You plan your site environment by entering site configuration information on the control workstation through SMIT panels or by using the spsitenv command. SMIT is the System Management Interface Tool, supplied as part of the PSSP software.
The installation and configuration scripts read the configuration information data and customize the SP configuration according to your choices. The entries you put on the worksheet are the entries you'll make on the SMIT panels. Site environment data includes:
You can easily change the choices discussed in the following sections any time after the installation. If you are unsure about any of these options, you can select the defaults, then change your selections later.
If you plan to use DCE security services, before proceeding to the issues addressed by the Site Environment Worksheet, this is a good time to consider if you want to control which interfaces DCE uses for remote processing. You can set AIX environment variables to control this for each process or for all processes. Chapter 6, Planning for security has more on this subject in Considering to exclude network interfaces from DCE Remote Procedure Call binding.
The following sections help you make decisions about your site environment. These sections are listed in the same order as the items in the SP Site Environment Worksheet on page Table 70. A brief description of the function of each area along with a discussion of the alternatives should give you enough information to fill out the worksheet. Detailed information about these and other system administration issues is in the section on managing the SP system in the book PSSP: Administration Guide.
Remember, the defaults are designed to provide an operational SP system and they might be just right for you. You can change them later, if necessary.
|The install_image attribute lets you specify the name of |the default network install image to be used for any SP node when the install |image field is not set. The default is |bos.obj.ssp.510 or |bos.obj.ssp.433, depending on the version of |AIX you install on the control workstation. If it does default to |bos.obj.ssp.510 and you have installed AIX |4.3.3, you might want to use |bos.obj.ssp.433 instead.
If you configure one or more nodes of your SP system as boot-install servers, each will act as an intermediate repository for a network install image of the AIX operating system. This network install image is a single file that occupies significant space on the file system of the boot-install server on which it resides. |It uses approximately 25 MB per lppsource level.
You can reclaim this disk space by setting the remove_image attribute to true, which deletes this network install image after all new installation processes complete. Alternatively, you can retain the image to improve the speed of a successive install that uses this same image.
You can set two attributes for these options.
install_image lets you set the name of the default image.
remove_image specifies what to do with the image after all
installations are complete.
Table 30. Network install image choices
| Worksheet entries to be filled in... | ||
|---|---|---|
| To do this... | install_image | remove_image |
| Use bos.obj.ssp.510 as the default | bos.obj.ssp.510 |
|
| Use bos.obj.ssp.433 as the default | bos.obj.ssp.433 |
|
| Remove the install image after all installs have completed |
| true |
| Do not remove the install image |
| false (default) |
| ||
The SP system requires that time be synchronized on the control workstation and SP nodes. Your options are the following:
Notes:
See the book PSSP: Administration Guide for managing the NTP server.
If you install the High Availability Control Workstation software with a second control workstation and you select timemaster as your site's existing NTP time server, both control workstations must use the site time server. If you use the Internet configuration, both control workstations need access to the Internet.
There are three attributes to set for NTP. ntp_version
defaults to 3 (the version shipped with AIX 4.2 or
later). If your installation is using an earlier version of NTP, change
this value to the number for the version in use. The other two
attributes are described in Table 31.
Table 31. Time service choices
| Worksheet entries to be filled in... | ||
|---|---|---|
| To do this... | ntp_config | ntp_server |
| Use your site's existing NTP time server to synchronize the SP system clocks. | timemaster | hostname of your current NTP time server |
| Use an NTP time service from the Internet to synchronize the SP system clocks. | internet | hostnames of time servers on the Internet* |
| Run NTP locally on the SP to generate a consensus time. | consensus (default) | |
| Do not use NTP on the SP; instead, use some other method to synchronize system clocks. | none | |
| ||
An automounter is an automatic file system that dynamically mounts users' home directories and other file systems when a user accesses the files and unmounts them after a specified period of inactivity. The automounter manages directories specifically defined in the automounter map files. Using an automounter will minimize system hangs and, through mapping, will also provide a method of sharing common file system mount information across many systems.
Automounter daemons run independently on the control workstation and on every node in the SP system. Since these daemons run independently, you will be able to simultaneously run different automounters, if you have different levels of PSSP on your system. Also, a system configuration variable gives you the option of turning off the automount daemons on all or none of the system partitions.
