Replace <name> with the name of your virtual machine and <networkname> with a name for your network. Every virtual machine must have the same network name to be part of the same LAN.
1 - Log in your HPVM host
2 - Create a virtual switch:
# hpvmnet -c -S <networkname> -n 900
3- Define 2 ports with vlan 113 and 213:
# hpvmnet -S <networkname> -u portid:1:vlanid:113
# hpvmnet -S <networkname> -u portid:2:vlanid:213
4- Modify the VM to have a network device attached to the virtual network:
# hpvmodify -P <name> -a network:avio_lan::vswitch:<networkname>:portid:1
# hpvmodify -P <name> -a network:avio_lan::vswitch:<networkname>:portid:2
5 - Check the network in the hpvm guest, if everything is right you will see a new adapter:
# hpvmnet -S <networkname>
Add lan to a HPVM (using a specified vlan)
Labels: Virtualization
Restrict the access to the /etc/passwd file for ftp conections
In the file /etc/ftpd/ftpaccess set the follow option:
noretrieve /etc/passwd
Labels: FTP
Allowing logins specified period
You can define with the userdbset command what period that a specified user can login in your system, follow an example:
# userdbset -u egon LOGIN_TIMES=Any0800-1800
Where:
-u egon = user name
Any = Any day
0800-1800=Period allowed 08AM at 6PM.
Labels: Others
How to instal a new tape drive
If you are replacing your tape drive, you need remove the current tape drive:
check the tape address:
# ioscan -fnCtape
Use the hardware path obtained by ioscan:
# rmsf -H <hardware path>
Now create the special file for the new one:
# insf -C tape
Use the ioscan command again to check if the tape driver is OK:
# ioscan -fnCtape
You can see in the syslog the special files been created.
Changing the location of sshd log, this will leave your syslog more clear
Modify the sshd config file:
# vi /opt/ssh/etc/sshd_config
SysLogFacility LOCAL6
Now modify the syslogd config file:
# vi /etc/syslog.conf
…
local6.notice /var/adm/syslog/sshd.log
"notice" is the log level.
In the same config file you need say to don't log more in the syslog.log:
*.info;mail.none;local5.none;local6.none /var/adm/syslog/syslog.log
Restart the sshd
Don't worry you won't miss your current connection.
/sbin/init.d/secsh stop
/sbin/init.d/secsh start
Restart the syslogd:
/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start
Labels: SSH
How to extend root filesystem - Usint DRD, Ignite and LVM maintenance mode
First method, using DRD:
Patches necessarie:
HP-UX 11i v2 - Jan 2012 (DRD_1123_WEB1201.depot)
HP-UX 11i v3 - Jan 2012 (DRD_1131_WEB1201.depot)
If you have installed the DRD you can do through it.
1 - Clone your system using the follow procedure:
Clone with DRD
2 - Mount your clone:
Use the "drd mount", this comand locate a inactive system image and mount it. The drd mount command automatically chooses the mount point for the inactive system image.
# drd mount
3 - Umount the "root":
# umount /dev/drd00/lvol3
4 - Now extend it:
# lvextend -l 999 /dev/drd00/lvol3
5 - Check:
# bdf /var/opt/drd/mnts/sysimage_001
6 - Umount and activate:
# drd umount
# drd activate
7 - Reboot the server with the new DRD image:
# shutdown -y -r 0
Second method, LVM maintenance mode :
Make sure that the vg00 is un-mirrored and the space to extend the root LV is available in the same disk as continguous physical extents because the root volume allocation policy must be contiguous.
If the adjacent physical extents are occupied by any other LV move that logical volume to some other disk using pvmove command.
# pvmove -n /dev/vg00/lvolx /dev/dsk/c0txd0 /dev/dsk/c0txd0
Shutdown the machine and interrupt the normal boot process by pressing any key. From the boot admin prompt type boot pri isl you will get the isl prompt.
ISL> hpux -lm
This will take you to the logical volume maintanence mode. Don't try to mount any logical volume and don't switch to multiuser mode or a different runlevel.
The root LV will now be mounted on /dev/root instead of /dev/vg00/lvolx
Now you can execute the extendfs command on the root logical volume:
# extendfs -F vxfs /dev/vg00/rlvol3
Note down the alternate superblock locations and reboot the macine using
# reboot -n
This will cause the system to not sync the old superblock back to the filesystem and damage it.
When you boot the system normally now you will get all the allocated space for the root filesystem.
Now you will notice that the root volume is still mounted on /dev/root rather than /dev/vg00/lvol3. To correct this you remove the /etc/mnttab and you will find bdf now displays the correct logical volume.
Third method, Ignite:
- Make sure any external devices that need to be configured at cold-install are connected to the target system and are turned on and operational.
- Insert the HP-UX DVD into the drive.
- Stop the autoboot by pressing any key.
