Add lan to a HPVM (using a specified vlan)

sábado, 28 de janeiro de 2012

Replace <name> with the name of your virtual machine and <networkname> with a name for your network. Every virtual machine must have the same network name to be part of the same LAN.

1 - Log in your HPVM host

2 - Create a virtual switch:
# hpvmnet -c -S <networkname> -n 900

3- Define 2 ports with vlan 113 and 213:
# hpvmnet -S <networkname> -u portid:1:vlanid:113
# hpvmnet -S <networkname> -u portid:2:vlanid:213 

4- Modify the VM to have a network device attached to the virtual network:
# hpvmodify -P <name> -a network:avio_lan::vswitch:<networkname>:portid:1
# hpvmodify -P <name> -a network:avio_lan::vswitch:<networkname>:portid:2

5 - Check the network in the hpvm guest, if everything is right you will see a new adapter:
# hpvmnet -S <networkname>

Restrict the access to the /etc/passwd file for ftp conections

terça-feira, 24 de janeiro de 2012

In the file /etc/ftpd/ftpaccess set the follow option:

noretrieve /etc/passwd

Allowing logins specified period

You can define with the userdbset command what period that a specified user can login in your system, follow an example:

# userdbset -u egon LOGIN_TIMES=Any0800-1800

Where:
-u egon = user name
Any = Any day
0800-1800=Period allowed 08AM at 6PM.

How to instal a new tape drive

sábado, 21 de janeiro de 2012

If you are replacing your tape drive, you need remove the current tape drive:

check the tape address:

# ioscan -fnCtape

Use the hardware path obtained by ioscan:

# rmsf -H <hardware path>

Now create the special file for the new one:

# insf -C tape

Use the ioscan command again to check if the tape driver is OK:

# ioscan -fnCtape

You can see in the syslog the special files been created.

Changing the location of sshd log, this will leave your syslog more clear

Modify the sshd config file:

# vi /opt/ssh/etc/sshd_config

SysLogFacility LOCAL6

Now modify the syslogd config file:

# vi /etc/syslog.conf
…
local6.notice /var/adm/syslog/sshd.log

"notice" is the log level.

In the same config file you need say to don't log more in the syslog.log:

*.info;mail.none;local5.none;local6.none        /var/adm/syslog/syslog.log

Restart the sshd
Don't worry you won't miss your current connection.
/sbin/init.d/secsh stop
/sbin/init.d/secsh start

Restart the syslogd:
/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start

How to extend root filesystem - Usint DRD, Ignite and LVM maintenance mode

quarta-feira, 18 de janeiro de 2012

First method, using DRD:


Patches necessarie:


HP-UX 11i v2 - Jan 2012 (DRD_1123_WEB1201.depot)
HP-UX 11i v3 - Jan 2012 (DRD_1131_WEB1201.depot)
If you have installed the DRD you can do through it.
1 - Clone your system using the follow procedure:
Clone with DRD


2 - Mount your clone:
Use the "drd mount", this comand locate a inactive system image and mount it. The drd mount command automatically chooses the mount point for the inactive system image.
# drd mount


3 - Umount the "root":
# umount /dev/drd00/lvol3

4 - Now extend it:
# lvextend -l 999 /dev/drd00/lvol3

# extendfs -F vxfs /dev/drd00/rlvol3

# mount /dev/drd00/lvol3 /var/opt/drd/mnts/sysimage_001
5 - Check:
# bdf /var/opt/drd/mnts/sysimage_001


6 - Umount and activate:
# drd umount
# drd activate


7 - Reboot the server with the new DRD image:
# shutdown -y -r 0




Second method, LVM maintenance mode :


Make sure that the vg00 is un-mirrored and the space to extend the root LV is available in the same disk as continguous physical extents because the root volume allocation policy must be contiguous.
If the adjacent physical extents are occupied by any other LV move that logical volume to some other disk using pvmove command.
# pvmove -n /dev/vg00/lvolx /dev/dsk/c0txd0 /dev/dsk/c0txd0


Shutdown the machine and interrupt the normal boot process by pressing any key. From the boot admin prompt type boot pri isl you will get the isl prompt.
ISL> hpux -lm


This will take you to the logical volume maintanence mode. Don't try to mount any logical volume and don't switch to multiuser mode or a different runlevel.


The root LV will now be mounted on /dev/root instead of /dev/vg00/lvolx
Now you can execute the extendfs command on the root logical volume:
# extendfs -F vxfs /dev/vg00/rlvol3


Note down the alternate superblock locations and reboot the macine using
# reboot -n


This will cause the system to not sync the old superblock back to the filesystem and damage it.
When you boot the system normally now you will get all the allocated space for the root filesystem.
Now you will notice that the root volume is still mounted on /dev/root rather than /dev/vg00/lvol3. To correct this you remove the /etc/mnttab and you will find bdf now displays the correct logical volume.




