Docker OpenShift OpenStack and Containerization: Installation of SRP and creation of System and workload containers on HP-UX 11iv3 on PA-RISC Systems

Please note that most of these work the same way even on the HP-UX Integrity machine working as the global container in the same manner

Installation of SRP on HP-UX systems (Please note that the system reboots for the first time when SRP Filesets get installed)

Install the HP-UX SRP Container SRP Software

$ swinstall –x autoreboot=true -s <HP-UX Containers depot path> \*

Once the system comes up after reboot

Verify the software installation

$ swverify HP-UX-SRP

The lab systems had already been installed with the SRP and the dependencies

Verify the SRP products on the global

swlist -l product -l bundle | grep -i SRP

Verify the versions for SSHD , PERL {Also ARIES and ARIES patches for HP Itanium systems only}

swlist -l product -l bundle | grep -i secureshell

swlist -l product -l bundle | grep -i aries (for HP Integrity systems only)

perl -v

Recommended patches to be installed

PHKL_41967 : 11.31 fs_select cumulative patch

PHKL_42716 : 11.31 vfs_vnops cumulative patch
PHNE_42470 : 11.31 cumulative ARPA Transport patch
PHSS_42623 : 11.31 mksf(1M) cumulative patch
PHSS_42863 : 11.31 Aries cumulative patch
PHCO_43198 : 11.31 audcmnds cumulative patch

Ensure the following bundles are also installed and are of the latest version

FileSystem-SRP

HPUXTransportSRP
HPUX-Streams-SRP
AuditExt

Seeing which components of SRP are enabled

root@node2u@/opt/hpsrp/bin#srp_sys -list

Checking SRP core subsystems ... [ Not Enabled ]

Checking compartment login feature ... [ Not Enabled ]
Checking PRM service ... [ Not Enabled ]
Checking IPFilter module ... [ Not Enabled ]
Checking IPsec module ... [ Not Installed ]
Checking sshd configuration ... [ Not Enabled ]

Enabling SRP (for the first time you have to enable SRP using srp_sys -setup OR srp_sys -s) The system reboots after the first time SRP setup

root@node2u@/opt/hpsrp/bin#

root@node2u@/opt/hpsrp/bin#srp_sys -s

Configure all SRP related subsystems? [y] Y

Selected SRP subsystem(s) are: migrate,prm,ipsec,ipfilter,coreset,sshd,cmptlogin

##############################

#
# Core subsystems
#
##############################
Checking SRP core subsystems ... [ Not Enabled ]

Enable SRP support in core subsystems? [y] y

Enabling Security Containment Compartments ... [ OK ]
Enabling multiple namespace support ... [ Enable On Boot ]
Enabling network strong ES model ... [ OK ]
Enabling network compartment IPv4 routing policy ... [ OK ]
Enabling network compartment IPv6 routing policy ... [ OK ]
Enabling network kernel tunable cmpt_allow_local ... [ OK ]
Enabling network kernel tunable cmpt_namedstrs ... [ Enable On Boot ]
Enabling network kernel tunable cmpt_restrict_tl ... [ OK ]
Enabling SRP system services ... [ Enable On Boot ]
Adding SRP user and group ... [ OK ]

##############################

#
# cmpt Login configuration
#
##############################
Checking compartment login feature ... [ Not Enabled ]

Enable the Compartment Login feature? [y] y

Note: By default, once compartment login is enabled, only the root user

(user name of "root") will be allowed to login to the global view.

A login group (default:srpgrp) with access to the global view may be used to

allow local users (not named "root") to login to the global view.

Grant a login group access to the global view? [y] y

Allow local users to login to the global view by assigning them to the login

group "srpgrp"? [y] y

Adding RBAC role (SRPlogin-init) for global view login ... [ OK ]

Note: Users defined in /etc/passwd are allowed to login to the global view.

To update the list of users (not named "root") allowed to login to the

global view, edit /etc/group, and modify the list assigned to the
group "srpgrp".

Any service monitored by the pam_hpsec account management module is enabled

with compartment login enabled.

The current PAM configuration file (/etc/pam.conf) is the same as the

system default PAM configuration file (/usr/newconfig/etc/pam.conf).
You can keep it for compartment login purpose.

##############################

#
# PRM Setup
#
##############################
Checking PRM service ... [ Not Enabled ]

Enable PRM? [y] y

Missing recommended PRM Memory Record for PRM memory manager.

Enable the PRM memory manager? [y] y

Adding PRM Memory records ... [ OK ]
Enabling PRM service ... [ OK ]
Enabling PRM autostart at boot-up ... [ OK ]

##############################

#
# sshd configuration
#
##############################
Checking sshd configuration ... [ Not Enabled ]

The Secure Shell daemon (sshd) in the global view is listening to all IP addresses.

This will interfere with Secure Shell daemons in SRP containers.

Restrict the IP addresses that sshd listens to in the global view? [y] y

Enter IP addresses, separated by comma ',': [192.168.10.51]

sshd will then listen on these interfaces: 192.168.10.51
Saving changes to /opt/ssh/etc/sshd_config [ OK ]
Restarting Secure Shell daemon ... [ OK ]

##############################

#
# IPFilter Setup
#
##############################
Checking IPFilter module ... [ Not Enabled ]

HP recommends that you do not enable or disable HP-UX IPFilter when critical

network applications are running. HP recommends that you schedule enabling or
disabling IPFilter when interrupting network connectivity is not disruptive.

Enable IPFilter for SRP? [n]

##############################

#
# IPsec configuration
#
##############################
Checking IPsec module ... [ Not Installed ]

##############################

#
# SRP setup completed.
#
##############################

Warning: compartment feature change will not take effect until the

system is rebooted.
Warning: requested kernel tunable changes will not take effect until the
system is rebooted.
Reboot system now (cd /; shutdown -r now)? [y] y

Once the server comes up (Enabling the SRP for the first system requires the reboot of the system)

root@node2u@/#

See the list of the services enabled

root@node2u@/#srp_sys -list

Checking SRP core subsystems ... [ OK ]
Checking compartment login feature ... [ OK ]
Checking PRM service ... [ OK ]
Checking IPFilter module ... [ Not Enabled ]
Checking IPsec module ... [ Not Installed ]
Checking sshd configuration ... [ OK ]
root@node2u@/#

Checking detail of a particular Component

root@node2u@/#srp_sys -l sshd

Checking sshd configuration ... [ OK ]
root@node2u@/#
root@node2u@/#

Checking further details of teh service

root@node2u@/#srp_sys -l sshd -v

Checking sshd configuration ... [ OK ]
Global view sshd currently listens on these addresses: 192.168.10.51
root@node2u@/#

Creating compartment Simple with the default values : By default if nothing much is specified except the name of the container a workload type container gets created

root@node2u@/#srp -add mysyscont

Enter the requested values when prompted, then press return.