The boot console menu is displayed. If you need help, enter: HELP - Search for bootable devices, using the choices displayed (for example, enter searchorsea). A table similar to this is displayed:
Path# Device Path Device Type
----- ----------- -----------
P0 TAPE HP TAPE
P1 LAN.1.2.3.4.5.6 1.2.3.4
P2 FWSCSI.6.0 IBM DDRS-34560WS
Of the media listed, a fast/wide SCSI device (FWSCSI) is usually a disk, whereas a single-ended SCSI device (SCSI) can be a disk or CD/DVD drive. - For a legacy hardware path, boot from the Tape drive using the listed path number. For the drive shown in the previous example (P0), enter: BOOT P0
- After a few minutes, at the Interact with IPL? prompt press n.
- Select:
"Media only instalation"and
"Advanced instalation"Click OK to advance to next screen. - Now select:
"Boot from CD/DVD, Recover from Tape"Click OK to advance to next screen. - Now you can resize your FS on the filesystem tab.
- Click "go!" to finish.
Labels: DRD, Filesystem
Changing the FTP umask
Edit the /etc/inetd.conf specifying the umask with the "-u" par, bellow a example:
ftp stream tcp nowait root /usr/lbin/ftpd -u 22
Restart the inetd:
# inetd -c
Labels: FTP
How to stop a FTP server?
It's a simple task but very useful. The ftpd is started by inetd if you want stop it just comment the follow line in the /etc/inetd.conf:
# ftp stream tcp nowait root /usr/lbin/ftpd
Restart the inetd:
# inetd -c
And that's all :)
Labels: FTP
Adding timestamp after each command typed, using a trap
Put the follow entry in the user profile:
trap 'date "+# %c" | read -s' debug
Labels: Others
Converting: untrusted system <-> trusted system
Login as root and enter the below command.
# tsconvert
Obs.
1 - Be careful, all UID’s other than root will be forced to change their passwords the first time they log on.
2 - The installed umask of 0 for all accounts will be changed to 07077
Immediately after conversion change the root password
To make a untrusted server use the bellow command
# tsconvert -r
Labels: Trusted system
Making a new Serviceguard cluster
1- First of all install the ServiceGuard using swinstall
Or check with swlist if the Serviceguard is present on that machine:
# swlist Serviceguard
2- Add the node hostnames in /etc/cmcluster/cmclnodelist
3- Steps to check before to create the cluster:
Is this a two nodes cluster?
- If yes you need a quorum disk/host for your cluster.
Check the follow itens in all nodes:
- If the kernel parameter are consistents
- Comunication between the nodes must be ok.
- If all users and groups are using the same uids/gids.
- Comment out all VGs controlled by ServiceGuard in the /etc/fstab
- Copy all volume groups that will be countrolled by ServiceGuard to all nodes, use the follow procedure:
The Re-Import VG Procedure
4- Enable the NTP
5- Check active NICs have ipaddress associated with them (netconf) and standby NICs don't.
6- Edit /etc/lvmrc, the VGs controlled by ServiceGuard canno't be auto activated (this shouldn't include root VG).
7- Add all IPs used in the /etc/hosts
- Don't forget to include a hearbeat in a different network.
- If you have the heartbeat in your dns server include it in /etc/hosts too.
8- Create a basic cluster structure with one package.
Create cluster config file using cmquerycl
cd /etc/cmcluster/
# cmquerycl –v –C cmclconfig.ascii –n <node1> -n <node2>
Edit the ascii file, follow some points to change (example):
# vi cmclconfig.ascii
CLUSTER_NAME <myCluster1>
NODE_NAME <node1>
NETWORK_INTERFACE <lan0>
HEARTBEAT_IP <192.168.100.101>
NETWORK_INTERFACE <lan1>
HEARTBEAT_IP <164.39.8.92>
NETWORK_INTERFACE <lan2>
NODE_NAME <node2>
NETWORK_INTERFACE <lan0>
HEARTBEAT_IP <192.168.100.102>
NETWORK_INTERFACE <lan1>
HEARTBEAT_IP <164.39.8.93>
NETWORK_INTERFACE <lan2>
HEARTBEAT_INTERVAL 2000000
NODE_TIMEOUT 5000000
MAX_CONFIGURED_PACKAGES 10
Compile and distribute using cmapplyconf
# cmapplyconf –C /etc/cmcluster/cmclconfig.ascii
9- Start the cluster with cmruncl command
# cmruncl
10- Now you have a cluster but you don't have any package, follow few steps to create a basic package.
Create the package config file using cmmakepkg
# cd /etc/cmcluster
# mkdir pkg1
# cd pkg1
# cmmakepkg –p pkg1.conf
11- Edit as required for your app
12- Create package control script using cmmakepkg
- The control script is placed in the package directory and is given the same name as specified in the RUN_SCRIPT and HALT_SCRIPT parameters in the package configuration file.
- The control script must reside in a directory with the string cmcluster in the path.
# cmmakepkg –s pkg1.cntl
Customise the script as required
13- Validate the cluster and your packages using the follow procedure:
How to validate the cluster configurations
14- Copy the control script to other nodes, keep the same path and names.
