In some moments can be necessary use a tape driver to recovery you system rather of network, you can transfer your make_net_recovery archive to a tape. It is important that the archive fits onto a single tape.
Creating the LIF header (Boot Header)
# /usr/bin/cd /var/opt/ignite/clients/HOSTNAME_OF_YOUR_SERVER/recovery/2002-03-12,09:00
# /opt/ignite/bin/make_medialif \-f system_cfg -f control_cfg -f archive_cfg \-C "2002-03-12,09:00 HOSTNAME_OF_YOUR_SERVER recovery image" \-a -l /var/tmp/my_lif
Now modify the LIF file to set it up for use on the tape:
# /opt/ignite/bin/instl_adm -d -F /var/tmp/my_lif > /var/tmp/cfg
Edit the /var/tmp/cfg file and add the following lines to the end of the file:
control_from_server=FALSErun_ui=TRUE
Or, if you just want the recovery to proceed without any interaction, make
run_ui FALSE
andspecify to allow warnings, as shown in the following:
control_from_server=FALSErun_ui=FALSEenv_vars += "INST_ALLOW_WARNINGS=10"Then, issue the following command:
# /opt/ignite/bin/instl_adm -F /var/tmp/my_lif -f /var/tmp/cfg
Writing the LIF Header and the network recovery archive onto tape
Create a DDS1 device file if you do not have one already. A DDS1 device file is compatiblewith most tape drives:
# /usr/sbin/ioscan -fCtape
Class I H/W Path Driver S/W State H/W Type Description
==============================================================
tape 0 8/16/5.6.0 stape CLAIMED DEVICE HP C1533A
# /usr/sbin/mksf -v -H 8/16/5.6.0 -b DDS1 -n –a
This will create the device file, /dev/rmt/c1t6d0DDS1n, for example.
Rewind the tape and write the LIF Header and the archive onto the tape:
# /usr/bin/mt -t /dev/rmt/c1t0d0DDS1n rew
# /usr/bin/dd if=/var/tmp/my_lif of=/dev/rmt/c1t0d0DDS1n obs=2k# /usr/bin/dd \if=/var/opt/ignite/recovery/archives/sys1/2002-03-12,09:00of=/dev/rmt/c1t0d0DDS1n obs=10k
Then rewind the tape again:
# /usr/bin/mt -t /dev/rmt/c1t0d0DDS1n rew
Creating a Bootable Recovery Tape with a make_net_recovery archive
Labels: make_net_recovery
Creating a make_net_recovery Archive - Command Line
This binary is part of Ignite-UX product.
I will some examples to explain how make_net_recovery works:
Archiving only essential core OS files
# /opt/ignite/bin/make_net_recovery -s <Ignite_server>
Archiving the complete root VG
# /opt/ignite/bin/make_net_recovery -Av -s <Ignite_server>
Archiving the complete root VG to a different archive location
# /opt/ignite/bin/make_net_recovery -Av -a host:/archive_server:archive_directory_path -s <Ignite_server>
Archiving complete VGs/disks and including and excluding files and directories
# /opt/ignite/bin/make_net_recovery -x inc_entire=vg00 -x inc_entire=vg01 -s <Ignite_server>
Further
-x
arguments:
-x include=file|dir:
Includes the file or directory in the recovery archivebut does not cross any mount points.
-x inc_cross=file|dir:
Includes the file or directory in the recovery archiveand crosses mount points to access any directories that are mounted or filescontained in directories that are mounted.
-x exclude=file|dir:
Excludes the file or directory from the archive. Whena directory is specified, no files beneath that directory will be stored in thearchive.
Archiving choosing the archive contents in interactive mode
# /opt/ignite/bin/make_net_recovery –i -s <Ignite_server>
make_net_recovery
to run interactively to allow you to select whichfiles and directories are to be included in the recovery archive.
You can make the OS backup using others options like make_tape_recovery
(the destination of your backup will be a tape driver and this subject
is not covered here).
Labels: make_net_recovery, make_tape_recovery
Creating a swap device
1 -Create a logical volume:
#lvcreate -L "xxM" -n "myswap" -C y -n "name"(optiona) /dev/vgXX
where:
-L = size
-n = name of new swap device
-C y = the record will be contiguous.
/dev/vgXX = your vg
2 - Enable the logical volume as swap:
#swapon -f /dev/vgXX/myswap
Labels: Swap
Changing the timestamp of a file
The process is simple, use the follow command:
# touch MMDDhhmmYY filename
Labels: File
create a file with a specified size
In some situations can be necessary create a file using a specified space, you can do it that with the follow command:
# prealloc filename size(bytes)
Labels: File
TIMEZONE - some concepts
In some application environments, it is important that application server components use the same time zone, follow some concepts..
