1. Installing and Configuring Oracle Solaris Cluster for Kerberos
Oracle Solaris Cluster HA for Kerberos
Installing and Configuring Oracle Solaris Cluster HA for Kerberos
Configuring Oracle Solaris Cluster HA for Kerberos in Non-Global Zones
How to Configure Oracle Solaris Cluster HA for Kerberos in Non-Global Zones
Installing the Oracle Solaris Cluster HA for Kerberos Packages
How to Install the Oracle Solaris Cluster HA for Kerberos Packages
Registering and Configuring Oracle Solaris Cluster HA for Kerberos
How to Register and Configure Oracle Solaris Cluster HA for Kerberos
How to Configure the HAStoragePlus Resource Type
Tuning the Oracle Solaris Cluster HA for Kerberos Fault Monitor
Operations by the Fault Monitor During a Probe
Verifying Oracle Solaris Cluster HA for Kerberos Installation and Configuration
How to Verify Oracle Solaris Cluster HA for Kerberos Installation and Configuration
You can configure the Oracle Solaris Cluster HA for Kerberos service within a non-global zone on Solaris 10 and later versions of the operating system. Given that all the realm's keys are stored in the KDC's principal database, it is helpful to compartmentalize access to system resources, such as file systems, into a non-global zone.
Note - Oracle Solaris Cluster software allows you to create different zones on the same node in which to deploy the Kerberos failover resources, but to provide high availability, create the zones deploying Kerberos failover resources on different nodes.
Note - Kerberos data service is supported on a sparse root non-global zone.
Perform this procedure only if you want to configure the Oracle Solaris Cluster HA for Kerberos service within a non-global zone.
Note - Configuring the Oracle Solaris Cluster HA for Kerberos service in a global zone is similar to Installing Kerberos on a node.
If you do not want to configure the Oracle Solaris Cluster HA for Kerberos service within a non-global zone, do not perform this procedure. Instead, go to Installing Kerberos.
This procedure is written for use on a global file system. In this procedure, the following parameters are used:
Global zone: global
Non-global zone: sparse_zone
Global file system: /global/fs
sparse_zone# mkdir -p /global/fs
global# zonecfg -z sparse_zone
zonecfg:sparse_zone> add fs zonecfg:sparse_zone:fs> set dir=/global/fs zonecfg:sparse_zone:fs> set special=/global/fs zonecfg:sparse_zone:fs> set type=lofs zonecfg:sparse_zone:fs> end zonecfg:sparse_zone> verify zonecfg:sparse_zone> commit zonecfg:sparse_zone> exit
global# zoneadm -z sparse_zone reboot
Where /global/fs is a global file system that has already been configured in the global zone.
Note - The non-global zone's path must be identical to the path of the global zone.
Note - To simplify cluster administration, use the same non-global zone name on each node, where resource groups are to be brought online in the non-global zone.
Next Steps
When you have configured the file system on all the non-global zones, go to How to Install Kerberos. Perform the steps in that procedure in the non-global rather than the global zone.