# sccsid = "@(#)21 1.2.4.1 src/rsct/rsct.core.READMEsrc, rsct_common, rsct_rady, rady2035a 11/12/15 16:45:54" # IBM_PROLOG_BEGIN_TAG # This is an automatically generated prolog. # # # # Licensed Materials - Property of IBM # # (C) COPYRIGHT International Business Machines Corp. 2000,2019 # All Rights Reserved # # US Government Users Restricted Rights - Use, duplication or # disclosure restricted by GSA ADP Schedule Contract with IBM Corp. # # IBM_PROLOG_END_TAG RSCT RESOURCE MONITORING AND CONTROL 2.3 and 2.4 README --------------- DESCRIPTION --------------- This is the README for RSCT Resource Monitoring and Control, Version 2 Release 3 and Release 4. It contains the latest information about these releases including installation pointers, documentation updates, and restrictions. The information in this README supersedes any of the previously documented instructions for these releases. This README pertains to all the file sets included with RSCT Resource Monitoring and Control 2.3 and 2.4. They are: rsct.core rsct.core.auditrm rsct.core.errm rsct.core.fsrm rsct.core.gui rsct.core.hostrm rsct.core.rmc rsct.core.sec rsct.core.sensorrm rsct.core.sr rsct.core.utils ---------------------------- INSTALLATION INFORMATION ---------------------------- Reliable Scalable Cluster Technology (RSCT) requires the installation of several file sets, including bos.perf.perfstat, bos.rte, bos.rte.iconv, bos.iconv.com, bos.iconv.ucs.com, perl.rte, and bos.net.tcp.client. These requirements are enforced by having a corequisite of bos.perf.perfstat and a prerequisite of the others. These file sets are shipped with AIX. Special procedure when RSCT is installed from a System Image or NIM --- Since RSCT stores node specific configuration information in the /etc and /var/ct/cfg directories, creating a system (mksysb) image from a node and restoring it to another node may cause unexpected behavior from the RMC subsystem. Therefore, one of the following methods should be used for installation or upgrading using a system image. 1) Build a system image including a /etc/firstboot script Before creating a system image, /etc/firstboot must be edited to include /opt/rsct/install/bin/recfgct. The /etc/firstboot script will be executed during the first boot after the installation. A system image created using this method may not be used for an upgrade. 2) Use NIM resource type (script) The NIM installation procedure provides a method to execute some actions after the installation. Include /opt/rsct/install/bin/recfgct in this script. 3) On PSSP, use firstboot.cust script There is a sample script, /usr/lpp/ssp/samples/firstboot.cust, which is designed to be used by the user as a guide for some functions that might be performed after a node has been network installed, and after it boots for the first time. Add /opt/rsct/install/bin/recfgct to the /tftpboot/firstboot.cust script. 4) Manually reset the node specific configuration information After the installation, invoke the /opt/rsct/install/bin/recfgct command, which will regenerate the node specific configuration information. -------------- ADVISORIES -------------- RSCT forward coexistence compatibility issue --- Issue: Due to a new cryptographic infrastructure, the RSCT crypto modules provided on the AIX's Expansion Pack must be at the same level with the rsct.core.sec package starting with RSCT version 2.4.2.0 for AIX 5.3 and RSCT version 2.3.6.0 for AIX 5.2. Description: RSCT provides crypto modules for data encryption purposes. They are shipped in separate packages from base RSCT on the AIX 5L Expansion Pack. There are 5 (five) crypto module packages provided by RSCT: rsct.crypt.des, rsct.crypt.3des, rsct.crypt.aes256, rsct.crypt.rsa512 and rsct.crypt.rsa1024. The RSCT crypto modules have the same VRMF as the RSCT's rsct.core.sec package that they correspond to. The application affected by this advisory is HACMP. When the Message Authentication with Encryption option is selected, HACMP uses the RSCT security package for the actual encryption operation and, indirectly, the crypto modules provided by RSCT (specifically, rsct.crypto.des). Under this configuration, the symptom experienced by HACMP in the case of a mismatch between the version of RSCT's crypto modules and RSCT's rsct.core.sec package is the clcomd daemon dumping core and failing to synchronize the HACMP cluster. Action required: On AIX 5.3, when upgrading RSCT to version 2.4.2.0 or later, users must upgrade any of the rsct.crypt.* packages to at least version 2.4.2.0. AIX 5.2, when upgrading RSCT to version 2.3.6.0 or later, users must upgrade any of the rsct.crypt.