< Previous  | TOC | Index | Next  >

Preparing Storage Foundation cluster setup for optional features

After planning the Storage Foundation features that you want to configure, you must prepare to configure these features.

See About Storage Foundation component features

Workflow for fresh install of Storage Foundation for Oracle RAC represents the major tasks and decisions required to install and configure Storage Foundation.

Workflow for fresh install of Storage Foundation for Oracle RAC

Click the thumbnail above to view full-sized image.

Complete the following preparatory tasks based on the Storage Foundation features you want to configure:

• Installing root broker for Veritas Product Authentication Service
• Creating encrypted files for Veritas Product Authentication Service
• Installing the management server for the Veritas Cluster Management Console
• Installing Veritas Storage Foundation Management Server

Installing root broker for Veritas Product
Authentication Service

Install the root broker only if you plan on using Veritas Product Authentication Service. The root broker administrator must install and configure the root broker before you configure the Authentication Service for Storage Foundation. Symantec recommends that you install the root broker on a stable system that is outside the cluster. You can install the root broker on an AIX, HP-UX, Linux, or Solaris system. See Symantec Product Authentication Service Installation Guide for more information. You can configure the Authentication Service during or after Storage Foundation installation.

See Symantec Product Authentication Service

 To install the root broker

1. Change to the directory where you can start the installsfrac program:

   # cd cluster_server

2. Start the Root Broker installation program:

   # ./installsfrac -security

3. Select to install the Root Broker from the three choices that the installer presents:

   [3] Install Symantec Product Authentication Service Root Broker.

4. Enter the name of the system where you want to install the Root Broker.

   Enter the system name on which to install Veritas Product Authentication Service: venus

5. Review the output as the installer:
   • checks to make sure that the Storage Foundation supports the operating system
   • verifies that you are installing from the global zone (only on Solaris)
   • checks if the system already runs the security package
6. Review the output as the installsfrac program checks for the installed packages on the system.

   The installsfrac program lists the packages that will be installed on the system. Press Enter to continue.

7. Review the output as the installer installs the root broker on the system.
8. Enter y when the installer prompts you to configure the Symantec Product Authentication Service.
9. Enter a password for the root broker. Make sure the password contains a minimum of five characters.
10. Enter a password for the authentication broker. Make sure the password contains a minimum of five characters.
11. Press Enter to start the Authentication Server processes.

    Do you want to start Symantec Product Authentication Service processes now? [y,n,q] y

12. Review the output as the installer starts the Authentication Service.
13. If you plan to configure the Authentication Service during Storage Foundation installation, choose to configure the cluster in secure mode when the installer prompts you.

    See Configuring SF Oracle RAC Components

Creating encrypted files for Veritas Product
Authentication Service

Create encrypted files only if you plan on choosing the semiautomatic mode that uses an encrypted file to configure the Authentication Service. The encrypted files must be created by the administrator on the root broker node. The administrator must create encrypted files for each node that would be a part of the cluster before you configure the Authentication Service for Storage Foundation. See Veritas Cluster Server User's Guide for more information. You can configure the Authentication Service during or after Storage Foundation installation.

See Symantec Product Authentication Service

The example procedure assumes venus as the root broker node. The example procedure creates encrypted files for nodes north and south that would form the Storage Foundation cluster rac_cluster101.

 To create encrypted files

1. Determine the root broker domain name. Enter the following command on the root broker system:

   venus> # vssat showalltrustedcreds

   For example, the domain name would resemble "Domain Name: root@venus.symantecexample.com" in the output.

2. For each node in the cluster, make sure that you have created an account on root broker system.

   For example, to verify on node north:

   venus> # vssat showprpl --pdrtype root \

   --domain root@venus.symantecexample.com --prplname north

   • If the output displays the principal account on root broker for the authentication broker on the node, then delete the existing principal accounts. For example:

     venus> # vssat deleteprpl --pdrtype root \

     --domain root@venus.symantecexample.com \

     --prplname north --silent

   • If the output displays an error similar to "Failed To Get Attributes For Principal," then the account for given authentication broker is not created on this root broker. Proceed to step 3.
3. Create a principal account for each authentication broker in the cluster. For example:

   venus> # vssat addprpl --pdrtype root --domain \

   root@venus.symantecexample.com --prplname north \

   --password password --prpltype service

   You must use this password that you create in the input file for the encrypted file.

