCS One cluster

◆ Set the default platform in the VCS One cluster. Enter the following:

# /opt/VRTSvcsone/bin/haclus -modify DefaultPlatform

platform

About configuring VCS One

Each system in a VCS One cluster has a unique host name and IP address. In addition, VCS One uses attributes to match systems and users. The system-level attribute, SysUserName, which is initially NULL, contains the name of the VCS

Page 58

58 Installing and configuring the VCS One Policy Master

After you install the Policy Master

One client user who first registers with the system. If another user tries to register with the system, they are rejected. The user level attribute, VCSOneClientName, lists the VCS One client system

with which the user is registered. A user can only register with one system in the VCS One cluster.

See the Veritas Cluster Server One User’s Guide for information about the following topics:

■ Adding users and assigning roles

■ Adding systems to the VCS One cluster

■ Creating service groups for your applications

■ Administering groups, resources, and systems

Page 59

Chapter

Accessing the web console

This chapter includes the following topics:

■ Before you access the VCS One web console

■ Accessing the VCS One web console

■ Recreating the SSL certificate

Page 60

60 Accessing the web console

Before you access the VCS One web console

Before you access the VCS One web console for the first time, do the following:

■ Install a supported browser.

See the Veritas Cluster Server One Release Notes for supported browser versions.

■ In the browser, do the following:

■ Enable cookies

■ Disable browser caching

■ Disable the pop-up blocker

■ Enable ActiveX controls (Internet Explorer only)

■ Install a supported Flash version.

See the Veritas Cluster Server One Release Notes for supported Flash versions.

■ Enable the ports that the web server uses.

See “Opening the required ports” on page 21.

Setting who can access the VCS One web console

The root user on the Policy Master system can log in without being added to the VCS One configuration. To allow other users to log in to the VCS One web console, you must explicitly add those users as VCS One users with assigned roles.

Page 61

Accessing the VCS One web console

Follow the instructions in this section each time you access the VCS One web console. When you access the VCS One web console for the first time, you see a message about authentication. Read the message and click OK to add and permanently store a trusted security certificate. After you add the security certificate, the VCS One web console login page appears in the browser.

To access the VCS One web console

1 Open a web browser and enter the following URL:

https://PM_cluster_virtual_IP_address:14171

Symantec recommends that you use the virtual IP address of the Policy Master (PM) cluster instead of the name of the active system in the Policy Master cluster. If you use the virtual IP address, the VCS One console maintains a connection with the Policy Master after a Policy Master cluster failover operation.

2 In the web browser, click the VCS One web console link.

61Accessing the web console

Accessing the VCS One web console

3 In the Log on page, specify the following details:

■ In the Select Language box, select the appropriate language. In this

release, only English is supported.

■ In the User Name field, enter the name of the user.

■ In the Password field, enter the password.

■ In the Domain field, enter the domain name.

You must specify a domain name for all domain types except unixpwd (which is the default domain type) and pam. To view a list of all the domains on the Policy Master system, enter the following command:

haat showallbrokerdomains -j broker

If you leave the Domain field blank and the domain type is unixpwd or pam, VCS One assumes that the domain type is the same as the Policy Master system’s domain type.

■ In the Domain Type field, select a domain type (unixpwd, nt, nis,

nisplus, pam, vx, or ldap).

■ In the Broker:Port field, enter the authentication broker name and the

port number separated by a colon (:). This field is optional and is populated automatically.

4 Click Log On.

The web console is best viewed at 1024x768 screen resolution.

Page 62

62 Accessing the web console

Recreating the SSL certificate

The VCS One installer creates an SSL certificate on each Policy Master system. The SSL certificate works if you access the VCS One web console using a VCS One Policy Master virtual IP address.

With Internet Explorer 7, using a host name that resolves to a VCS One Policy Master virtual IP address when accessing the VCS One web console may display invalid SSL certificate messages.To prevent these messages, you must recreate the SSL certificate.

This section provides the general steps and resources needed to recreate an SSL certificate. For more detailed information about SSL-related tasks, see the Apache Tomcat 6.0 SSL Configuration instructions available on the Internet.

To recreate the SSL certificate, you can use Java Keytool, or another tool of your choice. For your convenience, the Java Keytool utility is included in the VCS One installation, and located at:

/opt/VRTSvcsone/jre/bin

To recreate the SSL certificate

1 Locate the key store containing the certificate that the VCS One installer

created at: /opt/VRTSvcsone/web/tomcat/cert

2 Follow the Apache Tomcat 6.0 SSL Configuration instructions for creating

an SSL certificate.

3 At the prompt, enter the information for the host name that you want to use

to access the VCS One web console.

4 To restart the VCS One web console, use the

commands to take it offline and bring it online. Enter the following:

hastop and hastart

# /opt/VRTSvcsone/bin/hastop -web # /opt/VRTSvcsone/bin/hastart -web

5 From the browser, choose to install the new certificate.

Page 63

Chapter

Installing and configuring the VCS One client

This chapter includes the following topics:

■ Preparing to install the VCS One client

■ Installing the VCS One client

■ Configuring the VCS One client

■ Installing the client using a permanent credential

■ After you install the VCS One client

Page 64

64 Installing and configuring the VCS One client

Preparing to install the VCS One client

This section lists what you must do and prepare before you can install the VCS One client.

■ Perform the general preparations if you have not already.

See “Preparing to install the VCS One client” on page 64.

■ Perform platform-specific preparations.

See “Platform-specific preparations” on page 64.

■ Right before the installation, you must perform some setup tasks.

See “Right before the installation” on page 66.

General preparations (all platforms)

Client installation involves a set of certain pre-installation tasks to be performed before you actually run the installer. These tasks are broadly divided in to the following categories:

■ General preparations that are common irrespective of the platform on

which you would install the client.

■ Platform specific preparations.

Before you begin to install the VCS One client, ensure that the following general preparations are ready in advance.

■ Uninstall any earlier version of the VCS One client.

For uninstallation instructions, see the Veritas Cluster Server One Installation Guide for the VCS One version you want to uninstall.

■ Ensure any DHCP IP addresses have a long-term lease and are not

relinquished while the VCS One client daemon (vcsoneclientd) is running. The loss of connectivity could fault the VCS One client.

■ Ensure the client host name resolves to the client IP address, and vice versa.

Platform-specific preparations

This section includes information and configurations you must prepare before you install the client on Linux or Solaris. Complete the preparations for your platform, and then proceed to:

“Right before the installation” on page 66.

Linux-specific preparations

Before you install the VCS One client on a Linux server system, you must first:

Page 65

Preparing to install the VCS One client

■ Enable the required ports for Linux.

