Chapter 4 Installing and Configuring Sun Cluster HA for Netscape Directory Server

This chapter describes the procedures for installing and configuring the Sun Cluster HA for Netscape Directory Server data service. This data service was formerly known as Sun Cluster HA for Netscape LDAP. Some error messages from the application might still use the name Netscape LDAP but they refer to Netscape Directory Server.

This chapter contains the following procedures:

• "How to Configure and Activate Network Resources"

• "How to Install Netscape Directory Server"

• "How to Configure Netscape Directory Server"

• "How to Install Sun Cluster HA for Netscape Directory Server Packages"

• "How to Complete the Sun Cluster HA for Netscape Directory Server Configuration"

• "How to Configure SUNW.HAStorage Resource Type"

• "How to Configure Sun Cluster HA for Netscape Directory Server Extension Properties"

You must configure Sun Cluster HA for Netscape Directory Server as a failover service. For general information about data services, resource groups, resources, and other related topics, see Chapter 1, Planning for Sun Cluster Data Services and the Sun Cluster 3.0 Concepts document.

Planning the Installation and Configuration

Use this section in conjunction with the worksheets in the Sun Cluster 3.0 Release Notes as a checklist before installation and configuration.

Consider the following prior to starting your installation:

• Where will the server root reside?

  You can store files and data that do not change on the local file system of each cluster node. However, place dynamic data on the cluster file system so they can be viewed or updated from any cluster node.

• If you plan on using multiple NDS instances on a node, you must set the listenhost directive in slapd.conf with the appropriate network resource as the IP address (a logical host name). This setting is necessary because the default NDS behavior is for the instance to bind to all IP addresses on the node.

  For example, to set up a particular instance to use the logical host name nds-1, put the following into its slapd.conf file: listenhost nds-1. That way, the instance binds to the logical host name nds-1 only rather than to all the IP addresses on the node.

Installing and Configuring Sun Cluster HA for Netscape Directory Server

Table 4-1 lists the sections that describe the installation and configuration tasks.

If you are running multiple data services in your Sun Cluster configuration, you can set up the data services in any order, with one exception: If you use Sun Cluster HA for DNS, you must set it up before setting up Netscape Directory Server. See Chapter 6, Installing and Configuring Sun Cluster HA for Domain Name Service (DNS) for details. DNS software is included in the Solaris operating environment. If the cluster is to obtain the DNS service from another server, configure the cluster to be a DNS client first.

After installation, do not manually start and stop Netscape Directory Server except by using the cluster administration command scswitch(1M). Refer to the man page for details. After Netscape Directory Server is started, it is controlled by Sun Cluster.

Configuring and Activating Network Resources

Before you install and configure Netscape Directory Server, set up the network resources the server attempts to use after it has been installed and configured. To configure and activate the network resources, use the Cluster Module of Sun Management Center or the following command-line procedure.

How to Configure and Activate Network Resources

To perform this procedure, you need the following information about your configuration:

• The names of the cluster nodes that can master the data service.

• The logical host name to be used by clients to access Sun Cluster HA for Netscape Directory Server. Normally, you set up this host name when you install the cluster. For details on setting up logical host names, see the section in the Sun Cluster 3.0 Installation Guide on setting up logical host names.

Perform this procedure on any cluster member.

1. Become superuser on a node in the cluster.

2. Verify that all network addresses that you are using have been added to your name service database.

   You should have done this verification as part of the Sun Cluster installation. For details, see the planning chapter in the Sun Cluster 3.0 Installation Guide.

   ---

   Note -

   To avoid any failures because of name service lookup, ensure that all logical host names and shared addresses are present in the /etc/hosts file on all cluster nodes. Configure name service mapping in /etc/nsswitch.conf on the servers to first check the local files before trying to access NIS, NIS+, or DNS.

   ---

3. Create a failover resource group to hold the network and application resources.

   # scrgadm -a -g resource-group-name [-h nodelist]

   -g resource-group-name

   Specifies the name of the resource group. This name can be your choice.

   -h nodelist

   Specifies an optional comma-separated list of physical node names or IDs that identify potential masters. The order here determines the order in which the nodes are considered as primary during failover.

   ---

   Note -

   Use -h to specify the order of the node list. If all the nodes in the cluster are potential masters, you need not use the -h option.

   ---

4. Add logical host name resources to the resource group.

   # scrgadm -a -L -g resource-group-name -l hostname, ...

   -L

   Specifies a logical host name resource is being added.

   -g resource-group-name

   Specifies the name of the resource group.

   -l hostname, ...

   Specifies a comma-separated list of logical host names.

5. Verify that all logical host names that you are using have been added to your name service database.

   You should have done this verification as part of the Sun Cluster installation. For details, see the planning chapter in the Sun Cluster 3.0 Installation Guide.

6. Enable the resource group and bring it online.

   # scswitch -Z -g resource-group-name

   -Z

   Moves the resource group to the managed state and brings it online.