4. Make a note of the following information that is required for the input file for the encrypted file.
   • hash - The root hash string that consists of 40 characters, as shown by the command:

     venus> # vssat showbrokerhash

   • identity - Authentication broker identity

     The value that you provide for --prplname in step 3 (for example, north).

   • password - Authentication broker password

     The value that you provide for --password in step 3.

   • root_domain - Domain name of the root broker system

     The value that you determined in step 1.

   • broker_admin_password - Authentication broker password for Administrator account on the node

     Provide a password of at least five characters long.

5. For each node in the cluster, create the input file for the encrypted file.

   The installer presents the format of the input file for the encrypted file when you proceed to configure the Authentication Service using encrypted file. For example, the input file for authentication broker on north would resemble:

   [setuptrust]

   broker=venus.symantecexample.com

   hash=758a33dbd6fae751630058ace3dedb54e562fe98

   securitylevel=high

   [configab]

   identity=north

   password=password

   root_domain=vx:root@venus.symantecexample.com

   root_broker=venus.symantecexample.com:2821

   broker_admin_password=ab_admin_password

   start_broker=true

   enable_pbx=false

6. Back up these input files that you created for the authentication broker on each node in the cluster.

   Note that for security purposes, the command to create the output file for the encrypted file deletes the input file.

7. For each node in the cluster, create the output file for the encrypted file from the root broker system using the following command.

   RootBroker> # vssat createpkg --in /path/to/blob/input/file.txt --out /path/to/encrypted/blob/file.txt --host_ctx AB-hostname

   For example:

   venus> # vssat createpkg --in /tmp/north.blob.in \

   --out /tmp/north.blob.out --host_ctx north

   Note that this command creates a encrypted file even if you provide wrong password for "password=" entry, but the encrypted file will fail to install on authentication broker node.

8. After you complete creating output files for the encrypted file, you must copy these files to the installer node.
9. After you have created the encrypted file, you can start the Storage Foundation installation and choose to configure the cluster in secure mode.

   See Configuring SF Oracle RAC Components

Installing the management server for the Veritas Cluster
Management Console

Install the Cluster Management Console management server only if you plan to centrally manage multiple clusters. Make sure you have a root broker in your domain. Storage Foundation clusters need not be secure to configure Cluster Management Console to manage multiple clusters.

See Veritas Cluster Management Console

Install the Cluster Management Console management server and supporting components on a standalone system (outside any cluster but on the local network). Configure the management server to use a previously installed root broker or install and configure a root broker on the management server host.

You can install the management server on one of the following supported operating systems:

• Installing the management server on Solaris
• Installing the management server on Windows

Refer to the Veritas Cluster Server Installation Guide for supported software information for the Cluster Management Console.

Installing the management server on Solaris

You must install the management server on a system outside the cluster. This procedure follows a script of a successful installation. If at any step you experience a result other than the expected result that is documented here, you can click "n" to re-enter information. If you continue to have problems, click "q" to quit the installation and then verify the installation prerequisites.

 To install the management server on Solaris

1. Insert the distribution media into the disc drive on the local system. At the command prompt, type the following command to run the setup program:

   ./installer -rsh

   The setup program (setup) presents copyright information followed by a menu titled, "Storage Foundation and High Availability Solutions 5.0".

2. Enter i to specify a task.

   Enter a Task: [I,C,L,P,U,D,Q,?] i

   Setup displays another menu that lists products that are available for installation.

3. Select the menu number that corresponds to Veritas Cluster Management Console.

   Select a product to install: [1-13,b,q]

   Setup presents a description of the product.

