Oracle^® Solaris Cluster Data Service for Oracle VM Server for SPARC Guide

SPARC: How to Configure HA for Oracle VM Server

Before You Begin

Install the data service packages during your initial Oracle Solaris Cluster installation.

If you did not install the HA for Oracle VM Server packages as part of your initial Oracle Solaris Cluster installation, go to Installing the HA for Oracle VM Server Package.

1. Assume the root role or a role that provides solaris.cluster.modify and solaris.cluster.admin authorization on the node in the cluster that hosts the Oracle VM Server for SPARC logical domain.
2. Register the SUNW.ldom resource type.

   # clresourcetype register SUNW.ldom

3. (Optional) You can plan to use the live migration with or without the use of SSL certificates.
   • If you plan to use live migration with SSL certificates, for resource type version 8 or later, you must use the SSL certificates authentication for the live migration of guest domain. You must first configure the SSL certificates on all potential primary nodes of the resource group that will contain the resource type SUNW.ldom:8 or later. To perform SSL certificates authentication, you must set the value of the Use_SSL_Certificate=TRUE.

     For more details, see Configuring SSL Certificates for Migration.

   • (Optional) If you plan to use live migration without using SSL certificates, configure the password.
     • For the resource type version 6 or later, create a private string named resourcegroup_resource_ldompasswd to store the target host password that is required for guest domain migration.

       Type the following command on any one node in the cluster:

       # /usr/cluster/bin/clpstring create -b rsname \
       -t rgname_rsname_ldompasswd
       Enter string value:
       Enter string value again:
       

       where rgname and rsname are the resource group and resource name for the SUNW.ldom resource that is created.

     • For resource type version 5 or earlier, the Password_file property is required during resource creation. Create a password file owned by root with read only permission to store the target host password required for guest domain migration.

       Type the following command on each of the Oracle Solaris Cluster nodes that would host the logical domain resource:

       # echo password > /var/cluster/.ldg1_passwd 
       # /usr/bin/chown root:root /var/cluster/.ldg1_passwd
       # /usr/bin/chmod 400 /var/cluster/.ldg1_passwwd

       where /var/cluster/.ldg1_passwd is the password file for guest domain ldg1. password is the target node root password used for live migration.

4. Create an Oracle VM Server for SPARC logical domain resource in the failover resource group.
   • If you are not using live migration, set Migration_type=NORMAL during resource creation and do not specify the Password_file property.

     # clresource create -g ldg1-rg \
     -t SUNW.ldom \
     -p Domain_name=ldg1 \
     -p Miration_type=NORMAL \
     -p Resource_dependencies_offline_restart=ldg1-hasp-rs \
     ldg1

   • If you are using live migration, set Migration_type=MIGRATE during resource creation and specify Password_file for resource type version 5 or earlier.

     ---

     Note -  The Password_file property is obsolete for resource type version 6 or later.

     ---

     For resource type version 5 or earlier, type the following command:

     # clresource create -g ldg1-rg \
     -t SUNW.ldom \
     -p Domain_name=ldg1 \
     -p Miration_type=MIGRATE \
     -p Password_file=/var/cluster/.ldg1_passwd \
     -p Resource_dependencies_offline_restart=ldg1-hasp-rs \
     ldg1

     ---

     Note -  The Use_SSL_Certificate property is only available for resource type version 8 or later. If you have configured both SSL certificates mechanism and private string mechanism for live migration, the value of Use_SSL_Certificate decides which mechanism to use.

     ---

     For resource type version 6 or later, type the following command:

     # clresource create -g ldg1-rg \
     -t SUNW.ldom \
     -p Domain_name=ldg1 \
     -p Miration_type=MIGRATE \
     -p Resource_dependencies_offline_restart=ldg1-hasp-rs \
     ldg1

5. For resource type version 5 or earlier, if an encrypted password is required for the logical domain migration, you must do the following:
   1. Insert the word encrypted into the file you specify with the Password_file extension property when creating the resource.

      # echo "encrypted" > /var/cluster/.ldg1_passwd

   2. Assume the root role and create an encrypted password.

      In the following example, the root password for the primary domain, password, is being encrypted and ldg1 reflects the logical domain name.

      node1# dd if=/dev/urandom of=/var/cluster/ldom_key bs=16 count=1
      node1# chmod 400 /var/cluster/ldom_key
      node1# echo password | /usr/sfw/bin/openssl enc -aes128 -e \
      -pass file:/var/cluster/ldom_key -out /opt/SUNWscxvm/.ldg1_passwd
      node1# chmod 400 /opt/SUNWscxvm/.ldg1_passwd

   3. Verify that the encrypted password can be decrypted.

      node1# /usr/sfw/bin/openssl enc -aes128 -d -pass file:/var/cluster/ldom_key \
      -in /opt/SUNWscxvm/.ldg1_passwd

   4. Repeat the preceding steps on all Oracle Solaris Cluster nodes that host the logical domain service.
   5. Create or update the resource and set the Password_file property to the path provided in Step a.

      ---

      Note -  You can perform this step only when the resource is disabled.

      ---

      # clresource set -p Password_file=/var/cluster/.ldg1_passwd LDom-guest-domain-resource

6. Enable each logical domain resource.

   Repeat this step for each logical domain instance, if multiple instances were created.

   # clresource status
   # clresource enable logical-guest-domain-resource