Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Using Operations Manager 8 in aFlexible Management Environment     (The “MoM Cookbook”)             Version 3.0           ...
MoM Cookbook                                                      Version 3.0Legal NoticesCopyright Notices©Copyright 2007...
MoM Cookbook                                                                              Version 3.0PrefaceThis cookbook ...
MoM Cookbook                                                                            Version 3.0History:Date         Ve...
MoM Cookbook                                                                                                    Version 3....
MoM Cookbook                                                                                                    Version 3....
MoM Cookbook                                                      Version 3.01 Switching the management server from primar...
MoM Cookbook                                                      Version 3.01.1.4 Import trusted certificates from server...
MoM Cookbook                                                                    Version 3.01.1.5 Update trusted certificat...
MoM Cookbook                                                      Version 3.01.1.6 Import trusted certificates from server...
MoM Cookbook                                                                    Version 3.01.1.7 Update trusted certificat...
MoM Cookbook                                                                        Version 3.01.2 Setup for the managed n...
MoM Cookbook                                                                           Version 3.0## Responsible Manager C...
MoM Cookbook                                                                     Version 3.01.2.4 Verify mgrconf file on m...
MoM Cookbook                                                                        Version 3.01.2.6 Obtain OVCoreID of ma...
MoM Cookbook                                                                        Version 3.02 Message forwarding from O...
MoM Cookbook                                                                       Version 3.0Operation successfully compl...
MoM Cookbook                                                                       Version 3.0                            ...
MoM Cookbook                                                                     Version 3.03 Message forwarding between t...
MoM Cookbook                                                      Version 3.03.1.2 Certificates on server Bsu3 # ovcoreida...
MoM Cookbook                                                      Version 3.03.2.4 Import trusted certificates from server...
MoM Cookbook                                                      Version 3.03.2.6 Import trusted certificates from server...
MoM Cookbook                                                               Version 3.03.3 Add servers to each other’s node...
MoM Cookbook                                                                       Version 3.03.4 Setup the message forwar...
MoM Cookbook                                                                       Version 3.03.8 Setup the message forwar...
MoM Cookbook                                                                          Version 3.04 Message forwarding betw...
MoM Cookbook                                                                     Version 3.04.1.2 Certificates on server B...
MoM Cookbook                                                                       Version 3.0c1n2 #This is the cluster no...
MoM Cookbook                                                      Version 3.04.2.4 Import trusted certificates from server...
MoM Cookbook                                                      Version 3.04.2.6 Import trusted certificates from server...
MoM Cookbook                                                               Version 3.04.2.8 Update trusted certificates in...
MoM Cookbook                                                               Version 3.04.3.3 Add server A to node bank of s...
MoM Cookbook                                                                      Version 3.04.3.4 Add As ovcoreid to the ...
MoM Cookbook                                                                        Version 3.0Verify that the message is ...
MoM Cookbook                                                                         Version 3.04.8 Setup the message forw...
MoM Cookbook                                                                           Version 3.05 Message forwarding bet...
MoM Cookbook                                                      Version 3.0c1n2 # ovcoreid681b477e-3def-750b-02a3-d3cdd1...
MoM Cookbook                                                                       Version 3.05.1.2 Certificates on server...
MoM Cookbook                                                      Version 3.0c2n2 # ovcoreidaba6d168-d58b-7507-1477-cb5183...
MoM Cookbook                                                                        Version 3.05.2 Setup certificate trust...
MoM Cookbook                                                                        Version 3.0+--------------------------...
MoM Cookbook                                                                        Version 3.0+--------------------------...
MoM Cookbook                                                                      Version 3.05.3 Add servers to each other...
MoM Cookbook                                                                  Version 3.0Server B:c2n1 # /opt/OV/bin/OpC/u...
MoM Cookbook                                                                       Version 3.0Then restart the management ...
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Om flex mgmt
Upcoming SlideShare
Loading in …5
×

Om flex mgmt

1,948 views

Published on

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Om flex mgmt

  1. 1. Using Operations Manager 8 in aFlexible Management Environment (The “MoM Cookbook”) Version 3.0 2008-02-20
  2. 2. MoM Cookbook Version 3.0Legal NoticesCopyright Notices©Copyright 2007 Hewlett-Packard Development Company, L.P.No part of this document may be copied, reproduced, or translated toanother language without the prior written consent of Hewlett-PackardCompany. The information contained in this material is subject tochange without notice.WarrantyThe only warranties for HP products and services are set forth in the expresswarranty statements accompanying such products and services. Nothing hereinshould be construed as constituting an additional warranty. HP shall not beliable for technical or editorial errors or omissions contained herein.The information contained herein is subject to change without notice.Trademark NoticesMicrosoft® and Windows® are U.S. registered trademarks of MicrosoftCorporation.UNIX® is a registered trademark of The Open Group._____________________________________________________________________________ Page 2
  3. 3. MoM Cookbook Version 3.0PrefaceThis cookbook is mainly intended for HP support personnel.It provides some steps for setting up a “Manager of Manager” (MoM) configuration.Feedback to joachim.dieckmann@hp.comThe hostnames used in this cookbook are purely fictitious and reflect the usage for the variouspurposes:su1 management server with OMU 8 (HP-UX PA-RISC)su2 management server with OMU 8 (HP-UX PA-RISC)su3 management server with OMU 8 (HP-UX PA-RISC)su7 management server with OVOU 7 (HP-UX PA-RISC)sw75 management server with OVOW 7.5 (Windows 2003)sw80 management server with OMW 8.0 (Windows 2003)hn1 managed node with OMU 8 agent (HTTPS)hn2 managed node with OMU 8 agent (HTTPS)hn3 managed node with OMU 8 agent (HTTPS)dn4 managed node with OMU 8 agent (DCE)hn5 managed node with OMU 8 agent (HTTPS)c1n1 physical cluster node 1 of cluster 1 with OMU 8 agent (HTTPS)c1n2 physical cluster node 2 of cluster 1 with OMU 8 agent (HTTPS)c1v virtual node of cluster 1; management server with OMU 8c2n1 physical cluster node 1 of cluster 2 with OMU 8 agent (HTTPS)c2n2 physical cluster node 2 of cluster 2 with OMU 8 agent (HTTPS)c2v virtual node of cluster 2; management server with OMU 8c3n1 physical cluster node 1 of cluster 3 with OVOW 7 agent (DCE)c3n2 physical cluster node 2 of cluster 3 with OVOW 7 agent (DCE)c4n1 physical cluster node 1 of cluster 4 with OMW 8 agent (HTTPS)c4n2 physical cluster node 2 of cluster 4 with OMW 8 agent (HTTPS)c4v virtual cluster node of cluster 4vpool1 virtual node for server poolingvpool2 virtual node for server poolingThe hostnames here are also used without domain names. When using these commands it is advised touse the "Fully Qualified Domain Name" (FQDN), especially when the name resolution is not setup suchthat all short hostnames and aliases always resolve to the FQDN.Sometimes color is used for hostnames or core IDs to emphasize changes. The colors are consistentwithin one toplevel chapter but not across toplevel chapters._____________________________________________________________________________ Page 3