Enter "?" for help at prompt. Press control-c to exit.

Services to add: [cmpt,admin,init,prm,network,login]

List of Unix user names for container administrator: [root]
List of Unix group names for container login: []
List of Unix user names for container login: [root]
PRM group name to associate with this SRP: [mysyscont]
PRM group type (FSS, PSET): [FSS]
PRM FSS group CPU shares: [10]
PRM FSS group CPU cap (press return for no cap): []
PRM group memory shares: [10]
PRM group memory cap (press return for no cap): []
PRM group shared memory (press return for no dedicated memory): []
IP address:
---------------------------------------------------------------
Syntax error for ip_address: Invalid IP address format ().
Examples of valid IP address notational format are:
192.0.2.1 for IPv4 type addresses
2001:DB8::1 for IPv6 type addresses
See ifconfig(1M) for more information about IPV6 address formats.
Enter "?" for help at prompt. Press control-c to exit.
---------------------------------------------------------------
IP address: 192.168.10.111
Add IP address to netconf file? [yes] yes
IP subnet mask (press return to accept default): [] 255.255.255.0
Network interface name: lan0
Gateway server IP address for default route (0 to skip): [192.168.10.111] 192.168.10.1
Autostart container at system boot? [yes]

The following template variables have been set to the values shown:

gw_ip_address = 192.168.10.1

iface = lan0
ip_address = 192.168.10.111
ip_mask = 255.255.255.0

Press return or enter "yes" to make the selected modifications with these

values. Do you wish to continue? [yes]
add compartment rules succeeded
add RBAC admin role for compartment succeeded
add RBAC compartment login role succeeded
add prm rules succeeded
copying from /opt/hpsrp/newconfig/var/hpsrp to /var/hpsrp/mysyscont.setup
copying from /opt/hpsrp/newconfig/var/hpsrp to /var/hpsrp/mysyscont
Configuring /var/hpsrp/mysyscont/etc/inittab ...
Configuring /var/hpsrp/mysyscont/etc/rc.config ...
add compartment network service rules succeeded
add compartment service succeeded
root@node2u@/#

This by default creates a Workload container with the base template

See the container which was just created

root@node2u@/#srp -l

Name Type Template Enabled Services
----------------------------------------------------------------------
mysyscont workload base admin,cmpt,init,login,network,prm

Start the Workload container

root@node2u@/#srp -l

Name Type Template Enabled Services
----------------------------------------------------------------------
mysyscont workload base admin,cmpt,init,login,network,prm
root@node2u@/#

Start the container which was just created

root@node2u@/#

root@node2u@/#srp -start mysyscont

HP-UX SRP Container start-up in progress

________________________________________

Mounting file systems in /var/hpsrp/mysyscont/etc/fstab .... OK

The HP-UX SRP Container is ready.

root@node2u@/#

Check the status of the container

root@node2u@/#srp -status
NAME TYPE STATE SUBTYPE ROOTPATH
mysyscont workload started none /var/hpsrp/mysyscont
root@node2u@/#
root@node2u@/#
root@node2u@/#
root@node2u@/#

IP gets allocated to the Workload container

root@node2u@/etc#netstat -in

Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lan0:1 1500 192.168.10.0 192.168.10.111 0 0 0 0 0

Deleting a compartment

root@node2u@/#srp -d mysyscont

Do you wish to delete the compartment "mysyscont"? (yes/no) : [no] yes

Enter the requested values when prompted, then press return.

Enter "?" for help at prompt. Press control-c to exit.

Delete the container's local files and directories? [no] yes

The following template variables have been set to the values shown:

delete_files_ok = yes

Press return or enter "yes" to make the selected modifications with these

values. Do you wish to continue? [yes] yes
delete compartment rules succeeded
delete RBAC admin role for compartment succeeded
delete RBAC compartment login role succeeded
delete prm rules succeeded
delete ipfilter rules succeeded
delete ipsec rules succeeded
Deleting local files and directories .................done
delete compartment network service rules succeeded
delete compartment service succeeded
root@node2u@/#

Adding a Workload type container

Add a new workload type container wl_container to the system non-interactively, with an IP address of 192.0.2.1 on interface lan3:

srp -add workload_conatiner -t workload ip_address=192.168.10.112 iface=lan3

root@node2u@/#srp -add w1cont -t workload ip_address=192.168.10.112 iface=lan3

Enter the requested values when prompted, then press return.

Enter "?" for help at prompt. Press control-c to exit.

Services to add: [cmpt,admin,init,prm,network,login]

List of Unix user names for container administrator: [root]
List of Unix group names for container login: []
List of Unix user names for container login: [root]
PRM group name to associate with this SRP: [w1cont]
PRM group type (FSS, PSET): [FSS]
PRM FSS group CPU shares: [10]
PRM FSS group CPU cap (press return for no cap): []
PRM group memory shares: [10]
PRM group memory cap (press return for no cap): []
PRM group shared memory (press return for no dedicated memory): []
Add IP address to netconf file? [yes]
IP subnet mask (press return to accept default): []
Gateway server IP address for default route (0 to skip): [192.168.10.112] 192.168.10.1
Autostart container at system boot? [yes]
---------------------------------------------------------------
Syntax error: control characters are not allowed.
Enter "?" for help at prompt. Press control-c to exit.
---------------------------------------------------------------
Autostart container at system boot? [yes]

The following template variables have been set to the values shown:

gw_ip_address = 192.168.10.1

Press return or enter "yes" to make the selected modifications with these

values. Do you wish to continue? [yes]
add compartment rules succeeded
add RBAC admin role for compartment succeeded
add RBAC compartment login role succeeded
add prm rules succeeded
copying from /opt/hpsrp/newconfig/var/hpsrp to /var/hpsrp/w1cont.setup
copying from /opt/hpsrp/newconfig/var/hpsrp to /var/hpsrp/w1cont
Configuring /var/hpsrp/w1cont/etc/inittab ...
Configuring /var/hpsrp/w1cont/etc/rc.config ...
add compartment network service rules succeeded
add compartment service succeeded
root@node2u@/#
root@node2u@/#

List the workload container

root@node2u@/#srp -l

Start the workload container

root@node2u@/#srp -start w1cont

HP-UX SRP Container start-up in progress

________________________________________

Mounting file systems in /var/hpsrp/w1cont/etc/fstab .... OK

The HP-UX SRP Container is ready.

