Cluster Server 7.3.1 Configuration and Upgrade Guide - Solaris

Last Published:
Product(s): InfoScale & Storage Foundation (7.3.1)
Platform: Solaris
  1. Section I. Configuring Cluster Server using the script-based installer
    1. I/O fencing requirements
      1. I/O fencing requirements
        1.  
          Coordinator disk requirements for I/O fencing
        2.  
          CP server requirements
        3.  
          Non-SCSI-3 I/O fencing requirements
    2. Preparing to configure VCS clusters for data integrity
      1. About planning to configure I/O fencing
        1.  
          Typical VCS cluster configuration with disk-based I/O fencing
        2.  
        3.  
          Recommended CP server configurations
      2. Setting up the CP server
        1.  
          Planning your CP server setup
        2.  
          Installing the CP server using the installer
        3.  
          Setting up shared storage for the CP server database
        4.  
          Configuring the CP server using the installer program
        5. Configuring the CP server manually
          1.  
            Configuring the CP server manually for HTTPS-based communication
          2.  
            Generating the key and certificates manually for the CP server
          3.  
            Completing the CP server configuration
        6. Configuring CP server using response files
          1.  
            Response file variables to configure CP server
          2.  
            Sample response file for configuring the CP server on single node VCS cluster
          3.  
            Sample response file for configuring the CP server on SFHA cluster
        7.  
          Verifying the CP server configuration
    3. Configuring VCS
      1.  
        Overview of tasks to configure VCS using the product installer
      2.  
        Starting the software configuration
      3.  
        Specifying systems for configuration
      4.  
        Configuring the cluster name
      5.  
        Configuring private heartbeat links
      6.  
        Configuring the virtual IP of the cluster
      7.  
        Configuring VCS in secure mode
      8.  
        Setting up trust relationships for your VCS cluster
      9. Configuring a secure cluster node by node
        1.  
          Configuring the first node
        2.  
          Configuring the remaining nodes
        3.  
          Completing the secure cluster configuration
      10.  
        Adding VCS users
      11.  
        Configuring SMTP email notification
      12.  
        Configuring SNMP trap notification
      13.  
        Configuring global clusters
      14.  
        Completing the VCS configuration
      15. Verifying and updating licenses on the system
        1.  
          Checking licensing information on the system
        2. Updating product licenses
          1.  
            Replacing a Veritas InfoScale Enterprise demo license with a permanent license
    4. Configuring VCS clusters for data integrity
      1. Setting up disk-based I/O fencing using installer
        1.  
          Initializing disks as VxVM disks
        2.  
          Configuring disk-based I/O fencing using installer
        3.  
          Refreshing keys or registrations on the existing coordination points for disk-based fencing using the installer
        4. Checking shared disks for I/O fencing
          1.  
            Verifying Array Support Library (ASL)
          2.  
            Verifying that the nodes have access to the same disk
          3.  
            Testing the disks using vxfentsthdw utility
      2. Setting up server-based I/O fencing using installer
        1.  
          Refreshing keys or registrations on the existing coordination points for server-based fencing using the installer
        2. Setting the order of existing coordination points for server-based fencing using the installer
          1.  
            About deciding the order of existing coordination points
          2.  
            Setting the order of existing coordination points using the installer
      3.  
        Setting up non-SCSI-3 I/O fencing in virtual environments using installer
      4.  
        Setting up majority-based I/O fencing using installer
      5.  
        Enabling or disabling the preferred fencing policy
  2. Section II. Automated configuration using response files
    1. Performing an automated VCS configuration
      1.  
        Configuring VCS using response files
      2.  
        Response file variables to configure VCS
      3.  
        Sample response file for configuring Cluster Server
    2. Performing an automated I/O fencing configuration using response files
      1.  
        Configuring I/O fencing using response files
      2.  
        Response file variables to configure disk-based I/O fencing
      3.  
        Sample response file for configuring disk-based I/O fencing
      4.  
        Response file variables to configure server-based I/O fencing
      5.  
        Sample response file for configuring server-based I/O fencing
      6.  
        Response file variables to configure non-SCSI-3 I/O fencing
      7.  
        Sample response file for configuring non-SCSI-3 I/O fencing
      8.  
        Response file variables to configure majority-based I/O fencing
      9.  
        Sample response file for configuring majority-based I/O fencing
  3. Section III. Manual configuration
    1. Manually configuring VCS
      1.  
        About configuring VCS manually
      2. Configuring LLT manually
        1.  
          Setting up /etc/llthosts for a manual installation
        2.  
          Setting up /etc/llttab for a manual installation
        3.  
          About LLT directives in /etc/llttab file
        4.  
          Additional considerations for LLT for a manual installation
      3.  
        Configuring GAB manually
      4. Configuring VCS manually
        1.  
          Configuring the cluster UUID when creating a cluster manually
      5. Configuring VCS in single node mode
        1. Disabling LLT, GAB, and I/O fencing on a single node cluster
          1.  
            Disabling LLT, GAB, and I/O fencing on Oracle Solaris 11
        2. Enabling LLT, GAB, and I/O fencing on a single node cluster
          1.  
            Enabling LLT, GAB, and I/O fencing on Solaris 11