  4. 4. MoM Cookbook Version 3.0History:Date Version Changes2008-02-20 3.0 Name changes from OVOU 8 to OMU 8, from s1 to su1, etc. Added chapters: Agent-based message forwarding from OVOW 7 to OMU 8 Agent-based message forwarding from OMU 8 to OVOW 7 Server based message forwarding from OVOW 7.5 to OMU 8 Message forwarding from OMU 8 to OVOW 7.5 Message forwarding from OMW 8 to OMU 8 Message forwarding from OMU 8 to OMW 82008-01-11 2.10 Fixed typo, removed unnecessary certificates in ovcert outputs2007-11-23 2.9 Added legal notices2007-11-06 2.8 Added chapters: Message forwarding between two OMU 8 standalone servers Server Pooling_____________________________________________________________________________ Page 4
  5. 5. MoM Cookbook Version 3.01 Switching the management server from primary to backup server in OMU 8 .....................7 1.1 Setup on the 2 management servers............................................................................7 1.2 Setup for the managed node .....................................................................................122 Message forwarding from OMU 8 to OVOU 7 server and vice versa ...............................16 2.1 Add servers to each other’s node bank .....................................................................16 2.2 Setup and test the message forwarding from OMU 8 to OVOU 7.............................17 2.3 Setup and test the message forwarding from OVOU 7 to OMU 8.............................17 2.4 Add source servers managed nodes to target server nodebank .................................18 2.5 Restrictions in message forwarding between OVOU 7 and 8....................................183 Message forwarding between two OMU 8 standalone servers ..........................................19 3.1 Verify certificates on both servers ............................................................................19 3.2 Setup certificate trust between the two servers .........................................................20 3.3 Add servers to each other’s node bank with correct ovcoreid....................................23 3.4 Setup the message forwarding template on server A.................................................24 3.5 Add managed nodes of server A to nodebank of server B.........................................24 3.6 Test the message forwarding from server A to server B............................................24 3.7 Add managed nodes of server B to nodebank of server A.........................................24 3.8 Setup the message forwarding template on server B.................................................25 3.9 Test the message forwarding from server B to server A............................................25 3.10 Configure managed nodes for switching primary manager .......................................254 Message forwarding between OMU 8 standalone and OMU 8 cluster ..............................26 4.1 Verify certificates on both servers ............................................................................26 4.2 Setup certificate trust between the two servers .........................................................28 4.3 Add servers to each other’s node bank with correct ovcoreid....................................31 4.4 Setup the message forwarding template on server A.................................................33 4.5 Add managed nodes of server A to nodebank of server B.........................................33 4.6 Test the message forwarding from server A to server B............................................33 4.7 Add managed nodes of server B to nodebank of server A.........................................34 4.8 Setup the message forwarding template on server B.................................................35 4.9 Test the message forwarding from server B to server A............................................35 4.10 Configure managed nodes for switching primary manager .......................................355 Message forwarding between two OMU 8 clusters ..........................................................36 5.1 Verifying certificates................................................................................................36 5.2 Setup certificate trust between the two servers .........................................................40 5.3 Add servers to each others nodebank with correct ovcoreid .....................................43 5.4 Setup message forwarding template and test forwarding ..........................................44 5.5 Configure managed nodes for switching primary manager .......................................456 Server Pooling in OMU 8 ................................................................................................46 6.1 Configuring Management Server Nodes...................................................................46 6.2 Configuring Virtual Interfaces..................................................................................47 6.3 Configuring Primary Manager..................................................................................51 6.4 Configuring Message Forwarding ............................................................................52 6.5 Configuring Managed Nodes ...................................................................................52 6.6 Moving Virtual Interface to Another Physical Server ...............................................537 Agent-based message forwarding from OVOW 7 to OMU 8 ...........................................56 7.1 Create an agent-based flexible management policy ..................................................56 7.2 Configure Agents to communicate with OpenView Operations for UNIX ................57 7.3 Verification of correct message forwarding ..............................................................598 Agent-based message forwarding from OMU 8 to OVOW 7............................................60_____________________________________________________________________________ Page 5
  6. 6. MoM Cookbook Version 3.0 8.1 Create an agent-based flexible management policy ..................................................60 8.2 Configure OMU Agents to communicate with OVOW 7..........................................61 8.3 Prepare the OVOW 7 management server ................................................................62 8.4 Verification of correct message forwarding ..............................................................629 Server based message forwarding from OVOW 7.5 to OMU 8 ........................................63 9.1 Configure OVOW 7.5 source server.........................................................................63 9.2 Configure OMU 8 target server................................................................................64 9.3 Verification of forwarded messages .........................................................................6410 Message forwarding from OMU 8 to OVOW 7.5.........................................................6611 Message forwarding from OMW 8 to OMU 8..............................................................67 11.1 Verify certificates on both servers ............................................................................67 11.2 Setup certificate trust between the two servers .........................................................68 11.3 Add servers to each other’s node bank with correct ovcoreid....................................71 11.4 Add managed nodes of source server to nodebank of target server ...........................72 11.5 Setup the message forwarding template on the source server....................................74 11.6 Verify correct forwarding of messages.....................................................................75 11.7 Configure the managed nodes to accept action requests from target server ...............7612 Message forwarding from