See “Opening the required ports” on page 21.

■ Install the required operating system patches. See the Veritas Cluster Server

One Release Notes for the required operating systems patches.

Solaris-specific preparations

Before you install the VCS One client on a Solaris server system:

■ Install the required operating system patches. See the Veritas Cluster Server

One Release Notes for the required operating systems patches.

If you will install the VCS One client on a Solaris system with zones configured:

■ Ensure that the zones have been completely installed, including an initial

boot of the zone, before installing the VCS One client.

If you install the VCS One client on Solaris 10 systems running non-global zones:

■ Ensure that /opt is not inherited by any non-global zone, using the following

procedure:

65Installing and configuring the VCS One client

To ensure that /opt is not inherited by any non-global zone command

1 Check whether /opt is inherited by a non-global zone command. Enter the

following:

zonecfg -z zone_name info

Output similar to the following appears:

zonepath: /export/home/zone1 autoboot: false pool: yourpool inherit-pkg-dir: dir: /lib inherit-pkg-dir: dir: /platform inherit-pkg-dir: dir: /sbin inherit-pkg-dir: dir: /usr

2 Look for any occurrences of the /opt directory being inherited. If it is

inherited, you see the following:

inherit-pkg-dir: dir: /opt

3 If you see that the /opt directory is inherited, you must reinstall the zone.

Page 66

66 Installing and configuring the VCS One client

Deciding about a credential installation

Right before the installation

Right before you install the VCS One client, do the following:

■ Set up ssh or rsh communications.

■ You must have ssh communications from the system where you run the

installation to the systems where you are installing the VCS One client software.

■ Ensure that the specific ports needed for installing the VCS One client

are enabled. See “Opening the required ports” on page 21.

■ The ssh communication must be present on the system where the

installation is run and the Policy Master cluster systems.

See “Setting up the Policy Master cluster hardware” on page 20.

■ Make sure that the clock times for Policy Master systems in the same time

zone are within 30 minutes of one another or the installation may fail.

■ Make sure the Policy Master is running. On a Policy Master system, enter

the following:

# haadmin -state

See “Verifying the Policy Master installation” on page 55.

■ Choose the appropriate installation software disc. Installation software

discs are provided for each platform type.

■ Mount the software disc on the system where you plan to run the

installation.

■ Have the VCS One Policy Master virtual IP address ready. Communication

must be enabled between the installer and the system with the Policy Master virtual IP address.

Deciding about a credential installation

Installing the VCS One client using credentials is optional. However, if you install the client without credentials, you must establish paswordless ssh communication between the client and the active Policy Master system.

For more information on setting up ssh communication, see “Configuring ssh,

rsh, or remsh before installing.”

For a credential deployment, you have the following options:

■ Install the client using a deployment credential. If you do not establish ssh

communications with the active Policy Master system, you must have a copy of the deployment credential on the system from which you run the installer.

See “Installing the client using a deployment credential” on page 67.

Page 67

Deciding about a credential installation

■ Install the client using a permanent credential. If you do not establish ssh

communications with the active Policy Master system, you must have a copy of the permanent credential on the system from which you run the installer.

See “Installing the client using a permanent credential” on page 68.

Installing the client using a deployment credential

If the installer host does not have an ssh or rsh connection to the active Policy Master system, you can create a deployment credential. If passwordless ssh or rsh communication is enabled between the Policy Master system and the system from which you invoke the installer, skip to the section:

“Right before the installation” on page 66.

The deployment credential is a host-generic credential created on the authentication broker and copied to clients. Using a deployment credential, a client can be deployed without having a host-specific credential of its own.

Creating the deployment credential package

You can use the -create_deployment_credential option to create the deployment credential package on the shared storage. The clients copy and execute that credential package to authenticate with the Policy Master.

The command creates a deployment credential package file in the following location:

/vcsone_db_location/data/vcsone_deploy.credential

Reuse the credential package to deploy all clients that can connect to the Policy Master with the deployment credential.

Each client gets its own host-specific credential from the authentication broker through the Policy Master after the clients are deployed, and the first time they are connected to the Policy Master.

67Installing and configuring the VCS One client

To create the deployment credential package

1 From the Policy Master, create the deployment credential package. You may

2 Review the information and press Enter to continue.

3 Enter the timeout for the deployment credential in seconds. For example,

either accept the default values or provide your own. Enter the following:

# /opt/VRTS/install/clientscript/platform/installvcsonecd

-create_deployment_credential

where platform is the platform-specific directory. You see information about the installation.

enter the following: 86400

Page 68

68 Installing and configuring the VCS One client

Deciding about a credential installation

4 Enter the virtual IP address of the Policy Master system. For example, enter

the following: 192.168.1.20

5 At the verification prompt, confirm that the timeout, Policy Master virtual

IP address, and root broker hash are correct. Enter the following: y. The credential file is created in the following location:

/vcsonedb/data/vcsone_deploy.credential

6 Use a program supported in your environment to copy the

vcsone_deploy.credential file in binary mode from the Policy Master system to the client systems. For example, copy the file to /var/tmp.

7 Execute the package on the client machine. Enter the following:

# /opt/VRTSvcsone/bin/haat execpkg -i

full_path_to_deployment_package -o

Adding the client to the VCS One cluster

After you create the deployment credential package, you must add the client system to the VCS One cluster.

To add the client to the VCS One cluster

1 From the Policy Master, enter the following:

# /opt/VRTSvcsone/bin/hasys -add system -platform client

platform

2 From the Policy Master, set DeploymentTimeout to 86400 seconds

(24 hours). Enter the following:

# /opt/VRTSvcsone/bin/haclus -modify DeploymentTimeout 86400

3 Start the client. Enter the following:

Installing the client using a permanent credential

You can use the VCS One client daemon -createcredential installation option to perform installations on several systems without requiring ssh communication with the Policy Master cluster. The -createcredential option does the following:

■ Creates authentication principals (identities) for each VCS One client

process to be installed.

■ Adds the client daemon systems to the Policy Master configuration.

■ Transfers the credential packages to the system where you will run the

installation.

■ Uses the created credentials with installvcsonecd installation program.

Page 69

Installing the VCS One client

To install the client using permanent credentials

1 Log in as root on the Policy Master system or on a system with passwordless

ssh communication with the Policy Master.

2 Create authentication credential packages for each VCS One client system.

Enter the following:

# ./installvcsonecd -createcredential

The installer lists the installation log location.