      6.  
        Starting LLT, GAB, and VCS after manual configuration
      7.  
        About configuring cluster using VCS Cluster Configuration wizard
      8.  
        Before configuring a VCS cluster using the VCS Cluster Configuration wizard
      9.  
        Launching the VCS Cluster Configuration wizard
      10.  
        Configuring a cluster by using the VCS cluster configuration wizard
      11.  
        Adding a system to a VCS cluster
      12. Modifying the VCS configuration
        1.  
          Configuring the ClusterService group
    2. Manually configuring the clusters for data integrity
      1. Setting up disk-based I/O fencing manually
        1.  
          Identifying disks to use as coordinator disks
        2.  
          Setting up coordinator disk groups
        3.  
          Creating I/O fencing configuration files
        4.  
          Modifying VCS configuration to use I/O fencing
        5.  
          Verifying I/O fencing configuration
      2. Setting up server-based I/O fencing manually
        1.  
          Preparing the CP servers manually for use by the VCS cluster
        2.  
          Generating the client key and certificates manually on the client nodes
        3. Configuring server-based fencing on the VCS cluster manually
          1.  
            Sample vxfenmode file output for server-based fencing
        4.  
          Configuring CoordPoint agent to monitor coordination points
        5.  
          Verifying server-based I/O fencing configuration
      3. Setting up non-SCSI-3 fencing in virtual environments manually
        1.  
          Sample /etc/vxfenmode file for non-SCSI-3 fencing
      4. Setting up majority-based I/O fencing manually
        1.  
          Creating I/O fencing configuration files
        2.  
          Modifying VCS configuration to use I/O fencing
        3.  
          Verifying I/O fencing configuration
        4.  
          Sample /etc/vxfenmode file for majority-based fencing
  4. Section IV. Upgrading VCS
    1. Planning to upgrade VCS
      1.  
        About upgrading to VCS 7.3.1
      2.  
        Upgrading VCS in secure enterprise environments
      3.  
        Supported upgrade paths
      4.  
        Considerations for upgrading secure VCS 6.x clusters to VCS 7.3.1
      5.  
        Considerations for upgrading VCS to 7.3.1 on systems configured with an Oracle resource
      6.  
        Considerations for upgrading secure VCS clusters to VCS 7.3.1
      7.  
        Considerations for upgrading CP servers
      8.  
        Considerations for upgrading CP clients
      9.  
        Using Install Bundles to simultaneously install or upgrade full releases (base, maintenance, rolling patch), and individual patches
    2. Performing a VCS upgrade using the installer
      1.  
        Before upgrading VCS using the script-based installer
      2.  
        Upgrading VCS using the product installer
      3.  
        Upgrading to 2048 bit key and SHA256 signature certificates
      4. Tasks to perform after upgrading to 2048 bit key and SHA256 signature certificates
        1.  
          Deleting certificates of non-root users after upgrading to 2048 bit key and SHA256 signature certificates
        2.  
          Re-establishing WAC communication in global clusters after upgrading to 2048 bit key and SHA256 signature certificates
        3.  
          Re-establishing CP server and CP client communication after upgrading to 2048 bit key and SHA256 signature certificates
        4.  
          Re-establishing trust with Steward after upgrading to 2048 bit key and SHA256 signature certificates
      5.  
        Upgrading Steward to 2048 bit key and SHA256 signature certificates
    3. Performing an online upgrade
      1.  
        Limitations of online upgrade
      2.  
        Upgrading VCS online using the installer
    4. Performing a rolling upgrade of VCS
      1.  
        About rolling upgrade
      2.  
        Performing a rolling upgrade using the product installer
      3.  
        About rolling upgrade with local zone on Solaris 11
    5. Performing a phased upgrade of VCS
      1. About phased upgrade
        1.  
          Prerequisites for a phased upgrade
        2.  
          Planning for a phased upgrade
        3.  
          Phased upgrade limitations
        4.  
          Phased upgrade example
        5.  
          Phased upgrade example overview
      2. Performing a phased upgrade using the product installer
        1.  
          Moving the service groups to the second subcluster
        2.  
          Upgrading the operating system on the first subcluster
        3.  
          Upgrading the first subcluster
        4.  
          Preparing the second subcluster
        5.  
          Activating the first subcluster
        6.  
          Upgrading the operating system on the second subcluster
        7.  
          Upgrading the second subcluster
        8.  
          Finishing the phased upgrade
    6. Performing an automated VCS upgrade using response files
      1.  
        Upgrading VCS using response files
      2.  
        Response file variables to upgrade VCS
      3.  
        Sample response file for full upgrade of VCS
      4.  
        Sample response file for rolling upgrade of VCS
    7. Upgrading VCS using Live Upgrade and Boot Environment upgrade
      1.  
        About ZFS Boot Environment (BE) upgrade
      2.  
        Supported upgrade paths for Boot Environment upgrade
      3. Performing Boot Environment upgrade on Solaris 11 systems
        1.  
          Creating a new Solaris 11 BE on the primary boot disk
        2.  
          Upgrading VCS using the installer for upgrading BE on Solaris 11
        3.  
          Completing the VCS upgrade on BE on Solaris 11
        4.  
          Verifying Solaris 11 BE upgrade
        5. Administering BEs on Solaris 11 systems
          1.  
            Reverting to the primary BE on a Solaris 11 system
  5. Section V. Adding and removing cluster nodes
    1. Adding a node to a single-node cluster
      1. Adding a node to a single-node cluster
        1. Setting up a node to join the single-node cluster
          1.  
            Installing VxVM or VxFS if necessary
        2.  
