Archives For December 2009

OpenBSD and VirtualBox

December 14, 2009 — 6 Comments

I’ve been using OpenBSD since the 3.0 version as desktop, in my home servers and even in production systems, some time ago I decided to virtualize my OpenBSD infrastructre first with VMware Server and later with VirtualBox (both of them with Linux as the host system) which is much more powerfull; but when I started to use VirtualBox a year or so ago I discovered that installing OpenBSD in VirtualBox can be a pain in the ass.

The installation went smothly until I got the following error:

uid 0 on /: file system full
/: write failed, file system is full
Segmentation fault

Sometimes the installation started despite of the error but it did not finish correctly, others  the installation process hung up and had to forcely shutdown the VM or simply the installation aborted. I tried several times and got some weird errors and the previous error not always at the same step.

I did a small research and found a couple of solutions for this issue.  The first solution was to enable VT-x/AMD-V virtualiztion extensions, but my processor didn’t have those extensions so this solution didn’t solve my problem.

The second workaround finally allowed me to install OpenBSD without errors. The virtual machine has to be started from the command line with the -norawr0 option:

jmr@wopr:~# VirtualBox -startvm <uid_or_name_of_the_vm> -norawr0

jmr@wopr:~# VBoxSDL -norawr0 -vm <uid_or_name_of_the_vm>

One final note, with OpenBSD 4.6 I didn’t get the error, even with a processor without the VT-x extensions.

Juanma.

Hardening dilemma

December 14, 2009 — Leave a comment

When you have to secure a system you probably have come to the dilemma ‘Which method is the best? Bastille or manual hardening?’ at least I did it.

Bastille is a very good option, it will ease the process and you can even use the “Install Time Security” during the installation of new systems or use the configuration files in an already runing system (the files are in /etc/opt/sec_mgmt/bastille/configs/defaults), but some time ago I decide that it didn’t suit my needings since I like to mantain the control of the whole process.

If you really want to be sure that every corner in your systems is properly secured and monitored it is worthwhile to spend some time studiying your severs and the services running and its dependencies. After the compilation of all that data you can develop a generic security policy and use it as starting-point to customize the security of every server.

In the end of course this is up to you, you must choose whatever suits better your needings.

Juanma.

HP-UX security resources

December 10, 2009 — Leave a comment

Recently a friend asked me about HP-UX security and where to find useful information. We have to admit it, there are not many resources out there about HP-UX security and the great majority of them are obsolete since they are about HP-UX 10.20 or even 9.x. Let’s take a look…

HP Docs is the first place to look for information, there you will find a lot of docs regarding HP-UX security, IPFilter, HP-UX Bastille and other products and manuals concerning security. Following is a reference of useful docs that can be found on this site:

Second in our small list is the yet classic but still very useful Kevin Steves’ great document “Building a Bastion Host Using HP-UX 11“. This is without any doubt (at least for me) the best document about HP-UX hardening ever done. Although it was written seven years ago it still applies to a wide variety of areas.

In the Center fo Information Security you will find the “CIS Level 1 Benchmark for HP-UX“. These benchmarks are a compilation of security confiigurations, settings and best practices. Current version applies to all three versions of HP-UX 11i so it is worthwhile to read them. It will ask for registration prior to allow you to download the docs.

In the ITRC Forums there is a HP-UX Security forum, it is not the most active forum in ITRC but if you post a question you will find that the people is willing to help you.

HP Security Bulletins. Throught ITRC you can subscribe to several digests and bulletins, including the HP-UX Security and HP-UX 11.x patches.

Security specific websites. There are a lot of sites and portals focused in security, and in all of them you can find papers about Unix security hardening in general and even some HP-UX specific papers, but as I said at the begining most of them are obselete. I usually read Security Focus but there are many others just do a search in Google and you will find them.

Security mailing lists. Probably the most known security mailing list is Bugtraq but there are others, they talk about HP-UX security bugs from time to time.

And this is the end… well not really. These are the resources I use in my everyday work, if any of you know about other resources please comment them.

See you next time.

Juanma.

Along my career as HP-UX administrator one of the most useful tools has been Ignite-UX. This is, IMHO, the most powerful backup/recovery/deployment tool above any other currently present in the Unix OS family (Solaris JumpStart, RH Kickstart, AIX NIM…).

It allows you to deploy several clients simultaneously, create install images (golden images), perform OS backups for disaster recovery, etc. In this post I will show how to manually set-up a new Itanium server with Ignite-UX from the “ignited image” of another server. The example shows an Itanium partionable system, the procedure for a non-partionable client is slightly different and I will talk about it in a future post.