Booting the SP nodes invokes a similar process creating node directories and logs. Map files are downloaded from the control workstation to the nodes during node boot. Once it has been created, the user directory automounter map is updated automatically as users are added and deleted from the system provided you have configured SP User Management Services on the control workstation.
|The AIX automounter uses NFS (Network File Systems) to mount or AIX |to link directories. Nodes running PSSP use the AIX automounter by |default. As an alternative to the AIX automounter, you can provide your |own technique for directory access.
One method of directory access would be to leave the SP automounter support turned on and replace the default SP function with support you provide for using your own automounter. You would do this using a set of user customization scripts that would be recognized by the SP. Another method would be setting the configuration variable so that the automounter daemon is off for the entire system. You would then have to provide some other means for users to access their home directories. Alternatively, since the use of an automounter is optional, you might choose to not use an automounter on your SP system.
See the chapter on managing Automount in the book PSSP: Administration Guide.
Only one attribute applies to the Automount option.
Table 32. User directory mounting choices - system automounter support
| Worksheet entry to be filled in | |
|---|---|
| To do this... | amd_config |
| Use AIX Automounter supplied with PSSP | true (default) |
| Use some other means of mounting user directories to the SP | false |
| |
The SP user account management facility is designed to fit in with your current computing environment. If you already have procedures in place for managing user accounts, you can configure the SP system to use them. Alternatively, you can use the set of commands and tools provided with the SP for this purpose. The SP uses a single /etc/passwd file replicated across all nodes in the SP system using the SP file collection facilities. If you are using Network Information Service (NIS), these commands will use the NIS function. A set of customer commands is provided to interface to the NIS function.
These options are offered to help you manage user accounts. They involve passwords and directory paths. Read the brief descriptions that follow and record your choices on the Site Environment Worksheet.
The passwd_file lets you specify the name of your password file.
The default name of the password file is /etc/passwd.
The passwd_file_loc attribute should contain the host name of the machine where you maintain your password file. This defaults to your control workstation. The value of the passwd_file_loc cannot be one of the nodes in the SP system.
Specify a default location for user home directories in the homedir_server attribute. If you are using Amd, the user management commands will use this host name when building Amd maps. If you do not specify a default, the user management commands assume the host on which you enter the commands. You can override this value when adding or modifying a user account with the spmkuser and spchuser commands.
Use the homedir_path attribute to specify the path of user home directories. The default base path for user home directories is /home/localHostname. Change this value if you wish to set a different path as the default for your site. You can also override the default path with the home attribute on the spmkuser and spchuser commands.
See the chapter on managing accounts in the book PSSP: Administration Guide.
Five attributes apply to PSSP User Management, but four of them are used
only if you set usermgmt_config to true.
Table 33. PSSP user account management choices
| Worksheet entries to be filled in... | |||||
|---|---|---|---|---|---|
| To do this... | usermgmt_config | passwd_file_loc | passwd_file | homedir_server | homedir_path |
| Do not use the PSSP user account management component | false |
|
|
|
|
| Use the PSSP user account management component | true(default) | password server host name (default is ctl wkstn) | name of the password file (default is /etc/passwd) | host name of the home directory server (default is (ctl wkstn) | /home/name of your home directory server |
| |||||
The PSSP file collection component simplifies the task of maintaining duplicate files across the nodes of the SP system. File collections provide a single point of control for maintaining a consistent version of one or more files across the entire system. You can make changes to the files in one place and the system replicates the updates on the other copies.
The files that are required on the control workstation, the file servers and the SP nodes are grouped into file collections. A file collection consists of a directory of files which includes special master files that define and control the collection.
The file collection structure is created along with the initial installation and configuration of your SP system. You must decide which files to specify for replication.
See the chapter on managing file collections in the book PSSP: Administration Guide.
The SP system gives you the option of using file collections or not using
them. If you choose to use them you must specify a unique (unused)
userid for the file collection daemon along with a unique (unused) port
through which to communicate.
Table 34. System file management choices
| Worksheet entries to be filled in... | |||
|---|---|---|---|
| To do this... | filecoll_config | supman_uid | supfilesrv_port |
| Do not use the PSSP file collection feature | false | ||
| Use the PSSP file collection feature | true (default) | unique user ID (default 102, username supman) | unique port number (default 8431) |
The accounting utility lets you collect and report on individual and group use of the SP system. This accounting information can be used to bill users of the system resources or monitor selected aspects of the system's operation.
Because the level of hardware resources is probably not distributed evenly across your SP system, you might want to charge different rates for different nodes. SP accounting lets you define classes or groups of nodes for which accounting data is merged, providing a single report for the nodes in that class. In addition, you can suppress or disable the collection of accounting data. Individual nodes within a class can be enabled or disabled for accounting.
