Highly Available HP-UX Internet Services (May 2008)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software

HP-UX Internet Services

Highly Available HP-UX Internet Services

HP Part Number: 5992-4804

Published: May 2008

Edition: 1.0

Summary of content (29 pages)

PAGE 1
HP-UX Internet Services Highly Available HP-UX Internet Services HP Part Number: 5992-4804 Published: May 2008 Edition: 1.
PAGE 2
Legal Notices © Copyright 2008 Hewlett-Packard Company, L.P. Confidential Computer Software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.11 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor’s standard commercial license. The information contained herein is subject to change without notice.
PAGE 3
Table of Contents Executive Summary..............................................................................................................5 Intended Audience...............................................................................................................5 Introduction..........................................................................................................................5 Configuring HP ServiceGuard........................................................................
PAGE 4
PAGE 5
Executive Summary This white paper discusses how to configure HP-UX Internet Services components: DNS, FTP, and Sendmail, into a Multi-Computer (MC)/ServiceGuard package. Intended Audience This white paper is intended for HP customers who are using or planning to use DNS, Sendmail, or FTP in an HP ServiceGuard environment.
PAGE 6
HP ServiceGuard contains an excellent failover mechanism so that the applications can recover from failures immediately and without any downtime. The HP ServiceGuard failover architecture assigns an IP address called the "floating IP address" or "relocatable IP address" to the application package to enable the IP address to move from one cluster node to another in case of node failure.
PAGE 7
resources) on a different node. The monitor script checks for the availability of a service, and the startup/stop script starts/stops a service. Relevant scripts are also available to manually stop and restart packages within the cluster to verify cluster connectivity. For information on configuring the start and stop scripts, see the HP ServiceGuard documents at: http://docs.hp.com/en/ha.
PAGE 8
For a sample FTP startup script, see “HP ServiceGuard Startup/Stop Script for FTP” (page 28).
PAGE 9
monitor script obtains the process ID from the output of the ps command. The DNS monitor script infinitely pools the /var/run/named.pid file or the output of the ps command at regular time intervals. This time interval is defined in the DNS monitor script and you can modify this time interval to a different value. The DNS monitor script exits when it notices that the named process is no longer running. For a sample DNS monitor script, see “HP ServiceGuard Monitor Script for DNS” (page 19).
PAGE 10
# mv /etc/named.conf /var/opt/dns/ 4. To create a symbolic link from /etc/named.conf to the shared volume file, enter the following command: # ln -s /var/opt/dns/named.conf /etc/named.conf 5. To move all the database files (db.*) to the shared volume and to create symbolic links in the original location, enter the following commands: # mv /etc/named.data/db.* /var/opt/dns/ # ln -s /var/opt/dns/db.* /etc/named.data/ Steps 3–5 ensure that all the configuration files are in sync across the cluster.
PAGE 11
This section addresses the following topics: • • • “The Sendmail HP ServiceGuard Monitor Script” (page 11) “The Sendmail HP ServiceGuard Startup/Stop Script” (page 11) “Integrating HP ServiceGuard with Sendmail” (page 12) The Sendmail HP ServiceGuard Monitor Script A Sendmail HP ServiceGuard monitor script performs the following tasks: • Verifies the validity of the Process ID The monitor script obtains the Sendmail process PID from the O PidFile configuration option or from the /etc/mail/sendmail.