Third method, Ignite:

1. Make sure any external devices that need to be configured at cold-install are connected to the target system and are turned on and operational.
2. Insert the HP-UX DVD into the drive.
3. Stop the autoboot by pressing any key.
   The boot console menu is displayed. If you need help, enter: HELP
4. Search for bootable devices, using the choices displayed (for example, enter searchorsea). A table similar to this is displayed:
   Path#  Device Path       Device Type
   -----  -----------       -----------
   P0     TAPE              HP TAPE
   P1     LAN.1.2.3.4.5.6   1.2.3.4 
   P2     FWSCSI.6.0        IBM DDRS-34560WS
   
   Of the media listed, a fast/wide SCSI device (FWSCSI) is usually a disk, whereas a single-ended SCSI device (SCSI) can be a disk or CD/DVD drive.
5. For a legacy hardware path, boot from the Tape drive using the listed path number. For the drive shown in the previous example (P0), enter:  BOOT P0
6.  After a few minutes, at the Interact with IPL? prompt press n.
7. Select:
   "Media only instalation"and
   "Advanced instalation"Click OK to advance to next screen.
8. Now select:
   "Boot from CD/DVD, Recover from Tape"Click OK to advance to next screen.
9. Now you can resize your FS on the filesystem tab.
10. Click "go!" to finish.

Changing the FTP umask

segunda-feira, 16 de janeiro de 2012

Edit the /etc/inetd.conf specifying the umask with the "-u" par, bellow a example:

ftp stream tcp nowait root /usr/lbin/ftpd -u 22
Restart the inetd:

# inetd -c

How to stop a FTP server?

It's a simple task but very useful. The ftpd is started by inetd if you want stop it just comment the follow line in the /etc/inetd.conf:

# ftp stream tcp nowait root /usr/lbin/ftpd

Restart the inetd:

# inetd -c

And that's all :)

Adding timestamp after each command typed, using a trap

Put the follow entry in the user profile:

trap 'date "+# %c" | read -s' debug

Converting: untrusted system <-> trusted system

Login as root and enter the below command.
# tsconvert

Obs. 
1 - Be careful, all UID’s other than root will be forced to change their passwords the first time they log on.
2 - The installed umask of 0 for all accounts will be changed to 07077

Immediately after conversion change the root password

To make a untrusted server use the bellow command
# tsconvert -r

Making a new Serviceguard cluster

1- First of all install the ServiceGuard using swinstall
Or check with swlist if the Serviceguard is present on that machine:
# swlist Serviceguard

2- Add the node hostnames in /etc/cmcluster/cmclnodelist

3- Steps to check before to create the cluster:
Is this a two nodes cluster?
- If yes you need a quorum disk/host for your cluster.
Check the follow itens in all nodes:
- If the kernel parameter are consistents
- Comunication between the nodes must be ok.
- If all users and groups are using the same uids/gids.
- Comment out all VGs controlled by ServiceGuard in the /etc/fstab
- Copy all volume groups that will be countrolled by ServiceGuard to all nodes, use the follow procedure:
The Re-Import VG Procedure

4- Enable the NTP

5- Check active NICs have ipaddress associated with them (netconf) and standby NICs don't.

6- Edit /etc/lvmrc, the VGs controlled by ServiceGuard canno't be auto activated (this shouldn't include root VG).

7- Add all IPs used in the /etc/hosts
- Don't forget to include a hearbeat in a different network.
- If you have the heartbeat in your dns server include it in /etc/hosts too.

8- Create a basic cluster structure with one package.

Create cluster config file using cmquerycl
cd /etc/cmcluster/
# cmquerycl –v –C cmclconfig.ascii –n <node1> -n <node2>
Edit the ascii file, follow some points to change (example):
# vi cmclconfig.ascii

CLUSTER_NAME <myCluster1>
NODE_NAME <node1>
NETWORK_INTERFACE <lan0>
HEARTBEAT_IP <192.168.100.101>
NETWORK_INTERFACE <lan1>
HEARTBEAT_IP <164.39.8.92>
NETWORK_INTERFACE <lan2>
NODE_NAME <node2>
NETWORK_INTERFACE <lan0>
HEARTBEAT_IP <192.168.100.102>
NETWORK_INTERFACE <lan1>
HEARTBEAT_IP <164.39.8.93>
NETWORK_INTERFACE <lan2>
HEARTBEAT_INTERVAL 2000000
NODE_TIMEOUT 5000000
MAX_CONFIGURED_PACKAGES 10

Compile and distribute using cmapplyconf
# cmapplyconf –C /etc/cmcluster/cmclconfig.ascii

9- Start the cluster with cmruncl command
# cmruncl

10- Now you have a cluster but you don't have any package, follow few steps to create a basic package.
Create the package config file using cmmakepkg
# cd /etc/cmcluster
# mkdir pkg1
# cd pkg1
# cmmakepkg –p pkg1.conf

11- Edit as required for your app

12- Create package control script using cmmakepkg
- The control script is placed in the package directory and is given the same name as specified in the RUN_SCRIPT and HALT_SCRIPT parameters in the package configuration file.
- The control script must reside in a directory with the string cmcluster in the path.
# cmmakepkg –s pkg1.cntl
Customise the script as required

13- Validate the cluster and your packages using the follow procedure:
How to validate the cluster configurations

14- Copy the control script to other nodes, keep the same path and names.

