HP Integrity Virtual Machines 4.3: Installation, Configuration, Administration

ManualsBrandsHP ManualsSoftwareHP-UX Virtual Partitions (vPars) Software

181

182

183

184

185

186

187

188

189

190

• hpvmmigrate -h host39 — Look up host39-hpvm-migr first, and if not found, look

up host39.

• hpvmmigrate -h host39-hpvm-migr — Look up host39–hpvm-migr.

• hpvmmigrate -h host39.atl — Look up host39.atl.

Of course, target.fully.qualified.domain-name will not be modified.

By following this convention, defining an alias with suffix —hpvm-migr for the private network

connections, you block use of the site network for online migrations in case someone accidentally

specifies the target VM Host's hostname for the hpvmmigrate -h option.

9.3.2.4 Using NTP on VM Hosts

Using NTP to synchronize clocks is strongly recommended for Online VM Migration

environments. In addition to a typical NTP configuration, all the potential VM Hosts should use

each other as mutual peer NTP servers to help maintain time consistency between hosts.

9.3.3 SSH Setup Between the VM Hosts

Only superusers can execute the hpvmmigrate command. The migration of a guest is controlled

by a set of secure remote operations that must be enabled on both systems. The hpvmmigrate

command requires HP-UX Secure Shell (SSH) to be set up on both the source and target host

systems to provide a secure communication path between VM Hosts. SSH is installed on HP-UX

systems by default. Passwords-based and host-based authentication are not supported. SSH

security must be set up, so that superusers can use ssh commands between the source and target

VM Hosts without requiring interactive passwords.

The hpvmmigrate command uses SSH public-key based authentication between the source and

destination hosts. To enable secure communication between the source and target hosts, you

must generate SSH keys on both systems. You need root privileges to generate and set up the

SSH keys required for guest migration. The easiest way to do this is to use the secsetup script

provided by Integrity VM.

Execute the following command on both the source and target hosts:

# /opt/hpvm/bin/secsetup -r otherhost

Instead of using secsetup, SSH keys can be generated manually on the systems by using the

ssh-keygen command. The ssh-keygen command generates, manages, and converts

authentication keys for SSH. For information about manual SSH key generation, see the

ssh-keygen command HP-UX manpage.

9.3.3.1 Troubleshooting SSH Key Setup

If SSH is installed on both the source and the target system, you can run the ssh command on

the source host to establish a connection to the target host without providing a password. This

ability ensures that SSH keys are set up between the two hosts. If SSH keys are not set up properly,

the hpvmmigrate command produces an error message indicating that the SSH setup needs to

be checked.

If running the secsetup script does not work correctly, check the permissions on / to ensure

that superusers have write permissions. For example,

# 11 -d /

drwxr-xr-x 20 root root 8192 Apr 29 06:25 /

If your VM Host's root directory has different permissions than displayed in the previous example,

use the chmod command to correct them.

# chmod 755 /

If a VM Host is reinstalled at some point after using the secsetup script to configure SSH keys,

you might receive warning messages from ssh commands about keys changed, or bad keys in

your known_hosts file. In this case, use the ssh-keygen -R hostname command to remove

190 Migrating Virtual Machines