Manualshelf

Reference Architecture: Consolidating Oracle Databases with Secure Resource Partitions in a Serviceguard Cluster Whitepaper

ManualsBrandsHP ManualsSoftwareHP-UX Containers (SRP)
11121314151617181920
12
If you are not using Serviceguard:
# srp -batch -a MKTPRD ip_address= 192.1.1.11 iface=lan0
ip_mask=255.255.255.0 gw_ip_address=192.1.1.1 login_group=mkt_dba
prm_group_type=PSET prm_cores=1
add compartment rules succeeded
add compartment directory succeeded
add RBAC admin role for compartment succeeded
add RBAC compartment login role succeeded
add startup directories succeeded
add prm rules succeeded
add compartment network service rules succeeded
add ipaddress 192.1.1.11 succeeded
add ipfilter rules succeeded
add compartment service succeeded
Task 4: Applying the sshd template
You can allow authorized users to remotely log in to the SRP using SSH. You must apply the sshd
template to the new SRP to configure SSH access to the SRP. In this example, use the -batch option
causing all default parameters to be used:
# srp -batch -a MKTPRD -t sshd
add compartment rules succeeded
add ipfilter rules succeeded
add provision service succeeded
Task 5: Applying the custom template
In this configuration, ipfilter restricts inbound network connections to only those services that will run
inside the SRP. Using the ipfilter service of the custom template, you can enable inbound connections
to the SQLNet port (1521).
1. Using batch mode, apply the custom template with the ipfilter service.
# srp -b -a MKTPRD -id sqlnet -t custom -s ipfilter ipf_tcp_ports=1521
add ipfilter rules succeeded
For Serviceguard integration:
When using Serviceguard, the SRPs LAN interface and network configuration will be
configured and controlled by the Serviceguard software, therefore the assign_ip
parameter is set to no, and no network mask or default gateway are configured (you will
configure them in the SRP Serviceguard scripts later).
# srp -batch -a MKTPRD ip_address=192.1.1.11 assign_ip=no
autostart=no login_group=mkt_dba prm_group_type=PSET prm_cores=1
add compartment rules succeeded
add compartment directory succeeded
add RBAC admin role for compartment succeeded
add RBAC compartment login role succeeded
add startup directories succeeded
add prm rules succeeded
add compartment network service rules succeeded
add ipaddress 192.1.1.11 succeeded
add ipfilter rules succeeded
add compartment service succeeded