HP Serviceguard Toolkit for Integrity Virtual Servers User Guide
SSL key distribution
After the keys are initially created on one VM or vPar Host, all other VM or vPar Hosts must
use the same client.public key. Each VM or vPar guest generates its own
server.public key, therefore, a unique name for each VM or vPar guest must be used ,
to rename the server.public key. For example, # mv server.public server_[guest
name].public.
To distribute keys between VM or vPar Hosts and VM or vPar guests:
a. Copy the client.public file from the VM or vPar Host directory /etc/cmcluster/
cmappmgr to all VM or vPar guests in the /opt/hp/cmappserver directory.
b. Copy the uniquely-named server.public file from all VM or vPar guests to the VM or
vPar Hosts in directory /etc/cmcluster/cmappmgr. For example, server.public
renamed to server_mmpf121.public.
c. Copy all key files from the initial /etc/cmcluster/cmappmgr VM or vPar Host directory
to the same directory on all other VM or vPar Host nodes
2. Configure the cmappmgr.conf file on VM or vPar Host.
The file /etc/cmappmgr.conf on the VM or vPar Host is used to specify location information
for the SSL keys used for cmappmgr to cmappserver communications from the VM or vPar
Host. An example of keyStore location (for example, client.private), the VM or vPar
guest name from which the trustStore was obtained (for example, guest mmpf121), and the
name of the trustStore file (for example, server_mmpf121.public) is shown below:
###############################################################
# (C) Copyright 2008 Hewlett-Packard Development Company, L.P.
# @(#) SG cmappmgr Configuration File
# @(#) Product Name : HP SG cmappmgr conf file
# @(#) Product Version : %%SG_VERSION%%
# @(#) Patch Name : %%SG_PATCH%%
#
###############################################################
keyStore=/etc/cmcluster/cmappmgr/client.private
# If unspecified, the default value is /etc/client.private
keyStorePassword=
# If unspecified, the default value is clientpw
# Specify node name where the trustStore comes from, followed by a ":", e.g.,
mmpf121:
trustStore=/etc/cmcluster/cmappmgr/server_mmpf121.public
trustStorePassword=public
# If unspecified, the default value is /etc/server.public
# If unspecified, the default value is public
3. Install cmappserver depots on VM or vPar guests.
To install cmappserver on VM or vPar guests that are running applications, the cmappserver
depot software must be copied from the VM or vPar Host directory /opt/hp/serviceguard/
cmappserver to the VM or vPar guest to be monitored. The destination for copying the depot
software depends on the VM or vPar guest type being monitored.
For HP-UX guests (subdirectory 11iv2 or 11iv3):
• Copy the depot cmappserver.depot from the VM or vPar Host to the /tmp directory
on the VM or vPar guest.
• To install the required files in the /opt/hp/cmappserver directory, in the VM or vPar
guest, run the command swinstall -s /tmp/cmappserver.depot
CMAPPSERVER.
For Linux VM or vPar guests (subdirectory redhat or sles):
• Copy the rpm file from the VM or vPar Host to a local directory on the VM or vPar guest.
• To install the required files in the /opt/hp/cmappserver directory in the VM or vPar
guest, run the command rpm -i cmappserver_rhel5_ia64.rpm (for Red Hat) or
rpm -i cmappserver_sles_ia64.rpm (for SLES 10),
24 Configuring guest application monitoring service