Before You Begin
Install the data service packages during your initial Oracle Solaris Cluster installation.
If you did not install the HA for Oracle VM Server packages as part of your initial Oracle Solaris Cluster installation, go to Installing the HA for Oracle VM Server Package.
# clresourcetype register SUNW.ldom
Type the following command on any one node in the cluster:
# /usr/cluster/bin/clpstring create -b resource-name \ -t resource resourcegroup-resource-ldompasswd Enter string value: Enter string value again:
where resourcegroup and resource are the resource group and resource name for the SUNW.ldom resource that is created.
Create a password file owned by root with read only permission to store the target host password required for guest domain migration.
Type the following commands on each of the Oracle Solaris Cluster nodes that would host the logical domain resource, where /var/cluster/.ldg1_passwd is the password file for guest domain ldg1, and password is the target node root password used for live migration:
# echo password > /var/cluster/.ldg1_passwd # /usr/bin/chown root:root /var/cluster/.ldg1_passwd # /usr/bin/chmod 400 /var/cluster/.ldg1_passwwd
Assume you have two nodes that could host the guest domain, node1 and node2. Setup a passwordless login through SSH between node1 and the LDom Guest (ldg1) and node2 and the LDom Guest (ldg1), or a user of your choice. The example below uses root as the user.
root@node1:~# id uid=0(root) gid=0(root) root@node1:~# pwd /root root@node1:~# mkdir .ssh root@node1:~# chmod 700 .ssh root@node1:~# cd .ssh . Repeat the above for node2. . Then on node1. . Note: we will NOT specify a passphrase. . root@node1:~# pwd /root/.ssh root@node1:~# root@node1:~# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: e6:63:c9:71:fe:d1:8f:71:77:70:97:25:2a:ee:a9:33 root@node1 root@node1:~# root@node1:~# cat id_rsa.pub >> authorized_keys root@node1:~# chmod 600 authorized_keys root@node1:~# scp authorized_keys node2:/root/.ssh The authenticity of host `pnode2 (n.n.n.n )' can't be established. RSA key fingerprint is 4d:d3:84:72:44:fe:0c:48:a7:76:fb:7d:65:c4:da:a9. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ¿node2,n.n.n.n' (RSA) to the list of known hosts. Password: authorized_keys 100% |***************************************************************************** ************| 223 00:00 root@node1:~# . Then on node2. . root@node2:~# pwd /root/.ssh root@node2:~# root@node2:~# ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: e6:63:c9:71:fe:d1:8f:71:77:70:97:25:2a:ee:a9:33 root@node1 root@node2:~# root@node2:~# cat id_rsa.pub >> authorized_keys root@node2:~# chmod 600 authorized_keys . Then copy authorized_keys from node2 to the LDom guest domain, which here is named ldg1. . root@node2:~# scp authorized_keys ldg1:/root/.ssh The authenticity of host `ldg1 (n.n.n.n )' can't be established. RSA key fingerprint is 4d:d3:84:72:44:fe:0c:48:a7:76:fb:7d:65:c4:da:a9. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ¿node2,n.n.n.n' (RSA) to the list of known hosts. Password: authorized_keys 100% |***************************************************************************** ************| 223 00:00 root@node2:~# . Then verify that both node1 and node2 can login using SSH without a password. . root@node1:~# ssh -l root -i /root/.ssh/id_rsa ldg1 svcs -H -o state multi-user-server online root@node1:~# . root@node2:~# ssh -l root -i /root/.ssh/id_rsa ldg1 svcs -H -o state multi-user-server online root@node2:~#
# clresource create -g ldg1-rg \ -t SUNW.ldom \ -p Domain_name=ldg1 \ -p Migration_type=NORMAL \ -p Resource_dependencies_offline_restart=ldg1-hasp-rs \ [-p Plugin_probe="/opt/SUNWscxvm/bin/ppkssh -P root:/root/.ssh/id_rsa:ldg1:multi-user-server:online"] \ ldg1
For resource type version 5 or earlier, type the following command:
# clresource create -g ldg1-rg \ -t SUNW.ldom \ -p Domain_name=ldg1 \ -p Migration_type=MIGRATE \ -p Password_file=/var/cluster/.ldg1_passwd \ -p Resource_dependencies_offline_restart=ldg1-hasp-rs \ [-p Plugin_probe="/opt/SUNWscxvm/bin/ppkssh -P root:/root/.ssh/id_rsa:ldg1:multi-user-server:online"] \ ldg1
For resource type version 6 or later, type the following command:
# clresource create -g ldg1-rg \ -t SUNW.ldom \ -p Domain_name=ldg1 \ -p Migration_type=MIGRATE \ -p Resource_dependencies_offline_restart=ldg1-hasp-rs \ [-p Plugin_probe="/opt/SUNWscxvm/bin/ppkssh -P root:/root/.ssh/id_rsa:ldg1:multi-user-server:online"] \ ldg1
# echo "encrypted" > /var/cluster/.ldg1_passwd
In the following example, the root password for the primary domain, password, is being encrypted and ldg1 reflects the logical domain name.
node1# dd if=/dev/urandom of=/var/cluster/ldom_key bs=16 count=1 node1# chmod 400 /var/cluster/ldom_key node1# echo password | /usr/sfw/bin/openssl enc -aes128 -e \ -pass file:/var/cluster/ldom_key -out /opt/SUNWscxvm/.ldg1_passwd node1# chmod 400 /opt/SUNWscxvm/.ldg1_passwd
node1# /usr/sfw/bin/openssl enc -aes128 -d -pass file:/var/cluster/ldom_key \ -in /opt/SUNWscxvm/.ldg1_passwd
# clresource set -p Password_file=/var/cluster/.ldg1_passwd LDom-guest-domain-resource
Repeat this step for each logical domain instance, if multiple instances were created.
# clresource status # clresource enable logical-guest-domain-resource