Seeing Status of the workload container

root@node2u@/#srp -status w1cont

NAME TYPE STATE SUBTYPE ROOTPATH
w1cont workload started none /var/hpsrp/w1cont
root@node2u@/#

So the workload container added an IP to lan3

root@node2u@/#netstat -in

Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lan3 1500 192.168.10.0 192.168.10.112 0 0 0 0 0
lan0:1 1500 192.168.10.0 192.168.10.111 92 0 92 0 0
lan0 1500 192.168.10.0 192.168.10.51 19399 0 17543 0 0
lo0 32808 127.0.0.0 127.0.0.1 601463 0 601463 0 0

root@node2u@/#lanscan

Hardware Station Crd Hdw Net-Interface NM MAC HP-DLPI DLPI
Path Address In# State NamePPA ID Type Support Mjr#
0/1/2/0 0x0014C2107323 0 UP lan0 snap0 1 ETHER Yes 119
0/3/1/0/4/0 0x001279435AF0 1 UP lan1 snap1 2 ETHER Yes 119
0/3/1/0/4/1 0x001279435AF1 2 UP lan2 snap2 3 ETHER Yes 119
0/3/1/0/6/0 0x001279435AF2 3 UP lan3 snap3 4 ETHER Yes 119
0/3/1/0/6/1 0x001279435AF3 4 UP lan4 snap4 5 ETHER Yes 119
LinkAgg0 0x000000000000 900 DOWN lan900 snap900 7 ETHER Yes 119
LinkAgg1 0x000000000000 901 DOWN lan901 snap901 8 ETHER Yes 119
LinkAgg2 0x000000000000 902 DOWN lan902 snap902 9 ETHER Yes 119
LinkAgg3 0x000000000000 903 DOWN lan903 snap903 10 ETHER Yes 119
LinkAgg4 0x000000000000 904 DOWN lan904 snap904 11 ETHER Yes 119
root@node2u@/#

SRP SU to the Workload Partition to login to the workload SRP

root@node2u@/#srp_su w1cont

# pwd
/

# pwd
/
# cd var

#

You can also create a file from the Workload partition

This is visbile to the global system but not to the other containers
BDF from the Workload Partition gives permission denied for the mounted FS of the other containers

# bdf

Filesystem kbytes used avail %used Mounted on
/dev/vg00/lvol3 5128192 185384 4904288 4% /
/dev/vg00/lvol1 1982008 98608 1685192 6% /stand
/dev/vg00/lvol7 62914560 32593296 30085592 52% /var
/dev/vg00/lvol6 7176192 1812664 5321744 25% /usr
/dev/vg00/lvol5 5128192 21328 5066976 0% /tmp
/dev/vg00/lvol4 25608192 3846864 21591336 15% /opt
/dev/vg00/lvol8 114688 6040 107928 5% /home
bdf: /var/hpsrp/mysyscont/stand: Permission denied

You can add a user from the workload partition but that gets added to the global system

# useradd -m test

# passwd test
Changing password for test
New password:
Re-enter new password:
Passwd successfully changed
#

The user created from the Workload partition login is visible to the root user also that user can do srp_su to the workload partition.

root@node2u@/#id test

uid=111(test) gid=20(users)
root@node2u@/#
root@node2u@/#
root@node2u@/#srp -l
Name Type Template Enabled Services
----------------------------------------------------------------------
mysyscont system system admin,cmpt,init,network,prm,provision
w1cont workload base admin,cmpt,init,login,network,prm

Login to the container as user test

root@node2u@/#srp_su w1cont - test

(c)Copyright 1983-2006 Hewlett-Packard Development Company, L.P.
(c)Copyright 1979, 1980, 1983, 1985-1993 The Regents of the Univ. of California
(c)Copyright 1980, 1984, 1986 Novell, Inc.
(c)Copyright 1986-2000 Sun Microsystems, Inc.
(c)Copyright 1985, 1986, 1988 Massachusetts Institute of Technology
(c)Copyright 1989-1993 The Open Software Foundation, Inc.
(c)Copyright 1990 Motorola, Inc.
(c)Copyright 1990, 1991, 1992 Cornell University
(c)Copyright 1989-1991 The University of Maryland
(c)Copyright 1988 Carnegie Mellon University
(c)Copyright 1991-2006 Mentat Inc.
(c)Copyright 1996 Morning Star Technologies, Inc.
(c)Copyright 1996 Progressive Systems, Inc.

Confidential computer software. Valid license from HP required for

possession, use or copying. Consistent with FAR 12.211 and 12.212,
Commercial Computer Software, Computer Software Documentation, and
Technical Data for Commercial Items are licensed to the U.S. Government
under vendor's standard commercial license.

But that user ID cannot be used to logon to the other container which is the system container

If you delete the user id from the global view they loose access to the Workload container.

If you want login to the global container again , you can create a user after you login to the workload container

root@node2u@/#userdel -r test

root@node2u@/#
root@node2u@/#
root@node2u@/#srp -l
Name Type Template Enabled Services
----------------------------------------------------------------------
mysyscont system system admin,cmpt,init,network,prm,provision
w1cont workload base admin,cmpt,init,login,network,prm

root@node2u@/#srp_su w1cont - test

su: Unknown id: test
root@node2u@/#

The other way you can give the srp_su privilege to a user is

root@node2u@/#useradd -m test

root@node2u@/#passwd test

Changing password for test
New password:
Re-enter new password:
Passwd successfully changed

This assigns SRP SU credential to a user so that he can do an srp_su to a specific container

root@node2u@/#srp -l

root@node2u@/#roleadm assign test SRPsu-w1cont

roleadm assign done in /etc/rbac/user_role

root@node2u@/#srp_su w1cont - test

Confidential computer software. Valid license from HP required for

Add an apache instance type to the workload contai

srp -add wl_container -t apache

Replace the PRM Rules for the container

srp -replace sys_container -service prm

Add a second IP instance to a container on lan1 interface

srp -add w1_container -s network -b -id 2 ip_address=192.168.10.112

Change the IP address interface for the workload partition

root@node2u@/#srp -l

root@node2u@/#srp -replace w1cont -service network

Enter the requested values when prompted, then press return.

