Veritas Storage Foundation 5.1 SP1 for Oracle RAC Administrator"s Guide (5900-1512, April 2011)
Note: The CP server configuration file (/etc/vxcps.conf) must not contain a
line specifying security=0. If there is no line specifying "security" parameter
or if there is a line specifying security=1, CP server with security is enabled
(which is the default).
■ SF Oracle RAC cluster node(s) settings:
On SF Oracle RAC cluster, a user gets created for each cluster node in the local
authentication broker during VCS security configuration with the following
values:
■ username: _HA_VCS_hostname
■ domainname: HA_SERVICES@FQHN
■ domaintype: vx
where, FQHN is Fully Qualified Host Name of the client node
Run the following command on the SF Oracle RAC cluster node(s) to verify the
security settings:
# /opt/VRTScps/bin/cpsat showcred
The users described above are used only for authentication for the communication
between the following:
■ CP server and authentication broker configured on it
■ SF Oracle RAC cluster nodes and authentication brokers configured on them
For CP server's authorization, the following user gets created and used by
customized fencing framework on the SF Oracle RAC cluster, if security is
configured:
_HA_VCS_hostname@HA_SERVICES@FQHN
where, hostname is the client node name without qualification and FQHN is Fully
Qualified Host Name of the client node.
For each SF Oracle RAC cluster node, this user must be registered on the CP server
database before fencing starts on the SF Oracle RAC cluster node(s). This can be
verified by issuing the following command:
# cpsadm -s cp_server -a list_users
The following is an example of the command output:
Username/Domain Type Cluster Name / UUID Role
_HA_VCS_galaxy@HA_SERVICES@galaxy.symantec.com/vx cluster1/ {f0735332-e3709c1c73b9} Operator
Overview of Veritas Storage Foundation for Oracle RAC
About preventing data corruption with I/O fencing
70