OMU 8 to OMW 8..............................................................78 12.1 Add managed nodes of source server to nodebank of target server ...........................78 12.2 Setup the message forwarding template on the source server....................................7813 Troubleshooting...........................................................................................................80 13.1 Trying to distribute a new mgrconf file from OMU 8 ...............................................80 13.2 Trying to distribute a new mgrconf file from OMU 8 (again) ...................................81 13.3 Trying to distribute mgrconf file (mixture of OVOU 7 and OMU 8) ........................82 13.4 Trying to switch primary manager to backup server on OMU 8................................83 13.5 Trying bbcutil -ping to another management server on OMU 8 ................................86 13.6 Trying opcragt from a backup server on OMU 8 ......................................................88 13.7 Trying opcragt from a OMU 8 server to a OMW 8 controlled node..........................90 13.8 Tring to forward a message from OVOU8 to OMW8...............................................9214 Defects and Workarounds ............................................................................................94_____________________________________________________________________________ Page 6
  7. 7. MoM Cookbook Version 3.01 Switching the management server from primary to backup server in OMU 8The 2 management servers in this example are (both OMU 8):server A su1 (primary)server B su2 (backup)The managed node to be switched from su1 to su2 is:hn1All 3 systems have HTTPS agents.1.1 Setup on the 2 management servers1.1.1 Export trusted certificates on server su1su1 # ovcert -exporttrusted -file /tmp/`hostname`.cert -ovrg serverINFO: Trusted certificates have been successfully exported to file /tmp/ su1.cert.su1 #1.1.2 Export trusted certificates on server su2su2 # ovcert -exporttrusted -file /tmp/`hostname`.cert -ovrg serverINFO: Trusted certificates have been successfully exported to file /tmp/ su2.cert.su2 #1.1.3 Exchange the 2 `hostname`.cert files to the other serverCopy /tmp/su1.cert to su2, and /tmp/su2.cert to su1._____________________________________________________________________________ Page 7
  8. 8. MoM Cookbook Version 3.01.1.4 Import trusted certificates from server su2 to server su1su1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+su1 # ovcert -importtrusted -file /tmp/su2.cert -ovrg serverINFO: Import operation was successful.su1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de (*) || CA_7958cdb8-5cad-7506-1d7e-dbea390a7cd8 |+---------------------------------------------------------+su1 #_____________________________________________________________________________ Page 8
  9. 9. MoM Cookbook Version 3.01.1.5 Update trusted certificates on the server su1As ovbbccb is running on the agent side of the management server, it needs to know thecertificate of server su2 as well.su1 # ovcert -updatetrustedINFO: Trusted certificate update was successful.su1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de || CA_7958cdb8-5cad-7506-1d7e-dbea390a7cd8 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de (*) || CA_7958cdb8-5cad-7506-1d7e-dbea390a7cd8 |+---------------------------------------------------------+su1 #_____________________________________________________________________________ Page 9
  10. 10. MoM Cookbook Version 3.01.1.6 Import trusted certificates from server su1 to server su2su2 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 7958cdb8-5cad-7506-1d7e-dbea390a7cd8 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7958cdb8-5cad-7506-1d7e-dbea390a7cd8 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 7958cdb8-5cad-7506-1d7e-dbea390a7cd8 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7958cdb8-5cad-7506-1d7e-dbea390a7cd8 (*) |+---------------------------------------------------------+su2 # ovcert -importtrusted -file /tmp/su1.cert -ovrg serverINFO: Import operation was successful.su2 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 7958cdb8-5cad-7506-1d7e-dbea390a7cd8 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7958cdb8-5cad-7506-1d7e-dbea390a7cd8 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 7958cdb8-5cad-7506-1d7e-dbea390a7cd8 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de || CA_7958cdb8-5cad-7506-1d7e-dbea390a7cd8 (*) |+---------------------------------------------------------+su2 #_____________________________________________________________________________ Page 10
  11. 11. MoM Cookbook Version 3.01.1.7 Update trusted certificates on the server su2As ovbbccb is running on the agent side of the management server, it needs to know thecertificate of server su1 as well.su2 # ovcert -updatetrustedINFO: Trusted certificate update was successful.su2 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 7958cdb8-5cad-7506-1d7e-dbea390a7cd8 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de || CA_7958cdb8-5cad-7506-1d7e-dbea390a7cd8 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 7958cdb8-5cad-7506-1d7e-dbea390a7cd8 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de || CA_7958cdb8-5cad-7506-1d7e-dbea390a7cd8 (*) |+---------------------------------------------------------+su2 #1.1.8 Add server su2 to node bank of server su11.1.9 Obtain OVCoreID from server su2su2 # ovcoreid -ovrg server7958cdb8-5cad-7506-1d7e-dbea390a7cd8su2 #1.1.10 Add it to the node data for su2 in server su1su1 # /opt/OV/bin/OpC/utils/opcnode -chg_id node_name=su2id=7958cdb8-5cad-7506-1d7e-dbea390a7cd8Operation successfully completed.su1 # /opt/OV/bin/OpC/utils/opcnode -list_id node_list=su2List of IDs for node(s):Name = su2 ID = 7958cdb8-5cad-7506-1d7e-dbea390a7cd8Operation successfully completed.su1 #_____________________________________________________________________________ Page 11
  12. 12. MoM Cookbook Version 3.01.2 Setup for the managed node1.2.1 Update trusted certificates on the managed node hn1hn1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || e342588e-f9f4-7508-1d48-aeedd15c855b (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de |+---------------------------------------------------------+hn1 # ovcert -updatetrustedINFO: Trusted certificate update was successful.hn1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || e342588e-f9f4-7508-1d48-aeedd15c855b (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de || CA_7958cdb8-5cad-7506-1d7e-dbea390a7cd8 |+---------------------------------------------------------+hn1 #1.2.2 Create the mgrconf fileThis has to be created on server su1 in the directory/etc/opt/OV/share/conf/OpC/mgmt_sv/respmgrs. This can be done either as allnodes (for DCEagents) or as allnodes.bbc (for HTTPS agents) or as as node specific file with the hex IP addressof the managed node (if special settings are used that dont apply for all managed nodes). In thisexample a node specific file will be used (but for no partcular reason).The file name to be used can be found using opc_ip_addr:su1 # /opt/OV/bin/OpC/install/opc_ip_addr hn1hn1 = 15.140.10.236 = f8c0aecsu1 #The file /etc/opt/OV/share/conf/OpC/mgmt_sv/respmgrs/f8c0aec then can be created with e.g.this contents:_____________________________________________________________________________ Page 12
  13. 13. MoM Cookbook Version 3.0## Responsible Manager Configurations for a backup server#RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "responsible mgrs for agents in ..." SECONDARYMANAGERS SECONDARYMANAGER NODE IP 0.0.0.0 "su1" DESCRIPTION "Managment Server su1" SECONDARYMANAGER NODE IP 0.0.0.0 "su2" DESCRIPTION "Backup Server for su1" ACTIONALLOWMANAGERS ACTIONALLOWMANAGER NODE IP 0.0.0.0 "su1" DESCRIPTION "Managment Server su1" ACTIONALLOWMANAGER NODE IP 0.0.0.0 "su2" DESCRIPTION "Backup Server for su1"1.2.3 Distribute the mgrconf fileOn the server su1:su1 # opcragt -distrib -templates hn1Node hn1:Create distribution data and inform agent...Done.su1 #Additionally to distributing the assigned templates, OMU will select and download the correctfile from the directory /etc/opt/OV/share/conf/OpC/mgmt_sv/respmgrs:First it checks for a node specific file named after the hex IP address of the node.If such a file is not present, then either the allnodes or allnodes.bbc file (depending on the typeof the managed node) is downloaded.In any case the file will be given a fixed on the managed node, see next chapter._____________________________________________________________________________ Page 13
