InfoScale™ 9.0 Cluster Server Configuration and Upgrade Guide - Linux
- Section I. Configuring Cluster Server using the script-based installer- I/O fencing requirements
- Preparing to configure VCS clusters for data integrity- About planning to configure I/O fencing
- Setting up the CP server
 
- Configuring VCS- Overview of tasks to configure VCS using the product installer
- Starting the software configuration
- Specifying systems for configuration
- Configuring the cluster name
- Configuring private heartbeat links
- Configuring the virtual IP of the cluster
- Configuring VCS in secure mode
- Setting up trust relationships for your VCS cluster
- Configuring a secure cluster node by node
- Adding VCS users
- Configuring SMTP email notification
- Configuring SNMP trap notification
- Configuring global clusters
- Completing the VCS configuration
- About the License Audit Tool
- Verifying and updating licenses on the system
 
- Configuring VCS clusters for data integrity- Setting up disk-based I/O fencing using installer
- Setting up server-based I/O fencing using installer
- Setting up non-SCSI-3 I/O fencing in virtual environments using installer
- Setting up majority-based I/O fencing using installer
- Enabling or disabling the preferred fencing policy
 
 
- Section II. Automated configuration using response files- Performing an automated VCS configuration
- Performing an automated I/O fencing configuration using response files- Configuring I/O fencing using response files
- Response file variables to configure disk-based I/O fencing
- Sample response file for configuring disk-based I/O fencing
- Response file variables to configure server-based I/O fencing
- Sample response file for configuring server-based I/O fencing
- Response file variables to configure non-SCSI-3 I/O fencing
- Sample response file for configuring non-SCSI-3 I/O fencing
- Response file variables to configure majority-based I/O fencing
- Sample response file for configuring majority-based I/O fencing
 
 
- Section III. Manual configuration- Manually configuring VCS- About configuring VCS manually
- Configuring LLT manually
- Configuring GAB manually
- Configuring VCS manually
- Configuring VCS in single node mode
- Starting LLT, GAB, and VCS after manual configuration
- About configuring cluster using VCS Cluster Configuration wizard
- Before configuring a VCS cluster using the VCS Cluster Configuration wizard
- Launching the VCS Cluster Configuration wizard
- Configuring a cluster by using the VCS cluster configuration wizard
- Adding a system to a VCS cluster
- Modifying the VCS configuration
 
- Manually configuring the clusters for data integrity- Setting up disk-based I/O fencing manually
- Setting up server-based I/O fencing manually- Preparing the CP servers manually for use by the VCS cluster
- Generating the client key and certificates manually on the client nodes
- Configuring server-based fencing on the VCS cluster manually
- Configuring CoordPoint agent to monitor coordination points
- Verifying server-based I/O fencing configuration
 
- Setting up non-SCSI-3 fencing in virtual environments manually
- Setting up majority-based I/O fencing manually
 
 
- Manually configuring VCS
- Section IV. Upgrading VCS- Planning to upgrade VCS- About upgrading to VCS 9.0
- About rolling upgrade
- Upgrading VCS in secure enterprise environments
- Supported upgrade paths
- Considerations for upgrading secure VCS 7.4.x clusters to VCS 9.0
- Considerations for upgrading VCS to 9.0 on systems configured with an Oracle resource
- Considerations for upgrading CP servers
- Considerations for upgrading CP clients
- Considerations for upgrading REST server
- Using Install Bundles to simultaneously install or upgrade full releases (base, maintenance, rolling patch), and individual patches
 
- Performing a VCS upgrade using the installer- Before upgrading VCS using the script-based installer
- Upgrading VCS using the product installer
- Performing a rolling upgrade from 7.4.2 to 9.0 using the product installer
- Upgrading to 2048 bit key and SHA256 signature certificates
- Tasks to perform after upgrading to 2048 bit key and SHA256 signature certificates- Deleting certificates of non-root users after upgrading to 2048 bit key and SHA256 signature certificates
- Re-establishing WAC communication in global clusters after upgrading to 2048 bit key and SHA256 signature certificates
- Re-establishing CP server and CP client communication after upgrading to 2048 bit key and SHA256 signature certificates
- Re-establishing trust with Steward after upgrading to 2048 bit key and SHA256 signature certificates
 
