This chapter explains how to install and configure Sun Cluster HA for Alliance Gateway.
In the current version, SWIFTAlliance Gateway is renamed as Alliance Gateway. You can use the Sun Cluster HA for Alliance Access with both the product names.
This chapter contains the following sections.
Overview of Installing and Configuring Sun Cluster HA for Alliance Gateway
Planning the Sun Cluster HA for Alliance Gateway Installation and Configuration
Registering and Configuring the Sun Cluster HA for Alliance Gateway
Verifying the Sun Cluster HA for Alliance Gateway Installation and Configuration
Tuning the Sun Cluster HA for Alliance Gateway Fault Monitor
The Sun Cluster HA for Alliance Gateway data service provides a mechanism for orderly startup, shutdown, fault monitoring, switchover, and failover of the Sun Cluster data service.
Sun Cluster HA for Alliance Gateway provides software for fault monitoring by checking the status of the Alliance Gateway service. The values “running” and “partial” are considered healthy. Values other than these force a restart or failover to another node or zone in the cluster. By accepting a “partial” status, operators can temporarily disable portions of the service without informing the cluster. You do not need a user ID and password for monitoring.
For conceptual information about failover data services and scalable data services, see Sun Cluster Concepts Guide for Solaris OS.
Each component of Alliance Gateway has a data service that protects the component when the component is configured in a Sun Cluster environment. See the following table.
Table 1 Protection of Alliance Gateway Components
Component |
Protected by |
---|---|
SWIFTNet Link |
Sun Cluster HA for Alliance Gateway |
Alliance Gateway |
Sun Cluster HA for Alliance Gateway |
The following table summarizes the tasks for installing and configuring Sun Cluster HA for Alliance Gateway and provides cross-references to detailed instructions for performing these tasks. Perform the tasks in the order that they are listed in the table.
Table 2 Tasks for Installing and Configuring Sun Cluster HA for Alliance Gateway
Task |
Instructions |
---|---|
Plan the Alliance Gateway installation |
Planning the Sun Cluster HA for Alliance Gateway Installation and Configuration |
Install and configure Alliance Gateway | |
Install the Sun Cluster HA for Alliance Gateway packages | |
Register the Sun Cluster HA for Alliance Gateway data service and configure the cluster for the data service |
Registering and Configuring the Sun Cluster HA for Alliance Gateway |
Verify Sun Cluster HA for Alliance Gateway |
Verifying the Sun Cluster HA for Alliance Gateway Installation and Configuration |
Tuning the Sun Cluster HA for Alliance Gateway fault monitor |
Tuning the Sun Cluster HA for Alliance Gateway Fault Monitor |
(Optional) Debug Sun Cluster HA for Alliance Gateway |
This section contains the information that you need to plan your Sun Cluster HA for Alliance Gateway installation and configuration.
Before you begin, consult your Alliance Gateway documentation for configuration restrictions and requirements that are not imposed by Sun Cluster software. For information about restrictions that the Sun Cluster software imposes, see the Sun Cluster documentation.
The configuration restrictions in this section apply only to Sun Cluster HA for Alliance Gateway.
If your data service configuration does not conform to these restrictions, the data service configuration might not be supported.
For restrictions that apply to all data services, see Sun Cluster 3.2 11/09 Release Notes for Solaris OS.
Sun Cluster HA for Alliance Gateway supports Alliance Gateway version 5.0, 6.0, 6.1 and 6.3.
You can install the SWIFTNet Link and the Alliance Gateway software only on a failover file system. If WebSphereTM MQ client software is needed for the operation of Alliance Gateway, install WebSphere MQ client software on the local file system in the same path on each cluster node or zone that can master the resource group. The default path is /opt/mqm.
You cannot configure Sun Cluster HA for Alliance Gateway as a scalable data service.
The Sun Cluster HA for Alliance Gateway can be configured to run in a whole root or sparse root non-global zone for Sun Cluster HA for Alliance Gateway version 6.0, 6.1 or 6.3 if required.
