Forwarding the syslog to another server on network

quinta-feira, 25 de outubro de 2012

I'm using a linux to receive my logs for this explanation.

LogServer:
usually the syslog conf path for syslog on linux is /etc/sysconfig/syslog (red hat for example)
Setup the syslog on linux with the bellow options:

SYSLOGD_OPTIONS="-m 0 -r"
*.* /var/adm/messages

Refresh the syslog
# kill -HUP syslogPid

HP-UX :
Setup the syslog on HP-UX with the bellow options:
syslog conf path: /etc/syslog.conf
*.debug @LogServer

Get the syslog pid to refresh the process:
ps -ef | grep syslog

# kill -HUP syslogPid

Wrapper - Block the root password change

sábado, 20 de outubro de 2012

For security reason is good dont give the "power" to change the root password for everyone :-)

Create a list of users that you want to deny the change of password.:
# vi /usr/local/etc/passwd_not_allowed
root
bin

Now create the wrapper:
# vi /tmp/passwd
file=/usr/local/etc/passwd_not_allowed
user=$1
grep -q ${user] ${file} && echo "${user} - You don't have access to change this passwd"  && exit
/usr/bin/passwd.dist ${User}

Set the right permissions:
# chmod 755 /tmp/passwd

Move the real passwd for another place:
# mv /usr/bin/passwd /usr/bin/passwd.dist

Put your wrapper in the place of passwd:
# mv /tmp/passwd /usr/bin/

Now you can configure a sudo for this script, if you don't want move the passwd bin you can create the wrapper in another place.

Renaming a logical volume

segunda-feira, 1 de outubro de 2012

old name: /dev/vgwow/lvol1
new name: /dev/vgwow/data_lv

# umount /dev/vgwow/lvol1
# ll  /dev/vgwow/lvol1                                      take note of the minor ( e.g 0x010001 )
brw-r-----   1 root       root        64 0x010001 Dec 31 17:59 lvol1
#       create new logical volume name
# mknod  /dev/vgwow/rdata_lv c 64 0x010001
# vi /etc/fstab                                               ( reflect the new logical volume  )
# mount -a

# rmsf /dev/vgwow/lvol1
# rmsf /dev/vgwow/rlvol1

Serviceguard - how to change package IP on line/ off line

domingo, 29 de julho de 2012

Change package IP address off line

Halt the package
# cmhaltpkg -v <package>

Update control files
/etc/cmcluster/package/package.conf

Propagate the changes manually or use cmapplyconf
(legacy or modular)

Start package
# cmrunpck <package>

Check that the IP was added.
# cmviewcl -v

Change package IP address on line

You can change the IP address while a package is up but there's some risky... but can be done.
The recommended is do it off line to avoid any problems.

Use the command cmmodnet to remove the IP addres and after to add.

Using netstat -in check that the ip address is correct.

Check the cluster status:
# cmviewcl -v

Update the package script, propagate the change to other nodes.

For more infos about cmmodnet check man pages.

Serviceguard - Change node ip address

**In this situation we are changing just the ip, the subnet stil is the same**

Backup configuration files:

/etc/hosts
/etc/rc.config.d/netconf
/etc/cmcluster/

Move the package(s) to another node
# cmhaltpkg -v <package>
# cmrunpkg -v -n NODE <package>

Remove node from all packages

Run cmapplyconf (or send the configuration files for others nodes manualy)

Stop the node
# cmhaltnode -v <node>

Remove node from cluster configuration

Apply new cluster configuration

Change IP on node
/etc/rc.config.d/netconf
/etc/hosts
Restart the net deamon for  apply the new network configuration
# /sbin/init.d/net stop
# /sbin/inti.d/net start

Add node to cluster
The bellow link is another post showing how to include a new node in the cluster running.
http://hp-ux-br.blogspot.com.br/2012/05/adding-new-node-in-running-cluster.html

Apply cluster configuration

Start the node again
# cmrunnode -v <node>

Add node to all relevant packages

Apply package configuration

Move package(s) back to node
# cmrunpkg -v -n NODE <package>
# cmhaltpkg -v <package>

Check cluster status
# cmviewcl -v

Configuring LAN on MP

quinta-feira, 26 de julho de 2012

This tutorial explain how to change the LAN configuration on MP. You can also leave the DHCP enable if you want use the bootp from your server (or other).

1. Connect to the serial port.
2. At the MP Main Menu, enter CM and press Enter to select command mode.
3. At the command mode prompt, enter LC and press Enter. The screen displays the default LAN configuration values. Write down the default values, or log the information to a file. You may need the information for future troubleshooting.
4. Use the LC command to disable DHCP.
a. From the LC command menu, type D and press Enter.
b. Follow the instructions on the screen to change the DHCP status from Enabled to Disabled.
c. Enter XD -R to reset the iLO MP.
5. Use the LC command to enter information for the IP address, host, subnet mask, gateway parameters, and so on.
6. Enter XD -R to reset the iLO MP.
7. After the iLO MP resets, log in to the iLO MP again and enter CM at the MP:> prompt.
8. Enter LC to confirm that DHCP is disabled and display a list of updated LAN configuration
settings.

Glance Adviser Script - Averaged over # of CPU's

sábado, 21 de julho de 2012

The following script will return the average CPU utilization (averaged over number of CPU's) for system, user and total utilization.  It could easily be modified to be a feed into MRTG for graphing purposes.

Script
#
# Sample glance script showing average CPU utilization across all CPU's
#
headersprinted = 0
total_total = 0
total_sys = 0
total_user = 0
count = 0
# For each CPU
cpu loop {
    # print headers if this is the first row
    if headersprinted == 0 then {
      print "   Sys CPU   User CPU  Total CPU"
      headersprinted = 1
    }
    total_total=total_total+GBL_CPU_TOTAL_UTIL
    total_sys=total_sys+GBL_CPU_SYS_MODE_UTIL
    total_user=total_user+GBL_CPU_USER_MODE_UTIL
    count = count + 1
  }
print total_sys/count, " ", total_user/count, " ", total_total/count

Output
# glance -j 5 -adviser_only -syntax cpu.cfg -iterations 3
Welcome to GlancePlus

   Sys CPU   User CPU  Total CPU
         8         30         38
   Sys CPU   User CPU  Total CPU
         5         31         35
   Sys CPU   User CPU  Total CPU
         4         24         28

Glance Adviser Script - Detailed Process Gathering

You must be carefull with this example as it will generate a lot of data very quickly, depending on the interval.  I.e. listing all processes every second is a lot of lines in a short period of time.
It would be pretty easy to modify this script to simply count the processes if you wanted to report back to MRTG the number of processes.

Script
process loop {
    if ((proc_cpu_total_util > 0) or ( proc_stop_reason != "SLEEP" ))
 then {
    print gbl_statdate, "|", gbl_stattime, "|", proc_cpu_last_used, "|",
 proc_mem_virt, "|", proc_mem_res, "|",
 proc_cpu_total_util, "|",
 proc_stop_reason, "|", proc_disk_logl_io_rate, "|",
 proc_proc_id, "|", proc_parent_proc_id, "|",
 proc_user_name, "|", proc_proc_name, "|",
        proc_cache_wait_time, "|", proc_cdfs_wait_time, "|",
        proc_disk_subsystem_wait_time, "|", proc_disk_wait_time, "|",
        proc_graphics_wait_time, "|", proc_inode_wait_time, "|",
        proc_ipc_subsystem_wait_time, "|", proc_ipc_wait_time, "|",
 proc_jobctl_wait_time, "|", proc_lan_wait_time, "|",
 proc_mem_wait_time, "|", proc_msg_wait_time, "|",
 proc_nfs_wait_time, "|", proc_other_io_wait_time, "|",
 proc_other_wait_time, "|", proc_pipe_wait_time, "|",
 proc_pri_wait_time, "|", proc_rpc_wait_time, "|",
 proc_sem_wait_time, "|", proc_socket_wait_time, "|",
 proc_stream_wait_time, "|", proc_sys_wait_time, "|",
 proc_term_io_wait_time
    }
}

Glance Adviser script - Lan statistics

This example will produce packet level statistics (in, out, collisions, errors...) for every lan interface in the server.

