Creating a Bootable Recovery Tape with a make_net_recovery archive

sábado, 31 de dezembro de 2011

In some moments can be necessary use a tape driver to recovery you system rather of network, you can transfer your make_net_recovery archive to a tape. It is important that the archive fits onto a single tape.

Creating the LIF header (Boot Header)

# /usr/bin/cd /var/opt/ignite/clients/HOSTNAME_OF_YOUR_SERVER/recovery/2002-03-12,09:00
# /opt/ignite/bin/make_medialif \-f system_cfg -f control_cfg -f archive_cfg \-C "2002-03-12,09:00 HOSTNAME_OF_YOUR_SERVER recovery image" \-a -l /var/tmp/my_lif

Now modify the LIF file to set it up for use on the tape:


# /opt/ignite/bin/instl_adm -d -F /var/tmp/my_lif > /var/tmp/cfg

Edit the /var/tmp/cfg file and add the following lines to the end of the file:
control_from_server=FALSErun_ui=TRUE
Or, if you just want the recovery to proceed without any interaction, make
run_ui FALSE
andspecify to allow warnings, as shown in the following:
control_from_server=FALSErun_ui=FALSEenv_vars += "INST_ALLOW_WARNINGS=10"Then, issue the following command:

# /opt/ignite/bin/instl_adm -F /var/tmp/my_lif -f /var/tmp/cfg

Writing the LIF Header and the network recovery archive onto tape

Create a DDS1 device file if you do not have one already. A DDS1 device file is compatiblewith most tape drives:


# /usr/sbin/ioscan -fCtape
Class I H/W Path Driver S/W State H/W Type Description
==============================================================
tape 0 8/16/5.6.0 stape CLAIMED DEVICE HP C1533A

# /usr/sbin/mksf -v -H 8/16/5.6.0 -b DDS1 -n –a
This will create the device file, /dev/rmt/c1t6d0DDS1n, for example.

Rewind the tape and write the LIF Header and the archive onto the tape:

# /usr/bin/mt -t /dev/rmt/c1t0d0DDS1n rew

# /usr/bin/dd if=/var/tmp/my_lif of=/dev/rmt/c1t0d0DDS1n obs=2k# /usr/bin/dd \if=/var/opt/ignite/recovery/archives/sys1/2002-03-12,09:00of=/dev/rmt/c1t0d0DDS1n obs=10k
Then rewind the tape again:
# /usr/bin/mt -t /dev/rmt/c1t0d0DDS1n rew

Creating a make_net_recovery Archive - Command Line

This binary is part of Ignite-UX product.

I will some examples to explain how make_net_recovery works:

Archiving only essential core OS files

# /opt/ignite/bin/make_net_recovery -s <Ignite_server>

Archiving the complete root VG

# /opt/ignite/bin/make_net_recovery -Av -s <Ignite_server>

Archiving the complete root VG to a different archive location

# /opt/ignite/bin/make_net_recovery -Av -a host:/archive_server:archive_directory_path -s <Ignite_server>

Archiving complete VGs/disks and including and excluding files and directories

# /opt/ignite/bin/make_net_recovery -x inc_entire=vg00 -x inc_entire=vg01 -s <Ignite_server>

Further
-x
arguments:
-x include=file|dir:
Includes the file or directory in the recovery archivebut does not cross any mount points.
-x inc_cross=file|dir:
Includes the file or directory in the recovery archiveand crosses mount points to access any directories that are mounted or filescontained in directories that are mounted.
-x exclude=file|dir:
Excludes the file or directory from the archive. Whena directory is specified, no files beneath that directory will be stored in thearchive.


Archiving choosing the archive contents in interactive mode

# /opt/ignite/bin/make_net_recovery –i -s <Ignite_server>

make_net_recovery
to run interactively to allow you to select whichfiles and directories are to be included in the recovery archive.


You can make the OS backup using others options like make_tape_recovery (the destination of your backup will be a tape driver and this subject is not covered here).