15- Relocatable ipaddresses must be defined in DNS or /etc/hosts

16- Active the cluster autostart editing the follow configuration file as showed bellow
# vi /etc/rc.config.d/cmcluster
AUTOSTART_CMCLD=1

** Version 11.18+: you can create the package as a modular package or as a legacy package, for a modular package isn't necessary create the control files, just the configuration. This's not the only different you can see in released notes from Serviceguard 11.18 the all information about that. **

Test ftp data transfer rate without actual transfererring

Connect in the ftp server

# ftp targethost
username/passwd...Type "bin", to change to binary mode.
bin
Type "hash", this command will show the download progress
hash
Type the follow command line to test the data transfer rate
put "|dd if=/dev/zero bs=32k count=1000" /dev/null

How to create a DNS server

1. Create a list of host names and correspondence IP addresses in your /etc/hosts file.
2. # mkdir /etc/named.data3. # cd /etc/named.data4. Create a file named param that will be used by hosts_to_named to create DNS data files-d DNS.com  --> it's your domain name
-n 192.168.3  --> it's your subnet
-z 192.168.3.10 --> it's your master server's IP.
-b /etc/named.conf

5. Now you have to make a data base to be used for your dns, the follow command will use the hosts contens to generate it.

# hosts_to_named –f param

6. download the db.cache file from ftp.rs.internic.net and copy it to /etc/named.data directory

# ftp ftp.rs.internic.net
Connected to ftp.rs.internic.net.
220-**********************************************************
220-**********************************************************
220-***** InterNIC Public FTP Server *************************
220-**********************************************************
220-***** Login with username "anonymous" ********************
220-***** You may change directories to the following: *******
220-**********************************************************
220-******* domain - Root Domain Zone Files ******************
220-**********************************************************
220-***** Unauthorized access to this system may *************
220-***** result in criminal prosecution. ********************
220-**********************************************************
220-***** All sessions established with this server are ******
220-***** monitored and logged. Disconnect now if you do *****
220-***** not consent to having your actions monitored *******
220-***** and logged. ****************************************
220-**********************************************************
220-**********************************************************
220
Name (ftp.rs.internic.net:root): anonymous
331 Please specify the password.
Password:Press Enter
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd domain
250 Directory successfully changed.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.

-rw-r--r--	1 ftp	ftp	607	Nov 01 19:31 INTERNIC_ROOT_ZONE.signatures
-rw-r--r--	1 ftp	ftp	843	Nov 01 19:31 INTERNIC_ROOT_ZONE.signatures.asc
-rw-r--r--	1 ftp	ftp	694	Nov 01 19:15 arpa.zone.gz
-rw-r--r--	1 ftp	ftp	33	Nov 01 19:14 arpa.zone.gz.md5
-rw-r--r--	1 ftp	ftp	65	Nov 01 19:15 arpa.zone.gz.sig
-rw-r--r--	1 ftp	ftp	2938	Jul 09 14:55 db.cache
-rw-r--r--	1 ftp	ftp	48	Jul 09 14:55 db.cache.md5
-rw-r--r--	1 ftp	ftp	1326	Jul 09 14:55 db.cache.sig
-rw-r--r--	1 ftp	ftp	2941	Jul 09 14:55 named.cache
-rw-r--r--	1 ftp	ftp	51	Jul 09 14:55 named.cache.md5
-rw-r--r--	1 ftp	ftp	1322	Jul 09 14:55 named.cache.sig
-rw-r--r--	1 ftp	ftp	2940	Jul 09 14:55 named.root
-rw-r--r--	1 ftp	ftp	50	Jul 09 14:56 named.root.md5
-rw-r--r--	1 ftp	ftp	1330	Jul 09 14:56 named.root.sig
-rw-r--r--	1 ftp	ftp	83145	Nov 01 19:32 root.zone
-rw-r--r--	1 ftp	ftp	21228	Nov 01 19:33 root.zone.gz
-rw-r--r--	1 ftp	ftp	33	Nov 01 19:31 root.zone.gz.md5
-rw-r--r--	1 ftp	ftp	65	Nov 01 19:31 root.zone.gz.sig
-rw-r--r--	1 ftp	ftp	33	Nov 01 19:32 root.zone.md5
-rw-r--r--	1 ftp	ftp	65	Nov 01 19:33 root.zone.sig

226 Directory send OK.
ftp> get named.cache
local: named.cache remote: named.cache
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for named.cache (2941 bytes).
226 File send OK.
2941 bytes received in 0.00444 secs (6.5e+02 Kbytes/sec)
ftp> quit
221 Goodbye

# cp named.cache /etc/name.data

7. modify /etc/rc.config.d/namesvrs file (NAMED=1) to start named process automatically with the server.