3 At the prompt, enter the system names, separated by a single space, where

you want to install VCS One client daemon software or configure software already installed. For example, the names of the systems may be Sys1, Sys2, Sys3, and Sys4. (Do not enter fully-qualified domain names.)

Note: Each system must run the same operating system.

As the utility runs, it displays its actions and reports where it places the credential packages. It does not perform an installation.

4 Copy created credential packages to a system where you plan to install the

VCS One client. Make a note of where you copy the files.

69Installing and configuring the VCS One client

5 Install or configure the VCS One client daemon software on the systems

specified in step 3. Enter the following:

# ./installvcsonecd

6 During the installation, do the following:

■ At the permanent credential prompt, enter y.

■ Specify the path to the location where you copied the credential

packages in step 4.

Installing the VCS One client

After you have completed the client installation, the client software will be running and the system will be part of the VCS One cluster.

If you have an earlier version of a VCS One client installed, you must completely uninstall it before installing the VCS One 5.0 client. For uninstallation instructions, see the Veritas Cluster Server One Installation Guide for the VCS One version you want to uninstall.

Before you install the VCS One client on a Solaris system with zones, ensure that the zones have been completely installed, including an initial boot of the zones.

Page 70

70 Installing and configuring the VCS One client

Installing the VCS One client

Launching the installer

To launch the client installer

1 On the software disc, change directories to the platform-specific directory.

Enter the following:

# cd platform

where platform is the platform-specific directory, such as sles10_x86_64 or sol_sparc.

Go to the directory cluster_server_one.

2 Start the installer script. Enter the following:

# ./installer

3 From the Task menu, select the following task:

Install/Upgrade a Product

4 From the list of products, select:

Veritas Cluster Server One by Symantec - Client Daemon (VCS One Client)

Note: When the installer installs software on a system where VCS is installed, any file system soft links in the directory /opt/VRTS/bin are overridden on the system. Running VCS and VCS One on the same system is not a supported configuration.

5 Accept the End User License Agreement (EULA). At the EULA prompt, enter

the following: y. The installer provides information about the installation and configuration.

6 Review the information on each page and press Enter to continue.

Specifying the target systems

You must specify the name of the target systems for each client system.

To specify the target systems

◆ At the system names prompt, enter the names of the systems on which you

want to install the VCS One client. Separate each name with a space. (Do not enter fully-qualified domain names or IP addresses.) For example, enter the following: redhat95241 redhat95244

Reviewing the package list

The installer provides a list of packages to be installed.

Page 71

To review the package list

◆ Read the list of packages to be installed and press Enter to continue.

For a list of the packages, see Appendix F, “Required packages” on

page 203.

Specifying when to configure the client

You must specify whether to configure the client right after the installation, or complete the installation and configure the client later.

To specify when to configure the client

◆ At the client configuration readiness prompt, do one of the following:

71Installing and configuring the VCS One client

Configuring the VCS One client

To configure the client as part of the installation process

To install the client now, but configure it later

Enter the following: y.

Go to the next section, “Configuring the VCS One

client” on page 71.

Enter the following: n.

The installer installs the packages, and you can configure the client later. When you are ready to configure the client, see the next section, “Configuring the VCS One client” on page 71.

Configuring the VCS One client

The client configuration procedures are in the following subsections:

■ “Starting the client configuration” on page 71

■ “Entering the virtual IP addresses for the client” on page 72

■ “Deciding whether to configure the SSL library path” on page 72

■ “Synchronizing the clock times on your systems” on page 73

Starting the client configuration

If you have not yet started the client configuration, do so now.

To start the client configuration

◆ Start the VCS One client configuration. Enter the following:

# /opt/VRTS/install/installvcsonecd -configure

system_name

Page 72

72 Installing and configuring the VCS One client

Configuring the VCS One client

Entering the virtual IP addresses for the client

You must enter the Policy Master virtual IP addresses that the client uses. You must also enter the base IP addresses for the subnets on which the Policy Master and client communicate.

1 Enter the Policy Master virtual IP addresses separated by a space. For

example, enter the following:

# 192.168.5.150 192.168.5.151

2 At the Local IP address prompt for each client system, enter the local IP

address of the client system NIC that will communicate with the Policy Master virtual IP address.

3 At the valid list of space-separated IP addresses prompt, for each client

system, enter the base IP addresses for that system.

4 At the permanent credential package prompt, do one of the following:

■ If you have a permanent credential package, enter the following: y.

■ If you have a deployment credential, enter the following: n.

5 At the deployment credential package prompt, do one of the following:

■ If you have a permanent credential package, enter the following: n.

■ If you have a deployment credential, enter the following: y.

Deciding whether to configure the SSL library path

You can optionally configure the SSL library path.

To specify whether to configure the SSL library path

◆ At the SSL library path prompt, do one of the following:

■ If you do not want to configure the SSL library path, enter the

following: n.

■ If you want to configure the SSL library path, enter the following: y.

Then enter the SSL library path. The path must be to a directory that contains the libcrypto.so and libssl.so library files. For example, enter the following: /usr/local/lib.

The installer checks that ssh communications exist from the installation system to the root broker system, and that the clock time difference between the Policy Master and client is less than 30 seconds.

Page 73

Synchronizing the clock times on your systems

The clock times between the client and Policy Master systems within the same time zone must be within 30 minutes of one another or the installation may fail. If the clock times are more than 1000 seconds apart, you see a warning.

To synchronize the clock times on your systems

1 Do one of the following:

■ If you do not see a warning about the clock times, go to the section

“Completing and verifying the installation.”

■ If you see a warning about the clock times, go to step 2.

2 At the clock time discrepancy prompt, decide if you want to continue

configuring the client. Do one of the following:

■ To continue configuring the client, enter y.

■ To stop configuring the client, enter n.

3 If you want to synchronize the clock times, use the ntpdate command. For

example, enter the following:

rdate ntphost

73Installing and configuring the VCS One client

Configuring the VCS One client

Completing and verifying the installation

To complete and verify the installation

1 At the verification prompt, verify that the virtual IP addresses, base IP

addresses, root broker hash, and the SSL library path (if configured) are correct. Enter the following: y.

2 At the start client prompt, choose whether to start the VCS One client

processes. Do one of the following:

■ Follow the prompt to start the vcsoneclientd processes. Enter y.

■ Wait until later to start the vcsoneclientd processes. Enter n.