In the client:

  • Boot your new server into the EFI Shell and with the lanaddres command search for our MAC:
Shell> lanaddress

LAN Address Information

 LAN Address        Path
 -----------------  ----------------------------------------
 *Mac(XXXXXXXXXXXX)  Acpi(HWP0002,PNP0A03,100)/Pci(1|0)/Mac(XXXXXXXXXXXX)
 Mac(YYYYYYYYYYYY)  Acpi(HWP0002,PNP0A03,100)/Pci(1|1)/Mac(YYYYYYYYYYYY)
 Mac(000000000000)  Acpi(HWP0002,PNP0A03,200)/Pci(2|0)/Mac(000000000000)
 Mac(00AA00AA00AA)  Acpi(HWP0002,PNP0A03,200)/Pci(2|1)/Mac(00AA00AA00AA)
  • Create a new Direct Boot Profile:
Shell> dbprofile -dn newserver -sip 10.10.10.2 -cip 10.10.10.35 -gip 10.31.4.1 -m 255.255.255.0 -b "/opt/ignite/boot/nbp.efi"
Creating profile newserver

The dbprofile command is exclusive for partionable servers:

  1. - dn  Name of the new profile
  2. - sip IP address of the Ignite-UX server.
  3. - cip Address of the client.
  4. - gip Gateway.
  5. -m Network Mask.
  6. -b Boot file name.

In the Ignite server:

  • Create the directory /var/opt/ignite/clients/<0xMAC_of_the_client>.
[ignite]/var/opt/ignite/clients # mkdir 0xXXXXXXXXXXXX
  • Put bin:sys as owner:group of the new directory.
[ignite]/var/opt/ignite/clients # chown bin:sys 0xXXXXXXXXXXXX
  • Create a link <client> -> <0xMAC_of_the_client> in the same location.
[ignite]/var/opt/ignite/clients # ln -s 0xXXXXXXXXXXXX newserver
  • Put bin:bin as owner of the link.
[ignite]/var/opt/ignite/clients # chown -h bin:bin newserver
  • Copy the data from the “source client” to the “target client”.
[ignite]/var/opt/ignite/clients/source_server # find CINDEX recovery | cpio -pdvma ../newserver
../newserver/CINDEX
../newserver/recovery/client_status
../newserver/recovery/2009-03-20,10:41/recovery.log
../newserver/recovery/2009-03-20,10:41/archive_content
../newserver/recovery/2009-03-20,10:41/system_cfg
../newserver/recovery/2009-03-20,10:41/control_cfg
../newserver/recovery/2009-03-20,10:41/flist
../newserver/recovery/2009-03-20,10:41/archive_cfg
../newserver/recovery/2009-03-20,10:41/manifest
../newserver/recovery/defaults
../newserver/recovery/archive_content
../newserver/recovery/2009-04-07,10:50/recovery.log
../newserver/recovery/2009-04-07,10:50/archive_content
../newserver/recovery/2009-04-07,10:50/system_cfg
../newserver/recovery/2009-04-07,10:50/control_cfg
../newserver/recovery/2009-04-07,10:50/flist
../newserver/recovery/2009-04-07,10:50/archive_cfg
../newserver/recovery/2009-04-07,10:50/manifest
../newserver/recovery/2009-04-07,11:50/recovery.log
../newserver/recovery/2009-04-07,11:50/archive_content
../newserver/recovery/2009-04-07,11:50/system_cfg
../newserver/recovery/2009-04-07,11:50/control_cfg
../newserver/recovery/2009-04-07,11:50/flist
../newserver/recovery/2009-04-07,11:50/archive_cfg
../newserver/recovery/2009-04-07,11:50/manifest
65202 blocks

Now we have to share the new directory via NFS. In HP-UX 11.31 is quite simple, add the corresponding line in /etc/dfs/dfstab and execute the shareall -F nfs command.

In our example server it will shows like this:

[ignite]/etc/dfs # cat dfstab
#       place share(1M) commands here for automatic execution #       on entering init state 3.
#
#       share [-F fstype] [ -o options] [-d "<text>"] <pathname>
#       .e.g,
#       share  -F nfs  -o rw=engineering  -d "home dirs"  /home
share -F nfs -o anon=2 /var/opt/ignite/clients
share -F nfs -o sec=sys,anon=2,rw=newserver.my.dom /var/opt/ignite/recovery/archives/newserver

If the newserver hostname is not included in your DNS you have to add it to the /etc/hosts of the Ignite server.

The next step is in the client EFI Shell, we boot it with lanboot command.

