HP-UX IPSec Version A.03.02.02 Administrator's Guide HP-UX 11i version 2 and HP-UX 11i version 3 (762800-001, April 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPSec Software

211

212

213

214

215

216

217

218

219

220

The sections that follow contain specific examples for modular package configuration and legacy

package configuration files.

Modular Package Configuration Files

For each package using HP-UX IPSec, add a service module to the base module. The service module

will run the HP-UX IPSec monitor script. For example:

service_name ipsec

service_cmd /var/adm/ipsec/ipsec_status.sh

service_restart none

service_fail_fast_enabled no

service_halt_timeout 300

Legacy Package Configuration Files

Legacy packages configurations contain service information in the package control file and a

package control script.

Package Control File

The following are sample entries for HP-UX IPSec from a package control file:

SERVICE_NAME pkg1_ipsec

SERVICE_FAIL_FAST_ENABLED NO

SERVICE_HALT_TIMEOUT 300

Package Control Script

The following are sample entries for HP-UX IPSec from a package control script:

SERVICE_NAME[1]=pkg1_ipsec

SERVICE_CMD[1]="/var/adm/ipsec/ipsec_status.sh"

SERVICE_RESTART[1]=”-r 0”

Monitor Script Polling Interval

By default, the HP-UX IPSec monitor script polls IPsec every 60 seconds to verify that it is available.

To modify the polling interval, change the value of the IPSEC_POLLING_INTERVAL parameter

in the monitor script file, /var/adm/ipsec/ipsec_status.sh.

Step 9: Starting HP-UX IPSec and Serviceguard

HP-UX IPSec must be running on all cluster nodes with the same HP-UX IPSec configuration files

before you start the Serviceguard cluster. Use the following procedure to start HP-UX IPSec and

Serviceguard.

1. Start HP-UX IPSec. There are two ways to start HP-UX IPSec:

• Manually, using the ipsec_admin -start command.

• Automatically, at system boot-up time. See Chapter 4, “Step 9: Configuring HP-UX IPSec

to Start Automatically” (page 98) to configure HP-UX IPSec to start automatically at system

boot-up time.

2. After you have started HP-UX IPSec on all nodes in the cluster, you can start Serviceguard

using the cmruncl command, as described in the Serviceguard product documentation.

3. After the Serviceguard cluster is running, you can use the output from the ipsec_report

-cache command to verify that HP-UX IPSec is allowing heartbeat messages to pass in clear

text.

Adding a Node to a Running Cluster

If you have a running Serviceguard cluster that uses HP-UX IPSec and want to add a node to that

cluster, you must install the cluster HP-UX IPSec configuration files and start HP-UX IPSec on that

node before adding it to the cluster.

Step 9: Starting HP-UX IPSec and Serviceguard 213