tag:blogger.com,1999:blog-53913251299659394582024-03-25T14:57:39.272+01:00AIX for System AdministratorsPractical Guide to AIX (and PowerVM, PowerHA, PowerVC, HMC, DevOps ...)aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.comBlogger169125tag:blogger.com,1999:blog-5391325129965939458.post-3774166505625883562024-01-25T15:00:00.003+01:002024-01-25T15:01:47.035+01:00<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBiGn7cvv-ywElN2ozJJLbqszV6cOuLE-_37ivQGc-OTeqlKOz9rcQ9WDfIIzpgSC-GnO2DoKzID-SfLtcBjP9TDo9LKVo0LL1VOCjXBT7lsFtHk90p3jze2l6TWjX066TKhUJJNvcoDjN/s1600/leading_it_site_to_watch_2013.png" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhBiGn7cvv-ywElN2ozJJLbqszV6cOuLE-_37ivQGc-OTeqlKOz9rcQ9WDfIIzpgSC-GnO2DoKzID-SfLtcBjP9TDo9LKVo0LL1VOCjXBT7lsFtHk90p3jze2l6TWjX066TKhUJJNvcoDjN/s1600/leading_it_site_to_watch_2013.png" /></a></div>
Welcome to AIX for System Administrator!<br />
<br />
<br />
<div style="text-align: justify;">
This blog is intended for anyone who is working with AIX and encountered problems and looking for fast solutions or just want to study about AIX. This is not a usual blog, it is not updated every day. I tried to organize AIX related subjects into several topics, and when I find new info/solutions/interesting stuff I will add it to its topic. You can read here about many things of the world of AIX. (NIM, Storage, Network, VIO, PowerHA, HMC, Performance Tuning...) </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The structure of each subject is very similar. First I try to give a general overview about a topic with the most important terms and definitions. This is followed by some important/useful commands, what are probably needed for everyday work. At the end, there are some common situations with solutions which could come up during the daily work of an administrator.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I tried to keep it as simple as possible, so without any further instructions you should be able to navigate through this site very easily.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
All of these materials have been gathered by me through my experience, IBM Redbooks, forums and other internet sources. It means not all of them is written by me! If I find an interesting data and I think it is valuable, I publish it on this blog. (Basically this blog is my personal viewpoint about AIX related stuff, and it is not an official IBM site.) Most of the things have been tested successfully but it can occur that you encounter typos, missing steps and erroneous data (I cannot guarantee everything works perfectly), so please look and think before you act. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
As I noted above many things have been written by others and where it is possible I try to to list the sources, but to maintain the simple structure of this blog, I'll name persons, whose solutions, suggestions, ideas can be found many times on this blog (or his contribution was very valuable), here in one place.</div>
<br />
I would like to say <b>THANK YOU!</b> to<br />
<br />
<b>the writers of the IBM Redbooks</b> -- for many many information! (http://www.redbooks.ibm.com)<br />
<b>Nigel Griffiths</b> -- for performance and PowerVM related stuff (https://www.ibm.com/developerworks/mydeveloperworks/blogs/aixpert/?lang=en)<br />
<b>Chris Gibson -- </b>for NIM and other AIX related things (https://www.ibm.com/developerworks/mydeveloperworks/blogs/cgaix/?lang=en)<br />
<b>Waldemar Mark Duszyk</b> -- for many AIX hints (http://www.wmduszyk.com)<br />
<b>"Aixmind"</b> -- for many useful AIX solutions (http://www.aixmind.com) <br />
<b>Anthony English</b> --for good AIX descriptions (https://www.ibm.com/developerworks/mydeveloperworks/blogs/AIXDownUnder/?lang=en)<br />
<b>Rob McNelly</b> -- for many useful info in the field of AIX (http://ibmsystemsmag.blogs.com/aixchange)<br />
<b>Earl Jew</b> -- for performance instructions <br />
<b>Pat O'Rourke</b> -- for VUG sessions<br />
<b>Jakub Wojtysiak</b> -- for kdb tips<br />
<b>Neeraj Bhatia</b> -- for L2 cache and capacity info (http://neerajbhatia.wordpress.com)<br />
<b>Balazs Szokolai</b> -- for WWPN number change on NPIV adapers <br />
<b>Robert Waarde</b> -- for solving drop down menu issue in IE (http://nullmailer-install-daemonize.bitbucket.org)<br />
<b>Brian Smith</b> -- for VIO/HMC one liners (https://www.ibm.com/developerworks/community/blogs/brian/?lang=en)<br />
<b>Rajalakshmi Srinivasaraghavan</b> -- for time zone info (http://www.ibm.com/developerworks/aix/library/au-aix-posix/index.html)<br />
<b>Marcel Mages-Veidt</b> -- for many useful hints and descriptions <br />
<b>Tamer Gomaa</b> -- for hints and ideas regarding new server installations<br />
<b>Ondrej Plachy</b> -- for support on new server builds/TSM config/fcstat command details<br />
<b>Jonny</b> -- for Devops/Pupper/PowerVC helps (https://zeit-fuer-die-insel.blogspot.com/)<br />
<br />
...and many other forum contributors!<br />
<br />
I hope you will find this site helpful for your work! <br />
<br />
ML,<br />
Balazs <br />
<br />
P.S. #1: One additional note, which I am very proud of:<br />
<b>This site has been chosen to the top "100 Leading IT Sites to Watch in 2013". (<a href="http://technologyschools.org/information-technology/" target="_blank">http://<wbr></wbr>technologyschools.org/<wbr></wbr>information-technology/)</a></b><br />
<br />
P.S. #2: Another additional note, which I am even more proud of:<br />
<b>Contributions to IBM Power community has been acknowledged in 2016 by an award: IBM Champion.(<a href="http://www.ibm.com/developerworks/champion/">http://www.ibm.com/developerworks/champion/</a>)</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9D2vr5Oxg0Phql5vs5U9haRv9bTz1zcSQe8KUisXR38BKJ0csx5dWwungm4xNcp7t7yxVunC77sxXQgs9egseJp5BN_SqxI4buI-JR7VC63Kh2Mae67aFbRREqEilO-77U-c4F9BrY1Ih/s1600/xCqogvXBXgAA45cS.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="346" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh9D2vr5Oxg0Phql5vs5U9haRv9bTz1zcSQe8KUisXR38BKJ0csx5dWwungm4xNcp7t7yxVunC77sxXQgs9egseJp5BN_SqxI4buI-JR7VC63Kh2Mae67aFbRREqEilO-77U-c4F9BrY1Ih/s640/xCqogvXBXgAA45cS.jpg" width="640" /></a></div>
<br />
<br />
<br />
------------------------------<br />
<br />
http://aix4admins.blogspot.com<br />
aix4adm at gmail dot com<br />
<br />
------------------------------aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com123tag:blogger.com,1999:blog-5391325129965939458.post-38297187885683806332024-01-25T14:30:00.000+01:002024-01-25T15:09:18.017+01:00RPM - DNF<div style="text-align: left;"><b>DNF (Dandified YUM)</b></div><div><br /></div><div>DNF is the next version of YUM (YUM is a package manager for RPMs). </div><div>dnf roughly maintains CLI compatibility with yum and existing AIX Toolbox repositories created for yum are working good with dnf too, so no changes needed in repository side.</div><div><br /></div><div>yum is based on python2 and python2 is out of support, so there was a need to move to python3, dnf works with python3.</div><div><br /></div><div><b>AIX Toolbox News</b>: https://www.ibm.com/support/pages/node/6833478</div><div><b>DNF install</b>: https://community.ibm.com/community/user/power/blogs/sangamesh-mallayya1/2021/05/28/dnf-is-now-available-on-aix-toolbox</div><div><b>DNF config details</b>: https://developer.ibm.com/tutorials/awb-configuring-dnf-create-local-repos-ibm-aix/</div><div>Just in case if all rpm need to be removed: https://community.ibm.com/community/user/power/blogs/jan-harris1/2022/05/25/destroyrpms</div><div><br /></div><div>On AIX dnf uses the repository conf file: <b>/opt/freeware/etc/dnf/dnf.conf</b></div><div>[AIX_Toolbox]</div><div>name=AIX generic repository</div><div>baseurl= file:///export/rpms/AIX_Toolbox/</div><div>enabled=1</div><div><br /></div><div>...</div><div>...</div><div><br /></div><div>[AIX_Toolbox_73]</div><div>name=AIX 7.3 specific repository</div><div>baseurl= file:///export/rpms/AIX_Toolbox_73/</div><div>enabled=0</div><div><br /></div><div>[CUST_RPMS]</div><div>name=Customer specific RPMs</div><div>baseurl= file:///export/rpms/CUST_RPMS</div><div>enabled=1</div><div><br /></div><div><br /></div><div>By default dnf will cache data to the /var/cache/dnf directory, such as package and repository data. This speeds up dnf so that it doesn’t have to keep querying this information from the Internet.</div><div>There are times when you may want to delete this cached data, such as if a repository has updated packages but your system has incorrect or stale cached data which may cause various problems when attempting to install a package: dnf clean all</div><div><br /></div><div><br /></div><div>The dnf cache will be automatically built up over time when you perform various dnf queries such as installing or updating packages, however we have the option to manually make the cache so that future actions will be quicker with the ‘makecache’ argument: dnf makecache</div><div><br /></div><div>-------------------------------------</div><div><br /></div><div><b>DNF options</b></div><div><br /></div><div>Special options can be used with the dnf commands, for example: dnf install httpd --verbose</div><div><br /></div><div>some dnf options:</div><div><b>--cacheonly</b> <--run from system cache, don’t update the cache and use it even it is expired. (DNF uses a separate cache for each user, the root user cache is the system cache. )</div><div><b>--disablerepo / enablerepo=<repoid></b> <--temporarily disable/enable active repositories for the purpose of the current dnf command.</div><div><b>--downloadonly</b> <--download without performing any rpm transaction (install/upgrade/erase).</div><div><b>--downloaddir / destdir=<path></b> <-- download packages to this dir (it has to be used with --downloadonly, the download, modulesync, reposync or system-upgrade commands (dnf-plugins-core).</div><div><b>--exclude=<package-file-spec></b> <--exclude packages specified by <package-file-spec> from the operation.</div><div><b>--nogpgcheck</b> <--skip checking GPG signatures on packages (if RPM policy allows).</div><div><b>--refresh</b> <--set metadata (cache) as expired before running the command.</div><div><b>--repo / repoid=<repoid></b> <--enable just specific repositories by an id or a glob.</div><div><b>--showduplicates</b> <--show duplicate packages in repositories. Applicable for the list and search commands.</div><div><b>--verbose</b> <--Verbose operation, show debug messages.</div><div><b>--version</b> <--Show DNF version and exit. (-v can be used aswell)</div><div><b>--assumeyes</b> <--Automatically answer yes for all questions. (-y can be used as well)</div><div><b>--setopt=<parameter=value></b> <--override the configuration file (for example: --setopt=sslverify=false)</div><div><br /></div><div>-------------------------------------</div><div><br /></div><div><b>DNF Plugins</b></div><div><br /></div><div>The core DNF functionality can be extended with plugins. </div><div>There are officially supported Core DNF plugins and also third-party Extras DNF Plugins.</div><div><br /></div><div><b>dnf-plugins-core</b> can be installed on Linux to have Core DNF plugins: download, repomange, reposync...</div><div><b>dnf download ...</b> <--download binary (rpm) or source packages without installing it (!!! this is missing on AIX)</div><div><b>dnf repomanage ...</b> <--repomanage prints newest or older packages in a repository specified by <path> for easy piping to xargs or similar programs.</div><div><b>dnf repodiff ...</b> <--list of differences between two or more repositories</div><div><b>dnf reposync ...</b> <--makes local copies of remote repos (sync a remote repo to a local dir, packages that are already present locally are not downloaded again)</div><div><br /></div><div><br /></div><div>On AIX most of plugins are in dnf-utils. dnf-plugins-core on AIX is not a real rpm, it creates dependencies for example to this: python3.9-dnf-plugins-core-4.0.16-32_52.aix7.2.ppc.rpm, which contains python files of repodiff, reposync...</div><div><br /></div><div><br /></div><div><b>#</b> <b>dnf repoquery -l dnf-utils</b></div><div>...</div><div>/opt/freeware/bin/repodiff</div><div>/opt/freeware/bin/repomanage</div><div>/opt/freeware/bin/repoquery</div><div>/opt/freeware/bin/reposync</div><div>/opt/freeware/libexec/dnf-utils</div><div><br /></div><div><br /></div><div>!!! createrepo command comes from the separate createrepo_c package not as dnf plugin (it is not in dnf-utils)</div><div><br /></div><div><br /></div><div>======================================================</div><div><br /></div><div><b>/opt/freeware/etc/dnf/dnf.conf</b> <--main dnf configuration file (dnf commands by default use this file)</div><div><br /></div><div><b>dnf repolist </b> <--list repositories</div><div><b>dnf search bash*</b> <--list packgages starting with bash... in the repo</div><div><b>dnf list bash*</b> <--list packgages starting with bash... which are installed + in the repo</div><div><br /></div><div><b>dnf list installed</b> <--list installed packages (a package is installed if it is in RPMDB, same as rpm -qa)</div><div><b>dnf list installed x*</b> <--list installed packages starting with "x"</div><div><br /></div><div><b>dnf list available</b> <--list pacckages that are available to install (a package is available if it is not installed but present in a repo)</div><div><b>dnf list upgrades</b> <--list updates available for installed packages ("update", "updates" are depreciated)</div><div><b>dnf check-upgrade </b> <--same as above</div><div><br /></div><div>Officially "installed", "available"... actions should have 2 dash (--) in front, like --installed, --available...</div><div>A dnf list command should look like: dnf [options] list --installed (e.g.: dnf --config=/tmp/dnf.conf.remote list --upgrades)</div><div>By default "dnf list" uses the "--all" option, which list all packages present in rpmdb, in a repo or both (installed + available = full repo content)</div><div><br /></div><div><b>dnf install <package></b> <--install a package + dependencies (more packages: dnf install package1 package2 …)</div><div><b>dnf install <package> -y</b> <--install a package without asking anything before install (assumes yes)</div><div><b>dnf install <package> -v</b> <--install with verbose output</div><div><b>dnf install <package_name>-<version_info></b> <--install a specific version (like: dnf install gcc-6.3.0-1)</div><div><b>dnf localinstall </path/to/package></b> <--install a package from local path instead of a repository</div><div><b>dnf install httpd-1.4.rpm</b> <--install a local rpm file with dnf</div><div><b>dnf reinstall httpd</b> <--if a package has a problem it can be reinstalled</div><div><br /></div><div><b>dnf remove <package></b> <--remove a package</div><div><br /></div><div><b>dnf upgrade</b> <--upgrade all possible installed packages ("update" is depreciated)</div><div><b>dnf upgrade <package></b> <--upgrde a package (with its dependencies if needed) </div><div><b>dnf upgrade -x httpd</b> <--exclude httpd packeage from the update</div><div><b>dnf downgrade <package></b> <--downgrade a package</div><div><br /></div><div><b>dnf history</b> <--lists history of yum actions (same as yum history list all)</div><div><b>dnf history info <transaction_ID></b> <--gives details about the specified history transaction id</div><div><b>dnf history undo <transaction_ID></b> <--roll backs the given tranaction id</div><div><br /></div><div><b>dnf info bash</b> <--show infow about specific package</div><div><b>dnf provides /opt/freeware/bin/bash</b> <--list the package which provides that file (command) ("dnf repoquery --file..." or "rpm -qf ..." show some info as well)</div><div><b>dnf repoquery -l bash</b> <--list files in a package (--list or "rpm -ql bash" is the same if it is already installed)</div><div><br /></div><div><b>dnf makecache</b> <--download and caches metadata for repositories</div><div><b>dnf makecache --refresh</b></div><div><b>dnf clean all</b> <--cleans up cache</div><div><br /></div><div><br /></div><div><b>dnf --config /tmp/dnf.conf check-upgrade</b> <--list for available updates for our installed packages (it will not do the update)</div><div><b>dnf --disablerepo="*" --enablerepo="epel" list available</b> <--lists packages only in a specific repo (use output of "yum repolist" )</div><div><b>dnf --disablerepo=* --enablerepo=LIVE* list Centrify*</b> <--lists installed and available packages from LIVE* repos</div><div><br /></div><div><br /></div><div><b><u>Plugins:</u></b></div><div><br /></div><div><b>createrepo --checksum sha --update /etc/repo</b> <--update repo after a new package is copied there (dnf createrepo ... should work as well)</div><div><b>createrepo --quiet --update --skip-stat /export/rpms/AIX_Toolbox_72</b></div><div>--quiet <--run quietly</div><div>--update <--if metadata exists and rpm is unchanged (based on file size and mtime) then reuse the existing metadata rather then recalculating it</div><div>--skip-stat <--skip stat() function call on files using --update (assumes if the file name is the same the the file is still the same)</div><div><br /></div><div><br /></div><div><b>dnf download httpd</b> <--!!NOT on AIX!!! download the rpm without installing it (download plugin can be installed: dnf install dnf-plugins-core)</div><div><b>dnf repomanage --old /export/rpms/AIX_Toolbox</b> <--list older packages</div><div><b>dnf repomanage --new /export/rpms/AIX_Toolbox</b> <--list newest packages</div><div><br /></div><div>download (sync) a repo locally from a conf file (this conf file contains the ibm repo address):</div><div><b>dnf reposync --newest-only --downloadcomps --download-metadata --download-path=/export/rpms --config=/tmp/dnf.ibm.conf --repoid=AIX_Toolbox_72 --arch=ppc</b></div><div><br /></div><div>same as above just --urls will not download anything it will just show the urls for the packages:</div><div><b>dnf reposync --newest-only --downloadcomps --download-metadata --download-path=/home/tmp/dnf --config=/tmp/dnf.ibm.conf --repoid=AIX_Toolbox --arch=ppc --urls</b></div><div><br /></div><div>dnf reposync \ </div><div>--newest-only \ <--download only newest packages per repo</div><div>--downloadcomps \ <--download and uncompress comps.xml. Consider using --download-metadata which downloads all available repo metadata</div><div>--download-metadata \ <--download repository metadata. Downloaded copy is instantly usable as a repository, no need to run createrepo_c on it</div><div>--download-path=/export/rpms/ \ <--path under which the downloaded repositories are stored</div><div>--config=/opt/freeware/etc/dnf/dnf.conf.remote \ <--config file to use</div><div>--repoid=AIX_Toolbox_72 <--which repo to synchronize</div><div>--arch=ppc <--download packages of given architectures</div><div><br /></div><div><br /></div><div>repodiff</div><div><b>dnf repodiff --repofrompath=o,file:///export/rpms/AIX_Toolbox/ --repofrompath=n,https://public.dhe.ibm.com/aix/aixtoolbox/RPMS/ppc/ --repo-old=o --repo-new=n</b></div><div><br /></div><div>repodiff without ssl verification:</div><div><b>dnf repodiff --setopt=sslverify=false --repofrompath=o,file:///export/rpms/AIX_Toolbox/ --repofrompath=n,https://public.dhe.ibm.com/aix/aixtoolbox/RPMS/ppc/ --repo-old=o --repo-new=n</b></div><div><br /></div>aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0tag:blogger.com,1999:blog-5391325129965939458.post-72990681501978700982023-04-05T22:57:00.006+02:002024-03-14T14:52:28.501+01:00iSCSI (NetApp)<div style="text-align: left;"><div style="text-align: justify;"><b>iSCSI</b></div><div style="text-align: justify;"><br /></div></div><div style="text-align: left;"><div style="text-align: justify;">iSCSI (Internet SCSI) provides access to storage devices by carrying SCSI commands over a TCP/IP network. iSCSI was developed by IBM and Cisco in 1998 and submitted as a draft standard in March 2000.