  14. 14. MoM Cookbook Version 3.01.2.4 Verify mgrconf file on managed node hn1The mgrconf file is named differently, depending on the type of the agent.In case of a DCE agent, it will be /var/opt/OV/conf/OpC/mgrconfFor a HTTPS agent the file will be in the mgrconf directory:hn1 # cat /var/opt/OV/datafiles/policies/mgrconf/*data## Responsible Manager Configurations for a backup server#RESPMGRCONFIGS RESPMGRCONFIG DESCRIPTION "responsible mgrs for agents in ..." SECONDARYMANAGERS SECONDARYMANAGER NODE IP 0.0.0.0 "su1" ID "7681325c-c1a9-7508-0441-a54412c264de" DESCRIPTION "Managment Server su1" SECONDARYMANAGER NODE IP 0.0.0.0 "su2" ID "7958cdb8-5cad-7506-1d7e-dbea390a7cd8" DESCRIPTION "Backup Server for su1" ACTIONALLOWMANAGERS ACTIONALLOWMANAGER NODE IP 0.0.0.0 "su1" ID "7681325c-c1a9-7508-0441-a54412c264de" DESCRIPTION "Managment Server su1" ACTIONALLOWMANAGER NODE IP 0.0.0.0 "su2" ID "7958cdb8-5cad-7506-1d7e-dbea390a7cd8" DESCRIPTION "Backup Server for su1"hn1 #Note the additional ID in this file.This has been added on the mgmt sv and stored as additional file f8c0aec_data:su1 # pwd/etc/opt/OV/share/conf/OpC/mgmt_sv/respmgrssu1 # ll f8c0aec*-r--r--r-- 1 root sys 578 Jan 21 10:36 f8c0aec-rw------- 1 root sys 746 Jan 21 11:03 f8c0aec_datasu1 #1.2.5 Add node hn1 to server su2 into node bank and node group(s)_____________________________________________________________________________ Page 14
  15. 15. MoM Cookbook Version 3.01.2.6 Obtain OVCoreID of managed node hn1hn1 # ovcoreide342588e-f9f4-7508-1d48-aeedd15c855bhn1 #1.2.7 Set the id of the node hn1 in server su2su2 # /opt/OV/bin/OpC/utils/opcnode -list_id node_list=hn1List of IDs for node(s):Name = hn1 ID = NONEOperation successfully completed.su2 # /opt/OV/bin/OpC/utils/opcnode -chg_id node_name=hn1id=e342588e-f9f4-7508-1d48-aeedd15c855bOperation successfully completed.su2 # /opt/OV/bin/OpC/utils/opcnode -list_id node_list=hn1List of IDs for node(s):Name = hn1 ID = e342588e-f9f4-7508-1d48-aeedd15c855bOperation successfully completed.su2 #1.2.8 switch the primary manager to server su2su2 # opcragt -primmgr hn1Node hn1:Setting OpC primary manager...Done.su2 #1.2.9 Verify message communicationCreate a test message on the node hn1 and verify that it is displayed in the browser of the serversu2:hn1 # opcmsg a=a o=o msg_t=hello_____________________________________________________________________________ Page 15
  16. 16. MoM Cookbook Version 3.02 Message forwarding from OMU 8 to OVOU 7 server and vice versaFor the 1 st test the configuration is:Source server is su1 (OMU 8)Target server is su7 (OVOU 7)In the 2nd test later in this chapter the message forwarding is configured from su7 to su1.2.1 Add servers to each other’s node bank2.1.1 Add target server to node bank of source serverIn “Modify Node” the machine type of the newly added node (target server su7) has to be theDCE version for that OS choice, e.g. for a HP-UX 11.x PA-RISC system it has to be “HP PA-RISC” instead of “HP PA-RISC (HTTPS)”.This is clear because the target server is OVOU 7, i.e. it only knows the DCE protocol.su1 # opcnode -add_node node_name=su7 node_label=su7 net_type=NETWORK_IP mach_type=MACH_HP11_PA_RISC group_name=hp_uxNote that you have to move the newly added node in the GUI from the Holding Area to thecorrect place in the node bank.The node entry can be verified with:su1 # opcnode -list_nodes node_list=’su7’List of all Nodes in the OVO database:Name = su7Label = su7IP-Address = 16.58.24.87Network Type = NETWORK_IPMachine Type = MACH_HP11_PA_RISCComm Type = COMM_DCE_TCPDHCP enabled = no (0x22)2.1.2 Add source server to node bank of target serverIn “Modify Node” the machine type of the newly added node (source server su1) has to be theDCE version for that OS choice, e.g. for a HP-UX 11.x PA-RISC system it has to be “HP PA-RISC” instead of “HP PA-RISC (HTTPS)”.su7 # opcnode -add_node node_name=su1 > node_label=su1 net_type=NETWORK_IP > mach_type=MACH_HP11_PA_RISC group_name=hp_ux_____________________________________________________________________________ Page 16
  17. 17. MoM Cookbook Version 3.0Operation successfully completed.su7 #Verify the new node as above.2.2 Setup and test the message forwarding from OMU 8 to OVOU 7Add a suitable msgtargetrule to the msgforw template, check it with opcmomchk(1m) and placethe file into /etc/opt/OV/share/conf/OpC/mgmt_sv/respmgrs on the source server su1, e.g.: MSGTARGETRULE DESCRIPTION "to OVO7" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "OVO7" OBJECT "OVO7" MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "su7" MSGCONTROLLINGMGR MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "su1"Then restart the management server processes on su1 to activate the message forwarding:su1 # ovstop opcsu1 # ovstartOn source server su1 create a suitable message to be forwarded to the target server su7:su1 # opcmsg a=a o=OVO7 msg_t="forwarded from su1"Verify that the message is displayed in the message browser of the target server su7.2.3 Setup and test the message forwarding from OVOU 7 to OMU 8Add a suitable msgtargetrule to the msgforw template, check it with opcmomchk(1m) and placethe file into /etc/opt/OV/share/conf/OpC/mgmt_sv/respmgrs on the source server su7, e.g.: MSGTARGETRULE DESCRIPTION "to OMU8" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "OMU8" OBJECT "OMU8" MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "su7" MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS"_____________________________________________________________________________ Page 17
  18. 18. MoM Cookbook Version 3.0 OPCMGR IP 0.0.0.0 "su1" MSGCONTROLLINGMGRThen restart the management server processes on su7 to activate the message forwarding:su7 # ovstop opcsu7 # ovstartOn source server su7 create a suitable message to be forwarded to the target server su1:su7 # opcmsg a=a o=OMU8 msg_t="forwarded from su7"Verify that the message is displayed in the message browser of the target server su1.2.4 Add source servers managed nodes to target server nodebankFor each managed node whose messages shall be forwarded, add the node to the node bank ofthe target server. Be sure to use the correct mach_type, as outlined above. For the simple testdone here (message forwarding from the source mgmt sv itself) this has been done already.Please note that in each case the machine type has to be the DCE version for that OS choice,e.g. for a HP-UX 11.x PA-RISC system it has to be “HP PA-RISC” instead of “HP PA-RISC(HTTPS)”.In the case of adding OVOU 7 nodes to the OMU 8 server node bank this is clear because thesereally are DCE nodes.In the case of adding OMU 8 nodes to the OVOU 7 server node bank there is just no otherchoice.2.5 Restrictions in message forwarding between OVOU 7 and 8If a message from a HTTPS node is forwarded to a OVOU 7 server and the message has anoperator-initiated action configured, then this action cant be initiated from the OVOU 7 server.This would require a direct communication from the OVOU 7 server to the HTTPS node butOVOU 7 doesnt have HTTPS communication._____________________________________________________________________________ Page 18
  19. 19. MoM Cookbook Version 3.03 Message forwarding between two OMU 8 standalone serversIn this setup we will use the following systems:server A su1 management server with OMU 8server B su3 management server with OMU 8First a message forwarding from A to B will be configured, then the other way round.Note that the message forwarding process opcforwm will normally use the DCE protocol toforward messages to the target server. Since the A.08.21 server patch also the HTTPScommunication is possible for opcforwm but has to be enabled in a variable:# ovconfchg –ovrg server –ns opc –set OPC_HTTPS_MSG_FORWARD TRUEAlso it makes sense to set these variables:# ovconfchg –ovrg server –ns opc –set OPC_DONT_FORW_MSGKEY_ACK TRUE# ovconfchg –ovrg server –ns opc –set OPC_MOM_SEND_OP_ACK TRUE3.1 Verify certificates on both servers3.1.1 Certificates on server Asu1 # ovcoreid7681325c-c1a9-7508-0441-a54412c264desu1 # ovcoreid -ovrg server7681325c-c1a9-7508-0441-a54412c264desu1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+su1 #_____________________________________________________________________________ Page 19