          Installing and configuring Ethernet cards for private network
        3.  
          Configuring the shared storage
        4.  
          Bringing up the existing node
        5.  
          Creating configuration files
        6.  
          Starting LLT and GAB
        7.  
          Reconfiguring VCS on the existing node
        8.  
          Verifying configuration on both nodes
    2. Adding a node to a multi-node VCS cluster
      1.  
        Adding nodes using the VCS installer
      2. Manually adding a node to a cluster
        1.  
          Setting up the hardware
        2.  
          Installing the VCS software manually when adding a node
        3. Setting up the node to run in secure mode
          1.  
            Configuring the authentication broker on node sys5
        4.  
          Configuring LLT and GAB when adding a node to the cluster
        5. Configuring I/O fencing on the new node
          1.  
            Preparing to configure I/O fencing on the new node
          2. Configuring server-based fencing on the new node
            1.  
              Adding the new node to the vxfen service group
          3.  
            Starting I/O fencing on the new node
        6.  
          Adding the node to the existing cluster
        7.  
          Starting VCS and verifying the cluster
        8. Adding a node using response files
          1.  
            Response file variables to add a node to a VCS cluster
          2.  
            Sample response file for adding a node to a VCS cluster
    3. Removing a node from a VCS cluster
      1. Removing a node from a VCS cluster
        1.  
          Verifying the status of nodes and service groups
        2.  
          Deleting the departing node from VCS configuration
        3.  
          Modifying configuration files on each remaining node
        4.  
          Removing the node configuration from the CP server
        5.  
          Removing security credentials from the leaving node
        6.  
          Unloading LLT and GAB and removing Veritas InfoScale Availability or Enterprise on the departing node
  6. Section VI. Installation reference
    1. Appendix A. Services and ports
      1.  
        About InfoScale Enterprise services and ports
    2. Appendix B. Configuration files
      1.  
        About the LLT and GAB configuration files
      2.  
        About the AMF configuration files
      3. About the VCS configuration files
        1.  
          Sample main.cf file for VCS clusters
        2.  
          Sample main.cf file for global clusters
      4.  
        About I/O fencing configuration files
      5. Sample configuration files for CP server
        1.  
          Sample main.cf file for CP server hosted on a single node that runs VCS
        2.  
          Sample main.cf file for CP server hosted on a two-node SFHA cluster
        3.  
          Sample CP server configuration (/etc/vxcps.conf) file output
      6.  
        Packaging related SMF services on Solaris 11
      7. Tuning LLT variables for FSS environments
        1.  
          Tuning LLT variables for Ethernet links
    3. Appendix C. Configuring LLT over UDP
      1. Using the UDP layer for LLT
        1.  
          When to use LLT over UDP
      2. Manually configuring LLT over UDP using IPv4
        1.  
          Broadcast address in the /etc/llttab file
        2.  
          The link command in the /etc/llttab file
        3.  
          The set-addr command in the /etc/llttab file
        4.  
          Selecting UDP ports
        5.  
          Configuring the netmask for LLT
        6.  
          Configuring the broadcast address for LLT
        7.  
          Sample configuration: direct-attached links
        8.  
          Sample configuration: links crossing IP routers
      3. Manually configuring LLT over UDP using IPv6
        1.  
          The link command in the /etc/llttab file
        2.  
          The set-addr command in the /etc/llttab file
        3.  
          Selecting UDP ports
        4.  
          Sample configuration: direct-attached links
        5.  
          Sample configuration: links crossing IP routers
      4.  
        LLT over UDP sample /etc/llttab
    4. Appendix D. Configuring the secure shell or the remote shell for communications
      1.  
        About configuring secure shell or remote shell communication modes before installing products
      2.  
        Manually configuring passwordless ssh
      3.  
        Setting up ssh and rsh connection using the installer -comsetup command
      4.  
        Setting up ssh and rsh connection using the pwdutil.pl utility
      5.  
        Restarting the ssh session
      6.  
        Enabling and disabling rsh for Solaris
    5. Appendix E. Installation script options
      1.  
        Installation script options
    6. Appendix F. Troubleshooting VCS configuration
      1.  
        Restarting the installer after a failed network connection
      2.  
        Cannot launch the cluster view link
      3.  
        Starting and stopping processes for the Veritas InfoScale products
      4.  
        Installer cannot create UUID for the cluster
      5.  
        LLT startup script displays errors
      6.  
        The vxfentsthdw utility fails when SCSI TEST UNIT READY command fails
      7.  
        Issues during fencing startup on VCS cluster nodes set up for server-based fencing
    7. Appendix G. Sample VCS cluster setup diagrams for CP server-based I/O fencing
      1. Configuration diagrams for setting up server-based I/O fencing
        1.  
          Two unique client clusters served by 3 CP servers
        2.  
          Client cluster served by highly available CPS and 2 SCSI-3 disks
        3.  
          Two node campus cluster served by remote CP server and 2 SCSI-3 disks
        4.  
          Multiple client clusters served by highly available CP server and 2 SCSI-3 disks
    8. Appendix H. Reconciling major/minor numbers for NFS shared disks
      1. Reconciling major/minor numbers for NFS shared disks
        1.  
          Checking major and minor numbers for disk partitions
        2.  
          Checking the major and minor number for VxVM volumes
    9. Appendix I. Upgrading the Steward process
      1.  
        Upgrading the Steward process