Script

# initialize variables:
netif_to_examine = ""   # lan0 would only report on lan0, etc.
headers_printed = headers_printed
netif loop {
  # print information for the selected interface or if null THEN all:
  IF (BYNETIF_NAME == netif_to_examine) or
     (netif_to_examine == "") THEN
  {
    # print headers the first time through the loop:
    IF headers_printed == 0 THEN
    {
      print "Date     Time    Interface  InPkts OutPkts  OutQ  Colls  Errs"
      print "   "
      headers_printed = 1
    }
    # print one line per interface reported:
    print GBL_STATDATE, " ", GBL_STATTIME, " ", BYNETIF_NAME|8,
      BYNETIF_IN_PACKET, BYNETIF_OUT_PACKET,
      BYNETIF_QUEUE, BYNETIF_COLLISION, BYNETIF_ERROR
    # (note that some interface types do not report collisions or errors)
  }
}
print "  "

Execute your lan script (lan.cfg) now:
# glance -j 5 -adviser_only -syntax lan.cfg -iterations 3

Welcome to GlancePlus

Date     Time    Interface  InPkts OutPkts  OutQ  Colls  Errs
   
04/28/04 15:01:00 lan0          3      2     0      0      0
04/28/04 15:01:00 lan3         35     39     0      0      0
04/28/04 15:01:00 lan6         31     32     0      0      0
04/28/04 15:01:00 lan7         50     31     0      0      0
04/28/04 15:01:00 lan8          0      0     0      0      0
04/28/04 15:01:00 lan4          0      0     0      0      0
04/28/04 15:01:00 lan9          0      0     0      0      0
04/28/04 15:01:00 lan10         0      0     0      0      0
04/28/04 15:01:00 lan11         0      0     0      0      0
04/28/04 15:01:00 lan5          3      2     0      0      0
04/28/04 15:01:00 lo0          26     26     0     na      0
  
04/28/04 15:01:05 lan0         13      7     0      0      0
04/28/04 15:01:05 lan3        173    230     0      0      0
04/28/04 15:01:05 lan6        121    129     0      0      0
04/28/04 15:01:05 lan7        197    142     0      0      0
04/28/04 15:01:05 lan8          1      1     0      0      0
04/28/04 15:01:05 lan4          1      1     0      0      0
04/28/04 15:01:05 lan9          1      1     0      0      0
04/28/04 15:01:05 lan10         1      1     0      0      0
04/28/04 15:01:05 lan11         1      1     0      0      0
04/28/04 15:01:05 lan5         13      7     0      0      0
04/28/04 15:01:05 lo0           3      3     0     na      0
  
04/28/04 15:01:10 lan0         12      7     0      0      0
04/28/04 15:01:10 lan3        151    221     0      0      0
04/28/04 15:01:10 lan6         97    105     0      0      0
04/28/04 15:01:10 lan7        165    126     0      0      0
04/28/04 15:01:10 lan8          1      1     0      0      0
04/28/04 15:01:10 lan4          1      1     0      0      0
04/28/04 15:01:10 lan9          1      1     0      0      0
04/28/04 15:01:10 lan10         1      1     0      0      0
04/28/04 15:01:10 lan11         1      1     0      0      0
04/28/04 15:01:10 lan5         12      7     0      0      0
04/28/04 15:01:10 lo0           0      0     0     na      0

You can redirect the output for a file.

Check/Set boot order

quinta-feira, 19 de julho de 2012

Check the boot order:
# setboot

Change primary boot device:
# setboot -p <HW ADDRESS>

Change alternate boot:
# setboot -a <HW ADDRESS>

For more options check setboot man pages.

ldapux doesn't start - "Already running"

terça-feira, 17 de julho de 2012

Message shown:

Already running

Ldapux has a lock file to prevent exec two ldap at same time, if the ldap was not correctly stoped the lock file will continue there avoiding the ldapux to start. In this case is necessary just remove the bellow file:

/etc/opt/ldapux/ldapclientd.pid

DSF - Including a path

sexta-feira, 13 de julho de 2012

The bellow example show how you can use the mksf command to manually create device files with default names, your own device file name, and custom device file corresponding to certain device options.

First of all check the disks and get the  HW address:
# ioscan -fnNC disk
(Example output bellow)
disk 344 64000/0xfa00/0x8c esdisk CLAIMED DEVICE DGC CX500WDR5
/dev/disk/disk344 /dev/rdisk/disk344

Insert the unique hardware path (-H option) and the path name as you need:
# mksf -C disk -H 64000/0xfa00/0x8c -r /dev/erptrn/asm/db50

Run the ioscan again to check the path for your disk:
# ioscan -m dsf

DHCP/ Bootp server on HP-UX?

You have the option to use the bootpd as a DHCP server, as well as a BOOTP server. You must to add the client entries in /etc/dhcptab and uncomment the bootps line in /etc/inetd.conf (don't forget to restart the inetd, inetd -c). See bootpd(1M) for details.
If you can't see the process running in top don't worry, the deamon must respawn when a client request an IP.

Configuring CIFS server (SAMBA)

sábado, 7 de julho de 2012

The first step is install the CIFS according your HP-UX version. Download the last version from HP site.
Follow the current version:

HP-UX Version	Current feature release	Preceding feature release
11.11	A.02.04.05	A.02.03.06
11.23	A.03.01.05	A.02.04.05
11.31	A.03.01.05	A.02.04.05

1. Edit the configuration files.
# cd /etc/opt/samba
# vi smb.conf

There's much option to configure your CIFS server, bellow is the minumun necessary to configure.
# workgroup = NT-Domain-Name or Workgroup-Name
workgroup = HPUX_SERVER
# server string is the equivalent of the Description field on Windows domain
server string = Samba Server
netbios name = CIFS
# Log file used
log file = /var/opt/samba/log.%m
# Log level?
log level = 1
# Security method
security = user

Bellow is an example to share some directory, in this case we are sharing the "home" dir.
[homes]
comment = Home Directories
path = /home/%U
browseable = yes
writable = yes
2. Check if the smb.conf is ok:
# /opt/samba/bin/testparms
 3. Creating users and machines to connect on domain
If the user exist on box you need just to creat it on samba now.

Creating a user:
# /opt/samba/bin/smbpasswd -a egon
New SMB password:
Retype new SMB password:
Added user egon.

Creating a machine:
# /opt/samba/bin/smbpasswd -am $egonMachine

4. Start / stop samba server
# /opt/samba/bin/startsmb
# /opt/samba/bin/stopsmb

5. Configuring Automatic Start at System Boot
When the HP CIFS Server is first installed, it will not automatically start when the system boots.
You can enable the HP CIFS Server and related daemons to do so by editing the
/etc/rc.config.d/samba file.
RUN_SAMBA=0
RUN_WINBIND=0
To configure HP CIFS Server to start automatically, set RUN_SAMBA to a non-zero value. To configure Winbind to start automatically, set RUN_WINBIND to a non-zero value.

Configuring Anonymous FTP Server by Command line

1.Add user ftp to /etc/passwd, usually:

ftp:*:500:1:anonymous FTP:/home/ftp:/usr/bin/false
The password field should be *, the group membership should be guest, or, as in this example, other, and the login shell should be /usr/bin/false.
In this example, user ftp’s user ID is 500, and the anonymous FTP directory is /home/ftp.

