!!! UNIX !!!: September 2012

Friday, September 28, 2012

Pluggable Authentication Module (PAM)

PAM allows various authentication technologies such as Kerberos, RSA, smart cards and DCE into system entry services such as login, passwd, rlogin, telnet, ftp, and su without changing any of these services.

PAM configuration file pam.conf is used to manage how these services use PAM framework.

How it works?

Application Services (rlogin, telnet, ssh etc...) => PAM API (Refers pam.conf) => PAM Modules to manage the access

The entries in /etc/pam.conf or in PAM policy files are in one of the following formats:

"service-name module-type control-flag module-path module-options"

eg) LDAP configuration in pam.conf.

more /etc/pam.conf | grep ldap

zone03:/root# more /etc/pam.conf | grep ldap

rlogin auth required pam_ldap.so.1 use_first_pass

rsh auth required pam_ldap.so.1 use_first_pass

ppp auth required pam_ldap.so.1 use_first_pass

other auth required pam_ldap.so.1 use_first_pass

passwd auth required pam_ldap.so.1 use_first_pass

User Creation issues and some checks

(zone01:/)# useradd -u 890 -g 52 -d /twsp/tws -c "Master user" -s /bin/ksh Master

UX: useradd: ERROR: group 582 does not exist. Choose another.

(zone01:/)# groupadd -g 52 twspgr

(zone01:/)# useradd -u 890 -g 52 -d /twsp/tws -c "Master user" -s /bin/ksh Master

UX: useradd: ERROR: Inconsistent password files. See pwconv(1M).

(zone01:/)#

(zone01:/)# pwconv

(zone01:/)#

(zone01:/)# useradd -u 890 -g 52 -d /twsp/tws -c "Master user" -s /bin/ksh Master

UX: useradd: ERROR: Inconsistent password files. See pwconv(1M).

(zone01:/)# cat /etc/passwd |grep Master

(zone01:/)# useradd -u 890 -g 52 -d /twsp/tws -c "Master user" -s /bin/ksh Master

UX: useradd: ERROR: Inconsistent password files. See pwconv(1M).

(zone01:/)#

(zone01:/)# wc -l /etc/passwd /etc/shadow

27 /etc/passwd

27 /etc/shadow

54 total

(zone01:/)# pwck

uucp:x:5:5:uucp Admin:/usr/lib/uucp:

nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico

Optional shell file not found

(zone01:/)#

(zone01:/)# ls -ld /usr/lib/uucp

/usr/lib/uucp: No such file or directory

(zone01:/)# grpck

utlitygr::360:cdpuck,cdpucka,cdpucks,cdpuckm

Group name too long

(zone01:/)#

(zone01:/)# ls /var/spool/uucppublic

/var/spool/uucppublic: No such file or directory

(zone01:/)# ls /usr/lib/uucp/uucico

/usr/lib/uucp/uucico: No such file or directory

(zone01:/)#

Wednesday, September 19, 2012

hacf -cftocmd to recreate the commands from the main.cf file

The whole VCS config can be recreated by recreating the commands from the main.cf file.

Location of config file - /etc/VRTSvcs/conf/config

dump the exsisting config details in the memory to the disk.

(Solaris1:/root)# cd /etc/VRTSvcs/conf/config
(Solaris1:/etc/VRTSvcs/conf/config)# haconf -dump
(Solaris1:/etc/VRTSvcs/conf/config)#

now create the command file from the main.cf file using the hacf command

(Solaris1:/etc/VRTSvcs/conf/config)# hacf
VCS INFO V-16-1-10601 Usage:
hacf -cftocmd [-dest ] [-display]
hacf -cmdtocf [-dest ]
hacf -verify [-display]
hacf -help

(Solaris1:/etc/VRTSvcs/conf/config)#

This command will create the command file whioch can be used to recreate the whole cluster.

hacf -cftocmd [-dest ] [-display]

(Solaris1:/etc/VRTSvcs/conf/config)# hacf -cftocmd . -dest .

