Skip Navigation Links | |
Exit Print View | |
Oracle Solaris Cluster Data Service for Apache Guide Oracle Solaris Cluster |
1. Installing and Configuring Oracle Solaris Cluster HA for Apache
Planning the Installation and Configuration
Overview of the Installation and Configuration Process for Oracle Solaris Cluster HA for Apache
Installing and Configuring Apache
Installing a Non-Secure Apache Webserver
How to Install and Configure the Apache Software From the Solaris CD-ROM
How to Install and Configure the Apache Software from the Apache Web Site
Installing a Secure Apache Webserver
How to Install and Configure the Apache Software Using mod_ssl
How to Install and Configure the Apache Software Using apache-ssl
Installing the HA for Apache Packages
How to Install the HA for Apache Packages
Registering and Configuring Oracle Solaris Cluster HA for Apache
Setting Oracle Solaris Cluster HA for Apache Extension Properties
Example-- Setting Monitor_Uri_List for Scalable HA for Apache Instance
Example-- Setting Monitor_Uri_List for Failover HA for Apache Instance
Tools for Registering and Configuring HA for Apache
How to Register and Configure the Oracle Solaris Cluster HA for Apache by Using clsetup
How to Configure SUNW.HAStoragePlus Resource Type
How to Verify Data Service Installation and Configuration
Tuning the Oracle Solaris Cluster HA for Apache Fault Monitor
Operations by the Oracle Solaris Cluster HA for Apache Fault Monitor
Operations by the Fault Monitor Before a Probe
Operations for a Nonsecure Web Server
Operations for a Monitored URI List
Operations for a Secure Web Server
Upgrading the SUNW.apache Resource Type
Information for Registering the New Resource Type Version
Information for Migrating Existing Instances of the Resource Type
The Apache webserver can be installed and set up as either a non secure or a secure webserver. This section provides procedures for both types of installations. To install a non secure version of the webserver, see one of the following procedures.
How to Install and Configure the Apache Software From the Solaris CD-ROM
How to Install and Configure the Apache Software from the Apache Web Site
To install a secure version of the webserver, see one of the following procedures.
How to Install and Configure the Apache Software Using mod_ssl
How to Install and Configure the Apache Software Using apache-ssl
Oracle Solaris Cluster HA for Apache works with the Apache software configured as either a web server or a proxy server.
See Apache documentation at http://www.apache.org for standard installation instructions. Contact your Sun sales representative for a complete list of Apache versions that are supported with the Oracle Solaris Cluster software.
Note - The Oracle Solaris Cluster HA for Apache can be configured to run in a whole root or a sparse root non-global zone, if required.
This section provides procedures for installing a non-secure Apache webserver. For procedures for installing a secure Apache webserver, see Installing a Secure Apache Webserver.
This procedure installs a non secure version of the Apache webserver. For procedures for installing a secure Apache webserver, see Installing a Secure Apache Webserver.
The Apache binaries are included in three packages—SUNWapchr, SUNWapchu, and SUNWapchd—that form the SUNWCapache package metacluster. You must install the SUNWapchr package before you install the SUNWapchu package.
Place the Web server binaries on the local file system on each of your cluster nodes or on a cluster file system.
Note - If you are using the clsetup utility to configure Oracle Solaris Cluster HA for Apache, skip Step 2 in this procedure. The clsetup utility automates Step 2.
If these packages have not been installed, install them as follows.
Starting with Solaris 9, run the following command.
# pkgadd -d Solaris-product-directory SUNWapchr SUNWapchu SUNWapchd
Starting with Solaris 10, run the following command.
# pkgadd -G -d Solaris-product-directory SUNWapchr SUNWapchu SUNWapchd
The output from the command is as follows.
... Installing Apache Web Server (root) as SUNWapchr ... [ verifying class initd ] /etc/rc0.d/K16apache linked-pathname /etc/rc1.d/K16apache linked-pathname /etc/rc2.d/K16apache linked-pathname /etc/rc3.d/S50apache linked-pathname /etc/rcS.d/K16apache linked-pathname ...