The configuration requirements in this section apply only to Sun Cluster HA for Alliance Gateway.
If your data service configuration does not satisfy these requirements, the data service configuration might not be supported.
For requirements that apply to all data services, see Configuration Guidelines for Sun Cluster Data Services in Sun Cluster Data Services Planning and Administration Guide for Solaris OS.
You must configure Sun Cluster HA for Alliance Gateway as a failover data service.
Create the following groups with the same group ID on all cluster nodes or zones that can master the resource group: sagsnlg, swnetg.
# groupadd -g groupid1 swnetg |
# groupadd -g groupid2 sagsnlg |
Create the following user with the same user ID on all cluster nodes or zones that can master the resource group: swnet.
# useradd -u userid -g swnetg -d /home/swnet -s /usr/bin/ksh swnet |
On Solaris 10 – Create a Solaris project called swift on all cluster nodes or zones that can master the resource group.
# projadd -U swnet swift |
# projmod -s -K 'project.max-sem-ids=(privileged,1080,deny)' swift |
# projmod -s -K 'project.max-sem-nsems=(privileged,512,deny)' swift |
# projmod -s -K 'project.max-shm-memory=(privileged,4294967295,deny)' swift |
# projmod -s -K 'project.max-shm-ids=(privileged,1200,deny)' swift |
# projmod -s -K 'process.max-msg-qbytes=(privileged,10485760,deny)' swift |
# projmod -s -K 'process.max-msg-messages=(privileged,8192,deny)' swift |
The previous values are examples only. For more accurate values refer to the SWIFTNet Link and Alliance Gateway latest documentation release notes.
On Solaris 10 — Assign project swift as default project for swnet user by editing the /etc/user_attr file and adding the following line at the end of the file on all cluster nodes or zones that can master the resource group:
swnet::::project=swift |
On earlier versions of Solaris 10, refer to the SWIFTNet Link and Alliance Gateway latest documentation release notes for the required setup in the /etc/system directory on all cluster nodes.
The configuration considerations in the subsections that follow affect the installation and configuration of Sun Cluster HA for Alliance Gateway.
Configure Sun Cluster HA for Alliance Gateway to protect a Sun Cluster instance and its respective components. The following table outlines these components and their dependencies.
Table 3 Sun Cluster Components
Component |
Dependencies |
---|---|
Alliance Gateway This component includes the SWIFTNet Link instance. |
|
The Sun Cluster component has a configuration file and a registration script.
This configuration file contains settings to register the data service and the application in the Sun Cluster framework. |
|
This registration script enables you to register the data service. |
The /opt/SUNWscsag/etc/settings configuration file is obsolete and is no longer necessary for new data service registrations. All necessary variables are included in the /opt/SUNWscsag/util/sag_config configuration file. Resources that were registered prior to this change will still use the /opt/SUNWscsag/etc/settings configuration file.
Use the questions in this section to plan the installation and configuration of Sun Cluster HA for Alliance Gateway. Write the answers to these questions in the space that is provided on the data service worksheets in Configuration Worksheets in Sun Cluster Data Services Planning and Administration Guide for Solaris OS.
Do you have a SWIFTNet connection and an Internet connection? The installation requires a secure server from SWIFT.
Do you have your Alliance Gateway license key? If not, retrieve this information.
Do you have your Alliance Gateway installation documentation? If not, refer the documentation available in the Alliance Gateway CD-ROM.
Before you run Sun Cluster HA for Alliance Gateway as a failover data service, answer the following questions:
Where will the system configuration files reside?
See Configuration Guidelines for Sun Cluster Data Services in Sun Cluster Data Services Planning and Administration Guide for Solaris OS for the advantages and disadvantages of using the local file system instead of the cluster file system.
To enable Sun Cluster HA for Alliance Gateway to make Alliance Gateway highly available, additional installation and configuration operations are required. These operations supplement the standard installation and standard configuration of Alliance Gateway.
