Manualshelf

HP-UX Containers (SRP) A.03.01 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
919293949596979899100
95
installed entirely under the container home directory, customization of the container’s
compartment rules is usually not necessary. Life cycle management, including cloning and
migration of the container will also be simplified as the application files will be managed as
part of the container.
Deploy files shared by multiple containers under the standard UNIX
directories for hosting shared application files (for example, /opt/ and
/usr/).
By default, containers are configured for the READ capability for these directories, and will
not need additional compartment rules configuration.
If you have applied IPFilter for the container, ensure that any additional
ports used by the application are allowed.
When the ipfilter service is enabled for the container, by default the inbound network
connections to the container are blocked. You must configure the ipfilter service to allow
inbound connections to any network ports that the application will listen on.
Use the custom template to apply additional capabilities to the container for
the application.
This will allow you to manage system configuration changes for the container on a per
container basis. Use a recognizable identifier, such as the application name for the
instance_id parameter when deploying the custom template. When deploying multiple
applications within a container, consider applying the custom template (if needed) once per
application.
16.7 Limitation and disallowed operations
By default, workload containers do not have disallowed privileges defined. You can choose to add
disallowed privileges on a per container basis for workload containers by editing the Security
Containment compartment definition.
16.8 Workload templates
The following table describes the templates that can be included for a workload container.
Table 16.1 Templates for workload container
Templates Description
workload
(Required) The primary template for the workload containers. The workload
template comprises of admin, cmpt, login, init, prm, nework, ipfilter,
and ipsec services. See 16.8.1 Workload template.
apache
(Optional) Adds configuration data for hosting HP-UX Apache-based Web
Server in a workload container. See 16.8.3 Apache template.
tomcat
(Optional) Adds configuration data for hosting an HP-UX Tomcat servlet engine
in a workload container. See 16.8.4 Tomcat template.
sshd
(Optional) Configures and provisions an HP-UX Secure Shell daemon (sshd) in
a workload container. See 16.8.2 SSHD template16.8.2 SSHD .
oracledb
(Optional) Manages configuration to enable the container to access an Oracle
database installation intended to be shared by multiple containers. If you intend