</div><div style="text-align: justify;"><br /></div></div><div style="text-align: left;"><div style="text-align: justify;">NetApp is one of the leader company in storage hardware industry. In the early 1990s, NetApps's storage systems offered NFS and SMB protocols (based on TCP/IP) and in 2002 NetApp added Fibre Channel (FC) and iSCSI protocols. iSCSI protocol is configured to use TCP port number 3260.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">The iSCSI protocol allows clients (called initiators) to send SCSI commands to storage devices (targets) on remote servers. It competes with Fibre Channel, but unlike Fibre Channel which usually requires dedicated cabling, iSCSI can be run over long distances using existing network infrastructure.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><u>Differences between iSCSI, NAS and SAN</u></div><div style="text-align: justify;">NAS and iSCSI are both using TCP/IP (LAN), but the protocols are different. NAS is using NFS and CIFS/SMB, but iSCSI is using a variant of the SCSI protocol, so iSCSI has a close relationship with SAN. Actually, only the transmission medium is different, because for SAN, the SCSI protocol is packaged in Fibre Channel, for iSCSI it is packaged in TCP/IP. In both cases, blocks are transferred, iSCSI is therefore not file-based (like NAS), but a block-based transmission, (so we will see hdisk devices in AIX). (Many NAS systems can offer file-based services such as SMB/CIFS and NFS, but also can offer block-based iSCSI.)</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">--------------------------------------------</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><b><u>Initiator / Target / IQN</u></b></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">To transport SCSI commands over the IP network, an iSCSI driver must be installed, which creates the initiator (the iscsi0 device). In AIX 7.2TL3, MPIO (Multipathing) support for iSCSI software initiator is introduced.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">iSCSI targets are devices that respond to iSCSI commands. An iSCSI device can be a storage device, or it can be an intermediate device such as a bridge between IP and Fibre Channel devices. </div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">iSCSI Initiator <--client (LUNs are mapped here), connected to a storage device (via Net. Switch), sends SCSI commands to SCSI target</div><div style="text-align: justify;">iSCSI Target <--server (storage system), responds to iSCSI commands and exports local volumes (LUNs) to the initiator node.</div><div style="text-align: justify;"><br /></div><div style="text-align: justify;">Each initiator and target has a unique iSCSI name: iSCSI qualified name (IQN). AnIQN represents a worldwide unique name for each initiator or target in the same way that worldwide node names (WWNNs) are used to identify devices in a Fibre Channel fabric. IQN has a reversed hostname format like: iqn.2018-06.com.ibm.stglabs.aus.p9fwc-iscsi2.hostid.2</div><div style="text-align: justify;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBvixJRAdvBQHatMYLq2599x-DcWNIn28tk5ONDOrpbd0REkoB7LmmtAl1eySE1CW172nTxxmH-hrTsFw1aSe0x2GYzHzoYG-jtvpixbTUPuV9ZO9Eu0RW8ru0WO28V17Iz5aXRJmDGgGkPOreQMOJqffMBZn4_DFak_qqEHPG9xjd3EuUG-DSdxUw6Q/s960/iscsi1.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="316" data-original-width="960" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgBvixJRAdvBQHatMYLq2599x-DcWNIn28tk5ONDOrpbd0REkoB7LmmtAl1eySE1CW172nTxxmH-hrTsFw1aSe0x2GYzHzoYG-jtvpixbTUPuV9ZO9Eu0RW8ru0WO28V17Iz5aXRJmDGgGkPOreQMOJqffMBZn4_DFak_qqEHPG9xjd3EuUG-DSdxUw6Q/s16000/iscsi1.JPG" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><div><u>Some notes:</u></div><div><br /></div><div>Performance considerations:</div><div><a href="https://www.ibm.com/docs/en/aix/7.2?topic=considerations-iscsi-performance">https://www.ibm.com/docs/en/aix/7.2?topic=considerations-iscsi-performance</a></div><div><br /></div><div>VG Considerations:</div><div><a href="https://www.ibm.com/docs/en/aix/7.2?topic=target-iscsi-software-initiator-considerations">https://www.ibm.com/docs/en/aix/7.2?topic=target-iscsi-software-initiator-considerations</a></div><div>Configure volume groups on iSCSI devices, to be in an inactive state after reboot and manually activate the iSCSI-backed volume groups.Volume groups are activated during a different boot phase than the iSCSI software driver, for this reason, it is not possible to activate iSCSI volume groups during the boot process.</div><div><br /></div><div><br /></div><div>-----------------------------------------------</div><div><br /></div><div><b>sanlun lun show</b> short overview about the Netapp LUNs (sanlun command comes with Netapp Utility package)</div><div><b>sanlun lun show -v </b> detailed overview about the Netapp LUNs</div><div><b>sanlun lun show -d hdisk81 -v</b> detailed overview about 1 LUN</div><div><b>sanlun lun show -p</b> shows multipathing info</div><div><br /></div><div><b>lsmpio -l hdisk81</b> shows path details (shows which path using which Controller IP)</div><div><b>lsmpio -ql hdisk81</b> it is a very good command to check if LUN is really there or not !!!!!!!!!!!!</div><div> (it does not use ODM, it makes a real IO operation to reach the LUN and get some details) </div><div><b>lsmpio -Sl hdisk81</b> shows statistics (Adapter/SCSI errors....)</div><div><br /></div><div><b>lsattr -El iscsi0 </b> show settings of iscsi0</div><div><b>lsdev -p iscsi0</b> show LUNs of iscsi0 </div><div><br /></div><div><b>lsiscsi </b> show target ip, iqn, port</div><div><b>iscsi_st -f -i 10.10.128.15</b> show target IQN info and tcp ports (IP is the target IP)</div><div><br /></div><div><b>netstat -an | grep 3260 </b> shows which IP is used locally and to which IP it is connected remote (target)</div><div><b>tcpdump -i en1 host 10.10.128.15</b> check if iscsi packates appear in output (IP is the target IP)</div><div><br /></div><div>on VIOS check paths for all LUNs which are used as vsscsi devices:</div><div><b>for i in `/usr/ios/cli/ioscli lsmap -all | grep hdisk | awk '{ print $3 }'`; do lsmpio -l $i; done</b> </div><div><b><br /></b></div><div>lspath check of a LUN (use the whole "connection" column for the below command):</div><div><b>lspath -l hdisk81 -HF "name path_id parent connection path_status status" </b> </div><div><b><br /></b></div><div>more info about the path:</div><div><b>lspath -AHE -l hdisk81 -p iscsi0 -w "iqn.1782-08.com.netapp:sn.e1787cbba71411eab2b6d939eb1588a7:vs.29,10.10.128.15,0xcbb,0x50000000000000"</b> </div><div><b><br /></b></div><div>for enabling failed paths:</div><div><b>lspath | grep -v Ena | awk '{print "chpath -s enable -l " $2 " -p " $3 }'</b> </div><div><br /></div><div>-----------------------------------------------</div><div><br /></div><div><b><u>iSCSI related filesets on AIX (with Netapp Storage):</u></b></div><div><br /></div><div><b># lslpp -l | grep -i iscsi</b></div><div> NetApp.MPIO_Host_Utilities_Kit.iscsi Kit iSCSI Disk ODM Stanzas</div><div> devices.common.IBM.iscsi.rte 7.2.5.200 APPLIED Common iSCSI Files</div><div> devices.iscsi.disk.rte 7.2.5.0 APPLIED iSCSI Disk Software</div><div> devices.iscsi.tape.rte 7.2.0.0 COMMITTED iSCSI Tape Software </div><div> devices.iscsi_sw.rte 7.2.5.200 APPLIED iSCSI Software Device Driver</div><div> devices.pci.14102203.diag 7.2.0.0 COMMITTED IBM 1 Gigabit-TX iSCSI TOE</div><div> devices.pci.14102203.rte 7.2.0.0 COMMITTED IBM 1 Gigabit-TX iSCSI TOE</div><div> devices.pci.1410cf02.diag 7.2.0.0 COMMITTED 1000 Base-SX PCI-X iSCSI TOE</div><div> devices.pci.1410cf02.rte 7.2.0.0 COMMITTED 1000 Base-SX PCI-X iSCSI TOE</div><div> devices.pci.1410d002.diag 7.2.4.0 COMMITTED 1000 Base-TX PCI-X iSCSI TOE</div><div> devices.pci.1410d002.rte 7.2.0.0 COMMITTED 1000 Base-TX PCI-X iSCSI TOE</div><div> devices.pci.1410e202.diag 7.2.0.0 COMMITTED IBM 1 Gigabit-SX iSCSI TOE</div><div> devices.pci.1410e202.rte 7.2.0.0 COMMITTED IBM 1 Gigabit-SX iSCSI TOE</div><div> devices.pci.77102e01.diag 7.2.0.0 COMMITTED 1000 Base-TX PCI-X iSCSI TOE</div><div> devices.pci.77102e01.rte 7.2.0.0 COMMITTED PCI-X 1000 Base-TX iSCSI TOE</div><div><br /></div><div>-----------------------------------------------</div><div><br /></div><div><b><u>iSCSI configuration</u></b></div><div>(there are 2 types of dicovery methods: file based or odm based. I used odm based below, for file based add the iscsi target info in ‘/etc/iscsi/targets’ file)</div><div><br /></div><div>0. for MPIO (at least) 2 IPs should be configured in different subnets (these are our paths and 2 additional IPs are needed from Storage Team at Storage side too)</div><div><br /></div><div>1. check iscsi drivers and ping target (by default port 3260 is used,not blocked by firewall)</div><div><b># lslpp -l | grep -i iscsi ; ping <target></b> </div><div><b><br /></b></div><div>2. set iqn for iscsi0, lsattr -El iscsi0 will show this value (storage team can give the initiator details)</div><div><b># chdev -l iscsi0 -a initiator_name=iqn.2018-06.com.ibm.my_host1:0ab116bb </b> </div><div><b><br /></b></div><div>3. check discovery policy, I used odm (if needs to be changed: chdev -a disc_policy=odm -l iscsi0)</div><div><b># lsattr -El iscsi0 | grep disc_policy</b> </div><div><b><br /></b></div><div>4. mkiscsi commands will<b> </b>add iSCSI target data to ODM, for each path needs an mkiscsi command </div><div><b># mkiscsi -l iscsi0 -g static -t iqn.1986-03.com.ibm:2145.d59-v7k2.node1 -n 3260 -i 10.10.10.10</b></div><div><b># mkiscsi -l iscsi0 -g static -t iqn.1986-03.com.ibm:2145.d59-v7k2.node2 -n 3260 -i 10.10.20.10</b></div><div>(the details should be given by storage team, -i iSCSI target IP -t iSCSI target name)</div><div><b><br /></b></div><div>5. discover disks</div><div><b>cfgmgr -vl iscsi0 </b></div><div><br /></div><div>-----------------------------------------------</div><div><br /></div><div><b><u>Netapp recommendations for iSCSI LUNs</u></b></div><div><br /></div><div><a href="https://docs.netapp.com/us-en/ontap-sanhost/hu_aix_72.html#installing-the-aixvios-host-utilities">https://docs.netapp.com/us-en/ontap-sanhost/hu_aix_72.html#installing-the-aixvios-host-utilities</a></div><div><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimlU5r_-xeLzvmTR6ZuArD-QAwaQWuQfIFCGQzxMFh_PH_TzjB3mcuW1OYXyOg_u1t2PTdGXd-d-YpmTTH4zI52Lpp3V9SWjRYKDRoHMoU1HeNnulmC6wFSE9PjVDIUNmZeWVYH9JtgUcdpAV4fOD8fkYRCXVzmfVrPQ7GEclgJG0IOMHSTNIQ3_doTA/s588/iscsi1.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="571" data-original-width="588" height="622" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimlU5r_-xeLzvmTR6ZuArD-QAwaQWuQfIFCGQzxMFh_PH_TzjB3mcuW1OYXyOg_u1t2PTdGXd-d-YpmTTH4zI52Lpp3V9SWjRYKDRoHMoU1HeNnulmC6wFSE9PjVDIUNmZeWVYH9JtgUcdpAV4fOD8fkYRCXVzmfVrPQ7GEclgJG0IOMHSTNIQ3_doTA/w640-h622/iscsi1.JPG" width="640" /></a></div><br /><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><div>-----------------------------------------------</div><div><br /></div><div><b><u>Reset interface:</u></b></div><div><br /></div><div><u>If there are problems, resetting the interface used for iscsi may help:</u></div><div>ifconfig en0 down</div><div>rmdev -l en0</div><div>cfgmgr</div><div><br /></div><div><u>For info:</u></div><div>Once we had many disk/io/path errors in errpt, which came hourly/daily and we checked with storage team and they did not find any erros, we did reset but it also did not help.</div><div>We asked Network team, and they saw CRC errors on Network switch port, and changing cable/SFP at their side helped.</div><div><br /></div><div><br /></div><div>-----------------------------------------------</div><div><br /></div></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><br /></div><div style="text-align: justify;"><br /></div></div><div style="text-align: justify;"><br /></div>aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0tag:blogger.com,1999:blog-5391325129965939458.post-59339368121524283872020-06-03T16:00:00.001+02:002022-04-05T14:13:10.260+02:00PERF. - fcstat<br />
<b><u>fcstat</u></b><br />
<br />
The fcstat command reports statistics directly from the FC adapter firmware and the FC driver. Protocols such as TCP/IP are designed to tolerate packet loss and out-of-order packets with minimal disruption, but the FC protocol is in-tolerant of missing, damaged or out-of-order frames and is incapable of re-transmitting a single missing frame.<br />
<br />
This moves error recovery into the SCSI layer and can result in waiting for commands to timeout. In some cases an error frame is not detected by either the target or the initiator, so it just waits for completion until 30 or 60 seconds to timeout. These are often the result of a physical layer problems such as a damaged fibre channel cable, faulty or degraded laser in SFP’s (in a storage controller, switch or host) or perhaps a failing a ASIC in a switch or a slow draining device causing frames to be discarded. Regardless of the cause, identifying and resolving fibre channel transport related problems are necessary before any I/O performance tuning is attempted.<br />
<br />
It is also important to ensure the SCSI layer does not overwhelm the Target Ports or LUNs with excessive I/O requests. Increasing num_cmd_elems may result in driving more I/O to a storage device resulting in even worse I/O service times. (errpt, and iostat can help uncover some of these problems.) However acceptable I/O service time can differ. For example, some shops demand less than 2 ms service times where others may tolerate 11 ms. The disk technology affects expected I/O service time, as does the availability of write and/or read cache.<br />
<br />
If queuing in the disk driver is occurring, (iostat shows non-zero value in qfull) this should be resolved first like increasing queue_depth, or adding additional storage resources (if io service times are too high). After ensuring there are no fibre channel physical layer problems, average I/O response times are in good range (not exceeding 15 ms) and there is no queuing (qfull) in the disk driver, then we can tune the adapter.<br />
<br />
-----------------------------------<br />
<br />
In normal way fcstat resets statistics when server is rebooted or the fcs device is reconfigured. fcstat -Z fcsX can be useful for daily monitoring because it resets statistics.<br />
<br />
<b>fcstat fcsX</b> shows fc adapter statistics<br />
<b>fcstat -D fcsX</b> shows additional fcs related details<br />
<b>fcstat -e fcsX</b> shows all stats, which includes the device-specific statistics (driver statistics, link statistics, and FC4 types)<br />
<b>fcststat -Z fcsx</b> resets statistics<br />
<br />
-----------------------------------<br />
<br />
root@aix1:/ # <b>fcstat fcs0</b><br />
FIBRE CHANNEL STATISTICS REPORT: fcs0<br />
Device Type: 8Gb PCI Express Dual Port FC Adapter (df1000f114108a03)<br />
(adapter/pciex/df1000f114108a0)<br />
Serial Number: 1C041083F7<br />
Option ROM Version: 02781174<br />
ZA: U2D1.11X4 <--firmware version<br />
World Wide Node Name: 0x20000000C9A8C4A6 <--adapter WWN<br />
World Wide Port Name: 0x10000000C9A8C4A6 <--adapter WWPN<br />
FC-4 TYPES:<br />
Supported: 0x00000120000000000000000000000000000000000000<br />
Active: 0x00000100000000000000000000000000000000000000<br />
Class of Service: 3<br />
Port Speed (supported): 8 GBIT <--8Gb adapter<br />
Port Speed (running): 8 GBIT <--running at 8Gb<br />
Port FC ID: 0x6df640 <--adapter FC ID (first 2 digits after x will show switch id, here 6d)<br />
Port Type: Fabric <--connected in Fabric<br />
Attention Type: Link Up <--link status<br />
<br />
Seconds Since Last Reset: 270300 <--adapter is collecting stats since this amount seconds<br />
<br />
Transmit Statistics Receive Statistics<br />
------------------- ------------------<br />
Frames: 2503792149 704083655<br />
Words: 104864195328 437384431872<br />
<br />
LIP Count: 0<br />
NOS Count: 0<br />
<b>Error Frames: 0</b> <--affects io when frames are damaged or discarded<br />
<b>Dumped Frames: 0 </b> <--affects io when frames are damaged or discarded<br />
Link Failure Count: 0<br />
Loss of Sync Count: 8<br />
Loss of Signal: 0<br />
Primitive Seq Protocol Error Count: 0<br />
<b>Invalid Tx Word Count: 31 </b> <--fast increase may result in buffer to buffer credit problems, damaged FC frames, discards<br />
<b>Invalid CRC Count: 0 </b> <--affects io when frames are damaged or discarded <br />
<br />
...<br />
Elastic buffer overrun count: 0 <--may occur with link failures<br />
<br />
IP over FC Adapter Driver Information<br />
No DMA Resource Count: 3207<br />
No Adapter Elements Count: 126345<br />
<br />
FC SCSI Adapter Driver Information<br />
<b>No DMA Resource Count: 3207 </b> <--IOs queued at the adapter due to lack of DMA resources (increase max_xfer_size)<br />
<b>No Adapter Elements Count: 126345</b> <--IO was temporarily blocked/queued (increase num_cmd_elems)<br />
<b>No Command Resource Count: 133</b> <--there was no free cmd_elems (increase num_cmd_elems)<br />
<br />
IP over FC Traffic Statistics<br />
Input Requests: 0<br />
Output Requests: 0<br />
Control Requests: 0<br />
Input Bytes: 0<br />
Output Bytes: 0<br />
<br />
FC SCSI Traffic Statistics<br />
Input Requests: 6777091279<br />
Output Requests: 2337796<br />
Control Requests: 116362<br />
Input Bytes: 57919837230920<br />
Output Bytes: 39340971008<br />
<br />
Adapter Effective max transfer value: 0x100000 <--value set in the kernel regardless of ODM (must be equal or greater than hdisk max_coalesce)<br />