When you are ready to start the client processes, you must enter the following:

To view the installation logs. Enter the following:

# /var/VRTS/install/logs/

3 On the Policy Master, verify that the client is up and running. Enter the

following:

# hasys -state

4 On the client, enter the following:

# ps -ef | grep vcsone

# /opt/VRTSvcsone/bin/hastart -client

Page 74

74 Installing and configuring the VCS One client

After you install the VCS One client

Then check that the following resources are online:

vcsoneclientd.bin vcsoneclientd.bin -shadow

After you install the VCS One client

■ The VRTSvcsonemn package includes the VCS One online manual pages

under /opt/VRTS/man. Add this path to the MANPATH environment variable for your platform. For instructions on how to set the MANPATH environment variable for your platform, see the Veritas Server One Command Reference Guide.

■ To avoid having to reauthenticate your clients, do not change the Symantec

Product Authentication Service (AT) ClusterName attribute value after you have deployed your clients. VCS One clients connect to the Policy Master cluster using authentication credentials with the domain name specified by the ClusterName attribute value. If the ClusterName attribute value is changed after VCS One clients have connected to the Policy Master cluster, the client systems must be reconfigured to reauthenticate them with the Policy Master.

Therefore, if the ClusterName attribute value changes, you must restart the Policy Master service group (PMSG) (including the AT daemon vcsoneatd, the VCS One console, and the Policy Master) and reauthenticate all VCS One clients.

Page 75

Chapter

Performing unattended client installations

This chapter includes the following topics:

■ About response files

■ Installation using a response file

Page 76

76 Performing unattended client installations

About response files

Response files are pre-saved responses to questions that the client installer asks. Use a response file to perform unattended installations.

Choose a response file type that works with your configuration:

■ Deployment credential installation. For unattended installations without

predefined system credentials.

■ Credential installation. For unattended installations with predefined system

credentials.

■ No credential installation. For installations performed without credentials.

Response file example

This example shows a deployment credential installation and configuration of the VCS One client on three systems (redhat1, redhat2, and redhat3) using the deployment credential:

/PM/data/vcsone_deploy.credential

# # installvcsonecd configuration values: # $CPI::CFG{OBC_MODE}="STANDALONE"; $CPI::CFG{OPT}{INSTALLCONFIG}=1; $CPI::CFG{SYSTEMS}=[ qw(redhat1, redhat2, redhat3) ]; $CPI::CFG{UPI}="VCSONECD"; $CPI::CFG{VCSONECD_CC_ATPORT}=14159; $CPI::CFG{VCSONECD_CLUSTERIP}=[ qw(10.198.92.127) ]; $CPI::CFG{VCSONECD_CREDPKG}="N"; $CPI::CFG{VCSONECD_DC_PMCOMM}="Y"; $CPI::CFG{VCSONECD_DC_TIMEOUT}=86400; $CPI::CFG{VCSONECD_DEPLOYMENTCRED}="/PM/data/vcsone_deploy.credenti al"; $CPI::CFG{VCSONECD_DEPLOYMENTCREDPKG}="Y"; $CPI::CFG{VCSONECD_LOCALIPS|{redhat1}{"10.198.92.127"}="None"; $CPI::CFG{VCSONECD_LOCALIPS|{redhat2}{"10.198.92.127"}="None" $CPI::CFG{VCSONECD_LOCALIPS|{redhat3}{"10.198.92.127"}="None" $CPI::CFG{VCSONECD_VALIDIP}{redhat1}="10.198.95.241"; $CPI::CFG{VCSONECD_VALIDIP}{redhat2}="10.198.95.242" $CPI::CFG{VCSONECD_VALIDIP}{redhat3}="10.198.95.243"

See Appendix E, “Response file variables” for descriptions of each variables.

Using a response file from a previous installation

With each installation, the installation program generates a response file that documents what the user entered at each installation prompt. The response file is in the directory indicated at the end of the an installation; for example:

Page 77

Installation using a response file

/var/VRTS/install/logs/installscript-nnnn/installscript-nnnn .response

where

■ the suffix nnnn corresponds to an installation instance

■ the installscript may be, for example:

installer

installvcsonepm

installvcsonecd

Response file path:

/var/VRTS/install/logs/installvcsonecd-G97Ahf/installvcsonecd-G97Ah f.response

You may use a response file generated from a successful Veritas Cluster Server One (VCS One) installation, modifying it as needed, and use it to run another installation. This method is useful to install VCS One clients on multiple systems in an unattended mode.

77Performing unattended client installations

Installation using a response file

You can edit a response file generated from a successful installation and place it in a specific directory on the system where you plan to run another installation. When you run the install program, use the -responsefile response_file option.

To perform an installation using a response file

1 Edit the response file and define values for the variables the installation

requires. For example, save it as “response_file” in the /tmp directory.

2 Make sure that packages or Red Hat package management (RPM) systems to

be installed have been upgraded.

3 Make sure the system where you run the installation command can

communicate with the systems where the software is installed using ssh or rsh.

4 Make sure that the clock times on all systems in the same time zone are

within 30 minutes of one another.

5 On the system where you want to run the installation, mount the software

disc and navigate to the directory containing the installation program. Enter the following:

cd cluster_server_one

6 Run the installer with the -responsefile path_to_response_file

option. Enter the following:

# ./installvcsonecd -responsefile /tmp/response_file

Page 78

78 Performing unattended client installations

Installation using a response file

Note: If any older versions of VRTS RPMs or packages are on the target system, installation using the response file fails.

Page 79

Chapter

Installing the Simulator

This chapter includes the following topics:

■ About the Simulator

■ Before you install the Simulator

■ Installing the Simulator

Page 80

80 Installing the Simulator

About the Simulator

You can use the Simulator to view, modify, and test the VCS One cluster configuration and behavior in a safe simulation that does not affect your production environment.

For more information about using the Simulator, see the Veritas Cluster Server One User’s Guide.

Before you install the Simulator

You can install the VCS One Simulator software on one or more Windows systems. A Simulator is available for Windows only.

Before you install the Simulator, do the following:

■ Ensure that the Windows version of the system where you will install the

Simulator is at a level supported by this release. For supported operating system levels, see the Veritas Cluster Server One Release Notes.

■ Choose any installation software disc. The Windows Simulator is available

under the simulator directory on each VCS One installation software disc.

Installing the Simulator

The Simulator included in this release of VCS One can co-exist with earlier versions. Earlier versions of the Simulator use the same ports as the Simulator included in this release. If you have an earlier version of the Simulator, make sure that it is not running before you install the version included in this VCS One release.

To install the Simulator

1 Insert the VCS One software disc for any supported platform into the disc

drive.

2 Navigate to the simulator directory. From there, open the windows

directory.

3 Double click on vcsonesim.exe to start the VCS One Simulator installation

wizard.