4. Enter 1 to select a product component.

   Enter '1' to install the Management Server, '2' to install the Cluster

   Connector: [1-2,q] (1) 1

   Setup presents a message stating that it will install the management server.

5. Enter y to verify that the information up to this point is correct.

   Is this information correct? [y,n,q] (y)

   Setup performs an initial system check of the local system and checks for installed packages on the local system. If these checks are satisfactory, setup lists the packages to be installed.

   Storage Foundation and High Availability Solutions 5.0

   installer will install the following CMC packages:

   VRTSat Symantec Product Authentication Service

   VRTSperl Veritas Perl 5.8.8 Redistribution

   VRTSdbms3 Symantec Shared DBMS

   VRTSjre15 Veritas Java Runtime Environment Redistribution

   VRTSweb Veritas Java Web Server

   VRTScmcm Veritas Cluster Management Console

   VRTScmcdc Veritas Cluster Management Console Documentation

   Press [Return] to continue:

6. Press Enter.

   You may install Cluster Management Console packages without performing configuration. The setup program gives you the option to configure Cluster Management Console now, and provides instructions for configuring Cluster Management Console later.

7. Enter y to configure Cluster Management Console.

   Are you ready to configure CMC? [y,n,q] (y)

8. Enter a unique management server display name, such as:

   Enter a unique management server display name: [?] mgmtserver1_sol9

9. Enter the network address used by the management server, such as:

   Enter the network address used by the management server [b,?] mgmtserver1.symantecexample.com

10. When prompted, enter a location for the management server database.

    Enter the desired location of the database to be used by the management server [b,?] (/opt/VRTScmc/db)

    Setup repeats the management server display name, the management server network address, and the database location.

11. Enter y to verify that the information up to this point is correct.

    Is this information correct? [y,n,q,b] (y)

    Setup describes local user configuration and custom user configuration.

12. Configure a local user or a custom user as the initial management server administrator. This is the first user account that is enabled to log in to the Cluster Management Console.

    Make your selection and then specify the following user authentication details:

    • For a local user, setup assumes that the domain name is the name of the local system and that the domain type is unixpwd, or UNIX password. When prompted for the initial management server user name, enter root or another administrator-level user for the local system.
    • For a custom user, you must explicitly specify the domain name and the domain type along with the user name. Follow the three separate prompts to enter this user information.

      Local User:

      Configure a user on the local machine as the initial admin user.

      Custom User:

      Configure a user manually.

      1) Local User

      2) Custom User

      Enter '1' to enter the name of a local user, '2' to set up a custom user:

      [1-2,q] (1) 1

      Storage Foundation and High Availability Solutions 5.0

      Local admin user selection:

      To log in to the CMC Management Server, enter the name of a local user to be set as the administrator. The domain and domain type will be automatically selected for you.

      Enter the initial management server user name: [b,?] (root)

      Storage Foundation and High Availability Solutions 5.0

      Management Server admin user verification:

      Management Server User Name: root

13. Enter y to verify that the information up to this point is correct.

    Is this information correct? [y,n,q,b] (y)

    Setup describes a particular management server service account, which the management server uses for secure internal communications with cluster connector. This account is named CMC_CC@CMC_SERVICES.

14. Enter a password for the management server service account and confirm it at the next prompt.

    Enter a password for the CMC service account:xxxxx

    Confirm the password you entered for the CMC service account:xxxxx

    When you install and configure cluster connector, you must provide this same password for the CMC_CC@CMC_SERVICES account.

15. Specify whether or not you want the management server to use a remote root broker for user authentication.

    If you have already configured a root broker in your network, Symantec recommends that you enter y to use that existing root. Specify the additional details for that remote root broker exactly as specified.

    If you do not have a currently-configured root broker, enter n to install and configure a root broker on the management server host.

    After you enter y or n, setup installs an authentication broker on the management server and configures it to use whichever root broker you selected. When finished, setup presents:

    • Installation progress percentages
    • Status for writing the management server configuration file
    • Status for creating secure internal service accounts
16. Enter y to start Veritas Cluster Management Console processes now.