<br />
-----------------------------------<br />
<br />
<b>Port FC ID</b><br />
We can get some information about the switch in hexa. Here 0x6df640, which are six hexa digits:<br />
<b>1st 2 digits</b> after x: domain id of the SAN switch, we can call it "switch id" (here 6d)<br />
<b>2nd 2 digits</b> after x: port ID (but could be some virtualized interpretation as well, here f6),<br />
<b>3rd 2 digits</b> after x: loop id if in loop mode (00)<br />
<br />
Checking "switch id", will show if ports of an FC adapter are connected to different fabrics (switches) or not. Keep in mind, that there may be more switches in a Fabric, so multiple "switch ids" are not guarantee for multiple Fabrics.<br />
<br />
If we check a 4-port adapter, and if the first 2 hexa digits are the same, we can say that we are connected to the same switch.<br />
fcs0: Port FC ID: 0xd1e6c0 <--Fabric 1 (switch id: d1)<br />
fcs1: Port FC ID: 0xd1e7c0 <--Fabric 1 (switch id: d1)<br />
fcs2: Port FC ID: 0x6de6c0 <--Fabric 2 (switch id: 6d)<br />
fcs3: Port FC ID: 0x6de7c0 <--Fabric 2 (switch id: 6d)<br />
<br />
<br />
<b>Error frames, Dumped frames, Invalid CRC count:</b><br />
These may be the result of a physical transport layer problem which may result in damaged fiber channel frames as they arrive at the adapter. These are usually not incrementing on frames being transmitted but rather frames received.<br />
<br />
For each CRC errors, AIX will log an errpt entry indicating a damaged frame. CRC errors can occur anywhere in the fabric and are usually related to a bad sfp or bad FC cable. These errors will affect I/O processing for a single read or write operation but the driver will retry these. These are the most difficult to troubleshoot.<br />
<br />
<br />
<b>Link Failure Count, Loss of Sync Count, Loss of Signal:</b><br />
It indicates the health of the physical link between the switch and the host HBA. If these error counters increase daily we generally suspect a problem with an sfp or FC cable between the switch and the FC HBA. These can affect I/O processing on the host.<br />
<br />
<br />
<b>Invalid Tx Word Count:</b><br />
These are incremented when the HBA receives damaged words from the switch. In many cases this will not affect I/O processing but is an early indication of a problem. On certain switch models this may be due to an improper port fill word setting. If not, this may indicate a bad sfp or cable between the HBA and the switch. This error counter is only relevant for communications at the physical layer / Tx / Rx between the switch and the HBA.<br />
<br />
<br />
<b>Elastic buffer overrun count:</b><br />
This counter could increment due to Link Failure Count, Loss of Sync Count, Loss of Signal, Invalid Tx Word Count or old unsupported host HBA adapter firmware levels.<br />
<br />
-----------------------------------<br />
<br />
<b>No DMA Resource Count:</b><br />
It means additional I/O DMA memory is needed to initiate (larger) I/O’s from the adapter. When the adapter driver is unable to initiate an I/O request due to no free DMA resource, the "No DMA Resource" counter is incremented and the I/O request waits. Increasing max_xfer_size can help in this situation.<br />
<br />
<b>No Adapter Elements Count:</b><br />
number of times since boot, an IO was temporarily blocked due to an inadequate num_cmd_elems. If it shows non-zero values increaseing num_cmd_elems can help.<br />
<br />
<b>No Command Resource Count:</b><br />
When the adapter driver is unable to initiate an I/O request due to no free cmd_elems (num_cmd_elems), the "No Command Resource" counter is incremented and the I/O request waits for adapter buffer resources (checking for free command elements for the adapter). Resources will be available when a currently running I/O request is completed. Increasing num_cmd_elems can help to avoid this situation.<br />
<br />
If the "No Command Resource Count" and/or the "No DMA Resource Count" continues to increment, (and the max_xfer_size and num_cmd_elems are set to maximum values), then the adapter I/O workload capability has been exceeded. In this case I/O load should be reduced by moving load to additional resources, like adding additional FC adapters and balancing the I/O work load. Another workaround would be to reduce the num_cmd_elems.<br />
<br />
-----------------------------------<br />
<br />
<b>fcstat -D fcsX can display additional info:</b><br />
(Values preceded by a 0x are in hex. All values below are reported in hex, not decimal.)<br />
<br />
Driver Statistics:<br />
Number of interrupts: 76534<br />
Number of spurious interrupts: 0<br />
Long term DMA pool size: 0x800000<br />
I/O DMA pool size: 0x1000000 <--currently active I/O DMA pool size in the driver<br />
<br />
FC SCSI Adapter Driver Queue Statistics <--adapter driver<br />
Number of active commands: 0<br />
High water mark of active commands: 11<br />
Number of pending commands: 0<br />
High water mark of pending commands: 1<br />
Number of commands in the Adapter Driver Held off queue: 0<br />
High water mark of number of commands in the Adapter Driver Held off queue: 0<br />
<br />
FC SCSI Protocol Driver Queue Statistics <--protocol driver<br />
Number of active commands: 0<br />
High water mark of active commands: 11<br />
Number of pending commands: 4<br />
High water mark of pending commands: 5<br />
<br />
<br />
<b>Number of active commands:</b><br />
Represents the I/O workload”. Active commands are commands that have left the adapter driver and have been handed off to the adapter hardware for transport to the end device. These commands have not received a completion status and are considered active.<br />
<br />
<b>High watermark of active commands:</b><br />
The "high water mark of active commands" represents the peak (highest) number of active commands. If I/O service times are low and if the high water mark of active commands is around the num_cmd_elems then increasing the num_cmd_elems may improve I/O performance. In certain error recovery scnerios the "high water mark of active commands" could increase up to the num_cmd_elems limit. When tuning, clear these counters and monitor them for few days, that there are no errors.<br />
<br />
<b>High watermark of pending commands:</b><br />
The "high water mark of pending commands" represents the peak (highest) number of pending commands. (These are pending because the number of active commands reached the num_cmd_limits and the additional commands above that limit are pending.)<br />
<br />
If high water mark for active + pending is near to or is exceeding the num_cmd_elems, we recommend increasing num_cmd_elems to cover this water mark to improve the IO performance. Rule to follow: num_cmd_elems > (High water mark for active commands + High water mark for pending commands)<br />
<br />
The increase for num_cmd_elems is always recommended to be done gradually until 'No Command Resource Count' counter stops increasing.<br />
<br />
If with large sequenial IOs (like backups), there are high avg read and write service timees and number of active/peak commands are also high (but there are no physical layer problems, no queuing in the adapter and disk) then the storage server is unable to service these I/O requests in a timely manner or the I/O load is greater than the LUN / storage controller capability (like handling within a ~15ms window). Solution could be adding additional storage resources, like distributing the I/O work load to additional LUNs and/or storage controllers<br />
<br />
-----------------------------------<br />
<br />
Link to some IBM desctiptions: https://www.ibm.com/support/pages/node/6198385<br />
<br />
-----------------------------------<br />
<br />
<b>Adabter busy %</b><br />
<br />
There are no busy% for adapters in AIX. They are derived from the disk stats. The adapter busy% is simply the sum of the disk busy%.<br />
So if the adapter busy% is, for example, 350% then you have 3.5 disks busy on that adapter. Or it could be 7 disks at 50% busy or 14 disks at 25% or ....<br />
<br />
There is no way to determine the adapter busy and in fact it is not clear what it would really mean. The adapter has a dedicated on-board CPU that is always busy (probably no real OS) and we don't run nmon of these adapter CPUs to find out what they are really doing.<br />
<br />
-----------------------------------<br />
<div>
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0tag:blogger.com,1999:blog-5391325129965939458.post-37268462569887329802020-05-02T16:18:00.002+02:002022-04-05T14:12:43.718+02:00EXTRA - ORACLE TUNING<b><u>Oracle - Tuning</u></b><br />
<br />
<br />
<b><u>Resource Limits</u></b><br />
<br />
ulimits (smit chuser or edit /etc/security/limits to create a stanza for Oracle/grid user and set -1 (unlimited) for everything except core.<br />
<br />
oracle:<br />
data = -1<br />
stack = -1<br />
fsize_hard = -1<br />
cpu_hard = -1<br />
data_hard = -1<br />
stack_hard = -1<br />
fsize = -1<br />
nofiles = -1<br />
cpu = -1<br />
rss = -1<br />
<br />
Soft File Descriptors at least 1024 KB<br />
Hard File Descriptors at least 65536 KB<br />
<br />
maxuproc:m aximum number of PROCESSES allowed per user (smit chgsys). Set this value to 16386 (16k)<br />
ncargs: 128<br />
<br />
--------------------------------------<br />
<br />
<b><u>IO (FC adapter, disk)</u></b><br />
<br />
<u>FC adapter:</u><br />
max_xfer_size should be increased from default 1MB to 2MB. The default adapter DMA memory size is 16 MB which increases to 128 MB when a non default max_xfer_size is used. Larger DMA size can be important for performance with many concurrent large block I/Os.<br />
<br />
num_cmd_elems might need to be increased if fcstat -e reports a persistent nonzero value for No Command Resource Count. If fcstat –e reports a persistent, non-zero value for No DMA Resource Count contact support.<br />
<br />
<u>Disk:</u><br />
queue wait and queue overflow detected through iostat –Dl might indicate a need to increase queue depth. max_transfer might need to be adjusted upward depending on the largest I/O requested by Oracle (A typical starting point for Oracle on AIX is 0x100000 (1 MB).)<br />
<br />
As of AIX 5.3, the optimal setting for LTG size is dynamically calculated during the varyonvg process and does not need to be manually set. The varyonvg '-M'<br />
parameter should not be used as it will over-ride the dynamically calculated LTG size. It is recommended that all hdisks within a given VG have the same 'max_transfer' (and other attribute) values. In order to change hdisk attribute values, any associated filesystems should be unmounted and the VG varied off.<br />
<br />
<u>ASM considerations for standalone Oracle 11gR2:</u><br />
ASM will use asynchronous I/O by default, so filesystemio_options=ASYNC (default) is appropriate. For clustered ASM (e.g. RAC) configurations, SCSI reservation must be disabled on all ASM hdisk and hdiskpower devices (e.g. reserve_policy=no_reserve). The standalone use of ASM, hdisks and hdiskpower devices does not need to have SCSI reservation disabled.<br />
<br />
--------------------------------------<br />
<br />
<b><u>IO (VG, LV, FS)</u></b><br />
<br />
<br />
VG should be created as scalable VG. If ASM is not used, max interpolicy striping (pp spreading) is suggested when logical volumes are created. To get the most benefit from spreading physical partitions across the LUNs, use a small physical partition size, for example, 32 MB or 64 MB.<br />
<br />
<u>Buffered file I/O on JFS2</u><br />
The default filesystemio_options=ASYNC, which means all data spaces, redo log file systems, and control file systems are using the kernel buffers rather than writing directly to disk. In this case, it does not matter whether redo log file systems and control file systems are 512 b or 4 KB block size file systems. Oracle on AIX best performance is, however, usually achieved using CIO (though there are exceptions).<br />
<br />
<u>Concurrent I/O (CIO) on JFS2</u><br />
Set the Oracle parameter filesystemio_options=SETALL, or mount the filesystems with the CIO option. It is not necessary to both SETALL and mount filesystems with the CIO option, although no harm is done either way. Metalink note: 272520.1 indicate that mounting with CIO is needed, while IBM believes it is not needed. IBM is working with Oracle to fix the metalink note.<br />
<br />
If using CIO with SETALL, CIO mount or both, you must create separate file systems for redo logs and control files (or a single filesystem for both), with an agblksize of 512 rather than the default 4 KB. The ioo parameters aio_fsfastpath and posix_aio_fsfastpath accelerate CIO. It is enabled by default in AIX 6.1 and 7.1.<br />
<br />
With AIX 6.1, IBM introduced a new open flag O_CIOR which is same as O_CIO, but this allows subsequent open calls without CIO. The advantage of this enhancement is that other applications like cp, dd, cpio, dbv can access database files in read only mode without having to open them with CIO. Starting with Oracle 11.2.0.2 when AIX 6.1 is detected, Oracle will use O_CIOR option to open a file on JFS2. Therefore you should no longer mount the filesystems with mount option "-o cio". (<br />
The mount option noatime, suggested for Oracle 10g binaries is fixed in 11.2.0.2.)<br />
<br />
<u>IBM mount advice for database files:</u><br />
<b>- Data files:</b> Use CIO filesystemio_options=SETALL, and default agblksize (4k); mount with no options.<br />
<b>- Redo logs: </b>Create with agblksize of 512 and mount with no options. With SETALL, Oracle is doing direct I/O for Redo logs.<br />
<b>- Control files:</b> Create with agblksize of 512 and mount with no options. With SETALL, Oracle is doing direct I/O for control files.<br />
<b>- Archive logs:</b> Mount -o rbrw . Do not use CIO; use the jfs2 rbrw option<br />
<b>- Dumps:</b> Mount –o rbrw<br />
<br />
<u>General rules:</u><br />
- All vgs scalable<br />
- LUNs no larger than 500G<br />
- Preferred number of LUNs in a vg: 10 and more (with exceptions, see later), minimum 4 for extra small DBs/vgs (like 100GB)<br />
- PP size preferably no larger than 32MB (16MB for smaller LUNS than 250G, 32MB for 250GB to 500GB)<br />
- All LVs with "maximum allocation"<br />
- All jfs2 filesystems with INLINE log<br />
- Filesystems for online redo logs formatted with 512 fragment size<br />
<br />
<u>Rules for high volume DBs</u><br />
- Extra vgs for online log and mirror log – INSToriglogvg, INSTmirrlogvg – small LUNs, minimum number of LUNS in vg at least 4<br />
- Extra vgs for highest volume tablespaces, same rules as for general vgs apply – 1 filesystem per vg<br />
<br />
--------------------------------------<br />
<br />
<b><u>File System Options</u></b><br />
<br />
The DIO and CIO features included in AIX improve file system performance to a level comparable to raw logical volumes. Before Oracle Database 11g, DIO and CIO could not be enabled at the file level on JFS/JFS2. Therefore, the Oracle home directory and data files had to be placed in separate file systems for optimal performance. The Oracle home directory was placed on a file system mounted with default options, with the data files and logs on file systems mounted using the dio or cio options.<br />
<br />
With Oracle Database 11g, you can enable DIO and CIO on JFS/JFS2 at the file level. You can do this by setting the FILESYSTEMIO_OPTIONS parameter in the server parameter file to setall or directIO. This enables CIO on JFS2 and DIO on JFS for all data file Input-Output. Because the directIO setting disables asynchronous<br />
Input-Output it should normally not be used. As a result of this 11g feature, you can place data files on the same JFS/JFS2 file system as the Oracle home directory and still use DIO or CIO for improved performance.<br />
<br />
However you should still place Oracle Database logs on a separate JFS2 file system for optimal performance. The optimal configuration is to create the file system using the agblksize=512 option and to mount it with the cio option. Redo is a natural bottleneck for high-update databases because Oracle redo disk must accept the sum of all disk update rates. After redo and disks are optimized the only way to relieve redo bottlenecks is faster redo storage.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjKDNW-nzmfZxpFBgwvAeiXMfpb-lisSDXV0jZ-1TH9q9pqN5jrazrByDYrRHoAab4yfz_6tKoPcZCjb85_m9P-4N_GBpqa0g6YeyrnG4bopx2KlySFDjcDw6TE_5oBHng6gCyhBSFbMWB/s1600/c1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="277" data-original-width="612" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjKDNW-nzmfZxpFBgwvAeiXMfpb-lisSDXV0jZ-1TH9q9pqN5jrazrByDYrRHoAab4yfz_6tKoPcZCjb85_m9P-4N_GBpqa0g6YeyrnG4bopx2KlySFDjcDw6TE_5oBHng6gCyhBSFbMWB/s400/c1.JPG" width="400" /></a></div>
<br />
For improved performance, create separate file systems for redo logs and control files (or a single file system for both), with an agblksize of 512 bytes rather than the default of 4 KB.<br />
<br />
Note: To use the Oracle RAC option, you must place data files on an ASM disk group or on a GPFS file system. You cannot use JFS or JFS2. DIO is implicitly enabled when you use GPFS.<br />
<br />
--------------------------------------<br />
<br />
<b><u>Asynchronous I/O</u></b><br />
<br />
Asynchronous I/O (AIO) allows a program to initiate an I/O operation then continue with other work in parallel to the I/O operation. Oracle Database 12c often requires multiple server and user processes running at the same time. Therefore Oracle Database 12c takes full advantage of AIO services provided by AIX. AIO is implemented with AIO server processes. The configuration values of: minservers, maxservers and maxreqs control the AIO server configuration of AIX.<br />
<br />
AIO kernel extensions are loaded at system boot (always loaded), AIO servers stay active as long as there are service requests, and the number of AIO servers is dynamically increased or reduced based on demand of the workload. The aio_server_inactivity parameter defines after how many seconds idle time an AIO server will exit. AIO tunables are now based on logical CPU count, and hence it is usually not necessary to tune minservers, maxservers, and maxreqs as in the past.<br />
<br />
For Oracle Database 12c, the database defaults to asynchronous I/O (AIO) enabled and concurrent I/O (CIO) disabled. In general, a good starting point is to set the filesystemio_options=setall, in your init*.ora configuration file. This setting will enable AIO (which is the default) and CIO operation. CIO operation is built<br />