8. Start the named server

# /sbin/init.d/named start

Find the list of files in a bundle

First find the bundle name

# swlist -l bundle -s /patch/11.00/depot
Then
# swlist -l file -l bundle -s /patch/11.00/depot PB_11_00_march_2003

[IGNITE] How to check the integrity of a tape created by make_net_recovery (Itanium)

Rewind the tape

# mt -t /dev/rmt/0mn rew

Pass the header

# mt -t /dev/rmt/0mn fsf 22

Read the tape contents

# tar -tvf /dev/rmt/0mn

Confirm the execution of your tar

# echo $?

Cleanup command

sábado, 14 de janeiro de 2012

The cleanup command can free space for you commiting patches installed, but if you commit a patch you can't more use swremove to remove it.

cleanup -c n  <--  commits patches that have been superseded n number of times.  Useful to free up disk space in /var/adm/sw/save.
cleanup -p  <-- previews the actual cleanup tasks but does not actually perform the cleanup

[swagentd] ERROR:Remote Procedure Call to a daemon has failed Could not start a management session for...

If you see this error message when you are tring remove/install a depot:

ERROR:Remote Procedure Call to a daemon has failed.  Could not start a management session for <target>.   Make sure the host is accessible from the network,  and that its daemon, swagentd, is running. If the daemon is running see the daemon logfile on this target for more information.

it means SD-UX could not contact the daemon program on a specific target system. Note that this may occur even if you haven’t specified any targets, for example, if the daemon on your local host is not running.

Resolution

If the SD-UX daemon/agent is not installed on a given target system, you must install it before you can use SD-UX.
If you’ve verified that the daemon/agent component has been installed on a target system and you still have trouble contacting it, check to see that the daemon is running:

1. On the target system, type:
   ps -e | grep swagentd
2. If the daemon does not appear to be running, you can start it by typing (as root on the target system):
   /usr/sbin/swagentd
3. If you attempt to start a daemon when one is already running, you will see a message about the other daemon; this is harmless.
   You can also kill and restart a currently running daemon by typing:
   /usr/sbin/swagentd -r

Search for a specified patch

# swlist -l product| grep PH | more


PH = replace this word for "what you are searching"

Create a depot with multiple individual depots

1 - Create all depots, use the follow command for each patch:

# sh patch

2 - Use the swcopy to create a new depot:

# for i in PH*.depot
do
        swcopy -x enforce_dependencies=false -s ${PWD}/$i \* @ /tmp/patch_depot         <-- /tmp/patch_depot this will be the destination directory of your depot
done

3 - Now you can use your new depot to install your patches:

# swinstall -s /tmp/patch_depot

Process to recover the root password (PA-RISC, system non-trusted)

1. "shutdown -y -r" for reboot the server
2. Interupt the boot process during the 10 second interval (display will indicate this on the screen)
3. bo pri
4. Answer yes to interact with the ipl
5. At the prompt "hpux -is" for single user mode
6. cd /sbin
7. passwd root  and  follow prompts to put in new password
8. shutdown -r 0  to reboot to multiuser mode

CIFS (Samba) - Quick Reference

/etc/opt/samba/smb.conf

This's the main configuration file.

/var/opt/samba/logs/

Log dir

/etc/rc.config.d/samba

Edit this file seting RUN_SAMBA to a non-zero value to enable the samba start with the server boot

/opt/samba/bin/smbstatus

It shows who is logged and locked files.

/opt/samba/bin/smbstatus -L

Show just he locked files.

/opt/samba/bin/smbstatus -u USERNAME

Show infos about the specified user.

/etc/init.d/smb restart/start/stop

This is the startup script, you can use it to restart, start or stop the samba server.

/opt/samba/bin/smbpasswd -a user

To add a new user

/opt/samba/bin/smbpasswd -ma $computer

To add a new machine in the domain

/opt/samba/bin/smbpasswd -e user

To enable a user

/opt/samba/bin/smbpasswd -x user

To remove a user

/opt/samba/bin/smbpasswd use

Change the password

/opt/samba/bin/testparms

It's used to validate the configuration files

Steps to configure a NFS server

quarta-feira, 11 de janeiro de 2012

It's necessary few steps to configure your NFS server

Edit this file to enable the NFS auto startup:

#vi /etc/rc.config.d/nfsconf
NFS_SERVER=1

Start the NFS server:

# /sbin/init.d/nfs.server start


Edit the follow file as the example adding the directories that will be shared:

#vi /etc/exports

/Directory -access=server1:server2:serverN
-access=server1:server2:serverN: Those are the servers who are able to access it.

Now refresh your changes in your shared list:

# exportfs -a

Check the shared file list:

#exportfs




Others NFS useful commands:

Shared a file directly (without add it in the  /etc/exports), if the server reboot it won't shared it again
# exportfs -i /directory

Unexport a specified directory:

# exportfs -u /directory

Stop the NFS server:

# /sbin/init.d/nfs.server stop

Using the Restricted SMH Builder for Limited Superuser Access

segunda-feira, 9 de janeiro de 2012

If you need to give limited superuser access to a nonsuperuser, you can activate the Restricted SMH Builder. Using the Restricted SMH Builder, you can enable or disable selected SMH areas for the user. To activate the Restricted SMH Builder, enter:

# smh -r

When users with restricted access execute SMH, they will have superuser status in the defined areas and will only see those SMH areas in the menu. All other areas of SMH will be hidden from the user. When users without access permissions execute SMH, they will receive an error message stating they must be superuser.
You can also add more applications to SMH and set them up for restricted access.