    Do you want to start Veritas Cluster Management Console processes now? [y,n,q,b] (y)

    Setup presents startup progress percentages and, if successful, displays the following message:

    Startup completed successfully on all systems.

17. Enter an encryption key of at least five characters.

    Enter five or more characters to be used an encryption key: [b] xxxxx

    This key must be retained in a secure file and referenced using the -enckeyfile option if the generated responsefile is to be used again.

    Press [Return] to continue:

18. Press Enter to continue.

    Record the location that setup provides for the installation log files, summary file, and response file. Also ensure that you record the initial admin user information. You must use this account to log in to the Cluster Management Console for the first time.

Installing the management server on Windows

You must install the management server on a system outside all clusters. Windows Management Instrumentation (WMI) is a prerequisite for installing and using the management server and cluster connector.

 To install WMI

1. Log on as a user that has administrator privileges on the system on which you want to install WMI.
2. On the Start menu, click Settings, and then click Control Panel.
3. In the Control Panel window, double-click Add or Remove Programs.
4. In the task pane, click Add/Remove Windows Components.
5. Click Management and Monitoring Tools, then click Details.
6. Ensure that the WMI Windows Installer Provider is checked, and then click OK.
7. Click Next.
8. If prompted, insert the Windows CD and click OK.
9. After installation is complete, click Finish.
10. Restart your computer.

 To install the management server on Windows

1. On the distribution disc, locate the \installer directory.
2. Double-click the setup file.

   Depending upon the operating system, you may or may not receive the following warning message:

   The publisher could not be verified. Are you sure you want to run this software?

   If you receive this message, click Run.

3. In the Welcome to the Veritas Cluster Management Console Installation Manager dialog box, read the introduction and then click Next.
4. In the Installation and Configuration Options dialog box, click Install a new management server on the local node, and then click Next.
5. In the Management Server Installation Directory dialog box, leave the default installation path provided in the text box or click Browse to search for another installation location. Click Next to accept the path.
6. In the Management Server Information dialog box, enter the system name and IP address of the intended management server host.

   You cannot change the port specification, 14145, but it is provided to help you to prevent port conflicts when configuring other software. The other ports used by the Cluster Management Console are 8181 (HTTP), 8443 (HTTPS), and 2994 (DBMS; this port can be shared with other Symantec products)

7. In the Database File Path box, leave the default database path provided or click Browse to search for another location for the database. Click Next to accept the path.
8. In the Services Account Password dialog box, enter a password for the user account that cluster connector uses for management server communications, and then click Next.

   Record the password that you enter in a safe place. You must use it again whenever you install or configure cluster connector.

9. In the User Credential Confirmation dialog box, leave the automatically-detected user information provided or specify another user name, domain, and domain type.

   This user becomes the initial management server user. You must provide the credentials entered at this step when logging in to the management server for the first time.

10. In the Summary dialog box, review the information you have specified and, if satisfactory, click Next to accept it and start the installation.

    The Installing Veritas Cluster Management Console dialog box displays a progress bar and a status message window for the installation.

11. When you receive the following message, click Next:

    "Done deleting installation files from node...,"

12. In the Completed the Symantec Veritas Cluster Management Console Installation Manager dialog box, review the information about how to connect to the management server and log in for the first time. Record this information in a safe place and then click Finish.
13. Note the log file locations. The installer creates log files at the following locations:
    • Installation logs - C:\Documents and Settings\All Users\Application Data\Veritas\Cluster Management Console. The file names are Install_GUI_0.log and Install_MSI_0.log.
    • Management server logs - C:\Program Files\Veritas\Cluster Management Console\log

Installing Veritas Storage Foundation Management Server

Obtain the Storage Foundation Management Server software and install SF Management software on a system outside the cluster. For information on ordering SF Management Server, visit:

www.symantec.com/enterprise/sfms

Refer to the Storage Foundation Management Server documentation for details.