This step is necessary because Oracle Solaris Cluster HA for Apache starts and stops the Apache application after you have configured the data service. Perform the following steps.
The following example changes the first letter in the name of the run control script from uppercase to lowercase. However, you can rename the scripts to be consistent with your normal administration practices.
# ls -1 /etc/rc?.d/*apache /etc/rc0.d/K16apache /etc/rc1.d/K16apache /etc/rc2.d/K16apache /etc/rc3.d/S50apache /etc/rcS.d/K16apache # mv /etc/rc0.d/K16apache /etc/rc0.d/k16apache # mv /etc/rc1.d/K16apache /etc/rc1.d/k16apache # mv /etc/rc2.d/K16apache /etc/rc2.d/k16apache # mv /etc/rc3.d/S50apache /etc/rc3.d/s50apache # mv /etc/rcS.d/K16apache /etc/rcS.d/k16apache # ls -1 /etc/rc?.d/*apache /etc/rc0.d/k16apache /etc/rc1.d/k16apache /etc/rc2.d/k16apache /etc/rc3.d/s50apache /etc/rcS.d/k16apache
This procedure installs a non secure version of the Apache webserver. For procedures for installing a secure Apache webserver, see Installing a Secure Apache Webserver.
Place the web server binaries on the local file system on each of your cluster nodes or on a cluster file system.
Install the Apache software using the Apache installation documentation you received with your Apache software or see the installation instructions at http://www.apache.org.
Set the ServerName directive. (In Version 2.0 of Apache, the ServerName directive specifies the hostname and the port.)
Set the BindAddress directive (optional). (The BindAddress directive only exists in versions prior to Apache 2.0. For Apache 2.0, see the following bullet for the Listen directive.)
Set the Listen directive. The Listen directive must use the address of the logical host or shared address. (The Listen directive only exists in Apache 2.0 and beyond. For Apache versions prior to Apache 2.0, see the previous bullet for the BindAddress directive.)
Set the ServerType, ServerRoot, DocumentRoot, ScriptAlias, and LockFile directives.
Note - The ServerType directive does not exist in Apache 2.0.
Set the Port directive to the same number as the Port_list standard resource property. See Step 4 for more information.
Add the following lines of code to the httpd.conf configuration file if you choose to configure the Apache software as a proxy server.
# Proxy Server Directives. <IfModule mod_proxy.c> ProxyRequests On <Directory proxy:*> Order deny,allow Deny from all Allow from IP_ADDRESS </Directory> ProxyVia On </IfModule> # End of Proxy Server Direcives.
Note - If you configure the Apache software as a proxy server, the CacheRoot setting must point to a location on the cluster file system.
Note - If you are using the clsetup utility to configure Oracle Solaris Cluster HA for Apache, you do not need to update the BindAddress, ServerRoot, and Port directives. These directives are automatically updated when you run the clsetup utility.
You can edit the httpd.conf configuration file to change its port number or numbers to match the standard Oracle Solaris Cluster resource property default (port 80). Alternatively, while you configure Oracle Solaris Cluster HA for Apache, you can set the Port_list standard property to match the setting in the httpd.conf file.
You must change the paths from the Apache defaults to match your Apache directory structure. For example, change the line in the BIN_dir/apachectl script beginning with HTTPD=/usr/local/apache/bin/httpd to the following.
HTTPD='/usr/local/apache/bin/httpd -f /global/foo/apache/conf/httpd.conf'
Note - If you are using the clsetup utility to configure Oracle Solaris Cluster HA for Apache, skip this step. This step is automatically executed when you run the clsetup utility.
If Apache does not start up correctly, correct the problem.
This section provides procedures for installing a secure Apache webserver. For procedures for installing a non-secure Apache webserver, see Installing a Non-Secure Apache Webserver.
This procedure installs a secure version of the Apache webserver. For procedures for installing a non-secure Apache webserver, see Installing a Non-Secure Apache Webserver.