2.Create the ftp home directory:
a.Create the ftp home directory that you referred to in the /etc/passwd file, usually:

# mkdir /home/ftp

b.Create the subdirectories usr/bin and /usr/lib under the ftp home directory, usually:

# cd /home/ftp
# mkdir -p usr/bin
3.Copy the ls command from /sbin to /home/ftp/usr/bin, and set the permissions on the command to execute only (mode 0111):

# cp /sbin/ls /home/ftp/usr/bin
# chmod u=x,g=x,o=x /home/ftp/usr/bin/ls
4.Set the owner of the /home/ftp/usr/bin and /home/ftp/usr directories to root, and set the permissions to read-execute (not writable) (mode 0555):

# chown root /home/ftp/usr/bin
# chmod u=rx,g=rx,o=rx /home/ftp/usr/bin # chown root /home/ftp/usr
# chmod u=rx,g=rx,o=rx /home/ftp/usr
5.Create the subdirectory etc under the ftp directory:

# cd /home/ftp
# mkdir etc
6.Copy /etc/passwd and /etc/group to /home/ftp/etc.
These files are required by the ls command, to display the owners of files and directories under /home/ftp.

# cp /etc/passwd /home/ftp/etc
# cp /etc/group /home/ftp/etc

7.In all entries in /home/ftp/etc/passwd, replace the password field with an asterisk (*), and delete the shell field, for example:

ftp:*:500:1:anonymous ftp:/home/ftp: tom:*:8996:20::/home/tom:
8.In all entries in /home/ftp/etc/group, replace the password field with an asterisk (*):

users:*:20:acb guest:*:21:ftp1

9.Change the owner of the files in /home/ftp/etc to root, and set the permissions to read only (mode 0444):

# chown root /home/ftp/etc
# chmod u=r,g=r,o=r /home/ftp/etc
10.Create a directory pub (for public) under /home/ftp, and change its owner to user ftp and its permissions to writable by all (mode 0777).
Anonymous FTP users can put files in this directory to make them available to other anonymous FTP users.

# mkdir /home/ftp/pub
# chown ftp /home/ftp/pub
# chmod u=rwx,g=rwx,o=rwx /home/ftp/pub
You can create other directories to provide separate categories, such as /home/ftp/draft and /home/ftp/final.

11.Create a directory dist (for distribution) under /home/ftp. Change its owner to root and its permissions to writable only by root (mode 0755).
Anonymous FTP users can read but not alter these directories.

# mkdir /home/ftp/dist
# chown root /home/ftp/dist
# chmod u=rwx,g=rx,o=rx /home/ftp/dist
12.Change the owner of user ftp’s home directory to root and the permissions to not writable (mode 0555):

# chown root /home/ftp
# chmod u=rx,g=rx,o=rx /home/ftp

This document is part from "HP Part Number '5992-4607'" documment.

Add a network printer queue

terça-feira, 3 de julho de 2012

You can use the hppi "gui" to add a network printer or.. the adqueue command.

First of all check the model script available:
# /opt/hpnp/bin/addqueue -l

Create the queue using the appropriate model script:
# /opt/hpnp/bin/addqueue -h {printer IP} -q{printer name} -b off -i {printer model}

Do you need another HP model script?
http://www.hp.com/pond/modelscripts/index2.html

Check queue status:
lpstat {printer name}

Test the queue:
banner TEST | lp -d{printer name}

**Remembering..
1.. to do that is necessary the "jetdirect patch" installed on box.
2.. to create a local printer you have to use the lpadmin command (not the addqueue or hppi).
3.. for default the addqueue command isn't in root path.

[11.31] Mapping disks (persistent > legacy)

Using this option os ioscan command you can see all paths for your disks (persistent and legacy DSF)

This tip is useful for someone who aren't "familiar" with HP-UX 11v3.
# ioscan -m dsf
Persistent DSF           Legacy DSF(s)
========================================
/dev/rdisk/disk1         /dev/rdsk/c0t0d0
/dev/rdisk/disk1_p1      /dev/rdsk/c0t0d0s1
/dev/rdisk/disk1_p2      /dev/rdsk/c0t0d0s2
/dev/rdisk/disk1_p3      /dev/rdsk/c0t0d0s3

Creat Boot Device using EFI cli Commands

1- List the current boot options using:
fs0:\> bcfg boot dump
The boot option list is:
01. VenHw(D65A6B8C-71E5-4DF0-A909-F0D2992B5AA9) "EFI Shell [Built-in]"
02. Acpi(PNP0A03,0)/Pci(0|0)/Scsi(Pun6,Lun0)/HD(Part1,Sig478114DA-6FF6-11E0-8000-D6217B60E588)/\EFI\HPUX\hpux.efi "boot"
03. Acpi(PNP0A03,0)/Pci(0|0)/Scsi(Pun6,Lun0)/HD(Part1,Sig478114DA-6FF6-11E0-8000-D6217B60E588)/\EFI\HPUX\hpux.efi "boot2"

2-Delete the boot options(if necessary):
fs0:\> bcfg boot rm 03
bcfg: boot option 3 removed
fs0:\> bcfg boot rm 02
bcfg: boot option 2 removed
fs0:\>

3-Add new boot disk:
\> map
Device mapping table
fs0 : Acpi(PNP0A03,0)/Pci(0|0)/Scsi(Pun6,Lun0)/HD(Part1,Sig478114DA-6FF6-11E0-8000-D6217B60E588)
blk0 : Acpi(PNP0A03,0)/Pci(0|0)/Scsi(Pun1,Lun0)
blk1 : Acpi(PNP0A03,0)/Pci(0|0)/Scsi(Pun2,Lun0)
blk2 : Acpi(PNP0A03,0)/Pci(0|0)/Scsi(Pun3,Lun0)
blk3 : Acpi(PNP0A03,0)/Pci(0|0)/Scsi(Pun4,Lun0)
blk4 : Acpi(PNP0A03,0)/Pci(0|0)/Scsi(Pun6,Lun0)
blk5 : Acpi(PNP0A03,0)/Pci(0|0)/Scsi(Pun6,Lun0)/HD(Part1,Sig478114DA-6FF6-11E0-8000-D6217B60E588)
blk6 : Acpi(PNP0A03,0)/Pci(0|0)/Scsi(Pun6,Lun0)/HD(Part2,Sig478114EE-6FF6-11E0-8000-D6217B60E588)
blk7 : Acpi(PNP0A03,0)/Pci(0|0)/Scsi(Pun6,Lun0)/HD(Part3,Sig47811502-6FF6-11E0-8000-D6217B60E588)
blk8 : Acpi(PNP0A03,0)/Pci(0|0)/Scsi(Pun9,Lun0)
\> fs0:
fs0:\> cd \EFI\HPUX
fs0:\EFI\HPUX> ls
Directory of: fs0:\EFI\HPUX
04/26/11 01:29p 4,096 .
04/26/11 01:29p 4,096 ..
04/26/11 01:29p 698,356 hpux.efi
04/26/11 01:29p 31,232 nbp.efi
04/26/11 01:29p 12 AUTO
3 File(s) 729,600 bytes
fs0:\EFI\HPUX> bcfg boot add 1 hpux.efi "BOOT DEVICE"
Target = A
bcfg: Add boot option as 1
fs0:\EFI\HPUX> bcfg boot dump
The boot option list is:
01. VenHw(D65A6B8C-71E5-4DF0-A909-F0D2992B5AA9) "EFI Shell [Built-in]"
02. Acpi(PNP0A03,0)/Pci(0|0)/Scsi(Pun6,Lun0)/HD(Part1,Sig478114DA-6FF6-11E0-8000-D6217B60E588)/\EFI\HPUX\hpux.efi "BOOT DISK"
fs0:\EFI\HPUX> bcfg boot mv 2 1
bcfg: boot option 2 moved to 1
fs0:\EFI\HPUX> bcfg boot dump
The boot option list is:
01. Acpi(PNP0A03,0)/Pci(0|0)/Scsi(Pun6,Lun0)/HD(Part1,Sig478114DA-6FF6-11E0-8000-D6217B60E588)/\EFI\HPUX\hpux.efi "BOOT DISK"
02. VenHw(D65A6B8C-71E5-4DF0-A909-F0D2992B5AA9) "EFI Shell [Built-in]"
EFI Boot Manager ver 1.10 [14.62] [Build: Mon Apr 26 10:55:36 2010]
Please select a boot option
BOOT DISK
EFI Shell [Built-in]
Boot option maintenance menu
Use ^ and v to change option(s). Use Enter to select an option

Vacations

quinta-feira, 7 de junho de 2012

I'll be on vacation during the next 50 days, the amount of posts will be small during this period, but keep sending your e-mail whenever possible I will answer. I am receiving much email in the last month with doubts and suggestions, I would like to thank all :-)

[Ignite] Exclude certain Filesystems

sexta-feira, 1 de junho de 2012

Using Ignite you have two option to specify the File Systems that will not be backup.