Creating a swap device

sexta-feira, 30 de dezembro de 2011

1 -Create a logical volume:

#lvcreate -L "xxM" -n "myswap" -C y -n "name"(optiona) /dev/vgXX

where:

-L = size
-n = name of new swap device
-C y = the record will be contiguous.
/dev/vgXX = your vg

2 - Enable the logical volume as swap:

#swapon -f /dev/vgXX/myswap

Changing the timestamp of a file

The process is simple, use the follow command:

# touch MMDDhhmmYY filename

create a file with a specified size

In some situations can be necessary create a file using a specified space, you can do it that with the follow command:


# prealloc filename size(bytes)

TIMEZONE - some concepts

In some application environments, it is important that application server components use the same time zone, follow some concepts..

/etc/TIMEZONE --> set GMT
example, changing the tz to no-daylight
TZ=MST7MDT change it to TZ=MST7

/usr/lib/fztab--> this file determines when the daylight is turn on/off (day of year)
The first six are integer patterns that
specify the minute (0-59), hour (0-23), day of the month (1-31), month
of the year (1-12), year (1970-2038), and day of the week (0-6, with
0=Sunday

if TZ=null, then TZ was set to EST5DST by default. Make a look on your file.
# cat /etc/default/tz

You can change it through set_parms:
# /sbin/set_parms timezone

Find which disk the system boot

# ll /dev/disk | grep $(echo "bootdev/x"|adb /stand/vmunix /dev/kmem | awk '/0x/ {print substr($1,5)}')

This is an example for the output:
brw-r----- 1 bin sys 1 0x000003 Oct 12 2010 disk1_p2

If it doesn’t work, try grepping in /dev/dsk (and your system is probably a 11.23)

Se não funcionar tente através do "/dev/dsk" (possívelmente você esteja usando 11.23)

Looking for WWPN

Check the device with ioscan:

# ioscan -fnCfc

Use fcmsutil to get the "World Wide Name":

# fcmsutil /dev/td1 | grep World

Extending a filesystem

quinta-feira, 29 de dezembro de 2011

You can resize on line your filesystems just if your box has OnLineJFS.First of all verify if you have installed in your box OnLineJFS:

# swlist -l product | grep -i vxfs
# swlist -l product | grep -i online

Verify the free space:

#vgdisplay
Use the follow equation to calculate your free space:
((PE size * Free PE)/cur pv)=Free size to use in MB


Use the follow two  commands just if you have OnLineJFS

#lvextend -L 800 /dev/vgXX/lvolY  (extend logical volume rlvolY by 800MB)
#fsadm -F vxfs -b 800M /mountpointname (use fsadm to extend or extendfs when are not using JFS)

If you have OnLineJFS that's all :) but if you don't have it.. continue with the next steps :)

#umount /FILESYSTEM
#lvextend -L 300 /dev/vg00/FILESYSTEM   //where 300MB will be  your new size
#extendfs -F vxfs /dev/vg00/rFILESYSTEM
#mount /FILESYSTEM
If you are using samba:
stop the samba before process

You can do the same process through SMH (http://server:2381)
Look for OnlineJFS or AdvJournalFS

MemFS

MemFS

How to mount/create a "filesystem"

First of all you need to install "MemFS_B.11.31.03_HP-UX_B.11.31_IA_PA" (11.31) or "MemFS_mega-11iv2" product.
Check though swlist if you have installed in your system:

# swlist -l product | grep -i memfs

If you don't have this product installed in your system you can download it trough software.hp.

This FS is sometime used for temporary DBs when you need fast IO, remember if the server halt your data will be lose.

# mount -F memfs -o user=USER,group=GROUP,size=100mb,mode=775 /memfs1

"-F memfs" is a mandatory parameter, is recommended use in the least "-o size=100mb" or the size of your FS will be defined according your swap size.

This is an example of a fstab entry:
memfs /tempdbmem memfs size=100mb,user=USER,group=GROUP,mode=0775 0 2

Sar has a version that lets you do an analysis focused on memfs.
I tested this MemFS using as a tempdb for Sybase and the return is very good but I recommend read the full documentation before to apply in your environment.