PAGE 12
SG_SENDMAIL_SENDONLY Starts or stops the Sendmail server in a send-only mode. NOTE: The variables are prefixed with SG to indicate that these variables specific to HP ServiceGuard. For a sample startup script, see “HP ServiceGuard Startup/Stop Script for Sendmail” (page 23). Integrating HP ServiceGuard with Sendmail Consider the following before setting up Sendmail in an HP ServiceGuard environment: • • • Ensure that the latest version Sendmail (8.13.
PAGE 13
NOTE: Ensure that you perform these steps on all nodes in the HP ServiceGuard cluster. 1. 2. 3. Create a shared volume, for example, /var/opt/sendmail, on which the Sendmail configuration files must reside after HP ServiceGuard is operative. This shared volume must be accessible by all nodes that provide backup to the primary node in the event of failure. Copy the configuration files under the /etc/mail directory to the shared volume (/var/opt/sendmail/mail).
PAGE 14
ln –s /var/opt/sendmail/mqueue /var/spool/mqueue NOTE: Ensure that the /var/opt/sendmail/mqueue directory retains the same permission as the /var/spool/mqueue.PREV directory.
PAGE 15
HP ServiceGuard Setup for LDAP-Enabled Sendmail If the Lightweight Directory Access Protocol (LDAP) is enabled in Sendmail, ensure that the LDAP server configured with Sendmail is accessible by all the HP ServiceGuard nodes. The LDAP server specification is available in the LDAPDefaultSpec configuration file option in the /etc/mail/sendmail.cf file.
PAGE 16
3. 4. Create the /etc/sasldb2 file as a link to the /var/opt/sendmail/sasldb2 directory. Ensure that the /etc/sasldb2 file is a symbolic link to the /var/opt/sendmail/sasldb2 directory on all the nodes in a cluster. Ensure that the value configured for the DefaultAuthInfo Sendmail configuration file option is in the shared volume. NOTE: For information on configuring STARTTLS and AUTH with Sendmail, see the Secure Mailing Solution white paper at: http://docs.hp.com/en/5992-3190/index.
PAGE 17
that no FTP processes are running in the system in which case, the script triggers HP ServiceGuard to perform the FTP package failover operation. For a sample FTP monitor script, see “HP ServiceGuard Monitor Script for FTP” (page 28). FTP HP ServiceGuard Startup/Stop Script The FTP package script starts and stops an FTP service depending on the command-line option. When the FTP package script is run with the start command-line option, the package starts the FTP service in the system.
PAGE 18
5. Create a symbolic link to the shared volume file from the original location for each of the following files: • /etc/ftpd/ftphosts • /etc/ftpd/ftpusers • /etc/ftpd/ftpconversions • /etc/ftpd/ftpgroups 6. The following lists the requirements to enable specific FTP features: • File Transfer Service If the FTP service running in a particular cluster node is a file server, the data accessible by that cluster node must be accessible by all other cluster nodes.
PAGE 19
• Upload Feature For the upload feature to function properly, user and group IDs/names must be same across all cluster nodes. • User Authentication Mechanism The configuration of different user authentication mechanisms, such as Pluggable Authentication Module (PAM), Kerberos, LDAP, Secure Sockets Layer (SSL), must be consistent across all cluster nodes. • Virtual FTP Feature If the Virtual FTP feature is enabled, complete the following steps: a.
PAGE 20
sleep 10 ; # Wait for the named daemon to get running if [ -r /var/run/named.pid ] then PID=`cat /var/run/named.pid` else PID=$(ps -e | while read _PID _TTY _TIME _CMD do [[ "$_CMD" = "named" ]] && echo $_PID done) fi if [ "$PID" = "" ] then echo No name server is running. >&2 exit 1 fi while [ 1 ] do ps -el | grep $PID > /dev/null 2>&1 if [ $? -ne 0 ] then echo Name Server failed.
PAGE 21