Specifing all Filesystems in "arquive_content" file:
# make_tape_recovery -x inc_entire=vg00 -f /var/opt/ignite/recovery/archive_content

See my excluded list:
# cat /var/opt/ignite/recovery/archive_content
exclude /dir_foo
exclude /dir_bar

This is the default file location if you are doing the backup through tape, if you want perform a "make_net_recovery" use the "/var/opt/ignite/clients/0x{LLA}/recovery/archive_c​ontent" (in the Ignite server).
The -f option is not allowed when using the -x options to specify the contents of the archive.

Specifing each Filesystem in command line (-x flag)
# make_tape_recovery -x inc_entire=vg00 -x exclude=/dir_foo -x exclude=/dir_bar

Working with kernel

sexta-feira, 25 de maio de 2012

kctune
You can use this command to see all kernel parameters and to change it.

Listing kernel parameters and the current configuration:
# kctune

Changing a parameter:
# kctune parameter=134217728

You can say for it change the parameters just after a reboot, there is few options to customize. Some parameter is mandatory to reboot for apply.

kcmodule

The kcmodule command queries and changes the states of kernel modules in the currently running configuration or in a saved configuration.

There is five different kernel state

From man page:

unused The module is not used in any way.
static The module is statically bound into the kernel executable.
auto The module will be dynamically loaded into the kernel when something tries to use it.
loaded The module is dynamically loaded into the kernel.
best The module will be put into the state identified by the kernel module
developer as its "best" state. Typically this will be auto, if supported by the
module, otherwise loaded, if supported by the module, otherwise static.
Note that a module in best state will inherit any changes that HP makes to
the "best" state for a module, in a patch or a future release of HP-UX.

How to see all optional modules and their current states?
# kcmodule

How to check the current state?
# kcmodule module

How to change the state?
# kcmodule module=newState

Identifying a lun from a HP EVA storage

There's two good method to do that:

Using scsimg command (11iv3):
# scsimgr get_attr -D /dev/rdisk/disk22 -a wwid

Search for the bellow line

current = 0x600508d400101a2f00010000011c0000

Using evainfo:

I think since the 8 version you are able to find it on "HP StorageWorks Storage System Scripting Utility CD (SSSU)". This script provide much useful information about their disks (including the serial numer).
# evainfo -aP

How to configure a NTP server?

sábado, 19 de maio de 2012

Enable the ntp server in the config file /etc/rc.config.d/netdaemons:
# vi /etc/rc.config.d/netdaemons..
# this variable list the nfs servers separated by space.
export NTPDATE_SERVER='ntp.mycorp.com pool.ntp.org in.pool.ntp.org'
# This flag enable the ntp service to start with the server
export XNTPD=1
# See man pages to see the options available
export XNTPD_ARGS=

Setup the time zone in /etc/TIMEZONE file (look for TZ variable):
# vi /etc/TIMEZONE
..
# Use your time zone here, you can check man pages for see others examples for time zone.
TZ=MST7MDT

Edit the ntp.conf configuration file:
# vi /etc/ntp.conf
..
server unix-box-ntp
# ntp server used (poll) to obtain time
server delhi-ntp
# a peer relationship with another ntp server
peer delhi-noc-ntp
# driftfile : track local clock time (drift of the local clock)
driftfile /etc/ntp.drift

Start the NTP service:
# /sbin/init.d/xntpd start

Check if xntpd service is running:
# ps -ef | grep xntpd

Verify if the NTP server is working fine:
# ntpq -p

For troubleshot check the syslog (/var/adm/syslog/syslog.log).

Adding a new node in a running cluster

1- Add the new node in the file /etc/cmcluster/cmclnodelist.
2- Get the most up-to-date ASCII configuration file.
# cmgetconf -v -c clustername /etc/cmcluster/cluster.ascii

3- Query all nodes, including the new node, in the cluster.
# cmquerycl -v -c cluster_name -n node1 -n node2 cluster.ascii

4- Compare the ASCII files obtained from cmgetconf and cmquerycl.
5- Update the ASCII configuration file obtained from cmquerycl.
6- Check the new ASCII configuration file.
# cmcheckconf -v -C cluster.ascii

7- Compile and distribute the new binary cluster configuration file.
# cmapplyconf -v -C cluster.ascii

8- Start cluster services on the new node.
# cmrunnode -v newNode

9- Check the cluster status and the log file for validate.

# cmviewcl

tail -100 /var/adm/syslog/syslog.log

How to upgrade Serviceguard

sábado, 12 de maio de 2012

1. First of all create a backup of /etc/cmcluster dir:
#cp -pR /etc/cmcluster /etc/cmcluster.bck

2. Also do a cmgetconf of the current configuration.

3. Halt ALL PKGs running on the first node and the node:
#cmhaltpkg pkg1
#cmhaltpkg pkg2
#cmhaltnode node

4. Get the service guard product name:
swlist |grep -i service

5. Uninstall Serviceguard:
#swremove -x enforce_dependencies=false
 Select the Serviceguard product in the list.

6. Install the new Serviceguard version using swinstall.

7. After installation check the new version with swlist |grep -i service

8. start the node
#cmrunnode node

9. Now for validate...
Check cluster status:
#cmviewcl -v
Check cluster logs on /var/adm/syslog/syslog.log

Now with the node validate do the same for others node.
Finally start all PKGs.

Quick Refence - AIX x HP-UX - command line comparison

sábado, 28 de abril de 2012

Bellow a little list showing the equivalent command in both SO, HP-UX and AIX.

HP-UX AIX Commands sam/smh (11iv3) smitty Administrative tool swlist oslevel Check system level swlist lslpp List installed packages swinstall/swremove installp Install/remove packages swapinfo lsps List swap top topas Monitoring system stm diag Check hw usermod chuser Modify user parms vgchange -a n varyoffvg Desactive a VG vgchange -a y varyonvg Active a VG vgdisplay lsvg List VG properties lvdisplay lslv/lsfs List FS properties lvremove rmlv Remove a LV bdf df Check FS. ioscan cfgmgr Add a device rmsf rmdev Remove a device glance nmon Monitoring system performance setboot bootlist -o -m normal Check boot list getconf MACHINE_SERIAL (pa-risc) machinfo | grep -i serial lsattr -El sys0 -a systemid Check machine serial shutdown -y -h 0 shutdown -Fh now Shutdown server Files /etc/nsswitch.conf /etc/netsvc.conf Query order (passwd.. host) /etc/fstab /etc/filesystems Filesystem list /dev/rmt/0mn /etc/rmt0 Tape device /var/adm/messages /var/adm/syslog/syslog.log System log

rresvport_af: socket: All ports in use (loop!)

terça-feira, 17 de abril de 2012

Follow the message showed when you try check a queue:

# lpstat QUEUE

rresvport_af: socket: All ports in use

err: rresvport_af()

/usr/sbin/rlpstat: Connection to QUEUE is down

no entries

Solution:

Check for "rpl" process running (will see a lot of them):

# ps -ef | grep rlp

root   1688   2345   0 08:24:40    ?      0:00 rlpdaemon -i

Use the "smh" to verify the type of that queue.

