Example: Configuring connection management for untrusted networks
This example shows steps that are required to configure connection management for an untrusted network.
About this task
For this example, you have a high-availability cluster
on an untrusted network. All hosts use UNIX™ operating
systems. The cluster consists of four servers:
- A primary server (server_1)
- A shared-disk secondary server (server_2)
- An HDR secondary server (server_3)
- An RS secondary server (server_4)
Procedure
To configure connection management:
- Install at least two network interface cards on each host.
- Install at least two Connection Managers. Install each Connection Manager onto a different host, and do not install the Connection Managers onto the hosts that database servers are installed on.
- On each host Connection Manager host, set the ONEDB_HOME environment
to the directory the Connection Manager was installed into.
Run the following command:
setenv ONEDB_HOME path
- Create a configuration file in each Connection Manager
installation's $ONEDB_HOME/etc directory.
The first Connection Manager's configuration file is named cm_1.cfg and has the following entries:
NAME connection_manger_1 LOG 1 LOGFILE $ONEDB_HOME/tmp/my_cm1_log.log LOCAL_IP 192.0.2.0,192.0.2.1 CLUSTER cluster_1 { ONEDB_SERVER cluster_1 SLA oltp_1 DBSERVERS=primary SLA payroll_1 DBSERVERS=(PRI,HDR) \ POLICY=WORKLOAD SLA report_1 DBSERVERS=(SDS,HDR,RSS) \ POLICY=WORKLOAD FOC ORDER=ENABLED \ PRIORITY=1 CMALARMPROGRAM $ONEDB_HOME/etc/CMALARMPROGRAM.sh }
The second Connection Manager's configuration file is named cm_2.cfg and has the following entries:NAME connection_manger_2 LOG 1 LOGFILE $ONEDB_HOME/tmp/my_cm2_log.log LOCAL_IP 192.0.2.2,192.0.2.3 CLUSTER cluster_1 { ONEDB_SERVER cluster_1 SLA oltp_2 DBSERVERS=primary SLA payroll_2 DBSERVERS=(PRI,HDR)\ POLICY=WORKLOAD SLA report_2 DBSERVERS=(SDS,HDR,RSS) \ POLICY=WORKLOAD FOC ORDER=ENABLED \ PRIORITY=2 CMALARMPROGRAM $ONEDB_HOME/etc/CMALARMPROGRAM.sh }
- Set the onconfig file DRAUTO configuration
parameter on all database servers to
3
, to specify that Connection Managers control failover arbitration.DRAUTO 3
- Set the onconfig file HA_FOC_ORDER
configuration parameter on server_1 to
SDS,HDR,RSS
HA_FOC_ORDER SDS,HDR,RSS
- Optional: Configure the cmalarmprogram script on each Connection Manager host.
- Add entries to thesqlhosts files on server_1 and server_2's
host, server_3's host, and server_4's host.
#dbservername nettype hostname servicename options server_1 onsoctcp host_1 port_1 s=6 a_server_1 onsoctcp host_1 port_2 server_2 onsoctcp host_1 port_3 s=6 a_server_2 onsoctcp host_1 port_4 server_3 onsoctcp host_2 port_5 s=6 a_server_3 onsoctcp host_2 port_6 server_4 onsoctcp host_3 port_7 s=6 a_server_4 onsoctcp host_3 port_8
- Create a sqlhosts file on each Connection
Manager's host.
#dbservername nettype hostname servicename options cluster_1 group - - c=1,e=a_server_4 server_1 onsoctcp host_1 port_1 s=6,g=cluster_1 a_server_1 onsoctcp host_1 port_2 g=cluster_1 server_2 onsoctcp host_1 port_3 s=6,g=cluster_1 a_server_2 onsoctcp host_1 port_4 g=cluster_1 server_3 onsoctcp host_2 port_5 s=6,g=cluster_1 a_server_3 onsoctcp host_2 port_6 g=cluster_1 server_4 onsoctcp host_3 port_7 s=6,g=cluster_1 a_server_4 onsoctcp host_3 port_8 g=cluster_1
- In each database server's onconfig file,
set the DBSERVERALIASES parameter to that database server's alias.
The onconfig file entry for server_1:
DBSERVERALIASES a_server_1
The onconfig file entry for server_2:DBSERVERALIASES a_server_2
The onconfig file entry for server_3:DBSERVERALIASES a_server_3
The onconfig file entry for server_4:DBSERVERALIASES a_server_4
- On one of the Connection Manager hosts, use a text editor
to create an ASCII-text password file that contains security information.
Save the file to the $ONEDB_HOME/tmp directory.
For example, my_passwords.txt has the following entries:
cluster_1 a_server_1 user_1 password_1 cluster_1 a_server_2 user_2 password_2 cluster_1 a_server_3 user_3 password_3 cluster_1 a_server_4 user_4 password_4 server_1 a_server_1 user_1 password_1 server_2 a_server_2 user_2 password_2 server_3 a_server_3 user_3 password_3 server_4 a_server_4 user_4 password_4 a_server_1 a_server_1 user_1 password_1 a_server_2 a_server_2 user_2 password_2 a_server_3 a_server_3 user_3 password_3 a_server_4 a_server_4 user_4 password_4
- On the host where the password file is saved, run the onpassword utility
with a specified encryption key to encrypt the password and create passwd_file in
the $ONEDB_HOME/etc directory.For example, run the following command, specifying my_secret_encryption_key_456 as your encryption key:
onpassword -k my_secret_encryption_key_456 -e my_passwords.txt
- Store the original text file and encryption key in a safe place.
- Distribute $ONEDB_HOME/etc/passwd_file to
all the database servers that Connection Managers connect to, and
to all Connection Managers.For systems that use Enterprise Replication, also distribute $ONEDB_HOME/etc/passwd_file to all the database servers that the cdr utility connects to.
- Create a sqlhosts file on each client
host.
#dbservername nettype hostname servicename options oltp group - - c=1,e=oltp_2 oltp_1 onsoctcp cm_host_1 cm_port_1 g=oltp oltp_2 onsoctcp cm_host_2 cm_port_2 g=oltp report group - - c=1,e=report_2 report_1 onsoctcp cm_host_1 cm_port_3 g=report report_2 onsoctcp cm_host_2 cm_port_4 g=report payroll group - - c=1,e=payroll_2 payroll_1 onsoctcp cm_host_1 cm_port_5 g=payroll payroll_2 onsoctcp cm_host_2 cm_port_6 g=payroll
- Set each ONEDB_ SQLHOSTS environment
variable to the sqlhosts file location by running
the setenv command on each Connection Manager and
client host.
setenv ONEDB_ SQLHOSTS path_and_file_name
- Run the oncmsm utility on each Connection
Manager host, to start each Connection Manager.On the host of connection_manager_1:
oncmsm -c cm_1.cfg
On the host of connection_manager_2:oncmsm -c cm_2.cfg
- Check each Connection Manager's log file to verify that the Connection Manager started correctly.