Manualshelf

Reference Architecture: Consolidating Oracle Databases with Secure Resource Partitions in a Serviceguard Cluster Whitepaper

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
12345678910
10
See Appendix A: SRP setup (srp_sys s output) for full listing.
# srp_sys -setup
##############################
#
# Setup SRP default template
#
##############################
Loading SRP default template ... [ OK ]
Enable SRP configuration for the following services:
admin (compartment administrator) [y]
init (compartment startup and shutdown scripts) [y]
login (compartment login via pam_security) [y]
network (IP address and network interface management [y]
prm (Process Resource Management) [y]
ipfilter (ipfilter host firewall rules) [y]
ipsec (ipsec secure transport rules) [n]
provision (run customizable provision script) [y]
Selected SRP service(s) are:
cmpt,admin,init,login,network,prm,ipfilter,provision
Would you like to save the changes? [y]
Saving SRP default template ... [ OK ]
3. When srp_sys setup completes, if kernel changes have been made, you might need to
reboot the system. The screen prompts you to reboot if necessary. When compartment login is
enabled, only the root user can log in to the system (INIT compartment).
4. To grant a non-root user authorization to log in to the system, assign the user to the SRPlogin-init
role. For example:
# roleadm assign dougl SRPlogin-init
5. To list users assigned to the SRPlogin-init role, use the command: roleadm list
role=SRPlogin-init
# roleadm list role=SRPlogin-init
dougl:SRPlogin-init
dolker:SRPlogin-init
6. To view current settings, use srp_sys list:
# srp_sys -l
Checking Default Service List ... [ OK ]
Default Service List:
cmpt,admin,init,login,network,prm,ipfilter,provision
Security Containment Compartments ... [ OK ]
Compartment Login Configuration File ... [ OK ]
PRM Configuration ... [ OK ]
PRM Memory record status: Enabled ... [ OK ]
Network strong ES model ... [ OK ]
IPFilter module ... [ OK ]
IPsec installation ... [ Not Installed ]
SSHD Listener in INIT ... [ OK ]
For Serviceguard integration, run the srp_sys setup command (using the same
settings) on all nodes in the cluster that might run the SRP package.