(Solaris1:/etc/VRTSvcs/conf/config)# ls -ltr | tail
-rw------- 1 root root 29075 Nov 13 14:31 main.cf.13Nov2012.14.31.22
-rw------- 1 root root 29362 Nov 26 12:32 main.cf.26Nov2012.12.32.09
-rw------- 1 root root 30286 Nov 27 11:35 main.cf.27Nov2012.11.35.18
-rw------- 1 root root 30649 Dec 24 10:27 main.cf.24Dec2012.10.27.42
-rw------- 1 root root 30722 Dec 24 10:29 main.cf.24Dec2012.10.29.13
-rw------- 2 root root 33096 Feb 25 14:34 main.cf.previous
-rw------- 2 root root 33096 Feb 25 14:34 main.cf.25Feb2013.14.34.29
-rw------- 2 root root 33099 Mar 26 11:22 main.cf.26Mar2013.11.22.57
-rw------- 2 root root 33099 Mar 26 11:22 main.cf
-rw------- 1 root root 192090 Mar 26 11:23 main.cmd
(Solaris1:/etc/VRTSvcs/conf/config)#

(Solaris1:/etc/VRTSvcs/conf/config)# more main.cmd
haclus -modify PrintMsg 0
haclus -modify UserNames alex bIGmJLhRJfIReHFgFI bibon ejjEjpInjEgkFg sarco JlmKliLilFljKslNltKglFmh
KulS indigo dKLjKFjQKiKSjHKmKF naglel aHHoHCgIHjHQhEEbED idone cpoLpyOxpJpvLkmKmmKn z_zone1
_Solaris1 chhPilGqhOedDdeAed
haclus -modify ClusterAddress "10.20.02.180"
haclus -modify Administrators alex bibon sarco indigo naglel idone
haclus -modify SourceFile "./main.cf"
haclus -modify ClusterName vcs-cluster1
hatype -add ASG
hatype -modify ASMDG SourceFile "./OracleMTypes.cf"
hatype -modify ASMDG AgentDirectory "/opt/VRTSagents/ha/bin/ASG"
hatype -modify ASMDG ArgList Sid Owner Home DBAUser DBAPword DiskGroups EnvFile Encoding
hatype -modify ASMDG ContainerOpts RunInContainer 1 PassCInfo 0
haattr -add ASG Home -string
haattr -add ASG Owner -string

Thursday, September 13, 2012

recoveryoption parameter setting in VXVM

Changing VxVM parameter in order to improve the reaction of the Solaris x86 servers in case of SAN instabilities.

Veritas level configuration changes to be done on the hosts Solaris1 and Solaris1.

There is no impact as it is an online activity

(Solaris1:/root)#

(Solaris1:/root)# vxdmpadm getattr enclosure hp_p95000

ENCLR_NAME ATTR_NAME DEFAULT CURRENT

============================================================================

hp_p95000 iopolicy MinimumQ MinimumQ

hp_p95000 partitionsize 512 512

hp_p95000 use_all_paths - -

hp_p95000 failover_policy Global Global

hp_p95000 recoveryoption[throttle] Nothrottle[0] Nothrottle[0]

hp_p95000 recoveryoption[errorretry] Timebound[300] Timebound[300]

hp_p95000 redundancy 0 0

hp_p95000 dmp_lun_retry_timeout 0 0

hp_p95000 failovermode - -

(Solaris1:/root)# vxdmpadm listenclosure all

ENCLR_NAME ENCLR_TYPE ENCLR_SNO STATUS ARRAY_TYPE LUN_COUNT

=======================================================================================

disk Disk DISKS CONNECTED Disk 4

hp_xp24k5 HP_XP24K 28494 CONNECTED A/A 199

hp_p95000 HP_P9500 85753 CONNECTED A/A 127

(Solaris1:/root)#

(Solaris1:/root)# vxdmpadm getattr enclosure hp_p95000

ENCLR_NAME ATTR_NAME DEFAULT CURRENT

============================================================================

hp_p95000 iopolicy MinimumQ MinimumQ

hp_p95000 partitionsize 512 512

hp_p95000 use_all_paths - -

hp_p95000 failover_policy Global Global

hp_p95000 recoveryoption[throttle] Nothrottle[0] Nothrottle[0]