- Upgrading Steward to 2048 bit key and SHA256 signature certificates
 
- Performing an online upgrade
- Performing a phased upgrade of VCS- About phased upgrade
- Performing a phased upgrade using the product installer- Moving the service groups to the second subcluster
- Upgrading the operating system on the first subcluster
- Upgrading the first subcluster
- Preparing the second subcluster
- Activating the first subcluster
- Upgrading the operating system on the second subcluster
- Upgrading the second subcluster
- Finishing the phased upgrade
 
 
- Performing an automated VCS upgrade using response files
- Upgrading VCS using YUM
 
- Planning to upgrade VCS
- Section V. Adding and removing cluster nodes- Adding a node to a single-node cluster- Adding a node to a single-node cluster
 
- Adding a node to a multi-node VCS cluster- Adding nodes using the VCS installer
- Manually adding a node to a cluster- Setting up the hardware
- Installing the VCS software manually when adding a node
- Setting up the node to run in secure mode
- Configuring LLT and GAB when adding a node to the cluster
- Configuring I/O fencing on the new node
- Adding the node to the existing cluster
- Starting VCS and verifying the cluster
- Adding a node using response files
 
 
- Removing a node from a VCS cluster- Removing a node from a VCS cluster- Verifying the status of nodes and service groups
- Deleting the departing node from VCS configuration
- Modifying configuration files on each remaining node
- Removing the node configuration from the CP server
- Removing security credentials from the leaving node
- Unloading LLT and GAB and removing InfoScale Availability or Enterprise on the departing node
 
 
- Removing a node from a VCS cluster
 
- Adding a node to a single-node cluster
- Section VI. Installation reference- Appendix A. Services and ports
- Appendix B. Configuration files
- Appendix C. Configuring LLT over UDP- Using the UDP layer for LLT
- Manually configuring LLT over UDP using IPv4- Broadcast address in the /etc/llttab file
- The link command in the /etc/llttab file
- The set-addr command in the /etc/llttab file
- Selecting UDP ports
- Configuring the netmask for LLT
- Configuring the broadcast address for LLT
- Sample configuration: direct-attached links
- Sample configuration: links crossing IP routers
 
- Manually configuring LLT over UDP using IPv6
- LLT over UDP sample /etc/llttab
- About configuring LLT over UDP multiport
 
- Appendix D. Configuring LLT over TCP- Using the TCP layer for LLT
- Manually configuring LLT over TCP using IPv4- Broadcast address in the /etc/llttab file
- The link command in the /etc/llttab file
- The set-addr command in the /etc/llttab file
- Selecting TCP ports
- Configuring the netmask for LLT
- Configuring the broadcast address for LLT
- Sample configuration: direct-attached link
- Sample configuration: link crossing IP routers
 
- Manually configuring LLT over TCP using IPv6
- LLT over TCP sample /etc/llttab
 
- Appendix E. Migrating LLT links from IPv4 to IPv6 or dual-stack- About migrating the LLT links from IPv4 to IPv6 or to a dual-stack network
- Review the current configuration
- Meet the prerequisites for migration
- Adding a new node to an existing cluster
- Migrating LLT links to IPv6 or dual-stack when LLT is configured over UDP using IPv4
- Migrating LLT links to IPv6 or dual-stack when LLT is configured over TCP using IPv4
 
- Appendix F. Using LLT over RDMA- Using LLT over RDMA
- About RDMA over RoCE or InfiniBand networks in a clustering environment
- How LLT supports RDMA capability for faster interconnects between applications
- Using LLT over RDMA: supported use cases
- Configuring LLT over RDMA- Choosing supported hardware for LLT over RDMA
- Installing RDMA, InfiniBand or Ethernet drivers and utilities
- Configuring RDMA over an Ethernet network
- Configuring RDMA over an InfiniBand network
- Tuning system performance
- Manually configuring LLT over RDMA
- LLT over RDMA sample /etc/llttab
- Verifying LLT configuration
 
- Troubleshooting LLT over RDMA- IP addresses associated to the RDMA NICs do not automatically plumb on node restart
- Ping test fails for the IP addresses configured over InfiniBand interfaces
- After a node restart, by default the Mellanox card with Virtual Protocol Interconnect (VPI) gets configured in InfiniBand mode
- The LLT module fails to start
 
 
- Appendix G. Configuring the secure shell or the remote shell for communications- About configuring secure shell or remote shell communication modes before installing products
- Manually configuring passwordless ssh
- Setting up ssh and rsh connection using the installer -comsetup command
- Setting up ssh and rsh connection using the pwdutil.pl utility
- Restarting the ssh session
- Enabling rsh for Linux
 