Allow only direct root logins on the system console

Allow only direct root logins on the system console. Create the /etc/securetty file with the single entry, console, as follows:

# echo console > /etc/securetty

This restriction applies to all login names that have a UID of zero (0).
The purpose of the /etc/securetty file is to specify where root can log in.

How to remove printer queue

Remove a non-network queue

Stop the spooler

# lpshut

Enable to reject new jobs

# reject PRINTER_QUEUE

Disable the queue

# disable PRINTER_QUEUE

Remove the queue

# lpdamin -xPRINTER_QUEUE

Start the spooler again

# lpsched

Using the "jetdirect" to remove a network queue

# removequeue -q PRINTER_QUEUE-f

You can use the "hppi" to remove network queues too.

Moving printer jobs to another queue

To move just one job of a queue

# lpalt PRINTER1-1 PRINTER2

or do it the same using the lpmove command:

# lpmove PRINTER1-1 PRINTER2

To move all jobs of a queue

# lpmove printer1 printer2

Allow files greater than 2GB

You have different forms to do that, I'll show how to do with the fsadm.

# fsadm -F vxfs -o largefiles /filesystem 

Adding a new disk/lun in the system

Create the special files


# insf -Cdisk

Check your new disk

# ioscan -fnCdisk

Initialize the disk for use with LVM

# pvcreate -f /dev/rdsk/cXtXdX

Add your new disk in your VG

# vgextend vgXX /dev/dsk/cXtXdX

If your are using 11.31 isn't necessary run the "insf" command to create the special files, just the ioscan will be necessary.

How to mount a ISO

domingo, 8 de janeiro de 2012

To mount an ISO image on HP-UX 11.31 (11iv3)

In the first moment is necessary create a volume to receive the iso

# lvcreate -n cdrom -L 5000 vg00
(Put your iso size in the -L parameter)

Use the dd command to copy the content of your iso to your new volume

# dd if=image.iso of=/dev/vg00/rcdrom bs=4096k

Create the mount point

# mkdir /cdrom

Mount it

# mount /dev/vg00/cdrom /cdrom

How much swap has in the server?

You can check your amount swap using the swapinfo command, follow the command used for show the total swap size:

# swapinfo -a

HPVM - Quick Reference

Start VM
# hpvmstart -P vmguest01
Connect to VM (console)
# hpvmconsole -P vmguest01
Stop VM
# hpvmstop -P vmguest01
Create virtual network switch (connected to host lan0)
# hpvmnet -c -S vsw01 -n 0
Start vSwitch
# hpvmnet -S vsw01 -b
Status of VM Network
# hpvmnet -v
Add a virtual network interface to the VM
# hpvmmodify -P vmberlin01 -a network:lan:0,0,0x020102030405:vswitch:vsw01
Add a virtual disk to the VM (use rlv_vm01 not lv_vm01)
# hpvmmodify -P vmberlin01 -a disk:scsi::lv:/dev/vg_vm/rlv_vm01
Add a virtual DVD drive to the VM (first insert CD/DVD)
# hpvmmodify -P vmberlin01 -a dvd:scsi::disk:/dev/rdsk/c0t0d0
Remove the virtual DVD drive to the VM
#hpvmmodify -P vmberlin01 -d dvd:scsi::disk:/dev/rdsk/c0t0d0
Automatically start VM on system boot
# hpvmmodify -P vmberlin01 -B auto

Create Virtual Machines
# hpvmcreate
•-P name of the VM
•-c number of virtual CPUs
•-O operating system that will be installed on the guest
•-r amount of memory for the VM
•-a adds a device that can be accessed from the guest
•-s sanity-check, just check VM creation, not yet create the VM
Sanity-checks the virtual machine configuration and returns warnings or errors, but does not create the virtual machine (-s)
# hpvmcreate -P vmguest01 -O hpux -c 2 -r 4096 -s
Actually create VM
# hpvmcreate -P vmberlin01 -O hpux -c 2 -r 4096
Status of the VM
# hpvmstatus
Status of VM (details)
# hpvmstatus -v -P vmguest01

HPVM - Overview

HP Integrity Virtual Machines (Integrity VM) is a soft partitioning and virtualization technology, within the
HP Virtual Server Environment, which enables you to create multiple virtual servers or machines with shared resourcing within a single HP Integrity server or nPartition.
This type of virtualization technology enables you to:

•Maximize server utilization and resource flexibility
•Consolidate enterprise-class servers
•Rapidly deploy new environments
•Improve cost of ownership
•Isolate operating environments

HP Integrity VM provides:

•Software fault and security isolation
•Shared processor and I/O
•Automatic dynamic resource allocation based on demand and entitlement
•Dynamic memory migration
Each virtual machine hosts its own “guest” operating system instance, applications, and users.
HP Integrity Virtual Machines runs on any HP Integrity server (including blades),
and supports the following guests (at this time):

•HP-UX 11i v2 and v3
•Windows Server 2003 (SP1 and SP2
•RHEL AP 4.4, 4.5
•SLES 10 SP1

The HPVM isn't the old vPars, the old vPar you can use it in 11.11 too and the architecture is completely different.

