Installing and Configuring an iPlanet Web Server

This section describes the steps to use the setup command to perform the following tasks.

• Install the iPlanet Web Server.

• Enable the iPlanet Web Server to run as Sun Cluster HA for iPlanet Web Server.

You must follow certain conventions when you configure URL mappings for the Web server. For example, to preserve availability when setting the CGI directory, you must locate the mapped directories on the cluster file system. In this example, you map your CGI directory to /global/pathname/cgi-bin.

In situations where the CGI programs access "back-end" servers, such as an RDBMS, ensure that the Sun Cluster software also controls the "back-end" server. If the server is an RDBMS that the Sun Cluster software supports, use one of the highly available RDBMS packages. Alternatively, you can use the APIs documented in the Sun Cluster 3.0 12/01 Data Services Developers' Guide to put the server under Sun Cluster control.

How to Install an iPlanet Web Server

To perform this procedure, you need the following information about your configuration.

• The server root directory (the path to the application binaries). You can install the binaries on the local disks or on the cluster file system. For a discussion of the advantages and disadvantages of each location, see "Determining the Location of the Application Binaries".

• The logical hostname (for failover services) or shared address (for scalable services) that clients use to access the data service. You must configure these addresses, and they must be online.

If you run Sun Cluster HA for iPlanet Web Server and another HTTP server and they use the same network resources, configure them to listen on different ports. Otherwise, a port conflict might occur between the two servers.

1. Become superuser on a cluster member.

2. Run the setup command from the iPlanet install directory on the CD.

3. When prompted, enter the location where the iPlanet server binaries will be installed.

   You can specify a location on the cluster file system or on local disks for the location of the install. If you choose to install on local disks, run the setup command on all of the cluster nodes that are potential primaries of the network resource (logical hostname or shared address) that the next step specifies.

4. When prompted for a machine name, enter the logical hostname on which the iPlanet server depends and the appropriate DNS domain name.

   A full logical hostname is of the format network-resource.domainname, such as schost-1.sun.com.

   ---

   Note -

   For Sun Cluster HA for iPlanet Web Server to fail over correctly, you must use either the logical hostname or shared address resource name (rather than the physical hostname) here and everywhere else that you are asked.

   ---

5. Select Run Admin Server as Root when you are asked.

   Note the port number that the iPlanet install script selects for the administration server. You might want to use this default value later when you use the admin server to configure an instance of the iPlanet Web server. Otherwise, you can specify a different port number when you configure the iPlanet server instance.

6. Type a Server Administrator ID and a chosen password when you are asked.

   Follow the guidelines for your system.

   When a message displays that the admin server will be started, your installation is ready for configuration.

Where to Go From Here

To configure the Web server, see one of the following sections.

To configure a secure instance of the Web server, determine the iPlanet Web Server version you are using, then see one of the following two sections.

• "How to Set up a Secure Instance of an iPlanet Web Server (iPlanet Web Server 5.0)"

• "How to Set up a Secure Instance of an iPlanet Web Server (iPlanet Web Server 6.0)"

To configure a non-secure instance of the Web server, see the following section.

• "How to Configure an iPlanet Web Server"

How to Set up a Secure Instance of an iPlanet Web Server (iPlanet Web Server 5.0)

Any certificates that are installed for a secure instance of an iPlanet Web Server must be installed from all cluster nodes. The following procedure involves running the administrative console on each node.

1. Determine the iPlanet Web Server release that you use.

   If you use iPlanet Web Server 5.0, proceed to the next step.

   If you use iPlanet Web Server 6.0, see "How to Set up a Secure Instance of an iPlanet Web Server (iPlanet Web Server 6.0)".

2. Ensure that you are installing a secure instance of iPlanet Web Server.

   If you are not installing a secure instance of iPlanet Web Server, proceed to "How to Configure an iPlanet Web Server".

3. Run the administrative server on node1.

4. From your web browser, connect to the administrative server as http://node1.domain:port.

   For example, http://phys-schost-1.eng.sun.com:8888, or whatever you specified as the admin server port. The port is typically 8888.

5. Install the certificate on node1.

6. Stop the administrative server on node1, and run the admin server from node2.

7. From the web browser, connect to the new admin server as http://node2.domain:port.

   For example, http://phys-schost-2.eng.sun.com:8888.