Enter "?" for help at prompt. Press control-c to exit.

IP address: [192.168.10.112] 192.168.10.112

Add IP address to netconf file? [yes] yes
IP subnet mask (press return to accept default): [] 255.255.255.0
Network interface name: [lan3] lan0
Gateway server IP address for default route (0 to skip): [192.168.10.1] 192.168.10.1

The following template variables have been set to the values shown:

iface = lan0

ip_mask = 255.255.255.0

Press return or enter "yes" to make the selected modifications with these

values. Do you wish to continue? [yes] yes
replace compartment network service rules succeeded
root@node2u@/#

But when you try to SSH to the container that fails (as this is a workload container) as we do not have SSHD template yet on the container

root@node2u@/#ssh test@192.168.10.112

ssh: connect to host 192.168.10.112 port 22: Connection refused
root@node2u@/#
root@node2u@/#
root@node2u@/#

Important file locations

/opt/hpsrp/bin The directory where all srp executables

are located.

/etc/opt/hpsrp The directory where srp configuration files

are located.

/var/hpsrp/container_name.setup/setup Customizable pre-start/post-stop

script for container_name

Adding a system type container

srp -add mysyscont -t system ip_address=192.168.10.111 iface=lan0 root_password=root -b

add compartment rules succeeded

add RBAC admin role for compartment succeeded
add prm rules succeeded
copying from / to /var/hpsrp/mysyscont
copying from /etc to /var/hpsrp/mysyscont/etc
copying from /opt to /var/hpsrp/mysyscont/opt
copying from /sbin to /var/hpsrp/mysyscont/sbin
copying from /usr to /var/hpsrp/mysyscont/usr
copying from /var to /var/hpsrp/mysyscont/var

write: File too large

Cannot write 11iv3dcoe/PHCO_43669/VRTSPERL.2/opt/VRTSperl/lib/5.10.0/pod/perluni faq.pod
'/usr/bin/cpio -updmx /var/hpsrp/mysyscont/var 2>&1' returned with exit code 1
Mounting loopback (LOFS) filesystems ...
copying newconfig directories ...
Copying run level scripts ...
Creating userdb files ...
Changing root user password...
Configuring srp user and group ids ...
Configuring sshd...
Configuring software distributor ...
Configuring RBAC ...
Configuring device files ...
Configuring container products ...
Unmounting loopback (LOFS) filesystems ...
add compartment network service rules succeeded
add provision service succeeded
root@node2u@/#
root@node2u@/#
root@node2u@/#
root@node2u@/#

Starting UP a system container

root@node2u@/#srp -l

Name Type Template Enabled Services
----------------------------------------------------------------------
mysyscont system system admin,cmpt,init,network,prm,provision
root@node2u@/#
root@node2u@/#

root@node2u@/#srp -start mysyscont

HP-UX SRP Container start-up in progress

________________________________________

Setting up Containers ............................................. OK

Remounting Root File System ....................................... N/A
Setting hostname .................................................. OK
Start containment subsystem configuration ......................... OK
Start Utmp Daemon : manages User Accounting Database .............. OK
Configuring SCSI Subsystem ........................................ OK
Recover editor crash files ........................................ OK
List and/or clear temporary files ................................. OK
Clean up old log files ............................................ OK
Start system message logging daemon ............................... OK
Checking user database ............................................ OK
Configuring DHCPv6 Interfaces ..................................... OK
Starting HP-UX Secure Shell ....................................... OK
Start NFS core subsystem .......................................... OK
Start NFS IPv6 subsystem .......................................... OK
Start enhanced NFS IPv6 subsystem ................................. OK
Start NIS server subsystem ........................................ OK
Start ldap client daemon .......................................... N/A
Start NIS client subsystem ........................................ OK
Start lock manager subsystem ...................................... OK
Start NFS client subsystem ........................................ OK
Start AUTOFS subsystem ............................................ OK
Finish containment subsystem configuration ........................ OK
Start Internet services daemon .................................... OK
Start remote system status daemon ................................. N/A
Starting sendmail [Done] Starting sm-client [Done] ................ OK
Starting the password/group assist subsystem ...................... OK
Start print spooler ............................................... N/A
Start clock daemon ................................................ OK
PA performance software is being started. ......................... OK
Initialize Software Distributor agent daemon ...................... OK
Starting the Winbind Daemon ....................................... N/A
Configuring SCSI Subsystem ........................................ OK
Start Trivial File Transfer Protocol daemon in standalone mode .... N/A
Starting HP-UX Apache-based Web Server ............................ N/A
Starting HP-UX Tomcat-based Servlet Engine ........................ N/A
Starting HP-UX Webmin-based Admin ................................. N/A
Starting the HPUX Webproxy subsystem .............................. N/A
Starting HP-UX XML Web Server Tools ............................... OK
Configuring SCSI Subsystem ........................................ OK
Start CDE login server ............................................ OK

The HP-UX SRP Container is ready.

root@node2u@/#

Virtual IP address gets added on the host after the container startup

root@node2u@/#netstat -in

Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lan0:1 1500 192.168.10.0 192.168.10.111 2 0 2 0 0
lan0 1500 192.168.10.0 192.168.10.51 12696 0 12363 0 0
lo0 32808 127.0.0.0 127.0.0.1 392697 0 392697 0 0
root@node2u@/#

Mounted FS after the start of the system container

root@node2u@/#srp -l

Name Type Template Enabled Services
----------------------------------------------------------------------
mysyscont system system admin,cmpt,init,network,prm,provision
root@node2u@/#
root@node2u@/#
root@node2u@/#bdf
Filesystem kbytes used avail %used Mounted on
/dev/vg00/lvol3 5128192 185016 4904648 4% /
/dev/vg00/lvol1 1982008 98608 1685192 6% /stand
/dev/vg00/lvol7 62914560 32592920 30085368 52% /var
/dev/vg00/lvol6 7176192 1812664 5321744 25% /usr
/dev/vg00/lvol5 5128192 21328 5066976 0% /tmp
/dev/vg00/lvol4 25608192 3846864 21591336 15% /opt
/dev/vg00/lvol8 114688 5880 107960 5% /home
/stand 1982008 98608 1685192 6% /var/hpsrp/mysyscont/stand
root@node2u@/#