Configuring private heartbeat links

After configuring the cluster name, configure the private heartbeat links that LLT uses.

VCS provides the option to use LLT over Ethernet or LLT over UDP (User Datagram Protocol). Veritas recommends that you configure heartbeat links that use LLT over Ethernet for high performance, unless hardware requirements force you to use LLT over UDP. If you want to configure LLT over UDP, make sure you meet the prerequisites.

You must not configure LLT heartbeat using the links that are part of aggregated links. For example, link1, link2 can be aggregated to create an aggregated link, aggr1. You can use aggr1 as a heartbeat link, but you must not use either link1 or link2 as heartbeat links.

See Using the UDP layer for LLT.

The following procedure helps you configure LLT heartbeat links.

To configure private heartbeat links

  1. Choose one of the following options at the installer prompt based on whether you want to configure LLT over Ethernet or LLT over UDP.

    • Option 1: Configure the heartbeat links using LLT over Ethernet (answer installer questions)

      Enter the heartbeat link details at the installer prompt to configure LLT over Ethernet.

      Skip to step 2.

    • Option 2: Configure the heartbeat links using LLT over UDP (answer installer questions)

      Make sure that each NIC you want to use as heartbeat link has an IP address configured. Enter the heartbeat link details at the installer prompt to configure LLT over UDP. If you had not already configured IP addresses to the NICs, the installer provides you an option to detect the IP address for a given NIC.

      Skip to step 3.

    • Option 3: Automatically detect configuration for LLT over Ethernet

      Allow the installer to automatically detect the heartbeat link details to configure LLT over Ethernet. The installer tries to detect all connected links between all systems.

      Skip to step 5.

      Note:

      Option 3 is not available when the configuration is a single node configuration.