During a standard installation, Alliance Gateway is installed with a physical hostname. To enable Alliance Gateway to run in a cluster, you must modify Alliance Gateway to use a logical hostname.
For information about the standard installation and standard configuration of Alliance Gateway, see the appropriate documentation available in the Alliance Gateway CD-ROM.
To perform this procedure, you need the server root directory (the path to the application binaries). You can install the binaries on the local disks or on the cluster file system. For a discussion of the advantages and disadvantages of each location, see Chapter 1, Planning for Sun Cluster Data Services, in Sun Cluster Data Services Planning and Administration Guide for Solaris OS.
Create a resource group for Alliance Gateway.
# clresourcegroup create [-n node-zone-list] sag-rg |
Specifies a comma-separated, ordered list of zones that can master the resource group. The format of each entry in the list is node. In this format, node specifies the node name and zone specifies the name of a non-global Solaris zone. To specify the global zone, or to specify a node without non-global zones, specify only node. This list is optional. If you omit this list, the global zone of each cluster node can master the resource group.
Create a logical host.
A logical host is required before you install Alliance Gateway.
Create the device group and file systems.
Although you can use a global file system, create an HAStoragePlus failover resource to contain the Alliance Gateway application and configuration data.
To create a device group and a file system for Alliance Gateway, see Planning the Global Devices, Device Groups, and Cluster File Systems in Sun Cluster Software Installation Guide for Solaris OS.
To create an HAStoragePlus failover resource, see Enabling Highly Available Local File Systems in Sun Cluster Data Services Planning and Administration Guide for Solaris OS.
This procedure uses /swift as the path that contains the Alliance Gateway application and configuration data.
# clresource create -g sag-rg \ -t SUNW.HAStoragePlus -x filesystemMountPoints=/swift sag-ds |
Bring the resource group online to enable the IP address and access to the storage.
# clresourcegroup online -M sag-rg |
Create the following directories and symbolic links before the installation.
Without these symbolic links, the Alliance Gateway application will not be installed in the correct location. You must install the Alliance Gateway application in the correct location to ensure failover capabilities.
Perform this procedure on the node where the resource group for Alliance Gateway is online.
# mkdir -p /swift/etc/opt/swnet # chown root:swnetg /swift/etc/opt/swnet # chmod -R 0555 /swift/etc # chmod 0775 /swift/etc/opt/swnet # mkdir -p /swift/var/opt/swnet # chown root:swnetg /swift/var/opt/swnet # chmod -R 0555 /swift/var # chmod 0775 /swift/var/opt/swnet # mkdir -p /swift/home/swnet # chown swnet:swnetg /swift/home/swnet |
Perform this procedure on all cluster nodes.
# ln -s /swift/home/swnet /home/swnet # ln -s /swift/etc/opt/swnet /etc/opt/swnet # ln -s /swift/var/opt/swnet /var/opt/swnet |
Install the WebSphere MQ client packages, if required.
WebSphere MQ client software is software that guarantees and load-balances connections between the gateway and remote SWIFTNet Link systems. If you chose this type of Alliance Gateway installation and have the appropriate license, install the WebSphere MQ client packages. The WebSphere MQ client package must be installed locally by using the same installation directory on all cluster nodes or zones that can master the resource group.
You must install SWIFTNet Link on the node or zone where the resource group for Alliance Gateway is online. You must also install SWIFTNet Link in the directory on the file system managed by the HAStoragePlus resource that you created in Step 3.
Follow the instructions in your SWIFTNet Link documentation. To refer the SWIFTNet Link documentation, obtain the SWIFTNet Link CD-ROM.
Specify the directory on which to install the failover data service: /swift/snl.
Install any patches for SWIFTNet Link, if required.
The Hardware Security Module (HSM) Installation/Configuration wizard starts up automatically when you click Finish at the end of SWIFTNet Link installation. Click Cancel to exit the HSM Installation/Configuration wizard.