15- Relocatable ipaddresses must be defined in DNS or /etc/hosts
16- Active the cluster autostart editing the follow configuration file as showed bellow
# vi /etc/rc.config.d/cmcluster
AUTOSTART_CMCLD=1
** Version 11.18+: you can create the package as a modular package or as a legacy package, for a modular package isn't necessary create the control files, just the configuration. This's not the only different you can see in released notes from Serviceguard 11.18 the all information about that. **
Labels: MC ServiceGuard
Test ftp data transfer rate without actual transfererring
Connect in the ftp server
# ftp targethost
username/passwd...Type "bin", to change to binary mode.
bin
Type "hash", this command will show the download progress
hash
Type the follow command line to test the data transfer rate
put "|dd if=/dev/zero bs=32k count=1000" /dev/null
Labels: FTP
How to create a DNS server
1. Create a list of host names and correspondence IP addresses in your /etc/hosts file.
2. # mkdir /etc/named.data3. # cd /etc/named.data4. Create a file named param that will be used by hosts_to_named to create DNS data files-d DNS.com --> it's your domain name
-n 192.168.3 --> it's your subnet
-z 192.168.3.10 --> it's your master server's IP.
-b /etc/named.conf
5. Now you have to make a data base to be used for your dns, the follow command will use the hosts contens to generate it.
# hosts_to_named –f param
6. download the db.cache file from ftp.rs.internic.net and copy it to /etc/named.data directory
# ftp ftp.rs.internic.net
Connected to ftp.rs.internic.net.
220-**********************************************************
220-**********************************************************
220-***** InterNIC Public FTP Server *************************
220-**********************************************************
220-***** Login with username "anonymous" ********************
220-***** You may change directories to the following: *******
220-**********************************************************
220-******* domain - Root Domain Zone Files ******************
220-**********************************************************
220-***** Unauthorized access to this system may *************
220-***** result in criminal prosecution. ********************
220-**********************************************************
220-***** All sessions established with this server are ******
220-***** monitored and logged. Disconnect now if you do *****
220-***** not consent to having your actions monitored *******
220-***** and logged. ****************************************
220-**********************************************************
220-**********************************************************
220
Name (ftp.rs.internic.net:root): anonymous
331 Please specify the password.
Password:Press Enter
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd domain
250 Directory successfully changed.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-r--r-- | 1 ftp | ftp | 607 | Nov 01 19:31 INTERNIC_ROOT_ZONE.signatures |
-rw-r--r-- | 1 ftp | ftp | 843 | Nov 01 19:31 INTERNIC_ROOT_ZONE.signatures.asc |
-rw-r--r-- | 1 ftp | ftp | 694 | Nov 01 19:15 arpa.zone.gz |
-rw-r--r-- | 1 ftp | ftp | 33 | Nov 01 19:14 arpa.zone.gz.md5 |
-rw-r--r-- | 1 ftp | ftp | 65 | Nov 01 19:15 arpa.zone.gz.sig |
-rw-r--r-- | 1 ftp | ftp | 2938 | Jul 09 14:55 db.cache |
-rw-r--r-- | 1 ftp | ftp | 48 | Jul 09 14:55 db.cache.md5 |
-rw-r--r-- | 1 ftp | ftp | 1326 | Jul 09 14:55 db.cache.sig |
-rw-r--r-- | 1 ftp | ftp | 2941 | Jul 09 14:55 named.cache |
-rw-r--r-- | 1 ftp | ftp | 51 | Jul 09 14:55 named.cache.md5 |
-rw-r--r-- | 1 ftp | ftp | 1322 | Jul 09 14:55 named.cache.sig |
-rw-r--r-- | 1 ftp | ftp | 2940 | Jul 09 14:55 named.root |
-rw-r--r-- | 1 ftp | ftp | 50 | Jul 09 14:56 named.root.md5 |
-rw-r--r-- | 1 ftp | ftp | 1330 | Jul 09 14:56 named.root.sig |
-rw-r--r-- | 1 ftp | ftp | 83145 | Nov 01 19:32 root.zone |
-rw-r--r-- | 1 ftp | ftp | 21228 | Nov 01 19:33 root.zone.gz |
-rw-r--r-- | 1 ftp | ftp | 33 | Nov 01 19:31 root.zone.gz.md5 |
-rw-r--r-- | 1 ftp | ftp | 65 | Nov 01 19:31 root.zone.gz.sig |
-rw-r--r-- | 1 ftp | ftp | 33 | Nov 01 19:32 root.zone.md5 |
-rw-r--r-- | 1 ftp | ftp | 65 | Nov 01 19:33 root.zone.sig |
226 Directory send OK.
ftp> get named.cache
local: named.cache remote: named.cache
200 PORT command successful. Consider using PASV.
150 Opening BINARY mode data connection for named.cache (2941 bytes).
226 File send OK.
2941 bytes received in 0.00444 secs (6.5e+02 Kbytes/sec)
ftp> quit
221 Goodbye
# cp named.cache /etc/name.data
7. modify /etc/rc.config.d/namesvrs file (NAMED=1) to start named process automatically with the server.
