Running IBM Spectrum Symphony without external DNS

For IBM® Spectrum Symphony to work, your cluster must be able to resolve IP addresses of management host names. When host name resolution through an external DNS server is not available, especially in cloud environments, you can use static host name resolution by adding all management hosts to the OS hosts file. Alternatively, configure primary and primary-candidate hosts in the OS hosts file and set up the Service Director in IBM Spectrum Symphony to act as an internal DNS server.

Before you begin

Restriction:
  • IBM Spectrum Symphony Developer Edition and IBM Spectrum Symphony client installations are not supported.
  • TCP IPv6 is not supported.
To use the Service Director as an internal DNS server:
  • IBM Spectrum Symphony must be installed in Advanced Workload Execution Mode (WEM) (see Workload execution modes).
  • All hosts in the cluster must belong to the same non-empty domain, which must be configured as follows:
    • Update the ego. zone in the named.conf file at $EGO_CONFDIR/../../eservice/esd/conf/named/conf/ on Linux® and %EGO_CONFDIR%\..\..\eservice\esd\conf\named\conf\ on Windows.
      For example, when your domain name is example.com, replace the ego zone with example.com:
      zone "example.com." IN {
              type master;
              file "db.ego";
              allow-update { key ego.; };
      };
      
    • Update the ego. zone in the db.ego file at $EGO_CONFDIR/../../eservice/esd/conf/named/namedb/ on Linux and %EGO_CONFDIR%\..\..\eservice\esd\conf\named\namedb\ on Windows to use the same domain name, for example, example.com:
      $ORIGIN .
      $TTL 0  ; 0 seconds
      example.com IN SOA  egonameserver.example.com. root.example.com. (
                                      77         ; serial
                                      10800      ; refresh (3 hours)
                                      900        ; retry (15 minutes)
                                      604800     ; expire (1 week)
                                      0          ; minimum (0 seconds)
                                      )
               NS     egonameserver.example.com.
      $ORIGIN example.com.
      egonameserver              A       10.0.0.123
                                 A       10.0.0.124
      Important: Review your db.ego configuration carefully. Each dot (.) is important and misconfiguration might cause the DNS server to not work properly. Serial parameters must be unique in each DNS zone file. For information about the file format, refer to BIND 9 documentation.
      For Windows hosts, the domain name must be set in the computer's settings or DNS suffixes must be added to network settings. For example, on Windows 10:
      1. Go to Start > File Explorer.
      2. Right-click This PC, then Properties.
      3. In the Computer Name, domain, and workgroup settings section, click Change Settings.
      4. In the Computer Name tab, click Change > More.
      5. Enter the DNS suffix for the computer in the Primary DNS suffix of this computer text box.
      6. Click OK and restart the OS.
    • Update the esddefault.xml file at $EGO_CONFDIR/../../eservice/esd/conf/ on Linux and %EGO_CONFDIR%\..\..\eservice\esd\conf\ on Windows to use the same domain name in the ESD_EGO_DOMAIN parameter. Replace the parameter's value from ego to, for example, example.com:
      <?xml version="1.0" encoding="UTF-8"?>
      <ESDDefaultPluginConfiguration>
        <ESD_EGO_NAMESERVER>egonameserver</ESD_EGO_NAMESERVER>
        <ESD_EGO_DOMAIN>example.com</ESD_EGO_DOMAIN>
        <ESD_EGO_KEY name="ego.">rUlWkhrNFCsXkOwZBu/xVA==</ESD_EGO_KEY>
      </ESDDefaultPluginConfiguration>
  • Your primary and primary-candidate hosts must be registered in the hosts file for host name resolution and set up as the name servers for all hosts in the cluster:
    1. Log on to each host in your cluster with administrative privileges (root on Linux and system administrator on Windows).
    2. Edit the hosts configuration file at /etc/hosts on Linux and c:\Windows\System32\Drivers\etc\hosts on Windows to add the IP addresses of your primary and all primary-candidate hosts. Ensure that you add both the hosts' short name and full name (with domain).
      For example, when the primary host name is sym1x123 with IP address 10.0.0.123 and the primary-candidate host name is sym1x124 with IP address 10.0.0.124, your hosts configuration might be as follows:
      $ cat /etc/hosts
      10.0.0.123   sym1x123  sym1x123.example.com
      10.0.0.124   sym1x124  sym1x124.example.com
      Note: The DNS service uses IP port 53. Your firewall must be configured to enable clients to access this service.
    3. Add the IP addresses of hosts on which the Service Director must run in your cluster (usually primary and primary candidate hosts) in the name resolution configuration, along with the domain name.
      On Linux hosts, update the /etc/resolv.conf file. For example, when the domain name is example.com, your resolv.conf configuration might be as follows:
      $ cat /etc/resolv.conf 
      search example.com
      nameserver 10.0.0.123
      nameserver 10.0.0.124
      Tip: To avoid losing your updates when your network system is reconfigured or restarted, make the changes permanent before updating the resolv.conf file:
      $ chattr +i /etc/resolv.conf
      On Windows hosts, update the TCP/IP configuration. For example, on Windows 10:
      1. Go to Start > Control Panel > Network and Internet > Network and Sharing Center.
      2. Click your Connection, then Properties.
      3. In the Connection Properties window, click Internet Protocol Version 4 (TCP/IPv4), then Properties.
      4. In the General tab, click User the following DNS server addresses, then enter 10.0.0.123 (IP address of the primary host) as the Preferred DNS server and 10.0.0.124 (IP address of the primary-candidate host) as the Alternate DNS server.
      5. Click OK.
    Note: The primary and all primary-candidates hosts must be registered on each host before the cluster is created. If the host IP addresses change, update the hosts file on all your hosts.

