Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition | |||
|
|
Solution Type Technical Instruction Sure Solution 1011148.1 : Sun Fire[TM] 3800/48x0/E4900/6800/E6900: Unscheduled System Controller (SC) Failover upon generation of SSH DSA hostkey
PreviouslyPublishedAs 215331
Applies to:Sun Fire 3800 ServerSun Fire 4800 Server Sun Fire 4810 Server Sun Fire 6800 Server Sun Fire E4900 Server All Platforms GoalThe ScApp CLI "ssh-keygen" facilitates the generation or display of SecureShell (SSH) hostkey fingerprint within the ScApp environment. This document discusses an anomaly observed in the course of using the "ssh-keygen" CLI to generate a DSA hostkey. SolutionSteps to Follow The ScApp CLI "ssh-keygen" facilitates the generation or display of Secure Shell (SSH) hostkey fingerprint within the ScApp environment. The SSH-2 procotol uses Digital Signature Algorithm (DSA) based authentication & ScApp's "ssh- keygen" provides both RSA and DSA hostkey support. The Digital Signature Algorithm (DSA), was originally developed by the US National Security Agency (NSA) and is part of the Digital Siganture Standard (DSS). This document discusses an anomaly observed in the course of using the "ssh- keygen" CLI to generate a DSA hostkey : i.e., The following ScApp platform logs were captured on the main / spare SCs : original main SC ( sc1 ) : v4u-4800c-sc1:SC> ssh-keygen -t dsa Creating DSA host key may take several minutes. DSA host key generated. Use 'restartssh' to restart the SSH server with the new host key. A restart of the SSH server on the spare SC is also required. Sep 06 11:12:17 v4u-4800c-sc1 Platform.SC: Stopping all services on this SC Sep 06 11:12:17 v4u-4800c-sc1 Platform.SC: All services on this SC have been stopped. original spare SC ( sc0 ) : Sep 05 20:11:39 v4u-4800c-sc0 Platform.SC: SC Failover: no health status received from the other SC for 3 minutes Sep 05 20:12:09 v4u-4800c-sc0 Platform.SC: SC Failover: becoming main SC ... Sep 05 20:12:20 v4u-4800c-sc0 Platform.SC: SC Failover: disabled Sep 05 20:12:27 v4u-4800c-sc0 Platform.SC: Chassis is in single partition mode. Sep 05 20:12:37 v4u-4800c-sc0 Platform.SC: Main System Controller Sep 05 20:12:57 v4u-4800c-sc0 Platform.SC: Clock failover enabled. Sep 05 20:13:56 v4u-4800c-sc0 Platform.SC: Frame Manager connected. ID: 080020: ffa74a Although, the DSA hostkey actually got generated & reported on the new main SC : v4u-4800c-sc0:SC> ssh-keygen -l -t dsa 97:ea:bf:b8:6c:69:ac:11:14:30:45:37:5d:44:26:70 (DSA host key) the DSA host key generation operation did trigger an unscheduled SC Failover event. The basic crux behind the unscheduled SC Failover event observed through the course of the SSH DSA hostkey generation is : Such key generation exercises are highly CPU intensive and the time it takes is typically dictated by the inherent load and the SC's configuration. In addition, given that DSA key generation generally consumes more compute resources than similar key gen exercises involving RSA hostkeys, the few minutes that it may take to generate the DSA hostkey, may result in no health status being sent from the main SC and received on the spare SC for more than 3 minutes.. which would then trigger an automatic SC Failover event. Given that such DSA key generation operations are not expected to be a frequent admin activity, a simple workaround to the anomaly mentioned above would be to simply disable SC Failover ( i.e., exec "setfailover off" ) prior to the DSA hostkey gen & re-enabling SC Failover ( i.e., exec "setfailover on" ) after the DSA hostkey generation has successfully completed . Product Sun Fire 3800 Server Sun Fire 4800 Server Sun Fire 4810 Server Sun Fire 6800 Server Sun Fire E6900 Server Sun Fire E4900 Server Internal Comments See CR 6467598 serengeti, amazon, SC, SSH, ssh-keygen, dsa, failover, health status, 3 minutes, ScApp Previously Published As 87020 Change History Product_uuid 29d05214-0a18-11d6-92b2-a111614865b5|Sun Fire 3800 Server 29d3a694-0a18-11d6-92da-df959df44cdd|Sun Fire 4800 Server 29d6f808-0a18-11d6-8aa8-943929fbbdd8|Sun Fire 4810 Server 29da7938-0a18-11d6-8a41-9ed1ad6d6779|Sun Fire 6800 Server 4fe39727-0599-11d8-84cb-080020a9ed93|Sun Fire E6900 Server bed24aa9-0598-11d8-84cb-080020a9ed93|Sun Fire E4900 Server Attachments This solution has no attachment |
||||||||||||
|