When the printer is a "remote" printer and it was created as a "network" printer, it will begin a loop causing problems to spooler. In this case is necessary remove the printer and create it again, you can create/remove it using hppi or by command line (addqueue/removequeu).

root   988   2345   0 08:24:40    ?      0:00 rlpdaemon -i

HBA - Finding the firmware version

Check fc available in your box:

# ioscan -fnCfc

Now replace the "fcms0X" for your fc:

#fcmsutil /dev/fcms0X vpd

Adding a tape/CD drive to a HPVM guest

segunda-feira, 9 de abril de 2012

To create an HP-UX sctl device file, follow these steps:
1. Run ioscan to pick up any new devices that may have just been connected:
# ioscan -fn

2. Locate the device designated for attachment.
2a. Install any device special files for these new devices:
# insf -e

2b. Check to see if the new devices were claimed by VM Host:
# ioscan -fun

The following is an example of a claimed tape device:
tape 1 0/2/1/0.5.0 stape CLAIMED DEVICE HP C7438A
/dev/rmt/1m /dev/rmt/c6t5d0BESTn
/dev/rmt/1mb /dev/rmt/c6t5d0BESTnb
/dev/rmt/1mn /dev/rmt/c6t5d0DDS
/dev/rmt/1mnb /dev/rmt/c6t5d0DDSb
/dev/rmt/c6t5d0BEST /dev/rmt/c6t5d0DDSn
/dev/rmt/c6t5d0BESTb /dev/rmt/c6t5d0DDSnb

3. Install sctl device files under the /dev/rscsi/ directory using the hpvmdevmgmt
command. For example:
# hpvmdevmgmt -I

The resource statements for attached devices take the following forms depending upon device
type:

For magnetic tape, use:
tape:scsi::attach:/dev/rscsi/cXtYdZ
For media changers, use:
changer:scsi::attach:/dev/rscsi/cXtYdZ
For CD/DVD burners, use:
burner:scsi::attach:/dev/rscsi/cXtYdZ
Where /dev/rscsi/cXtYdZ is an HP-UX sctl device file to the device type specified.

4. Locate a /dev/rscsi sctl device file that corresponds to the device slated for attachment.
If the device was claimed, the /dev/rscsi file ends with the same cXtYdZ numbers.
The following is an example of a tape device:
Claimed = /dev/rmt/c6t5d0BEST
SCTL = /dev/rscsi/c6t5d0

The following is an example of CD/DVD burner device:
Claimed = /dev/rdsk/c4t3d2SCTL = /dev/rscsi/c4t3d2
The following shows how the hardware address is broken down into controller, target and
device numbers:
c is the instance of 0/2/1/0
ext_bus is 6
t is 5
d is 0
The sctl file to create is /dev/rscsi/c6t5d0

To create the sctl device file, see scsi_ctl(1M).Use the mknod command, substituting the values in the minor number as noted:
# /usr/sbin/mknod /dev/rscsi/devname c 203 0xCCTL02

The following is an example of media changer device:
Claimed = /dev/rac/c6t0d0
SCTL = /dev/rscsi/c6t0d0

Now attach the device in his guest (vm1), follow an example:

# hpvmmodify -P vm1 -a "tape:scsi::attach:/dev/rscsi/c6t0d0"


source: Installing and Managing Integrity Virtual Machines 3.5 manual

Ipfilter - logging tcp/upd connections

domingo, 8 de abril de 2012

First of all you need the ipfilter installed in you box, Ipfilter is a default software since HP-UX 11.23, for older you can download it free from software.hp.com.

1. Add the following rules to your Ipfilter.

The configuration file used for that is /etc/opt/ipf/ipf.conf.

pass in log first quick proto tcp from any to any flags S keep state
pass out log first quick proto tcp from any to any flags S keep state
pass in log first quick proto udp from any to any keep state
pass out log first quick proto udp from any to any keep state
pass in from any to any
pass out from any to any

2. Load the configuration file or restart the Ipfilter.

# /sbin/ipf -f /etc/opt/ipf/ipf.conf

Once the configuration is loaded every time a UDP or TCP connection is initiated it will be logged to the /var/adm/syslog/syslog.log

Can be a good idea now separate this log from syslog. 

MP/GSP logs from OS

sábado, 31 de março de 2012

(GSP) Basically you need the cclogview tool, it is part of the Contrib-Tools product.
Follow an example (reduced and detailed):
To get reduced view:
# cclogview -k /var/stm/logs/os/ccerrlog | grep HKP_UNDRVOLTAGE
471 PM 0 *14 0x582008e44501404f 0x00006e0316141c17 HKP_UNDRVOLTAGE
762 PM 0 *14 0x582008e44501404f 0x00006e05070a0f39 HKP_UNDRVOLTAGE

To get the detailed view:
# cclogview -d /var/stm/logs/os/ccerrlog
471 PM 0 *14 HKP_UNDRVOLTAGE 04/22/2010 20:28:23
Log Entry 471: 04/22/2010 20:28:23
Alert Level 14: Fatal PWR or environmental problem; Keyword: HKP_UNDRVOLTAGE
Housekeeping power supply 1 output undervoltage error; Status: 15
Logged by power monitor 0 during monitoring of low voltage power supply
0x582008e44501404f 0x00006e0316141c17

(MP) you can use the slview contrib tool to read the fpl logs in the /var/stm/logs/os dir, with -f you choose the raw log file you wan't to use, and then you get a cli interface that is just the same as the one in the MP SEL log:
# /usr/sbin/diag/contrib/slview -f /var/stm/logs/os/fpl.log.06
Welcome to the FPL (Forward Progress Log) Viewer 1.2
The following FPL navigation commands are available:
D: Dump log starting at current block for capture and analysis
F: Display first (oldest) block
L: Display last (newest) block
J: Jump to specified entry and display previous block
+: Display next (forward in time) block
-: Display previous (backward in time) block
: Repeat previous +/- command
?: Display help
q: Exit viewer
More info on slview:
http://docs.hp.com/en/diag/eit/st_event_viewer_cli.htm

Source:
http://www.hpuxtips.es/?q=node/276

Ignite - How to recover a single file from a Ignite tape?

terça-feira, 20 de março de 2012

First of all you have to skip the tape header:

It's different for each platform:

If you have Itanium..

# mt fsf 22

Or PA-RISC:

# mt fsf 1

Now use the tar command to recover the file. We are recovering the OLDsyslog in our example.

# tar -xvf /dev/rmt/0mn var/adm/syslog/OLDsyslog.log

If you are not using the /dev/rmt/0mn you have to specify in the mt command.

What's the IP of my MP?

domingo, 11 de março de 2012

This tip is applicable for the newer Itanium. If you don't know the IP address of console...

# /opt/propplus/bin/cprop -detail -c "Management Processor"

You can use the cprop to perform a health check in the hardware (if the hardware is supported for this tool). Remembering in the newer Blade system you can't use the cstm, this tool can replace it in the most activies.

How to reset the GSP by command line?

sábado, 10 de março de 2012

When you run this command you will get a prompt on the console: "Press 'p' now to clear all GSP passwords and users...". If you press "p" and then confirm it (you only have a few seconds to respond), the GSP user/password info is wiped. Your LAN info is kept however.

 

# stty +resetGSP </dev/GSPdiag1

 

Check the GSP state:

 

# stty +queryGSP < /dev/GSPdiag1

 

 

NIS - Who is the NIS master?

The follow command will return the NIS master is use:

# ypwhich -m passwd

Password policies - Trusted and Non-Trusted

sábado, 3 de março de 2012

Non-Trusted Systems
Configuration file used to set/get password policies:

/etc/default/security
/etc/shadow

There're few options to configure in a non-trusted system, like the Password expiration and number of weeks before the password can be changed again.
You can check the security (4) man page for more details.
If you are using a non-trusted system is recommended use at least shadow to improve the security so you can edit some rules individually using the passwd command, like the password age, check their man page. Use pwconv to enable shadow and use pwck to check /etc/passwd and /etc/shadow integrity.
The following attributes, defined in /etc/default/security, apply to shadow passwords:
INACTIVITY_MAXDAYS
Number of days before expiring an account for inactivity.
PASSWORD_MINDAYS
Minimum number of days before a password can be changed.
PASSWORD_MAXDAYS
Maximum number of days that passwords are valid.
PASSWORD_WARNDAYS
Number of days before warning users of password expiration.