8. Start the named server
# /sbin/init.d/named start
Labels: DNS
Find the list of files in a bundle
First find the bundle name
# swlist -l bundle -s /patch/11.00/depot
Then
# swlist -l file -l bundle -s /patch/11.00/depot PB_11_00_march_2003
Labels: patch management
[IGNITE] How to check the integrity of a tape created by make_net_recovery (Itanium)
Rewind the tape
# mt -t /dev/rmt/0mn rew
Pass the header
# mt -t /dev/rmt/0mn fsf 22
Read the tape contents
# tar -tvf /dev/rmt/0mn
Confirm the execution of your tar
# echo $?
Labels: Tape
Cleanup command
The cleanup command can free space for you commiting patches installed, but if you commit a patch you can't more use swremove to remove it.
cleanup -c n <-- commits patches that have been superseded n number of times. Useful to free up disk space in /var/adm/sw/save.
cleanup -p <-- previews the actual cleanup tasks but does not actually perform the cleanup
Labels: patch management
[swagentd] ERROR:Remote Procedure Call to a daemon has failed Could not start a management session for...
If you see this error message when you are tring remove/install a depot:
ERROR:Remote Procedure Call to a daemon has failed. Could not start a management session for <target>. Make sure the host is accessible from the network, and that its daemon, swagentd, is running. If the daemon is running see the daemon logfile on this target for more information.
it means SD-UX could not contact the daemon program on a specific target system. Note that this may occur even if you haven’t specified any targets, for example, if the daemon on your local host is not running.
Resolution
If the SD-UX daemon/agent is not installed on a given target system, you must install it before you can use SD-UX.If you’ve verified that the daemon/agent component has been installed on a target system and you still have trouble contacting it, check to see that the daemon is running:
- On the target system, type:ps -e | grep swagentd
- If the daemon does not appear to be running, you can start it by typing (as root on the target system):/usr/sbin/swagentd
- If you attempt to start a daemon when one is already running, you will see a message about the other daemon; this is harmless.You can also kill and restart a currently running daemon by typing:/usr/sbin/swagentd -r
Labels: patch management
Search for a specified patch
# swlist -l product| grep PH | more
PH = replace this word for "what you are searching"
Labels: patch management
Create a depot with multiple individual depots
1 - Create all depots, use the follow command for each patch:
# sh patch
2 - Use the swcopy to create a new depot:
# for i in PH*.depot
do
swcopy -x enforce_dependencies=false -s ${PWD}/$i \* @ /tmp/patch_depot <-- /tmp/patch_depot this will be the destination directory of your depot
done
3 - Now you can use your new depot to install your patches:
# swinstall -s /tmp/patch_depot
Labels: patch management
Process to recover the root password (PA-RISC, system non-trusted)
- "shutdown -y -r" for reboot the server
- Interupt the boot process during the 10 second interval (display will indicate this on the screen)
- bo pri
- Answer yes to interact with the ipl
- At the prompt "hpux -is" for single user mode
- cd /sbin
- passwd root and follow prompts to put in new password
- shutdown -r 0 to reboot to multiuser mode
CIFS (Samba) - Quick Reference
/etc/opt/samba/smb.conf
This's the main configuration file.
/var/opt/samba/logs/
Log dir
/etc/rc.config.d/samba
Edit this file seting RUN_SAMBA to a non-zero value to enable the samba start with the server boot
/opt/samba/bin/smbstatus
It shows who is logged and locked files.
/opt/samba/bin/smbstatus -L
Show just he locked files.
/opt/samba/bin/smbstatus -u USERNAME
Show infos about the specified user.
/etc/init.d/smb restart/start/stop
This is the startup script, you can use it to restart, start or stop the samba server.
/opt/samba/bin/smbpasswd -a user
To add a new user
/opt/samba/bin/smbpasswd -ma $computer
To add a new machine in the domain
/opt/samba/bin/smbpasswd -e user
To enable a user
/opt/samba/bin/smbpasswd -x user
To remove a user
/opt/samba/bin/smbpasswd use
Change the password
/opt/samba/bin/testparms
It's used to validate the configuration files
Labels: CIFS (samba), Quick References
Steps to configure a NFS server
It's necessary few steps to configure your NFS server
Edit this file to enable the NFS auto startup:
#vi /etc/rc.config.d/nfsconf
NFS_SERVER=1
Start the NFS server:
# /sbin/init.d/nfs.server start
Edit the follow file as the example adding the directories that will be shared:
#vi /etc/exports
/Directory -access=server1:server2:serverN
-access=server1:server2:serverN: Those are the servers who are able to access it.
Now refresh your changes in your shared list:
# exportfs -a
Check the shared file list:
#exportfs
Others NFS useful commands:
Shared a file directly (without add it in the /etc/exports), if the server reboot it won't shared it again
# exportfs -i /directory
Unexport a specified directory:
# exportfs -u /directory
Stop the NFS server:
# /sbin/init.d/nfs.server stop
Labels: NFS
Using the Restricted SMH Builder for Limited Superuser Access
If you need to give limited superuser access to a nonsuperuser, you can activate the Restricted SMH Builder. Using the Restricted SMH Builder, you can enable or disable selected SMH areas for the user. To activate the Restricted SMH Builder, enter:
# smh -r
When users with restricted access execute SMH, they will have superuser status in the defined areas and will only see those SMH areas in the menu. All other areas of SMH will be hidden from the user. When users without access permissions execute SMH, they will receive an error message stating they must be superuser.
