Manualshelf

Managing Serviceguard Extension for SAP Version B.05.10, December 2012

ManualsBrandsHP ManualsSoftwareHP Serviceguard Extension for SAP (SGeSAP)
61626364656667686970
Make sure that the required software packages are installed on all cluster nodes:
Serviceguard Extension for SAP, T2803BA
The swlist command may be utilized to list available software on a cluster node.
If a software component is missing, install the required product depot files using the swinstall
tool.
Installation Step: IS260
You need to allow remote access between cluster hosts
.
This can be done by using remote shell remsh(1) or secure shell ssh(1) mechanisms.
If you allow remote access using the remote shell mechanism:
Create an .rhosts file in the home directories of the HP-UX users root and <sid>adm. Allow
login for root and <sid>adm as <sid>adm from all nodes including the node you are logged
into. Be careful with this step, many problems result from an incorrect setup of remote access.
Check the setup with remsh commands. If you have to provide a password, the .rhosts does
not work.
Installation Step: IS270
If you allow remote access using the secure shell mechanism:
1. Check with swlist to ensure that ssh (Secure Shell, T1471AA) is already installed on the system:
Secure swlist | grep Secure
If not, it can be obtained from
http://www.software.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA.
2. Make sure that public and private keys are available for the root user and <SID>adm:
ssh-keygen -t dsa
This command creates a .ssh directory in the home directory of the current user, which includes
the following files:
id_dsa
id_dsa.pub
The file id_dsa.pub contains the security information (public key) for the user@host pair
e.g.<SID>adm@<local>. .
3. Append the ~root/.ssh/id_dsa.pub ~<sid>adm/.ssh/id_dsa.pub content from all
the nodes to the ~<sid>adm/.ssh/authorized_keys2 file of the local <sid>adm user.
This allows the users on <local>to remotely execute commands via ssh under the identity of
<sid>adm.
On each cluster node where a SGeSAP package can run, test the remote access to all relevant
systems as user root with the following commands:
ssh -l <sid>adm <hostN> date
Do these tests twice since the first ssh command between two user/host pairs usually requires a
keyboard response to acknowledge the exchange of system level id keys.
Make sure that $HOME/.ssh/authorized_keys2 is not writable by group and others. The
same is valid for the complete path.
Permissions on $HOME should be 755. Permissions on $HOME/.ssh/authorized_keys2 must
be 600 or 644.
Allowing group/other write access to .ssh or authorized_keys2 will disable automatic
authentication.
After successful installation, configuration and test of the secure shell communication ssh can be
used by SGeSAP. This is done via setting the parameter REM_COMM to ssh in the SAP-specific
HP-UX Configuration 67