To install mod_ssl, see the Apache installation documentation or the installation instructions at http://www.modssl.org.
Set the ServerName directive.
Set the BindAddress directive (optional).
Set the ServerType, ServerRoot, DocumentRoot, ScriptAlias, and LockFile directives.
Set the Port directive to the same number as the Port_list standard resource property. See Step 4 for more information.
Add the following lines of code to the httpd.conf configuration file if you choose to configure the Apache software as a proxy server.
# Proxy Server Directives. <IfModule mod_proxy.c> ProxyRequests On <Directory proxy:*> Order deny,allow Deny from all Allow from IP_ADDRESS </Directory> ProxyVia On </IfModule> # End of Proxy Server Direcives.
Note - If you configure the Apache software as a proxy server, the CacheRoot setting must point to a location on the cluster file system.
You can edit the httpd.conf configuration file to change its port number or numbers to match the standard Oracle Solaris Cluster resource property default (port 80). Alternatively, while you configure Oracle Solaris Cluster HA for Apache, you can set the Port_list standard property to match the setting in the httpd.conf file.
# cd Bin_dir # touch keypass # chmod 700 keypass
# SSLPassPhraseDialog exec:/Bin_dir/keypass
See the mod_ssl documentation for details about the SSLPassPhraseDialog directive.
This file will be called with server:port algorithm as arguments. Make sure that the file can print the pass phrase for each of your encrypted keys when called with the correct parameters.
Later, when you attempt to start the web server manually, it must not prompt you for a pass phrase. For example, for a secure web server listening on ports 8080 and 8888, with private keys for both encrypted using RSA, the keypass file could be the following.
# !/bin/ksh host=`echo $1 | cut -d: -f1` port=`echo $1 | cut -d: -f2` algorithm=$2 if [ "$host" = "phys-schost-1.example.com" -a "$algorithm" = "RSA" ]; then case "$port" in 8080) echo passphrase-for-8080;; 8888) echo passphrase-for-8888;; esac fi
Note - The keypass file must not be readable, writable, or executable by anyone other than the owner.
SSLLogLevel warn
You must change the paths from the Apache defaults to match your Apache directory structure.
Make sure that the web server does not ask you for a passphrase.
If Apache does not start up correctly, correct the problem.
This procedure installs a secure version of the Apache webserver. For procedures for installing a non-secure Apache webserver, see Installing a Non-Secure Apache Webserver.
To install apache-ssl, see the Apache installation documentation or the installation instructions at http://www.apache-ssl.org.
Set the ServerName directive.
Set the BindAddress directive (optional).
Set the ServerType, ServerRoot, DocumentRoot, ScriptAlias, and LockFile directives.
Set the Port directive to the same number as the Port_list standard resource property. See Step 4 for more information.
Add the following lines of code to the httpd.conf configuration file if you choose to configure the Apache software as a proxy server.
# Proxy Server Directives. <IfModule mod_proxy.c> ProxyRequests On <Directory proxy:*> Order deny,allow Deny from all Allow from IP_ADDRESS </Directory> ProxyVia On </IfModule> # End of Proxy Server Direcives.
Note - If you configure the Apache software as a proxy server, the CacheRoot setting must point to a location on the cluster file system.
You can edit the httpd.conf configuration file to change its port number or numbers to match the standard Oracle Solaris Cluster resource property default (port 80). Alternatively, while you configure Oracle Solaris Cluster HA for Apache, you can set the Port_list standard property to match the setting in the httpd.conf file.
Later, when you attempt to start the web server manually, it must not prompt you for a pass phrase.
You must change the paths from the Apache defaults to match your Apache directory structure.
If Apache does not start up correctly, correct the problem.
Next Steps
If you did not install the HA for Apache during your initial Oracle Solaris Cluster installation, go to Installing the HA for Apache Packages. Otherwise, go to Registering and Configuring Oracle Solaris Cluster HA for Apache.