Create an environment for performing auto-configuration of network devices.
Only create the folder for ruleset registration when performing auto-configuration using user customization mode.
The network device automatic configuration function realizes automatic configuration by executing the script for NS Appliance prepared by the infrastructure administrator beforehand.
To configure different settings for individual services being provided, register each pattern as a rule for management.
This management unit is referred to as the ruleset.
This operation is not necessary when using sample scripts provided with Resource Orchestrator.
When creating a ruleset, it is recommended to use the sample scripts provided with Resource Orchestrator.
For details, refer to "Appendix F Preparing for Automatic Configuration and Operation of Network Devices" and "Appendix G Sample Script for Automatic Configuration and Operation of Network Devices" in the "Design Guide CE".
Create a folder for registering rulesets and register rulesets.
Create a folder for registering scripts, etc. for each ruleset.
[Windows Manager]
Installation_folder\SVROR\Manager\etc\scripts\Fujitsu\NSAppliance\rulesets\ruleset_name\
[Linux Manager]
/etc/opt/FJSVrcvmr/scripts/Fujitsu/NSAppliance/rulesets/ruleset_name/
Store the files that comprise the rulesets in the folder created above.
Information
Specify the folder name of "ruleset name" using up to 32 characters, including alphanumeric characters, underscores ("_"), and hyphens ("-"). This name should start with an alphabetical character.
Set a unique name for the folder name of "ruleset name", excluding the following folders in which sample scripts are registered.
[Windows Manager]
Installation_folder\SVROR\Manager\etc\scripts\
[Linux Manager]
/etc/opt/FJSVrcvmr/scripts/
When using the sample scripts provided by NS Option, the following operations will be performed during the operations explained in "3.7 Registering NS Appliances as Resources".
Creating a Folder for Registering Rulesets
Copying of Sample Scripts into Rulesets
The sample script for the system configuration using only a firewall is copied.
When using a sample script or when creating a ruleset using a sample script, change the ruleset name from the one in the sample script to a different name.
Ruleset names are determined by the registered folder name.
Specify the ruleset name that was changed to the ruleset name (Ruleset name) in the parameter file (for scripts).
For details on parameter files (for scripts), refer to "15.16 Parameter Files (for Scripts)" in the "Reference Guide (Command/XML) CE".
When using a sample script (SLB_with_SSL-ACC--NSApp1) or when creating a ruleset based on a sample script, SSLv3/tls1.0 is enabled for the SSL protocol being used. When the SSL protocol to be used is limited to SSLv3 or tls1.0, edit the command file using the following procedure:
File to edit
ipcom_modify_cmd2.cli
How to edit
Under "rule ssl-accel", add the following definitions:
When limiting to SSLv3, specify "protocol.ssl3".
When limiting to tls1.0, specify "protocol.tls1".
Example
The "rule ssl-accel definition" when limited to tls1.0 is as follows:
rule ssl-accel server 1%%SLB-Netdevice_ID%%0
server-address %Slb-VServer-IPv4% %Slb-VServer-SSLPort%
cert %Slb-Certificate%
connection-limit %Slb-Access-Limit%
name Server_%Slb-VServer-IPv4%
protocol tls1
cipher-suites -LOW -SSL2
unsafe-renegotiation disable
http-proxy redirect auto
http-proxy secure-cookie
! |
Specify the network resource name and IP address corresponding to the interfaces of NS Appliances during auto-configuration of network devices.
For details on network device interface configuration files, refer to "15.17 Network Device Interface Configuration File" in the "Reference Guide (Command/XML) CE".