upon direct I/O (DIO) with the additional function of inode locking. Note, there may be workloads (eg. sequential reads) where cached I/O performs better than CIO.<br />
When using CIO/DIO, the Oracle setting of DB_FILE_MULTIBLOCK_READ_COUNT (the maximum number of blocks read in one I/O operation during a sequential scan) needs to be considered. Also, the alignment of the database blocksize and the file system block size (agblksize) has to be considered.<br />
<br />
From Oracle Database 11g Release 2 version 11.2.0.2 and later, Oracle opens the files using "O_CIOR" which is similar to "O_CIO", but allows subsequent open calls without CIO, so that you no longer need to mount the JFS2 filesystems with mount option "-o cio" and other OS tools and third part tools can access the database files without any issues.<br />
<br />
To display the number of asynchronous Input-Output servers running, enter the following commands as the root user:<br />
<b># pstat -a | grep -c aios</b><br />
<b># ps -k | grep aioserver</b><br />
<br />
Check the number of active asynchronous Input-Output servers periodically, and change the values of the minservers and maxservers parameters if required. The<br />
changes take place when the system is restarted.<br />
<br />
--------------------------------------<br />
<br />
<b><u>IOCP (I/O Completion Ports)</u></b><br />
<br />
On AIX on POWER systems, enable I/O completion ports (IOCP) to ensure successful database and grid infrastructure installation.<br />
To check if the IOCP module is enabled, run the following command and look for status "Available" in the output,<br />
<br />
<b>$ lsdev |grep iocp</b><br />
Iocp0 Available I/O Completion Ports.<br />
<br />
If IOCP is in "Defined" state, enable it (using "smitty").<br />
<br />
<u>Activate iocp:</u><br />
<b># lsdev -Cc iocp; lsattr -El iocp0</b><br />
<b># mkdev -l iocp0; chdev -l iocp0 -P -a autoconfig='available'</b><br />
<br />
--------------------------------------<br />
<br />
<b><u>Oracle Block Size</u></b><br />
<br />
During read operations, entire operating system blocks are read from the disk. If the database block size is smaller than the operating system file system block size, then Input-Output bandwidth is inefficient. If you set Oracle Database block size to be a multiple of the file system block size, then you can increase performance by up to 5 percent. The DB_BLOCK_SIZE initialization parameter sets the database block size. However, to change the value of this parameter, you must re-create the database. To see the current value of the DB_BLOCK_SIZE parameter, run the SHOW PARAMETER DB_ BLOCK_SIZE command in SQL*Plus.<br />
<br />
You can configure Oracle Database block size for better Input-Output throughput. On AIX, you can set the value of the DB_BLOCK_SIZE initialization parameter to between 2KB and 32 KB, with a default of 4 KB. For databases on raw partitions, Oracle Database block size is a multiple of the operating system physical block size (512 bytes on AIX). Oracle recommends smaller Oracle Database block sizes (2 KB or 4 KB) for online transaction processing or mixed workload environments and larger block sizes (8 KB, 16 KB, or 32 KB) for decision support system workload environments.<br />
<br />
--------------------------------------<br />
<br />
<b><u>Log Archive Buffers</u></b><br />
<br />
By increasing the LOG_BUFFER size, you may be able to improve the speed of archiving the database, particularly if transactions are long or numerous. Monitor the log file Input-Output activity and system throughput to determine the optimum LOG_BUFFER size. Tune the LOG_BUFFER parameter carefully to ensure that the overall performance of normal database activity does not degrade.<br />
<br />
--------------------------------------<br />
<b><u><br /></u></b>
<b><u>Server Side Caching</u></b><br />
<br />
The Server Side Caching is a new feature introduced in AIX 7.1 TL04 SP02 and AIX 7.2. This feature is supported to use with Oracle Database to improve the performance of read I/O intensive workloads on AIX. Server-side caching provides the capability to cache the application data stored in SAN to Solid State Devices (SSD) or Flash Storage LUNs or Virtual Disks provided by VIOS on the AIX server. After Server Side Caching is enabled in AIX, all the read I/O requests are first redirected to the caching area created with the fast SSDs or Flash Storage or VIOS virtual disk on the server. This feature can be enabled or disabled dynamically, no reboot is required and changes are transparent to the running application or workload. This works only with Oracle Database Non-RAC environment.<br />
<br />
--------------------------------------<br />
<br />
<b><u>Write Behind</u></b><br />
<br />
The write behind feature enables the operating system to group write Input-Output together, up to the size of a partition. You can improve performance by doing this,<br />
because the number of Input-Output operations is reduced. The file system divides each file into 16 KB partitions to increase write performance, limit the number of dirty pages in memory, and minimize disk fragmentation. The pages of a particular partition are not written to disk until the program writes the first byte of the next 16KB partition. To set the size of the buffer for write behind to eight 16 KB partitions, enter the following command:<br />
<b># /usr/sbin/vmo -o numclust=8</b><br />
<br />
--------------------------------------<br />
<br />
<b><u>Sequential Read Ahead</u></b><br />
<br />
Note: The information in this section applies only to file systems, and only when neither DIO nor CIO are used.<br />
<br />
The VMM anticipates the need for pages of a sequential file. It observes the pattern in which a process accesses a file. When the process accesses two consecutive pages of the file, the VMM assumes that the program continues to access the file sequentially, and schedules additional sequential reads of the file. These reads overlap the program processing and make data available to the program faster. The following VMM thresholds, implemented as kernel parameters, determine the number of pages it reads<br />
ahead:<br />
- minpgahead: it stores the number of pages read ahead when the VMM first detects the sequential access pattern.<br />
- maxpgahead: it stores the maximum number of pages that VMM reads ahead in a sequential file.<br />
<br />
Set the minpgahead and maxpgahead parameters to appropriate values for an application. The default values are 2 and 8 respectively. Use the vmo command to change these values. You can use higher values for the maxpgahead parameter in systems where the sequential performance of striped logical volumes is of paramount importance.<br />
<br />
--------------------------------------<br />
<br />
<b><u>Disk IO Pacing</u></b><br />
<br />
Disk IO pacing is an AIX mechanism that enables to limit the number of pending IO requests to a file. This prevents disk IO intensive processes from saturating the CPU. Therefore, the response time of interactive and CPU-intensive processes does not deteriorate. You can achieve disk IO pacing by adjusting two system parameters: the high-water mark and the low-water mark. When a process writes to a file that has a pending high-water mark IO request, the process is put to sleep. The process wakes up when the number of outstanding IO requests falls lower than or equals the low-water mark.<br />
<br />
You can use the smit command to change the high and low-water marks. Determine the water marks through trial-and-error. Use caution when setting the water marks, because they affect performance. Tuning the high and low-water marks has less effect on disk Input-Output larger than 4 KB.<br />
<br />
You can determine disk IO saturation by analyzing the result of iostat, in particular, the percentage of iowait and tm_act. A high iowait percentage combined<br />
with high tm_act percentages on specific disks is an indication of disk saturation. (A high iowait alone is not necessarily an indication of an Input-Output bottleneck.)<br />
<br />
--------------------------------------<br />
<br />
<b><u>IOO tunables j2_nBufferPerPagerDevice and j2_dynamicBufferPreallocation</u></b><br />
<br />
Do not change these unless there is a high delta in vmstat –v external pager filesystem I/Os blocked with no fsbuf. If this value is high, first increase<br />
j2_dynamicBufferPreallocation from 16 (16k slabs) to 32; monitor. If increasing this does not help, then consider raising the value of j2nBufferPerPagerDevice<br />
which is the starting value for dynamic buffer allocation.<br />
<br />
Do not change AIX restricted tunables without the advice from IBM AIX support. In AIX 6.1 j2_nBufferPerPagerDevice is a restricted tunable, while j2_dynamicBufferPreallocation is not.<br />
<br />
<u>Here are some default values for three ioo parameters:</u><br />
- j2_dynamicBufferPreallocation=128<br />
- numfsbufs=1024 (legacy jfs)<br />
- maxpgahead=16 (legacy jfs)<br />
<br />
--------------------------------------<br />
<br />
<b><u>Resilvering (mirroring) with Oracle Database</u></b><br />
<br />
If you disable mirror write consistency for an Oracle data file allocated on a raw logical volume, then the Oracle Database crash recovery process uses resilvering to<br />
recover after a system failure. This resilvering process prevents database inconsistencies or corruption.<br />
<br />
During crash recovery, if a data file is allocated on a logical volume with multiple copies, then the resilvering process performs a checksum on the data blocks of all the copies. It then performs one of the following:<br />
- If the data blocks in a copy have valid checksums, then that copy is used to update the copies that have invalid checksums.<br />
- If all copies have blocks with invalid checksums, then the blocks are rebuilt using the redo log file.<br />
<br />
On AIX, the resilvering process works only for data files allocated on raw logical volumes for which mirror write consistency is disabled. Resilvering is not required for data files on mirrored logical volumes with mirror write consistency enabled, because mirror write consistency ensures that all copies are synchronized. If the system fails where which mirror write consistency was disabled, then run the syncvg command to synchronize the mirrored logical volume before starting Oracle Database.<br />
<br />
Note: If a disk drive fails, then resilvering does not occur. You must run the syncvg command before you can reactivate the logical volume. Oracle supports resilvering for data files only. Do not disable mirror write consistency for redo log file<br />
<br />
--------------------------------------<br />
<br />
<b><u>Paging space</u></b><br />
<br />
Oracle documentation suggests the following values as a starting point for an Oracle Database:<br />
<br />
<b>RAM<span style="white-space: pre;"> </span> Swap Space</b><br />
Between 1 GB and 2 GB<span style="white-space: pre;"> </span> 1.5 times the size of RAM<br />
Between 2 GB and 16 GB<span style="white-space: pre;"> </span> Equal to the size of RAM<br />
More than 16 GB<span style="white-space: pre;"> </span> 16 GB<br />
<br />
<br />
--------------------------------------<br />
--------------------------------------<br />
--------------------------------------<br />
--------------------------------------<br />
--------------------------------------<br />
<br />
<br />
<b><u>MEMORY</u></b><br />
<br />
In general, AIX support suggests AIX 7.1 defaults for Oracle.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_-wuOARovYhxiSFKEQaRXsI34_d9VUtVhrAQnVvdPAtHEIn9yBQRQQNm-DpXlA8JUJYyd1H1GNw6BCpnb21rH0-H4ttjyN5aLnTz1MQyEEsXSXkC3_tJOi-BmAqWN6akWah216X94htM1/s1600/c2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="589" data-original-width="643" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_-wuOARovYhxiSFKEQaRXsI34_d9VUtVhrAQnVvdPAtHEIn9yBQRQQNm-DpXlA8JUJYyd1H1GNw6BCpnb21rH0-H4ttjyN5aLnTz1MQyEEsXSXkC3_tJOi-BmAqWN6akWah216X94htM1/s1600/c2.JPG" /></a></div>
<br />
<br />
--------------------------------------<br />
<br />
<b><u>Oracle Large Page Usage</u></b><br />
<br />
The general recommendation for most Oracle databases on AIX is to utilize 64KB page size and not 16MB page size for the SGA.<br />
<br />
AIX 6.1 and 7.1 support three or four page sizes, depending on the hardware: 4 KB (default), 64 KB (medium), 16 MB (large), and 16 GB(huge).<br />
Page sizes 64 KB and 16 MB have been shown to benefit Oracle performance by reducing kernel lookaside processing to resolve virtual to physical addresses. Oracle 11g uses 64 KB pages for dataspaces by default. Oracle Automatic Memory Management (AMM) uses the 64KB page size by default for the SGA and database (with the exception of the TNS Listener). This is the suggested value, since it has been found that 64 KB pages yield nearly the same performance benefit as 16 MB pages and require no special management.<br />
<br />
64 KB page size for data, text, and stack regions is useful in environments with a large (for example. 64 KB+) SGA and many online transaction processing (OLTP) users. For smaller Oracle instances, 4 KB is sufficient for data, text, and stack. 64 KB page use for data, text, and stack is implemented separately from 64 KB pages for the SGA, and is done by means of an environment variable exported on behalf of the Oracle user. AME by default uses 4k page size.<br />
$ export LDR_CNTRL=DATAPSIZE=64K@TEXTPSIZE=64K@STACKPSIZE=64K oracle<br />
<br />
<br />
--------------------------------------<br />
<br />
<b><u>SGA tuning</u></b><br />
<br />
LOCK_SGA = FALSE is the default, this means that the SGA is not pinned in memory. AIX performance support generally suggests not to pin SGA. This is the suggested value, since it has been found that 64 KB pages provide nearly the same performance benefit as 16 MB pages, require no special management and minimize potential of negative impact of incorrectly configuring SGA size.<br />
<br />
<u>Some additional info:</u><br />
Oracle versions prior to 10.2.0.4 will allocate only two types of pages for the SGA, 4KB and 16MB. The SGA initialization process during the startup of the instance will try to allocate 16MB pages for the shared memory if LOCK_SGA is set to TRUE. If the LOCK_SGA is set to FALSE, the 4KB page will be used and no pinning will occur.<br />
<br />
The primary motivation for considering the pinning of SGA memory is to prevent Oracle SGA from ever being paged out. In a properly tuned Oracle on AIX environment there should not be any paging activity to begin with, so SGA related pages should stay resident in physical memory even without explicitly pinning them. In improperly configured or tuned environments where the demand for computational pages exceeds the physical memory available to them, SGA pinning will not address the underlying issue and will merely cause other computational pages (e.g. Oracle server or user processes) to be paged out. This can potentially have as much or more impact on overall Oracle performance as the paging of infrequently used SGA pages.<br />
<br />
When we say that memory is "pinned" it actually means that the page table prohibits page stealing and swapping. In other words the page stealing daemon can not throw pages from this page table out and replace them with other pages.<br />
<br />
If not done properly, Oracle SGA pinning and/or the use of large pages can potentially result in significant performance issues and/or system crashes. And, for many Oracle workloads, SGA pinning is unlikely to provide significant additional benefits. It should therefore only be considered where there is a known performance issue that could not be addressed through other options, such as VMM parameter tuning.<br />
<br />
You can determine the SGA size by running the ipcs command as the oracle user.<br />
<br />
Use the svmon command to monitor the use of pinned memory during the operation of the system. Oracle Database attempts to pin memory only if the LOCK_SGA parameter is<br />
set to true. If the SGA size exceeds the size of memory available for pinning, then the portion of the SGA exceeding these sizes is allocated to ordinary shared memory.<br />
<br />
svmon reports an "available" metric. This metric can be used to more easily determine how much remaining memory is available to applications. The available metric reports the amount additional amount of physical memory that can be used for applications without incurring paging. When the amount of available memory gets low, this is an indication that the system is close to paging.<br />
<br />
<b># svmon -G -O unit=auto</b><br />
Unit: auto<br />
--------------------------------------------------------------------------------------<br />
size inuse free pin virtual available mmode<br />
memory 2.00G 578.04M 1.44G 430.34M 463.48M 1.47G Ded<br />
pg space 512.00M 4.10M<br />
<br />
work pers clnt other<br />
pin 354.30M 0K 14.3M 61.8M<br />
in use 463.48M 0K 114.56M<br />
<br />
<br />
--------------------------------------<br />
<br />
<b><u>Oracle process memory footprint</u></b><br />
<br />
The AIXTHREAD_SCOPE environment variable can be used for control if an AIX process runs with process-wide contention scope (the default) or with system-wide contention scope. System-wide contention scope significantly reduces the memory required for each database process. AIX operates most effectively with Oracle Database 12c and Oracle RAC when using system-wide contention scope (AIXTHREAD_SCOPE=S). Both AIX 7.1 and AIX 6.1 specify the default environmental variable of AIXTHREAD_SCOPE=S (1:1). Oracle recommends system wide scope (AIXTHREAD_SCOPE=S) so this environmental variable is no longer required to be specifically set.<br />
<br />
<u>Sone additional info:</u><br />
The default value of the AIXTHREAD_SCOPE environment variable is P, which specifies process-wide contention scope. When using process-wide contention scope, Oracle threads are mapped to a pool of kernel threads. When Oracle is waiting on an event and its thread is swapped out, it may return on a different kernel thread with a different thread ID. Oracle uses the thread ID to post waiting processes, so it is important for the thread ID to remain the same. When using systemwide contention scope, Oracle threads are mapped to kernel threads statically, one to one. For this reason, Oracle recommends that you use systemwide contention. The use of systemwide contention is especially critical for Oracle Real Application Clusters (Oracle RAC) instances.<br />
<br />
If you set systemwide contention scope, then significantly less memory is allocated to each Oracle process.<br />
