Friday May 02, 2008

In-House Training on HA

This week I completed an in-house training on Solaris Cluster at my office here in Bangalore. For quite some time, I had kept myself away from Sun Cluster courses until recently, when I handled a cluster batch for one of our prime customers. Like I said before, the concepts of cluster are too interesting to be away from it for long. And as usual, I enjoyed five lively days of my life with the folks whom you would see in the picture below:



There was an interesting observation on day 02 of this training program. I am mentioning it here, firmly believing that it would be one useful piece of information to someone wandering around in the blogosphere. During the process of Cluster Installation, while the second node in a two node-cluster was being configured using the scinstall command, precisely at a point when the cluster name was specified, the configuration kept failing. Upon running the snoop command specifying the hostnames of both the nodes, the following error was spotted:

sunc6 -> sunc5 PORTMAP C GETPORT prog=100145 (?) VERS=1 proto=TC
sunc5 ->sunc6 RPC R (#140) x10=1209249015 can't authenticate (unknown cause)


Thanks to the internal edition of sunsolve, we figured out that we could eliminate this error, magically, by changing the property config/local_only of the Solaris 10 Service rpcbind (FMRI: svc:/network/rpc/bind) to false.

# svccfg
svc:> select network/rpc/bind
svc:/network/rpc/bin> setprop config/local_only=false
svc:/network/rpc/bind> quit
# svcadm refresh network/rpc/bind:default
# svcprop network/rpc/bind:default | grep local_only

Things worked and I was happy about that. But then, how did this property (config/local_only) changed to true, allowing only local connections, in turn resulting in the configuration error during cluster installation? On the same day, at night I reviewed the Security By Default Design in Solaris Operating System and very soon realized that all such properties - like the one mentioned above in this paragraph - are set to true if one chooses NOT to enable network services for remote connections, a question that is asked while the installation of Solaris 10 Operating System. All was very clear. Let me leave you with an additional information revolving on the topic above: When one chooses to disable network services for remote clients in Solaris OS, the profile named generic.xml would be a symbolic link to generic_limited_net.xml found under /var/svc/profile, whereas if it is enabled, then generic.xml would be a symbolic link to generic_open.xml profile in the same directory. To know more about it, click here.

I'm taking the same course next week. Unlike the 99.999 % uptime expected from a Solaris Cluster set up, my job permits me a 'downtime' during the weekend and I really hope to have a peaceful and productive weekend. Wishing you all the same.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today
Bookmarks