HPE Community
Operating System - HP-UX
1819800 Members
3157 Online
109607 Solutions
New Discussion юеВ

Re: Critical Service Guard Patch A.11.16.00

 
LogicallyLJ
Occasional Contributor

тАО03-22-2006 02:00 AM

тАО03-22-2006 02:00 AM

Critical Service Guard Patch A.11.16.00

Hello,

we encountered some issues while carrying out the patching of Service Guard.

There was an error with the netmask on Lan2 of both nodes on a two node cluster, before the patching was carried out. The Cluster was up and running at this stage, but issuing the error we were seeing relating to the Critial Patch issue.

The Lan netmask was set to 255.255.0.0 rather than 255.255.255.0.

When the patches were installed we encountered major problems on reboot.

My question is, does the patched version of A.11.16.00 take more notice of/is more sensitive to the Lan problems. The reason I ask is that I am unsure as to why the lan netmask error did not cause problems prior to the patching, while running ServiceGuard successfully, but did afterwards.

I agree that the netmask error is the reason why the problems I was seeing, but any clarification on the difference between patched and non patched would be appreciated.
0 Kudos
Reply
3 REPLIES 3
Stephen Doud
Honored Contributor

тАО03-22-2006 02:44 AM

тАО03-22-2006 02:44 AM

Re: Critical Service Guard Patch A.11.16.00

In October 2004, patches were released for Serviceguard to incorporate more stringent security measures with Serviceguard communications. The patch requires all IP-bearing NICs to be listed in /etc/hosts on all nodes in the cluster, and /etc/nsswitch.conf hosts: line list 'files' before 'dns', but I have not seen your particular problem with the netmask issue related to problems I have seen resulting from installation of the patch.

After the servers were rebooted, exactly when did you see the netmask error?
What did you have to do to correct the problem? Edit /etc/rc.config.d/netconf? If so, perhaps that file had been editted with the mistake after the last reboot and successful cluster reformation.
0 Kudos
Reply
LogicallyLJ
Occasional Contributor

тАО03-22-2006 02:58 AM

тАО03-22-2006 02:58 AM

Re: Critical Service Guard Patch A.11.16.00

The netmask error was in place in the netconf file prior to the installation of patches, however the cluster came up successfully when it was initially set.

Would these Service Guard patches cause the cluster to have issues with the badly set netmask, where as unpatched, it may have come up successfully?

Initially the problem was corrected by running an ifconfig on lan2 and resetting the netmask to what it should have been.

The mistake was not actually due to the patching, but was in place before. I am just intrigued as to why the un patched ServiceGuard could work with this netmask error and the patched version could not.
0 Kudos
Reply
Carsten Krege
Honored Contributor

тАО03-22-2006 08:20 PM

тАО03-22-2006 08:20 PM

Re: Critical Service Guard Patch A.11.16.00

You are not very detailed what the problems were you were seeing. I wouldn't expect to see "major problems on reboot". But then I'm not sure what you really mean.

The most likely problems to see if the netmask in the SG cmclconfig binary does not match with what is on the card are with cmmodnet when adding a relocatable IP in the package control script. Either cmmodnet would fail with error or possibly adds the relocatable IP (lan2:1 or so) with a different netmask as is on the primary lan (lan2).

Other issues could show for local lan failover if a primary lan fails.

Heartbeat communication or other core operations are most likely not affected by such a mismatch.

Carsten
-------------------------------------------------------------------------------------------------
In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move. -- HhGttG
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.