Public And Private Keys; Testing The Perl Wrapper Script - Novell BUSINESS CONTINUITY CLUSTERING 1.2.1 - ADMINISTRATION Administration Manual

E.3.2 Public and Private Keys
The BCC load and unload scripts always run on the node that is hosting the Novell Cluster Services
master resource (that is, the Master_IP_Address_Resource). This resource can be hosted on any
node in the Novell Cluster Services cluster, which means the BCC load and unload scripts can also
be executed on any node in the cluster.
The Perl wrapper script for nsupdate utility needs access to both the private and public keys created
in Section E.2.1, "Creating the TSIG Keys for DNS Server Authentication," on page
nsupdate utility really needs access only to the private key. However, for historical reasons the
public key must be in the same location as the private key. The files that contain the keys must be
available on all nodes in the cluster. This can be accomplished in either of the following ways:
Copy to the same location on each node in the cluster. Although this is simple and relatively
quick to do initially, it is a maintenance nightmare. If the keys ever change, they must be copied
to all nodes in the cluster. Failure to copy the keys to all nodes in the cluster creates the
potential for failure in the dynamic DNS update process. You must also remember to copy the
keys to any nodes you add to the cluster at a later date.
Create a cluster resource that contains the keys. Create a shared volume using any standard
journaled Linux POSIX file system such as Ext3. Configure the cluster resource with the
Resource Follows Master setting enabled on the Policies > Resource Behavior area on the
Cluster Resource Properties page. This setting forces the given resource to always be hosted by
the same node that is hosting the Novell Cluster Services master resource. The keys can then be
copied to the file system hosted by this resource, which makes them available to the same node
that is hosting the Novell Cluster Services master resource, and to the BCC load and unload
scripts. This option takes a bit more configuration time, but results in easier maintenance. If the
keys change, they only need to be copied to the file system hosted by this resource. In addition,
if a node is added to the cluster, the new node automatically has access to the keys if it ever
becomes the Novell Cluster Services master.
1 Create a 10 MB shared volume with the Ext3 file system mounted at
For example, name the resource
Follows Master enabled.
For information about creating a shared Linux POSIX file system, see
Resources for Shared Linux POSIX
for Linux Administration
2 Create the
3 Copy the public and private key files to the directory.
4 Make sure the Linux POSIX permissions are set so that the
access.
E.3.3 Testing the Perl Wrapper Script
The dynamic DNS script cannot be compiled directly by a Perl interpreter because it does not
recognize the BCC variables on lines 62–66 of the script. It is a simple matter to manually test the
dynamic DNS script by manually and temporarily replacing the variables with values.
1 Copy the script to the local file system on the Novell Cluster services master node (such as
tmp/bcc_dyn_dns.p
164 BCC 1.2.1: Administration Guide for OES 2 SP2 Linux
bcc-master
Guide.
/mnt/bcc-master/dyndns/keys
l).
. Make sure it is configured with the Resource
Volumes" in the OES 2 SP2: Novell Cluster Services 1.8.7
directory on the shared volume.
root
154. The
.
/mnt/bcc-master
"Configuring Cluster
user is the only user who has
/