Lifekeeper™ for Linux Installation and Administration
Total Page:16
File Type:pdf, Size:1020Kb
LifeKeeper® for Linux Module 3: Configuration Learning Objectives At the end of this module, you will understand: . LifeKeeper GUI server and client concepts . LifeKeeper GUI client application and applet . LifeKeeper GUI permissions . LifeKeeper Communication Paths . Miscellaneous LifeKeeper server configuration options Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 2 Preparing to Run the GUI LifeKeeper GUI Overview . GUI Server Component • Must be running on each server in the cluster • Communicates with the LifeKeeper core via JNI (Java Native Interface) • Communicates with the client via RMI (Remote Method Invocation) . GUI Client Component runs… • As an application on a Linux system • As an applet invoked from a web browser (*Linux, Windows, Unix) Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 3 Preparing to Run the GUI LifeKeeper GUI . QuickStart Configuration Assistant . Menu Bar . Tool Bar . Status Window . Message Display . Popup Menus via right click Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 4 Preparing to Run the GUI LifeKeeper GUI Package (steeleye-lkGUI-<version>.<arch>.rpm) . Installs LifeKeeper GUI client in Java archive format . Installs LifeKeeper GUI Server . Installs LifeKeeper administration web server for use with web browsers (Java applet) . Installs a .java.policy file in /opt/LifeKeeper/htdoc containing minimum permissions to run LifeKeeper . Prepares LifeKeeper for GUI administration . To verify LifeKeeper GUI package installation rpm –qa | grep steel Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 5 Preparing to Run the GUI LifeKeeper GUI Server: . Install the Java Components • Must have the Java Runtime Environment on each server in the cluster. (JRE is included on Installation Support CD). • By default, LifeKeeper expects Java to be installed in /usr/java/jre<version>/bin . Start the GUI Server process on all servers • To start the GUI server process on each server the first time: /opt/LifeKeeper/bin/lkGUIserver start • Entries for the two GUI server daemons are are automatically added to /etc/inittab. • Web server and the Java RMI server port entries are automatically added to /etc/default/LifeKeeper. Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 6 Preparing to Run the GUI Configure GUI administrative users . a GUI user login is required to administer LifeKeeper from the GUI . root is automatically added during the installation as a GUI user. Password is the same as the Linux root user. GUI users should have the same password on all servers – eliminates requirement for user to enter multiple passwords during login /opt/LifeKeeper/bin/lkpasswd <user> /opt/LifeKeeper/bin/lkpasswd -d <user> Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 7 Running the LifeKeeper GUI Running GUI as a Java application: . GUI client and GUI server running on same system . To invoke: • /opt/LifeKeeper/bin/lkGUIapp . lkGUIapp script sets appropriate environment variables and starts application . LifeKeeper GUI appears, Cluster Connect dialog displayed Running GUI as a Java applet: . GUI client running on same or different system as GUI server . Requires web browser and Java Runtime Environment • Java 1.5 is fully tested and supported . Default URL is http://<hostname or IP address>:81 . Java security requires that server and client must be able to resolve each other’s host names and IP addresses. Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 8 Running the LifeKeeper GUI Running GUI as a Java Applet (continued): . On Linux a symlink must be created in the browser’s plugin directory to the Java plugin library. ln –s /usr/java/jre1.5.0_07/plugins/i386/ns7/libjavaplugin_oji.so \ /usr/lib/firefox/plugins/libjavaplugin_oji.so . Pre-Java 1.4 environments only: • Requires .java.policy file, so client can gain remote access to LifeKeeper servers and load Recovery Kit GUI extensions • Copy from /opt/LifeKeeper/htdoc/java.policy or http://<hostname>:81/java.policy • Set browser security parameters to low • See documentation for more information Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 9 Running the LifeKeeper GUI Running the GUI Client: Open the URL: http://<hostname>:81 Example: http://node1:81 . IP addresses of browser client system and all servers must be resolvable (Java security) . Java Virtual Machine started . applet files downloaded . applet initialized . Login dialog box should appear Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 