Login to the container from the global view as root user

srp_su mysyscont

Login to the container once in the container

# bdf

Filesystem kbytes used avail %used Mounted on
/ 62914560 32593032 30085880 52% /
/stand 1982008 98608 1685192 6% /stand
#

# uname -a

HP-UX mysyscon B.11.31 U 9000/800 261744785 unlimited-user license
#
#

# model

9000/800/rp3410
#

# hostname

mysyscont
#
#

# netstat -in
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lan0:1 1500 192.168.10.0 192.168.10.111 2 0 2 0 0
lo0 32808 127.0.0.0 127.0.0.1 468675 0 468675 0 0
#
#

# netstat -rn

Routing tables
Destination Gateway Flags Refs Interface Pmtu
127.0.0.1 127.0.0.1 UH 0 lo0 32808
192.168.10.111 192.168.10.111 UH 0 lan0:1 32808
192.168.10.0 192.168.10.111 U 3 lan0:1 1500
127.0.0.0 127.0.0.1 U 0 lo0 32808
default 192.168.10.111 U 0 lan0:1 1500
#

Adding a user and a group locally to the container

# useradd -m test1

# groupadd test1

# passwd test1

Changing password for test1
New password:
Re-enter new password:
Passwd successfully changed
#

Modifying the user inside the container

# usermod -G users,test1 test1

#
#
# id test1
uid=106(test1) gid=20(users) groups=104(test1)
#
+++++++++++++++++++++++++++++

As this is a system container a user can login to the container via SSH

test1 - can also login via SSH

This user also can then do SRP_SU to the container from the global system

root@node2u@/#

root@node2u@/#srp_su mysyscont - test1
(c)Copyright 1983-2006 Hewlett-Packard Development Company, L.P.
(c)Copyright 1979, 1980, 1983, 1985-1993 The Regents of the Univ. of California
(c)Copyright 1980, 1984, 1986 Novell, Inc.
(c)Copyright 1986-2000 Sun Microsystems, Inc.
(c)Copyright 1985, 1986, 1988 Massachusetts Institute of Technology
(c)Copyright 1989-1993 The Open Software Foundation, Inc.
(c)Copyright 1990 Motorola, Inc.
(c)Copyright 1990, 1991, 1992 Cornell University
(c)Copyright 1989-1991 The University of Maryland
(c)Copyright 1988 Carnegie Mellon University
(c)Copyright 1991-2006 Mentat Inc.
(c)Copyright 1996 Morning Star Technologies, Inc.
(c)Copyright 1996 Progressive Systems, Inc.

Confidential computer software. Valid license from HP required for

$
$ pwd
/home/test1
$ id

uid=106(test1) gid=20(users) groups=104(test1)

$
$

Try running glance, swinstall, top , swlist in the container and observe

Glance is not allowed to be run inside a container

# glance
sh: glance: not found.
#
#

#
#
# which glance
no glance in /usr/bin /usr/sbin /sbin
#
#

However TOP can be run inside a container

# top
System: mysyscon Thu Aug 22 12:16:54 2013
Load averages: 0.32, 0.24, 0.30
21 processes: 12 sleeping, 9 running
Cpu states:
LOAD USER NICE SYS IDLE BLOCK SWAIT INTR SSYS
0.32 0.0% 0.0% 0.0% 100.0% 0.0% 0.0% 0.0% 0.0%

System Page Size: 4Kbytes

Memory: 152980K (74888K) real, 559328K (266708K) virtual, 593596K free Page# 1/1

TTY PID USERNAME PRI NI SIZE RES STATE TIME %WCPU %CPU COMMAND

pts/1 16547 root 178 20 4016K 980K run 0:00 0.92 0.04 top
? 14522 root 168 20 6272K 3416K sleep 0:00 0.01 0.01 srp_init
? 14525 root 154 20 872K 144K sleep 0:00 0.00 0.00 fsdaemon_srp
? 14616 root 152 20 4084K 1220K run 0:00 0.00 0.00 utmpd
? 14639 root 154 20 2696K 344K sleep 0:00 0.00 0.00 syslogd
? 14685 root 154 20 7916K 1012K sleep 0:00 0.00 0.00 sshd
? 14696 root 154 20 3516K 544K sleep 0:00 0.00 0.00 rpcbind
? 14763 daemon 152 20 6140K 1904K run 0:00 0.00 0.00 rpc.statd
? 14769 root 152 20 3632K 656K run 0:00 0.00 0.00 rpc.lockd
? 14790 root 152 20 3656K 644K run 0:00 0.00 0.00 nfs4cbd
? 14796 root 152 20 4232K 1256K run 0:00 0.00 0.00 nfsmapid
? 14808 root 152 20 5292K 1296K run 0:00 0.00 0.00 automountd
? 14810 root 152 20 144K 144K run 0:00 0.00 0.00 autofskd_12
? 14816 root 154 20 3152K 360K sleep 0:00 0.00 0.00 inetd
? 14849 root 154 20 7492K 936K sleep 0:00 0.00 0.00 sendmail:
? 14858 root 154 20 2100K 356K sleep 0:00 0.00 0.00 pwgrd
? 14863 root 154 20 2464K 304K sleep 0:00 0.00 0.00 cron
? 14867 root 152 20 12708K 1944K run 0:00 0.00 0.00 swagentd
? 14925 root 158 20 640K 184K sleep 0:00 0.00 0.00 sh
? 15282 root 154 20 3880K 396K sleep 0:00 0.00 0.00 dtlogin
pts/1 16169 root 158 20 672K 220K sleep 0:00 0.00 0.00 sh