  20. 20. MoM Cookbook Version 3.03.1.2 Certificates on server Bsu3 # ovcoreidae33c7ea-94b0-7525-04ef-cbab70bb7252su3 # ovcoreid -ovrg serverae33c7ea-94b0-7525-04ef-cbab70bb7252su3 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || ae33c7ea-94b0-7525-04ef-cbab70bb7252 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_ae33c7ea-94b0-7525-04ef-cbab70bb7252 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || ae33c7ea-94b0-7525-04ef-cbab70bb7252 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_ae33c7ea-94b0-7525-04ef-cbab70bb7252 (*) |+---------------------------------------------------------+su3 #3.2 Setup certificate trust between the two servers3.2.1 export trusted certificates on server Asu1 # ovcert -exporttrusted -file /tmp/`hostname`.cert -ovrg serverINFO: Trusted certificates have been successfully exported to file /tmp/ su1.cert.su1 #3.2.2 export trusted certificates on server Bsu3 # ovcert -exporttrusted -file /tmp/`hostname`.cert -ovrg serverINFO: Trusted certificates have been successfully exported to file /tmp/ su3.cert.su3 #3.2.3 Exchange the 2 `hostname`.cert files to the other serverCopy /tmp/su1.cert to su3, and /tmp/su3.cert to su1._____________________________________________________________________________ Page 20
  21. 21. MoM Cookbook Version 3.03.2.4 Import trusted certificates from server B to server Asu1 # ovcert -importtrusted -file /tmp/su3.cert -ovrg serverINFO: Import operation was successful.su1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de (*) || CA_ae33c7ea-94b0-7525-04ef-cbab70bb7252 |+---------------------------------------------------------+su1 #3.2.5 Update trusted certificates in server Asu1 # ovcert -updatetrustedINFO: Trusted certificate update was successful.su1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de || CA_ae33c7ea-94b0-7525-04ef-cbab70bb7252 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de (*) || CA_ae33c7ea-94b0-7525-04ef-cbab70bb7252 |+---------------------------------------------------------+su1 #_____________________________________________________________________________ Page 21
  22. 22. MoM Cookbook Version 3.03.2.6 Import trusted certificates from server A to server Bsu3 # ovcert -importtrusted -file /tmp/su1.cert -ovrg serverINFO: Import operation was successful.su3 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || ae33c7ea-94b0-7525-04ef-cbab70bb7252 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_ae33c7ea-94b0-7525-04ef-cbab70bb7252 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || ae33c7ea-94b0-7525-04ef-cbab70bb7252 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de || CA_ae33c7ea-94b0-7525-04ef-cbab70bb7252 (*) |+---------------------------------------------------------+su3 #3.2.7 Update trusted certificates in server Bsu3 # ovcert -updatetrustedINFO: Trusted certificate update was successful.su3 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || ae33c7ea-94b0-7525-04ef-cbab70bb7252 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de || CA_ae33c7ea-94b0-7525-04ef-cbab70bb7252 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || ae33c7ea-94b0-7525-04ef-cbab70bb7252 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de || CA_ae33c7ea-94b0-7525-04ef-cbab70bb7252 (*) |+---------------------------------------------------------+su3 #_____________________________________________________________________________ Page 22
  23. 23. MoM Cookbook Version 3.03.3 Add servers to each other’s node bank with correct ovcoreid3.3.1 Add server B to node bank of server Asu1 # /opt/OV/bin/OpC/utils/opcnode -add_node node_name=su3 > node_label=su3 > net_type=NETWORK_IP mach_type=MACH_BBC_HPUX_PA_RISC group_name=hp_uxOperation successfully completed.su1 #Be sure to use the HTTPS version of mach_type (MACH_BBC_*) for the corresponding OSplatform and move the node from the holding area to the correct node layout hierarchyafterwards.3.3.2 Add Bs ovcoreid to the node data for server B in server Asu1 # /opt/OV/bin/OpC/utils/opcnode -chg_id node_name=su3 > id=ae33c7ea-94b0-7525-04ef-cbab70bb7252Operation successfully completed.su1 # /opt/OV/bin/OpC/utils/opcnode -list_id node_list=su3List of IDs for node(s):Name = su3 ID = ae33c7ea-94b0-7525-04ef-cbab70bb7252Operation successfully completed.su1 #3.3.3 Add server A to node bank of server Bsu3 # /opt/OV/bin/OpC/utils/opcnode -add_node node_name=su1 > node_label=su1 > net_type=NETWORK_IP mach_type=MACH_BBC_HPUX_PA_RISC group_name=hp_uxOperation successfully completed.su3 #Be sure to use the HTTPS version of mach_type (MACH_BBC_*) for the corresponding OSplatform and move the node from the holding area to the correct node layout hierarchyafterwards.3.3.4 Add As ovcoreid to the node data for server A in server Bsu3 # /opt/OV/bin/OpC/utils/opcnode -chg_id node_name=su1 > id=7681325c-c1a9-7508-0441-a54412c264deOperation successfully completed.su3 # /opt/OV/bin/OpC/utils/opcnode -list_id node_list=su1List of IDs for node(s):Name = su1 ID = 7681325c-c1a9-7508-0441-a54412c264deOperation successfully completed.su3 #_____________________________________________________________________________ Page 23
  24. 24. MoM Cookbook Version 3.03.4 Setup the message forwarding template on server AAdd a suitable msgtargetrule to the msgforw template, check it with opcmomchk(1m) and placethe file into /etc/opt/OV/share/conf/OpC/mgmt_sv/respmgrs on the source server su1, e.g.: MSGTARGETRULE DESCRIPTION "to su3" MSGTARGETRULECONDS MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "su3" MSGCONTROLLINGMGR MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "su1" MSGCONTROLLINGMGRThen restart the management server processes on su1 to activate the message forwarding:su1 # ovstop opcsu1 # ovstart3.5 Add managed nodes of server A to nodebank of server BFor each managed node whose messages shall be forwarded, add the node to the node bank. Besure to use the correct mach_type and also set the correct ovcoreid, as outlined above. For thesimple test below (message forwarding from server A) this is not necessary. In general,however, it is desired to have all managed nodes in each others nodebank. This can easiest beachieved with opccfgdwn -backup, followed by opcmgrdist on server A and opccfgupld onserver B.3.6 Test the message forwarding from server A to server BOn source server su1 create a suitable message to be forwarded to the target server c1v:su1 # opcmsg a=a o=o msg_t="forwarded from su1"Verify that the message is displayed in the message browser of the target server c1v.3.7 Add managed nodes of server B to nodebank of server AThis is only necessary if server B has managed nodes of its own. It is not necessary if server Bis used as backup server for A._____________________________________________________________________________ Page 24
  25. 25. MoM Cookbook Version 3.03.8 Setup the message forwarding template on server BAdd a suitable msgtargetrule to the msgforw template, check it with opcmomchk(1m) and placethe file into /etc/opt/OV/share/conf/OpC/mgmt_sv/respmgrs on the source server c1v, e.g.: MSGTARGETRULE DESCRIPTION "to su1" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "su1" OBJECT "su1" MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "su3" MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "su1" MSGCONTROLLINGMGRThen restart the management server processes on su3 to activate the message forwarding:su3 # ovstop opcsu3 # ovstart3.9 Test the message forwarding from server B to server Asu3 # opcmsg a=a o=su1 msg_t="forwarded from su3"Verify that the message is displayed in the message browser of the target server su1.3.10Configure managed nodes for switching primary managerUsually the concepts of message forwarding and switching primary manager are combined, i.e.it is desired to switch the controlling manager of the managed nodes to the target manager of theforwarded messages, or at least to allow operator-initiated actions from that target manager.For this the certificate trust of the target manager has to be extended to the managed nodes, andsuitable mgrconf templates have to be setup / distributed. See chapter 1 for an example of howto do this._____________________________________________________________________________ Page 25