- Appendix H. Installation script options
- Appendix I. Troubleshooting VCS configuration- Restarting the installer after a failed network connection
- Cannot launch the cluster view link
- Starting and stopping processes for the InfoScale products
- Installer cannot create UUID for the cluster
- LLT startup script displays errors
- The vxfentsthdw utility fails when SCSI TEST UNIT READY command fails
- The GAB program reports incorrect membership results with existing iptable rules
- Issues during fencing startup on VCS cluster nodes set up for server-based fencing
 
- Appendix J. Sample VCS cluster setup diagrams for CP server-based I/O fencing
- Appendix K. Upgrading the Steward process
 
Manually configuring passwordless ssh
The ssh program enables you to log into and execute commands on a remote system. ssh enables encrypted communications and an authentication process between two untrusted hosts over an insecure network.
In this procedure, you first create a DSA key pair. From the key pair, you append the public key from the source system to the authorized_keys file on the target systems.
Read the ssh documentation and online manual pages before enabling ssh. Contact your operating system support provider for issues regarding ssh configuration.
Visit the Openssh website that is located at: http://www.openssh.com/ to access online manuals and other resources.
To create the DSA key pair
- On the source system (sys1), log in as root, and navigate to the root directory.sys1 # cd /root 
- To generate a DSA key pair on the source system, type the following command:sys1 # ssh-keygen -t dsa System output similar to the following is displayed: Generating public/private dsa key pair. Enter file in which to save the key (/root/.ssh/id_dsa): 
- Press Enter to accept the default location of /root/.ssh/id_dsa.
- When the program asks you to enter the passphrase, press the Enter key twice.Enter passphrase (empty for no passphrase): Do not enter a passphrase. Press Enter. Enter same passphrase again: Press Enter again. 
- Output similar to the following lines appears.Your identification has been saved in /root/.ssh/id_dsa. Your public key has been saved in /root/.ssh/id_dsa.pub. The key fingerprint is: 1f:00:e0:c2:9b:4e:29:b4:0b:6e:08:f8:50:de:48:d2 root@sys1 
To append the public key from the source system to the authorized_keys file on the target system, using secure file transfer
- From the source system (sys1), move the public key to a temporary file on the target system (sys2).Use the secure file transfer program. In this example, the file name id_dsa.pubin the root directory is the name for the temporary file for the public key.Use the following command for secure file transfer: sys1 # sftp sys2 If the secure file transfer is set up for the first time on this system, output similar to the following lines is displayed: Connecting to sys2 ... The authenticity of host 'sys2 (10.182.00.00)' can't be established. DSA key fingerprint is fb:6f:9f:61:91:9d:44:6b:87:86:ef:68:a6:fd:88:7d. Are you sure you want to continue connecting (yes/no)? 
- Enter yes. Output similar to the following is displayed: Warning: Permanently added 'sys2,10.182.00.00' (DSA) to the list of known hosts. root@sys2 password: 
- Enter the root password of sys2.
- At the sftp prompt, type the following command:sftp> put /root/.ssh/id_dsa.pub The following output is displayed: Uploading /root/.ssh/id_dsa.pub to /root/id_dsa.pub 
- To quit the SFTP session, type the following command:sftp> quit 
- Add the id_dsa.pubkeys to theauthorized_keysfile on the target system. To begin the ssh session on the target system (sys2 in this example), type the following command on sys1:sys1 # ssh sys2 Enter the root password of sys2 at the prompt: password: Type the following commands on sys2: sys2 # cat /root/id_dsa.pub >> /root/.ssh/authorized_keys sys2 # rm /root/id_dsa.pub 
- Run the following commands on the source installation system. If your ssh session has expired or terminated, you can also run these commands to renew the session. These commands bring the private key into the shell environment and make the key globally available to the user root:sys1 # exec /usr/bin/ssh-agent $SHELL sys1 # ssh-add Identity added: /root/.ssh/id_dsa This shell-specific step is valid only while the shell is active. You must execute the procedure again if you close the shell during the session. 
To verify that you can connect to a target system
- On the source system (sys1), enter the following command:sys1 # ssh -l root sys2 uname -a where sys2 is the name of the target system. 
- The command should execute from the source system (sys1) to the target system (sys2) without the system requesting a passphrase or password.
- Repeat this procedure for each target system.