Swinstall is not supported within the system container

# swinstall -s 192.168.10.51:/var/11iv3dcoe
ERROR: The command "swinstall" is not supported in a system
container.
#

++++++++++++++++++++++++++++++++

Swlist works inside a system container

# swlist -l bundle

# Initializing...
# Contacting target "mysyscont"...
#
# Target: mysyscont:/
#

AccessControl B.11.31.05 HP-UX Role-Based Access Control Infrastructure

AuditExt B.11.31.04.01 HP-UX Audit Extensions
B6848BA 1.4.gm.46.16 Ximian GNOME 1.4 GTK+ Libraries for HP-UX
BUNDLE B.2013.08.21 Patch Bundle
Base-VXFS B.11.31 Base VxFS File System 4.1 Bundle for HP-UX
Base-VxFS-501 B.05.01.02 Veritas File System Bundle 5.0.1 for HP-UX
CDE-English B.11.31 English CDE Environment
CIFS-CLIENT A.02.02.02 HP CIFS Client
CIFS-SERVER A.03.01.02 HP CIFS Server
DynSysVSem B.11.31.02 Dynamic System V Semaphores
FEATURE11i B.11.31.1503.411a Feature Enablement Patches for HP-UX 11i v3, March 2015
FIREFOX A.2.0.0.19ar.02 Firefox for HP-UX
FileSystem-SRP B.11.31.06 Filesystem Enhancement for SRPv3
GTK 2.6.8.00.01 GTK+ 2.6 The Gnome GUI Runtime Toolkit
HP-ACC-Link C.11.31.03 HP aCC_link Bundle
HP-UX-SRP A.03.01.007 HP-UX Secure Resource Partition and Configuration Manager
HP-WDB-DEBUGGER C.11.31.06 HP DEBUGGER Bundle
HPUX-DHCPv4 B.11.31 HPUX DHCPv4 Server
HPUX-DHCPv6 B.11.31 HPUX DHCPv6 Server
HPUX-FTPServer C.2.6.1.7.0 HPUX FTP Server
HPUX-MailServer C.8.13.3.5 HPUX Mail Server
HPUX-NameServer C.9.3.2.9.0 HPUX Name Server
HPUX-Streams-SRP B.11.31.01 Streams SRP Bundle
HPUX-TCPWRAP B.11.31 HPUX TCPWrapper daemon
HPUX11i-HA-OE B.11.31.1109 HP-UX High Availability Operating Environment
HPUXBastille B.3.3.01 Bastille Security Hardening Tool
HPUXEssential B.11.31 Essential HP-UX Utilities
HPUXLocales B.11.31 Internationalization Support
HPUXMan-Eng B.11.31 Minimum and Essential English man pages
HPUXMinRuntime B.11.31 Minimum Runtime Environment
HPUXTransportSRP B.11.31.03 Xport SRP Bundle
HWEnable11i B.11.31.1403.401a Hardware Enablement Patches for HP-UX 11i v3, March 2014
Java15JDK 1.5.0.23.00 Java 1.5 JDK for HP-UX
Java15JDKadd 1.5.0.23.00 Java 1.5 JDK -AA addon for HP-UX
Java15JRE 1.5.0.23.00 Java 1.5 JRE for HP-UX
Java15JREadd 1.5.0.23.00 Java 1.5 JRE -AA addon for HP-UX
Java60JDK 1.6.0.10.00 Java 6.0 JDK for HP-UX
Java60JDKadd 1.6.0.10.00 Java 6.0 JDK -AA addon for HP-UX
Java60JRE 1.6.0.10.00 Java 6.0 JRE for HP-UX
Java60JREadd 1.6.0.10.00 Java 6.0 JRE -AA addon for HP-UX
LDAPUX B.05.01 LDAP-UX Integration
ONCplus B.11.31.18.1 ONC+ 2.3
PAMKerberos D.01.26 PAM-Kerberos Version 1.26
QPKBASE B.11.31.1503.411a Base Quality Pack Bundle for HP-UX 11i v3, March 2015
SD B.11.31.1209.382 HP Software Distributor
SecureShell A.06.20.030 HP-UX Secure Shell
SwAssistant C.02.86 HP-UX Software Assistant
SysMgmtMin B.11.31.1109 Minimum Software Deployment Tools
TBIRD A.2.0.0.24ar.00 Thunderbird for HP-UX
Tune-N-Tools B.11.31.0909 Optimized Kernel Tunables and Tools for Database and Application Servers
hpuxws22Apache B.2.2.15.06 HP-UX Apache-based Web Server
hpuxws22Tomcat B.5.5.30.05 HP-UX Tomcat-based Servlet Engine
hpuxws22Webmin A.1.070.13 HP-UX Webmin-based Admin
hpuxwsXml A.2.03 HPUX XML
perl E.5.8.8.F Perl Programming Language
#
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

See that the SSHD is listening in the container

# ps -ef | grep -i sshd

root 14685 1 0 11:50:56 ? 0:00 /opt/ssh/sbin/sshd
#
#
#
#
# netstat -an | grep -i 22
tcp 0 0 *.22 *.* LISTEN
tcp6 0 0 *.22 *.* LISTEN
#
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++=
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Login from the global view as user admin1 with a new login session (create the admin1 user first inside the container)

srp_su mysyscont -admin1

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

run a command as admin user to the container

srp_su mysyscont admin -c ls

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Create a user on the global sysetm also put a rule to allow a user admin1 to use srp_su

roleadm assign admin1 SRPsu-mysyscont

roleadm assign test SRPsu-mysyscont

root@node2u@/#roleadm assign test SRPsu-mysyscont

roleadm assign done in /etc/rbac/user_role
root@node2u@/#

Roles added appear in the file /etc/rbac/user_role

root@node2u@/#cat /etc/rbac/user_role

root: Administrator, SRPadmin-mysyscont
&srpgrp: SRPlogin-init
test: SRPsu-mysyscont
root@node2u@/#
root@node2u@/#
root@node2u@/#

For the system container, the ID with which srp_su is needed is created in the container.

Even if the user is done a role assign from the global view as above cannot simply login if the user is not created within the container

root@node2u@/#srp_su mysyscont - test

su: Unknown id: test
root@node2u@/#
root@node2u@/#
root@node2u@/#id test
uid=111(test) gid=20(users)
root@node2u@/#
root@node2u@/#
root@node2u@/#
root@node2u@/#id test1
Can't find user test1
root@node2u@/#
root@node2u@/#
root@node2u@/#srp_su mysyscont - test1
(c)Copyright 1983-2006 Hewlett-Packard Development Company, L.P.
(c)Copyright 1979, 1980, 1983, 1985-1993 The Regents of the Univ. of California
(c)Copyright 1980, 1984, 1986 Novell, Inc.
(c)Copyright 1986-2000 Sun Microsystems, Inc.
(c)Copyright 1985, 1986, 1988 Massachusetts Institute of Technology
(c)Copyright 1989-1993 The Open Software Foundation, Inc.
(c)Copyright 1990 Motorola, Inc.
(c)Copyright 1990, 1991, 1992 Cornell University
(c)Copyright 1989-1991 The University of Maryland
(c)Copyright 1988 Carnegie Mellon University
(c)Copyright 1991-2006 Mentat Inc.
(c)Copyright 1996 Morning Star Technologies, Inc.
(c)Copyright 1996 Progressive Systems, Inc.