Obs.
You can't use HT together HPVM.

Clean up spooler

Bring the scheduler down (even if it does not seem to be running)

# lpshut

If lpshut is working correctly, the files /var/spool/lp/FIFO and /var/spool/lp/SCHEDLOCK . If these files still exist, remove them.

# rm /var/spool/lp/FIFO
# rm /var/spool/lp/SCHEDLOCK

Clear the outputq file.

# > outputq

Kill any lpsched processes that may be reported by: ps -ef | grep lpsched
Restart the scheduler.

# lpsched

Verify that it is running:

# ps -ef | grep lpsched

Removing a lvol

This's a rotine task for a System Administrator and very simple:

Follow a example to how remove a logical volume without requiring user confirmation:

# lvremove -f /dev/vg01/lvol5

This process can be done trough of SMH too.
 

If your VG is in shared mode you can't remove through lvremove.

[MCSG] Where's the control file of my package?

During package start the corresponding package control script is called with the argument
start. The script is typicallly called /etc/cmcluster/package/package.cntl. The
command cmviewconf can be used to have a look at the script configuration:

# cmviewconf | egrep 'package (name|run|halt)'
package name: pkg1
package run script: /etc/cmcluster/pkg1/pkg1.cntl
package run timeout: (No Timeout)
package halt script: /etc/cmcluster/pkg1/pkg1.cntl
package halt timeout: (No Timeout)

The Re-Import VG Procedure

The following steps are needed to perform the re-import of an LVM cluster VG. We assume
that a cluster volume group /dev/vg01 with VG group special file minor number 0x010000
needs to be re-imported.
• Steps for the node that has the VG active:
1. Create a mapfile:
node1# vgexport –v –p –s –m /tmp/vg01.map vg01
Warning messages indicating that the VG is active should be ignored.
2. Copy mapfile to each of the other cluster nodes (using for example rcp, ftp, etc.)
node1# rcp /tmp/vg01.map node2:/tmp/vg01.map
...
• Steps to be performed on each of the other nodes:
3. Note VG minor number and permissions/ownership:
node2# ll /dev/vg01
total 12
drwxr-xr-x 2 root root 1024 Apr 16 12:04 ./
dr-xr-xr-x 19 bin bin 5120 Jun 20 06:44 ../
crw-r----- 1 root sys 64 0x010000 Apr 4 13:32 group
brw-r----- 1 root sys 64 0x010001 Apr 4 13:32 lvol1
crw-r----- 1 root sys 64 0x010001 Apr 4 13:32 rlvol1
4. Export the VG:
node2# vgexport vg01
5. Re-create VG directory:
node2# mkdir /dev/vg01
6. Re-create VG group special file, use minor number noted above.
node2# mknod /dev/vg01/group c 64 0x010000
7. Run vgimport using the copied mapfile:
node2# vgimport –v –s –m /tmp/vg01.map vg01
Messages indicating that no backup for this VG may exist should be ignored.
8. Change permissions and ownership of the VG directory and its device special files
according to the information noted above.
9. Test the activation of the VG in read-only mode and perform vgcfgbackup:
node2# vgchange –a r vg01
node2# vgcfgbackup vg01
node2# vgchange –a n vg01

APA - Auto Port Aggregation

HP APA, the HP link aggregation or trunking product, provides the ability to logically group two or more physical network ports into a single “Fat Pipe”, often called a “trunk”. Network traffic is load balanced across all of the links in the aggregation, which allows you to build large bandwidth logical links into the server that are highly available and completely transparent to the client and server applications. This version of HP APA is available for HP-UX 11i v3. For HP-UX 11i v1 and v2, use the HP APA product at HP Auto Port Aggregation - J4240AA.
You have three ways to configure APA, you can do it through SAM/SMH, command line or editing the configuration files.

SMH

1. Log in the server and call the smh:
# smh
Choose Networking and communication.
2. Choose network interface configuration
3. Choose network interface card
Ensure that none of the two interfaces have IP address.
Select network card and press enter.
4. Choose Auto port Aggregation
5. Choose c - create link aggregate.
6. Select Mode = LACP_AUTO and choose both network card and select OK.
Click on OK
7. Now you get aggregated network interface name.
8. Press Enter and assign IP address and other details.
Choose p – View / Modify IP Attributes and put your IP address.

Command line (11.31)

In addition to the preferred SMH GUI and TUI interfaces for configuring and managing HPAPA, HP-UX provides the nwmgr command for managing all LAN-basedand IB-basednetworkinterfaces.The
nwmgr command serves as a single tool for performing all network interface-related tasks, offering the functionality provided by the lanscan, lanadmin, linkloop, lanapplyconf and landeleteconf commands.