hp_p95000 recoveryoption[errorretry] Timebound[300] Timebound[300]

hp_p95000 redundancy 0 0

hp_p95000 dmp_lun_retry_timeout 0 0

hp_p95000 failovermode - -

(Solaris1:/root)#

(Solaris1:/root)# vxdmpadm getattr enclosure hp_xp24k50

ENCLR_NAME ATTR_NAME DEFAULT CURRENT

============================================================================

hp_xp24k50 iopolicy MinimumQ MinimumQ

hp_xp24k50 partitionsize 512 512

hp_xp24k50 use_all_paths - -

hp_xp24k50 failover_policy Global Global

hp_xp24k50 recoveryoption[throttle] Nothrottle[0] Nothrottle[0]

hp_xp24k50 recoveryoption[errorretry] Timebound[300] Timebound[300]

hp_xp24k50 redundancy 0 0

hp_xp24k50 dmp_lun_retry_timeout 0 0

hp_xp24k50 failovermode - -

(Solaris1:/root)#

(Solaris1:/root)# vxdmpadm setattr enclosure hp_p95000 recoveryoption=timebound iotimeout=320

(Solaris1:/root)#

(Solaris1:/root)# vxdmpadm getattr enclosure hp_xp24k50

ENCLR_NAME ATTR_NAME DEFAULT CURRENT

============================================================================

hp_xp24k50 iopolicy MinimumQ MinimumQ

hp_xp24k50 partitionsize 512 512

hp_xp24k50 use_all_paths - -

hp_xp24k50 failover_policy Global Global

hp_xp24k50 recoveryoption[throttle] Nothrottle[0] Nothrottle[0]

hp_xp24k50 recoveryoption[errorretry] Timebound[300] Timebound[300]

hp_xp24k50 redundancy 0 0

hp_xp24k50 dmp_lun_retry_timeout 0 0

hp_xp24k50 failovermode - -

(Solaris1:/root)# vxdmpadm getattr enclosure hp_p95000

ENCLR_NAME ATTR_NAME DEFAULT CURRENT

============================================================================

hp_p95000 iopolicy MinimumQ MinimumQ

hp_p95000 partitionsize 512 512

hp_p95000 use_all_paths - -

hp_p95000 failover_policy Global Global

hp_p95000 recoveryoption[throttle] Nothrottle[0] Nothrottle[0]

hp_p95000 recoveryoption[errorretry] Timebound[300] Timebound[320]

hp_p95000 redundancy 0 0

hp_p95000 dmp_lun_retry_timeout 0 0

hp_p95000 failovermode - -

(Solaris1:/root)#

(Solaris1:/root)# vxdmpadm setattr enclosure hp_xp24k50 recoveryoption=timebound iotimeout=320

(Solaris1:/root)# recoveryoption=timebound iotimeout=320

(Solaris1:/root)#

(Solaris1:/root)# vxdmpadm getattr enclosure hp_xp24k50

ENCLR_NAME ATTR_NAME DEFAULT CURRENT

============================================================================

hp_xp24k50 iopolicy MinimumQ MinimumQ

hp_xp24k50 partitionsize 512 512

hp_xp24k50 use_all_paths - -

hp_xp24k50 failover_policy Global Global

hp_xp24k50 recoveryoption[throttle] Nothrottle[0] Nothrottle[0]

hp_xp24k50 recoveryoption[errorretry] Timebound[300] Timebound[320]

hp_xp24k50 redundancy 0 0

hp_xp24k50 dmp_lun_retry_timeout 0 0

hp_xp24k50 failovermode - -

(Solaris1:/root)# vxdmpadm getattr enclosure hp_p95000

ENCLR_NAME ATTR_NAME DEFAULT CURRENT

============================================================================

hp_p95000 iopolicy MinimumQ MinimumQ

hp_p95000 partitionsize 512 512

hp_p95000 use_all_paths - -

hp_p95000 failover_policy Global Global

hp_p95000 recoveryoption[throttle] Nothrottle[0] Nothrottle[0]

hp_p95000 recoveryoption[errorretry] Timebound[300] Timebound[320]

hp_p95000 redundancy 0 0

hp_p95000 dmp_lun_retry_timeout 0 0

hp_p95000 failovermode - -

(Solaris1:/root)#

(Solaris1:/root)# vxdmpadm getattr enclosure hp_xp24k50 | grep Timebound

hp_xp24k50 recoveryoption[errorretry] Timebound[300] Timebound[320]

