HP-UX IPSec version A.02.01 Administrator's Guide
HP-UX IPSec and Serviceguard
Step 9: Configuring Serviceguard
Appendix G 357
Step 9: Configuring Serviceguard
Configure Serviceguard according to the Serviceguard product
documentation, with the additional requirements listed below. Verify the
Serviceguard configuration using the cmcheckconf command, as
described in the Serviceguard product documentation.
Cluster Configuration
HP strongly recommends that you do not secure heartbeat messages
using IPsec (with AH or ESP). However, if you did configure HP-UX
IPSec to secure heartbeat messages, increase the NODE_TIMEOUT
parameter value in the cluster configuration to allow time for HP-UX
IPSec to establish SAs and authenticate or encrypt the heartbeat
messages.
Package Configuration
For each package using HP-UX IPSec, create the Package Configuration
as described in the Serviceguard documentation. Create a service entry
for HP-UX IPSec. HP recommends that you set
SERVICE_FAIL_FAST_ENABLED to NO so Serviceguard will not halt the
node if HP-UX IPSec is not available. For example:
SERVICE_NAME pkg1_ipsec
SERVICE_FAIL_FAST_ENABLED NO
SERVICE_HALT_TIMEOUT 300
Package Control Script
In the package control script, configure the HP-UX IPSec service to use
the /var/adm/ipsec/ipsec_status.sh monitor script and no restarts
("-r 0"). For example:
SERVICE_NAME[
i
]=pkg1_ipsec
SERVICE_CMD[
i
]="/var/adm/ipsec/ipsec_status.sh"
SERVICE_RESTART[
i
]=”-r 0”