<br />
<b>Bourne, Bash, or Korn shell:</b><br />
Add to the ~/.profile or /usr/local/bin/oraenv script: <b>AIXTHREAD_SCOPE=S; export AIXTHREAD_SCOPE</b><br />
<br />
<b>C shell:</b><br />
Add to the ~/.login or /usr/local/bin/coraenv script: <b>setenv AIXTHREAD_SCOPE S</b><br />
<br />
--------------------------------------<br />
<br />
<b><u>AME</u></b><br />
<br />
In the initial AME implementation 64k pages were not supported when AME was enabled which can have a significant impact on Oracle database performance, so the initial AME implementation was not certified for use with the Oracle database. When AME is enabled today, AIX always uses 4k page size instead of 64k page size for the Oracle database. Starting in AIX 7.2 TL1 or newer AIX supports 64K pages using a hardware compression engine. This is the what is currently being certified for use with Oracle database.<br />
<br />
--------------------------------------<br />
<br />
<b><u>Virtual processor folding</u></b><br />
<br />
This is a feature of Power Systems in which unused virtual processors are taken offline until the demand requires that they be activated. The default is to allow virtual processor folding, and this should not be altered without consulting AIX support. (schedo parameter vpm_fold_policy=2).<br />
<br />
For Oracle database environments it is strongly suggested to set schedo parameter vpm_xvcpus to a value of 2 (schedo -p -o vpm_xvcpus=2) as we have seen AIX incorrectly folding too many processors if the parameter is left at default of 0. It is dynamic, not requiring reboot. This is a critical setting in a RAC environment when using LPARs with processor folding enabled. If this setting is not adjusted, there is a high risk of RAC node evictions under light database workload conditions.<br />
<br />
This setting says that a minimum of 2 additional vp's will be online (e.g. not folded / disabled) at all times. With a shared processor systems using RAC, the minimum recommended value for vpm_vxcpus is 2, meaning there will be a minimum of 3 unfolded CPUs (the default 1 plus the 2 additional ones). This is recommended to avoid RAC reboot issues. A resource issue can be created when one Oracle process enters a tight loop polling on a fd and the Oracle process that is supposed to send to that fd does not get scheduled. Once that sending event occurs, things go back to normal and AIX housekeeping can run also.<br />
<br />
<br />
--------------------------------------<br />
--------------------------------------<br />
--------------------------------------<br />
--------------------------------------<br />
--------------------------------------<br />
<br />
<br />
<b><u>NETWORK</u></b><br />
<br />
<br />
These values are generally suggested for Oracle, and can be considered as starting points. Pls note all udp settings are specific for RAC, the RAC interconnect uses UDP for interprocess communications:<br />
sb_max >= 1MB (1048576) and must be greater than maximum tpc or udp send or recvspace<br />
tcp_sendspace = 262144<br />
tcp_recvspace = 262144<br />
udp_sendspace = db_block_size * db_file_multiblock_read_count<br />
udp_recvspace= 10 * (udp_sendspace)<br />
rfc1323 = 1 (see Recent suggestions and open issues)<br />
tcp_fastlo = 1. This is new in AIX 7.1 (no –p –o tcp_fastlo=1). The tcp_fastlo default setting is off or ‘0’. (test it first)<br />
<br />
Ephemerals (non-defaults suggested for a large number of connecting hosts or a high degree of parallel query; also to avoid install-time warnings)<br />
tcp_ephemeral_low=32768<br />
tcp_ephemeral_high=655535<br />
udp_ephemeral_low=32768<br />
udp_ephemeral_high=65535<br />
<br />
<br />
<u>Some additional consideration for RAC network as part of the 10 GigE:</u><br />
<b>LACP timeout:</b> Use the “long timeout” switch setting for the amount of time to wait before sending LACPDUs.<br />
<b>Flow control:</b> Enable flow control at the switch port and on the server side ports (using HMC) for the 10GE adapter or 10GE HEA configuration.<br />
<b>UDP tuning:</b> Tune the udp_sendspace and udp_recvspace until there are no “socket buffer overflows” in netstat -s<br />
<b>Jumbo frames:</b> Enable Jumbo frames on every hop (server side, switch side)<br />
<br />
MTU adapter port specific settings will be overridden with setting ‘mtu_bypass = ON’. This is complemented with ‘tcp_pmtu_discover = 1’ for MTU path discovery.<br />
<br />
<br />
<u>Network tunables (with command):</u><br />
# no -p -o udp_sendspace=262144; no -p -o udp_recvspace=655360; no -p -o tcp_sendspace=262144; no -p -o tcp_recvspace=262144<br />
# no -p -o rfc1323=1; no -p -o sb_max=4194304; no -r -o ipqmaxlen=512 #(needs reboot); no -p -o use_isno=1<br />
<br />
for each active network interface (i.e. en0, en1, en2 .. etc.):<br />
# chdev -l enX -a state='up' -a rfc1323='1' -a tcp_mssdflt='1448' -a tcp_nodelay='1' -a tcp_recvspace='262144' -a tcp_sendspace='262144'<br />
<br />
--------------------------------------<br />
--------------------------------------<br />
--------------------------------------<br />
--------------------------------------<br />
--------------------------------------<br />
<br />
<b><u>Oracle DB parameters</u></b><br />
<br />
<b>DB_BLOCK_SIZE</b><br />
Specifies the default size of Oracle database blocks. This parameter cannot be changed after the database has been created, so it is vital that the correct value is chosen at the beginning. Optimal<br />
DB_BLOCK_SIZE values vary depending on the application. (Typical values are 8KB for OLTP workloads and 16KB to 32KB for DSS workloads. If you plan to use a 2KB DB_BLOCK_SIZE with JFS2<br />
file systems, be sure to create the file system with agblksize=2048.)<br />
<br />
<b>DB_BLOCK_BUFFERS or DB_CACHE_SIZE</b><br />
The primary purpose of the DB buffer cache area(s) is to cache frequently used data (or index) blocks in memory in order to avoid or reduce physical I/Os to disk. In general, you want just enough DB buffer cache allocated to achieve the optimum buffer cache hit rate. Increasing the size of the buffer cache beyond this point may actually degrade performance due to increased overhead of managing the larger cache memory area.<br />
<br />
<b>DISK_ASYNCH_IO</b><br />
AIX fully supports Asynchronous I/O for file systems (JFS, JFS2, GPFS and Veritas) as well as raw devices. This parameter should always be set to TRUE (the default value).<br />
<br />
<b>FILESYSTEMIO_OPTION</b>S<br />
Setting the FILESYSTEMIO_OPTIONS parameter in the server parameter file to SETALL or DIRECTIO, enables CIO on JFS2 and DIO on JFS for all data file IO. Because the DIRECTIO setting disables asynchronous IO it should normally not be used. As a result of this 12c feature, you can place data files on the same JFS/JFS2 file system as the Oracle home directory and still use DIO or CIO for improved performance. (You should still place Oracle Database logs on a separate JFS2 file system for optimal performance.)<br />
<br />
<b>DB_WRITER_PROCESS and DBWR_IO_SLAVES</b><br />
These parameters specify how many database writer processes are used to update the database disks when disk block buffers in database buffer cache are modified. Multiple database writers are often used to get around the lack of Asynchronous I/O capabilities in some operating systems, although it still works with operating systems that fully support Asynchronous I/O, such as AIX.<br />
Normally, the default values for these parameters are acceptable and should only be overridden in order to address very specific performance issues and/or at the recommendation of Oracle Support.<br />
<br />
<b>SHARED_POOL_SIZE</b><br />
An appropriate value for the SHARED_POOL_SIZE parameter is very hard to determine before statistics are gathered about the actual use of the shared pool. The good news is that starting with Oracle 9i, it is dynamic, and the upper limit of shared pool size is controlled by the SGA_MAX_SIZE parameter. So, if you set the SHARED_POOL_SIZE to an initial value and you determine later that this value is too low; you can change it to a higher one, up to the limit of SGA_MAX_SIZE. Remember that the shared pool includes the data dictionary cache (the tables about the tables and indexes), the library cache (the SQL statements and execution plans), and also the session data if the shared server is used. Thus, it is not difficult to run out of space. Its size can vary from a few MB to very large, such as 20 GB or more, depending on the applications’ use of SQL statements. It depends mostly on the number of tables in the databases; the data dictionary will be larger for a lot of tables and the number of the different SQL statements that are active or used regularly.<br />
<br />
<b>SGA_MAX_SIZE</b><br />
Starting with Oracle 9i, the Oracle SGA size can be dynamically changed. It means the DBA just needs to set the maximum amount of memory available to Oracle (SGA_MAX_SIZE) and the initial values of the different pools: DB_CACHE_SIZE, SHARED_POOL_SIZE, LARGE_POOL_SIZE etc… The size of these individual pools can then be increased or decreased dynamically using the ALTER SYSTEM<br />
command, provided the total amount of memory used by the pools does not exceed SGA_MAX_SIZE. If LOCK_SGA = TRUE, his parameter defines the amount of memory Oracle allocates at DB startup in “one piece”! Also, SGA_TARGET is ignored for the purpose of memory allocation in this case.<br />
<br />
<b>SGA_TARGET</b><br />
SGA_TARGET specifies the total size of all SGA components. If SGA_TARGET is specified, then the following memory pools are automatically sized: Buffer cache (DB_CACHE_SIZE), Shared pool (SHARED_POOL_SIZE), Large pool (LARGE_POOL_SIZE), Java pool (JAVA_POOL_SIZE), Streams pool (STREAMS_POOL_SIZE)<br />
<br />
<b>MEMORY_TARGET, MEMORY_MAX_TARGET (11g)</b><br />
MEMORY_TARGET specifies the Oracle system-wide usable memory. The database tunes memory to the MEMORY_TARGET value, reducing or enlarging the SGA and PGA as needed. If MEMORY_TARGET parameter is used, memory cannot be pinned. It is not recommended to use the MEMORY_TARGET parameter together with the SGA_MAX_SIZE and SGA_TARGET.<br />
<br />
<b>PGA_AGGREGATE_TARGET</b><br />
PGA_AGGREGATE_TARGET specifies the target aggregate PGA memory available to all server processes attached to the instance. Setting PGA_AGGREGATE_TARGET to a nonzero value has the effect of<br />
automatically setting the WORKAREA_SIZE_POLICY parameter to AUTO. This means that SQL working areas used by memory-intensive SQL operators (such as sort, group-by, hash-join, bitmap merge, and bitmap create) will be automatically sized. A nonzero value for this parameter is the default since, unless you specify otherwise, Oracle sets it to 20% of the SGA or 10 MB, whichever is greater.<br />
<br />
<b>PRE_PAGE_SGA</b><br />
The setting for 12.1 defaults to ‘TRUE’ which allocates all segments to the maximum. Prior to 12.1 the default was set to ‘FALSE’. With setting this to true, all segments are allocated to the MAXIMUM. PRE_PAGE_SGA (at startup) will read “touching” all the memory pages. This can result in slower start up times but advantage is that all further requests to SGA memory are supposed to hit real physical memory and AIX will not need to do any additional allocations after startup.<br />
<br />
It now takes more time for ANY ORACLE process to start as this “touching” of memory segments which is not done just during instance startup but also occurs for any new ORACLE process (i.e. a new database connection shadow process). The efficiency of this "touching" will depend on the page size used for the SGA. For example, an 80MB SGA using 64KB pages would need to "touch" 1250 pages whereas an SGA using 16MB pages would only need to "touch" 5 pages. To pin memory you set lock_sga to 'TRUE'. To use 16M pages one also needs to pin memory. If persistent memory usage issues are encountered overriding the default of pre_page_sga of ‘TRUE’ and setting it to ‘FALSE’ may be beneficial.<br />
If you are planning to use the “In-Memory” feature of Oracle database 12c, 18c or 19c it is recommended to set the pre_page_sga = TRUE (default)<br />
<br />
<b>Adaptive Features</b><br />
It has been found helpful to test turning this feature off to eliminate it as a cause of performance related issues.<br />
Try setting: OPTIMIZER_ ADAPTIVE_FEATURES to FALSE.<br />
<br />
--------------------------------------<br />
<div>
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com3tag:blogger.com,1999:blog-5391325129965939458.post-6789135512905989922020-05-02T15:29:00.002+02:002022-04-05T14:12:19.470+02:00EXTRA - ORACLE ASM, RAC, DATA GUARD<b><u>Oracle ASM, RAC, Data Guard</u></b><br />
<br />
<br />
<b><u>ASM (Automatic Storage Management)</u></b><br />
<br />
ASM is Oracle's recommended storage management solution. Oracle ASM uses disk groups to store data files. A disk group consists of multiple disks and for each ASM disk group, a level of redundancy is defined (normal (mirrored), high (3 mirrors), or external (no ASM mirroring)). When a file is created within ASM, it is automatically striped across all disks allocated to the disk groups. The performance is comparable to the performance of raw devices. ASM allows disk management to be done using SQL statements (such as CREATE, ALTER, and DROP), Enterprise Manager or with command line.<br />
<br />
ASM is a single DB instance (as a normal DB instance would be), with its own processes.<br />
<b># ps -ef | grep asm</b><span style="white-space: pre;"> </span><--shows what asm uses (it has pmon, smon...)<br />
<br />
ASM requires a special type of Oracle instance to provide the interface between a traditional Oracle instance and the storage elements presented to AIX. The Oracle ASM instance mounts disk groups to make ASM files available to database instances. An Oracle ASM instance is built on the same technology as an Oracle Database instance. The ASM software component is shipped with the Grid Infrastructure software.<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKNqiX2rHduI3PqUnGrjcSVfcCKJ-_KMGN1nP_hKuIhhNqm9r0KpR452ZEcnl2WTJeprFPbBVvefywaZsZrUnXfh41LHLyGsY5uZqyiAO5A91nhu89rsHys7DyiJMQqgPfDEfl4A0nfecb/s1600/b1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="197" data-original-width="245" height="160" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhKNqiX2rHduI3PqUnGrjcSVfcCKJ-_KMGN1nP_hKuIhhNqm9r0KpR452ZEcnl2WTJeprFPbBVvefywaZsZrUnXfh41LHLyGsY5uZqyiAO5A91nhu89rsHys7DyiJMQqgPfDEfl4A0nfecb/s200/b1.JPG" width="200" /></a></div>
Most commonly used storage objects that are mapped to ASM disks are AIX raw hdisks and AIX raw logical volumes. The disks or logical volumes are presented by special files in the /dev directory:<br />
- Raw hdisks as /dev/rhdisknn or<br />
- Raw logical volume as /dev/ASMDataLVnn<br />
<br />
To properly present those devices to the Oracle ASM instance, they must be owned by the Oracle user (chown oracle.dba /dev/rhdisknn) and the associated file permission must be 660 (chmod 660 /dev/rhdisknn). Raw hdisks cannot belong to any AIX volume group and should not have a PVID defined. One or more raw logical volumes presented to the ASM instance could be created on the hdisks belonging to the AIX volume group.<br />
<br />
For systems that do not use external redundancy, ASM provides its own internal redundancy mechanism and additional high availability by way of failure groups. A failure group, which is a subset of a diskgroup, by definition is a collection of disks that can become unavailable due to a failure of one of its associated components; e.g., controllers or entire arrays. Thus, disks in two separate failure groups (for a given diskgroup) must not share a common failure component.<br />
<br />
In a diskgroup usually 2 Failgroups are defined, for mirroing purposes inside the ASM. At OS side it looks like:<br />
<b>oradata-PCBDE-rz2-50GB-1<span style="white-space: pre;"> </span><--Failgroup1</b><br />
<b>oradata-PCBDE-rz3-50GB-1<span style="white-space: pre;"> </span><--Failgroup2</b><br />
<br />
In this case storage extension is possible only by 2 disks at a time (from 2 separate storage box, in optimal case) and in a disk group all the disks should have the same size. When you have 2 disks in a Failgroup, and you create a 50GB tablespace, ASM will stripe it across the disks (25-25GB on each disk). When you add 2 more disks, then ASM starts to rebalancing tha data, so you will have 4x12.5Gb on each disk.<br />
<br />
If hdisks are not part of the AIX volume group, its PVIDs can be cleared using the chdev command:<br />
<b># chdev –l hdiskn –a pv=yes</b><br />
<b># chdev –l hdiskn –a pv=clear</b><br />
<br />
PVIDs are physically stored in the first 4k block of the hdisk, which happens to be where Oracle stores the ASM, OCR and/or Voting disk header. For ASM managed disks hdisk numbering is not important. Some Oracle installation documentation recommends temporarily setting PVIDs during the install process (this is not the preferred method). Assigning or clearing a PVID on an existing ASM managed disk will overwrite the ASM header, making data unrecoverable without the use of KFED (See Metalink Note #353761.1)<br />
<br />
AIX 5.3 TL07 (and later) has a specific set of Oracle ASM related enhancements. Execution process of the "mkvg" or "extendvg" commands will now check for presence of ASM header before writing PVID information on hdisk. Command will fail and return an error message if ASM header signature is detected:<br />
<b>0516-1339 /usr/sbin/mkvg: Physical volume contains some 3rd party volume group.</b><br />
<b>0516-1397 /usr/sbin/mkvg: The physical volume hdisk3, will not be added to the volume group.</b><br />
<b>0516-862 /usr/sbin/mkvg: Unable to create volume group.</b><br />
<br />
The force option (-f) will not work for an hdisk with an ASM header signature. If an hdisk formerly used by ASM need to be used for another purpose, the ASM header area can be cleared using the AIX "dd" command:<br />
<b># dd if=/dev/zero/ of=/dev/rhdisk3 bs=4096 count=10</b><br />
<br />
Using the chdev utility with pv=yes or pv=clear operations do not check for ASM signature before setting or clearing PVID area.<br />
AIX 6.1 TL06 and AIX 7.1 introduced a rendev command that can be used for permanent renaming of the AIX hdisks.<br />
<br />
ASM devices have a header which contains an asm id. To extract, do:<br />
<b># dd if=/dev/$disk bs=1 skip=72 count=32 2>/dev/null</b><br />
These ids can be used to map the old and the new devices and therefore create new asm device files which point to the correct, new disks.<br />
<br />
<br />
<b>rendev,lkdev</b><br />
