ADSM-L

ADSM Client and HACMP/Veritas HA

1998-09-09 16:43:05
Subject: ADSM Client and HACMP/Veritas HA
From: Alan White <arw AT TIPPER.DEMON.CO DOT UK>
Date: Wed, 9 Sep 1998 21:43:05 +0100
Has anyone successfully implemented the ADSM client on machines in a UNIX
cluster with password expiry turned on?

If we simply install the ADSM client software on each machine as a different
ADSM node there is no problem as long as the clustering software does not
change the hostname. If the hostname changes then the client deletes the
file containing the encrypted password and prompts for the password again
even if it hasn't changed. Sort of implies the hostname is part of the
encryption key which seems reasonable under regular conditions as it would
prevent the admin picking up the encrypted key file and using it on another
machine.

Additional problem with this approach is that if some filesystems are
sometimes on one node and sometimes on the other when backups occur then PIT
restores cannot work with integrity as some of the files may have been
backed up on the other node in the cluster.

I now have an application which must have the hostname brought across on
failover conditions. I'm stuck. To make matters worse I'm being told that
the Veritas HA product for Solaris always changes the hostname on the active
machine in the cluster and that particular train is already rolling in the
company. Looks like I need ADSM to understand clustering somehow.

An enhancement which would really help would be an option to not use
machine-specific data in the password encryption algorithm used to store the
password in the client file. Anyone else faced similar issues?

I will be eternally grateful if there is some simple option somewhere that
can be exploited which I have missed.

Regards
Alan
<Prev in Thread] Current Thread [Next in Thread>
  • ADSM Client and HACMP/Veritas HA, Alan White <=