HP-UX Secure Resource Partitions (SRP) A.02.01 Administrator's Guide
34
5.3.3 Deploying Applications with the Application Templates
SRP includes special templates for deploying key applications. The ssh, apache, and tomcat
templates, fully deploy these applications within the SRP using the shared executable model. The
oracledb template configures the SRP for Oracle usage; however you must first install the Oracle
database product on the system in the desired location. Optionally, you may also use the custom
template to deploy an Oracle database for your SRP. If you are installing an Oracle database under
the /var/opt/hpsrp/srp_name directory, using an application template is optional.
5.3.4 Ensuring access to application files located outside the SRP home directory
If the application files are not all located under /var/hpsrp/srp_name/ , you must ensure that the
compartment rules definition for the SRP includes sufficient capability to allow execution. For
executable files, READ capability is generally sufficient, while configuration and data files will
typically require READ and WRITE capability. See 9 Using the custom Template for information on
using the custom template to define application specific compartment access rules for your SRP. Note
that in addition to any installed files, the application may also create files and directories during
execution time. See 17 Verifying and Troubleshooting SRP for instructions on using Discover Mode
if you are unable to determine the access rules required by the application.
5.3.5 Best Practices for Application Deployment with SRP
Follow these best practices when deploying application with SRP:
• Deploy as much of the application as possible under the SRP home directory.
This minimizes the need to customize compartment access rules. When the application is
installed entirely under the SRP home directory, customization of the SRPs compartment rules
is usually not necessary. Life cycle management, including cloning and migration of the SRP
will also be simplified as the application files will be managed as part of the SRP.
• Deploy files shared by multiple SRPs under the standard Unix directories for
hosting shared application files (for example, /opt/,/usr/).
By default, SRPs are configured for the READ capability for these directories, and will not
need additional compartment rules configuration.
• If you have applied IPFilter for the SRP, ensure that any additional ports
used by the application are allowed.
When the ipfilter service is enabled for the SRP, by default the inbound traffic to
unspecified ports isblocked. You must configure the ipfilter service to allow inbound
connections to any network ports that the application will listen on.
• Use the custom template to apply additional capabilities to the SRP for the
application.
This will allow you to manage configuration changes to the SRP on a per SRP basis. Use a
recognizable identifier, such as the application name for the instance_id parameter when
deploying the custom template. When deploying multiple applications within an SRP,
consider applying the custom template (if needed) once per application.