HP-UX IPSec version A.02.00 Administrator's Guide
HP-UX IPSec and MC/ServiceGuard
Step 9: Configuring MC/ServiceGuard
Chapter 8 269
Step 9: Configuring MC/ServiceGuard
Configure MC/ServiceGuard according to the MC/ServiceGuard product
documentation, with the additional requirements listed below. Verify the
MC/ServiceGuard configuration using the cmcheckconf command, as
described in the MC/ServiceGuard product documentation.
Cluster Configuration
HP strongly recommends that you do not secure heartbeat messages
using IPSec (with AH or ESP). However, if you did configure HP-UX
IPSec to secure heartbeat messages, increase the NODE_TIMEOUT
parameter value in the cluster configuration to allow time for HP-UX
IPSec to establish SAs and authenticate or encrypt the heartbeat
messages.
Package Configuration
For each package using HP-UX IPSec, create the Package Configuration
as described in the MC/ServiceGuard documentation. Create a service
entry for HP-UX IPSec. HP recommends that you set
SERVICE_FAIL_FAST_ENABLED to NO so MC/ServiceGuard will not halt
the node if HP-UX IPSec is not available. For example:
SERVICE_NAME pkg1_ipsec
SERVICE_FAIL_FAST_ENABLED NO
SERVICE_HALT_TIMEOUT 300
Package Control Script
In the package control script, configure the HP-UX IPSec service to use
the /var/adm/ipsec/ipsec_status.sh monitor script and no restarts
("-r 0"). For example:
SERVICE_NAME[
i
]=pkg1_ipsec
SERVICE_CMD[
i
]="/var/adm/ipsec/ipsec_status.sh"
SERVICE_RESTART[
i
]=”-r 0”