Confidential computer software. Valid license from HP required for

$ id

uid=106(test1) gid=20(users) groups=104(test1)
$

+++++++++++++++++++++++++++++++++++++++++++++++++

kctune to change the kernel parameters cannot be set within the system containers

# kctune nproc

Tunable Value Expression Changes
nproc 4200 Default Immed
#
#
# kctune nproc=4201
ERROR: The configuration could not be locked. It may be in use by
another process.
#

SAM within a system container is not possible

#
# sam
sh: sam: Execute permission denied.
#
#
#

Important to know the compartment login roles

(hpux.security.compartment.login,*). Administrators use this

authorization to define login compartments for users in the system.
Authorizations cannot be assigned directly to users. Instead,
authorizations are assigned to roles and roles are defined for users.

Administrators must use the object part of the new authorization to

specify the login compartment for a user. Only compartment names can
be used in the object part of this authorization. Only one
compartment can be specified in the object part.

The following steps explain for user "joe" how to define C1 and C2 as

login compartments:

1. Create a new App1Role role.

# roleadm add App1Role

2. Assign user joe to App1Role.

# roleadm assign joe App1Role

3. Assign (allow) compartment login authorizations with

compartments C1 and C2 to the App1Role role.

# authadm assign App1Role hpux.security.compartment.login "C1"

# authadm assign App1Role hpux.security.compartment.login "C2"

To allow user belonging to App1Role to login to all compartments

authadm assign App1Role hpux.security.compartment.login *

For example, assume that one instance of sshd is running in

compartment C1 with IP address IP1 and another instance of sshd is
running in compartment C2 with IP address IP2. When a user with the
hpux.security.compartment.login, C1 authorization tries to connect to
the IP1 address, the user will be allowed to login to C1 compartment.
When the same user tries to connect to the IP2 address, the user would
be denied access.

Allowing the Settings on the global view for users to get the login to the containers

Once the compartment login feature is enabled, unauthorized users
would not be able to login to the system using any of the login
services (example: sshd, inetd, xinetd), until the new authorization
is assigned to the user. This inability to login is true even for
those login services running in the init compartment. Refer to
compartments(5) for more information about the init compartment.

/etc/cmpt/cmpt.conf

++++++++++++++++++++++++++++++++++++++++++++++++++++++++

root@node2u@/#cat /etc/cmpt/cmpt.conf

#!/sbin/sh
#
# Compartment configuration. See compartment_login(5)
#
# Enable or disable compartment login feature.
#
# Initial configuration file values:
# CMPT_LOGIN=0

Adding a service to the SRP (example is to add a SSHD service to the workload container)

The SSHD service cannot be added to a workload container when the container is already up

root@node2u@/#srp -add w1cont -t sshd -b
Operation only allowed when container "w1cont" is in the stopped state.
Run "srp -stop w1cont" first.

Stop the workload container first

root@node2u@/#srp -stop w1cont

root@node2u@/#srp -status

NAME TYPE STATE SUBTYPE ROOTPATH
mysyscont system started private /var/hpsrp/mysyscont
w1cont workload stopped none /var/hpsrp/w1cont
root@node2u@/#

Ensure that the container is in stopped state before adding the SSHD template

root@node2u@/#srp -a w1cont -t sshd

Enter the requested values when prompted, then press return.

Enter "?" for help at prompt. Press control-c to exit.

Services to add: [cmpt,provision]

sshd data path: [/var/hpsrp/w1cont/opt/ssh]
sshd executable path: [/opt/ssh]
Copy SSH config data from path: [/opt/ssh/newconfig]
sshd port number: [22]

Press return or enter "yes" to process this template.

Do you wish to continue? [yes]
add compartment rules succeeded
add provision service succeeded

Start the container which is of the type of workload after adding the SSHD template to the same

root@node2u@/#srp -start w1cont

HP-UX SRP Container start-up in progress

________________________________________

Mounting file systems in /var/hpsrp/w1cont/etc/fstab .... OK

Starting HP-UX Secure Shell ............................. OK

The HP-UX SRP Container is ready.

root@node2u@/#srp -status

4NAME TYPE STATE SUBTYPE ROOTPATH
mysyscont system started private /var/hpsrp/mysyscont
w1cont workload started none /var/hpsrp/w1cont
root@node2u@/#
root@node2u@/#
root@node2u@/#srp -status
NAME TYPE STATE SUBTYPE ROOTPATH
mysyscont system started private /var/hpsrp/mysyscont
w1cont workload started none /var/hpsrp/w1cont
root@node2u@/#

This basically takes you to the host system only in case of a workload container if you login as root as this is a workload container

root@node2u@/#netstat -in
Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll
lan3* 1500 none none 0 0 0 0 0
lan0:1 1500 192.168.10.0 192.168.10.111 92 0 92 0 0
lan0:2 1500 192.168.10.0 192.168.10.112 0 0 0 0 0
lan0 1500 192.168.10.0 192.168.10.51 27853 0 24237 0 0
lo0 32808 127.0.0.0 127.0.0.1 3109447 0 3109447 0 0
root@node2u@/#ssh 192.168.10.112
The authenticity of host '192.168.10.112 (192.168.10.112)' can't be established.
RSA key fingerprint is 0b:fd:a0:85:34:9e:f9:8c:07:3b:82:6e:31:a4:85:35.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.10.112' (RSA) to the list of known hosts.
Password:
Last successful login: Fri Aug 23 01:51:45 IST 2013 192.168.10.12
Last authentication failure: Thu Aug 22 11:28:35 IST 2013 192.168.10.12
Last login: Fri Aug 23 01:51:45 2013 from 192.168.10.12
(c)Copyright 1983-2006 Hewlett-Packard Development Company, L.P.
(c)Copyright 1979, 1980, 1983, 1985-1993 The Regents of the Univ. of California
(c)Copyright 1980, 1984, 1986 Novell, Inc.
(c)Copyright 1986-2000 Sun Microsystems, Inc.
(c)Copyright 1985, 1986, 1988 Massachusetts Institute of Technology
(c)Copyright 1989-1993 The Open Software Foundation, Inc.
(c)Copyright 1990 Motorola, Inc.
(c)Copyright 1990, 1991, 1992 Cornell University
(c)Copyright 1989-1991 The University of Maryland
(c)Copyright 1988 Carnegie Mellon University
(c)Copyright 1991-2006 Mentat Inc.
(c)Copyright 1996 Morning Star Technologies, Inc.
(c)Copyright 1996 Progressive Systems, Inc.