  26. 26. MoM Cookbook Version 3.04 Message forwarding between OMU 8 standalone and OMU 8 clusterIn this setup we will use the following systems:server A su1 management server with OMU 8server B c1v virtual node of cluster 1; management server with OMU 8 c1n1 physical cluster node 1 of cluster 1 with OMU 8 agent (HTTPS) c1n2 physical cluster node 2 of cluster 1 with OMU 8 agent (HTTPS)First a message forwarding from A to B will be configured, then the other way round.Note that the message forwarding process opcforwm will normally use the DCE protocol toforward messages to the target server. Since the A.08.21 server patch also the HTTPScommunication is possible for opcforwm but has to be enabled in a variable:ovconfchg –ovrg server –ns opc –set OPC_HTTPS_MSG_FORWARD TRUE4.1 Verify certificates on both servers4.1.1 Certificates on server Asu1 # ovcoreid7681325c-c1a9-7508-0441-a54412c264desu1 # ovcoreid -ovrg server7681325c-c1a9-7508-0441-a54412c264desu1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+su1 #Note that ovcoreid and ovcoreid -ovrg server have the same output on a standalone server._____________________________________________________________________________ Page 26
  27. 27. MoM Cookbook Version 3.04.1.2 Certificates on server B cluster node 1c1n1 # ovcoreidf7996602-d96c-750a-19f1-972b895012fcc1n1 # ovcoreid -ovrg serverf7996602-d96c-750a-19f1-972b895012fcc1n1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || f7996602-d96c-750a-19f1-972b895012fc (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_659b2fa0-d93b-750a-0aab-b285232fc049 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: |+---------------------------------------------------------+| Trusted Certificates: |+---------------------------------------------------------+c1n1 #This is the cluster node currently NOT running the ov-server package. Therefore ovcoreid andovcoreid -ovrg server have the same output, and the keystore of the server is empty.4.1.3 Certificates on server B cluster node 2, currently running ov-serverc1n2 # ovcoreid681b477e-3def-750b-02a3-d3cdd199a983c1n2 # ovcoreid -ovrg server659b2fa0-d93b-750a-0aab-b285232fc049c1n2 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 681b477e-3def-750b-02a3-d3cdd199a983 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_659b2fa0-d93b-750a-0aab-b285232fc049 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 659b2fa0-d93b-750a-0aab-b285232fc049 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_659b2fa0-d93b-750a-0aab-b285232fc049 (*) |+---------------------------------------------------------+_____________________________________________________________________________ Page 27
  28. 28. MoM Cookbook Version 3.0c1n2 #This is the cluster node currently running the ov-server package. Note the different ovcoreidoutputs for the physical and the virtual cluster node, and the keystore of the server.4.2 Setup certificate trust between the two servers4.2.1 export trusted certificates on server Asu1 # ovcert -exporttrusted -file /tmp/`hostname`.cert -ovrg serverINFO: Trusted certificates have been successfully exported to file /tmp/ su1.cert.su1 #4.2.2 export trusted certificates on server Bc1n2 # ovcert -exporttrusted -file /tmp/`hostname`.cert -ovrg serverINFO: Trusted certificates have been successfully exported to file /tmp/ c1n2.cert.c1n2 #4.2.3 Exchange the 2 `hostname`.cert files to the other serverCopy /tmp/su1.cert to c1n2, and /tmp/c1n2.cert to su1._____________________________________________________________________________ Page 28
  29. 29. MoM Cookbook Version 3.04.2.4 Import trusted certificates from server B to server Asu1 # ovcert -importtrusted -file /tmp/c1n2.cert -ovrg serverINFO: Import operation was successful.su1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_7681325c-c1a9-7508-0441-a54412c264de |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_659b2fa0-d93b-750a-0aab-b285232fc049 || CA_7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+su1 #4.2.5 Update trusted certificates in server Asu1 # ovcert -updatetrustedINFO: Trusted certificate update was successful.su1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_659b2fa0-d93b-750a-0aab-b285232fc049 || CA_7681325c-c1a9-7508-0441-a54412c264de |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_659b2fa0-d93b-750a-0aab-b285232fc049 || CA_7681325c-c1a9-7508-0441-a54412c264de (*) |+---------------------------------------------------------+su1 #_____________________________________________________________________________ Page 29
  30. 30. MoM Cookbook Version 3.04.2.6 Import trusted certificates from server A to server Bc1n2 # ovcert -importtrusted -file /tmp/su1.cert -ovrg serverINFO: Import operation was successful.c1n2 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 681b477e-3def-750b-02a3-d3cdd199a983 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_659b2fa0-d93b-750a-0aab-b285232fc049 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 659b2fa0-d93b-750a-0aab-b285232fc049 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_659b2fa0-d93b-750a-0aab-b285232fc049 (*) || CA_7681325c-c1a9-7508-0441-a54412c264de |+---------------------------------------------------------+c1n2 #4.2.7 Update trusted certificates in server B cluster node 1c1n1 # ovcert -updatetrustedINFO: Trusted certificate update was successful.c1n1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || f7996602-d96c-750a-19f1-972b895012fc (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_659b2fa0-d93b-750a-0aab-b285232fc049 || CA_7681325c-c1a9-7508-0441-a54412c264de |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: |+---------------------------------------------------------+| Trusted Certificates: |+---------------------------------------------------------+c1n1 #_____________________________________________________________________________ Page 30
  31. 31. MoM Cookbook Version 3.04.2.8 Update trusted certificates in server B cluster node 2c1n2 # ovcert -updatetrustedINFO: Trusted certificate update was successful.c1n2 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || f7996602-d96c-750a-19f1-972b895012fc (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_659b2fa0-d93b-750a-0aab-b285232fc049 || CA_7681325c-c1a9-7508-0441-a54412c264de |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 659b2fa0-d93b-750a-0aab-b285232fc049 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_659b2fa0-d93b-750a-0aab-b285232fc049 (*) || CA_7681325c-c1a9-7508-0441-a54412c264de |+---------------------------------------------------------+c1n2 #4.3 Add servers to each other’s node bank with correct ovcoreid4.3.1 Add server B to node bank of server Asu1 # opcnode -add_node node_name=c1v > node_label=c1v-ov-server > net_type=NETWORK_IP mach_type=MACH_BBC_HPUX_PA_RISC group_name=hp_uxOperation successfully completed.su1 #Be sure to use the HTTPS version of mach_type (MACH_BBC_*) for the corresponding OSplatform and move the node from the holding area to the correct node layout hierarchyafterwards.4.3.2 Add Bs ovcoreid to the node data for server B in server Asu1 # /opt/OV/bin/OpC/utils/opcnode -chg_id node_name=c1v > id=659b2fa0-d93b-750a-0aab-b285232fc049Operation successfully completed.su1 # /opt/OV/bin/OpC/utils/opcnode -list_id node_list=c1vList of IDs for node(s):Name = c1v ID = 659b2fa0-d93b-750a-0aab-b285232fc049Operation successfully completed.su1 #_____________________________________________________________________________ Page 31
  32. 32. MoM Cookbook Version 3.04.3.3 Add server A to node bank of server Bc1n2 # /opt/OV/bin/OpC/utils/opcnode -add_node node_name=su1 > node_label=su1 > net_type=NETWORK_IP mach_type=MACH_BBC_HPUX_PA_RISC group_name=hp_uxOperation successfully completed.c1n2 #Be sure to use the HTTPS version of mach_type (MACH_BBC_*) for the corresponding OSplatform and move the node from the holding area to the correct node layout hierarchyafterwards._____________________________________________________________________________ Page 32