Shell> lanboot select -dn newserver
 01 Acpi(HWP0002,PNP0A03,100)/Pci(1|0)/Mac(XXXXXXXXXXXX)
02 Acpi(HWP0002,PNP0A03,100)/Pci(1|1)/Mac(YYYYYYYYYYYY)
03 Acpi(HWP0002,PNP0A03,200)/Pci(2|0)/Mac(000000000000)
04 Acpi(HWP0002,PNP0A03,200)/Pci(2|1)/Mac(00AA00AA00AA)
Select Desired LAN: 01
Selected Acpi(HWP0002,PNP0A03,100)/Pci(1|0)/Mac(XXXXXXXXXXXX)

Client MAC Address: XXXXXXXXXXXX
Client IP Address: 10.10.10.35
Subnet Mask: 255.255.255.0
BOOTP Server IP Address: 10.10.10.2
DHCP Server IP Address: 0.0.0.0
Boot file name: /opt/ignite/boot/nbp.efi

Retrieving File Size.
Retrieving File (TFTP).
@(#) HP-UX IA64 Network Bootstrap Program Revision 1.1
Downloading HPUX bootloader
Starting HPUX bootloader
Obtaining size of fpswa.efi   (328192 bytes)
Downloading file  fpswa.efi   (328192 bytes)

(C) Copyright 1999-2008 Hewlett-Packard Development Company, L.P.
All rights reserved

HP-UX Boot Loader for IPF  --  Revision 2.037

Booting from Lan
Obtaining size of AUTO   (226 bytes)
Downloading file  AUTO   (226 bytes)
Obtaining size of AUTO   (226 bytes)
Downloading file  AUTO   (226 bytes)

Obtaining size of AUTO   (226 bytes)
Downloading file  AUTO   (226 bytes)
 1.  target OS is B.11.23 IA
 2.  target OS is B.11.31 IA
 3.  Exit Boot Loader

Choose an operating system to install that your hardware supports:2
Obtaining size of AUTO   (226 bytes)
Downloading file  AUTO   (226 bytes)
Obtaining size of Rel_B.11.31/IINSTALL   (51685533 bytes)
Downloading file  Rel_B.11.31/IINSTALL   (51685533 bytes)
> System Memory = 12257 MB
loading section 0
.................................................................................................... (complete)
loading section 1
...................... (complete)
loading symbol table
Obtaining size of Rel_B.11.31/IINSTALLFS   (61341696 bytes)
Downloading file  Rel_B.11.31/IINSTALLFS   (61341696 bytes)
loading ram disk file (Rel_B.11.31/IINSTALLFS).
.....................................................................................................................
 (complete)

================================================================================
WARNING: Multiple console output devices are configured. If this message
remains on the screen for more than a few minutes, then this is not the
device in use by HP-UX as the console output device. If you would like this
device to be the one used by HP-UX as the console output device, reboot and
use the EFI boot manager or the EFI 'conconfig' command to select this device
and deconfigure the others.
================================================================================

Launching Rel_B.11.31/IINSTALL
SIZE: Text:50974K + Data:11077K + BSS:25419K = Total:87471K
Console is on Serial Device - via PCDP
Booting kernel...

krs_read_mfs: Error 5 opening MFS.
Loaded ACPI revision 2.0 tables.
krs_read_mfs: Error 5 opening MFS.

Memory Class Setup
-------------------------------------------------------------------------
Class     Physmem              Lockmem              Swapmem
-------------------------------------------------------------------------
System :  11659 MB             11659 MB             11659 MB
Kernel :  11659 MB             11659 MB             11659 MB
User   :  10803 MB             9577 MB              9615 MB
-------------------------------------------------------------------------

ktracer is off until requested.
Installing Socket Protocol families AF_INET and AF_INET6
Kernel EVM initialized
sec_init(): kernel RPC authentication/security initialization.
secgss_init():  kernel RPCSEC_GSS security initialization.
rpc_init(): kernel RPC initialization.
rpcmod_install(): kernel RPC STREAMS module "rpcmod" installation. ...(driver_install)
NOTICE: nfs_client_pv3_install(): nfs3 File system was registered at index 10.
NOTICE: nfs_client_pv4_install(): nfs4 File system was registered at index 11.

 System Console is on the Built-In Serial Interface
igelan2: INITIALIZING HP PCI-X 1000Mbps Dual-port Built-in at hardware path 0/2/2/0
igelan0: INITIALIZING HP PCI-X 1000Mbps Dual-port Built-in at hardware path 0/1/1/0
igelan1: INITIALIZING HP PCI-X 1000Mbps Dual-port Built-in at hardware path 0/1/1/1
igelan3: INITIALIZING HP PCI-X 1000Mbps Dual-port Built-in at hardware path 0/2/2/1
AF_INET socket/streams output daemon running, pid 35
afinet_prelink: module installed
Starting the STREAMS daemons-phase 1
 Swap device table:  (start & size given in 512-byte blocks)
 entry 0 - auto-configured on root device; ignored - no room
WARNING: No swap device configured, so dump cannot be defaulted to primary swap.
WARNING: No dump devices are configured.  Dump is disabled.
Create STCP device files
Starting the STREAMS daemons-phase 2
 $Revision: vmunix:    B.11.31_LR FLAVOR=perf nfsauth: lookupname: 2

Memory Information:
 physical page size = 4096 bytes, logical page size = 4096 bytes
 Physical: 12551908 Kbytes, lockable: 9810760 Kbytes, available: 10807748 Kbytes

 * Preparing to execute init...
=======  04/07/09 06:33:05 EDT  HP-UX Installation Initialization.
 @(#)Ignite-UX Revision C.7.8.201
 @(#)ignite/launch (opt) Revision:
 /branches/IUX_RA0903/ignite/src@76987 Last Modified: 2009-02-05
 15:45:55 -0700 (Thu, 05 Feb 2009)
 * Configuring RAM filesystems...
 * No SAS disk/LUN swaps required, already in physical location order.
 * Scanning system for IO devices...
 * Boot device is: 0/1/1/0
NOTE:    Primary path not currently set to an existing disk device.
 * Setting keyboard language.