4 Click Next on the Welcome screen.

5 Accept the End-User Software License Agreement and click Next.

6 Check the destination folder where the VCS One Simulator will be installed.

Page 81

Installing the Simulator

■ If you want to install the software in the displayed directory, click Next.

By default, the Simulator is installed on the desktop in a directory named VCSOne.

■ If you want to change the location for software installation, click

Browse...

Browse to the desired directory and click OK. Then, click Next. If you change the directory, the VCS One Simulator software is

installed in the specified directory.

7 To begin installation, click Next. The VCS One Simulator installation wizard

takes a few minutes to install the software.

8 When the VCS One Simulator installation wizard indicates that the

installation is complete, click Finish.

The Simulator installer does not add any files outside of the directory where it installs the Simulator. The Simulator does not appear in Add or Remove Programs, the Start Up program, or in the registry. You may move the directory where the Simulator is installed to any location.

81Installing the Simulator

Page 82

82 Installing the Simulator

Installing the Simulator

Page 83

Chapter

Setting up authentication plug-ins for VCS One

This chapter includes the following topics:

■ About authentication plug-ins

■ Supported authentication service types

■ Displaying information about user names and domain names

■ Setting up vx authentication

■ Setting up unixpwd authentication

■ Setting up NIS or NIS+ authentication

■ Setting up LDAP authentication

■ Setting up Windows Active Directory authentication

■ Setting up PAM authentication

■ Extending the credential expiry period

■ Setting the default domain and domain type

Page 84

84 Setting up authentication plug-ins for VCS One

About authentication plug-ins

Veritas Cluster Server One (VCS One) uses Symantec Product Authentication Service (AT) for security. The system is based on Secure Sockets Layer (SSL). AT lets product components verify the identity of other components and communicate securely. It also lets users log into VCS One securely.

Each authentication service type supported by VCS One has an authentication plug-in.

Supported authentication service types

For each authentication service type supported by VCS One, the authentication broker uses an authentication plug-in to validate the identities within a particular domain.

Table 7-1 lists the authentication service types and corresponding

authentication plug-ins supported by VCS One.

Table 7-1 Authentication service types supported by VCS One

Authentication

AT plug-in name Description

service type

Symantec Private Domain

UNIX password domain

Network Information Service (NIS)

NIS+ nisplus Use with the NIS+ domain.

Lightweight Directory Access Protocol (LDAP)

Windows Active Directory

vx Use with the Symantec Private

Domain type.

unixpwd Use with the UNIX password

domain.

nis Use with the NIS domain.

ldap Use with both LDAP and

Windows Active Directory.

Supported LDAP server is:

■ Open LDAP 2.2 (RFC 2307)

ldap Use with both LDAP and

Windows Active Directory.

Supported Windows Active Directory server is:

■ Windows Active Directory

2003

Page 85

Displaying information about user names and domain names

Table 7-1 Authentication service types supported by VCS One (continued)

85Setting up authentication plug-ins for VCS One

Authentication

AT plug-in name Description

service type

Pluggable Authentication Modules (PAM)

pam Use with the PAM domain.

Displaying information about user names and domain names

The case sensitivity and length limits for user names and domain names varies depending on the authentication service type.

You can display information about the case sensitivity and length limit for user names and domain names for a specific authentication service type.

To display length limit and case sensitivity information for user names and domain names

◆ Enter the following command:

# /opt/VRTSvcsone/bin/haat showplugininfo -p plugin_type

where plugin_type is the authentication plug-in type (that is, vx, unixpwd, nis, nisplus, ldap, or pam).

The output looks similar to the following:

# /opt/VRTSvcsone/bin/haat showplugininfo -p ldap Using data dir: /vad_db/data

showplugininfo

----------------------

Plugin name: ldap Default Credential Expiry: 86400 User Credential Expiry: 86400 Service Credential Expiry: 31536000 Web Credential Expiry: 28800 Enabled Flag: 1 Do Not Load: 0 Max UserLength: 64 Is case sensitive: yes Found Domain(s) 2 ************************************* Domain Name: VSS Domain Type: ldap *************************************

Page 86

86 Setting up authentication plug-ins for VCS One

Setting up vx authentication

Domain Name: LDAP10 Domain Type: ldap *************************************

Case sensitivity

Table 7-2 shows authentication service types with case-sensitive user names

and domain names:

Table 7-2 Case-sensitive authentication service types

Authentication service type AT plug-in name

Symantec Private Domain vx

UNIX password domain unixpwd

Network Information Service (NIS) nis

NIS+ nisplus

Length limits

Pluggable Authentication Modules (PAM)

pam

Table 7-3 shows authentication service types with user names and domain

names that are not case sensitive:

Table 7-3 Case-insensitive authentication service types

Authentication service type AT plug-in name

Lightweight Directory Access Protocol (LDAP)

Windows Active Directory ldap

ldap

For Windows Active Directory and LDAP, Symantec recommends that you limit user names and domain names to 40 characters or less. (Windows and LDAP limit user names and domain names to 79 ASCII characters or less. If you use non-ASCII characters, the limit varies.)

Setting up vx authentication

To set up Symantec Private Domain (vx) authentication, add the user to the cluster private domain.

Page 87

Setting up vx authentication

The user can then authenticate by using one of the following methods:

■ Running halogin to set up the user profile

■ Including the -user and -domaintype options with the commands from

within client-side scripts

■ Setting environment variables within the scripts

If a common password is acceptable, you can use batch scripts to gather the user IDs and create them with a random password to get the credentials for all of them. If the user IDs do not require separate passwords, you can automate the process.

To add a VCS One user to the private domain with the necessary privileges

1 On the active Policy Master system, see if a suitable private domain already

exists. VCSONE_USERS is the default name of the vx private domain in VCS One. Enter the following:

# /opt/VRTSvcsone/bin/haat showpd -t ab -d domain_name | grep \ "domain_name"

where domain_name in grep “domain_name” is the domain name you are searching for, such as VCSONE_USERS.

87Setting up authentication plug-ins for VCS One

2 On the active Policy Master system, do one of the following:

If there is no private domain Create a private domain with a distinct name.

Enter the following:

# /opt/VRTSvcsone/bin/haat createpd

-t \ ab -d domain_name

where -t indicates that the private domain type is ab or authentication broker, and domain_name is the domain name.

If a private domain already exists Check to see if the principal for this user is

already there. Enter the following command:

# /opt/VRTSvcsone/bin/haat showprpl

-t \ ab -d domain_name -p principal_name

where -t indicates that the private domain type is ab or authentication broker, domain_name is the

domain name, and principal_name is the name of the user who will run the scripts.

