Installing EMC PowerPath Keys

 

This describes how to configure the EMC PowerPath registration keys.


First, check the current configuration of PowerPath:

# powermt config
Warning: all licenses for storage systems support are missing or expired.
The install the keys:
# emcpreg -install
=========== EMC PowerPath Registration ===========
Do you have a new registration key or keys to enter?[n] y
Enter the registration keys(s) for your product(s),
one per line, pressing Enter after each key.
After typing all keys, press Enter again.
Key (Enter if done): P6BV-4KDB-QET6-RF9A-QV9D-MN3V
1 key(s) successfully added.
Key successfully installed.
Key (Enter if done):
1 key(s) successfully registered.
Note: the license key used in this example is not valid

HACMP Cluster Quick setup Guide

Use this procedure to quickly configure an HACMP cluster, consisting of 2 nodes and disk heartbeating.

Prerequisites:
Make sure you have the following in place:
  • Have the IP addresses and host names of both nodes, and for a service IP label. Add these into the /etc/hosts files on both nodes of the new HACMP cluster.
  • Make sure you have the HACMP software installed on both nodes. Just install all the filesets of the HACMP CD-ROM, and you should be good.
  • Make sure you have this entry in /etc/inittab (as one of the last entries):
    clinit:a:wait:/bin/touch /usr/es/sbin/cluster/.telinit
  • In case you're using EMC SAN storage, make sure you configure you're disks correctly as hdiskpower devices.

Changing password using script

 

In AIX, If you want to change the password for a user, and you need to script this, then the following command will be helpful. For example if you want to change the password for multiple users, or on several different servers, then here's an easy way to change the password for a user, without having to type the password on the command line prompt:

# echo "user:password" | chpasswd

Replace the  user – with your username

                   password – with the new password

you can use this command line in your scripts..

Configuring NAT with IPTABLES in Linux

Step-By-Step Configuration Guide for NAT with IPTABLES
This guide shows how to set up network-address-translation (NAT) on a Linux system with iptables so that the system can act as a gateway and provide internet access to multiple hosts on a local are network using a single public IP address. This is achieved by rewriting the source and/or destination addresses of IP packets as they pass through the NAT system.

Assuming that you have:
OS - Any Linux distribution
Software - Iptables
Network Interface Cards: 2

WAN = eth0 with public IP xx.xx.xx.xx (Replace xx.xx.xx.xx with your WAN IP)
LAN = eth1 with private IP yy.yy.yy.yy / 255.255.0.0 (Replace yy.yy.yy.yy with your LAN IP)

Remove LUNS From Linux Safely

This post uses the QLogic Dynamic Target and LUN Discovery utilities. The steps below apply to SLES 10 and RHEL 5 servers using QLogic HBAs and PowerPath. This post also assumes that you have put the qlogic utilities into /tmp/ql_utils.


To remove a LUN and all associated PowerPath and Linux devices from the host environment follow these steps. 

Note: that it is critical to follow the procedures in exact order because deviating from the procedures can cause the host to panic

These steps were put together using steps from QLogic KB articles.

Scan and Configure New SAN disks on Linux

The steps below are to scan for new LUNs from SAN after the LUNs have been presented from the storage side. And the steps below is when you are using QLogic HBA's . 


This post uses the QLogic Dynamic Target and LUN Discovery utilities which can be downloaded from:

http://driverdownloads.qlogic.com/QLogicDriverDownloads_UI/SearchByProduct.aspx?ProductCategory=39&Product=935&Os=126

The steps below will work on SUSE Linux Enterprise Server (SLES) 10 and Red Hat Enterprise Linux (RHEL) 5.


Create a directory to hold the utilites. In this examle we will use the /tmp/ql_utils directory:

mkdir /tmp/ql_utils

Clear Swap Space in Linux

There have been times where it has been necessary for UNIX Admins to clear out the swap space on a Linux system. In order to do this, you must first make sure that you have enough free memory to hold what is being used by swap.


First we want to see what is currently being used.

free

Then I run the actual commands that empty the swap:

swapoff -a and then swapon -a

Then I check what is being used after doing this.

free

Using NTP in VMware Virtual Machine

Timekeeping on Linux VMware guests can be a is difficult to handle and frustrating. This post shows the various settings required to make things work. More information can be found at http://kb.vmware.com/kb/1006427.

