Manualshelf

Managing HP Serviceguard for Linux, Tenth Edition, September 2012

ManualsBrandsHP ManualsSoftwareHP SAP Linux Serviceguard Cluster Extension
151152153154155156157158159160
NOTE: When you upgrade a cluster from Version A.11.15 or earlier, entries in
$SGCONF/cmclnodelist are automatically updated to Access Control Policies in the
cluster configuration file. All non-root user-hostname pairs are assigned the role of Monitor.
Ensuring that the Root User on Another Node Is Recognized
The Linux root user on any cluster node can configure the cluster. This requires that
Serviceguard on one node be able to recognize the root user on another.
Serviceguard uses the identd daemon to verify user names, and, in the case of a root
user, verification succeeds only if identd returns the username root. Because identd
may return the username for the first match on UID 0, you must check /etc/passwd on
each node you intend to configure into the cluster, and ensure that the entry for the root
user comes before any other entry with a UID of 0.
About identd
HP strongly recommends that you use identd for user verification, so you should make
sure that each prospective cluster node is configured to run it. identd is usually started
from /etc/init.d/xinetd.
(It is possible to disable identd, though HP recommends against doing so. If for some
reason you have to disable identd, see “Disabling identd” (page 197).)
For more information about identd, see the white paper Securing Serviceguard at
http://docs.hp.com -> High Availability -> Serviceguard -> White
Papers, and the identd manpage.
Configuring Name Resolution
Serviceguard uses the name resolution services built into Linux.
Serviceguard nodes can communicate over any of the cluster’s shared networks, so the
network resolution service you are using (such as DNS, NIS, or LDAP) must be able to
resolve each of their primary addresses on each of those networks to the primary hostname
of the node in question.
In addition, HP recommends that you define name resolution in each node’s /etc/hosts
file, rather than rely solely on a service such as DNS. Configure the name service switch
to consult the /etc/hosts file before other services. See “Safeguarding against Loss
of Name Resolution Services” (page 161) for instructions.
Preparing Your Systems 159