An ASM disks have no pvid and so looks like it's unassigned. An AIX admin can therefore mistakenly think the disk is free and add it to a volume group, thus destroying data. Use rendev to rename ASM hdisks to something more obviously ASM, e.g. hdiskasm5, and if necessary update the Oracle ASM device scan path. Also, lkdev can be used as an extra level of protection. The "lkdev" command is used to lock the disk to prevent the device from inadvertently being altered by a system administrator at a later time. It locks the device so that any attempt to modify the device attributes (chdev, chpath) or remove the device or one of its paths (rmdev, rmpath) will be denied. The ASM header name can also be added as a comment when using lkdev, to make it even more obvious.<br />
<br />
<b># rendev -l hdisk4 -n hdiskASMd01</b><br />
<b># lkdev -l hdisk4 -n OracleASM</b><br />
<br />
<br />
<b>mknod (old)</b><br />
If rendev is not available, device files are created in /dev using "mknod /dev/asm_disk_name c maj min" to have the same major and minor number as the disk device to be used. The Oracle DBA will use these device names created with mknod.<br />
<br />
--------------------------------------------<br />
--------------------------------------------<br />
--------------------------------------------<br />
--------------------------------------------<br />
--------------------------------------------<br />
<br />
<b><u>Oracle Clusterware </u></b><br />
<br />
Starting with Oracle Database 11g Release 2, Oracle has packaged Oracle Clusterware, Automatic Storage Management and the listener as a single package called "Oracle Grid Infrastructure".<br />
<br />
Oracle Clusterware provides basic clustering services at the operating system level, it is the technology that transforms a server farm into a cluster. Theoretically Oracle Clusterware can be used to provide clustering services to other applications (not Oracle).<br />
<br />
With Oracle Clusterware you can provide a <b>cold failover</b> cluster to protect an Oracle instance from a system or server failure. The basic function of a cold failover cluster is to monitor a database instance running on a server, and if a failure is detected, to restart the instance on a spare server in the cluster. Network addresses are failed over to the backup node. Clients on the network experience a period of lockout while the failover takes place and are then served by the other database instance once the instance has started.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0EiVBphK2OBaHj3aswgKrb1SrlAcia5VBAdEVpuzMWAYe1zT5hkrdCLVSujkkAfhfwpZB9tU9wvCqGfZeJgfSMN-6hRnYoIGl1CPhz4bv95AczcMpeAr-EtKFGNhNXnzgqtT7lTS7oqx5/s1600/b2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="558" data-original-width="566" height="393" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj0EiVBphK2OBaHj3aswgKrb1SrlAcia5VBAdEVpuzMWAYe1zT5hkrdCLVSujkkAfhfwpZB9tU9wvCqGfZeJgfSMN-6hRnYoIGl1CPhz4bv95AczcMpeAr-EtKFGNhNXnzgqtT7lTS7oqx5/s400/b2.JPG" width="400" /></a></div>
<u>It consist of these components:</u><br />
<b>crsd (Cluster Ready Services):</b><br />
It manages resources (start/stop of services, failovers...), it requires public and private interfaces and the Virtual IP (VIP) and it runs as root. Failure of the CRS daemon can cause node failure and it automatically reboots nodes to avoid data corruption because of the possible communication failure between the nodes.<br />
<b><br /></b>
<b>ocssd (Oracle Cluster Synchronization Services): </b><br />
It provides synchronization between the nodes, and manages locking and runs as oracle user. Failure of ocssd causes the machine to reboot to avoid split-brain situation. This is also required in a single instance configuration if ASM is used.<br />
<b><br /></b>
<b>evmd (Event Management Logger):</b><br />
The Event Management daemon spawns a permanent child process called "evmlogger" and generates the events when things happen. It will restart automatically on failures, and if evmd process fails, it does not halt the instance. Evmd runs as "oracle" user.<br />
<br />
<b>oprocd:</b><br />
Oprocd provides I/O Fencing solution for the Oracle Clusterware. (Fencing is isolating a node when it is malfunctioning.) It is the process monitor for the oracle clusterware. It runs as "root" and failure of the Oprocd process causes the node to restart. (log file is in /etc/oracle/oprocd)<br />
<br />
<u><br /></u>
<u>Important components at storage side:</u><br />
<b>-OCR (Oracle Cluster Repository/Registry)</b><br />
Any resource that is going to be managed by the Orcle Clusterware needs to be registered as a CRS resource, and then CRS stores the the resource definitions in the OCR.<br />
It is a repository of the cluster, which is a file (disk) in ASM (ocr-rz4-256MB-1).<br />
<b>crsstat<span style="white-space: pre;"> </span></b><--this will show what OCR consists of<br />
<b>ocrcheck<span style="white-space: pre;"> </span></b><--shows ocr disks<br />
<br />
<br />
<b>-VOTE DISK:</b><br />
It is a file (disk) in ASM, that manages node memberships. It is needed to have the necessary quorum (ora_vot1_raw_256m). 3 disks are needed, in optimal case every disk is from different storage box. If you don't have 3 storage boxes, then create on 2 boxes, and do an nfs mount to RAC nodes for the 3rd voting disk<br />
crsctl query css votedisk<span style="white-space: pre;"> </span> <-- shows vote disks<br />
<br />
<b>vote disk movement:</b><br />
create a new voting disk device then: dd if=/dev/<old device> of=/dev/<new device> bs=4096<br />
<br />
Oracle Clusterware provides seamless integration with, Oracle Real Application Clusters (Oracle RAC) and Oracle Data Guard. (RAC environment is using shared storage, however in a Data Guard setup each node has its own separate storage.)<br />
<br />
<u>Checking CRS network topology:</u><br />
<b># /ora_u02/app/oracle/product/crs/bin/oifcfg getif -global</b><br />
en7 199.206.206.32 global public<br />
en11 112.24.254.8 global cluster_interconnect<br />
<br />
<br />
--------------------------------------------<br />
--------------------------------------------<br />
--------------------------------------------<br />
--------------------------------------------<br />
--------------------------------------------<br />
<br />
<br />
<b><u>RAC (Real Application Cluster)</u></b><br />
<br />
RAC is based on Oracle Clusterware and in a RAC environment, two or more computers (each with an instance) concurrently access a single database. This allows an application or user to connect to either computer and have access to the data. It combines the processing power of multiple interconnected computers to provide system redundancy and scalability. Unlike the cold cluster model where one node is completely idle, all instances and nodes can be active to scale your application.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsuxsAEeTcO87LaEiZRVTct9OIj_lf3ZQwrjpOtFA4htHjLp2aTXah_3N7IJJFrC-qxmPGhQBgJFE15cDX0u0FS0UMyg0rPjEvmyrFVLTvmJ2l1nVQ5HFWbF1hp4Omt5aWB3q0wSDjWD7R/s1600/b3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="503" data-original-width="493" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgsuxsAEeTcO87LaEiZRVTct9OIj_lf3ZQwrjpOtFA4htHjLp2aTXah_3N7IJJFrC-qxmPGhQBgJFE15cDX0u0FS0UMyg0rPjEvmyrFVLTvmJ2l1nVQ5HFWbF1hp4Omt5aWB3q0wSDjWD7R/s400/b3.JPG" width="392" /></a></div>
<br />
<br />
<br />
ASM with RAC:<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhC1-WX-PCJGs9zcFg1AtMIOAU6Av1Alep4FrSbY5_-Q6w6cJEZGI20djb3SDTDZDb_wUoL99LGCGBxa8cNxuDNmOk6bVbxe2JfC7T7IJ32SJDHRwbQFMNTgmpNJ-JpZvTVZKc2xvJjjzfv/s1600/b4.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="398" data-original-width="423" height="300" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhC1-WX-PCJGs9zcFg1AtMIOAU6Av1Alep4FrSbY5_-Q6w6cJEZGI20djb3SDTDZDb_wUoL99LGCGBxa8cNxuDNmOk6bVbxe2JfC7T7IJ32SJDHRwbQFMNTgmpNJ-JpZvTVZKc2xvJjjzfv/s320/b4.JPG" width="320" /></a></div>
<br />
With the release of 12cR1 & 12cR2 Oracle no longer supports the use of raw logical volumes with the DB and RAC (see My Oracle Support note “Announcement of De-Support of using RAW devices in Oracle Database Version 12.1” (Doc ID 578455.1)). Oracle continues to support the coexistence of PowerHA with Oracle clusterware.<br />
<br />
If using a file system for your Oracle Database 12c RAC data files (rather than ASM), you’ll need to use a cluster file system. Oracle ACFS allows file system access by all members in a cluster at the same time. That requirement precludes JFS and JFS2 from being used for Oracle Database 12c RAC data files. The IBM Spectrum Scale is an Oracle RAC 12c certified cluster file system.<br />
<br />
<br />
<u>Finding out the nodes of RAC (olsnodes):</u><br />
(As oracle user "crstat -t" should work as well)<br />
<b># /u02/app/oracle/product/10.2/crs/bin/olsnodes</b><br />
aix001-ora-rac1<br />
aix002-ora-rac2<br />
<br />
In Oracle RAC versions prior to 11.2, when a node gets rebooted due do scheduling problems, the process, which would initiate the reboot, is oprocd. When the oprocd process reboots the node there should be only one entry in errpt (SYSTEM SHUTDOWN BY USER). There should not be a 'SYSDUMP' entry since ‘oprocd’ does not initiate a sysdump. A ‘SYSDUMP’ entry is an indication that other problems may be the root cause of node reboots.<br />
<br />
In Oracle RAC 11g Release 2, severe operating system scheduling issues are detected by the Oracle cssdagent and cssmonitor processes and the node is rebooted. T<br />
<br />
<u>Files to check if oprocd or css... rebooted the node:</u><br />
<b>before 11: /etc/oracle/oprocd/<node>.oprocd.lgl.<time stamp> . </b><br />
<b>11GR2: /etc/oracle/lastgasp/cssagent_<node>.lgl, /etc/oracle/lastgasp/cssmonit_<node>.lgl </b><br />
<br />
In the ocssd.log file on the other node (not on the node which was rebooted) could be some entries:<br />
<b># tail -200 /pscon_u01/app/oracle/product/crs/log/aix12/cssd/ocssd.log</b><br />
[ CSSD]2010-05-18 01:13:53.446 [4114] >WARNING: clssnmPollingThread: node aix11 (1) at 90 2.481040e-265artbeat fatal, eviction in 1.047 seconds<br />
[ CSSD]2010-05-18 01:13:54.439 [4114] >WARNING: clssnmPollingThread: node aix11 (1) at 90 2.481040e-265artbeat fatal, eviction in 0.054 seconds<br />
[ CSSD]2010-05-18 01:13:54.493 [4114] >TRACE: clssnmPollingThread: Eviction started for node aix11 (1), flags 0x040f, state 3, wt4c 0<br />
..<br />
[ CSSD]2010-05-18 01:13:54.551 [2829] >TRACE: clssnmDiscHelper: aix11, node(1) connection failed, con (1112cb1f0), probe(0)<br />
[ CSSD]2010-05-18 01:13:54.551 [2829] >TRACE: clssnmDeactivateNode: node 1 (aix11) left cluster<br />
<br />
Oracle RAC clusterware has strict timeout requirements for VIP address failover in case of a public network failure. When DNS servers are unreachable due to a public network failure, DNS name resolution calls such as getaddrinfo may hang for the default AIX query timeout duration of 5 minutes. Name resolution calls made by Oracle processes can thus delay the VIP failover. To reduce such delays, the DNS query timeout can be reduced to 1 minute, by adding the following options line in /etc/resolv.conf for all RAC cluster nodes:<br />
"options timeout:1"<br />
<br />
No reboot is necessary to activate this change. If you need even faster VIP failover the timeout can be further reduced to a value of 0; provided your network infrastructure (network and DNS servers) has the speed to serve name queries within a few (5-6) seconds. If you use a value of 0 for timeout and your DNS or network is slow to respond, DNS name lookups will start to fail prematurely.<br />
<br />
--------------------------------------------<br />
<br />
<b><u>Oracle RAC IPs</u></b><br />
<br />
<u>Summary:</u><br />
-At least 2 NICs will be needed and /etc/hosts should contain private, public, and virtual IP addresses<br />
-Configure them with Public and Private IPs (ifconfig will show these)<br />
-DNS registration for: Public, VIP<br />
(The virtual IP's do not have to be added to IFCONFIG. This is because the VIPCA takes care of it.)<br />
<br />
<u>Public IP: (server IP address from OS side)</u><br />
- DNS registrations + IP configuration for AIX (as usual)<br />
- servers in cluster should be in same subnet<br />
<br />
<u>Virtual IP: (VIP is used by Oracle for RAC failover)</u><br />
-same subnet as Public IP<br />
-DNS registration needed (not needed to be configured during installation, RAC will take care of them)<br />
-same interface name on each node (like en2)<br />
<br />
<u>Private IP: (for RAC hearbeat)</u><br />
-separate interface from public IP,<br />
-same interface name on each node (like en1)<br />
-separate network from public IP (something like 192.168...)<br />
-no DNS registration<br />
<br />
<u>SCAN IP: (Single Client Access Name, managed by Oracle, so users can use only 1 name to reach cluster)</u><br />
(SCAN works by replacing a hostname or IP list with virtual IP addresses (VIP))<br />
- DNS registration: single DNS domain name that resolves to all of the IP addresses in your RAC cluster (one for each node)<br />
- not needed to be configured during install, RAC will do it<br />
- in /etc/hosts, looks something like this: myscan.mydomain.com IN A 122.22.22.22 IN A 122.22.22.23 IN A 122.22.22.24<br />
<br />
<u>aix-sd31:</u><br />
en0: 10.4.31.254 aix-sd31<span style="white-space: pre;"> </span><--Public (DNS)<br />
en0: 10.4.31.25 aix-sd31-vip<span style="white-space: pre;"> </span> <--Virtual IP (DNS)<br />
en0: RACD001.domain.com 10.4.31.26 <span style="white-space: pre;"> </span><--SCAN IP 1 (DNS)<br />
en0: RACD001.domain.com 10.4.31.27<span style="white-space: pre;"> </span><--SCAN IP 2 (DNS)<br />
en0: RACD001.domain.com 10.4.31.28<span style="white-space: pre;"> </span><--SCAN IP 3 (DNS)<br />
en1: 169.254.214.76<span style="white-space: pre;"> </span> aix-sd31-priv <--Private IP<br />
<br />
<br />
IMPORTANT<br />
!!!!! FOR ORACLE RAC BUILDS PASSWORLESS SSH IS NEEDED TO LOCALHOST AS WELL !!!!!<br />
!!!!! FOR ORACLE AND GRID USER LOCAL AND OTHER NODE PUBLIC KEY SHOULD BE IN AUTHORIZED_KEYS FILE!!!!!<br />
<br />
<br />
--------------------------------------------<br />
--------------------------------------------<br />
--------------------------------------------<br />
--------------------------------------------<br />
--------------------------------------------<br />
<br />
<b><u>Data Guard </u></b><br />
<br />
A Data Guard configuration consists of the primary database that contains the original data and any copy of that data in separate databases (on different servers) that are kept in synch with the primary. In 11gR2 it can consist of up to 30 databases, in any combination of RAC, non-RAC, physical, logical, or snapshot.<br />
<br />
In this setup it can be used for failover for the primary database or the copies of the production data can be used in read-only mode for reporting purposes etc.<br />
<br />
Transitions from one database role to another are called switchovers (planned events) or failovers (unplanned events), where Data Guard can actually execute all of the tasks of the transition with just a few commands.<br />
<br />
Data Guard broker is itself a background Oracle monitor process (DMON) that provides a complex set of role management services governing all of the databases in a configuration. This broker controls the redo transport and is accountable for transmitting defect-free archive logs from any possible archive location. The Log Apply Services within Data Guard are responsible for maintaining the synchronization of transactions between the primary and standbys.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5NnYahMbElfHmaZisvHWOpP3GR1dVKLQc86zGOcp8zmu1QgtXjWR43kPTdbvbDI9v_reLksgagQmQ5MVPjO3PG6G9hs2JLNNk3ENpvSdLK5G_Jjeu_Jfojt07GxJu1Oci9lb91PsfaMWp/s1600/b5.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="370" data-original-width="588" height="251" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg5NnYahMbElfHmaZisvHWOpP3GR1dVKLQc86zGOcp8zmu1QgtXjWR43kPTdbvbDI9v_reLksgagQmQ5MVPjO3PG6G9hs2JLNNk3ENpvSdLK5G_Jjeu_Jfojt07GxJu1Oci9lb91PsfaMWp/s400/b5.JPG" width="400" /></a></div>
<br />
Data Gurad does not use shared storage, it is most applicable for DR scenarios.<br />
<br />
Finding out Data Guard primary (prod) or standby (shadow) node:<br />
<br />
<b># ps -ef | grep mrp</b><br />
orap02 5496874 1 2 Jan 28 - 291:26 ora_mrp0_P02<span style="white-space: pre;"> </span><--if you see this process then it is the standby (mrp: media recovery process)<br />
<br />
--------------------------------------------<br />
<div>
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0tag:blogger.com,1999:blog-5391325129965939458.post-74630163687139757492020-05-02T15:07:00.001+02:002022-04-05T14:11:48.706+02:00EXTRA - ORACLE BASICS<b><u>Oracle Basics</u></b><br />
<br />
<b>Oracle Server</b><span style="white-space: pre;"><b> </b> </span>It is an Oracle instance + an Oracle database<br />
<b>Oracle Instance</b><span style="white-space: pre;"> </span>It consists of memory and process structures to provide access to the database<br />
<b>Oracle Database</b><span style="white-space: pre;"> </span>It consists of data-, control- and redo log files<br />
<br />
Oracle has changed the database naming convention starting with Oracle 12.2. Oracle database 18c (year 2018) is the full release of 12.2.0.2. The recommended database product to target would be 19c as it offers a greater duration of support by Oracle to March 2026.<br />
<br />
Beginning with release 12.2.0.2, new releases will be annual. The version will be the last two digits of the release year. The release originally<br />
planned as 12.2.0.2 will now be release 18 (for 2018), and the release originally planned as 12.2.0.3 will be release 19. Releases 18 and 19 will be treated as under the umbrella of 12.2 for Lifetime Support purposes.<br />
<br />
Instead of Patch Sets, Patch Set Updates, and Database Bundle Patches, the new releases will be maintained with Release Updates (RU) and Release Update Revisions (RUR).<br />
<br />
----------------------------<br />
<br />
<b><u>Instance overview</u></b><br />
<br />
<div style="text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj681Mj_6lo0Uw71vKhkMcAAfx29ypvx1i-9hC24x5A1twJjgnWi9_yTcVGvUgUhyjIyJZa2-wLn-WJF7gHqCaIRBKStWMPP5UaOEWeM1gdZ1XF6MWD1SGxthumuRd4p5Cb9Hwk3ef-K-bm/s1600/a1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" data-original-height="414" data-original-width="577" height="287" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj681Mj_6lo0Uw71vKhkMcAAfx29ypvx1i-9hC24x5A1twJjgnWi9_yTcVGvUgUhyjIyJZa2-wLn-WJF7gHqCaIRBKStWMPP5UaOEWeM1gdZ1XF6MWD1SGxthumuRd4p5Cb9Hwk3ef-K-bm/s400/a1.JPG" width="400" /></a></div>
<br />