  33. 33. MoM Cookbook Version 3.04.3.4 Add As ovcoreid to the node data for server A in server Bc1n2 # /opt/OV/bin/OpC/utils/opcnode -chg_id node_name=su1 > id=7681325c-c1a9-7508-0441-a54412c264deOperation successfully completed.c1n2 # /opt/OV/bin/OpC/utils/opcnode -list_id node_list=su1List of IDs for node(s):Name = su1 ID = 7681325c-c1a9-7508-0441-a54412c264deOperation successfully completed.c1n2 #4.4 Setup the message forwarding template on server AAdd a suitable msgtargetrule to the msgforw template, check it with opcmomchk(1m) and placethe file into /etc/opt/OV/share/conf/OpC/mgmt_sv/respmgrs on the source server su1, e.g.: MSGTARGETRULE DESCRIPTION "to c1v-ov-server" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "c1v-ov-server" OBJECT "c1v-ov-server" MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "c1v" MSGCONTROLLINGMGR MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "su1"Then restart the management server processes on su1 to activate the message forwarding:su1 # ovstop opcsu1 # ovstart4.5 Add managed nodes of server A to nodebank of server BFor each managed node whose messages shall be forwarded, add the node to the node bank. Besure to use the correct mach_type and also set the correct ovcoreid, as outlined above. For thesimple test below (message forwarding from server A) this is not necessary. In general,however, it is desired to have all managed nodes in each others nodebank. This can easiest beachieved with opccfgdwn -backup, followed by opcmgrdist on server A and opccfgupld onserver B.4.6 Test the message forwarding from server A to server BOn source server su1 create a suitable message to be forwarded to the target server c1v:su1 # opcmsg a=a o=c1v-ov-server msg_t="forwarded from su1"_____________________________________________________________________________ Page 33
  34. 34. MoM Cookbook Version 3.0Verify that the message is displayed in the message browser of the target server c1v.4.7 Add managed nodes of server B to nodebank of server AAs server B is a virtual cluster node but the messages are generated e.g. on the physical clusternodes, at least those physical nodes have to be made known to server A. For the simple testbelow (forwarding messages from physical node where the server is currently running) it issufficient to add just that one physical node.4.7.1 Add cluster node 2 to node bank of server Asu1 # opcnode -add_node node_name=c1n2 > node_label=c1n2 > net_type=NETWORK_IP mach_type=MACH_BBC_HPUX_PA_RISC group_name=hp_uxOperation successfully completed.su1 #Be sure to use the HTTPS version of mach_type (MACH_BBC_*) for the corresponding OSplatform and move the node from the holding area to the correct node layout hierarchyafterwards.4.7.2 Add ovcoreid to the node data for cluster node 2 in server Asu1 # /opt/OV/bin/OpC/utils/opcnode -chg_id node_name=c1n2 > id=681b477e-3def-750b-02a3-d3cdd199a983Operation successfully completed.su1 # /opt/OV/bin/OpC/utils/opcnode -list_id node_list=c1n2List of IDs for node(s):Name = c1n2 ID = 681b477e-3def-750b-02a3-d3cdd199a983Operation successfully completed.su1 #_____________________________________________________________________________ Page 34
  35. 35. MoM Cookbook Version 3.04.8 Setup the message forwarding template on server BAdd a suitable msgtargetrule to the msgforw template, check it with opcmomchk(1m) and placethe file into /etc/opt/OV/share/conf/OpC/mgmt_sv/respmgrs on the source server c1v, e.g.: MSGTARGETRULE DESCRIPTION "to su1" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "su1" OBJECT "su1" MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "c1v" MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "su1" MSGCONTROLLINGMGRThen restart the management server processes on c1v to activate the message forwarding. Notethat this is a cluster, so normally this would fail over the HA package, unless the cluster servivemonitoring isnt stopped in before:c1n2 # /opt/OV/lbin/ovharg -monitor ov-server disablec1n2 # opcsv -startc1n2 # /opt/OV/lbin/ovharg -monitor ov-server enable4.9 Test the message forwarding from server B to server Ac1n2 # opcmsg a=a o=su1 msg_t="forwarded from c1v"Verify that the message is displayed in the message browser of the target server su1.4.10Configure managed nodes for switching primary managerUsually the concepts of message forwarding and switching primary manager are combined, i.e.it is desired to switch the controlling manager of the managed nodes to the target manager of theforwarded messages, or at least to allow operator-initiated actions from that target manager.For this the certificate trust of the target manager has to be extended to the managed nodes, andsuitable mgrconf templates have to be setup / distributed. See chapter 1 for an example of howto do this._____________________________________________________________________________ Page 35
  36. 36. MoM Cookbook Version 3.05 Message forwarding between two OMU 8 clustersIn this chapter we will use the following systems:server A c1v virtual node of cluster 1; management server with OMU 8 c1n1 physical cluster node 1 of cluster 1 with OMU 8 agent (HTTPS) c1n2 physical cluster node 2 of cluster 1 with OMU 8 agent (HTTPS)server B c2v virtual node of cluster 2; management server with OMU 8 c2n1 physical cluster node 1 of cluster 2 with OMU 8 agent (HTTPS) c2n2 physical cluster node 2 of cluster 2 with OMU 8 agent (HTTPS)First a message forwarding from A to B will be configured, then the other way round.5.1 Verifying certificatesPlease note that in an actual configuration there may be certificate trusts from other serversconfigured already. These are not relevant for the current task, and for clarity not shown here.5.1.1 Certificates on server Ac1n1 # ovcoreidf7996602-d96c-750a-19f1-972b895012fcc1n1 # ovcoreid -ovrg serverf7996602-d96c-750a-19f1-972b895012fcc1n1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || f7996602-d96c-750a-19f1-972b895012fc (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_659b2fa0-d93b-750a-0aab-b285232fc049 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: |+---------------------------------------------------------+| Trusted Certificates: |+---------------------------------------------------------+c1n1 #So c1n1 is the inactive node. Note that the output of ovcoreid and ovcoreid -ovrg server is thesame because the server data is currently not available._____________________________________________________________________________ Page 36
  37. 37. MoM Cookbook Version 3.0c1n2 # ovcoreid681b477e-3def-750b-02a3-d3cdd199a983c1n2 # ovcoreid -ovrg server659b2fa0-d93b-750a-0aab-b285232fc049c1n2 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 681b477e-3def-750b-02a3-d3cdd199a983 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_659b2fa0-d93b-750a-0aab-b285232fc049 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 659b2fa0-d93b-750a-0aab-b285232fc049 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_659b2fa0-d93b-750a-0aab-b285232fc049 (*) |+---------------------------------------------------------+c1n2 #So c1n2 is the active node._____________________________________________________________________________ Page 37
  38. 38. MoM Cookbook Version 3.05.1.2 Certificates on server Bc2n1 # ovcoreid3f22e490-d54b-7507-0012-8b15c6ae224dc2n1 # ovcoreid -ovrg server3f22e490-d54b-7507-0012-8b15c6ae224dc2n1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 3f22e490-d54b-7507-0012-8b15c6ae224d (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_260a0712-d533-7507-1c68-e5d0d06b2196 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: |+---------------------------------------------------------+| Trusted Certificates: |+---------------------------------------------------------+c2n1 #So c2n1 is the inactive node. Note that the output of ovcoreid and ovcoreid -ovrg server is thesame because the server data is currently not available._____________________________________________________________________________ Page 38
  39. 39. MoM Cookbook Version 3.0c2n2 # ovcoreidaba6d168-d58b-7507-1477-cb518338c12fc2n2 # ovcoreid -ovrg server260a0712-d533-7507-1c68-e5d0d06b2196c2n2 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || aba6d168-d58b-7507-1477-cb518338c12f (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_260a0712-d533-7507-1c68-e5d0d06b2196 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 260a0712-d533-7507-1c68-e5d0d06b2196 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_260a0712-d533-7507-1c68-e5d0d06b2196 (*) |+---------------------------------------------------------+c2n2 #So c2n2 is the active node._____________________________________________________________________________ Page 39
