After planning the SF Oracle RAC features that you want to configure, you must prepare to configure these features.
See About SF Oracle RAC component features
Workflow for fresh install of SF 5.0 for Oracle RAC represents the major tasks and decisions required to install and configure SF Oracle RAC.
Workflow for fresh install of SF 5.0 for Oracle RAC
Click the thumbnail above to view full-sized image.
Complete the following preparatory tasks based on the SF Oracle RAC features you want to configure:
Install the root broker only if you plan on using Symantec Product Authentication Service. The root broker administrator must install and configure the root broker before you configure the Authentication Service for SF Oracle RAC. Symantec recommends that you install the root broker on a stable system that is outside the cluster. You can install the root broker on an AIX, HP-UX, Linux, or Solaris system. See Symantec Product Authentication Service Installation Guide for more information. You can configure the Authentication Service during or after SF Oracle RAC installation.
See Symantec Product Authentication Service
[3] Install Symantec Product Authentication Service Root Broker.
Enter the system name on which to install Symantec Product Authentication Service: venus
The installsfrac program lists the depots that will be installed on the system. Press Enter to continue.
y
when the installer prompts you to configure the Symantec Product Authentication Service.
Do you want to start Symantec Product Authentication Service processes now? [y,n,q] y
Create encrypted files only if you plan on choosing the semiautomatic mode that uses an encrypted file to configure the Authentication Service. The encrypted files must be created by the administrator on the root broker node. The administrator must create encrypted files for each node that would be a part of the cluster before you configure the Authentication Service for SF Oracle RAC. See Veritas Cluster Server User's Guide for more information. You can configure the Authentication Service during or after SF Oracle RAC installation.
See Symantec Product Authentication Service
The example procedure assumes venus as the root broker node. The example procedure creates encrypted files for nodes galaxy and nebula that would form the SF Oracle RAC cluster rac_cluster101.
venus> # vssat showalltrustedcreds
For example, the domain name would resemble "Domain Name: root@venus.symantecexample.com" in the output.
For example, to verify on node galaxy:
venus> # vssat showprpl --pdrtype root \
--domain root@venus.symantecexample.com --prplname galaxy
venus> # vssat deleteprpl --pdrtype root \
venus> # vssat addprpl --pdrtype root --domain \
root@venus.symantecexample.com --prplname galaxy \
--password
password
--prpltype service
You must use this password that you create in the input file for the encrypted file.
The value that you provide for --prplname
in step 3 (for example, galaxy).
The value that you provide for --password
in step 3.
The value that you determined in step 1.
The installer presents the format of the input file for the encrypted file when you proceed to configure the Authentication Service using encrypted file. For example, the input file for authentication broker on galaxy would resemble:
broker=venus.symantecexample.com
hash=758a33dbd6fae751630058ace3dedb54e562fe98
root_domain=vx:root@venus.symantecexample.com
root_broker=venus.symantecexample.com:2821
Note that for security purposes, the command to create the output file for the encrypted file deletes the input file.
RootBroker> # vssat createpkg --in /path/to/blob/input/file.txt --out /path/to/encrypted/blob/file.txt --host_ctx AB-hostname
venus> # vssat createpkg --in /tmp/galaxy.blob.in \
--out /tmp/galaxy.blob.out --host_ctx galaxy
Note that this command creates a encrypted file even if you provide wrong password for "password=" entry, but the encrypted file will fail to install on authentication broker node.
Install the Cluster Management Console management server only if you plan to centrally manage multiple clusters. Make sure you have a root broker in your domain. SF Oracle RAC clusters need not be secure to configure Cluster Management Console to manage multiple clusters.
See Veritas Cluster Management Console
Refer to the Veritas Cluster Server Installation Guide for more information om installing the management server.