About this task

IBM Spectrum Symphony relies on DNS resolution to uniquely identify hosts in the cluster. In environments without an external DNS, you can use the Service Director in IBM Spectrum Symphony as your DNS server. To do this, enable the EGO Service Controller to register hosts with the Service Director and restrict the Service Director to run only on the primary and primary-candidate hosts that are registered for host name resolution. With this configuration enabled, anytime a host is used in the cluster, its IP address and host name are registered, enabling host name resolution of dynamically added non-primary and non-primary candidate hosts.

For enhanced security, the Service Director, by default, does not forward DNS requests.

Procedure

  1. Enable the Service Controller to register hosts with the Service Director by enabling the ESC_ESD_REGISTER_HOSTS parameter in the egosc_conf.xml file at $EGO_CONFDIR/../../eservice/esc/conf/ on Linux and %EGO_CONFDIR%\..\..\eservice\esc\conf\ on Windows:
    <ESC_ESD_REGISTER_HOSTS>ON</ESC_ESD_REGISTER_HOSTS>

    If ESC_ESD_REGISTER_HOSTS is set to OFF (default), the Service Controller registers EGO service names, instead of IP addresses.

    1. Optional: Configure the maximum number of DNS update retries by the Service Controller in the ESC_ESD_MAX_RETRIES parameter (default is 3), for example:
      <ESC_ESD_MAX_RETRIES>5</ESC_ESD_MAX_RETRIES>
    2. Optional: Configure the interval (in milliseconds) between DNS update retries in the ESC_ESD_RETRY_TIMEOUT parameter (default is 2000), for example:
      <ESC_ESD_RETRY_TIMEOUT>2500</ESC_ESD_RETRY_TIMEOUT>
  2. Configure the Service Director as the DNS server by updating its service profile, either from the cluster management console or manually in any XML editor. If you are editing the service profile manually, update the named.xml file at $EGO_CONFDIR/../../eservice/esc/conf/services/ on Linux or %EGO_CONFDIR%\..\..\eservice\esc\conf\services\ on Windows.
    1. Enable the Service Director to run as the root user, for example:
      <ego:Command>${EGO_TOP}/4.0/scripts/egosrvloader.sh named -u root -f</ego:Command>
      <ego:ExecutionUser>root</ego:ExecutionUser>
    2. Restrict the Service Director to run only on your known primary and primary-candidate hosts, for example:
      <ego:ResourceRequirement>select('sym1x123' || 'sym1x124')</ego:ResourceRequirement>
    3. Enable the Service Director to start automatically:
      <sc:StartType>AUTOMATIC</sc:StartType>
  3. Optional: To update DNS server configuration, update parameters in the named.conf file under $EGO_CONFDIR/../../eservice/esd/conf/named/conf/ on Linux and %EGO_CONFDIR%\..\..\eservice\esd\conf\named\conf\ on Windows. For information about changing parameters, refer to BIND 9 documentation.
  4. Restart the cluster to apply the new configuration.