Trusted Systems

Configuration file used to set password policies:

/etc/default/security
/tcb/files/auth/system/default
/tcb/files/auth/*

You have many option to configure in a Trusted System all those configuration files are ASC files, so you can edit it but isn't indicated do that, the best to do here is do through SAM.

The /tcb/files/auth/system/default is a file used as a global policies for all users, you can edit some policies to be applied individually, that is stored in the /tcb/files/auth/*. If a capability is not explicitly listed individually it will assume the default behavior for that capability as specified in the system-wide defaults file /tcb/files/auth/system/default..
There's another files external to TCB, /etc/default/security, that can be used to apply another policies, like the "PASSWORD_HISTORY_DEPTH", There are significantly more features available in the /etc/default/security file that do not need Trusted Systems to be configured (if the file doesn't exist, just create it).
You can check the security (4) man page for more details.

After change anything here, it's a good idea to check the consistency .
root@SERVER[/] authck -vp

MC Serviceguard - Replace Quorum Server

domingo, 26 de fevereiro de 2012

The first step is stop completely the cluster.. you can't do that without stop your cluster.

for each package:

# cmhaltpkg <package_name>

Stop the cluster:

# cmhaltcl

Now change the Quorun server:

# vi /etc/cmcluster/cmclconfig.ascii
...
QS_HOST quorum-server

Apply changes:

# cmapplyconf -v -C cmclconfig.ascii

Check the cluster configuration:

# cmcheckconf -v -C cmclconfig.ascii

Star the cluster again:

# cmruncl -v

Now check if the new quorum server is in use.

# cmviewcl -v

What's mean the Serial Number?

quarta-feira, 22 de fevereiro de 2012

See the explanation using the follow serial number as example:

DEH2381234

The first two characters are the country code, in our example Germany (DE)
The third character is the code of the supply site (H ->Herrenberg, Germany)
The next three characters are the date of manufacture, the first digit is for the year then two for the calendar week (238 -> 38th week of 2002)
The last four characters are a sequential ID on that particular week (1234)

CSE - Speciality in Networking and Security - HP-UX 11i v3

sábado, 18 de fevereiro de 2012

I have completed the last exam to complete the "CSE - Speciality in Networking and Security - HP-UX 11i v3". For those interested and take the exam:

Register for this certification in The Learning Center

Complete prerequisites:
CSA - HP-UX 11iv3
The current CSA exam:
Exam HP0-P20 HP-UX 11iv3 System Administration

Complete requirements:
Core requirement #1
Exam HP0-P21 HP-UX 11iv3 Advanced System Administration

Core requirement #2
Exam HP0-P17 HP-UX 11i v3 Security Administration

Just to remember, now to schedule the certification exam you have to do through "Pearson Vue", you can't do it more through Prometric.

Useful links:

HP - CSE Speciality in Networking and Security - HP-UX 11i v3

Pearson Vue - HP

IP forwarding

sábado, 4 de fevereiro de 2012

Check the current state:
# ndd -get /dev/ip ip_forwarding

(0 = disable, 2 = enable)
to enable use the follow command:
# ndd -set /dev/ip ip_forwarding 2

disable:
# ndd -set /dev/ip ip_forwarding 0

If you want leave this configuration permanet you have to add the follow lines in nddconf file
ndd conf file: /etc/rc.config.d/nddconf

lines that need be edited:
TRANSPORT_NAME[X]=ip
NDD_NAME[X]=ip_forwarding
NDD_VALUE[X]=2

Disable password age for all user

Sure, there's another methods to do that less fun :)
#for i in `awk -F ":" '{print $1}' /etc/passwd`
do
        passwd -x -1 $i
done

Installing Powerpath (EMC)

First of all is necessary send the depot to server, download always the last version.
Obs. It's necessary reboot the server.

This command will install the patch:
#swinstall -x autoreboot=true -x mount_all_filesystems=false -s /tmp/EMCPower.HP.4.1.0.tar EMCpower
Where "-s" will receive the full path of the patch.

It's time to configure now:
This command will ask te registration key.
#emcpreg -install  
#powermt config
#powermt set policy=so dev=all
#powermt save

You can check your disks:
# powermt display dev=all

Check the powerpath configuration:
# powermt display

Checking the HP-UX installation date

Follow some solution:

Using print_manifest:

# print_manifest | grep -i "The system was created"
Using swlist:

# swlist -l bundle -v HPUXBaseOS | grep mod_date

or

# swlist -a install_date -l product | grep -i os-core

What's the patch installation date?

There's different mothods to do that:

1 - Using swlist:

# swlist -l patch -a revision -a title -a state -a install_date

This is the date format:
200903081306.51
YYYYMMDDHHMM.SS

2 - Using "ls":

# ls -dltr /var/adm/sw/products/PH*

Check the creation date on output.

Add lan to a HPVM (using a specified vlan)

sábado, 28 de janeiro de 2012

Replace <name> with the name of your virtual machine and <networkname> with a name for your network. Every virtual machine must have the same network name to be part of the same LAN.

1 - Log in your HPVM host

2 - Create a virtual switch:
# hpvmnet -c -S <networkname> -n 900

3- Define 2 ports with vlan 113 and 213:
# hpvmnet -S <networkname> -u portid:1:vlanid:113
# hpvmnet -S <networkname> -u portid:2:vlanid:213 

4- Modify the VM to have a network device attached to the virtual network:
# hpvmodify -P <name> -a network:avio_lan::vswitch:<networkname>:portid:1
# hpvmodify -P <name> -a network:avio_lan::vswitch:<networkname>:portid:2

5 - Check the network in the hpvm guest, if everything is right you will see a new adapter:
# hpvmnet -S <networkname>

Restrict the access to the /etc/passwd file for ftp conections

terça-feira, 24 de janeiro de 2012

In the file /etc/ftpd/ftpaccess set the follow option:

noretrieve /etc/passwd

Allowing logins specified period

You can define with the userdbset command what period that a specified user can login in your system, follow an example:

# userdbset -u egon LOGIN_TIMES=Any0800-1800

Where:
-u egon = user name
Any = Any day
0800-1800=Period allowed 08AM at 6PM.

How to instal a new tape drive

sábado, 21 de janeiro de 2012

If you are replacing your tape drive, you need remove the current tape drive:

check the tape address:

# ioscan -fnCtape

Use the hardware path obtained by ioscan:

# rmsf -H <hardware path>

Now create the special file for the new one:

# insf -C tape

Use the ioscan command again to check if the tape driver is OK:

# ioscan -fnCtape

You can see in the syslog the special files been created.

Changing the location of sshd log, this will leave your syslog more clear

Modify the sshd config file:

# vi /opt/ssh/etc/sshd_config

SysLogFacility LOCAL6

Now modify the syslogd config file:

# vi /etc/syslog.conf
…
local6.notice /var/adm/syslog/sshd.log

"notice" is the log level.