A USB interface has been detected on this system.
In order to use a keyboard on this interface, you must specify
a language mapping which will be used by X windows and
the Internal Terminal Emulator (ITE).
The characters "1234567890" will appear as "!@#$^&*()"
on keyboards that use the shift key to type a number.
Your choice will be stored in the file /etc/kbdlang

 1) USB_PS2_DIN_Belgian                  2) USB_PS2_DIN_Belgian_Euro
 3) USB_PS2_DIN_Danish                   4) USB_PS2_DIN_Danish_Euro
 5) USB_PS2_DIN_Euro_Spanish             6) USB_PS2_DIN_Euro_Spanish_Euro
 7) USB_PS2_DIN_French                   8) USB_PS2_DIN_French_Euro
 9) USB_PS2_DIN_German                  10) USB_PS2_DIN_German_Euro
11) USB_PS2_DIN_Italian                 12) USB_PS2_DIN_Italian_Euro
13) USB_PS2_DIN_JIS_109                 14) USB_PS2_DIN_Korean
15) USB_PS2_DIN_Norwegian               16) USB_PS2_DIN_Norwegian_Euro
17) USB_PS2_DIN_S_Chinese               18) USB_PS2_DIN_Swedish
19) USB_PS2_DIN_Swedish_Euro            20) USB_PS2_DIN_Swiss_French2_Euro
21) USB_PS2_DIN_Swiss_German2           22) USB_PS2_DIN_Swiss_German2_Euro
23) USB_PS2_DIN_T_Chinese               24) USB_PS2_DIN_UK_English
25) USB_PS2_DIN_UK_English_Euro         26) USB_PS2_DIN_US_English
27) USB_PS2_DIN_US_English_Euro

Enter the number of the language you want:6

You have selected the keyboard language USB_PS2_DIN_Euro_Spanish_Euro.
Please confirm your choice by pressing RETURN or enter a new number:
---------------------------------------------------------------------------------

 Welcome to Ignite-UX!

 Use the <tab> key to navigate between fields, and the arrow keys
 within fields.  Use the <return/enter> key to select an item.
 Use the <return/enter> or <space-bar> to pop-up a choices list.  If the
 menus are not clear, select the "Help" item for more information.

 Hardware Summary:         System Model: ia64 hp BL860c
 +----------------------+---------------+--------------------+[ Scan Again  ]
 | Disks: 1  (  136.0GB)| Floppies: 0   | LAN cards:   4     |
 | CD/DVDs:        0    | Tapes:    0   | Memory:    12257Mb |
 | Graphics Ports: 1    | IO Buses: 5   | CPUs:        4     |[ H/W Details ]
 +----------------------+---------------+--------------------+
                   [      Install HP-UX       ]

               [   Run an Expert Recovery Shell   ]

                   [    Advanced Options      ]

      [  Reboot  ]                              [  Help  ]

Now select “Install HP-UX” option. And the following screen appears where we select the “OK” option:

User Interface and Media Options

 This screen lets you pick from options that will determine if an
 Ignite-UX server is used, and your user interface preference.

 User Interface Options:
 [   ]  Guided Installation   (very basic installs - deprecated mode)
 [ * ]  Advanced Installation (recommended for disk and filesystem management)
 [   ]  No user interface - setup basic networking, use defaults and go
 [   ]  Remote graphical interface running on the Ignite-UX server

 Hint: If you need to make LVM size changes, or want to set the
 final networking parameters during the install, you will
 need to use the Advanced mode (or remote graphical interface).

 [   OK   ]                  [ Cancel ]                         [  Help  ]

In the next screen we select the corresponding lan interface:

LAN Interface Selection

 More than one network interface was detected on the system.  You
 will need to select the interface to enable.  Only one interface
 can be enabled, and it must be the one connected to the network
 that can be used in contacting the install and/or SD servers.

 Use the <tab> and/or arrow keys to move to the desired LAN device
 to enable, then press <Return>.

 HW Path    Interface   Station Address  Description
 ----------------------------------------------------------

 [ 0/1/1/0     lan0     0x001E0BFCEE94   HP_PCI-X_1000Mbps_Dual-port_Bu ]

 [ 0/1/1/1     lan1     0x001E0BFCEE95   HP_PCI-X_1000Mbps_Dual-port_Bu ]

 [ 0/2/2/0     lan2     0x001E0BFCEE92   HP_PCI-X_1000Mbps_Dual-port_Bu ]

 [ 0/2/2/1     lan3     0x001E0BFCEE93   HP_PCI-X_1000Mbps_Dual-port_Bu ]

It starts to search for the DHCP server, press Crtl-C to stop it. The install process prompts us for thw target client IP and hostname.