  2. If you chose option 1, enter the network interface card details for the private heartbeat links.

    The installer discovers and lists the network interface cards.

    Answer the installer prompts. The following example shows different NICs based on architecture:

    • For Solaris SPARC:

      You must not enter the network interface card that is used for the public network (typically net0.)

      Enter the NIC for the first private heartbeat link on sys1:
      [b,q,?] net1
      Would you like to configure a second private heartbeat link?
      [y,n,q,b,?] (y)   
      Enter the NIC for the second private heartbeat link on sys1:
      [b,q,?] net2
      Would you like to configure a third private heartbeat link?
      [y,n,q,b,?](n) 
      Do you want to configure an additional low priority heartbeat 
      link? [y,n,q,b,?] (n)
    • For Solaris x64:

      You must not enter the network interface card that is used for the public network (typically e1000g0.)

      Enter the NIC for the first private heartbeat link on sys1:
      [b,q,?] e1000g1
      Would you like to configure a second private heartbeat link?
      [y,n,q,b,?] (y)   
      Enter the NIC for the second private heartbeat link on sys1:
      [b,q,?] e1000g2
      Would you like to configure a third private heartbeat link?
      [y,n,q,b,?](n)
  3. If you chose option 2, enter the NIC details for the private heartbeat links. This step uses examples such as private_NIC1 or private_NIC2 to refer to the available names of the NICs.
    Enter the NIC for the first private heartbeat link on sys1: [b,q,?]
    private_NIC1
    Some configured IP addresses have been found on 
    the NIC private_NIC1 in sys1,
    Do you want to choose one for the first private heartbeat link? [y,n,q,?] (y)
    Please select one IP address:
         1)  192.168.0.1/24
         2)  192.168.1.233/24
         b)  Back to previous menu
    
    Please select one IP address: [1-2,b,q,?] (1)
    Enter the UDP port for the first private heartbeat link on sys1:
    [b,q,?] (50000)
    
    Enter the NIC for the second private heartbeat link on sys1: [b,q,?]
    private_NIC2
    Some configured IP addresses have been found on the 
    NIC private_NIC2 in sys1,
    Do you want to choose one for the second 
    private heartbeat link? [y,n,q,?] (y)
    Please select one IP address:
         1)  192.168.1.1/24
         2)  192.168.2.233/24
         b)  Back to previous menu
    
    Please select one IP address: [1-2,b,q,?] (1) 1
    Enter the UDP port for the second private heartbeat link on sys1:
    [b,q,?] (50001)
    
    Would you like to configure a third private heartbeat
    link? [y,n,q,b,?] (n)
    
    Do you want to configure an additional low-priority heartbeat
    link? [y,n,q,b,?] (n) y
    
    Enter the NIC for the low-priority heartbeat link on sys1: [b,q,?]
    private_NIC0
    Some configured IP addresses have been found on 
    the NIC private_NIC0 in sys1,
    Do you want to choose one for the low-priority 
    heartbeat link? [y,n,q,?] (y)
    Please select one IP address:
         1)  10.200.59.233/22
         2)  192.168.3.1/22
         b)  Back to previous menu
    
    Please select one IP address: [1-2,b,q,?] (1) 2
    Enter the UDP port for the low-priority heartbeat link on sys1: 
    [b,q,?] (50010)
  4. Choose whether to use the same NIC details to configure private heartbeat links on other systems.
    Are you using the same NICs for private heartbeat links on all 
    systems? [y,n,q,b,?] (y)

    If you want to use the NIC details that you entered for sys1, make sure the same NICs are available on each system. Then, enter y at the prompt.

    For LLT over UDP, if you want to use the same NICs on other systems, you still must enter unique IP addresses on each NIC for other systems.

    If the NIC device names are different on some of the systems, enter n. Provide the NIC details for each system as the program prompts.

  5. If you chose option 3 , the installer detects NICs on each system and network links, and sets link priority.

    If the installer fails to detect heartbeat links or fails to find any high-priority links, then choose option 1 or option 2 to manually configure the heartbeat links.

    See step 2 for option 1, or step 3 for option 2, or step 5 for option 3.

  6. Enter a unique cluster ID:
    Enter a unique cluster ID number between 0-65535: [b,q,?] (60842)

    The cluster cannot be configured if the cluster ID 60842 is in use by another cluster. Installer performs a check to determine if the cluster ID is duplicate. The check takes less than a minute to complete.

    Would you like to check if the cluster ID is in use by another 
    cluster? [y,n,q] (y)
  7. Verify and confirm the information that the installer summarizes.