In the same config file you need say to don't log more in the syslog.log:

*.info;mail.none;local5.none;local6.none        /var/adm/syslog/syslog.log

Restart the sshd
Don't worry you won't miss your current connection.
/sbin/init.d/secsh stop
/sbin/init.d/secsh start

Restart the syslogd:
/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start

How to extend root filesystem - Usint DRD, Ignite and LVM maintenance mode

quarta-feira, 18 de janeiro de 2012

First method, using DRD:


Patches necessarie:


HP-UX 11i v2 - Jan 2012 (DRD_1123_WEB1201.depot)
HP-UX 11i v3 - Jan 2012 (DRD_1131_WEB1201.depot)
If you have installed the DRD you can do through it.
1 - Clone your system using the follow procedure:
Clone with DRD


2 - Mount your clone:
Use the "drd mount", this comand locate a inactive system image and mount it. The drd mount command automatically chooses the mount point for the inactive system image.
# drd mount


3 - Umount the "root":
# umount /dev/drd00/lvol3

4 - Now extend it:
# lvextend -l 999 /dev/drd00/lvol3

# extendfs -F vxfs /dev/drd00/rlvol3

# mount /dev/drd00/lvol3 /var/opt/drd/mnts/sysimage_001
5 - Check:
# bdf /var/opt/drd/mnts/sysimage_001


6 - Umount and activate:
# drd umount
# drd activate


7 - Reboot the server with the new DRD image:
# shutdown -y -r 0




Second method, LVM maintenance mode :


Make sure that the vg00 is un-mirrored and the space to extend the root LV is available in the same disk as continguous physical extents because the root volume allocation policy must be contiguous.
If the adjacent physical extents are occupied by any other LV move that logical volume to some other disk using pvmove command.
# pvmove -n /dev/vg00/lvolx /dev/dsk/c0txd0 /dev/dsk/c0txd0


Shutdown the machine and interrupt the normal boot process by pressing any key. From the boot admin prompt type boot pri isl you will get the isl prompt.
ISL> hpux -lm


This will take you to the logical volume maintanence mode. Don't try to mount any logical volume and don't switch to multiuser mode or a different runlevel.


The root LV will now be mounted on /dev/root instead of /dev/vg00/lvolx
Now you can execute the extendfs command on the root logical volume:
# extendfs -F vxfs /dev/vg00/rlvol3


Note down the alternate superblock locations and reboot the macine using
# reboot -n


This will cause the system to not sync the old superblock back to the filesystem and damage it.
When you boot the system normally now you will get all the allocated space for the root filesystem.
Now you will notice that the root volume is still mounted on /dev/root rather than /dev/vg00/lvol3. To correct this you remove the /etc/mnttab and you will find bdf now displays the correct logical volume.




Third method, Ignite:

1. Make sure any external devices that need to be configured at cold-install are connected to the target system and are turned on and operational.
2. Insert the HP-UX DVD into the drive.
3. Stop the autoboot by pressing any key.
   The boot console menu is displayed. If you need help, enter: HELP
4. Search for bootable devices, using the choices displayed (for example, enter searchorsea). A table similar to this is displayed:
   Path#  Device Path       Device Type
   -----  -----------       -----------
   P0     TAPE              HP TAPE
   P1     LAN.1.2.3.4.5.6   1.2.3.4 
   P2     FWSCSI.6.0        IBM DDRS-34560WS
   
   Of the media listed, a fast/wide SCSI device (FWSCSI) is usually a disk, whereas a single-ended SCSI device (SCSI) can be a disk or CD/DVD drive.
5. For a legacy hardware path, boot from the Tape drive using the listed path number. For the drive shown in the previous example (P0), enter:  BOOT P0
6.  After a few minutes, at the Interact with IPL? prompt press n.
7. Select:
   "Media only instalation"and
   "Advanced instalation"Click OK to advance to next screen.
8. Now select:
   "Boot from CD/DVD, Recover from Tape"Click OK to advance to next screen.
9. Now you can resize your FS on the filesystem tab.
10. Click "go!" to finish.

Changing the FTP umask

segunda-feira, 16 de janeiro de 2012

Edit the /etc/inetd.conf specifying the umask with the "-u" par, bellow a example:

ftp stream tcp nowait root /usr/lbin/ftpd -u 22
Restart the inetd:

# inetd -c

How to stop a FTP server?

It's a simple task but very useful. The ftpd is started by inetd if you want stop it just comment the follow line in the /etc/inetd.conf:

# ftp stream tcp nowait root /usr/lbin/ftpd

Restart the inetd:

# inetd -c

And that's all :)

Adding timestamp after each command typed, using a trap

Put the follow entry in the user profile:

trap 'date "+# %c" | read -s' debug

Converting: untrusted system <-> trusted system

Login as root and enter the below command.
# tsconvert

Obs. 
1 - Be careful, all UID’s other than root will be forced to change their passwords the first time they log on.
2 - The installed umask of 0 for all accounts will be changed to 07077

Immediately after conversion change the root password

To make a untrusted server use the bellow command
# tsconvert -r

Making a new Serviceguard cluster

1- First of all install the ServiceGuard using swinstall
Or check with swlist if the Serviceguard is present on that machine:
# swlist Serviceguard

2- Add the node hostnames in /etc/cmcluster/cmclnodelist

3- Steps to check before to create the cluster:
Is this a two nodes cluster?
- If yes you need a quorum disk/host for your cluster.
Check the follow itens in all nodes:
- If the kernel parameter are consistents
- Comunication between the nodes must be ok.
- If all users and groups are using the same uids/gids.
- Comment out all VGs controlled by ServiceGuard in the /etc/fstab
- Copy all volume groups that will be countrolled by ServiceGuard to all nodes, use the follow procedure:
The Re-Import VG Procedure

4- Enable the NTP

5- Check active NICs have ipaddress associated with them (netconf) and standby NICs don't.

6- Edit /etc/lvmrc, the VGs controlled by ServiceGuard canno't be auto activated (this shouldn't include root VG).

7- Add all IPs used in the /etc/hosts
- Don't forget to include a hearbeat in a different network.
- If you have the heartbeat in your dns server include it in /etc/hosts too.

8- Create a basic cluster structure with one package.

Create cluster config file using cmquerycl
cd /etc/cmcluster/
# cmquerycl –v –C cmclconfig.ascii –n <node1> -n <node2>
Edit the ascii file, follow some points to change (example):
# vi cmclconfig.ascii

CLUSTER_NAME <myCluster1>
NODE_NAME <node1>
NETWORK_INTERFACE <lan0>
HEARTBEAT_IP <192.168.100.101>
NETWORK_INTERFACE <lan1>
HEARTBEAT_IP <164.39.8.92>
NETWORK_INTERFACE <lan2>
NODE_NAME <node2>
NETWORK_INTERFACE <lan0>
HEARTBEAT_IP <192.168.100.102>
NETWORK_INTERFACE <lan1>
HEARTBEAT_IP <164.39.8.93>
NETWORK_INTERFACE <lan2>
HEARTBEAT_INTERVAL 2000000
NODE_TIMEOUT 5000000
MAX_CONFIGURED_PACKAGES 10

Compile and distribute using cmapplyconf
# cmapplyconf –C /etc/cmcluster/cmclconfig.ascii

9- Start the cluster with cmruncl command
# cmruncl

10- Now you have a cluster but you don't have any package, follow few steps to create a basic package.
Create the package config file using cmmakepkg
# cd /etc/cmcluster
# mkdir pkg1
# cd pkg1
# cmmakepkg –p pkg1.conf

11- Edit as required for your app

12- Create package control script using cmmakepkg
- The control script is placed in the package directory and is given the same name as specified in the RUN_SCRIPT and HALT_SCRIPT parameters in the package configuration file.
- The control script must reside in a directory with the string cmcluster in the path.
# cmmakepkg –s pkg1.cntl
Customise the script as required

13- Validate the cluster and your packages using the follow procedure:
How to validate the cluster configurations

14- Copy the control script to other nodes, keep the same path and names.

15- Relocatable ipaddresses must be defined in DNS or /etc/hosts

16- Active the cluster autostart editing the follow configuration file as showed bellow
# vi /etc/rc.config.d/cmcluster
AUTOSTART_CMCLD=1

** Version 11.18+: you can create the package as a modular package or as a legacy package, for a modular package isn't necessary create the control files, just the configuration. This's not the only different you can see in released notes from Serviceguard 11.18 the all information about that. **

Test ftp data transfer rate without actual transfererring

Connect in the ftp server

# ftp targethost
username/passwd...Type "bin", to change to binary mode.
bin
Type "hash", this command will show the download progress
hash
Type the follow command line to test the data transfer rate
put "|dd if=/dev/zero bs=32k count=1000" /dev/null

How to create a DNS server

1. Create a list of host names and correspondence IP addresses in your /etc/hosts file.
2. # mkdir /etc/named.data3. # cd /etc/named.data4. Create a file named param that will be used by hosts_to_named to create DNS data files-d DNS.com  --> it's your domain name
-n 192.168.3  --> it's your subnet
-z 192.168.3.10 --> it's your master server's IP.
-b /etc/named.conf

5. Now you have to make a data base to be used for your dns, the follow command will use the hosts contens to generate it.

