How to Regenerate Common Agent Container Security Keys

SunPlex Manager uses strong encryption techniques to ensure secure communication between the SunPlex Manager web server and each cluster node.

The keys used by the SunPlex Manager are stored under the /etc/opt/SUNWcacao/security directory on each node. They should be identical across all cluster nodes.

Under normal operation, these keys can be left in their default configuration. If you need to regenerate the keys due to a possible key compromise (for example, root compromise on the machine) or other reason, you can regenerate the security keys using the following procedure.

1. On all cluster nodes, stop the common agent container management daemon.

   # /opt/SUNWcacao/bin/cacaoadm stop

2. On one node of the cluster, regenerate the security keys.

   phys-schost-1# /opt/SUNWcacao/bin/cacaoadm create --force

3. Restart the common agent container management daemon on the node on which you regenerated the security keys.

   phys-schost-1# /opt/SUNWcacao/bin/cacaoadm start

4. Create a tarfile of the /etc/opt/SUNWcacao/security directory.

   phys-schost-1# tar cf /tmp/SECURITY.tar security

5. Copy the /tmp/Security.tar file to each of the cluster nodes.

6. On each node to which you copied the/tmp/SECURITY.tar file, extract the security files.

   Any security files that already exist in the /etc/opt/SUNWcacao/ directory are overwritten.

   phys-schost-2# cd /etc/opt/SUNWcacao phys-schost-2# tar xf /tmp/SECURITY.tar

7. Delete the /tmp/SECURITY.tar file from each node in the cluster.

   You must delete each copy of the tarfile to avoid security risks.

   phys-schost-1# rm /tmp/SECURITY.tar phys-schost-2# rm /tmp/SECURITY.tar

8. On all nodes, restart the common agent container management daemon.

   phys-schost-1# /opt/SUNWcacao/bin/cacaoadm start

9. Restart SunPlex Manager.

   # /opt/SUNWscvw/bin/apachectl restart