* Could not get DHCP information.  No host specific network defaults
 will be supplied.  (dhcpclient returned: 5)

--------------------------------------------------------------------------------------------
 NETWORK CONFIGURATION

 This system's hostname: nfsux02

 Internet protocol address (eg. 15.2.56.1) of this host: 10.10.10.35

 Default gateway routing internet protocol address: 10.10.10.1

 The subnet mask (eg. 255.255.248.0 or 0xfffff800): 255.255.255.0

 IP address of the Ignite-UX server system: 10.10.10.2

 Is this networking information only temporary?  [ No  ]

 [   OK   ]                  [ Cancel ]                         [  Help  ]

The new client is added to the Ignite-UX server. It shows a warning screen infroming that the disk device is not present in the system and it will substituted, this is normal since we are installing from an Ignite image of other server. Select “OK”.

----------------------------------------------------------------------------------------------
+                           /opt/ignite/bin/itool ()                           +
¦                                                                              ¦
¦ +-------++----------++--------++-------------++----------+                   ¦
¦ ¦ Basic ¦¦ Software ¦¦ System ¦¦ File System ¦¦ Advanced ¦                   ¦
¦ ¦+                                 Note                                  +--+¦
¦ ¦¦                                                                       ¦  ¦¦
¦ ¦¦ Message From: /opt/ignite/bin/itool ()                                ¦  ¦¦
¦ ¦¦                                                                       ¦  ¦¦
¦ ¦¦ NOTE: The disk with Device Specifier:                                 ¦  ¦¦
¦ ¦¦ "WWID='0x600508e00000000009e9a4d0f3569501'                            ¦  ¦¦
¦ ¦¦ PHYS_LOC='SAS:VOL019556F3D0A4E909:ENC01:BAYS01,02'                    ¦  ¦¦
¦ ¦¦ HW_PATH='0/2/1/0.0x19556f3d0a4e909.0x0'" does not exist on the system ¦  ¦¦
¦ ¦¦ and is being substituted by the disk at:                              ¦  ¦¦
¦ ¦¦ "WWID='0x600508e000000000a99ff86eef54f309'                            ¦  ¦¦
¦ ¦¦ PHYS_LOC='SAS:VOL09F354EF6EF89FA9:ENC01:BAYS01,02'                    ¦  ¦¦
¦ ¦¦ HW_PATH='0/2/1/0.0x9f354ef6ef89fa9.0x0'" (HP_IR_Volume)               ¦  ¦¦
¦ ¦¦                                                                       ¦ ]¦¦
¦ ¦¦-----------------------------------------------------------------------¦  ¦¦
¦ +¦                              [[ OK    ]]                              ¦--+¦
¦  +-----------------------------------------------------------------------+   ¦
¦------------------------------------------------------------------------------¦
¦ [  Go!   ]                       [ Cancel ]                       [  Help  ] ¦
+------------------------------------------------------------------------------+

------------------------------------------------------------------------------------------------

In the system tab enter the new hostname and IP address.

------------------------------------------------------------------------------------------------
+                           /opt/ignite/bin/itool ()                           +
¦                                                                              ¦
¦ +-------++----------++--------++-------------++----------+                   ¦
¦ ¦ Basic ¦¦ Software ¦¦ System ¦¦ File System ¦¦ Advanced ¦                   ¦
¦ +--------------------/        \---------------------------------------------+¦
¦ ¦                                                                           ¦¦
¦ ¦  Final System Parameters:  [ Set parameters now   ->]                     ¦¦
¦ ¦                                                                           ¦¦
¦ ¦  +------------------------------------------------------------------+     ¦¦
¦ ¦  ¦  Hostname:  nfsux02                                              ¦     ¦¦
¦ ¦  ¦                                                                  ¦     ¦¦
¦ ¦  ¦IP Address:  10.31.4.70      Subnet Mask:  0xffffff00             ¦     ¦¦
¦ ¦  ¦                                                                  ¦     ¦¦
¦ ¦  ¦      Time:  12:42  Day:  07  Month:  [ April     ->] Year:  2009 ¦     ¦¦
¦ ¦  +------------------------------------------------------------------+     ¦¦
¦ ¦    [ Set Time Zone (MET-1METDST ]   [     Network Services...    ]        ¦¦
¦ ¦    [    Set Root Password...    ]   [ Additional Interface(s)... ]        ¦¦
¦ ¦                                                                           ¦¦
¦ +---------------------------------------------------------------------------+¦
¦      [ Show Summary...  ]                          [ Reset Configuration ]   ¦
¦------------------------------------------------------------------------------¦
¦ [  Go!   ]                       [ Cancel ]                       [  Help  ] ¦
+------------------------------------------------------------------------------+
------------------------------------------------------------------------------------------------