* packages to at least version 2.3.6.0. Issue: Due to a new cryptographic infrastructure, the RSCT forward coexistence compatibility is broken for CSM. The forward coexistence compatibility is broken for CSM starting with RSCT version 2.4.2.0 for AIX 5.3 and RSCT version 2.3.6.0 for AIX 5.2. Description: The symptom is a failure of the CSM's systemid command (either core dumping or failure to encrypt the hardware controller password); or failure to exchange the Kerberos 5 keys used by rsh between the management server and the managed nodes due to core dumping or failure to decrypt the keys. Action required: For CSM 1.4: On AIX 5.3, when upgrading RSCT to verion 2.4.2.0 or later, users must upgrade CSM 1.4 to at least version 1.4.1.0. On AIX 5.2, when upgrading RSCT to verion 2.3.6.0 or later, users must upgrade CSM 1.4 to at least version 1.4.1.0. For CSM 1.3: On AIX 5.2, when upgrading RSCT to version 2.3.6.0 or later, users must upgrade CSM 1.3 to at least csm.server version 1.3.3.8 and csm.client version 1.3.3.4. This level of CSM will be available in APAR IY75125. Until APAR IY75125 is available, an efix may be obtained by contacting IBM Service. Backing up the /var/ct Directory --- The /var/ct directory and all its subdirectories should be backed up periodically. These directories are used by the RMC subsystems to store resource persistent data and other configuration information. In addition, if major configuration changes are made via CSM commands or the Web-based System Manager Monitoring application a backup of this directory should be performed. Perform the following steps to do a backup: - Execute the following command to stop the RMC subsystems. The command does not complete until all RMC subsystems are stopped. /opt/rsct/bin/rmcctrl -z - Perform a backup of the /var/ct directory - Execute the following command to restart the RMC subsystems. /opt/rsct/bin/rmcctrl -s To restore the /var/ct/ directory perform the following steps: - Execute the following command to stop the RMC subsystems. /opt/rsct/bin/rmcctrl -z - Restore the /var/ct directory - Execute the following command to restart the RMC subsystems. /opt/rsct/bin/rmcctrl -s Memory Requirement for Web-based System Manager --- The minimum memory requirement to run a Web-based System Manager session is 256 MB. However, if you plan to run the Monitoring application from more than one Web-based System Manger session at the same time on a system, more than 256 MB of memory is recommended to enhance performance. Display Limitations for Web-based System Manager --- - The Web-based System Manager will only display conditions whose ManagementScope persistent attribute has a value of 1 (meaning local scope) or 4 (meaning distributed scope). Restriction for Japanese locales --- When the responses specified with the predefined "notifyevent" script are used in Japanese locales, alphanumeric (English) characters should be used for the Condition name. Condition names with non-alphanumeric characters will be corrupted in the mail header. Work around: A system administrator could modify the "notifyevent" script so that it does not use the $ERRM_COND_NAME environment variable in the mail subject. ------------------------------------- WORLD WIDE WEB ACCESS INFORMATION ------------------------------------- Cluster software information is available at the following Web site: http://www.ibm.com/eserver/clusters/software Service information is available at the following Web site: http://techsupport.services.ibm.com/server/cluster The Reliable Scalable Cluster Technology (RSCT) publications are available as Portable Document Format (PDF) files from the IBM Publications Center Web site: http://www.ibm.com/shop/publications/order To view the PDF versions of the RSCT publications, you need access to the Adobe Acrobat Reader. The Acrobat Reader is shipped with the AIX Bonus Pack. It is also available (for free) from the Adobe Web site: http://www.adobe.com In addition, HTML and PDF versions of the RSCT publications are available from the IBM eServer Cluster Information Center: http://publib.boulder.ibm.com/clresctr You can view or download these RSCT publications: IBM RSCT: Administration Guide SA22-7889 IBM RSCT: Diagnosis Guide SA23-2202 IBM RSCT for AIX 5L: Technical Reference SA22-7890 IBM RSCT: Messages GA22-7891 IBM RSCT: Group Services Programming Guide and Reference SA22-7888 IBM RSCT for AIX 5L: LAPI Programming Guide SA22-7936 IBM RSCT for AIX 5L: Managing Shared Disks SA22-7937 An RSCT Documentation Updates file is maintained at this Web site: http://publib.boulder.ibm.com/clresctr/docs/rsct/docupdates.html ----------------------------------------- DOCUMENTATION UPDATES AND INFORMATION ----------------------------------------- Product Documentation -- The information in this section supersedes the information that is documented in the RSCT publications