User's Guide

ManualsBrandsHP ManualsSoftwareHP Serviceguard Extension for SAP (SGeSAP)

Installation Step: IS240

Make sure that the required software packages are installed on all cluster nodes:

▲ Serviceguard Extension for SAP, T2803BA

The swlist command may be utilized to list available software on a cluster node

If a software component is missing install the required product depot files using the swinstall tool.

Installation Step: IS260

You need to allow remote access between cluster hosts.

This can be done by using remote shell remsh(1) or secure shell ssh(1) mechanisms.

If you allow remote access using the remote shell mechanism:

Create an .rhosts file in the home directories of the HP-UX users root and <sid>adm. Allow login for

root as root from all nodes including the node you are logged into. Allow login for root and <sid>adm

as <sid>adm from all nodes including the node you are logged into. Be careful with this step, many problems

result from an incorrect setup of remote access.

Check the setup with remsh commands. If you have to provide a password, the .rhosts does not work.

Installation Step: IS270

If you allow remote access using the secure shell mechanism:

1. Check with swlist to see if ssh (T1471AA) is already installed on the system:

swlist | grep ssh

If not, it can be obtained from http://www.software.hp.com/ISS_products_list.html.

2. Create a public and private key for the root user:

ssh-keygen -t dsa

Executing this command creates a .ssh directory in the root user's home directory including the following

files:

id_dsa

id_dsa.pub

The file id_dsa.pub contains the security information (public key) for the user@host pair e.g.

root@<local>. This information needs to be added to the file $HOME/.ssh/authorized_keys2 of the

root and <sid>adm user.

Create these files if they are not already there. This will allow the root user on <local>to remotely execute

commands via ssh under his own identity and under the identity of <sid>adm on all other relevant nodes.

On each cluster node where a SGeSAP package can run, test the remote access to all relevant systems as

user root with the following commands:

ssh <hostN> date

ssh -l <sid>adm <hostN> date

Do these tests twice since the first ssh command between two user/host pairs usually requires a keyboard

response to acknowledge the exchange of system level id keys.

Make sure that $HOME/.ssh/authorized_keys2 is not writable by group and others. The same is valid

for the complete path.

Permissions on ~<user> should be 755. Permissions on ~<user>/.ssh/authorized_keys2 must be

600 or 644.

Allowing group/other write access to .ssh or authorized_keys2 will disable automatic authentication.

After successful installation, configuration and test of the secure shell communication ssh can be used by

SGeSAP. This is done via setting the parameter REM_COMM to ssh in the SAP specific configuration file

sap.config of section Configuration of the optional Application Server Handling.

# REM_COMM=ssh

# REM_COMM=remsh

Installation Step: IS280

HP-UX Configuration 55