Verify that connectivity with SWIFTNet Switch is established by running the SWIFTNet Link selftest command. For more information, see SWIFTNet Admin Services: Operational Interface on the Alliance Gateway CD-ROM.
Stop the SWIFTNet Link instance by running the SWIFTNet Link stop command.
Configure and register HSM on the primary node as follows.
Log on to the primary node or zone as the SWIFTNet Link instance owner with the swnet account.
Run the following command:
# perl SwHSMDiskClone.pl -a SETUP |
Log off.
Log on as the SWIFTNet Link instance owner with the swnet account.
Use the HSM administration tool SwHSM to configure and register the HSM boxes connected to the primary node. See the SWIFTNet Link Installation and Administration Guide for UNIX for details.
During the configuration and registration of the HSM, you must enter the boot IP address of the primary node in the SWIFTNet Link host IP address field of the Register screen. This source IP address is used to establish the connection. Do not use the logical host address that is used by the service.
Register HSM on the secondary node or zone.
Switch the resource group for Alliance Gateway to the secondary node or zone.
# clresourcegroup switch -n node2 sag-rg |
Log on to the secondary node as the SWIFTNet Link instance owner with the swnet account.
Run the following command:
# perl SwHSMDiskClone.pl -a SETUP |
Log off.
Log on as the SWIFTNet Link instance owner with the swnet account.
Use the HSM administration tool SwHSM to register the HSM boxes connected to the secondary node or zone. See the SWIFTNet Link Installation and Administration Guide for UNIX for details.
During the registration of the HSM, you must enter the boot IP address of the secondary node or zone in the SWIFTNet Link host IP address field of the Register screen. This source IP address is used to establish the connection. Do not use the logical host address that is used by the service.
You must be aware that the only difference between Step 8 and this step is that you configure and register the HSM on the first node or zone in Step 8, whereas you only register the HSM on the secondary node or zone in this step.
Install Alliance Gateway software.
You must install Alliance Gateway on the node or zone where the resource group for Alliance Gateway is online. You must also install Alliance Gateway in a directory on the file system managed by the HAStoragePlus resource that you created in Step 3. In this procedure, /swift/SWIFTAlliance/Gateway is being used as the directory. You might install the Alliance Gateway patches, if necessary.
Follow the instructions in your Alliance Gateway documentation. To refer the Alliance Gateway documentation, obtain the Alliance Gateway CD-ROM.
Use the logical IP address as the IP with which the Alliance Gateway software communicates with remote hosts.
Synchronize all nodes or zones with installation-specific changes to user files and system files.
The ~root/vpd.properties directory has been replaced by the ~root/InstallShield directory structure. This directory structure needs to be copied on all cluster nodes or zones that can master the resource group. It enables you to install patches in the future. Moreover, after every SWIFTNet Link or Alliance Gateway patches installation or uninstallation, the synchronization of the ~root/InstallShield directory has to be redone.
Add all entries in /etc/system and /etc/services added by the installation on the first node to the secondary node or zone that can master the resource group. The entries in /etc/system must be applied to the global zone.
Go to How to Verify the Alliance Gateway Installation and Configuration.
Perform this procedure on each node or zone that can master the Alliance Gateway resource group.
Log in as superuser to a node or zone that can master the Alliance Gateway resource group.
Switch the Alliance Gateway resource group to the node or zone that you logged in to in Step 1.
# clresourcegroup switch -h node sag-rg |
Specifies that the Alliance Gateway resource group is to be switched to another node or zone
Specifies the node or node:zone to which the Alliance Gateway resource group is to be switched
Confirm that the Alliance Gateway instance can be started.
# su - swnet $ cd /swift/SWIFTAlliance/Gateway/bin $ ./sag_bootstrap -startsag start $ ./sag_system -- status system |
The application starts successfully if the preceding command returns a started status. This status indicates that the Alliance Gateway is operational.
Create another Alliance Gateway operator with an operating profile that contains only the functions to start and stop the application.
Confirm that the Alliance Gateway instance can be stopped.
