HPE Community
Operating System - HP-UX
1834530 Members
3323 Online
110068 Solutions
New Discussion

Re: Service guard and rexec/remsh

 
SOLVED
Go to solution
Donald R. Wedig
Occasional Contributor

‎06-14-2002 11:42 AM

‎06-14-2002 11:42 AM

Service guard and rexec/remsh

Does Service guard utilize rexec or remsh to handle information transfer or cluster stability?
Priorities - God, Family, Friends
0 Kudos
Reply
5 REPLIES 5
Sanjay_6
Honored Contributor

‎06-14-2002 11:46 AM

‎06-14-2002 11:46 AM

Re: Service guard and rexec/remsh

Hi,

no i don't think service guard uses either remsh or rexec to handle communication betweeb nodes.

Hope this helps.

Regds
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

‎06-14-2002 11:52 AM

‎06-14-2002 11:52 AM

Re: Service guard and rexec/remsh

Hi Donald:

No, MC/Serviceguard does not need this enabled. In fact, you can avoid the '.rhosts' file too, '/etc/cmcluster/cmclnodelist' for it. This generally tightens security if/where it is desirable to avoid'.rhosts' files.

Regards!

...JRF...
0 Kudos
Reply
Crystal_1
Frequent Advisor

‎06-16-2002 04:01 PM

‎06-16-2002 04:01 PM

Re: Service guard and rexec/remsh

Hi,

I got the same question. Our Sys Admin told me that MC Service Guard requires to have .rhost file. I am a security admin and require not to have .rhost file on a system.

Could you please tell me how to configure the specific file (/etc/clumster) to replace the .rhost file?


Tx, Crystal

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎06-16-2002 07:03 PM

‎06-16-2002 07:03 PM

Re: Service guard and rexec/remsh

rcp is needed to distribute the cluster config files. Without remsh capability, you must manually update the cluster files every time there is a change to the cluster(s). Eliminating the remsh command will greatly increase sysadmin overhead and will likely generate a number of cluster integrity problems from time to time (because someone forgot to redistribute the new versions).

.rhosts is not a security risk by itself...it is a risk based on the contents. Since clustered machines are virtually equal and can therefore trust each other. .rhosts must never be readable by anyone except the owner (permissions=600) and must contain the name(s) of the clustered machines plus the user name.


Bill Hassell, sysadmin
0 Kudos
Reply
Stephen Doud
Honored Contributor

‎06-17-2002 05:18 AM

‎06-17-2002 05:18 AM

Solution

Re: Service guard and rexec/remsh

Hello Don,

The system administrator must manually copy package control scripts to the same directories on other nodes when the scripts are altered.

It is not essential to copy the cluster configuration file or package configuration files to the other servers, because the ServiceGuard daemon (cmcld) works with the binary cmclconfig file - which was created as a result of the cmapplyconf command with the cluster and package configuration files. These configuration files can be reconstructed using the cmgetconf(1m) command.

Once configured and running, ServiceGuard uses tcp and udp ports (see "hacl" lines in /etc/services) to communicate between cluster nodes.

-s.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.