You can also add more applications to SMH and set them up for restricted access.
Labels: SMH
Allow only direct root logins on the system console
Allow only direct root logins on the system console. Create the /etc/securetty file with the single entry, console, as follows:
This restriction applies to all login names that have a UID of zero (0).
The purpose of the /etc/securetty file is to specify where root can log in.
How to remove printer queue
Remove a non-network queue
Stop the spooler
# lpshut
Enable to reject new jobs
# reject PRINTER_QUEUE
Disable the queue
# disable PRINTER_QUEUE
Remove the queue
# lpdamin -xPRINTER_QUEUE
Start the spooler again
# lpsched
Using the "jetdirect" to remove a network queue
# removequeue -q PRINTER_QUEUE-f
You can use the "hppi" to remove network queues too.
Labels: Printer
Moving printer jobs to another queue
To move just one job of a queue
# lpalt PRINTER1-1 PRINTER2
or do it the same using the lpmove command:
# lpmove PRINTER1-1 PRINTER2
To move all jobs of a queue
# lpmove printer1 printer2
Allow files greater than 2GB
You have different forms to do that, I'll show how to do with the fsadm.
# fsadm -F vxfs -o largefiles /filesystem
Labels: Filesystem, LVM
Adding a new disk/lun in the system
Create the special files
# insf -Cdisk
Check your new disk
# ioscan -fnCdisk
Initialize the disk for use with LVM
# pvcreate -f /dev/rdsk/cXtXdX
Add your new disk in your VG
# vgextend vgXX /dev/dsk/cXtXdX
If your are using 11.31 isn't necessary run the "insf" command to create the special files, just the ioscan will be necessary.
Labels: Filesystem
How to mount a ISO
To mount an ISO image on HP-UX 11.31 (11iv3)
In the first moment is necessary create a volume to receive the iso
# lvcreate -n cdrom -L 5000 vg00
(Put your iso size in the -L parameter)
Use the dd command to copy the content of your iso to your new volume
# dd if=image.iso of=/dev/vg00/rcdrom bs=4096k
Create the mount point
# mkdir /cdrom
Mount it
# mount /dev/vg00/cdrom /cdrom
Labels: ISO
How much swap has in the server?
You can check your amount swap using the swapinfo command, follow the command used for show the total swap size:
# swapinfo -a
Labels: Swap
HPVM - Quick Reference
Start VM
# hpvmstart -P vmguest01
Connect to VM (console)
# hpvmconsole -P vmguest01
Stop VM
# hpvmstop -P vmguest01
Create virtual network switch (connected to host lan0)
# hpvmnet -c -S vsw01 -n 0
Start vSwitch
# hpvmnet -S vsw01 -b
Status of VM Network
# hpvmnet -v
Add a virtual network interface to the VM
# hpvmmodify -P vmberlin01 -a network:lan:0,0,0x020102030405:vswitch:vsw01
Add a virtual disk to the VM (use rlv_vm01 not lv_vm01)
# hpvmmodify -P vmberlin01 -a disk:scsi::lv:/dev/vg_vm/rlv_vm01
Add a virtual DVD drive to the VM (first insert CD/DVD)
# hpvmmodify -P vmberlin01 -a dvd:scsi::disk:/dev/rdsk/c0t0d0
Remove the virtual DVD drive to the VM
#hpvmmodify -P vmberlin01 -d dvd:scsi::disk:/dev/rdsk/c0t0d0
Automatically start VM on system boot
# hpvmmodify -P vmberlin01 -B auto
Create Virtual Machines
# hpvmcreate
•-P name of the VM
•-c number of virtual CPUs
•-O operating system that will be installed on the guest
•-r amount of memory for the VM
•-a adds a device that can be accessed from the guest
•-s sanity-check, just check VM creation, not yet create the VM
Sanity-checks the virtual machine configuration and returns warnings or errors, but does not create the virtual machine (-s)
# hpvmcreate -P vmguest01 -O hpux -c 2 -r 4096 -s
Actually create VM
# hpvmcreate -P vmberlin01 -O hpux -c 2 -r 4096
Status of the VM
# hpvmstatus
Status of VM (details)
# hpvmstatus -v -P vmguest01
Labels: Quick References, Virtualization
HPVM - Overview
HP Integrity Virtual Machines (Integrity VM) is a soft partitioning and virtualization technology, within the
HP Virtual Server Environment, which enables you to create multiple virtual servers or machines with shared resourcing within a single HP Integrity server or nPartition.