Check the current configuration:

# nwmgr -g
This command will show your configuration/status of your NIC and APA if you have it configurated

# nwmgr -g -S apa
This command show just the APA configuration/status.

Now you can choose any configuration mothoods, follow two options useful:

To create a MANUAL mode link aggregate lan900 from ports lan1 and lan2, enter the following command:
# nwmgr -a -A links=1,2 -A mode=MANUAL -I 900 -S apa

# nwmgr -s -S apa -A all --saved --from cu

The port's priority if the link aggregation mode will be MANUAL and will use Hot Standby. The port with thehighest priority will be the primary port.

Now proceed with the creation of the new failover group for lan0 and lan1:

# nwmgr -a -S apa -c lan900 -A links=0,1 -A mode=LAN_MONITOR

# nwmgr -s -S apa -A all --saved --from cu

HP APA enables you to combine 2 to 32 physical link ports into one failover group. A fail over group is a link aggregate in LAN_MONITOR mode.

Check yours interfaces:

# netstat -ni
Check the APA configuration:

# nwmgr -g -S apa

Check if all ports are active:

# nwmgr -v -c lanXXX

Remove a interface from the group:

# nwmgr -d -S apa -c lan901 -A links=1



Obs.

(nwmg) Make changes persist across reboots with the --saved option.You can also use the lanadmin (lanadm was replaced by nwmgr in the 11.31) command from the HP-UX command line prompt to make temporary changes to APA. However, if you change some variables using the lanadmin command, those changes are not preserved across reboots.

Editing the configuration files

Follow the APA configuration files:

 /etc/rc.config.d/hp_apaconf -  This file contains configurationvalues for link aggregates.
 /etc/rc.config.d/hp_apaportconf - This file contains configuration values for specific physical ports that are supported by HP APA.


APA Parms for Link Aggregates — hp_apaconf

In preparing an APA configuration, special attention should be given to the load balancing policy, protocol settings, and lan selections.
Determine the Load Balancing Policy
Use LB_MAC based load balancing for Server-to-Switch configurations. This algorithm uses a portion of the MAC address to determine how data is distributed across physical ports. This is the default and most common algorithm for all link aggregates.

Use LB_IP for Server-to-Router configurations. Be careful with this option because many routers do not support APA. Additionally, if switches are used between the server and the router expect additional complexity.

Use LB_PORT for server-to-server configurations. LB_PORT uses the TCP/UDP protocol to distribute traffic across the aggregate ports. If you don’t have a capable router or switch, this is your only option.

Determine the Protocol Settings
Your choice is determined by the capabilities of the switch, router, or server. APA is not supported on all routers and switches. Check with you networking group to determine your switch/router’s APA capabilities. The switch and server must have matching protocols.

* FEC_AUTO – Cisco’s proprietary Fast EtherChannel (FEC/PAgP) technology). This is NOT standard for all CISCO switches.
* lACP_AUTO – IEEE 802.2ad link aggregation control protocol (LACP)
* MANUAL configured port trunks (Default)

EXAMPLES: 

Configure lans 1,2 and 3 into an aggregate called lan900 for each of the three configuration modes. Where values are not entered, assume the defaults.

For MANUAL configuration:

Edit the hp_apaconf file

HP_APA_INTERFACE_NAME[0]=lan900
HP_APA_LOAD_BALANCE_MODE[0]=LB_MAC
HP_APA_MANUAL_LA[0]=”1,2,3″ <— lans 1, 2 and 3

Edit the hp_apaportconf file

HP_APAPORT_INTERFACE_NAME[0]=lan1
HP_APAPORT_CONFIG_MODE[0]=MANUAL
HP_APAPORT_INTERFACE_NAME[1]=lan2
HP_APAPORT_CONFIG_MODE[1]=MANUAL
HP_APAPORT_INTERFACE_NAME[2]=lan3
HP_APAPORT_CONFIG_MODE[2]=MANUAL

FEC_AUTO Port Configuration Mode

Edit hp_apaconf

HP_APA_INTERFACE_NAME[0]=lan900
HP_APA_LOAD_BALANCE_MODE[0]=LB_MAC
HP_APA_GROUP_CAPABILITY[0]=900 <– Any integer value pointing to the physical ports in the hp_apaportconf

Edit hp_apaportconf
HP_APAPORT_INTERFACE_NAME[0]=lan1
HP_APAPORT_GROUP_CAPABILITY[0]=900 <— must be the same value as in hp_apaconf
HP_APAPORT_CONFIG_MODE[0]=FEC_AUTO
HP_APAPORT_INTERFACE_NAME[1]=lan2
HP_APAPORT_GROUP_CAPABILITY[1]=900
HP_APAPORT_CONFIG_MODE[1]=FEC_AUTO
HP_APAPORT_INTERFACE_NAME[2]=lan3
HP_APAPORT_GROUP_CAPABILITY[2]=900
HP_APAPORT_CONFIG_MODE[2]=FEC_AUTO