Now reviewthe other parameters such swap space, filesystems, root password, etc. If everything isselect “Go!”, it will ask for confirmation:

------------------------------------------------------------------------------------------------
++                             itool Confirmation                             ++
¦¦                                                                            ¦¦
¦¦ All data will be destroyed on the following disks:                         ¦¦
¦¦                                                                            ¦¦
¦¦   Addr                                             Disk Size(M             ¦¦
¦¦ +--------------------------------------------------------------+           ¦¦
¦¦ ¦ 0/2/1/0:SAS:VOL09F354EF6EF89FA9:ENC01:BAYS01,02  139236 MB   ^           ¦¦
¦¦ ¦                                                                          ¦¦
¦¦ ¦                                                              v           ¦¦
¦¦ +<                                                            >+           ¦¦
¦¦                                                                            ¦¦
¦¦ The results of the preinstall analysis are:                                ¦¦
¦¦                                                                            ¦¦
¦¦ +--------------------------------------------------------------+           ¦¦
¦¦ ¦ NOTE: Free space (10485760KB) in "/var/adm/crash" where      ^           ¦¦
¦¦ ¦ /var/adm/crash is located is less than system memory                     ¦¦
¦¦ ¦ (12551908KB). This should be enough space to capture at                  ¦¦
¦¦ ¦ least a single dump (and likely more than that if the dump               ¦¦
¦¦ ¦ is selective and/or compressed) in the event of a system                 ¦¦
¦¦ ¦ crash. Additional space may be required to uncompress the    v           ¦¦
¦¦ +--------------------------------------------------------------+           ¦¦
¦¦----------------------------------------------------------------------------¦¦
+¦ [  Go!   ]                      [ < Back ]                      [  Help  ] ¦+
 +----------------------------------------------------------------------------+
------------------------------------------------------------------------------------------------

Select “Go!” again and the installation will begin. The warning message about the /var/adm/crash filesystem is completely normal, the creation of that filesystem is performed after the installation of the Operative System, at least I use to.

After a while if everything goes as expected you should have a new HP-UX server installed and ready, now it is time to review all the configuration parameters to check that nothing remains of the source client.

Hope you find this post useful, in the future I will write about the vg00 mirroring and other post-install tasks.

Juanma.

ioscan_fc2.sh

December 9, 2009 — 2 Comments

My first post is about one small, but great, piece of software I found some time ago in Olivier’s site mayoxide. This script is named ioscan_fc2.sh and you can find it in the software/toolbox area.

Basically with this script you can obtain a small and comprehensive report of every agile disk device in a 11.31 system. You can put the script in verbose mode with the -v switch and obtain more detailed info, you can also query for a single disk (-D) or a single LUN (-H). A few examples will be better to show how it works.

I find it very useful to set an alias for this script on the root’s profile of every server in which I have the script.

[root@ignite] / # alias ifc
alias ifc='/usr/local/scripts/ioscan_fc2.sh'
[root@ignite] / #

Show every disk:

[root@prod01] ~ # ifc | grep rdisk
/dev/rdisk/disk1     0x600508e0000000004911c7e407303805 ONLINE     64000/0xfa00/0x0     136     round_robin  8
/dev/rdisk/disk28    0x600508b40006cb7000006000094b0000 ONLINE     64000/0xfa00/0x2f    2       least_cmd_load 8
/dev/rdisk/disk29    0x600508b40006cb700000600009340000 ONLINE     64000/0xfa00/0x30    6       least_cmd_load 8
/dev/rdisk/disk30    0x600508b40006cb700000600009370000 ONLINE     64000/0xfa00/0x31    4       least_cmd_load 8
/dev/rdisk/disk31    0x600508b40006cb7000006000093e0000 ONLINE     64000/0xfa00/0x32    52      least_cmd_load 8
/dev/rdisk/disk32    0x600508b40006cb700000600009480000 ONLINE     64000/0xfa00/0x33    2       least_cmd_load 8
/dev/rdisk/disk37    0x600508b40006cb700000600009a90000 ONLINE     64000/0xfa00/0x34    4       least_cmd_load 8
/dev/rdisk/disk38    0x600508b40006cb700000600009a30000 ONLINE     64000/0xfa00/0x35    7       least_cmd_load 8
/dev/rdisk/disk43    0x600508b40006cb700000600009520000 ONLINE     64000/0xfa00/0x36    4       least_cmd_load 8
/dev/rdisk/disk52    0x600508b40006cb7000006000095a0000 ONLINE     64000/0xfa00/0x37    10      least_cmd_load 8
/dev/rdisk/disk53    0x600508b40006cb700000600009570000 ONLINE     64000/0xfa00/0x38    10      least_cmd_load 8
/dev/rdisk/disk60    0x600508b40006cb700000600009660000 ONLINE     64000/0xfa00/0x39    2       least_cmd_load 8
/dev/rdisk/disk61    0x600508b40006cb700000600009610000 ONLINE     64000/0xfa00/0x3a    3       least_cmd_load 8
/dev/rdisk/disk62    0x600508b40006cb700000600009690000 ONLINE     64000/0xfa00/0x3b    76      least_cmd_load 8
/dev/rdisk/disk77    0x600508b40006cb700000600009750000 ONLINE     64000/0xfa00/0x3c    1       least_cmd_load 8
/dev/rdisk/disk78    0x600508b40006cb700000600009700000 ONLINE     64000/0xfa00/0x3d    1       least_cmd_load 8
/dev/rdisk/disk95    0x600508b40006cb7000006000097d0000 ONLINE     64000/0xfa00/0x3e    2       least_cmd_load 8
/dev/rdisk/disk96    0x600508b40006cb7000006000097a0000 ONLINE     64000/0xfa00/0x3f    72      least_cmd_load 8
/dev/rdisk/disk97    0x600508b40006cb700000600009800000 ONLINE     64000/0xfa00/0x40    3       least_cmd_load 8
/dev/rdisk/disk98    0x600508b40006cb700000600009890000 ONLINE     64000/0xfa00/0x41    20      least_cmd_load 8
/dev/rdisk/disk107   0x600508b40006cb7000006000098c0000 ONLINE     64000/0xfa00/0x42    1       least_cmd_load 8
/dev/rdisk/disk108   0x600508b40006cb7000006000098f0000 ONLINE     64000/0xfa00/0x43    1       least_cmd_load 8
/dev/rdisk/disk114   0x600508b40006cb700000600009be0000 ONLINE     64000/0xfa00/0x45    3       least_cmd_load 8
/dev/rdisk/disk119   0x600508b40006cb700000600009de0000 ONLINE     64000/0xfa00/0x46    3       least_cmd_load 8
/dev/rdisk/disk122   0x600508b40006cb700000600009e40000 ONLINE     64000/0xfa00/0x47    32      least_cmd_load 8
/dev/rdisk/disk127   0x600508b40006cb700000600009ef0000 ONLINE     64000/0xfa00/0x48    11      least_cmd_load 8
[root@prod01] ~ #

Single device query:

[root@prod01] ~ # ifc -D /dev/rdisk/disk127

disk                 wwid                               state      lun_hw_path          size_gb load_bal     max_q_depth
/dev/rdisk/disk127   0x600508b40006cb700000600009ef0000 ONLINE     64000/0xfa00/0x48    11      least_cmd_load 8
 0/3/0/0/0/0.0x50001fe15010bf4a.0x4019000000000000 ACTIVE     (LUN # 25, Flat Space Addressing)
 0/3/0/0/0/0.0x50001fe15010bf4e.0x4019000000000000 STANDBY    (LUN # 25, Flat Space Addressing)
 0/3/0/0/0/1.0x50001fe15010bf4b.0x4019000000000000 ACTIVE     (LUN # 25, Flat Space Addressing)
 0/3/0/0/0/1.0x50001fe15010bf4f.0x4019000000000000 STANDBY    (LUN # 25, Flat Space Addressing)
[root@prod01] ~ #

Verbose mode:

[root@ignite] / # ifc -v 

disk                 wwid                               state      lun_hw_path          size_gb load_bal     max_q_depth
/dev/rdisk/disk3     0x600508e000000000ecc83792ea772803 ONLINE     64000/0xfa00/0x0     135     round_robin  8
 0/2/1/0.0x32877ea9237c8ec.0x0 ACTIVE     (LUN # 0, Peripheral Addressing)
scope                                                   vg_holder
"/escsi/esdisk/0x0/HP      /IR Volume       /HP01"      /dev/vg00                               

disk                 wwid                               state      lun_hw_path          size_gb load_bal     max_q_depth
/dev/rdisk/disk10    0x600508b40006cb700000600008bb0000 ONLINE     64000/0xfa00/0x29    300     least_cmd_load 8
 0/3/0/0/0/0.0x50001fe15010bf4a.0x4001000000000000 ACTIVE     (LUN # 1, Flat Space Addressing)
 0/3/0/0/0/0.0x50001fe15010bf4e.0x4001000000000000 STANDBY    (LUN # 1, Flat Space Addressing)
 0/3/0/0/0/1.0x50001fe15010bf4b.0x4001000000000000 ACTIVE     (LUN # 1, Flat Space Addressing)
 0/3/0/0/0/1.0x50001fe15010bf4f.0x4001000000000000 STANDBY    (LUN # 1, Flat Space Addressing)
scope                                                   vg_holder
"/escsi/esdisk/0x0/HP      /HSV210          /6110"      /dev/vgignite
[root@ignite] / #

As you can see, with ioscan_fc2.sh (aliased as ifc in my examples), a lot of useful information about the storage stack of an HP-UX can be obtained. Yes someone can say that the info is obtained with HP-UX commands and that’s it is completely true but this script gets the info in a more elegant way and more important, at least for me, in one command.