The attributes in the following table apply to the PSSP accounting option, but are used only if you set spacct_enable to true. Use spacct_actnode_thresh to specify the minimum percentage of nodes for which accounting data must be present. Use spacct_exclusive_enable to specify whether, by default, separate accounting records are generated when a LoadLeveler job requests exclusive use of a node.
Use acct_master to specify which node is to act as the
accounting master. The default value is 0 (the control
workstation).
| Worksheet entries to be filled in... | ||||
|---|---|---|---|---|
| To do this... | spacct_enable | spacct_actnode_thresh | spacct_exclusive_enable | acct_master |
| Do not use the PSSP accounting feature | false (default) |
|
|
|
| Use the PSSP accounting feature | true | 80 | false (default) | 0 |
| ||||
For information about this feature of PSSP and how to set up an accounting system, see the chapter on accounting in the books PSSP: Administration Guide and the relevant AIX version of System Management Guide.
The cw_lppsource_name attribute lets you specify the name of the directory to which the AIX and related file sets, collectively referred to as the lppsource, will be copied.
You must ensure that the AIX level of the licensed programs contained in the lppsource (indicated by the value given to cw_lppsource_name) matches the AIX level installed on your control workstation.
The attribute value makes up just one part of the directory name in the form:
/spdata/sys1/install/<cw_lppsource_name>/lppsource
where cw_lppsource_name is the new lppsource name for the control workstation (such as aix433 if that is what you choose to call the directory with the AIX 4.3.3 licensed program source files). Keep in mind that the setup_server program looks for and uses this name later in the installation process. By default, it is set to default, so that if you use that as your directory name, you do not have to change the value of cw_lppsource_name. If you do not provide a name, the setup_server program assumes the value is default.
See the chapter on preparing the control workstation in the book PSSP: Installation and Migration Guide.
Only one attribute applies to the lppsource directory name option.
Table 36. lppsource directory choices
| Worksheet entry to be filled in... | |
|---|---|
| To do this... | cw_lppsource_name |
| Use aix510 to uniquely identify the new lppsource directory | aix510 |
| Use aix433 to uniquely identify the new lppsource directory | aix433 |
| Use default as the default lppsource directory |
|
| |
|As of PSSP 3.2 you have the option of running PSSP with an enhanced |level of security called restricted root access. With the |restricted root access option enabled, PSSP system management software does |not internally issue rsh and rcp commands as a root user |from a node. Any such actions can only be run from the control |workstation or from nodes configured to authorize them. PSSP does not |automatically grant authorization for a root user to issue rsh and |rcp commands from a node. If you enable this option, some |procedures might not work as documented. For example, to run HACMP an |administrator must grant the authorizations for a root user to issue |rsh and rcp commands that PSSP otherwise grants |automatically.
|In addition, with PSSP 3.4 you can choose to use a secure |remote command process to replace the rsh and rcp |commands issued by PSSP system management software running as root on the |control workstation. You must acquire and install the secure remote |command software on the control workstation before you can enable a secure |remote command process to be used by the PSSP software. The secure |remote command software must be running and root must have the ability to |successfully use it to issue remote commands to the nodes without being |prompted for passwords or passphrases.
|See Considering restricted root access and Considering a secure remote command process for more explanation and limitations before |you decide to use these options.
|You must enable restricted root use of remote commands in order to use a
|secure remote command process.
|
|Table 37. Remote command choices
| Worksheet entries to be filled in... | ||||
|---|---|---|---|---|
| To do this... | restrict_root_rcmd | rcmd_pgm | dsh_remote_cmd | remote_copy_cmd |
| Do not restrict PSSP root use of remote commands | false (default) | rsh (default) | ||
| Do not restrict PSSP root use of remote commands but use alternative executables | false (default) | rsh (default) | /usr/local/bin/rsh for example | /usr/local/bin/rcp for example |
| Restrict PSSP to use remote commands from the cws only | true | rsh (default) | ||
| Restrict PSSP to use remote commands from the cws only and use alternative executables | true | rsh (default) | /usr/local/bin/rsh for example | /usr/local/bin/rcp for example |
| Restrict PSSP use of remote commands and use the default secure remote command process | true | secrshell | ||
| Restrict PSSP use of remote commands and use an alternative secure remote command process | true | secrshell | /usr/local/bin/ssh for example | /usr/local/bin/scp for example |
| ||||