How to create a filesystem

Creating a filesystemYou can do that through the sam (logical volumes) or command line

Create the mount point
# mkdir path_of_your_mount_point

Create a logical volume
lvcreate -m 1 -L size(in MB) -n lvname VG
Use "-m 1" if you have a mirror.

Format the fs using vxfs
# newfs -F vxfs [ -o largefiles ] /dev/vg00/rnome  (use the raw name)
Use "-o largefiles" if you need create files greater than 2gb.

Mount the fs
# mount /dev/vg/lvname /mount_point
Add this filesystem on fstab using mount options as necessary for you.

MC ServiceGuard - Debug logging

Use the cmsetlog to change the log severity, changing it to the most verbose log level (in all log categories):

# cmsetlog 5

You can restrict for log categories:

# cmsetlog –M NET –M REM 6
In this case network and remote comunication will be restrict, check the full list of log categories on man pages.

Use the cmsetlog if you want change the log location, this can help you to analyze and don't forget with high log lever greater 3 your syslog will increase the size.

# cmsetlog -f /tmp/MCSG.log

The debug logging is automatically stopped and reset to default once the cluster halted. Toreset the debug logging to default modules, categories and loglevel on a running cluster,simply use the command:

# cmsetlog -r

If the ‘-f <file>’ option has been used with cmsetlog to redirect logging to another file, youshould re-direct it back to syslog.log with the command:

# cmsetlog -s

Debug logging for Advanced Tape Services (ATS) with stsetlog
stsetlog is an undocumented command that enables debug logging for the ATS feature of SG. The usage is:

# stsetlog <level>
Level can be in the range of 0 to 6, where 6 is the most verbose level that also logs themessages sent by ATS. To disable debug logging use “

# stsetlog 0
The default logfile for ATS debug logging is

/var/adm/cmcluster/sharedtape/cmtaped.log

This procedure you can use just with the cluster on line therefore you can't use if you have problems to start the cluster.

MC ServiceGuard - Reasons for TOC

Transfer of Control (TOC)

MCSG will TOC a system in order to release system resources and to ensure data integrity. There are several scenarios in which MCSG will TOC a system. They are:


  • A two-node cluster loses heartbeat at which time a single node cluster will form. The system that loses the race to the lock disk will TOC.



  • Checking that:

    # cmviewconf

    Cluster information:cluster name: testcluster
    version: 0
    flags: 12 (single cluster lock)
    heartbeat interval: 1.00 (seconds)
    node timeout: 8.00 (seconds)
    heartbeat connection timeout: 16.00 (seconds)
    auto start timeout: 600.00 (seconds)
    network polling interval: 2.00 (seconds)
    first lock vg name: /dev/vglock
    second lock vg name: (not configured)

    Cluster Node information:Node ID 1:
    Node name: node1
    first lock pv name: /dev/dsk/c0t4d4
    first lock disk interface type: c720
    Network ID 1:

     mac addr: 0x080009fd4375
    hardware path: 8/16/6
    network interface name: lan0
    subnet: 15.140.8.0
    subnet mask: 255.255.248.0
    ip address: 15.140.10.236
    flags: 1 (Heartbeat Network) 

    bridged net ID: 1

    # lanscan

    Hardware Station Crd Hdw Net-Interface NM MAC HP-DLPI DLPI
    Path Address In# State NamePPA ID Type Support Mjr#
    8/16/6 0x080009FD4375 0 UP lan0 snap0 1 ETHER Yes 119
    8/8/2/0 0x00108318AFEE 2 UP lan2 snap2 2 ETHER Yes 119
    8/8/1/0 0x00108318AFED 1 UP lan1 snap1 3 ETHER Yes 119


    # cmscancl -n node -o /tmp/scan.log

    Check the "link-level connectivity" in the log.


  • The cluster daemon, cmcld, dies for any reason



  • msg in the log:
    Serviceguard: Unable to maintain contact with cmcld daemon.Performing TOC to ensure data integrity.

  • NODE_FAIL_FAST=YES is set in a package configuration file.




  • The cluster lvm daemon, cmlvmd, dies for any reason.




  • System safety time is disabled via the cmsetsafety command.




  • SERVICE_FAIL_FAST_ENABLED = YES is set (causes reboot).