   -g resource-group-name

   Specifies the name of the resource group.

Where to Go from Here

After the network resources have been configured and activated, proceed to install and configure Netscape Directory Server by using the procedure in the next section, "Installing and Configuring Netscape Directory Server".

Installing and Configuring Netscape Directory Server

Sun Cluster HA for Netscape Directory Server is the Netscape Directory Server that uses Netscape Lightweight Directory Access Protocol (LDAP) and runs under the control of Sun Cluster. This section describes the steps for installing Netscape Directory Server (by using the setup command) and enabling it to run as the Sun Cluster HA for Netscape Directory Server data service.

Netscape Directory Server requires some variation from the default installation parameters, notably:

• For the service to fail over correctly, when prompted for the name of Netscape Directory Server, instead of specifying a physical machine, you must specify a logical host name (IP address) that can fail over between nodes. This requirement means that before you begin the installation, you must set up the logical host name in your name services. This step is normally done as part of the Sun Cluster installation and is described in the Sun Cluster 3.0 Installation Guide.

• Do not use the default server root disk path when prompted; place your files on the cluster file system.

Do not remove or relocate any of the installed files or directories that the Netscape Directory Server installation places on the cluster file system. For example, do not relocate any of the client binaries, such as ldapsearch, that are installed along with the rest of the Netscape Directory Server software.

How to Install Netscape Directory Server

This procedure describes the interaction with the Netscape setup command. Only the sections that are specific to Sun Cluster HA for Netscape Directory Server are included here. For the other sections, choose or change the default values as appropriate. These are the basic steps only; for details, see the Netscape LDAP documentation.

1. Become superuser on a node in the cluster.

2. Run the setup command from the install directory on the Netscape CD.

3. From setup, choose the menu items to install a Netscape Server by using a Custom Installation.

   Supply the logical host name when the setup command prompts you for the full server name.

4. For the install location, select a location on the global file system, for example, /global/nsldap.

   Supply the logical host name when the setup command prompts you for the full server name. This step is required for failover to work correctly.

   ---

   Note -

   The logical host that you specify must be online on the node from which you are running the Netscape Directory Server installation. This state is necessary because at the end of the Netscape Directory Server installation, it automatically starts up Netscape Directory Server and fails if the logical host is offline on that node.

   ---

5. Select the logical host name along with your domain for the computer name, for example, schost-1.eng.sun.com.

6. When prompted for the IP address to be used as the LDAP Administrative Server, specify an IP address for one of the cluster nodes.

As part of the installation, you set up an LDAP Administrative Server. The IP address you specify for this server must be that of a physical cluster node, not the name of the logical host that will fail over.

How to Configure Netscape Directory Server

1. Use the Netscape admin server to configure and test Netscape Directory Server.

   See your Netscape documentation for details.

   Upon completion of the configuration, Netscape Directory Server starts automatically. Before proceeding to the next part of the installation and configuration process, you must stop the server by using stop-slapd.

Where to Go from Here

If the data service packages for Netscape Directory Server have not been installed from the Sun Cluster data service CD, go to "Installing Sun Cluster HA for Netscape Directory Server Packages". If the packages have been installed, go to "Completing the Sun Cluster HA for Netscape Directory Server Configuration".

Installing Sun Cluster HA for Netscape Directory Server Packages

The scinstall(1M) utility installs SUNWscnsl, the Sun Cluster HA for Netscape Directory Server data service package, on a cluster. You can install specific data service packages from the Sun Cluster data service CD by using interactive scinstall, or you can install all data service packages on the CD by using the -s option to non-interactive scinstall. The preferred method is to use interactive scinstall, as described in the following procedure.

The data service packages might have been installed as part of your initial Sun Cluster installation. If not, use this procedure to install them now.

How to Install Sun Cluster HA for Netscape Directory Server Packages

You need the Sun Cluster data service CD to complete this procedure. Run this procedure on all cluster members that can master Sun Cluster HA for Netscape Directory Server.

1. Load the data service CD into the CD-ROM drive.

2. Run scinstall with no options.

   This command starts scinstall in interactive mode.

3. Select the menu option: "Add support for new data service to this cluster node."

   You can then load software for any data services that exist on the CD.

4. Exit scinstall and unload the CD from the drive.

Where to Go from Here

See "Completing the Sun Cluster HA for Netscape Directory Server Configuration" to register Sun Cluster HA for Netscape Directory Server and configure the cluster for the data service.

Completing the Sun Cluster HA for Netscape Directory Server Configuration

To complete the Sun Cluster HA for Netscape Directory Server configuration, use the Cluster Module of Sun Management Center or the following command-line procedure. The example that follows the procedure shows the complete set of steps for installing and configuring Sun Cluster HA for Netscape Directory Server.

How to Complete the Sun Cluster HA for Netscape Directory Server Configuration

To perform this procedure, you need the following information about your configuration:

• The name of the resource type for Sun Cluster HA for Netscape Directory Server. This name is SUNW.nsldap.