8. Repeat these steps for the remaining nodes.

9. Proceed to "How to Configure an iPlanet Web Server".

How to Set up a Secure Instance of an iPlanet Web Server (iPlanet Web Server 6.0)

Any certificates that are installed for a secure instance of an iPlanet Web Server must be installed from all cluster nodes. The following procedure involves running the admin console on each node.

1. Determine the iPlanet Web Server release that you use.

   If you use iPlanet Web Server 6.0, proceed to the next step.

   If you use iPlanet Web Server 5.0, see "How to Set up a Secure Instance of an iPlanet Web Server (iPlanet Web Server 5.0)".

2. Ensure that you are installing a secure instance of iPlanet Web Server.

   If you are not installing a secure instance of iPlanet Web Server, proceed to "How to Configure an iPlanet Web Server".

3. Run the administrative server on node1.

4. From your web browser, connect to the administrative server as http://node1.domain:port.

   For example, http://phys-schost-1.eng.sun.com:8888.

   Use the port number that you specified as the administrative server port during installation. The default port number is 8888.

5. Install the certificate on node1.

   This installation creates three certificate files. One file, secmod.db, is common to all nodes, and the other two are specific to node1. These files are located in the alias subdirectory, under the directory in which the iPlanet Web Server files are installed.

6. If you installed iPlanet Web Server on a cluster file system, complete the following tasks. If you installed iPlanet Web Server on a local file system, go to Step 5.

   1. Note the location and file names for the three files created when installing the certificate in Step 5.

      For example, if you installed iPlanet Web Server in /global/iws/servers, and you used the IP address IPx when installing the certificate, then the paths to the files on node1 would be as follows.

      /global/iws/servers/alias/secmod.db

      /global/iws/servers/alias/https-IPx-node1-cert7.db

      /global/iws/servers/alias/https-IPx-node1-key3.db

   2. Create symbolic links for all of the other cluster nodes to the node-specific files for node1.

      In the following example, substitute the appropriate file paths for your system.

      ln -s /global/iws/servers/alias/https-IPx-node1-cert7.db /global/iws/servers/alias/https-IPx-node2-cert7.db ln -s /global/iws/servers/alias/https-IPx-node1-key3.db /global/iws/servers/alias/https-IPx-node2-key3.db

7. If you installed iPlanet Web Server on a local file system, complete the following tasks.

   1. Note the location and file names for the three files created on node1 when installing the certificate in Step 3.

      For example, if you installed iPlanet Web Server in /local/iws/servers, and you used the IP address IPx when installing the certificate, then the paths to the files on node1 would be as follows.

      /local/iws/servers/alias/secmod.db

      /local/iws/servers/alias/https-IPx-node1-cert7.db

      /local/iws/servers/alias/https-IPx-node1-key3.db

   2. Move the three certificate files to a location on the cluster file system.

      In the following example, substitute the appropriate file paths for your system.

      mv /local/iws/servers/alias/secmod.db /global/secure/secmod.db mv /local/iws/servers/alias/https-IPx-node1-cert7.db /global/secure/https-IPx-node1-cert7.db mv /local/iws/servers/alias/https-IPx-node1-key3.db /global/secure/https-IPx-node1-key3.db

   3. Create symbolic links between the local and global paths of the three certificate files.

      Create the symbolic links on each cluster node.

      In the following example, substitute the appropriate file paths for your system.

      Symbolic links for node1 ln -s /global/secure/secmod.db /local/iws/servers/alias/secmod.db ln -s /global/secure/https-IPx-node1-cert7.db /local/iws/servers/alias/https-IPx-node1-cert7.db ln -s /global/secure/https-IPx-node1-key3.db /local/iws/servers/alias/https-IPx-node1-key3.db Symbolic links for node2 ln -s /global/secure/secmod.db /local/iws/servers/alias/secmod.db ln -s /global/secure/https-IPx-node1-cert7.db /local/iws/servers/alias/https-IPx-node2-cert7.db ln -s /global/secure/https-IPx-node1-key3.db /local/iws/servers/alias/https-IPx-node2-key3.db

8. Proceed to "How to Configure an iPlanet Web Server".

How to Configure an iPlanet Web Server

This procedure describes how to configure an instance of the iPlanet Web Server to be highly available. Use the Netscape browser to interact with this procedure.

Your configuration files can reside on either a local file system or on the cluster file system.

