Managing Serviceguard 14th Edition, June 2007

Building an HA Cluster Configuration

Preparing Your Systems

Chapter 5 201

SGAUTOSTART=/etc/rc.config.d/cmcluster

SGFFLOC=/opt/cmcluster/cmff

CMSNMPD_LOG_FILE=/var/adm/SGsnmpsuba.log

NOTE If these variables are not defined on your system, then source the file

/etc/cmcluster.conf in your login profile for user root. For example,

you can add this line to root’s .profile file:

. /etc/cmcluster.conf

Throughout this book, system filenames are usually given with one of

these location prefixes. Thus, references to $SGCONF/filename can be

resolved by supplying the definition of the prefix that is found in this file.

For example, if SGCONF is defined as /etc/cmcluster/, then the

complete pathname for file $SGCONF/cmclconfig is

/etc/cmcluster/cmclconfig.

NOTE Do not edit the /etc/cmcluster.conf configuration file.

Editing Security Files

Serviceguard daemons grant access to commands by matching incoming

hostname and username against the access control policies you define.

Serviceguard nodes can communicate over any of the cluster’s shared

networks, so all their primary addresses on each of those networks must

be identified.

Because, access control policies for Serviceguard are based on

hostnames, IP addresses must be resolved to hostnames to match the

names specified in the access control policies.

An IP address can resolve to multiple hostnames (aliases); one of those

should match the name defined in the policy.

The subsections that follow describe how to configure IP and user

identities, and Serviceguard access control polices, so as to achieve the

level of security you need the cluster to have.