This type of virtualization technology enables you to:
•Maximize server utilization and resource flexibility
•Consolidate enterprise-class servers
•Rapidly deploy new environments
•Improve cost of ownership
•Isolate operating environments
HP Integrity VM provides:
•Software fault and security isolation
•Shared processor and I/O
•Automatic dynamic resource allocation based on demand and entitlement
•Dynamic memory migration
Each virtual machine hosts its own “guest” operating system instance, applications, and users.
HP Integrity Virtual Machines runs on any HP Integrity server (including blades),
and supports the following guests (at this time):
•HP-UX 11i v2 and v3
•Windows Server 2003 (SP1 and SP2
•RHEL AP 4.4, 4.5
•SLES 10 SP1
The HPVM isn't the old vPars, the old vPar you can use it in 11.11 too and the architecture is completely different.
Obs.
You can't use HT together HPVM.
Labels: Virtualization
Clean up spooler
Bring the scheduler down (even if it does not seem to be running)
# lpshut
If lpshut is working correctly, the files /var/spool/lp/FIFO and /var/spool/lp/SCHEDLOCK . If these files still exist, remove them.
# rm /var/spool/lp/FIFO
# rm /var/spool/lp/SCHEDLOCK
Clear the outputq file.
# > outputq
Kill any lpsched processes that may be reported by: ps -ef | grep lpsched
Restart the scheduler.
# lpsched
Verify that it is running:
# ps -ef | grep lpsched
Labels: Printer
Removing a lvol
Follow a example to how remove a logical volume without requiring user confirmation:
# lvremove -f /dev/vg01/lvol5
This process can be done trough of SMH too.
If your VG is in shared mode you can't remove through lvremove.
Labels: Filesystem
[MCSG] Where's the control file of my package?
During package start the corresponding package control script is called with the argument
start. The script is typicallly called /etc/cmcluster/package/package.cntl. The
command cmviewconf can be used to have a look at the script configuration:
# cmviewconf | egrep 'package (name|run|halt)'
package name: pkg1
package run script: /etc/cmcluster/pkg1/pkg1.cntl
package run timeout: (No Timeout)
package halt script: /etc/cmcluster/pkg1/pkg1.cntl
package halt timeout: (No Timeout)
Labels: MC ServiceGuard
The Re-Import VG Procedure
The following steps are needed to perform the re-import of an LVM cluster VG. We assume
that a cluster volume group /dev/vg01 with VG group special file minor number 0x010000
needs to be re-imported.
• Steps for the node that has the VG active:
1. Create a mapfile:
node1# vgexport –v –p –s –m /tmp/vg01.map vg01
Warning messages indicating that the VG is active should be ignored.
2. Copy mapfile to each of the other cluster nodes (using for example rcp, ftp, etc.)
node1# rcp /tmp/vg01.map node2:/tmp/vg01.map
...
• Steps to be performed on each of the other nodes:
3. Note VG minor number and permissions/ownership:
node2# ll /dev/vg01
total 12
drwxr-xr-x 2 root root 1024 Apr 16 12:04 ./
dr-xr-xr-x 19 bin bin 5120 Jun 20 06:44 ../
crw-r----- 1 root sys 64 0x010000 Apr 4 13:32 group
brw-r----- 1 root sys 64 0x010001 Apr 4 13:32 lvol1
crw-r----- 1 root sys 64 0x010001 Apr 4 13:32 rlvol1
4. Export the VG:
node2# vgexport vg01
5. Re-create VG directory:
node2# mkdir /dev/vg01
6. Re-create VG group special file, use minor number noted above.
node2# mknod /dev/vg01/group c 64 0x010000
7. Run vgimport using the copied mapfile:
node2# vgimport –v –s –m /tmp/vg01.map vg01
Messages indicating that no backup for this VG may exist should be ignored.
8. Change permissions and ownership of the VG directory and its device special files
according to the information noted above.
9. Test the activation of the VG in read-only mode and perform vgcfgbackup:
node2# vgchange –a r vg01
node2# vgcfgbackup vg01
node2# vgchange –a n vg01
Labels: MC ServiceGuard
APA - Auto Port Aggregation
HP APA, the HP link aggregation or trunking product, provides the ability to logically group two or more physical network ports into a single “Fat Pipe”, often called a “trunk”. Network traffic is load balanced across all of the links in the aggregation, which allows you to build large bandwidth logical links into the server that are highly available and completely transparent to the client and server applications. This version of HP APA is available for HP-UX 11i v3. For HP-UX 11i v1 and v2, use the HP APA product at HP Auto Port Aggregation - J4240AA.
You have three ways to configure APA, you can do it through SAM/SMH, command line or editing the configuration files.
SMH
1. Log in the server and call the smh:
# smh
Choose Networking and communication.
2. Choose network interface configuration
3. Choose network interface card
Ensure that none of the two interfaces have IP address.
Select network card and press enter.
4. Choose Auto port Aggregation
5. Choose c - create link aggregate.
6. Select Mode = LACP_AUTO and choose both network card and select OK.
Click on OK
7. Now you get aggregated network interface name.
8. Press Enter and assign IP address and other details.
Choose p – View / Modify IP Attributes and put your IP address.