  • You can confirm TOC searching in the /etc/shutdownlog  for something like that..

    18:23 Thu Apr 24 2003. Reboot after panic: SafetyTimer expired, ...

    User ADM - Admin operations

    terça-feira, 27 de dezembro de 2011

    Create a new user


    # useradd -m -s /usr/bin/ksh -g primary_group -G seconday_group user
    (just the user name is mandatory)
    Change the secondary group of a user

    # usermod -G secondary_group user

    Change the primary group of a user

    # usermod -g primary_group user

    Removing a user

    # userdel user
    # userdel -r user
    (Remove the home directory too)

    Create a new group

    # groupadd group

    Changing a group name

    # groupmod -n groupname newgroupname

    Command to remove a group

    # groupdel groupname

    Check integrity of /etc/passwd

    # pwck

    Check integrity of  /etc/group

    # grpck

    changing a user passwd

    # passwd user

    Setting a null password for a user

    # passwd -d user

    Force to change the passwd in the next login

    # passwd -f user

    Lock a user account

    # passwd -l user
    or
    # /usr/lbin/modprpw -l -x user

    Unlock a user account

    # passwd -u user
    or
    # /usr/lbin/modprpw -l -k user

    Passwd reset

    # /usr/lbin/modprpw -x user

    Reset passwd age

    # /usr/lbin/modprpw -v user

    EMC PowerPath - Quick Reference

    segunda-feira, 26 de dezembro de 2011

    Show powermt command version

    # powermt version

    Display PowerPath configuration

    # powermt display

    Add a new disk in HP-UX

    Adding the new disks to SO
    # ioscan -fnCdisk
    If you are using the 11iv2 you need to create the special files manually:
    # insf -C disk
    Add the new disks to powerpath
    # powermt config
    Check:
    # powermt display dev=all
    Save the new configuration:
    # powermt save

    Check for death paths and remove them

    # powermt display
    # powermt check
    This command will confirm you if the failed paths can be removed (Y)

    List All devices

    # powermt display dev=all

    Remove All devices

    # powermt remove dev=all

    Dynamic Root Disks (DRD) - mounting a copied disk and apply patches in this disk

    This command will mount your copied disk:

    # drd mount
    You can umount using the same command but replacing the "mount" word for "umount" (oh really???)

    Check it:

    # vgdisplay drd00

    # bdf

    Apply the paches:

    # drd runcmd swinstall -s /tmp/patches.depot

    -s = full path of your paches

    Check a installed patche:

    # drd runcmd swlist patches



    Off topic:

    Follow another good command to use together "drd runcmd".

    The DRD-safe commands are the following:

    swinstall
    swremove
    swlist
    swmodify
    swverify
    swjob
    kctune
    update-ux
    view
    kcmodule
    kconfig
    mk_kernel
    swm job
    Active your new image:

    # drd activate

    Dynamic Root Diks (DRD) - clonning a hp-ux system on line

    Using that feature you can clone on line your hp-ux system, clone your hp-ux guests (HPVM) and the target disk can be a SAN disk or a normal disk.

    Follow a fast exaplanation to how to clone a system.

    The fisrt step is test if your target disk is large enought for a DRD:


    # /opt/drd/bin/drd clone –p –v –t /dev/dsk/cxtxdx

    (if you are using 11iv3 you must use the disk name in this format: "/dev/disk/diskX")


    Creating the Clone:

    # /opt/drd/bin/drd clone -v -x overwrite=true -t /dev/dsk/c1t2d0
    (if you are using 11iv3 you must use the disk name in this format: "/dev/disk/diskX")

    -t = target disk

    -v = verbose mode

    -x = it's self explanatory..

    log file:

    /var/opt/drd/drd.log

    Check the clone and original disk status

    drd status command is executed to verify the clone disk and the original disk:

    # /opt/drd/bin/drd status

    How to validate Serviceguard configuration?

    sexta-feira, 23 de dezembro de 2011

    Use the follow command pointing to configuration file

    cmcheckconf –P <configuration file.conf>

    Check Serviceguard version

    through swlist

    swlist -l product ServiceGuard

    through "what"

    what /usr/lbin/cmcld

    MC Serviceguard - Quick Reference


    cmviewcl -> Show the cluster status.
    cmviewcl -v -> Show the cluster status detailed.