/etc/TIMEZONE --> set GMT
example, changing the tz to no-daylight
TZ=MST7MDT change it to TZ=MST7
/usr/lib/fztab--> this file determines when the daylight is turn on/off (day of year)
The first six are integer patterns that
specify the minute (0-59), hour (0-23), day of the month (1-31), month
of the year (1-12), year (1970-2038), and day of the week (0-6, with
0=Sunday
if TZ=null, then TZ was set to EST5DST by default. Make a look on your file.
# cat /etc/default/tz
You can change it through set_parms:
# /sbin/set_parms timezone
Find which disk the system boot
# ll /dev/disk | grep $(echo "bootdev/x"|adb /stand/vmunix /dev/kmem | awk '/0x/ {print substr($1,5)}')
This is an example for the output:
brw-r----- 1 bin sys 1 0x000003 Oct 12 2010 disk1_p2
If it doesn’t work, try grepping in /dev/dsk (and your system is probably a 11.23)
Se não funcionar tente através do "/dev/dsk" (possívelmente você esteja usando 11.23)
Labels: Boot
Looking for WWPN
Check the device with ioscan:
# ioscan -fnCfc
Use fcmsutil to get the "World Wide Name":
# fcmsutil /dev/td1 | grep World
Extending a filesystem
You can resize on line your filesystems just if your box has OnLineJFS.First of all verify if you have installed in your box OnLineJFS:
# swlist -l product | grep -i vxfs
# swlist -l product | grep -i online
Verify the free space:
#vgdisplay
Use the follow equation to calculate your free space:
((PE size * Free PE)/cur pv)=Free size to use in MB
Use the follow two commands just if you have OnLineJFS
#lvextend -L 800 /dev/vgXX/lvolY (extend logical volume rlvolY by 800MB)
#fsadm -F vxfs -b 800M /mountpointname (use fsadm to extend or extendfs when are not using JFS)
If you have OnLineJFS that's all :) but if you don't have it.. continue with the next steps :)
#umount /FILESYSTEM
#lvextend -L 300 /dev/vg00/FILESYSTEM //where 300MB will be your new size
#extendfs -F vxfs /dev/vg00/rFILESYSTEM
#mount /FILESYSTEM
If you are using samba:
stop the samba before process
You can do the same process through SMH (http://server:2381)
Look for OnlineJFS or AdvJournalFS
Labels: Filesystem
MemFS
MemFS
How to mount/create a "filesystem"
First of all you need to install "MemFS_B.11.31.03_HP-UX_B.11.31_IA_PA" (11.31) or "MemFS_mega-11iv2" product.
Check though swlist if you have installed in your system:
# swlist -l product | grep -i memfs
If you don't have this product installed in your system you can download it trough software.hp.
This FS is sometime used for temporary DBs when you need fast IO, remember if the server halt your data will be lose.
# mount -F memfs -o user=USER,group=GROUP,size=100mb,mode=775 /memfs1
"-F memfs" is a mandatory parameter, is recommended use in the least "-o size=100mb" or the size of your FS will be defined according your swap size.
This is an example of a fstab entry:
memfs /tempdbmem memfs size=100mb,user=USER,group=GROUP,mode=0775 0 2
Sar has a version that lets you do an analysis focused on memfs.
I tested this MemFS using as a tempdb for Sybase and the return is very good but I recommend read the full documentation before to apply in your environment.
Labels: MemFS
How to create a filesystem
Creating a filesystemYou can do that through the sam (logical volumes) or command line
Create the mount point
# mkdir path_of_your_mount_point
Create a logical volume
lvcreate -m 1 -L size(in MB) -n lvname VG
Use "-m 1" if you have a mirror.
Format the fs using vxfs
# newfs -F vxfs [ -o largefiles ] /dev/vg00/rnome (use the raw name)
Use "-o largefiles" if you need create files greater than 2gb.
Mount the fs
# mount /dev/vg/lvname /mount_point
Add this filesystem on fstab using mount options as necessary for you.
Labels: Filesystem
MC ServiceGuard - Debug logging
Use the cmsetlog to change the log severity, changing it to the most verbose log level (in all log categories):
# cmsetlog 5
You can restrict for log categories:
# cmsetlog –M NET –M REM 6
In this case network and remote comunication will be restrict, check the full list of log categories on man pages.
Use the cmsetlog if you want change the log location, this can help you to analyze and don't forget with high log lever greater 3 your syslog will increase the size.