Olivier has done a great work with this script, I recommend his blog and his software site, they are a must for every HP-UX System Administrator.

With his permission here it is a modified version that shows the VG holder with the verbose switch:

#!/bin/sh
#
# ioscan_fc2.sh
#
# Gives out a comprehensive report of all agile disk devices on on HP-UX 11iv3 system
#
# N.B. This is still beta. I don't have enough 11.31 servers available to test
#      the script to its full extent.
#
#
# (c) 2008 Olivier S. Masse, omasse ~at~ mayoxide ~dot~ com
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
#
#
#
version="@(#) v0.22 2009/02/09"

verbose=0

function usage
{
 typeset myself=$(basename $0)
 echo
 echo "ioscan_fc2 ${version}"
 echo
 echo "Usage: ${myself} [-v] [-H lun_hwpath | -D agile_dsf ...]"
 echo
 echo "Examples:"
 echo "   ${myself}"
 echo "   ${myself} -H 64000/0xfa00/0xa"
 echo "   ${myself} -D /dev/disk/disk73"
 echo
 exit 1
}

if [ ! "$(uname -r)" = "B.11.31" ]
then
 echo "Tested only on B.11.31, sorry."
 exit 1
fi

if [ "$1" ]
then
 case "$1" in
 -v) shift; verbose=1;;
 -H) shift; [ "$1" = "" ] &amp;&amp; usage || desired_hwpath=${1};;
 -D) shift; [ "$1" = "" ] &amp;&amp; usage || desired_disk=${1};;
 *)  usage;;
 esac
fi

scsimgr_cmd="scsimgr get_attr all_lun -a device_file -a hw_path -a state -a capacity -a block_size -a wwid -a load_bal_policy -a max_q_depth -p"
[ ! "${desired_hwpath}" = "" ] &amp;&amp; scsimgr_cmd="scsimgr get_attr -H ${desired_hwpath} -a device_file -a hw_path -a state -a capacity -a block_size -a wwid -a load_bal_policy -a max_q_depth -p"
[ ! "${desired_disk}" = "" ] &amp;&amp; scsimgr_cmd="scsimgr get_attr -D ${desired_disk} -a device_file -a hw_path -a state -a capacity -a block_size -a wwid -a load_bal_policy -a max_q_depth -p"

eval ${scsimgr_cmd} | grep rdisk | while IFS=":" read device_file hw_path state capacity block_size wwid load_bal_policy max_q_depth
do
 if [ "${capacity}" = "" ]   # capacity is nul if device was unpresented
 then
 size_gb="???"
 else
 echo "crap" | awk '{printf("%i\n", '"${capacity}"' * '"${block_size}"' / 1024 / 1024 / 1024);}' | read size_gb
 fi
 echo
 printf "%-20s %-34s %-10s %-20s %-7s %-12s %-12s\n" disk wwid state lun_hw_path size_gb load_bal max_q_depth
 printf "%-20s %-34s %-10s %-20s %-7s %-12s %-12s\n" "${device_file}" "${wwid}" "${state}" "${hw_path}" "${size_gb}" "${load_bal_policy}" "${max_q_depth}"

 ioscan -kFm hwpath -H ${hw_path} | while IFS=":" read crap lunpath crap
 do
 scsimgr get_attr -H ${lunpath} -a state -p | read lunpath_state
 scsimgr get_attr -H ${lunpath} -a lunid | grep "current =" | read crap crap lunpath_lun
 printf "%55s %-10s %-30s\n" "${lunpath}" "${lunpath_state}" "${lunpath_lun}"
 done | sort -k 1,1

 if [ ${verbose} -eq 1 ]
 then
 printf "%-55s %-40s\n" scope vg_holder
 scsimgr ddr_name -D ${device_file} rev | tail -1 | read ddr_name
 [ "${ddr_name}" = "" ] &amp;&amp; ddr_name="(unknown)"

 echo ${device_file} | sed 's/rdisk/disk/g' | read cooked_device_file
 if [ -c ${device_file}_p2 ]
 then
 pvdisplay ${cooked_device_file}_p2 2&gt;/dev/null | awk '/VG Name/ {print $3}' | read vg
 else
 pvdisplay ${cooked_device_file} 2&gt;/dev/null | awk '/VG Name/ {print $3}' | read vg
 fi
 [ "${vg}" = "" ] &amp;&amp; vg="(unknown)"
 printf "%-55s %-40s\n" "${ddr_name}" "${vg}"
 fi
done

See you next time.

Juanma.

Hello world!

December 7, 2009 — Leave a comment

OK, this it. Finally I manage to get some time to start my technical blog.

First of all this is not going to a be a blog in the guru style since I don’t consider myself a guru. This is going to be a bit of a ragbag, with tips and thoughs from my day to day work and my past experience. Of course it will be focused mainly in HP-UX and virtualisation.

Hope you like it, all comments are welcome ;-)