(Solaris1:/root)# vxdmpadm getattr enclosure hp_p95000 | grep Timebound

hp_p95000 recoveryoption[errorretry] Timebound[300] Timebound[320]

(Solaris1:/root)#

(Solaris1:/root)# vxdmpadm getattr enclosure hp_xp24k50 | grep Timebound; vxdmpadm getattr enclosure hp_p95000 | grep Timebound

hp_xp24k50 recoveryoption[errorretry] Timebound[300] Timebound[320]

hp_p95000 recoveryoption[errorretry] Timebound[300] Timebound[320]

(Solaris1:/root)#

Monday, September 10, 2012

Resize a FS with space from a specific disk

In a disk group, where some volumes are stripped and some are concat, while adding disk space to a concat volume, care needs to be taken.

For STRIPE volumes, when adding a new disk, the whole stripe has to be relayedout.

Solaris1:/root# vxprint -htg DG-DBDG | grep -i STRIP

pl VOL-DBDG-ARCH01-02 VOL-DBDG-ARCH01 ENABLED ACTIVE 1822425088 STRIPE 11/8192 RW

pl VOL-DBDG-DTA01-02 VOL-DBDG-DTA01 ENABLED ACTIVE 678232064 STRIPE 8/8192 RW

pl VOL-DBDG-DTA04-02 VOL-DBDG-DTA04 ENABLED ACTIVE 3091324928 STRIPE 19/8192 RW

pl VOL-DBDG-DTA05-02 VOL-DBDG-DTA05 ENABLED ACTIVE 2910044160 STRIPE 18/8192 RW

pl VOL-DBDG-DTA06-02 VOL-DBDG-DTA06 ENABLED ACTIVE 2910044160 STRIPE 18/8192 RW

pl VOL-DBDG-DTA07-02 VOL-DBDG-DTA07 ENABLED ACTIVE 2910044160 STRIPE 18/8192 RW

pl VOL-DBDG-ID01-02 VOL-DBDG-ID01 ENABLED ACTIVE 671121408 STRIPE 12/8192 RW

pl VOL-DBDG-ID04-02 VOL-DBDG-ID04 ENABLED ACTIVE 1343619072 STRIPE 16/8192 RW

pl VOL-DBDG-ID05-02 VOL-DBDG-ID05 ENABLED ACTIVE 1121992704 STRIPE 14/8192 RW

pl VOL-DBDG-ID06-02 VOL-DBDG-ID06 ENABLED ACTIVE 1121992704 STRIPE 14/8192 RW

pl VOL-DBDG-ID07-02 VOL-DBDG-ID07 ENABLED ACTIVE 1121992704 STRIPE 14/8192 RW

pl VOL-DBDG-MIDO01-02 VOL-DBDG-MIDO01 ENABLED ACTIVE 62914560 STRIPE 8/8192 RW

pl VOL-DBDG-RBS01-02 VOL-DBDG-RBS01 ENABLED ACTIVE 381681664 STRIPE 13/8192 RW

pl VOL-DBDG-RDO01-02 VOL-DBDG-RDO01 ENABLED ACTIVE 62914560 STRIPE 8/8192 RW

pl VOL-DBDG-TMP01-02 VOL-DBDG-TMP01 ENABLED ACTIVE 1006632960 STRIPE 12/8192 RW

For CONCAT volumes, it is straight extension but the disk that was added needs to be used only for this volume and shouldn't mix with the STRIPE volumes.