# hosts_to_named –f param

6. download the db.cache file from ftp.rs.internic.net and copy it to /etc/named.data directory

# ftp ftp.rs.internic.net
Connected to ftp.rs.internic.net.
220-**********************************************************
220-**********************************************************
220-***** InterNIC Public FTP Server *************************
220-**********************************************************
220-***** Login with username "anonymous" ********************
220-***** You may change directories to the following: *******
220-**********************************************************
220-******* domain - Root Domain Zone Files ******************
220-**********************************************************
220-***** Unauthorized access to this system may *************
220-***** result in criminal prosecution. ********************
220-**********************************************************
220-***** All sessions established with this server are ******
220-***** monitored and logged. Disconnect now if you do *****
220-***** not consent to having your actions monitored *******
220-***** and logged. ****************************************
220-**********************************************************
220-**********************************************************
220
Name (ftp.rs.internic.net:root): anonymous
331 Please specify the password.
Password:Press Enter
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd domain
250 Directory successfully changed.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.

-rw-r--r--	1 ftp	ftp	607	Nov 01 19:31 INTERNIC_ROOT_ZONE.signatures
-rw-r--r--	1 ftp	ftp	843	Nov 01 19:31 INTERNIC_ROOT_ZONE.signatures.asc
-rw-r--r--	1 ftp	ftp	694	Nov 01 19:15 arpa.zone.gz
-rw-r--r--	1 ftp	ftp	33	Nov 01 19:14 arpa.zone.gz.md5
-rw-r--r--	1 ftp	ftp	65	Nov 01 19:15 arpa.zone.gz.sig
-rw-r--r--	1 ftp	ftp	2938	Jul 09 14:55 db.cache
-rw-r--r--	1 ftp	ftp	48	Jul 09 14:55 db.cache.md5
-rw-r--r--	1 ftp	ftp	1326	Jul 09 14:55 db.cache.sig
-rw-r--r--	1 ftp	ftp	2941	Jul 09 14:55 named.cache
-rw-r--r--	1 ftp	ftp	51	Jul 09 14:55 named.cache.md5
-rw-r--r--	1 ftp	ftp	1322	Jul 09 14:55 named.cache.sig
-rw-r--r--	1 ftp	ftp	2940	Jul 09 14:55 named.root
-rw-r--r--	1 ftp	ftp	50	Jul 09 14:56 named.root.md5
-rw-r--r--	1 ftp	ftp	1330	Jul 09 14:56 named.root.sig
-rw-r--r--	1 ftp	ftp	83145	Nov 01 19:32 root.zone
-rw-r--r--	1 ftp	ftp	21228	Nov 01 19:33 root.zone.gz
-rw-r--r--	1 ftp	ftp	33	Nov 01 19:31 root.zone.gz.md5
-rw-r--r--	1 ftp	ftp	65	Nov 01 19:31 root.zone.gz.sig
-rw-r--r--	1 ftp	ftp	33	Nov 01 19:32 root.zone.md5
-rw-r--r--	1 ftp	ftp	65	Nov 01 19:33 root.zone.sig

226 Directory send OK.
ftp> get named.cache
local: named.cache remote: named.cache
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for named.cache (2941 bytes).
226 File send OK.
2941 bytes received in 0.00444 secs (6.5e+02 Kbytes/sec)
ftp> quit
221 Goodbye

# cp named.cache /etc/name.data

7. modify /etc/rc.config.d/namesvrs file (NAMED=1) to start named process automatically with the server.

8. Start the named server

# /sbin/init.d/named start

Find the list of files in a bundle

First find the bundle name

# swlist -l bundle -s /patch/11.00/depot
Then
# swlist -l file -l bundle -s /patch/11.00/depot PB_11_00_march_2003

[IGNITE] How to check the integrity of a tape created by make_net_recovery (Itanium)

Rewind the tape

# mt -t /dev/rmt/0mn rew

Pass the header

# mt -t /dev/rmt/0mn fsf 22

Read the tape contents

# tar -tvf /dev/rmt/0mn

Confirm the execution of your tar

# echo $?

Cleanup command

sábado, 14 de janeiro de 2012

The cleanup command can free space for you commiting patches installed, but if you commit a patch you can't more use swremove to remove it.

cleanup -c n  <--  commits patches that have been superseded n number of times.  Useful to free up disk space in /var/adm/sw/save.
cleanup -p  <-- previews the actual cleanup tasks but does not actually perform the cleanup

[swagentd] ERROR:Remote Procedure Call to a daemon has failed Could not start a management session for...

If you see this error message when you are tring remove/install a depot:

ERROR:Remote Procedure Call to a daemon has failed.  Could not start a management session for <target>.   Make sure the host is accessible from the network,  and that its daemon, swagentd, is running. If the daemon is running see the daemon logfile on this target for more information.

it means SD-UX could not contact the daemon program on a specific target system. Note that this may occur even if you haven’t specified any targets, for example, if the daemon on your local host is not running.

Resolution

If the SD-UX daemon/agent is not installed on a given target system, you must install it before you can use SD-UX.
If you’ve verified that the daemon/agent component has been installed on a target system and you still have trouble contacting it, check to see that the daemon is running:

1. On the target system, type:
   ps -e | grep swagentd
2. If the daemon does not appear to be running, you can start it by typing (as root on the target system):
   /usr/sbin/swagentd
3. If you attempt to start a daemon when one is already running, you will see a message about the other daemon; this is harmless.
   You can also kill and restart a currently running daemon by typing:
   /usr/sbin/swagentd -r

Search for a specified patch

# swlist -l product| grep PH | more


PH = replace this word for "what you are searching"

Create a depot with multiple individual depots

1 - Create all depots, use the follow command for each patch:

# sh patch

2 - Use the swcopy to create a new depot:

# for i in PH*.depot
do
        swcopy -x enforce_dependencies=false -s ${PWD}/$i \* @ /tmp/patch_depot         <-- /tmp/patch_depot this will be the destination directory of your depot
done

3 - Now you can use your new depot to install your patches:

# swinstall -s /tmp/patch_depot

Process to recover the root password (PA-RISC, system non-trusted)

1. "shutdown -y -r" for reboot the server
2. Interupt the boot process during the 10 second interval (display will indicate this on the screen)
3. bo pri
4. Answer yes to interact with the ipl
5. At the prompt "hpux -is" for single user mode
6. cd /sbin
7. passwd root  and  follow prompts to put in new password
8. shutdown -r 0  to reboot to multiuser mode

CIFS (Samba) - Quick Reference

/etc/opt/samba/smb.conf

This's the main configuration file.

/var/opt/samba/logs/

Log dir

/etc/rc.config.d/samba

Edit this file seting RUN_SAMBA to a non-zero value to enable the samba start with the server boot

/opt/samba/bin/smbstatus

It shows who is logged and locked files.

/opt/samba/bin/smbstatus -L

Show just he locked files.

/opt/samba/bin/smbstatus -u USERNAME

Show infos about the specified user.

/etc/init.d/smb restart/start/stop

This is the startup script, you can use it to restart, start or stop the samba server.

/opt/samba/bin/smbpasswd -a user

To add a new user

/opt/samba/bin/smbpasswd -ma $computer

To add a new machine in the domain

/opt/samba/bin/smbpasswd -e user

To enable a user

/opt/samba/bin/smbpasswd -x user

To remove a user

/opt/samba/bin/smbpasswd use

Change the password

/opt/samba/bin/testparms

It's used to validate the configuration files