VMware recommends using NTP and turning off VMware Tools periodic time synchronization in the guest. 


To turn off Time Synchronization between Virtual machine (Guest) and Host (ESX server) , there are three options:


  1. Set tools.syncTime = "False" in the configuration file (.vmx file) of the virtual machine.

Linux SAN Multi path for HP EVA Storage

Instead of installing the original device-mapper-multipath package there is a simillar package from HP called HPDMmultipath-[version].tar.gz that has already a configuration for HP EVA and XP storage devices. The HPDMmultipath-[version].tar.gz can be downloaded from www.hp.com

# tar -zxvf HPDMmultipath-3.0.0.tar.gz
 # cd HPDMmultipath-3.0.0/RPMS
 # rpm -ivh HPDMmultipath-tools[version]-[Linux-Version]-[ARCH].rpm

 # vim /etc/multipath.conf

defaults {
        udev_dir                /dev
        polling_interval        10
        selector                "round-robin 0"
        path_grouping_policy    failover
        getuid_callout          "/sbin/scsi_id -g -u -s /block/%n"
        prio_callout            "/bin/true"
        path_checker            tur
        rr_min_io               100
        rr_weight               uniform
        failback                immediate
        no_path_retry           12
        user_friendly_names     yes
}

Linux SAN Multipathing using device mapper

There are a lot of SAN multipathing solutions on Linux at the moment. Two of them are discussesed in this blog. The first one is device mapper multipathing that is a failover and load balancing solution with a lot of configuration options. The second one (mdadm multipathing) is just a failover solution with manuel re-anable of a failed path. The advantage of mdadm multiphating is that it is very easy to configure.
Before using a multipathing solution for a production environment on Linux it is also important to determine if the used solution is supportet with the used Hardware. For example HP doesn’t support the Device Mapper Multipathing solution on their servers yet.

Device Mapper Multipathing

Procedure for configuring the system with DM-Multipath:
  1. Install device-mapper-multipath rpm
  2. Edit the multipath.conf configuration file:
    • comment out the default blacklist
    • change any of the existing defaults as needed
  3. Start the multipath daemons
  4. Create the multipath device with the multipath

Password and Account ageing on Linux Server

The following is a brief overview of password and account ageing for Linux based servers.

chage is used to list and modification on the expiration parameters of an account.

Each individual user can view their account settings as shown below.

testuser@testServer:~$ chage -l testuser

Last password change : Aug 07, 2009
Password expires : Nov 05, 2009
Password inactive : never
Account expires : Aug 05, 1992
Minimum number of days between password change : 90
Maximum number of days between password change : 90
Number of days of warning before password expires : 7

Clean up Buffer Cache in Linux

CLEANING UP THE LINUX BUFFER CACHE

When you write data, it doesn’t necessarily get written to disk right then. The kernel maintains caches of many things, and disk data is something where a lot of work is done to keep everything fast and efficient.

That’s great for performance, but sometimes you want to know that data really has gotten to the disk drive. This could be because you want to test the performance of the drive, but could also be when you suspect a drive is malfunctioning: if you just write and read back, you’ll be reading from cache, not from actual disk platters.

Moving volume group to another Server in Linux

Moving a VG to another server:

To do this we use the vgexport and vgimport commands.

vgexport and vgimport is not necessary to move disk drives from one server to another. It is an administrative policy tool to prevent access to volumes in the time it takes to move them.

1. Unmount the file system
First, make sure that no users are accessing files on the active volume, then unmount it

# unmount /appdata

2.Mark the volume group inactive
Marking the volume group inactive removes it from the kernel and prevents any further activity on it.

# vgchange -an appvg
vgchange -- volume group "appvg" successfully deactivate

Activating VG when quorum lost in Linux

Normally, volume groups are automatically activated during system startup. Unless you intentionally deactivate a volume group using vgchange, you will probably not need to reactivate a volume group.
However, LVM does require that a "quorum" of disks in a volume group be available. During normal system operation, LVM needs a quorum of more than half of the disks in a volume group for activation. If, during run time, a disk fails and causes quorum to be lost, LVM alerts you with a message to the console, but keeps the volume group active.