# su - swnet $ cd /swift/SWIFTAlliance/Gateway/bin $ ./sag_bootstrap stop |
Go to Installing the Sun Cluster HA for Alliance Gateway Packages.
If you did not install the Sun Cluster HA for Alliance Gateway packages during your initial Sun Cluster installation, perform this procedure to install the packages. To install the packages, use the Sun JavaTM Enterprise System Installation Wizard.
You need to install the Sun Cluster HA for Alliance Gateway packages in the global cluster and not in the zone cluster.
Perform this procedure on each cluster node where you are installing the Sun Cluster HA for Alliance Gateway packages.
You can run the Sun Java Enterprise System Installation Wizard with a command-line interface (CLI) or with a graphical user interface (GUI). The content and sequence of instructions in the CLI and the GUI are similar.
Even if you plan to configure this data service to run in non-global zones, install the packages for this data service in the global zone. The packages are propagated to any existing non-global zones and to any non-global zones that are created after you install the packages.
Ensure that you have the Sun Java Availability Suite DVD-ROM.
If you intend to run the Sun Java Enterprise System Installation Wizard with a GUI, ensure that your DISPLAY environment variable is set.
On the cluster node where you are installing the data service packages, become superuser.
Load the Sun Java Availability Suite DVD-ROM into the DVD-ROM drive.
If the Volume Management daemon vold(1M) is running and configured to manage DVD-ROM devices, the daemon automatically mounts the DVD-ROM on the /cdrom directory.
Change to the Sun Java Enterprise System Installation Wizard directory of the DVD-ROM.
Start the Sun Java Enterprise System Installation Wizard.
# ./installer |
When you are prompted, accept the license agreement.
If any Sun Java Enterprise System components are installed, you are prompted to select whether to upgrade the components or install new software.
From the list of Sun Cluster agents under Availability Services, select the data service for Alliance Gateway.
If you require support for languages other than English, select the option to install multilingual packages.
English language support is always installed.
When prompted whether to configure the data service now or later, choose Configure Later.
Choose Configure Later to perform the configuration after the installation.
Follow the instructions on the screen to install the data service packages on the node.
The Sun Java Enterprise System Installation Wizard displays the status of the installation. When the installation is complete, the wizard displays an installation summary and the installation logs.
(GUI only) If you do not want to register the product and receive product updates, deselect the Product Registration option.
The Product Registration option is not available with the CLI. If you are running the Sun Java Enterprise System Installation Wizard with the CLI, omit this step.
Exit the Sun Java Enterprise System Installation Wizard.
Unload the Sun Java Availability Suite DVD-ROM from the DVD-ROM drive.
Go to Registering and Configuring the Sun Cluster HA for Alliance Gateway.
This section contains the procedures that you need to configure Sun Cluster HA for Alliance Gateway.
To enable Sun Cluster HA for Alliance Gateway to make Alliance Gateway highly available, configure the Sun Cluster HA for Alliance Gateway data service as a failover data service.
Before you perform this procedure, ensure that the Sun Cluster HA for Alliance Gateway data service packages are installed.
Use this procedure to configure the Sun Cluster HA for Alliance Gateway data service as a failover service.
Become superuser on one of the nodes in the cluster that is the host for Alliance Gateway.
Register the SUNW.gds resource type.
# clresourcetype register SUNW.gds |
Register the SUNW.HAStoragePlus resource type.
# clresourcetype register SUNW.HAStoragePlus |
Create the failover resource group.
# clresourcegroup create [-n node-zone-list] sag-rg |
Specifies a comma-separated, ordered list of zones that can master the resource group. The format of each entry in the list is node. In this format, node specifies the node name and zone specifies the name of a non-global Solaris zone. To specify the global zone, or to specify a node without non-global zones, specify only node. This list is optional. If you omit this list, the global zone of each cluster node can master the resource group.
Create a resource for the Sun Cluster Disk Storage.