Command line (11.31)
In addition to the preferred SMH GUI and TUI interfaces for configuring and managing HPAPA, HP-UX provides the nwmgr command for managing all LAN-basedand IB-basednetworkinterfaces.The
nwmgr command serves as a single tool for performing all network interface-related tasks, offering the functionality provided by the lanscan, lanadmin, linkloop, lanapplyconf and landeleteconf commands.
Check the current configuration:
# nwmgr -g
This command will show your configuration/status of your NIC and APA if you have it configurated
# nwmgr -g -S apa
This command show just the APA configuration/status.
Now you can choose any configuration mothoods, follow two options useful:
To create a MANUAL mode link aggregate lan900 from ports lan1 and lan2, enter the following command:
# nwmgr -a -A links=1,2 -A mode=MANUAL -I 900 -S apa
# nwmgr -s -S apa -A all --saved --from cu
The port's priority if the link aggregation mode will be MANUAL and will use Hot Standby. The port with thehighest priority will be the primary port.
Now proceed with the creation of the new failover group for lan0 and lan1:
# nwmgr -a -S apa -c lan900 -A links=0,1 -A mode=LAN_MONITOR
# nwmgr -s -S apa -A all --saved --from cu
HP APA enables you to combine 2 to 32 physical link ports into one failover group. A fail over group is a link aggregate in LAN_MONITOR mode.
Check yours interfaces:
# netstat -ni
Check the APA configuration:
# nwmgr -g -S apa
Check if all ports are active:
# nwmgr -v -c lanXXX
Remove a interface from the group:
# nwmgr -d -S apa -c lan901 -A links=1
Obs.
Editing the configuration files
Follow the APA configuration files:
/etc/rc.config.d/hp_apaconf - This file contains configurationvalues for link aggregates.
/etc/rc.config.d/hp_apaportconf - This file contains configuration values for specific physical ports that are supported by HP APA.
APA Parms for Link Aggregates — hp_apaconf
In preparing an APA configuration, special attention should be given to the load balancing policy, protocol settings, and lan selections.
Determine the Load Balancing Policy
Use LB_MAC based load balancing for Server-to-Switch configurations. This algorithm uses a portion of the MAC address to determine how data is distributed across physical ports. This is the default and most common algorithm for all link aggregates.
Use LB_IP for Server-to-Router configurations. Be careful with this option because many routers do not support APA. Additionally, if switches are used between the server and the router expect additional complexity.
Use LB_PORT for server-to-server configurations. LB_PORT uses the TCP/UDP protocol to distribute traffic across the aggregate ports. If you don’t have a capable router or switch, this is your only option.
Determine the Protocol Settings
Your choice is determined by the capabilities of the switch, router, or server. APA is not supported on all routers and switches. Check with you networking group to determine your switch/router’s APA capabilities. The switch and server must have matching protocols.
* FEC_AUTO – Cisco’s proprietary Fast EtherChannel (FEC/PAgP) technology). This is NOT standard for all CISCO switches.
* lACP_AUTO – IEEE 802.2ad link aggregation control protocol (LACP)
* MANUAL configured port trunks (Default)
EXAMPLES:
Configure lans 1,2 and 3 into an aggregate called lan900 for each of the three configuration modes. Where values are not entered, assume the defaults.
For MANUAL configuration:
Edit the hp_apaconf file
HP_APA_INTERFACE_NAME[0]=lan900
HP_APA_LOAD_BALANCE_MODE[0]=LB_MAC
HP_APA_MANUAL_LA[0]=”1,2,3″ <— lans 1, 2 and 3
Edit the hp_apaportconf file
HP_APAPORT_INTERFACE_NAME[0]=lan1
HP_APAPORT_CONFIG_MODE[0]=MANUAL
HP_APAPORT_INTERFACE_NAME[1]=lan2
HP_APAPORT_CONFIG_MODE[1]=MANUAL
HP_APAPORT_INTERFACE_NAME[2]=lan3
HP_APAPORT_CONFIG_MODE[2]=MANUAL
FEC_AUTO Port Configuration Mode
Edit hp_apaconf
HP_APA_INTERFACE_NAME[0]=lan900
HP_APA_LOAD_BALANCE_MODE[0]=LB_MAC
HP_APA_GROUP_CAPABILITY[0]=900 <– Any integer value pointing to the physical ports in the hp_apaportconf
Edit hp_apaportconf
HP_APAPORT_INTERFACE_NAME[0]=lan1
HP_APAPORT_GROUP_CAPABILITY[0]=900 <— must be the same value as in hp_apaconf
HP_APAPORT_CONFIG_MODE[0]=FEC_AUTO
HP_APAPORT_INTERFACE_NAME[1]=lan2
HP_APAPORT_GROUP_CAPABILITY[1]=900
HP_APAPORT_CONFIG_MODE[1]=FEC_AUTO
HP_APAPORT_INTERFACE_NAME[2]=lan3
HP_APAPORT_GROUP_CAPABILITY[2]=900
HP_APAPORT_CONFIG_MODE[2]=FEC_AUTO
LACP_AUTO Port Configuration Mode
Edit hp_apaconf
HP_APA_INTERFACE_NAME[0]=lan900
HP_APA_LOAD_BALANCE_MODE[0]=LB_MAC
HP_APA_KEY[0]=900 <— an integer value pointing to the physical ports in hp_apaportconf
Edit hp_apaportconf
HP_APAPORT_INTERFACE_NAME[0]=lan1
HP_APAPORT_KEY[0]=900 < — must be the same value as HP_APA_KEY in hp_apaconf
HP_APAPORT_CONFIG_MODE[1]=LACP_AUTO
HP_APAPORT_INTERFACE_NAME[1]=lan2
HP_APAPORT_CONFIG_MODE[2]=LACP_AUTO
HP_APAPORT_INTERFACE_NAME[2]=lan3
To stop/start the new configuration (APA doesn’t require a reboot to take effect)
/sbin/init.d/hpapa stop
/sbin/init.d/hpapa start
Assign an ipaddress to lan900.