Confidential computer software. Valid license from HP required for

You have mail.

Value of TERM has been set to "xterm".

WARNING: YOU ARE SUPERUSER !!

root@node2u@/#

root@node2u@/#
root@node2u@/#
root@node2u@/#exit
logout root
Connection to 192.168.10.112 closed.
root@node2u@/#

Adding a user to the workload container and assigning him login role to the container also allow the access to CRON

srp_su to the workload container

add the user and the group
from the global system assign the provilige role to LOGIN ROLE to the user
roleadm assign test123 SRPlogin-w1cont
Then the user can also login to the Workload container

On the global add the user to cron.allow

Then login using that user with SSH to the workload container and he can create his own crontab using crontab

SRP Listing short

root@node2u@/var/spool/cron/crontabs#srp -list mysyscont

Name Type Template Enabled Services
----------------------------------------------------------------------
mysyscont system system admin,cmpt,init,network,prm,provision

SRP Listing Detailed information for a container

root@node2u@/var/spool/cron/crontabs#srp -list mysyscont -v

Name: mysyscont Template: system Service: admin ID: 1

----------------------------------------------------------------------
Allowed Groups:
Allowed Users: root

RBAC Role:

SRPadmin-mysyscont

RBAC Authorizations(s):

(hpux.srp.admin.*, mysyscont)
(hpux.SRPadmin.mysyscont, mysyscont)

RBAC Command privilege(s):

/opt/hpsrp/bin/util/srp_op:-start mysyscont:(hpux.SRPadmin.mysyscont,mysyscont):0/0//:init:dflt:dflt:
/opt/hpsrp/bin/util/srp_op:-stop mysyscont:(hpux.SRPadmin.mysyscont,mysyscont):0/0//:init:dflt:dflt:
/opt/hpsrp/bin/util/srp_op:-status mysyscont:(hpux.SRPadmin.mysyscont,mysyscont):0/0//:init:dflt:dflt:

Name: mysyscont Template: system Service: cmpt ID: 1

----------------------------------------------------------------------

Compartment Configuration (/etc/cmpt/mysyscont.rules):

#define _SRP_HOME_ /var/hpsrp/mysyscont
#define _SRP_USR_PERM_ write
#define _SRP_USR_ROOT_ _SRP_HOME_
#define _SRP_SBIN_PERM_ write
#define _SRP_SBIN_ROOT_ _SRP_HOME_

#include "/etc/opt/hpsrp/cmpt/sysbase.srp_incl"

Name: mysyscont Template: system Service: init ID: 1

----------------------------------------------------------------------
#
# Container configuration file
#
# WARNING: this file does not have any user changeable fields.
# Do not change the contents of this file.
#
autostart=1
srp_name=mysyscont
srp_subtype=private
srp_type=system
srp_kern_opts=
root_dir=/var/hpsrp/mysyscont
root_is_mountable=no
root_mount_options=
root_mount_resource=
root_mount_type=
srp_fs_dir[0]=/stand
srp_fs_options[0]=ro
srp_fs_resource[0]=/stand
srp_fs_type[0]=lofs

Name: mysyscont Template: system Service: network ID: 1

----------------------------------------------------------------------

Compartment Configuration (/etc/cmpt/mysyscont.rules):

// owns the IP address
interface 192.168.10.111

Netconf Configuration:

INTERFACE_NAME="lan0:1"
INTERFACE_SKIP="true"
IP_ADDRESS="192.168.10.111"
TYPE="ipv4"
SUBNET_MASK=""
INTERFACE_STATE="up"
BROADCAST_ADDRESS=""
DHCP_ENABLE="0"
INTERFACE_MODULES=""
CMGR_TAG="compartment="mysyscont" template="system" service="network" id="1""
ROUTE_DESTINATION="default"
ROUTE_SKIP="true"
ROUTE_MASK=""
ROUTE_GATEWAY="192.168.10.111"
ROUTE_COUNT="0"
ROUTE_ARGS=""
ROUTE_SOURCE="192.168.10.111"
ROUTE_PARAMS=""

Name: mysyscont Template: system Service: prm ID: 1

----------------------------------------------------------------------

PRM Configuration (/etc/prmconf):

mysyscont:2:10::
#!PRM_MEM:mysyscont:10::::
#!SCOMP:mysyscont:mysyscont

Name: mysyscont Template: system Service: provision ID: 1

----------------------------------------------------------------------
verbose=1
remove=yes
ipf_for_ipsec=no
ok_export_dirs=yes
change_password=no
activate=yes
home_is_mountable=no
warningsFile=/var//opt/hpcmgr/tmp/cmgr.5857
subtype=private
compartment=mysyscont
admin_user=
id=13
assign_ip=yes
prm_cpu_shares=10
prm_cpu_max=
service=all
srpName=mysyscont
prm_mem_shares=10
preview=no
type=system
named_cmpt=
delete_files_ok=no
prm_phys_mem=
tar=/usr/bin/tar
device_list=
autostart=yes
outputFormat=xml
home_mount_options=
root_password=xxxx
exchangeArchive=
home_mount_type=
home_mount_resource=
ip_address=192.168.10.111
iface=
tune=no
validate=yes
script=
srp_id=
ipsec_transform=ESP_AES128_HMAC_SHA1
prm_mem_max=
dns_server_ip=
dstCompartment=
device=
prm_cores=
gw_ip_address=
prm_group_type=FSS
provision_fs=yes
prm_group_name=
importInCmpt=
ip_mask=
The provision script name is /opt/hpsrp/bin/util/custom_srpsys_setup

root@node2u@/var/spool/cron/crontabs#

Docker OpenShift OpenStack and Containerization

Monday, December 7, 2015

Installation of SRP and creation of System and workload containers on HP-UX 11iv3 on PA-RISC Systems

No comments:

Post a Comment