HP vPars and Integrity Virtual Machines V6.1 Administrator Guide

ManualsBrandsHP ManualsSoftwareHP Integrity Virtual Machines and Online VM Migration Software

201

202

203

204

205

206

207

208

209

210

Because this is just a convention implemented local to each host, administrators can use it or not..

If this convention is configured correctly, both target and target-hpvm-migr resolve to the

proper address. For example:

• hpvmmigrate -h host39 — Look up host39-hpvm-migr first, and if not found, look

up host39.

• hpvmmigrate -h host39-hpvm-migr — Look up host39–hpvm-migr.

• hpvmmigrate -h host39.atl — Look up host39.atl.

Of course, target.fully.qualified.domain-name will not be modified.

By following this convention, defining an alias with suffix —hpvm-migr for the private network

connections, you block use of the site network for online migrations in case someone accidentally

specifies the target VSP's hostname for the hpvmmigrate -h option.

12.3.2.4 Using NTP on VSPs

Using NTP to synchronize clocks is strongly recommended for Online VM Migration environments.

In addition to a typical NTP configuration, all the potential VSPs should use each other as mutual

peer NTP servers to help maintain time consistency between hosts.

12.3.3 SSH setup between the VSPs

Only superusers can execute the hpvmmigrate command. The migration of a guest is controlled

by a set of secure remote operations that must be enabled on both systems. The hpvmmigrate

command requires HP-UX Secure Shell (SSH) to be set up on both the source and target host systems

to provide a secure communication path between VSPs. SSH is installed on HP-UX systems by

default. Passwords-based and host-based authentication are not supported. SSH security must be

set up, so that superusers can use ssh commands between the source and target VSPs without

requiring interactive passwords.

The hpvmmigrate command uses SSH public-key based authentication between the source and

destination hosts. To enable secure communication between the source and target hosts, you must

generate SSH keys on both systems. You need root privileges to generate and set up the SSH keys

required for guest migration. The easiest way to do this is to use the secsetup script provided

by Integrity VM.

Execute the following command on both the source and target hosts:

# /opt/hpvm/bin/secsetup -r otherhost

Instead of using secsetup, SSH keys can be generated manually on the systems by using the

ssh-keygen command. The ssh-keygen command generates, manages, and converts

authentication keys for SSH. For information about manual SSH key generation, see the

ssh-keygen command HP-UX manpage.

12.3.3.1 Troubleshooting SSH key setup

If SSH is installed on both the source and the target system, you can run the ssh command on the

source host to establish a connection to the target host without providing a password. This ability

ensures that SSH keys are set up between the two hosts. If SSH keys are not set up properly, the

hpvmmigrate command produces an error message indicating that the SSH setup needs to be

checked.

If running the secsetup script does not work correctly, check the permissions on / to ensure that

superusers have write permissions. For example,

# 11 -d /

drwxr-xr-x 20 root root 8192 Apr 29 06:25 /

If your VSP's root directory has different permissions than displayed in the previous example, use

the chmod command to correct them.

# chmod 755 /

210 Migrating virtual machines and vPars