• The names of the cluster nodes that can master the data service.

• The logical host name to be used by clients to access Sun Cluster HA for Netscape Directory Server. Normally, you set up this logical host name when you install the cluster. For details, see the section on setting up logical host names in the Sun Cluster 3.0 Installation Guide.

• The path to the Netscape Directory Server application binaries that are the resources for Sun Cluster HA for Netscape Directory Server. You can install the binaries on the local disks or the cluster file system. For a discussion of the advantages and disadvantages of each location, see Chapter 1, Planning for Sun Cluster Data Services.

• The port where Netscape Directory Server listens. For non-secure instances, the Port_list standard resource property for the Netscape Directory Server resource defaults to 389/tcp; the value for the secure port is 636/tcp. If you set the port to a number other than 389, you must specify that value when you configure Port_list. For instructions on setting resource properties, see Chapter 9, Administering Data Service Resources.

Run this procedure on any cluster member.

1. Become superuser on a node in the cluster.

2. Register the resource type for the data service.

   # scrgadm -a -t SUNW.nsldap

   -a

   Adds the data service resource type.

   -t SUNW.nsldap

   Specifies the predefined resource type name.

3. Add the Netscape Directory Server application resource in the failover resource group created previously.

   The resource group that contains the application resources is the same resource group created for your network resources in "How to Configure and Activate Network Resources".

   # scrgadm -a -j resource-name -g resource-group-name \ -t resource-type-name [-y Network_resources_used=network-resource, ...] \ -y Port_list=port-number/protocol -x Confdir_list=path

   -j resource-name

   Specifies the LDAP application resource name.

   -y Network_resources_used=network-resource

   Specifies a comma-separated list of network resources (logical host names or shared addresses) in resource-group-name, which the LDAP application resource must use.

   -t resource-type-name

   Specifies the resource type to which the resource belongs, for example, SUNW.iws.

   -y Port_list=port-number/protocol

   Specifies a port number and the protocol to be used, for example, 389/tcp. Port_list must have exactly one entry.

   -x Confdir_list=path

   Specifies a path for your LDAP configuration directory. The Confdir_list extension property is required. Confdir_list must have exactly one entry.

4. Enable the resource and its monitor.

   # scswitch -e -j resource-name

   -e

   Enables the resource and its monitor.

   -g resource-name

   Specifies the name of the application resource being enabled.

Example-Registering and Configuring Sun Cluster HA for Netscape Directory Server

This example shows how to register Sun Cluster HA for Netscape Directory Server.

Cluster Information
Node names: phys-schost-1, phys-schost-2
Logical hostname: schost-1
Resource group: lh-schost-1 (for all resources),Resources: schost-1 (logical hostname),	nsldap-1 (LDAP application resource) 
 
(Create a failover resource group.)
# scrgadm -a -g lh-schost-1 -h phys-schost-1,phys-schost-2
 
(Add a logical host name resource to the resource group.)
# scrgadm -a -L -g lh-schost-1 -l schost-1
 
(Bring the resource group online.)
# scswitch -Z -g lh-schost-1
 
(Install and configure Netscape Directory Server.)
 
(Stop the LDAP server.)
 
(Register the SUNW.nsldap resource type.)
# scrgadm -a -t SUNW.nsldap
 
(Create an LDAP resource and add it to the resource group.)
# scrgadm -a -j nsldap -g lh-schost-1 \
-t SUNW.nsldap -y Network_resources_used=schost-1 \
-y Port_list=389/tcp \
-x Confdir_list=/global/nsldap/slapd-schost-1
 
(Enable the application resources.)
# scswitch -e -j nsldap

How to Configure SUNW.HAStorage Resource Type

The SUNW.HAStorage resource type synchronizes actions between HA storage and data service. Because Sun Cluster HA for Netscape Directory Server is not disk-intensive and not scalable, setting up the SUNW.HAStorage resource type is optional.

For details on the background, see the SUNW.HAStorage(5) man page and "Relationship Between Resource Groups and Disk Device Groups". For the procedure, see "How to Set Up SUNW.HAStorage Resource Type for New Resources".

Configuring Sun Cluster HA for Netscape Directory Server Extension Properties

Table 4-2 describes the extension properties you can configure for Netscape Directory Server. The only required extension property for creating an Netscape Directory Server resource is Confdir_list, which specifies a directory in which the Netscape Directory Server configuration files reside.

How to Configure Sun Cluster HA for Netscape Directory Server Extension Properties

Typically, you configure the extension properties by using the Cluster Module of Sun Management Center or the command line scrgadm -x parameter=value at the time you create the Netscape Directory Server resource. You can also configure them later by using the procedures described in Chapter 9, Administering Data Service Resources.

See Appendix A, Standard Properties for details on all Sun Cluster properties.

Table 4-2 describes the Sun Cluster HA for Netscape Directory Server extension properties. Some extension properties can be updated dynamically and others only when the resource is created. The Tunable column indicates when the property can be updated.