Veritas Storage Foundation 5.1 SP1 Cluster File System Administrator"s Guide (5900-1738, April 2011)
To migrate from non-secure to secure setup for CP server and SFCFS cluster
1
Stop fencing on all the SFCFS cluster nodes of all the clusters (which are using
the CP servers).
# /sbin/init.d/vxfen stop
2
Stop all the CP servers using the following command on each CP server:
# hagrp -offline CPSSG -any
3
Ensure that security is configured for communication between CP servers
and SFCFS cluster nodes.
4
Modify /etc/vxcps.conf on each CP server to set security=1.
5
Start CP servers using the following command on all of them:
# hagrp -online CPSSG -any
6
Add the following user for each client node on each CP server:
_HA_VCS_hostname@HA_SERVICES@FQHN
where, hostname is the client node name without qualification, and FQHN is
Fully Qualified Host Name of the client node.
Add the users to the CP server database.
For example, issue the following commands on the CP server
(mycps1.symantecexample.com):
# cpsadm -s mycps1.symantecexample.com -a add_user -e\
_HA_VCS_galaxy@HA_SERVICES@galaxy.symantec.com\
-g vx
User _HA_VCS_galaxy@HA_SERVICES@galaxy.symantec.com successfully added
# cpsadm -s mycps1.symantecexample.com -a add_user -e\
_HA_VCS_nebula@HA_SERVICES@nebula.symantec.com\
-g vx
User _HA_VCS_nebula@HA_SERVICES@nebula.symantec.com successfully added
Administering Storage Foundation Cluster File System and its components
Administering I/O Fencing
116