    cmrunnode <node name> -> start the specified node.
    cmhaltnode <node name> -> it will halt the specified node.

    cmrunpkg -n <node name to start package> -v <package to start> -> start a package, the -n option is optional if you are running directlly in the node that will recevei the package.
    cmhaltpkg <package name> -> it will halt the package.

    cmruncl -v -> this command will start the cluster showing detailed infos, ALL nodes of cluster will be started.
    cmruncl -n <node1> -n <node2> -f -> This commando will start the cluster just using the nodes selected, remeber you can't start the cluster withou 50% of cluster, in this case is necessary recompile the cluster before.
    cmhaltcl -vf -> it will halt the cluster.

    cmmodpkg -n <node name> -e <package> ->Changes the properties of the packet switch, you can use it when the package was automaticly switched.
    "Unable to run package XXXX on node NNN. Node is not eligible.
    cmrunpkg: Unable to start some package or package instances"

    cmmodpkg -e <package name> -> enable autorun.

    User ADM - Checking users

    Follow some useful commands

    Show logins ordering by number id

    logins

    Verify last logins (read wtmps)

    last

    Verify last fails logins (read btmps)

    lastb

    See who are logged with yours ip address

    who -T

    Check LOCAL user id

    id <user>

    Check user local status

    passwd -s <user>

    Check NIS user details

    ypcat passwd | grep <user>
    or
    finger <user>

    Check LDAP user

    ldaplist passwd <user>

    Others


    Identifying a lun from a HP EVA storage 

    How to configure a NTP server? 

    rresvport_af: socket: All ports in use (loop!) 

    HBA - Finding the firmware version

     

     

     

    Kernel

    Reserve memory

    Working with kernel



    User Adm

    Cheking users

    Basic Operations

    Recovery root password (system non-trusted)

    Adding timestamp after each command typed, using a trap

    Restrict the access to the /etc/passwd file through ftp

    Disable password age for all user

    NIS - Who is the NIS master?

    Wrapper - Not allow change root password

    HPVM

    HPVM - Overview

    HPVM Quick Reference

    Add lan to a HPVM (using a specified vlan)

    Adding a tape/CD drive to a HPVM guest

    LVM

    How to create a filesystem

    Extend a FS with/whithou OnlineJFS

    Removing a lvol

    Adding a new disk in your system

    Renaming a logical volume 

    Set largefiles to support files greater than 2GB 

    Extending the root filesystem - using DRD, Ignite or LVM maintenance mode

    MC ServiceGuard

    QuickReference

    Check version

    Setting up a new cluster

    How to validate some cluster/package?

    Enable/Disable debug logging

    Reasons for TOC

    Re-import VG procedure

    Whre's the control file of a package?

    MC Serviceguard - Replace Quorum Server 

    Adding a new node in a running cluster


    How to upgrade Serviceguard

    Serviceguard - Change node ip address
    QuickReference

    Security

    sábado, 3 de dezembro de 2011

    Changing minimum requirement to password

    Password policies - Trusted and Non-Trusted

    untrusted <-> trusted system

    Enable/Disable non-root login

    Setting the minimum password size



    Prevent re-use a password


    Allowing logins specified period


    Disabling last login information


    Ipfilter

    Ipfilter - logging tcp/upd connections


    Allow only direct root logins on the system console


    Using the Restricted SMH Builder for Limited Superuser Access 


    Recovery root password (system non-trusted)


    Adding timestamp after each command typed, using a trap


    Restrict the access to the /etc/passwd file through ftp

    IGNITE

    Adding network entry for client PA-RISC

    Adding network entry for client Itanium

    How to do backup with make_net_backup

    Creating a Bootable Recovery Tape with a make_net_recovery archive

    How to check the integrity of a tape made by make_tape_recovery (ia64)

    Extending the root filesystem using a Ignite tape

    Ignite - How to recover a single file from a Ignite tape?

    [Ignite] Exclude certain Filesystems