3 On the active Policy Master system, if the principal for this user already

exists, delete it by entering the following command:

Page 88

88 Setting up authentication plug-ins for VCS One

Setting up vx authentication

# /opt/VRTSvcsone/bin/haat deleteprpl -t ab -d domain_name \

-p principal_name -s

where -t indicates that the private domain type is ab or authentication broker, domain_name@cluster_domain is the name of the cluster private domain, and principal_name is the user name. -s indicates the silent option (that is, no feedback is given when you run the command with the -s option).

4 On the active Policy Master system, create a principal for the user on the

cluster private domain by entering the following command:

# /opt/VRTSvcsone/bin/haat addprpl -t ab -d domain_name \

-p principal_name -s password -b host:port

5 On the active Policy Master system, get the root broker hash by entering the

following command:

# /opt/VRTSvcsone/bin/haat showbrokerhash

6 On the client system, set up trust between the client system and the

authentication broker by entering the following command:

# haat setuptrust -b host[{:port|:PBXPort:PBXServiceID}] \

-s low|medium|high

7 On the client system, authenticate the user by entering the following

command:

# haat authenticate -d vx:VCSONE_USERS -p principal_name \

-s password -b brokerhost:port

8 On the client system, verify that the credential is in the local cache by

entering the following command:

# /opt/VRTSvcsone/bin/haat showcred -j client

9 On the Policy Master system, add the user by entering the following

command:

# /opt/VRTSvcsone/bin/hauser -add \

vxuser@domain_name@cluster_name

where vxuser is the user name, domain_name is the domain name, and cluster_name is the name of the VCS One cluster. By default, the VCS One

cluster name is vcsone_cluster.

10 On the Policy Master system, add roles for the user by entering the following

command:

# /opt/VRTSvcsone/bin/hauser -addrole \

vxuser@domain_name@cluster_name ServerFarmObjectGuest

11 On the client system, test that the user’s login credentials work by running a

VCS One “ha” command such as hasys:

# /opt/VRTSvcsone/bin/hasys -state -user vxuser -domaintype vx

Page 89

Setting up unixpwd authentication

The UNIX password domain type (unixpwd) authenticates users based on /etc/passwd on the Policy Master system.

No set up is required for the unixpwd domain. You add VCS One users to the unixpwd configuration and give them the necessary privileges.

To add a VCS One user to the unixpwd configuration with the necessary privileges

1 Add the user by entering the following command:

# /opt/VRTSvcsone/bin/hauser -add unixuser@vcsone_cluster_name

where unixuser is the user name and vcsone_cluster_name is the name of the VCS One cluster. By default, the VCS One cluster name is vcsone_cluster.

2 Add roles for the user by entering the following command:

# /opt/VRTSvcsone/bin/hauser -addrole \

unixuser@vcsone_cluster_name ServerFarmObjectGuest

89Setting up authentication plug-ins for VCS One

Setting up unixpwd authentication

3 Test that the user’s log in credentials work by running a VCS One “ha”

command such as hasys:

# /opt/VRTSvcsone/bin/hasys -state -user unixuser -domaintype \ unixpwd

Setting up NIS or NIS+ authentication

To set up NIS or NIS+ authentication

1 Verify that you can log into VCS One on the Policy Master system with NIS

or NIS+ credentials using ssh.

2 Add the user by entering the following command:

# /opt/VRTSvcsone/bin/hauser -add nisuser@nis_domain_name

where nisuser is the user name and nis_domain_name is the name of the NIS or NIS+ domain.

3 Add roles for the user by entering the following command:

# /opt/VRTSvcsone/bin/hauser -addrole nisuser@nis_domain_name \ ServerFarmObjectGuest

4 Test that the user’s log in credentials work by running a VCS One “ha”

command such as hasys.

Page 90

90 Setting up authentication plug-ins for VCS One

Setting up LDAP authentication

For NIS, enter:

# /opt/VRTSvcsone/bin/hasys -state -user nisuser -domaintype nis

For NIS+, enter:

# /opt/VRTSvcsone/bin/hasys -state -user nisuser -domaintype \ nisplus

Setting up LDAP authentication

The LDAP configuration tool, haldapconf, is a command line interface (CLI) program that lets you configure the LDAP plug-in for the authentication broker. Use haldapconf to connect to the enterprise LDAP server and detect the default parameters for searching users and groups.

The haldpaconf configuration tool has the following options:

-d “discover”

Connects to the LDAP server and searches for the user and group attributes.

-c “createatcli” Creates an authentication CLI. The authentication CLI is used to register the LDAP server in the VCS One authentication broker.

-x “atconfigure” Configures authentication.

Page 91

Setting up LDAP authentication

Figure 7-1 shows how the LDAP configuration tool works.

91Setting up authentication plug-ins for VCS One

9WbbKDOGDSFRQI_dj^[

YeccWdZfhecfj

B:7FYed\_]khWj_ed

jeeb

GGLVFRYHU

B:7Ffhef[hj_[i

\_b[_ih[jh_[l[Z

FFUHDWHDWFOL

7J9B?\_b[_i

][d[hWj[Z

[DWFRQILJXUH

lhjiWjbeYWb$Yed\\_b[

_ikfZWj[Z

B:7F9ed\_]khWj_edJeebMeha<bem

GGLVFRYHU

/'$36HUYHU

Ki[hYWd[Z_jj^[B:7F fhef[hj_[i\_b[

J^[lhjiWjbeYWb$Yed\\_b[_i kfZWj[Zj^hek]^

KDDWDGGOGDSGRPDLQ

Figure 7-1 LDAP configuration tool workflow

To set up LDAP authentication

1 Connect to the LDAP server and search for the user and group attributes:

# /opt/VRTSvcsone/bin/haldapconf -d -s ldap_server_name \ [-p ldap_server_port] -u search_user -g search_group \ [-f attribute_list_file] [-m admin_username] \ [-w admin_password] [-l loglevel]

where:

■ -s ldap_server_name specifies the name of the LDAP server. This

option is required.

Page 92

92 Setting up authentication plug-ins for VCS One

Setting up LDAP authentication

■ -p ldap_server_port specifies the LDAP server port. The default

value is 389. To bind the server, the command uses the user name and password. If you do not provide a user name and password, the command prompts you to provide them.

■ -u search_user specifies the base search paths for users. This

option is required.

■ -g search_group specifies the base search paths for the group. This

option is required.

■ -f attribute_list_file specifies the name of the attribute list

file. By default, the name is AttributeList.txt. This file is placed in the working directory.

■ -m admin_username specifies the user name of the connecting user.