LACP_AUTO Port Configuration Mode

Edit hp_apaconf

HP_APA_INTERFACE_NAME[0]=lan900
HP_APA_LOAD_BALANCE_MODE[0]=LB_MAC
HP_APA_KEY[0]=900 <— an integer value pointing to the physical ports in hp_apaportconf

Edit hp_apaportconf
HP_APAPORT_INTERFACE_NAME[0]=lan1
HP_APAPORT_KEY[0]=900 < — must be the same value as HP_APA_KEY in hp_apaconf
HP_APAPORT_CONFIG_MODE[1]=LACP_AUTO
HP_APAPORT_INTERFACE_NAME[1]=lan2
HP_APAPORT_CONFIG_MODE[2]=LACP_AUTO
HP_APAPORT_INTERFACE_NAME[2]=lan3

To stop/start the new configuration (APA doesn’t require a reboot to take effect)

/sbin/init.d/hpapa stop
/sbin/init.d/hpapa start

Assign an ipaddress to lan900.

# ifconfig lan900 ipaddress netmask netmaskaddress
# ifconfig lan900 # # to check
# modify /etc/rc.config.d/netconf ##to make the ipaddress permanent

Verify the status of the link aggregate

* lanadmin -x -v 900 ## will show the number of ports, state, mode
* lanscan -v ## verify which link aggregates have been configured.
* lanadmin –x –p 2 900 ## verify the status of a particular port.

Editing configurations files can minimize the number of stops (which caninterrupt traffic on existing link aggregates). You will then only need to run one series of hplm stop(optional);
hpapa stop
hpapa start
hplm start (optional) to activate the link aggregates and (optionally) fail over groups.

Ipfilter - Configuring HP-UX Ipfilter

sábado, 7 de janeiro de 2012

Firt of all.. check if you have installed the Ipfilter:

# swlist | grep IPF

B9901AA A.03.05.12 HP IPFilter 3.5alpha5

Configuration file:

/etc/opt/ipf/ipf.conf

Check the rulles actives:

# ipfstat -io

Verify that IP Filter is running:

# ipf -V

Check the kernel module is loaded:

# kcmodule| grep -i ipf


To start the Ipfiter:

# /sbin/init.d/ipfboot start

In the file /etc/rc.config.d/ipfconf set the IPF_START to 1 and the ipfilter will be started with the system boot:

IPF_START=1

Follow a simple example, we block any incoming conections from the server 0189 to our HP-UX box:

# vi /etc/opt/ipf/ipf.conf

block in quick on lan0 from 0189 to any
pass in from any to any

It's not recommended use it with ServiceGuard and 11.31, read the docs of Ipfiter for more details.

system crashes types

sexta-feira, 6 de janeiro de 2012

There are essentially three types of system crashes:

• High Priority Machine Check (HPMC): This is normally the result of a piece of hardware causing a Group 1 interrupt, an HPMC. A Group 1 interrupt is the highest priority interrupt the system can generate. Such an interrupt signifies THE MOST serious event has just occurred. The interrupt will be handled by a processor and passed to the operating system for it to process further. When the operating system receives an HPMC, the only thing it can do is to cause the system to crash. This will produce a system crashdump. As an example, a double-bit memory error will cause an HPMC. Many other hardware-related events will cause an HPMC. There is a small chance that an HPMC could be caused by a software error, but the vast majority of HPMCs are caused by hardware problems.
  There is also a Low Priority Machine Check (LPMC). An LPMC does not necessarily cause the system to crash. An LPMC may be related to a hardware error that is recoverable, e.g., a single-bit memory error.
• Transfer of Control (TOC): If a system hangs, i.e., you can't get any response from a ping, from the system console, the system has frozen, and you may decide to initiate a TOC from the system console by using the TC command from the Command Menu (pressing ctrl-b on the console or via the GSP). If you are using Serviceguard, the cmcld daemon may cause the system to TOC in the event of a cluster reformation. All of these situations are normally associated with some form of software problem (the Serviceguard issue may be related to a hardware problem in our networking, but it was software that initiated the TOC).
• PANIC: A PANIC occurs when the kernel detects a situation that makes no logical sense, e.g., kernel data structures becoming corrupted or logical corruption in a software subsystem such as a filesystem trying to delete a file twice (freeing free frag). In such situations, the kernel decides that the safest thing to do is to cause the system to crash. A PANIC is normally associated with a software problem, although it could be an underlying hardware problem (the filesystem problem mentioned above may have been caused by a faulty disk).

In summary, an HPMC is probably a hardware problem, and a TOC or PANIC is probably some form of software problem.

How to create a ISO from CD/DVD-rom?

It's a easy procedure but very useful, you can do it through dd command:

# dd if=/dev/rdsk/c2t0d0 of=/MEDIA/disk.iso bs=1024k

[11.31] Disabling last login msgs

You can set the following variable in /etc/default/security:

DISPLAY_LAST_LOGIN=0

Edit the ssh configuration too /opt/ssh/etc/sshd_config:

PrintLastLog no
Restart the sshd do apply the changes in ssh:

# /sbin/init.d/secsh stop && /sbin/init.d/secsh start