<b>SGA (System Global Area)</b><br />
The SGA is an area of memory allocated when an Oracle Instance starts up, it consists of a Shared Pool, Database Buffer Cache, Redo log buffer cache etc. The SGA's size and function are controlled by parameters in init.ora or spfile.<br />
<br />
<b>PGA (Program Global Area)</b><br />
PGA is a reserved memory for each user process that connects to an Oracle database. The PGA is allocated when a process is created and deallocated when the process is terminated. In contrast to the SGA, which is shared by several processes, the PGA is an area that is used by only one process.<br />
<br />
<b>USER PROCESS --> connection established (session)--> SERVER PROCESS --> ORACLE INSTANCE</b><br />
When a user connects to the Oracle server a user process is created. After the connection is established a server process is started (PGA) which interacts with the Oracle instance during this session. In a dedicated server configuration, one server process is spawned for each connected user process. In a shared server configuration, user processes are distributed among a pre-defined number of server processes.<br />
<br />
<u>BACKGROUND PROCESSES:</u><br />
<b>Database Writer (DBWn):</b> writes dirty blocks (blocks which have been modified) in the DB. buffer cache to data files.<br />
<b>Log Writer (LGWR):</b> writes from the redo log buffer cache to the redo log file (every 3 seconda, after commit...)<br />
<b>Archiver (ARCn)</b>: backs up (archives) the filled online redo log files before they can be reused again<br />
System Monitor (SMON): when the DB. is reopened after a failure, SMON does recovery (uses redo log files to update the database files)<br />
<b>Process Monitor (PMON)</b>: when a process fails PMON does clean up (rolling back transactions, releasing locks...)<br />
<br />
<b>Log Switch</b><br />
When an online redo log file is filled up, the Oracle server begins writing to the next online redo log file. The process of switching from one redo log to another is called a log switch. The archiver process (ARCn) initiates backing up (archiving) the filled log files at every log switch. It automatically archives the online redo log before the log can be reused.<br />
<br />
<b>Checkpoint (CKPT)</b><br />
An event called checkpoint occurs when the DBWn writes all the modified database buffers in the SGA, including both committed and uncommitted data, to the data files. At checkpoint the checkpoint number is written into the data file headers and into the control files. Because all the databse changes up to the checkpoint have been recorded in the datafiles, redo log entries before the checkpoint no longer need to be applied to the data files if instance recovery is required.<br />
<br />
----------------------------<br />
<br />
<b><u>Database overview</u></b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimX0MFgbQXuavFezGTzUQRHsIxJP373TDxrV2143HM-8GcOeMibUisay-hdSkLsGKcbvA9aY4mPVcN2ri8Vul4tVL1R12U6bXS4ll5-Wy7Am3_33TOO0i9HStv595zgi45a8shMaXrrBDL/s1600/a2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="376" data-original-width="515" height="291" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEimX0MFgbQXuavFezGTzUQRHsIxJP373TDxrV2143HM-8GcOeMibUisay-hdSkLsGKcbvA9aY4mPVcN2ri8Vul4tVL1R12U6bXS4ll5-Wy7Am3_33TOO0i9HStv595zgi45a8shMaXrrBDL/s400/a2.JPG" width="400" /></a></div>
<br />
The Oracle database architecture includes logical and physical structures that make up the database:<br />
<b>- physical structure</b>: control files, online redo log files, data files<br />
<b>- logical structure:</b> tablespaces, segments, extents, data blocks<br />
<br />
<u>Pysical structure:</u><br />
<b>Control file</b>: during DB creation a control file is created which contains the name of the DB, location of redo log files, timestamp....<br />
<b>Redo log files:</b> they record all changes made to data and provide a recovery mechanism. Usually they are in /oracle/SID directory.<br />
<b>Data Files:</b> Each tablespace consists of one or more files called data files. These are physical files which contain the data in the DB.<br />
<br />
<u>Logical structure:</u><br />
<b>Tablespace:</b> (one or more) datafailes can be grouped logically into tablespaces (like a vg which can have multiple disks)<br />
<b>Table:</b> the information is stored in tables, which consist of rows and columns (like an lv in the vg)<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiynRJ6j1DLc3fXC73YiTjrLpfQICB2dXJNTt2_b-9WFHWF6NcyuQttDj9P3nlkwbh1ugIgyTzGwFJlanDfR5Oxjs5Zkva1mJ2eOS1nDYSDYi_fGBD5UAOi8pT2BmGskHqKarx4loPEVw5q/s1600/a3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="399" data-original-width="515" height="309" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiynRJ6j1DLc3fXC73YiTjrLpfQICB2dXJNTt2_b-9WFHWF6NcyuQttDj9P3nlkwbh1ugIgyTzGwFJlanDfR5Oxjs5Zkva1mJ2eOS1nDYSDYi_fGBD5UAOi8pT2BmGskHqKarx4loPEVw5q/s400/a3.JPG" width="400" /></a></div>
<br />
<br />
<b>Data Blocks, Extents, Segments:</b><br />
Oracle data blocks are the smallest units of storage that the Oracle server can allocate. One data block corresponds to one or more operating system blocks allocated from an existing data file. Above the database blocks are the extents. An extent is a specific number of data blocks that is allocated to store information. When more space is needed it is allocated by extents. (Like we add one or more PPs to an LV)<br />
<br />
In a tablespace above extents the data is grouped logically into segments. For example, each table's data is stored in its own data segment, while each index's data is stored in its own index segment. Oracle allocates space for segments in extents. Therefore, when the existing extents of a segment are full, Oracle allocates another extent for that segment. Because extents are allocated as needed, the extents of a segment may or may not be contiguous on disk. The segments also can span files, but the individual extents cannot. A segment cannot span tablespaces; however, a segment can span multiple data files that belong to the same tablespace. Each segment is made up of one or more extents.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNnKn3094RPdSPLIV5mikc3mE-Zwq3iJ9HzP5w48zjGQcaXcO09wuYpTSYmhCOQPQH7uYv9N_1GBoWxXyKPNhNmVx0Nz2XovHvKUmXByHtVpPgJL4A2l_1l3wfxllaX0IljpRCH4ciaXKL/s1600/a4.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="549" data-original-width="404" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgNnKn3094RPdSPLIV5mikc3mE-Zwq3iJ9HzP5w48zjGQcaXcO09wuYpTSYmhCOQPQH7uYv9N_1GBoWxXyKPNhNmVx0Nz2XovHvKUmXByHtVpPgJL4A2l_1l3wfxllaX0IljpRCH4ciaXKL/s400/a4.JPG" width="294" /></a></div>
<br />
----------------------------<br />
<br />
<b><u>PFILE, SPFILE</u></b><br />
<br />
Oracle parameters are stored in parameter files (pfile, spfile). During start up the parameter file is used to set up Oracle parameters. PFILE is a text file and if it is modified, the instance must be shut down and restarted in order to make the new values effective. (/oracle/SID/920_64/dbs/initSID.ora) SPFILE is a binary file and it is maintained by the Oracle server. The ALTER SYSTEM COMMAND is used to change the value of instance parameters. An SPFILE is created from an initSID.ora file (PFILE) using the CREATE SPFILE command. (/oracle/SID/102_64/dbs/spfileSID.ora) By default, if you do not specify PFILE in your STARTUP command, Oracle will use server parameter file (SPFILE).<br />
<br />
----------------------------<br />
<br />
<b><u>Database Start/Stop</u></b><br />
<br />
Starting an instance includes the following tasks:<br />
-reading the initialization file in the following order: spfileSID.ora, if not found then spfile.ora, initSID.ora<br />
-allocating the SGA<br />
-starting the background processes<br />
-opening the alertSID.log<br />
<br />
<b>STARTUP command: STARTUP [FORCE] [RESTRICT] [PFILE=filename] [OPEN [RECOVER] [database] |MOUNT |NOMOUNT]</b><br />
<b>NOMOUNT<span style="white-space: pre;"> </span></b>creates the SGA and starts up the background processes but does not provide access to the db<br />
<b>MOUNT<span style="white-space: pre;"> </span></b>mounts the database for certain DBA activities but does not provide user access to the database<br />
<b>OPEN<span style="white-space: pre;"> </span></b>enables users to access the database<br />
<br />
<b>PFILE=file</b><span style="white-space: pre;"> </span>enables a nondefault parameterfile to be used to configure the instance<br />
<b>FORCE<span style="white-space: pre;"> </span></b>aborts the running instance before performing a normal startup<br />
<b>RESTRICT<span style="white-space: pre;"> </span></b>enables only users with RESTRICTED SESSION privilege to access the database<br />
<b>RECOVER<span style="white-space: pre;"> </span></b>begins media recovery when the database starts<br />
<br />
<br />
It is also possible to open the database in READ WRITE mode, in READ ONLY mode or in restricted mode (RESTRICTED SESSION)<br />
<br />
<b>SHUTDOWN command:</b><br />
<b>NORMAL </b>no new connections, wait for user disconnect, db and redo buffers written to disk, db dismounts<br />
<b>TRANSACTIONAL </b>no new transaction, transaction ends client disconnect, shutdown immediately (no recovery needed)<br />
<b>IMMEDIATE</b> no wait to finish, Oracle rolls back, disconnects clients and dismounts db (no recovery needed)<br />
<b>ABORT </b>no wait to finish, no rollback.....instance recovery neeeded, which occurs automatically<br />
<br />
--------------------------<br />
<br />
<b><u>RMAN</u></b><br />
<br />
The acronym RMAN stands for Oracle's Recovery Manager, with an emphasis on the word Recovery. Backups are worthless if you can't use them to restore lost data! RMAN is Oracle's recommended standard for database backups for any sized organization. The RMAN utility is an executable file, and its task can be automated by scripts using its command-line version.<br />
<br />
--------------------------<br />
<br />
<b><u>Relinking Executables</u></b><br />
<br />
You can relink the product executables manually by using the relink shell script located in the $ORACLE_HOME/bin directory. You must relink the product executables<br />
every time you apply an operating system patch or after an operating system upgrade. Before relinking executables, you must shut down all executables that run in the Oracle home directory that you are relinking. In addition, shut down applications linked with Oracle shared libraries. The relink script does not take any arguments.<br />
Depending on the products that have been installed in the Oracle home directory, the relink script relinks all Oracle product executables.<br />
<br />
To relink product executables, run the following command:<br />
<b>$ relink</b><br />
<br />
--------------------------<br />
<br />
<b><u>oraenv and coraenv</u></b><br />
<br />
The oraenv and coraenv scripts are created during installation. These scripts set environment variables based on the contents of the oratab file and provide a central means of updating all user accounts with database changes and a mechanism for switching between databases specified in the oratab file.<br />
<br />
The oraenv or coraenv script is usually called from the user’s shell startup file (for example, .profile or.login). It sets the ORACLE_SID and ORACLE_HOME environment variables and includes the $ORACLE_HOME/bin directory in the PATH environment variable setting. When switching between databases, users can run the oraenv or coraenv script to set these environment variables.<br />
<br />
<b>coraenv script: % source /usr/local/bin/coraenv</b><br />
<b>oraenv script: $ . /usr/local/bin/oraenv</b><br />
<br />
--------------------------<br />
<br />
<b><u>Listener</u></b><br />
<br />
There is a special process called listener, whose responsibility is to listen for incoming connection requests.<br />
There are 3 operating system configuration files under $ORACLE_HOME/network/admin:<br />
<b>listener.ora</b><span style="white-space: pre;"> </span>configures the listener<br />
<b>tnsnames.ora</b><span style="white-space: pre;"> </span>contains a list of service names<br />
<b>sqlnet.ora</b><span style="white-space: pre;"> </span>conatins client side informations (i.e: client domain...)<br />
<br />
<b>lsnrctl</b><span style="white-space: pre;"> </span>with this can start/stop the listener<br />
<br />
aix11:orap44 2> <b>lsnrctl</b><br />
...<br />
LSNRCTL> help<br />
The following operations are available<br />
An asterisk (*) denotes a modifier or extended command:<br />
<br />
start stop status<br />
services version reload<br />
save_config trace spawn<br />
change_password quit exit<br />
<br />
Oracle recommends that you reserve a port for the listener in the /etc/services file of each Oracle Net Services node on the network. The default port is 1521. The entry lists the listener name and the port number. For example: oraclelistener 1521/tcp<br />
<br />
In this example, oraclelistener is the name of the listener as defined in the listener.ora file. Reserve multiple ports if you intend to start multiple listeners.<br />
If you intend to use Secure Sockets Layer, then you should define a port for TCP/IP with Secure Sockets Layer in the /etc/services file. Oracle recommends a value of<br />
2484. For example: oraclelistenerssl 2484/tcps<br />
<br />
--------------------------<br />
<div>
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0tag:blogger.com,1999:blog-5391325129965939458.post-36143812077472796032020-04-21T12:16:00.003+02:002022-04-05T14:11:18.824+02:00POWERVC - NOVALINK<br />
<b><u>Novalink</u></b><br />
<br />
Novalink is a sort of "replacement" of the HMC. In a usual installation all Openstack services (Neutron, Cinder, Nova etc.) were running on the PowerVC host. For example the Nova service required 1 process for each Managed System:<br />
<br />
<b># ps -ef | grep [n]ova-compute</b><br />
nova 627 1 14 Jan16 ? 06:24:30 /usr/bin/python /usr/bin/nova-compute --config-file /etc/nova/nova-9117MMD_10D5555.conf --log-file /var/log/nova/nova-compute.log --log-file /var/log/nova/nova-compute-9117MMD_10D5555.log<br />
nova 649 1 14 Jan16 ? 06:30:25 /usr/bin/python /usr/bin/nova-compute --config-file /etc/nova/nova-9117MMD_65E5555.conf --log-file /var/log/nova/nova-compute.log --log-file /var/log/nova/nova-compute-9117MMD_65E5555.log<br />
nova 664 1 17 Jan16 ? 07:49:27 /usr/bin/python /usr/bin/nova-compute --config-file /etc/nova/nova-9117MMD_1085555.conf --log-file /var/log/nova/nova-compute.log --log-file /var/log/nova/nova-compute-9117MMD_1085555.log<br />
nova 675 1 19 Jan16 ? 08:40:27 /usr/bin/python /usr/bin/nova-compute --config-file /etc/nova/nova-9117MMD_06D5555.conf --log-file /var/log/nova/nova-compute.log --log-file /var/log/nova/nova-compute-9117MMD_06D5555.log<br />
nova 687 1 18 Jan16 ? 08:15:57 /usr/bin/python /usr/bin/nova-compute --config-file /etc/nova/nova-9117MMD_6575555.conf --log-file /var/log/nova/nova-compute.log --log-file /var/log/nova/nova-compute-9117MMD_6575555.log<br />
<br />
Beside the extra load, all PowerVC actions had to go through the HMC. PowerVC and HMC were single point of contact for every action, and this could cause slowness in large environments . In 2016 IBM came up with a solution, that a special LPAR on each Managed System could do all those actions what usually an HMC would do. This special LPAR is called Novalink. So it means if this special LPAR is created on all Managed Systems, then PowerVC will stop querying the HMC and will query dierctly the Novalink LPARs, where additionally some Openstack services are alos running (Nova, Neutron, Ceilometer). It is a Linux LPAR (currently Ubuntu or RHEL) which has a CLI and an API.<br />
<br />
---------------------------------------------------------------------<br />
<br />
<b><u>Novalink Install/Update</u></b><br />
<br />
+--------------------------------+ Welcome +---------------------------------+<br />
| |<br />
| Welcome to the PowerVM NovaLink Install wizard. |<br />
| |<br />
| (*) Choose to perform an installation. |<br />
| This will perform an installation of the NovaLink partition, its core |<br />
| components and REST APIs, and all needed Virtual I/O servers. |<br />
| |<br />
| ( ) Choose to repair a system. |<br />
| This will repair the system by performing a rescue/repair of existing |<br />
| Virtual I/O servers and NovaLink partitions. |<br />
| Choose this option if PowerVM is already installed but is corrupted |<br />
| or there is a failure. |<br />
| |<br />
| |<br />
| <Next> <Cancel> |<br />
| |<br />
+----------------------------------------------------------------------------+<br />
<Tab>/<Alt-Tab> between elements | <Space> selects | <F12> next screen<br />
<br />
<br />
Novalink is a standard LPAR whose I/O is provided by the VIOS (therefore no physical I/O is required) with a special permission bit to enable PowerVM Management authority. If you install the NovaLink environment on a new managed system, the NovaLink installer creates the NovaLink partition automatically. It creates the Linux and VIOS LPARs and installs the operating systems and the NovaLink software. It creates logical volumes from the VIOS rootvg for the NovaLink partition. (The VIOS installation files (extracted mksysb files from VIOS DVD iso) needs to be added to the Novalink installer manually: https://www.ibm.com/support/knowledgecenter/POWER8/p8eig/p8eig_creating_iso.htm)<br />
<br />
<br />
If you install the NovaLink software on a system that is already managed by a HMC, use the HMC to create a Linux LPAR and set the powervm_mgmt_capable flag to true. (the NovaLink partition must be granted the capability of PowerVM management)<br />
<b>$ lssyscfg -m p850 -r lpar --filter "lpar_ids=1"</b><br />
name=novalink,lpar_id=1,lpar_env=aixlinux,state=Running,resource_config=1,os_version=Unknown,logical_serial_num=211FD2A1,default_profile=default,curr_profile=default,work_group_id=none,shared_proc_pool_util_auth=0,allow_perf_collection 0,power_ctrl_lpar_ids=none,boot_mode=norm,lpar_keylock=norm,auto_start=1,redundant_err_path_reporting=0,rmc_state=active,rmc_ipaddr=129.40.226.21,time_ref0,lpar_avail_priority=127,desired_lpar_proc_compat_mode=default,curr_lpar_proc_compat_mode=POWER8,suspend_capable=0,remote_restart_capable0,simplified_remote_restart_capable=0,sync_curr_profile=0,affinity_group_id=none,vtpm_enabled=0,<b>powervm_mgmt_capable=0</b><br />
<b>$ chsyscfg -m seagull -r lpar -i lpar_id=1,powervm_mgmt_capable=1</b><br />
<br />
<u>powervm_mgmt_capable flag is valid for Linux partitions only:</u><br />
0 - do not allow this partition to provide PowerVM management functions<br />
1 - enable this partition to provide PowerVM management functions<br />