When anonymous searches are disabled, this option is required to make the initial connection to the LDAP server.

■ -w admin_password specifies the password of the connecting user.

When anonymous searches are disabled, this option is required to make the initial connection to the LDAP server.

■ -l loglevel generates a log file named haldapconf.debug. loglevel

determines the amount of information that goes into the log. The value of loglevel ranges from 0 to 4.

The haldapconf -d command creates an attribute list file that contains the valid values for all the attributes in descending order of priority. This command also retrieves the valid values for the LDAP attributes that have multiple values.

For example, to run ldapserver.com, a user named testuser, and a group named testgroup, enter the following command:

# /opt/VRTSvcsone/bin/haldapconf -d -s ldapserver.com \

-u testuser -g testgroup

haldapconf -d for an LDAP server named

2 Determine the highest priority attribute and create an authentication CLI

that includes haat addldapdomain by running the following command:

# /opt/VRTSvcsone/bin/haldapconf -c -d domainname \ [-i attribute_list_file] [-o at_cli_file] [-a FLAT|BOB] \ [-s BASE|ONE|SUB] [-l loglevel]

where:

■ -d domain_name specifies the domain name. The domain name must

be unique.

■ -i attribute_list_file specifies the name of the attribute list

file. By default, the name is AttributeList.txt. The file is placed in the working directory.

Page 93

Setting up LDAP authentication

■ -o at_cli_file specifies the name of the AT CLI file. By default, the

name is CLI.txt. This file is placed in the working directory.

■ -a FLAT|BOB specifies the type of authentication. FLAT specifies that

the database structure for LDAP is flat or non-hierarchical. BOB species that the database structure for LDAP is nested or hierarchical. By default, the authentication type is FLAT.

■ -s BASE|ONE|SUB specifies the scope of the search. BASE is the

primary level, ONE is one down from the primary level, and SUB is below ONE. By default, the scope is SUB.

■ -l loglevel generates a log file named haldapconf.debug. loglevel

determines the amount of information that goes into the log. The value of loglevel ranges from 0 to 4.

For example, to run haldapconf -c for a domain named myldapdomain1, enter the following command:

# /opt/VRTSvcsone/bin/haldapconf -c -d myldapdomain1

3 Add the LDAP domain by running the following command to configure

authentication. This command reads and runs the AT CLI generated by

haldapconf -c in step 2.

# /opt/VRTSvcsone/bin/haldapconf -x [-f at_cli_file] \

[-p at_install_path] [-o broker_port] [-l loglevel]

where:

■ -f at_cli_file specifies the name of the AT CLI list file. By default,

the name is CLI.txt. This file is placed in the working directory.

■ -i at_install_path specifies the path /opt/VRTSvcsone.

■ -o broker_port specifies the broker port. Unless you changed the

broker port when you installed VCS One, the default VCS One broker port is 14159.

■ -l loglevel generates a log file named haldapconf.debug. loglevel

determines the amount of information that goes into the log. The value of loglevel ranges from 0 to 4.

For example, to run haldapconf -x for the default broker port for VCS One, enter the following command:

# /opt/VRTSvcsone/bin/haldapconf -x -o 14159 -p \

/opt/VRTSvcsone

93Setting up authentication plug-ins for VCS One

4 Verify that the LDAP domain has been added and registered by entering the

following command:

# /opt/VRTSvcsone/bin/haat listldapdomains

The output for this command is similar to the following:

Found: 1

Domain Name : LDAP1

Page 94

94 Setting up authentication plug-ins for VCS One

Setting up Windows Active Directory authentication

Server URL : ldap://myldap.server1.com:389 SSL Enabled : No User Base DN : ou=People, dc=mycompany,dc=corp,dc=com User Object Class : account User Attribute : uid User GID Attribute : gidNumber Group Base DN : ou=Group, dc=mycompany,dc=corp,dc=com Group Object Class : posixGroup Group Attribute : cn Group GID Attribute : memberUid Group GID Attribute Type: Auth Type : FLAT Admin User : Admin User Password : Search Scope : SUB

Setting up Windows Active Directory authentication

VCS One supports the Windows Active Directory through the ldap authentication plug-in. Enable Active Directory for use with VCS One by following the procedure for LDAP.

See “Setting up LDAP authentication” on page 90.

Setting up PAM authentication

Pluggable Authentication Modules (PAM) authenticate users on the Policy Master system.

No set up is required for the PAM domain. You add VCS One users to the PAM configuration and give them the necessary privileges.

To add a VCS One user to the PAM configuration with the necessary privileges

1 Add the user by entering the following command:

# /opt/VRTSvcsone/bin/hauser -add pamuser@vcsone_cluster_name

where pamuser is the user name and vcsone_cluster_name is the name of the VCS One cluster. By default, the VCS One cluster name is vcsone_cluster.

2 Add roles for the user by entering the following command:

# /opt/VRTSvcsone/bin/hauser -addrole \

pamuser@vcsone_cluster_name ServerFarmObjectGuest

3 Test that the user’s log in credentials work by running a VCS One “ha”

command such as hasys:

# /opt/VRTSvcsone/bin/hasys -state -user pamuser -domaintype pam

Page 95

Extending the credential expiry period

By default, logged-in VCS One users have a credential that expires in 24-hours. Users who need to run commands from within client-side scripts may require longer-term credentials.

You may change the default 24-hour expiry period to a larger value (such as two years) at the system level. Increasing the default value makes your job easier if the number of users with distinct passwords is relatively large.

You may change the expiry period in the authentication broker. With this approach, a user provides their password only once. They can run VCS One (“ha”) commands without providing it until the end of the expiry period.

If you use this method, you must collect the credentials for these users quickly, before the expiry period can be reset to the original limit. When you are finished, you must reset the expiry period to its original setting. No matter how quickly you complete this process, there is a time window when other users can log in at the same time and acquire long-term credentials. Also, AT does not support revoking a granted credential.

Due to these issues, change the expiry period in the authentication broker only as a last resort and when the systems are not being used by users who should not have an extended expiry period.

95Setting up authentication plug-ins for VCS One

To extend the expiry period

1 Display the current expiry period by entering the following command:

# /opt/VRTSvcsone/bin/haat showexpiryintervals -p plugin_name

where plugin_name is the authentication plug-in name (that is, vx, unixpwd, nis, nisplus, ldap, or pam).

2 Increase the expiry period by entering the following command:

# /opt/VRTSvcsone/bin/haat setexpiryintervals -p plugin_name \

-t user -e seconds

where seconds indicates an expiry period in seconds. To set it for two years, use 63,072,000 seconds.