else echo "ERROR: /etc/rc.config defaults file MISSING" fi if [ -x /usr/sbin/named ]; then /usr/sbin/named $NAMED_ARGS && echo "named \c" if [ $? -ne 0 ]; then echo "Error in starting named. Recommend checking the" echo "syslog file (usually /var/adm/syslog/syslog.log)" echo "for possible reasons.
PAGE 22
HP ServiceGuard Monitor Script for Sendmail Following is a sample monitor script for Sendmail in an HP ServiceGuard environment: #!/sbin/sh # # @(#) "sendmail" service's monitor script # unset UNIX95 PRE_U95=true;export PRE_U95; PATH=/sbin:/usr/sbin:/usr/bin:$PATH export PATH # In case delay_checks in configured, that time should be added to this default_timeout # default_timeout = (value of delay_checks) + (intended default_timeout) default_timeout=10 tempfile="/tmp/inputfile" tempfile1="/tmp/outputfile" c
PAGE 23
if [ $? -eq 1 ]; then return 1 fi sm_hang_process sleep $default_timeout flag=0 if [ -f $tempfile1 ]; then flag=`wc -l $tempfile1 | awk '{print $1}` rm -f $tempfile1 > /dev/null 2>&1 # sendmail process hang if [ $flag -eq 0 ]; then return 1 fi fi if [ -f $tempfile ]; then rm -f $tempfile > /dev/null 2>&1 fi done HP ServiceGuard Startup/Stop Script for Sendmail Following is a sample startup/stop script for Sendmail in an HP ServiceGuard environment: #!/sbin/sh # # @(#) "sendmail" service's package control s
PAGE 24
read -r PID sendserv=`ps -e | grep -E "^ [ ]*$PID .*sendmail" | wc -l` set_return if [ $sendserv -ne 0 ]; then echo "Sendmail has already been started" exit $rval fi fi if [ -f "$pidfile_msp" ]; then test "$pidfile_msp" && exec 0< "$pidfile_msp" read -r PID sendserv=`ps -e | grep -E "^ [ ]*$PID .*sendmail" | wc -l` set_return if [ $sendserv -ne 0 ]; then echo "Sendmail client has already been started" exit $rval fi fi } create_cw() { grep "^O QueueDirectory=" /etc/mail/sendmail.
PAGE 25
# # If none of the variable is set, then the default is to leave # /usr/sbin/sendmail as executable, and allow mail agents to use # the default configuration and aliases. # if [ -f /etc/mail/sendmail.cf ] ; then grep "^O DaemonPortOptions" /etc/mail/sendmail.cf | 2>&1 egrep -w "127.0.0.1|::1" >/dev/null if [ $? -eq 0 ] ; then if [ $MAIL_SERVER -eq 1 -o $RECV_ONLY -eq 1 -o $SEND_ONLY -eq 0 ] ; then echo "Unable to start Sendmail." echo "Unable to start Sendmail.
PAGE 26
/usr/sbin/sendmail -L sm-mta -bd -q30m && echo "Starting sendmail [Done]" set_return if [ $rval -eq 0 ]; then if [ -f /etc/mail/submit.cf ]; then /usr/sbin/sendmail -L sm-msp-queue -Ac -q30m && echo "Starting sm-client [Done]" set_return if [ $rval -ne 0 ]; then echo "Unable to start sm-client" echo "Unable to start sendmail client"| $LOGGER [ -f "$pidfile_msp" ] && rm -f "$pidfile_msp" >/dev/null rval=1 fi else echo "Unable to start sm-client" echo "/etc/mail/submit.
PAGE 27
echo "Unable to start Sendmail "| $LOGGER rval=1 fi else echo "Need to run 'gen_cf' manually in /usr/newconfig/etc/mail/cf/cf directory to" echo "generate Receive ONLY mode sendmail.cf file. You need to merge your site-specific" echo "customizations with this newly created, /usr/newconfig/etc/mail/cf/cf/sendmail.cf.gen" echo "file and can be copied as /etc/mail/sendmail.cf. Then start sendmail." echo "" fi elif [ $SEND_ONLY -eq 1 ] ; then if grep "^Scheck_compat" /etc/mail/sendmail.
PAGE 28
set_return ;; *) echo "usage: $0 {start|stop}" rval=1 ;; esac exit $rval Appendix C: Sample Scripts for FTP This section lists sample monitor and startup/stop scripts for FTP in an HP ServiceGuard environment.
PAGE 29
else return 0 fi ;; *) echo "usage: $0 {start|stop}" ;; esac For More Information For information on configuring and administering various products in HP-UX Internet Services, see documents available at: http://www.docs.hp.com/en/netcom.html#Internet%20Services The software bits for BIND, FTP, and Sendmail are available at: http://www.software.hp.com For information on configuring HP ServiceGuard with different products, see the relevant documents listed at: http://docs.hp.com/en/ha.