In-House Training on HA
By rajeshr on May 02, 2008
There was an interesting observation on day 02 of this training program. I am mentioning it here, firmly believing that it would be one useful piece of information to someone wandering around in the blogosphere. During the process of Cluster Installation, while the second node in a two node-cluster was being configured using the scinstall command, precisely at a point when the cluster name was specified, the configuration kept failing. Upon running the snoop command specifying the hostnames of both the nodes, the following error was spotted:
sunc6 -> sunc5 PORTMAP C GETPORT prog=100145 (?) VERS=1 proto=TC
sunc5 ->sunc6 RPC R (#140) x10=1209249015 can't authenticate (unknown cause)
Thanks to the internal edition of sunsolve, we figured out that we could eliminate this error, magically, by changing the property config/local_only of the Solaris 10 Service rpcbind (FMRI: svc:/network/rpc/bind) to false.
svc:> select network/rpc/bind
svc:/network/rpc/bin> setprop config/local_only=false
# svcadm refresh network/rpc/bind:default
# svcprop network/rpc/bind:default | grep local_only
Things worked and I was happy about that. But then, how did this property (config/local_only) changed to true, allowing only local connections, in turn resulting in the configuration error during cluster installation? On the same day, at night I reviewed the Security By Default Design in Solaris Operating System and very soon realized that all such properties - like the one mentioned above in this paragraph - are set to true if one chooses NOT to enable network services for remote connections, a question that is asked while the installation of Solaris 10 Operating System. All was very clear. Let me leave you with an additional information revolving on the topic above: When one chooses to disable network services for remote clients in Solaris OS, the profile named generic.xml would be a symbolic link to generic_limited_net.xml found under /var/svc/profile, whereas if it is enabled, then generic.xml would be a symbolic link to generic_open.xml profile in the same directory. To know more about it, click here.
I'm taking the same course next week. Unlike the 99.999 % uptime expected from a Solaris Cluster set up, my job permits me a 'downtime' during the weekend and I really hope to have a peaceful and productive weekend. Wishing you all the same.