# cmsetlog -f /tmp/MCSG.log
The debug logging is automatically stopped and reset to default once the cluster halted. Toreset the debug logging to default modules, categories and loglevel on a running cluster,simply use the command:
# cmsetlog -r
If the ‘-f <file>’ option has been used with cmsetlog to redirect logging to another file, youshould re-direct it back to syslog.log with the command:
# cmsetlog -s
Debug logging for Advanced Tape Services (ATS) with stsetlog
stsetlog is an undocumented command that enables debug logging for the ATS feature of SG. The usage is:
# stsetlog <level>
Level can be in the range of 0 to 6, where 6 is the most verbose level that also logs themessages sent by ATS. To disable debug logging use “
# stsetlog 0
The default logfile for ATS debug logging is
/var/adm/cmcluster/sharedtape/cmtaped.log
This procedure you can use just with the cluster on line therefore you can't use if you have problems to start the cluster.
Labels: MC ServiceGuard
MC ServiceGuard - Reasons for TOC
Transfer of Control (TOC)
MCSG will TOC a system in order to release system resources and to ensure data integrity. There are several scenarios in which MCSG will TOC a system. They are:
Checking that:
# cmviewconf
Cluster information:cluster name: testcluster
version: 0
flags: 12 (single cluster lock)
heartbeat interval: 1.00 (seconds)
node timeout: 8.00 (seconds)
heartbeat connection timeout: 16.00 (seconds)
auto start timeout: 600.00 (seconds)
network polling interval: 2.00 (seconds)
first lock vg name: /dev/vglock
second lock vg name: (not configured)
Cluster Node information:Node ID 1:
Node name: node1
first lock pv name: /dev/dsk/c0t4d4
first lock disk interface type: c720
Network ID 1:
mac addr: 0x080009fd4375
hardware path: 8/16/6
network interface name: lan0
subnet: 15.140.8.0
subnet mask: 255.255.248.0
ip address: 15.140.10.236
flags: 1 (Heartbeat Network)
bridged net ID: 1
# lanscan
Hardware Station Crd Hdw Net-Interface NM MAC HP-DLPI DLPI
Path Address In# State NamePPA ID Type Support Mjr#
8/16/6 0x080009FD4375 0 UP lan0 snap0 1 ETHER Yes 119
8/8/2/0 0x00108318AFEE 2 UP lan2 snap2 2 ETHER Yes 119
8/8/1/0 0x00108318AFED 1 UP lan1 snap1 3 ETHER Yes 119
# cmscancl -n node -o /tmp/scan.log
Check the "link-level connectivity" in the log.
msg in the log:
Serviceguard: Unable to maintain contact with cmcld daemon.Performing TOC to ensure data integrity.
You can confirm TOC searching in the /etc/shutdownlog for something like that..
18:23 Thu Apr 24 2003. Reboot after panic: SafetyTimer expired, ...
Labels: MC ServiceGuard
User ADM - Admin operations
Create a new user
# useradd -m -s /usr/bin/ksh -g primary_group -G seconday_group user
(just the user name is mandatory)
Change the secondary group of a user
# usermod -G secondary_group user
Change the primary group of a user
# usermod -g primary_group user
Removing a user
# userdel user
# userdel -r user
(Remove the home directory too)
Create a new group
# groupadd group
Changing a group name
# groupmod -n groupname newgroupname
Command to remove a group
# groupdel groupname
Check integrity of /etc/passwd
# pwck
Check integrity of /etc/group
# grpck
changing a user passwd
# passwd user
Setting a null password for a user
# passwd -d user
Force to change the passwd in the next login
# passwd -f user
Lock a user account
# passwd -l user
or
# /usr/lbin/modprpw -l -x user
Unlock a user account
# passwd -u user
or
# /usr/lbin/modprpw -l -k user
Passwd reset
# /usr/lbin/modprpw -x user
Reset passwd age
# /usr/lbin/modprpw -v user
Labels: Quick References
EMC PowerPath - Quick Reference
Show powermt command version
# powermt version
Display PowerPath configuration
# powermt display
Add a new disk in HP-UX
Adding the new disks to SO
# ioscan -fnCdisk
If you are using the 11iv2 you need to create the special files manually:
# insf -C disk
Add the new disks to powerpath
# powermt config
Check:
# powermt display dev=all
Save the new configuration:
# powermt save
Check for death paths and remove them
# powermt display
# powermt check
This command will confirm you if the failed paths can be removed (Y)
List All devices
# powermt display dev=all
Remove All devices
# powermt remove dev=all
Labels: Powerpath, Quick References
Dynamic Root Disks (DRD) - mounting a copied disk and apply patches in this disk
This command will mount your copied disk:
# drd mount
You can umount using the same command but replacing the "mount" word for "umount" (oh really???)
