Manualshelf

Managing Serviceguard Extension for SAP on Linux (IA64 Integrity and x86_64), April 2009

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux RH AS ProLiant Cluster
61626364656667686970
Cluster Node Configuration
NOTE: Repeat the steps in this section for each node of the cluster.
Installation Step: IS241
Logon as root Serviceguard Extension for SAP on Linux needs remote login to be enabled on all cluster hosts.
The traditional way to achieve this is via remote shell commands. If security concerns prohibit this, it is also
possible to use secure shell access instead.
If you are planning to use the traditional remote shell access adjust the security settings in /etc/pam.d for
the following services:
In file /etc/pam.d/login comment out the following line:
auth required /lib/security/pam_securetty.so
In file /etc/pam.d/rsh change the following line:
auth required /lib/security/pam_rhosts_auth.so
to:
auth sufficient /lib/security/pam_rhosts_auth.so
Create an .rhosts file in the home directories of the Linux users root, <sid>adm. Allow login for root as
root from all nodes including the node you are logged into. Allow login for root and <sid>adm as <sid>adm
from all nodes including the node you are logged into. Be careful with this step, many problems result from
an incorrect setup of remote access.
Check the setup with remsh commands. If you have to provide a password, the .rhosts does not work.
Installation Step: IS242
Use the following steps, if you are planning to use the secure shell mechanism:
1. Make sure that the openssh rpm-package is installed .rpm -qa | grep ssh
2. Create a private and public key for the root user: ssh -keygen -t dsa
Executing this command creates a .ssh directory in the root user's home directory including the following
files:
id_dsa
id_dsa.pub
The file id_dsa.pub contains the security information (public key) for the user@host pair e.g.
root@<local>. This information needs to be added to the file $HOME/.ssh/authorized_keys2 of the
root and <sid>adm user.
Create these files if they are not already there. This will allow the root user on <local> to remotely execute
commands via ssh under his own identity and under the identity of <sid>adm on all other relevant nodes.
On each cluster node where a Serviceguard Extension for SAP on Linux package can run, test the remote
access to all relevant systems as user root with the following commands:
ssh <hostN> date
ssh -l <sid>adm <hostN> date
Do these tests twice since the first ssh command between two user/host pairs usually requires a keyboard
response to acknowledge the exchange of system level id keys.
Ensure that $HOME/.ssh/authorized_keys2 is not writable by group and others. The same is valid for
the complete path.
Permissions on ~<user> should be 755. Permissions on ~<user>/.ssh/authorized_keys 2 must
be 600 or 644.
Allowing group/other write access to .ssh or authorized_keys2 will disable automatic authentication.
Installation Step: IS275
Make sure that the required rpm software packages are installed on the cluster nodes. Check the status of
the rpm kits with:
70 Step-by-Step Cluster Conversion