Solaris1:/root# vxprint -htg DG-DBDG | grep -i CONCAT

pl VOL-DBDG-bkp01-02 VOL-DBDG-bkp01 ENABLED ACTIVE 63955712 CONCAT - RW

pl VOL-DBDG-ptr-02 VOL-DBDG-ptr ENABLED ACTIVE 4194304 CONCAT - RW

pl VOL-DBDG-mon-02 VOL-DBDG-mon ENABLED ACTIVE 2097152 CONCAT - RW

Solaris1:/root#

Solaris1:/root# df -h /DG-DBDG/bkp01

Filesystem size used avail capacity Mounted on

/dev/vx/dsk/DG-DBDG/VOL-DBDG-bkp01

13G 4.6G 8.3G 36% /DG-DBDG/bkp01

Solaris1:/root#

Solaris1:/root# vxprint -htg DG-DBDG -v VOL-DBDG-bkp01

V NAME RVG/VSET/CO KSTATE STATE LENGTH READPOL PREFPLEX UTYPE

PL NAME VOLUME KSTATE STATE LENGTH LAYOUT NCOL/WID MODE

SD NAME PLEX DISK DISKOFFS LENGTH [COL/]OFF DEVICE MODE

SV NAME PLEX VOLNAME NVOLLAYR LENGTH [COL/]OFF AM/NM MODE

SC NAME PLEX CACHE DISKOFFS LENGTH [COL/]OFF DEVICE MODE

DC NAME PARENTVOL LOGVOL

SP NAME SNAPVOL DCO

EX NAME ASSOC VC PERMS MODE STATE

v VOL-DBDG-bkp01 - ENABLED ACTIVE 28304128 SELECT - fsgen

pl VOL-DBDG-bkp01-02 VOL-DBDG-bkp01 ENABLED ACTIVE 28304128 CONCAT - RW

sd DSK-DBDG-2B04-01 VOL-DBDG-bkp01-02 DSK-DBDG-2B4 0 28304128 0 hp_p95000_2b4 ENA

Solaris1:/root#

Solaris1:/root# /etc/vx/bin/vxdisksetup -i hp_p95000_2f9

Solaris1:/root# vxdisk -o alldgs -e list | grep -i 2f9

hp_p95000_2f9 auto:cdsdisk - - online thinrclm c2t50060E80164EF966d80s2 tprclm fc tc-pvol pvol

Solaris1:/root#

Solaris1:/root# vxdg -g DG-DBDG adddisk DSK-DBDG-2F9=hp_p95000_2f9

Solaris1:/root#

Solaris1:/root# /etc/vx/bin/vxresize -g DG-DBDG VOL-DBDG-bkp01 +17g DSK-DBDG-2F9

Solaris1:/root#

Solaris1:/root# df -h /DG-DBDG/bkp01

Filesystem size used avail capacity Mounted on

/dev/vx/dsk/DG-DBDG/VOL-DBDG-bkp01

30G 4.6G 24G 17% /DG-DBDG/bkp01

Solaris1:/root#

Solaris1:/root# vxprint -htg DG-DBDG -v VOL-DBDG-bkp01

V NAME RVG/VSET/CO KSTATE STATE LENGTH READPOL PREFPLEX UTYPE

PL NAME VOLUME KSTATE STATE LENGTH LAYOUT NCOL/WID MODE

SD NAME PLEX DISK DISKOFFS LENGTH [COL/]OFF DEVICE MODE

SV NAME PLEX VOLNAME NVOLLAYR LENGTH [COL/]OFF AM/NM MODE

SC NAME PLEX CACHE DISKOFFS LENGTH [COL/]OFF DEVICE MODE

DC NAME PARENTVOL LOGVOL

SP NAME SNAPVOL DCO

EX NAME ASSOC VC PERMS MODE STATE

v VOL-DBDG-bkp01 - ENABLED ACTIVE 63955712 SELECT - fsgen

pl VOL-DBDG-bkp01-02 VOL-DBDG-bkp01 ENABLED ACTIVE 63955712 CONCAT - RW

sd DSK-DBDG-2B04-01 VOL-DBDG-bkp01-02 DSK-DBDG-2B4 0 28304128 0 hp_p95000_2b4 ENA

sd DSK-DBDG-2F98-01 VOL-DBDG-bkp01-02 DSK-DBDG-2F9 0 35651584 28304128 hp_p95000_2f9 ENA

Solaris1:/root#