# ifconfig lan900 ipaddress netmask netmaskaddress
# ifconfig lan900 # # to check
# modify /etc/rc.config.d/netconf ##to make the ipaddress permanent
Verify the status of the link aggregate
* lanadmin -x -v 900 ## will show the number of ports, state, mode
* lanscan -v ## verify which link aggregates have been configured.
* lanadmin –x –p 2 900 ## verify the status of a particular port.
Editing configurations files can minimize the number of stops (which caninterrupt traffic on existing link aggregates). You will then only need to run one series of hplm stop(optional);
hpapa stop
hpapa start
hplm start (optional) to activate the link aggregates and (optionally) fail over groups.
Labels: Auto Port Aggregation, Network
Ipfilter - Configuring HP-UX Ipfilter
Firt of all.. check if you have installed the Ipfilter:
# swlist | grep IPF
B9901AA A.03.05.12 HP IPFilter 3.5alpha5
Configuration file:
/etc/opt/ipf/ipf.conf
Check the rulles actives:
# ipfstat -io
Verify that IP Filter is running:
# ipf -V
Check the kernel module is loaded:
# kcmodule| grep -i ipf
To start the Ipfiter:
# /sbin/init.d/ipfboot start
In the file /etc/rc.config.d/ipfconf set the IPF_START to 1 and the ipfilter will be started with the system boot:
IPF_START=1
Follow a simple example, we block any incoming conections from the server 0189 to our HP-UX box:
# vi /etc/opt/ipf/ipf.conf
block in quick on lan0 from 0189 to any
pass in from any to any
It's not recommended use it with ServiceGuard and 11.31, read the docs of Ipfiter for more details.
system crashes types
- High Priority Machine Check (HPMC): This is normally the result of a piece of hardware causing a Group 1 interrupt, an HPMC. A Group 1 interrupt is the highest priority interrupt the system can generate. Such an interrupt signifies THE MOST serious event has just occurred. The interrupt will be handled by a processor and passed to the operating system for it to process further. When the operating system receives an HPMC, the only thing it can do is to cause the system to crash. This will produce a system crashdump. As an example, a double-bit memory error will cause an HPMC. Many other hardware-related events will cause an HPMC. There is a small chance that an HPMC could be caused by a software error, but the vast majority of HPMCs are caused by hardware problems.There is also a Low Priority Machine Check (LPMC). An LPMC does not necessarily cause the system to crash. An LPMC may be related to a hardware error that is recoverable, e.g., a single-bit memory error.
- Transfer of Control (TOC): If a system hangs, i.e., you can't get any response from a ping, from the system console, the system has frozen, and you may decide to initiate a TOC from the system console by using the TC command from the Command Menu (pressing ctrl-b on the console or via the GSP). If you are using Serviceguard, the cmcld daemon may cause the system to TOC in the event of a cluster reformation. All of these situations are normally associated with some form of software problem (the Serviceguard issue may be related to a hardware problem in our networking, but it was software that initiated the TOC).
- PANIC: A PANIC occurs when the kernel detects a situation that makes no logical sense, e.g., kernel data structures becoming corrupted or logical corruption in a software subsystem such as a filesystem trying to delete a file twice (freeing free frag). In such situations, the kernel decides that the safest thing to do is to cause the system to crash. A PANIC is normally associated with a software problem, although it could be an underlying hardware problem (the filesystem problem mentioned above may have been caused by a faulty disk).
Labels: Crash
How to create a ISO from CD/DVD-rom?
It's a easy procedure but very useful, you can do it through dd command:
# dd if=/dev/rdsk/c2t0d0 of=/MEDIA/disk.iso bs=1024k
Labels: ISO
[11.31] Disabling last login msgs
You can set the following variable in /etc/default/security:
DISPLAY_LAST_LOGIN=0
Edit the ssh configuration too /opt/ssh/etc/sshd_config:
PrintLastLog no
Restart the sshd do apply the changes in ssh:
# /sbin/init.d/secsh stop && /sbin/init.d/secsh start