  40. 40. MoM Cookbook Version 3.05.2 Setup certificate trust between the two serversExport trusted certificates on both servers, exchange the 2 files and import them to the otherservers, then update the trusted certificates on the agent side:Server A:c1n2 # ovcert -exporttrusted -file /tmp/`hostname`.cert -ovrg serverINFO: Trusted certificates have been successfully exported to file /tmp/ c1n2.cert.c1n2 #Server B:c2n1 # ovcert -exporttrusted -file /tmp/`hostname`.cert -ovrg serverINFO: Trusted certificates have been successfully exported to file /tmp/ c2n1.cert.c2n1 #Server A:c1n2 # ovcert -importtrusted -file /tmp/c2n1.cert -ovrg serverINFO: Import operation was successful.c1n2 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 681b477e-3def-750b-02a3-d3cdd199a983 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_659b2fa0-d93b-750a-0aab-b285232fc049 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 659b2fa0-d93b-750a-0aab-b285232fc049 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_260a0712-d533-7507-1c68-e5d0d06b2196 || CA_659b2fa0-d93b-750a-0aab-b285232fc049 (*) |+---------------------------------------------------------+c1n2 # ovcert -updatetrustedINFO: Trusted certificate update was successful.c1n2 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || 681b477e-3def-750b-02a3-d3cdd199a983 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_260a0712-d533-7507-1c68-e5d0d06b2196 || CA_659b2fa0-d93b-750a-0aab-b285232fc049 |_____________________________________________________________________________ Page 40
  41. 41. MoM Cookbook Version 3.0+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 659b2fa0-d93b-750a-0aab-b285232fc049 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_260a0712-d533-7507-1c68-e5d0d06b2196 || CA_659b2fa0-d93b-750a-0aab-b285232fc049 (*) |+---------------------------------------------------------+c1n2 #Repeat the ovcert -updatetrusted on the other cluster node which is currently not running theov-server package.Server B:c2n1 # ovcert -importtrusted -file /tmp/c1n2.cert -ovrg serverINFO: Import operation was successful.c2n1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || aba6d168-d58b-7507-1477-cb518338c12f (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_260a0712-d533-7507-1c68-e5d0d06b2196 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |+---------------------------------------------------------+| Certificates: || 260a0712-d533-7507-1c68-e5d0d06b2196 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_260a0712-d533-7507-1c68-e5d0d06b2196 (*) || CA_659b2fa0-d93b-750a-0aab-b285232fc049 |+---------------------------------------------------------+c2n1 # ovcert -updatetrustedINFO: Trusted certificate update was successful.c2n1 # ovcert -list+---------------------------------------------------------+| Keystore Content |+---------------------------------------------------------+| Certificates: || aba6d168-d58b-7507-1477-cb518338c12f (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_260a0712-d533-7507-1c68-e5d0d06b2196 || CA_659b2fa0-d93b-750a-0aab-b285232fc049 |+---------------------------------------------------------++---------------------------------------------------------+| Keystore Content (OVRG: server) |_____________________________________________________________________________ Page 41
  42. 42. MoM Cookbook Version 3.0+---------------------------------------------------------+| Certificates: || 260a0712-d533-7507-1c68-e5d0d06b2196 (*) |+---------------------------------------------------------+| Trusted Certificates: || CA_260a0712-d533-7507-1c68-e5d0d06b2196 (*) || CA_659b2fa0-d93b-750a-0aab-b285232fc049 |+---------------------------------------------------------+c2n1 #Repeat the ovcert -updatetrusted on the other cluster node which is currently not running theov-server package._____________________________________________________________________________ Page 42
  43. 43. MoM Cookbook Version 3.05.3 Add servers to each others nodebank with correct ovcoreidNormally it is desired to have all managed nodes in each others nodebank. This can easiest beachieved with opccfgdwn -backup, followed by opcmgrdist on server A and opccfgupld onserver B. For the purpose of testing here only the bare minimum nodes (i.e. the physical andvirtual cluster nodes) are added manually via opcnode. Also the virtual node is defined as suchopcnode -set_virtual although that is not necessary for the purpose of message forwarding.Server A:c1n2 # /opt/OV/bin/OpC/utils/opcnode -add_node node_name=c2n1 > node_label=c2n1 > net_type=NETWORK_IP mach_type=MACH_BBC_HPUX_PA_RISC group_name=hp_uxOperation successfully completed.c1n2 # /opt/OV/bin/OpC/utils/opcnode -add_node node_name=c2n2 > node_label=c2n2 > net_type=NETWORK_IP mach_type=MACH_BBC_HPUX_PA_RISC group_name=hp_uxOperation successfully completed.c1n2 # /opt/OV/bin/OpC/utils/opcnode -add_node node_name=c2v > node_label=c2v-ovserver > net_type=NETWORK_IP mach_type=MACH_BBC_HPUX_PA_RISC group_name=hp_uxOperation successfully completed.c1n2 # /opt/OV/bin/OpC/utils/opcnode -chg_id node_name=c2n1 > id=3f22e490-d54b-7507-0012-8b15c6ae224dOperation successfully completed.c1n2 # /opt/OV/bin/OpC/utils/opcnode -chg_id node_name=c2n2 > id=aba6d168-d58b-7507-1477-cb518338c12fOperation successfully completed.c1n2 # /opt/OV/bin/OpC/utils/opcnode -chg_id node_name=c2v > id=260a0712-d533-7507-1c68-e5d0d06b2196Operation successfully completed.c1n2 # /opt/OV/bin/OpC/utils/opcnode -list_id > node_list=c2n1 c2n2 c2vList of IDs for node(s):Name = c2n1 ID = 3f22e490-d54b-7507-0012-8b15c6ae224dName = c2n2 ID = aba6d168-d58b-7507-1477-cb518338c12fName = c2v ID = 260a0712-d533-7507-1c68-e5d0d06b2196Operation successfully completed.c1n2 # /opt/OV/bin/OpC/utils/opcnode -set_virtual node_name=c2v > cluster_package=ov-server > node_list=c2n1 c2n2Operation successfully completed.c1n2 #_____________________________________________________________________________ Page 43
  44. 44. MoM Cookbook Version 3.0Server B:c2n1 # /opt/OV/bin/OpC/utils/opcnode -add_node node_name=c1n1 [2>] node_label=c1n1 [2>] net_type=NETWORK_IP mach_type=MACH_BBC_HPUX_PA_RISC group_name=hp_uxOperation successfully completed.c2n1 # /opt/OV/bin/OpC/utils/opcnode -add_node node_name=c1n2 [2>] node_label=c1n2 [2>] net_type=NETWORK_IP mach_type=MACH_BBC_HPUX_PA_RISC group_name=hp_uxOperation successfully completed.c2n1 # /opt/OV/bin/OpC/utils/opcnode -add_node node_name=c1v [2>] node_label=c1v-ov-server [2>] net_type=NETWORK_IP mach_type=MACH_BBC_HPUX_PA_RISC group_name=hp_uxOperation successfully completed.c2n1 # /opt/OV/bin/OpC/utils/opcnode -chg_id node_name=c1n1 [2>] id=f7996602-d96c-750a-19f1-972b895012fcOperation successfully completed.c2n1 # /opt/OV/bin/OpC/utils/opcnode -chg_id node_name=c1n2 [2>] id=681b477e-3def-750b-02a3-d3cdd199a983Operation successfully completed.c2n1 # /opt/OV/bin/OpC/utils/opcnode -chg_id node_name=c1v [2>] id=659b2fa0-d93b-750a-0aab-b285232fc049Operation successfully completed.c2n1 # /opt/OV/bin/OpC/utils/opcnode -list_id [2>] node_list=c1n1 c1n2 c1vList of IDs for node(s):Name = c1n1 ID = f7996602-d96c-750a-19f1-972b895012fcName = c1n2 ID = 681b477e-3def-750b-02a3-d3cdd199a983Name = c1v ID = 659b2fa0-d93b-750a-0aab-b285232fc049Operation successfully completed.c2n1 # opcnode -set_virtual node_name=c1v cluster_package=ov-servernode_list=c1n1 c1n2Operation successfully completed.c2n1 #5.4 Setup message forwarding template and test forwardingAdd a suitable msgtargetrule to the msgforw template, check it with opcmomchk(1m) and placethe file into /etc/opt/OV/share/conf/OpC/mgmt_sv/respmgrs on the source server A, e.g.: MSGTARGETRULE DESCRIPTION "to c2v" MSGTARGETRULECONDS MSGTARGETRULECOND DESCRIPTION "c2v" OBJECT "c2v" MSGTARGETMANAGERS MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "c1v" MSGTARGETMANAGER TIMETEMPLATE "$OPC_ALWAYS" OPCMGR IP 0.0.0.0 "c2v" MSGCONTROLLINGMGR_____________________________________________________________________________ Page 44
  45. 45. MoM Cookbook Version 3.0Then restart the management server processes on server A to activate the message forwarding.Note that this is a cluster, so normally this would fail over the HA package, unless the clusterservive monitoring isnt stopped in before:c1n2 # /opt/OV/lbin/ovharg -monitor ov-server disablec1n2 # opcsv -startc1n2 # /opt/OV/lbin/ovharg -monitor ov-server enableSend a message and verify that it is displayed in the message browser of the target server:c1n2 # opcmsg a=a o=c2v msg_t="forwarded from c1v"5.5 Configure managed nodes for switching primary managerUsually the concepts of message forwarding and switching primary manager are combined, i.e.it is desired to switch the controlling manager of the managed nodes to the target manager of theforwarded messages, or at least to allow operator-initiated actions from that target manager.For this the certificate trust of the target manager has to be extended to the managed nodes, andsuitable mgrconf templates have to be setup / distributed. See chapter 1 for an example of howto do this._____________________________________________________________________________ Page 45

×