listed in the "WORLD WIDE WEB ACCESS INFORMATION" section of this README. RMC Port Usage -- The following Internet network services are used by RMC for communication between nodes. Service Name Port Number Protocol rmc 657 UDP rmc 657 TCP The UDP port is used for communication between RMC daemons. The TCP port is used for remote client connections to a RMC daemon. The port listed is used by the RMC daemon. The client uses this port to establish a connection to the RMC daemon. The client half of the connection uses an ephemeral port. To ensure full RMC functionality, both the UDP port and the TCP port must be enabled. Ephemeral port ranges vary by operating system. The following command can be used to determine ephemeral port ranges used on a host. # /usr/sbin/no -a | fgrep ephemeral tcp_ephemeral_low = 32768 tcp_ephemeral_high = 65535 udp_ephemeral_low = 32768 udp_ephemeral_high = 65535 Note: The command shown displays host settings. Ephemeral port values may be further restricted through the use of environment variables or application specific settings. Network Configuration -- All network interfaces attached to the same subnet, over which RSCT traffic may pass, must have the same configured MTU values. Otherwise, RSCT components may not be able to communicate with their peers on other nodes. --------------------- LEGAL INFORMATION --------------------- Authorized Use of Machine-Readable Documents ANY USE OF THE IBM MACHINE-READABLE DOCUMENTS, INCLUDING READING FROM THE ORIGINAL MEDIA, INDICATES YOUR ACCEPTANCE OF THESE TERMS. IF YOU DO NOT AGREE WITH THE TERMS, PROMPTLY RETURN THE ORIGINAL MEDIA AND THE AMOUNT YOU PAID WILL BE REFUNDED. YOUR FAILURE TO COMPLY WITH THESE TERMS TERMINATES THIS AUTHORIZATION. UPON TERMINATION, YOU MUST DESTROY THE DOCUMENTS AND ALL COPIES. "Document" means the original copy of a document and any copy or partial copy you make. The Document is copyrighted. IBM does not transfer title to the Document. A Document may be either general or licensed. The media may contain general and licensed Documents. Different terms apply to general and licensed Documents. General Document A general Document has an order number usually beginning with a "G" or an "S." You may make copies, modify, and print the general Document for use within your enterprise. You may transfer possession of the general Document to another party only when you transfer the related IBM product (which may be either machines you own, or programs, if the program's license terms permit a transfer). If you do so, you must give the other party an original unaltered copy of the general Document. Licensed Document A licensed Document has an order number beginning with an "L." A licensed Document is part of a specific program that IBM licenses to you. You MUST have a license agreement with IBM for the program, or the Document, in order to use, copy, or print the licensed Documents. The terms of your license agreement apply to the licensed Documents and to any copies you make from them. Under each license, IBM authorizes you to: 1. Use the licensed Document on all machines designated for the program or on other machines within your enterprise in support of authorized use of the program; and 2. Make copies, modify, and print the licensed Document. You agree to use the licensed Document only as authorized above. You may NOT do, for example, any of the following: 1. Sublicense, assign, or transfer the license for any Document; or 2. Distribute the licensed Document to any third party. Warranty The warranty for IBM programs, contained in your license agreement, applies to the licensed Documents. All other Documents are provided "AS IS." THERE ARE NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Some jurisdictions do not allow the exclusion of implied warranties, so the above exclusion may not apply to you. General You may transfer possession of the original media (such as CD-ROM discs) containing the Documents if the media has an order number beginning with a "G" or an "S." Such media may contain licensed Documents, but they are not readable without the appropriate "keys" to unlock them. You may NOT transfer such keys. You may NOT transfer the original media that has an order number beginning with an "L." For each Document you must reproduce the copyright notice, any other legend of ownership, and all warning statements, on each copy or partial copy of the Document. If you acquired the media in the United States, this authorization is governed by the laws of the State of New York. If you acquired the media in Canada, this authorization is governed by the laws of the Province of Ontario. Otherwise, this authorization is governed by the laws of the country in which you acquired the media.