3 Verify the change by entering the following command:

# /opt/VRTSvcsone/bin/haat showexpiryintervals -p plugin_name

4 Have the users get new credentials.

5 Reset the expiry period to its original value. Enter the following:

# /opt/VRTSvcsone/bin/haat setexpiryintervals -p plugin_name \

-t user -e 86400

6 where 86,400 indicates an expiry period of 86,400 seconds (24 hours).

Verify the change. Enter the following:

# /opt/VRTSvcsone/bin/haat showexpiryintervals -p plugin_name

Page 96

96 Setting up authentication plug-ins for VCS One

Setting the default domain and domain type

You must specify a user and domain type with VCS One commands. The -user

user@domain

domaintype

For the -domaintype domaintype option, accepted values for domaintype are unixpwd, nis, nisplus, ldap, pam, and vx (which is the Symantec Private Domain). These values are case sensitive.

You may set a default domain and domain type using the DefaultAuthDomain attribute so that you do not have to enter the domain and domain type each time you run a command.

To set the default domain and domain type

◆ Enter the following command:

# /opt/VRTSvcsone/bin/haclus -modify DefaultAuthDomain \

domaintype:domainname

Accepted values for the DefaultAuthDomain attribute are in the form

domaintype:domainname. Examples include ldap:lab1.com (where lab1.com is a

Windows Active Directory domain) and nis:lab2.com (where lab2 is a NIS domain).

By default, the unixpwd and pam domain types do not require a domain name. They assume the authentication broker host name or the VCS One cluster name based on the UseClusterNameAsDomainName attribute.

After you set the DefaultAuthDomain attribute, VCS One commands use the specified domain and domain type as the default. After that, you do not have to specify the domain and domain type with the when you run a command.

After you set a default domain and domain type, when you run a command with the

-domaintype domaintype option, it will override the default.

option species the fully-qualified user name and the -domaintype

option specifies the relevant domain type.

-domaintype domaintype option

Note: The domain type unixpwd should only be used for users who are local to the UNIX system. When the domain type ignored and the local system’s domain name is used instead. For example, if the user,

user@domain, is authenticated with the domain type unixpwd on a system

named system1, the user’s credential is domain name.

For more information on modifying attributes, see the Veritas Cluster Server One User’s Guide.

unixpwd is used, the domain name is

user@system1 instead of the actual

Page 97

Chapter

Adding shared storage and testing disks for SCSI-3 compliance

This chapter includes the following topics:

■ About adding shared storage

■ Requirements for adding shared storage

■ Adding storage devices

■ Testing disks for SCSI-3 compliance

■ Setting up and testing data disks

■ Using additional vxfentsthdw options

■ Setting up Policy Master I/0 fencing

■ About VCS One client I/O fencing

Page 98

98 Adding shared storage and testing disks for SCSI-3 compliance

About adding shared storage

This section describes how to set up a system with SCSI-3 protection for shared storage.

If two or more systems in the Policy Master cluster share storage devices, you can configure and use the I/O fencing feature in VCS One. In the event of a network failure, I/O fencing protects the shared storage from data corruption.

Requirements for adding shared storage

To meet the requirements for shared storage in a production environment, you must supply the following:

■ Three coordinator disks that support SCSI-3 persistent reservations. This is

a requirement for I/O fencing, and applies only to the Policy Master. Clients do not require coordinator disks.

■ Two switches for I/O connection redundancy.

Adding storage devices

For the Policy Master in a production environment, you need to add a minimum of three coordinator disks in addition to the storage for data. This requirement does not apply for clients.

To add storage devices to the VCS One cluster

1 Physically connect each storage device to each system in the Policy Master

cluster.

2 On each system in the VCS One cluster, scan the drives, update the Veritas

Volume Manager (VxVM) device list, and reconfigure VxVM DMP with the new devices with the following command:

vxdisk scandisks

3 On one system in the VCS One cluster, initialize the disks with the following

command:

vxdiskadm

4 Choose 1 Add or initialize one or more disks from the menu.

5 At the prompt, to select devices, type list.

6 Type the name of the devices you are adding when prompted to select

devices. Do one of the following:

■ For Solaris or AIX, enter the following:

c3t1d0 c3t2d0

Page 99

Testing disks for SCSI-3 compliance

■ For Linux, enter the following:

sdx

7 At the Which disk group prompt, enter none.

You create disk groups later. For details on creating disk groups, see “Setting up and testing the

coordinator disks” on page 103.

8 Initialize the disk as the default.

9 Exit the utility. Type q.

To verify each system sees the same added devices (optional)

From each system, the names of the added disks may be different. By using a command to check the serial number of the disk, you can verify that a specific disk is the same one as seen from each system. This is important when you have added many disks.

◆ Use the following command on each system, making sure that the device

path is the appropriate one from each system (they are likely to be different):

vxfenadm -i device_path

In the output, examine the serial number and verify it is the same disk.

99Adding shared storage and testing disks for SCSI-3 compliance

Testing disks for SCSI-3 compliance

Test the data disks you are going to use for SCSI-3 compliance and I/O fencing support.

Use the following procedure to test the data disks for either the Policy Master cluster system or client systems.

Page 100

100 Adding shared storage and testing disks for SCSI-3 compliance

Setting up and testing data disks

Verify that each disk you added for use as a data disk supports SCSI-3 persistent reservations and I/O fencing. Use the vxfentsthdw utility to verify that the storage you added supports SCSI-3 persistent reservations. The procedure may destroy data on the disk.

Note: If the disks you want to test have data on them that you want to preserve, use the -r (read-only) option of vxfentsthdw. Be advised that, with the -r option, not all SCSI-3 compliance tests are run.

When you run the utility, you are prompted for:

■ The names of two systems connected to the storage disks.

■ The name of the disk as it is displayed on each system. A given disk may

have a different name on each system.

To test data disks using vxfentsthdw

1 Make sure the two systems are connected to the storage device you are

testing, and that the systems are running the same operating system.

2 Ensure that both systems have mutual connectivity via rsh or ssh

communications.

3 Start vxfentsthdw. Enter the following. If you are using ssh, omit the -n

option:

/opt/VRTSvcsone/vxfen/bin/vxfentsthdw -n

4 At the prompts, provide the required information. If the test succeeds, the

following information is displayed:

The disk /dev/disk_name is ready to be configured for I/O Fencing on node name_of_first_node The disk /dev/disk_name is ready to be configured for I/O Fencing on node name_of_second_node

If the testing does not display a message that the disk is ready to be configured for I/O fencing, the disk has failed the testing.

5 Repeat this test on all shared data disks connected to the system.