10 LifeKeeper GUI Client (Review) LifeKeeper GUI Client: . Applet vs. Application • Applet allows client independence -- can run from Internet Explorer or Firefox on a Windows, Unix, or Linux client. • Applet does not require installation of any LifeKeeper packages on the client. • Applet supports security roles. • Application depends on the installation of the steeleye-lk and steeleye- lkGUI packages (requires a core product license). • Application can only be run on a Linux system. • Application has full control. • It is convenient to run the GUI as an application on an LifeKeeper server since the steeleye-lk and steeleye-lkGUI packages are already installed. Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 11 GUI Applet Permissions . Guest Permission . Operator Task Guest Operator Administrato r . Administrator Connect to and disconnect from servers X X X View servers and resources X X X View server properties and logs X X X View resource properties X X X Put resources into and out of service X X Modify server properties X Create and delete comm paths X Create and delete resource hierarchies X Extend and unextend resource hierarchies X Create and delete resource dependencies X Modify resource properties X Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 12 Configuring GUI Permissions . The GUI server must be invoked as root • During installation of the GUI package, an entry for the root login and password is automatically configured in the GUI password file with Administrator permission, allowing root to perform all LifeKeeper tasks on that server via the GUI application or web client. • If you plan to allow users other than root to use LifeKeeper GUI clients, then you need to configure LifeKeeper GUI users. Best practice is to always grant permissions on a cluster-wide basis • Grant permissions on a single-server basis is possible, but: – Confusing to users – Makes it impossible to perform administrative tasks Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 13 Configuring GUI Permissions . User administration performed through command line interface: lkpasswd . Most commands require entering the user's password twice (validation) . Effective on next login or when GUI server is restarted . Single permission per user per server . New permissions override old ones . Commands update GUI password file on the server being administered. Repeat on all servers in the cluster. Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 14 Configuring GUI Permissions . Grant Administrator permissions: /opt/LifeKeeper/bin/lkpasswd -administrator <user> . Grant Operator permissions: /opt/LifeKeeper/bin/lkpasswd -operator <user> . Grant Guest permissions: /opt/LifeKeeper/bin/lkpasswd -guest <user> . Change password (no change to access): /opt/LifeKeeper/bin/lkpasswd <user> . Remove access: /opt/LifeKeeper/bin/lkpasswd -delete <user> • (no password required) Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 15 Communication Paths . Two comm paths are strongly suggested . Comm Path Functions: • Inter-node communication for obtaining status information • Heartbeat signal for verifying the systems are alive . Comm Path Types: • TCP utilizing a LAN connection (multiple TCPs allowed) • TTY utilizing a serial port connection (only 1 TTY allowed) . Comm Path Priorities • TCP - priority from 1-99 (1 is the highest) • TTY - always defaults to the lowest priority (no configurable priority) Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 16 TCP Comm Path Setup: . Ethernet cards on the systems . IP addresses for each system . Two networks are suggested - one private LAN for LifeKeeper communication and one public LAN for user traffic. The user traffic LAN can be configured as a secondary comm path. Different comm paths cannot be on the same sub-net. Verify the network is functional before starting the comm path configuration. Network addresses must be resolvable, through /etc/hosts file and DNS. Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 17 TCP Comm Path Configuration: . Select <Edit> <Server> <Create Comm Path> . Fields to Enter: • Local System Name • Remote System Name(s) • Type: Select TCP • Local IP Address • Remote IP address(es) • Priority . Select “Create Local” . Select “Create Remote” Sep-10 Copyright © 2000-2010 by SteelEye Technology, Inc. All Rights Reserved World Wide. 18 TTY Comm Path Setup: . Requires a null modem cable . Note: Only one TTY comm path is allowed between systems . Test the serial path using the portio command $LKROOT/bin/portio