If there is no other way to make a quorum available, the -q option to the vgchange command will override the quorum check.

EXAMPLE:

Configuring TCP Wrappers for Linux Security

The TCP Wrappers package is installed by default on Fedora Linux and provides host-based security separate from that provided by a firewall running on the server itself or elsewhere.
The application relies on two main files:


/etc/hosts.allow: Defines the hosts and networks allowed to connect to the server. The TCP Wrappers enabled application searches this file for a matching entry, and if it finds one, then the connection is allowed.


/etc/hosts.deny: Defines the hosts and networks prohibited from connecting to the server. If a match is found in this file, the connection is denied. No match means the connection proceeds normally.


The /etc/hosts.allow file is always read first and both files are always read from top to bottom, therefore the ordering of the entries is important.

Configuring NIS Services in Linux Server

This article shows how to Configure NIS Services in a Linux server

What is NIS?

Network Information Service (NIS) is used for keeping a centralized repository of users, hostnames and other useful information in a computer network. In single server UNIX environments, the list of users and groups is usually kept in a file such as /etc/passwd. Using NIS adds a "global" directory which is used for authenticating users from any host on the network.

Install the Packages:

Install the yp-tools, ypbind and  ypserv rpm packages on the server.

[root@nissrv1 /]# rpm -qa |grep ypbind
ypbind-1.12-5.21.6
[root@ nissrv1 /]# rpm -qa |grep ypserv
ypserv-2.8-7
[root@ nissrv1 /]# rpm -qa |grep yp-tools
yp-tools-2.8-6

TSM (Tivoli Storage Manager) Policy Settings - Quick Overview


POLICY DOMAIN - This is a container for policy and scheduling info

*BACKRETention* is a fallback value for any files which have been backed up under the specified policy domain, but for which there is now a lack of an active policy set.

*ARCHRETention* is a fallback value for any files which have been archived under the specified policy domain, but for which there is now a lack of an active policy set.

POLICY SET - This is a set of management classes within a POLICY DOMAIN.Only the active version has any effect.  The active version is created by issuing ACTIVATE POLICYSET After activating, you may edit the original set without affecting the active copy.

Get Rid of Deleted Open Files - Linux Quick HOWTO


Sharing a nice articles which I found on web. Hope it will be useful to you as well..

You might have this scenario; Logfiles deleted while the process is still running. That's annoying: On your Linux-Server the /var filesystem is nearly full. You remove a very large logfile that you don't need with the rm command:

myserver1# df -Ph /var
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/root-var  7.1G  7.0G  100M  99% /var
myserver1# ls -l /var/log/myapp/userlog
myserver1# rm /var/log/myapp/userlog
myserver1# df -Ph /var
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/root-var  7.1G  7.0G  100M  99% /var

But what's that? The filesystem is still full. With lsof you can see, that the logfile is still opened in write mode:

myserver1# lsof | grep var/log/myapp/userlog
myapp    25139      root   4w     REG      3,12       0    2101404 /var/log/myapp/userlog (deleted)

Run VIO Server commands as root

To Gain root access on VIO server:

Login as user padmin into VIO server and type the command,

$ oem_setup_env    

Now you will get the root credentials (without even been asked for a password).

Note: According to IBM its not recommended to work as root on VIO servers.

But, By default the ioscli commands are not available for the root user. All ioscli commands are in fact calls of /usr/ios/cli/ioscli with the command as argument. You can check this if you list the aliases of the padmin user in the VIO server

Finding MPIO path associated to vscsi adapter in AIX 5L

how to determine which MPIO path is associated to a vscsi adapter in AIX 5L M7HQW5MU96RP 



To determine which MPIO path is associated to a vscsi adapter in AIX 5L:

# lspath -F "name path_id parent connection status"

The output returns something similar to:






hdisk0 0 vscsi0 810000000000 Enabled
hdisk0 1 vscsi1 810000000000 Enabled
hdisk1 0 vscsi0 820000000000 Enabled
hdisk1 1 vscsi1 820000000000 Enabled

The first field is the hard disk.