Check it:
# vgdisplay drd00
# bdf
Apply the paches:
# drd runcmd swinstall -s /tmp/patches.depot
-s = full path of your paches
Check a installed patche:
# drd runcmd swlist patches
Off topic:
Follow another good command to use together "drd runcmd".
The DRD-safe commands are the following:
swinstall
swremove
swlist
swmodify
swverify
swjob
kctune
update-ux
view
kcmodule
kconfig
mk_kernel
swm job
Active your new image:
# drd activate
Labels: DRD
Dynamic Root Diks (DRD) - clonning a hp-ux system on line
Using that feature you can clone on line your hp-ux system, clone your hp-ux guests (HPVM) and the target disk can be a SAN disk or a normal disk.
Follow a fast exaplanation to how to clone a system.
The fisrt step is test if your target disk is large enought for a DRD:
# /opt/drd/bin/drd clone –p –v –t /dev/dsk/cxtxdx
(if you are using 11iv3 you must use the disk name in this format: "/dev/disk/diskX")
Creating the Clone:
# /opt/drd/bin/drd clone -v -x overwrite=true -t /dev/dsk/c1t2d0
(if you are using 11iv3 you must use the disk name in this format: "/dev/disk/diskX")
-t = target disk
-v = verbose mode
-x = it's self explanatory..
log file:
/var/opt/drd/drd.log
Check the clone and original disk status
drd status command is executed to verify the clone disk and the original disk:
# /opt/drd/bin/drd status
Labels: DRD
How to validate Serviceguard configuration?
Use the follow command pointing to configuration file
cmcheckconf –P <configuration file.conf>
Labels: MC ServiceGuard
Check Serviceguard version
through swlist
swlist -l product ServiceGuard
through "what"
what /usr/lbin/cmcld
Labels: MC ServiceGuard
MC Serviceguard - Quick Reference
cmrunpkg -n <node name to start package> -v <package to start> -> start a package, the -n option is optional if you are running directlly in the node that will recevei the package.
cmhaltpkg <package name> -> it will halt the package.
cmruncl -v -> this command will start the cluster showing detailed infos, ALL nodes of cluster will be started.
cmruncl -n <node1> -n <node2> -f -> This commando will start the cluster just using the nodes selected, remeber you can't start the cluster withou 50% of cluster, in this case is necessary recompile the cluster before.
cmhaltcl -vf -> it will halt the cluster.
cmmodpkg -n <node name> -e <package> ->Changes the properties of the packet switch, you can use it when the package was automaticly switched.
"Unable to run package XXXX on node NNN. Node is not eligible.
cmrunpkg: Unable to start some package or package instances"
cmmodpkg -e <package name> -> enable autorun.
Labels: Quick References
User ADM - Checking users
Follow some useful commands
Show logins ordering by number id
logins
Verify last logins (read wtmps)
last
Verify last fails logins (read btmps)
lastb
See who are logged with yours ip address
who -T
Check LOCAL user id
id <user>
Check user local status
passwd -s <user>
Check NIS user details
ypcat passwd | grep <user>
or
finger <user>
Check LDAP user
ldaplist passwd <user>
Labels: NIS, Quick References
Others
User Adm
HPVM
LVM
MC ServiceGuard
QuickReference
Check version
Setting up a new cluster
How to validate some cluster/package?
Enable/Disable debug logging
Reasons for TOC
Re-import VG procedure
Whre's the control file of a package?
MC Serviceguard - Replace Quorum Server
Adding a new node in a running cluster
How to upgrade Serviceguard
Serviceguard - Change node ip address
QuickReference
Security
Changing minimum requirement to password
Password policies - Trusted and Non-Trusted
untrusted <-> trusted system
Enable/Disable non-root login
Setting the minimum password size
Prevent re-use a password
Allowing logins specified period
Disabling last login information
Ipfilter
Ipfilter - logging tcp/upd connections
Allow only direct root logins on the system console
Using the Restricted SMH Builder for Limited Superuser Access
Recovery root password (system non-trusted)
Adding timestamp after each command typed, using a trap
Restrict the access to the /etc/passwd file through ftp
Labels: Security
IGNITE
Adding network entry for client PA-RISC
Adding network entry for client Itanium
How to do backup with make_net_backup
Creating a Bootable Recovery Tape with a make_net_recovery archive
How to check the integrity of a tape made by make_tape_recovery (ia64)
Extending the root filesystem using a Ignite tape
Ignite - How to recover a single file from a Ignite tape?
[Ignite] Exclude certain Filesystems
Labels: Ignite