# clresource create -g sag-rg \ -t SUNW.HAStoragePlus \ -x FilesystemMountPoints=/swift sag-ds-rs |
Specifies that the resource that you are creating is named sag-ds-rs.
Specifies that the resource is to be added to the Alliance Gateway resource group.
Specifies a list of valid mount points for the file system.
Create a resource for the Sun Cluster logical hostname.
# clreslogicalhost create -g sag-rg \ -h gatewayhostname sag-lh-rs |
Enable the failover resource that contains the Sun Cluster Disk Storage and the Logical hostname resources.
# clresourcegroup online -eM sag-rg |
Create a resource for Alliance Gateway.
Change the variables in the /opt/SUNWscsag/util/sag_config file.
For information about this file, see Configuration Files and Registration Script.
Run the registration script to register the data service and application.
For information about this script, see Configuration Files and Registration Script.
# /opt/SUNWscsag/util/sag_register |
Enable the Alliance Gateway resource.
# clresource enable sag-resource-rs |
Go to Verifying the Sun Cluster HA for Alliance Gateway Installation and Configuration.
This section contains the procedure to verify that you installed and configured your data service properly.
Become superuser on one of the nodes or zones in the cluster that hosts Alliance Gateway.
Ensure that all the Sun Cluster resources are online.
# cluster status # clresource enable resource |
Move the Sun Cluster resource group to another cluster node or zone, such as node1.
# clresource group switch -h node1 sag-rg |
Ensure that Alliance Gateway stopped on node1 and that the application started on another node or zone, such as node2.
When using a failover file system, the file system disappears on node1 and mounts on node2.
Go to Tuning the Sun Cluster HA for Alliance Gateway Fault Monitor.
Sun Cluster HA for Alliance Gateway provides software for fault monitoring by checking the status of the Alliance Gateway service. The values “running” and “partial” are considered healthy. Values other than these force a restart or failover to another node in the cluster. By accepting a “partial” status, operators can temporarily disable portions of the service without informing the cluster. You do not need a user ID and password for monitoring.
The Sun Cluster HA for Alliance Gateway fault monitor is contained in the resource that represents Alliance Gateway. You create this resource when you register and configure Sun Cluster HA for Alliance Gateway. For more information, see Registering and Configuring the Sun Cluster HA for Alliance Gateway.
System properties and extension properties of this resource control the behavior of the fault monitor. The default values of these properties determine the preset behavior of the fault monitor. The preset behavior should be suitable for most Sun Cluster installations. Therefore, tune the Sun Cluster HA for Alliance Gateway fault monitor only if you need to modify this behavior.
Tuning the Sun Cluster HA for Alliance Gateway fault monitor involves the following tasks:
Setting the interval between fault monitor probes
Setting the timeout for fault monitor probes
Defining the criteria for persistent faults
Specifying the failover behavior of a resource
Perform these tasks when you register and configure Sun Cluster HA for Alliance Gateway. For more information, see the following sections:
Sun Cluster HA for Alliance Gateway has an option file in /opt/SUNWscsag/etc directory that enables you to set a debug flag.
Normally, the debug information for Sun Cluster software does not reside in the log files. You must edit the syslog.conf file to enable logging of messages of level debug. You can edit the syslog.conf to log those messages in another file.
Edit the /etc/syslog.conf file.
Change daemon.notice to daemon.debug.
The following output from the grep daemon /etc/syslog.conf command shows that daemon.debug has not been set.
grep daemon /etc/syslog.conf *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages *.alert;kern.err;daemon.err operator |
Restart syslogd.
# pkill -1 syslogd |
The syslogd command forces syslog to reread its configuration file and account for changes.
The following output from the grep daemon /etc/syslog.conf command shows that daemon.debug has been set.
grep daemon /etc/syslog.conf *.err;kern.debug;daemon.debug;mail.crit /var/adm/messages *.alert;kern.err;daemon.err operator |
Edit the /opt/SUNWscsag/etc/config file.
Change the line DEBUG= to DEBUG=ALL or DEBUG=resource.