1. Ensure that you are installing a non-secure instance of the Web server.

   If you are installing a secure instance of the iPlanet Web Server and you use iPlanet Web Server 5.0, see "How to Set up a Secure Instance of an iPlanet Web Server (iPlanet Web Server 5.0)".

   If you are installing a secure instance of iPlanet Web Server and you use iPlanet Web Server 6.0, see "How to Set up a Secure Instance of an iPlanet Web Server (iPlanet Web Server 6.0)".

2. Ensure that you have installed the browser on a machine that can access the network on which the cluster resides.

   You can install the browser on a cluster node or on the administrative workstation for the cluster.

3. From the administrative workstation or a cluster node, start the Netscape browser.

4. On one of the cluster nodes, go to the directory https-admserv, then start the iPlanet admin server.

   cd https-admserv ./start

5. Enter the URL of the iPlanet admin server in the Netscape browser.

   The URL consists of the physical hostname and port number that the iPlanet installation script established in Step 4 of the server installation procedure, for example, n1.eng.sun.com:8888. When you perform Step 4 of this procedure, the ./start command displays the admin URL.

   When prompted, use the user ID and password that you specified in Step 6 of the server installation procedure to log in to the iPlanet administration server interface.

6. Begin to administer the iPlanet Web Server instance that was created.

   If you need another instance, create a new one.

   The administration graphical interface provides a form with details of the iPlanet server configuration. You can accept the defaults on the form, with the following exceptions.

   • Verify that the server name is correct.

   • Verify that the server user is set as superuser.

   • Change the bind address field to one of the following addresses.

     • A logical hostname or shared address if you use DNS as your name service

     • The IP address associated with the logical hostname or shared address if you use NIS as your name service

7. Create a directory on the local disk of all of the nodes to hold the logs, error files, and PID file that iPlanet Web Server manages.

   For iPlanet to work correctly, these files must be located on each cluster node, not on the cluster file system.

   Choose a location on the local disk that is the same for all of the cluster nodes. Use the mkdir -p command to create the directory. Make nobody the owner of this directory.

   The following example shows how to complete this step.

   phys-schost-1# mkdir -p /var/pathname/http-instance/logs/

   ---

   Note -

   If you anticipate large error logs and PID files, do not put them in a directory under /var because they will overwhelm this directory. Rather, create a directory in a partition with adequate space to handle large files.

   ---

8. Edit the ErrorLog, PidLog, and access log entries in the magnus.conf file to reflect the directory created in the previous step, and synchronize the changes from the administrator's interface.

   The magnus.conf file specifies the locations for the error, access, and PID files. Edit this file to change the error and PID file locations to the directory that you created in Step 7. The magnus.conf file is located in the config directory of the iPlanet server instance. If the instance directory is located on the local file system, you must modify the magnus.conf file on each of the nodes.

   The original file should resemble the following example.

   ErrorLog /global/data/netscape/https-schost-1/logs/error PidLog /global/data/netscape/https-insecure-schost-1/logs/pid ... Init fn=flex-init access="$accesslog" ...

   Modify the original file to match the following entries.

   ErrorLog /var/pathname/http-instance/logs/error PidLog /var/pathname/http-instance/logs/pid ... Init fn=flex-init access:/var/pathname/http-instance/logs/access" ...

   As soon as the administrator's interface detects your changes, the interface displays a warning message, as follows.

   Warning: Manual edits not loaded Some configuration files have been edited by hand. Use the Apply button on the upper right side of the screen to load the latest configuration files.

9. Click Apply as prompted.

   The administrator's interface then displays the following warning.

   Configuration files have been edited by hand. Use this button to load the latest configuration files.

10. Click Load Configuration Files.

11. Use the administrator's interface to set the location of the access log file.

    From the administration graphical interface, click the Preferences tab and then Logging Options on the side bar. A form is then displayed to configure the Access Log parameter.

    Change the location of the log file to the directory that you created in Step 7.

    For example, make the following changes to the log file.

    Log File: /var/pathname/http-instance/logs/access

12. Click Save to save your changes.

    Do not click Save and Apply-doing so starts iPlanet Web Server.

Where to Go From Here

If you have not installed the Sun Cluster HA for iPlanet Web Server packages from the Sun Cluster 3.0 Agents 12/01 CD-ROM, go to "Installing Sun Cluster HA for iPlanet Web Server Packages". Otherwise, go to "Registering and Configuring Sun Cluster HA for iPlanet Web Server".