Finding disk space used by specific user in Linux and UNIX server

To find the disk space being used by a specific user:


# find . -user user1 -type f -exec du -k {} \;


Explanation of this command:


The -user option allows you to specify that find will only report files that are owned by the specified user. 


The -type option forces find to only return the path of items of a specific type (in this case, files). this prevents du from including directories, which might be owned by one user, but contain files for many users.


Then, for each found path, the du command is executed to report the disk usage.


To get summary information, i.e the total space used by a specific user:

Verify NTP is working properly : Quick HOWTO

How to verify your ntp (Network Time Protocol) setup is working properly in Linux or UNIX Server?


# ntpq -c peers


remote              refid                st t when poll reach delay offset disp
==============================================================
*time1.domain.. time-a.nist.gov 1  u 38   64   377   1.16 -13.351 29.63


If you see a star (*) in the name of the time server, your time is being synchronised properly.


The third column, st is the stratum. 


Mount ISO image in AIX : Quick HOWTO

Follow the instructions below to mount an ISO image in AIX Server


Obtain the size of the image.
# du -sm server_tools.iso


Identify the nearest multiple of 128 MB that will provide enough space for the image. 
For example, if the image size is 700MB, then you will need 768MB to mount it.


# mklv -y cdlv -s n -L /dev/cdlv rootvg 768M hdisk0
If the above command fails, increase the volume size by a multiple of 128.

Disable first time password change in AIX

How to disable first time password change in AIX?


Usually in AIX, if you change the password of a user, it will prompt the user to change his password when he login first time.


To disable this first time password change in AIX Server, Clear the ADMCHG flag of the user account.


To do this,

Unmount filesystem when device is busy

When you unmount a filesystem, you may get "device is busy error" sometimes.  Using the following steps, you can unmount safely.


# umount  /testsrv1/rman
umount: /testsrv1/rman: device is busy
umount: /testsrv1/rman: device is busy


# fuser -m /testsrv1/rman
/testsrv1/rman:         31477c


# ps -eaf | grep 31477
oracle  31477 31448  0 09:52 pts/0    00:00:00 /bin/ksh



Enable cron for a locked account in Linux

In some environments, there are times when locked application/databases accounts need to run some cron jobs. In linux, by default, a locked account can not run the cron job.


We can enable this  by editing a specific setting is disabled in /etc/pam.d/crond file. 


Here is the details:



# cat /etc/pam.d/crond 


Finding BIOS version in Linux Servers

In a day to day system administrative tasks, you may need to find out BIOS version of your servers. In Linux, you can find out the BIOS version without rebooting the server. dmidecode command can be used to achieve this.


Command : dmidecode --type 0


[root@testsrv1 ~]# dmidecode --type 0
# dmidecode 2.7
SMBIOS 2.5 present.

Process States in UNIX and Linux

 How can a parent and child process communicate?
A parent and child can communicate through any of the normal inter-process communication schemes (pipes, sockets, message queues, shared memory), but also have some special ways to communicate that take advantage of their relationship as a parent and child. One of the most obvious is that the parent can get the exit status of the child.
What is a zombie?

System File Checker ( SFC) at Windows

SFC is System File Checker. SFC is running in system to protect system files. All the system files are located in C:\Windows and C:\Windows\System32 folders. These files are important for Windows Operating to work effeciently. If any of the files is deleted accidently the file gets restored from the DLLCache folder automatically with the help of SFC. 


Sometimes, you might need to disable the SFC for development and testing purpose. This article explains the registry keys you can play with to disable the SFC and various options.



  • KEY Name:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
  • Entry Name: SFCDisable
  • Date Type: REG_DWORD

Online Data Relocation to another disk in Linux


You can move data while the system is in use with the pvmove command in Linux server. This will be helpfull if you want to take the disk out from the linux server. After pvmove, you have to remove the PV from volume group to take out from the server.


The pvmove command breaks up the data to be moved into sections and creates a temporary mirror to move each section. 


The following command moves all allocated space off the physical volume /dev/sdb1 to other free physical volumes in the volume group:


pvmove /dev/sdb1


The following command moves just the extents of the logical volume MyLVOL1.

Configuring Network Bonding in Linux

This is an Nice Article which I found on Web..

