Go to main content

Oracle^® VM Server for SPARC 3.5 Administration Guide

Exit Print View

» ...Documentation Home » Oracle VM Server for SPARC 3.5 Documentation ... » Oracle^® VM Server for SPARC 3.5 ... » Migrating Domains » Security for Migration Operations » Configuring SSL Certificates for Migration

Updated: November 2017

Oracle^® VM Server for SPARC 3.5 Administration Guide

Document Information

Using This Documentation

Chapter 1 Overview of the Oracle VM Server for SPARC Software

Chapter 2 Oracle VM Server for SPARC Security

Chapter 3 Setting Up Services and the Control Domain

Chapter 4 Setting Up Guest Domains

Chapter 5 Using Domain Consoles

Chapter 6 Configuring I/O Domains

Chapter 7 Creating a Root Domain by Assigning PCIe Buses

Chapter 8 Creating an I/O Domain by Using PCIe SR-IOV Virtual Functions

Chapter 9 Creating an I/O Domain by Using Direct I/O

Chapter 10 Using Non-primary Root Domains

Chapter 11 Using Virtual Disks

Chapter 12 Using Virtual SCSI Host Bus Adapters

Chapter 13 Using Virtual Networks

Chapter 14 Migrating Domains

Introduction to Domain Migration

Overview of a Migration Operation

Software Compatibility

Security for Migration Operations

Configuring SSL Certificates for Migration

How to Configure SSL Certificates for Migration

Removing SSL Certificates

FIPS 140-2 Mode for Domain Migration

How to Run Logical Domains Manager in FIPS 140-2 Mode

How to Revert the Logical Domains Manager to the Default Mode From FIPS 140-2 Mode

Domain Migration Restrictions

Version Restrictions for Migration

Migration Restrictions for Setting perf-counters

Migration Restrictions for Setting linkprop=phys-state

Migration Restrictions for Domains That Have a Large Number of Virtual Devices

Migration Restrictions for Silicon Secured Memory Servers

Migrating a Domain

Performing a Dry Run

Performing Non-Interactive Migrations

Migrating an Active Domain

Domain Migration Requirements for CPUs

Migration Requirements for Memory

Migration Requirements for Physical I/O Devices

Migration Requirements for Virtual I/O Devices

Migration Requirements for Cryptographic Units

Migrating While a Delayed Reconfiguration Is Active

Migrating While an Active Domain Has the Power Management Elastic Policy in Effect

Operations on Other Domains

Migrating a Domain From the OpenBoot PROM or a Domain That Is Running in the Kernel Debugger

Migrating a Domain That Uses Named Resources

Migrating Bound or Inactive Domains

Migration Requirements for Virtual I/O Devices

Migration Requirements for PCIe Endpoint Devices

Migration Requirements for PCIe SR-IOV Virtual Functions

Migrating a Domain That Has an SR-IOV Ethernet Virtual Function Assigned

How to Prepare a Domain With an SR-IOV Ethernet Virtual Function for Migration

How to Prepare a Target Machine to Receive a Domain With an SR-IOV Ethernet Virtual Function

Monitoring a Migration in Progress

Canceling a Migration in Progress

Recovering From a Failed Migration

Saving Post-Migration SP Configurations Automatically

Migration Examples

Chapter 15 Managing Resources

Chapter 16 Managing SP Configurations

Chapter 17 Handling Hardware Errors

Chapter 18 Performing Other Administration Tasks

Appendix A Using Power Management

Language:

Configuring SSL Certificates for Migration

To perform certificate-based authentication, use the –c option with the ldm migrate-domain command. This option is mutually exclusive with the password file and alternate user options. If the –c option is not specified, the migration operation performs password authentication.

How to Configure SSL Certificates for Migration

To configure SSL certificates, you must perform the steps in this task on the control domain of the source machine.

Create the /var/share/ldomsmanager/trust directory if it does not already exist.
```
source:primary# mkdir /var/share/ldomsmanager/trust
```
Copy the ldmd certificate from the target server to the local trusted certificate directory.
The remote ldmd certificate is the /var/share/ldomsmanager/server.crt on the remote host. The local ldmd trusted certificate directory is /var/share/ldomsmanager/trust. Rename the remote certificate file target-hostname.pem, for example tgt-primary.pem.
Create a symbolic link from the certificate in the trusted certificate directory to the /etc/certs/CA directory.
```
source:primary# ln -s /var/share/ldomsmanager/trust/tgt-primary.pem /etc/certs/CA/
```

Restart the svc:/system/ca-certificates service.

source:primary# svcadm restart svc:/system/ca-certificates

Verify that the configuration is correct.

source:primary# openssl verify /var/share/ldomsmanager/trust/tgt-primary.pem
/var/share/ldomsmanager/trust/tgt-primary.pem: ok

Verify that the ca-certificates service is online.

Restart or enable the service if required.

source:primary# svcs ca-certificates
/var/share/ldomsmanager/trust/tgt-primary.pem: ok
STATE        STIME    FMRI
online       0:22:38  svc:/system/ca-certificates:default

Restart the ldmd daemon.
```
source:primary# svcadm restart ldmd
```
Repeat these steps on the target server.

Copyright © 2007, 2017, Oracle and/or its affiliates. All rights reserved.