Bonding is creation of a single bonded interface by combining 2 or more ethernet interfaces. This helps in high availability and performance improvement.

Here is the steps for creating a network bonding in Fedora Core and Redhat Linux

Step 1:

Create the file ifcfg-bond0 with the IP address, netmask and gateway. Shown below is my test bonding configuration file.

$ cat /etc/sysconfig/network-scripts/ifcfg-bond0

DEVICE=bond0
IPADDR=192.168. 1.100
NETMASK=255. 255.255.0
GATEWAY=192. 168.1.1
USERCTL=no
BOOTPROTO=none
ONBOOT=yes

Find RPM packages installed on particular date

To find all the RPM packages which were installed on a particular date in a Linux Server:

# rpm -qa --queryformat "%{NAME}-%{VERSION}.%{RELEASE} (%{ARCH}) INSTALLED: %{INSTALLTIME:date}\n" | grep my_date 


Example:


rpm -qa --queryformat "%{NAME}-%{VERSION}.%{RELEASE} (%{ARCH}) INSTALLED: %{INSTALLTIME:date}\n" | grep "21 Sep 2009"

To find the install date and time of a particular RPM package in a Linux Server:

Automatic reboot after Kernel Panic in Linux

In Linux, By default after kernel panic, Linux waits for a system admin to restart or power cycle server.. We can change this behavior and set to reboot automatically when a kernel panic occurs.. For that, we have to change the value set on "kernel.panic" kernel parameter.


Now we have to check the current value on this kernel parameter in Linux server:

[root@myserver ~]# cat /proc/sys/kernel/panic
0
[root@myserver ~]# sysctl -a | grep kernel.panic
kernel.panic = 0

Find WWN Address in AIX

Here is the steps to find the WWN Address of Fiber channel Adapter in AIX Server.


First We will find out all the installed FC (Fiber channel) Adapters in AIX Server.


To do, type the following command:


# lsdev -Cc adapter | grep fcs
fcs0 Available 01-10 FC Adapter
fcs1 Available 01-11 FC Adapter


The above output shows all the FC Adapters installed on the AIX server.


Now to Find out the WWN Number (Address) of each Adapter, type the following command:

Temporarily Stop or Pause Process in Linux Server

Some times we may need to pause a particular process or service in Linux Servers.


We may need to stop a particular process without killing it for certain period of time and resume it again.


This can be done with KILL Command.


Most of us familiar with KILL comman. But this is the another feature of KILL command, which helps to achieve this:




To Stop a Process or Job: 

PAM Authentication for Squid Proxy Server

Here the steps to PAM Authentication for squid proxy server. We are going to use the pam_auth module. 
This will allow anyone who has a Linux or Unix shell account, will be able to use the Squid server


To configure PAM Authentication, Edit the /etc/squid/squid.conf file:


Search for the auth_param section in the config file and add or uncomment these lines:



auth_param basic program /usr/lib/squid/pam_auth
auth_param basic children 5
auth_param basic realm Squid proxy-caching
web server
auth_param basic credentialsttl 2 hours


Next, search for the following line and uncomment it:


acl password proxy_auth REQUIRED

Recover Bad Superblock in Linux Filesystem

If  you get a ¨Damaged Superblock¨ error message at filesystem (fsck) check in Linux Server, Usually fsck will not be able to repair the file system due to bad super block. In these situations, we can recover the damaged super block from the backup. 

Solution:


There are backups of the Superblock located on several positions and we can restore them with a simple command in a Linux server



By default in Linux, the file system creates the backup of  super block in the following locations:


8193, 32768, 98304, 163840, 229376 and 294912.

Copy Public Keys using ssh-copy-id to remote servers

ssh-copy-id is a utility which comes with the OpenSSH package.


ssh-copy-id copies your public identity keys to the remote server, in the correct format, makes sure file permissions and ownership are correct, and ensures a private key is not accidentally copied.



To Generate the keys (If you have not done already) :

# ssh-keygen -t rsa

This is will create your public and private keys and will place them by default in .ssh folder in your home directory.

To setup password less login (key based login), you need to append your public key to the authorized_keys file on the remote server which you want to setup the key based authentication.

You can do conventional copy/paste, etc.. But it takes much time and its repetitive job for multiple hosts.