<br />
<br />
PowerVM NovaLink by default installs Ubuntu, but also supports RHEL. The installer provides an option to install RHEL after the required setup or configuration of the system completes. For easier installation of PowerVM NovaLink on multiple servers, set up a netboot (bootp) server to install PowerVM NovaLink from a network.<br />
<br />
Installation log files are in /var/log/pvm-install and the NovaLink installer creates an installation configuration file /var/log/pvm-install/novalink-install.cfg (which can be used if we need to restore Novalink partition). Updating PowerVM NovaLink is currently driven entirely through Ubuntu’s apt package system<br />
<br />
---------------------------------------------------------------------<br />
<br />
<b><u>Novalink and HMC</u></b><br />
<br />
NovaLink provides a direct connection to the PowerVM server rather than proxying through an HMC. For example a VM create request in PowerVC goes directly to NovaLink, which then communicates with PowerVM. This allows improved scalability (from 30 to 200+ servers), better performance, and better alignment with OpenStack.<br />
<br />
Hosts can be managed by NovaLink only (without HMC), or can be co-managed (Novalink and HMC together). In this co-managed setup either NovaLink or the HMC is the master. Both of them have read-access to partition configuration, but only the master can make changes to the system. Typically NovaLink will be the co-management master, however if a task has to be done from the HMC (like firmware upgrade), we can explicitly request master authority to the HMC, perform the action, and then give back the authority to NovaLink.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMQoz9s05Cey4Bjrhrs-BPKGahoLx_qZnHP6D4rSlxJPq-WWcNPt1l9pqcInpLjJ9dFnXzVEHauB3g3CMzTG6LzgIDq_9O-OxIpV6ka8Ui1XP_DY5ytt_rD1x8YYbOttjV3u2NOaIrUgzq/s1600/a1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="546" data-original-width="494" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjMQoz9s05Cey4Bjrhrs-BPKGahoLx_qZnHP6D4rSlxJPq-WWcNPt1l9pqcInpLjJ9dFnXzVEHauB3g3CMzTG6LzgIDq_9O-OxIpV6ka8Ui1XP_DY5ytt_rD1x8YYbOttjV3u2NOaIrUgzq/s400/a1.JPG" width="361" /></a></div>
<br />
<b>HMC</b>: saves the LPAR configuration in the FSP NVRAM also uses FSP lock mechanism and receives event from FSP/PHYP<br />
<b>NovaLink</b>: receives events from PHYP, it is not aware of FSP, does not receive FSP events<br />
<br />
In co-management mode there are no partition profiles. In OpenStack, the concept of a flavor is similar to profiles, and these are all managed by OpenStack, not the HMC or NovaLink. For example, you can activate a partition with the current configuration, but not with a profile.<br />
<br />
To update the firmware on a system that is managed by only NovaLink, use the ldfware command on the service partition. If the system is co-managed by NovaLink and HMC, firmware updates can be performed only from the HMC. The HMC must be set to the master mode to update the firmware. After firmware update is finished master mode can be set back to Novalink. (The current operation has to be finished before the change completes, or force option is also possible.)<br />
<br />
<u>In HMC CLI:</u><br />
<b>$ chcomgmt -m <managed_system> -o setmaster -t norm</b> <--set HMC to be master on the specified Man. Sys.<br />
<b>$ chcomgmt -m <managed_system> -o relmaster</b> <--set Novalink to be master again<br />
<br />
<u>In Novalink CLI:</u><br />
<b>$ pvmctl sys list -d master</b> <--list master (-d: display)<br />
<b>$ pvmctl <managed_system> set-master </b> <--set Novalink to be master<br />
<br />
---------------------------------------------------------------------<br />
<br />
<b><u>Novalink partition and services</u></b><br />
<br />
NovaLink is not a part of the PowerVC, but the two technologies work closely together. If NovaLink is installed on a host, even if an HMC is connected to it, PowerVC must manage that host through the NovaLink partition. The Novalink LPAR (with the installed software packages) provides Openstack services and it can perform virtualization tasks in the PowerVM/Hypervisor layer. The following OS packages are providing these functions in NovaLink:<br />
<b>-ibmvmc-dkms:</b> this is the device driver kernel module that allows NovaLink to talk to the Hypervisor<br />
<b>-pvm-core:</b> this is the base novalink package. It primarily provides a shared library to the REST server.<br />
<b>-pvm-rest-server</b>: this is the java webserver used to run the REST API service<br />
<b>-pvm-rest-app:</b> this is the REST APP that provides all the REST APIs and communicates with pvm-core<br />
<b>-pypowervm:</b> pypowervm library provides a Python-based API wrapper for interaction with the PowerVM API<br />
<b>-pvm-cli:</b> this provides the python based CLI (pvmctl)<br />
<br />
A meta package called pvm-novalink ensures dependencies between all these packages. When updating, just update pvm-novalink and it will handle the rest.<br />
<br />
NovaLink contains two system services that should always be running:<br />
<b>- pvm-core</b><br />
<b>- pvm-rest</b><br />
<br />
If you are not able to complete tasks on NovaLink, verify whether these services are running. Use the systemctl command to view the status of these services and to stop, start, and restart these services. (Generally restarting pvm-core will cause pvm-rest to also restart.)<br />
<b># systemctl status pvm-core / pvm-rest</b><br />
<b># systemctl stop pvm-core / pvm-rest</b><br />
<b># systemctl start pvm-core / pvm-rest</b><br />
<b># systemctl restart pvm-core / pvm-rest</b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkyn80k4H24drJVyyrgtKCSH1EQKrpoX5gDvIqYln93erKio0hhBvu2oeuydd9scNkfanSk9Jkc2QBOgYvFFsI4hUo5v5SAKMR9K3P-G3K2nMt5ch76sXq6-VO3Z3XIDt3Wa2_mt99HgZX/s1600/a2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="564" data-original-width="481" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgkyn80k4H24drJVyyrgtKCSH1EQKrpoX5gDvIqYln93erKio0hhBvu2oeuydd9scNkfanSk9Jkc2QBOgYvFFsI4hUo5v5SAKMR9K3P-G3K2nMt5ch76sXq6-VO3Z3XIDt3Wa2_mt99HgZX/s400/a2.JPG" width="340" /></a></div>
<br />
With these installed packages NovaLink provides 2 main services: Openstack services and Novalink Core services:<br />
<br />
<br />
<b>OpenStack Services</b><br />
<b>- nova-powervm:</b> Nova is the compute service of Openstack. This handles VM managements (creating VMs, add/remove CPU/RAM...)<br />
<b>- networking-powervm:</b> this is the network service of OpenStack (Neutron). Provides functions to manage SEA, VLANs ...<br />
<b>- ceilometer-powervm:</b> Ceilometer is the monitoring service of Openstack. Collects monitoring data for CPU, network, memory, and disk usage<br />
<br />
These services are using the pypowervm library, which is a python based library that interacts with the PowerVM REST API.<br />
<br />
<br />
<b>NovaLink Core Services </b><br />
These services are communicating with the PHYP and the VIOS, these provide direct connection to the managed system.<br />
<b>- REST API:</b> It is based on the API that is used by the HMC. It also provides a python-based software development kit.<br />
<b>- CLI</b>: It provides shell interaction with PowerVM. It is based on python as well.<br />
<br />
---------------------------------------------------------------------<br />
<br />
<b><u>RMC with PowerVM NovaLink</u></b><br />
<br />
RMC connection between NovaLink and each LPAR is routed through a dedicated internal virtual switch (mandatory name is MGMTSWITCH) and the virtual network is using the PVID 4094.<br />
<br />
It uses an IPv6 link, and VEPA mode has to be configured, so LPARs can NOT communicate directly to each other, network traffic will go out to the switch first. After it is configured correctly NovaLink and the client LPARs can communicate for DLPAR and mobility. The minimum RSCT version to use RMC with Novalink is 3.2.1.0. The management vswitch is required for LPARs deployed using PowerVC, however the HMC can continue using RMC through the existing mechanisms.<br />
<br />
The LPARs are using virtual Ethernet adapters to connect to NovaLink through a virtual switch. The virtual switch is configured to communicate only with the trunk port. An LPAR can therefore use this virtual network only to connect with the NovaLink partition. LPARs can connect with partitions other than the NovaLink partition only if a separate network is configured for this purpose.<br />
<br />
---------------------------------------------------------------------<br />
<br />
<b><u>Novalink CLI (pvmctl, viosvrcmd)</u></b><br />
<br />
The NovaLink command-line interface (CLI) is provided by the Python based pvm-cli package. It uses the pvmctl and viosvrcmd commands for most operations. Execution of the pvmctl command is logged in the file /var/log/pvm/pvmctl.log and commands can only be executed by users who are in the pvm_admin group. The admin user (i.e. padmin) is added automatically to the group during installation.<br />
<br />
<b><u>pvmctl</u></b><br />
<br />
It runs operations against an object: pvmctl OBJECT VERB<br />
<br />
<u>Supported OBJECT types:</u><br />
ManagedSystem (sys)<br />
LogicalPartition (lpar or vm)<br />
VirtualIOServer (vios)<br />
SharedStoragePool (ssp)<br />
IOSlot (io)<br />
LoadGroup (lgrp)<br />
LogicalUnit (lu)<br />
LogicalVolume (lv)<br />
NetworkBridge (nbr or bridge)<br />
PhysicalVolume (pv)<br />
SharedEthernetAdapter (sea)<br />
VirtualEthernetAdapter (vea or eth)<br />
VirtualFibreChannelMapping (vfc or vfcmapping)<br />
VirtualMediaRepository (vmr or repo)<br />
VirtualNetwork (vnet or net)<br />
VirtualOpticalMedia (vom or media)<br />
VirtualSCSIMapping (scsi or scsimapping)<br />
VirtualSwitch (vswitch or vsw)<br />
<br />
<u>Supported operations (VERB) example:</u><br />
l<b>ogicalpartition (vm,lpar) supported operations</b>: create, delete, list, migrate, migrate-recover, migrate-stop, power-off, power-on, restart, update<br />
<b>IOSlot (io) supported operations</b>: attach, detach, list<br />
<br />
---------------------------------------------------------------------<br />
<br />
<b><u>pvmctl listing objects</u></b><br />
<br />
<b>$ pvmctl lpar list</b><br />
Logical Partitions<br />
+----------+----+----------+----------+----------+-------+-----+-----+<br />
| Name | ID | State | Env | Ref Code | Mem | CPU | Ent |<br />
+----------+----+----------+----------+----------+-------+-----+-----+<br />
| novalink | 2 | running | AIX/Lin> | Linux p> | 2560 | 2 | 0.5 |<br />
| pvc | 3 | running | AIX/Lin> | Linux p> | 11264 | 2 | 1.0 |<br />
| vm1 | 4 | not act> | AIX/Lin> | 00000000 | 1024 | 1 | 0.5 |<br />
+----------+----+----------+----------+----------+-------+-----+-----+<br />
<br />
<b>$ pvmctl lpar list --object-id id=2</b><br />
Logical Partitions<br />
+----------+----+---------+-----------+---------------+------+-----+-----+<br />
| Name | ID | State | Env | Ref Code | Mem | CPU | Ent |<br />
+----------+----+---------+-----------+---------------+------+-----+-----+<br />
| novalink | 2 | running | AIX/Linux | Linux ppc64le | 2560 | 2 | 0.5 |<br />
+----------+----+---------+-----------+---------------+------+-----+-----+<br />
<br />
<b>$ pvmctl lpar list -d name id state --where LogicalPartition.state=running</b><br />
name=novalink,id=2,state=running<br />
name=pvc,id=3,state=running<br />
<br />
<b>$ pvmctl lpar list -d name id state --where LogicalPartition.state!=running</b><br />
name=vm1,id=4,state=not activated<br />
name=vm2,id=5,state=not activated<br />
<br />
---------------------------------------------------------------------<br />
<br />
<b><u>pvmctl creating objects:</u></b><br />
<br />
<u>creating an LPAR:</u><br />
<b>$ pvmctl lpar create --name vm1 --proc-unit .1 --sharing-mode uncapped --type AIX/Linux --mem 1024 --proc-type shared --proc 2</b><br />
$ pvmctl lpar list<br />
Logical Partitions<br />
+-----------+----+-----------+-----------+-----------+------+-----+-----+<br />
| Name | ID | State | Env | Ref Code | Mem | CPU | Ent |<br />
+-----------+----+-----------+-----------+-----------+------+-----+-----+<br />
| novalink> | 1 | running | AIX/Linux | Linux pp> | 2560 | 2 | 0.5 |<br />
| vm1 | 4 | not acti> | AIX/Linux | 00000000 | 1024 | 2 | 0.1 |<br />
+-----------+----+-----------+-----------+-----------+------+-----+-----+<br />
<br />
<br />
<u>creating a virtual ethernet adapter:</u><br />
<b>$ pvmctl vswitch list</b><br />
Virtual Switches<br />
+------------+----+------+---------------------+<br />
| Name | ID | Mode | VNets |<br />
+------------+----+------+---------------------+<br />
| ETHERNET0 | 0 | Veb | VLAN1-ETHERNET0 |<br />
| MGMTSWITCH | 1 | Vepa | VLAN4094-MGMTSWITCH |<br />
+------------+----+------+---------------------+<br />
<br />
<b>$ pvmctl vea create --slot 2 --pvid 1 --vswitch ETHERNET0 --parent-id name=vm1</b><br />
<br />
<b>$ pvmctl vea list</b><br />
Virtual Ethernet Adapters<br />
+------+------------+------+--------------+------+-------+--------------+<br />
| PVID | VSwitch | LPAR | MAC | Slot | Trunk | Tagged VLANs |<br />
+------+------------+------+--------------+------+-------+--------------+<br />
| 1 | ETHERNET0 | 1 | 02224842CB34 | 3 | False | |<br />
| 1 | ETHERNET0 | 4 | 1A05229C5DAC | 2 | False | |<br />
| 1 | ETHERNET0 | 2 | 3E5EBB257C67 | 3 | True | |<br />
| 1 | ETHERNET0 | 3 | 527A821777A7 | 3 | True | |<br />
| 4094 | MGMTSWITCH | 1 | CE46F57C513F | 6 | True | |<br />
| 4094 | MGMTSWITCH | 2 | 22397C1B880A | 6 | False | |<br />
| 4094 | MGMTSWITCH | 3 | 363100ED375B | 6 | False | |<br />
+------+------------+------+--------------+------+-------+--------------+<br />
<br />
---------------------------------------------------------------------<br />
<br />
<b><u>pvmctl updating/deleting objects</u></b><br />
<br />
<u>Update the desired memory on vm1 to 2048 MB:</u><br />
<b>$ pvmctl lpar update –i name=vm1 –-set-fields PartitionMemoryConfiguration.desired=2048 </b><br />
<b>$ pvmctl lpar update –i id=2 –s PartitionMemoryConfiguration.desired=2048</b><br />
<br />
<br />
<u>Delete an LPAR:</u><br />
<b>$ pvmctl lpar delete -i name=vm4</b><br />
[PVME01050010-0056] This task is only allowed when the partition is powered off.<br />
<b>$ pvmctl lpar power-off -i name=vm4</b><br />
Powering off partition vm4, this may take a few minutes.<br />
Partition vm4 power-off successful.<br />
<b>$ pvmctl lpar delete -i name=vm4</b><br />
<br />
---------------------------------------------------------------------<br />
<br />
<b><u>Additional commands</u></b><br />
<br />
<b>$ pvmctl vios power-off -i name=vios1</b> <--shutdown VIOS<br />
<b>$ pvmctl lpar power-off –-restart name=vios1</b> <--restart LPAR<br />
<br />
<b>$ mkvterm –m sys_name –p vm1 </b> <--open a console<br />
<br />
---------------------------------------------------------------------<br />
<br />
<b><u>viosvrcmd</u></b><br />
<br />
viosvrcmd runs VIOS commands from Novalink LPAR on the specified VIO server. The underlying RMC is used to pass over the viosvrcmd command to the VIO server.<br />
<br />
<u>An example: </u><br />
Allocating a logical unit from an existing SSP on the VIOS at partition id 2. The allocated logical unit is then mapped to a virtual SCSI adapter in the target LPAR.<br />
<br />
<b>$ viosvrcmd --id 2 -c "lu -create -sp pool1 -lu vdisk_vm1 -size 20480"</b> <--create a Logical Unit on VIOS (vdisk_vm1)<br />
Lu Name:vdisk_vm1<br />
Lu Udid:955b26de3a4bd643b815b8383a51b718<br />
<br />
<b>$ pvmctl lu list</b><br />
Logical Units<br />
+-------+-----------+----------+------+------+-----------+--------+<br />
| SSP | Name | Cap (GB) | Type | Thin | Clone | In use |<br />
+-------+-----------+----------+------+------+-----------+--------+<br />
| pool1 | vdisk_vm1 | 20.0 | Disk | True | vdisk_vm1 | False |<br />
+-------+-----------+----------+------+------+-----------+--------+<br />
<br />
<b>$ pvmctl scsi create --type lu --lpar name=vm1 --stor-id name=vdisk_vm1 --parent-id name=vios1</b><br />
<br />
---------------------------------------------------------------------<br />
<br />
<b><u>Backups</u></b><br />
<br />
PowerVM NovaLink automatically backs up hypervisor (LPAR configurations) and VIOS configuration data by using cron jobs. Backup files are stored in the /var/backups/pvm/SYSTEM_MTMS/ directory. VIOS configuration data is copied from the VIOS (/home/padmin/cfgbackups) to Novalink.<br />
<br />
<b>$ ls –lR /var/backups/pvm/8247-21L*03212E3CA</b><br />
-rw-r----- 1 root pvm_admin 2401 Jun 1 00:15 system_daily_01.bak<br />
-rw-r----- 1 root pvm_admin 2401 May 30 00:15 system_daily_30.bak<br />
-rw-r----- 1 root pvm_admin 2401 May 31 00:15 system_daily_31.bak<br />
-rw-r----- 1 root pvm_admin 2401 Jun 1 01:15 system_hourly_01.bak<br />
-rw-r----- 1 root pvm_admin 2401 Jun 1 02:15 system_hourly_02.bak<br />
-rw-r----- 1 root pvm_admin 4915 Jun 1 00:15 vios_2_daily_01.viosbr.tar.gz<br />
-rw-r----- 1 root pvm_admin 4914 May 30 00:15 vios_2_daily_30.viosbr.tar.gz<br />
-rw-r----- 1 root pvm_admin 4910 May 31 00:15 vios_2_daily_31.viosbr.tar.gz<br />
-rw-r----- 1 root pvm_admin 4911 Jun 1 00:15 vios_3_daily_01.viosbr.tar.gz<br />
-rw-r----- 1 root pvm_admin 4911 May 30 00:15 vios_3_daily_30.viosbr.tar.gz<br />
-rw-r----- 1 root pvm_admin 4910 May 31 00:15 vios_3_daily_31.viosbr.tar.gz<br />
-rw-r----- 1 root pvm_admin 4909 Jun 1 01:15 vios_3_hourly_01.viosbr.tar.gz<br />
-rw-r----- 1 root pvm_admin 4909 Jun 1 02:15 vios_3_hourly_02.viosbr.tar.gz<br />
<br />
<u>The hypervisor (partition configuration) backup can be manually initiated by using the bkprofdata command:</u><br />
<b>$ sudo bkprofdata –m gannet –o backup</b><br />
<b>$ ls –l /etc/pvm</b><br />
total 8<br />
drwxr-xr-x 2 root root 4096 May 26 17:32 data<br />
-rw-rw---- 1 root root 2401 Jun 2 17:05 profile.bak<br />
<b>$ cat /etc/pvm/profile.bak</b><br />
FILE_VERSION = 0100<br />
CONFIG_VERSION = 0000000000030003<br />
TOD = 1464901557123<br />
MTMS = 8247-21L*212E3CA<br />
SERVICE_PARTITION_ID = 2<br />
PARTITION_CONFIG =<br />
lpar_id\=1,name\=novalink_212E3CA,lpar_env\=aixlinux,mem_mode\=ded,min_mem\=2048,desired_mem\=2560,max_mem\=16384,hpt_ratio\=6,mem_expansion\=0.00,min_procs\=1,desired_procs\=2,max_procs\=10,proc_mode\=shared,shared_proc_pool_id\=0,sharing_mode\=uncap,min_proc_units\=0.05,desired_proc_units\=0.50,max_proc_units\=10.00,uncap_weight\=128,allow_perf_collection\=0,work_group_id\=none,io_slots\=2101001B/none/0,"virtual_eth_adapters\=3/1/1//0/0/0/B2BBCA66F6F1/all/none,6/1/4094//1/0/1/EA08E1233F8A/all/none","virtual_scsi_adapters\=4/client/2/vios1/2/0,5/client/3/vios2/2/0",auto_start\=1,boot_mode\=norm,max_virtual_slots\=2000,lpar_avail_priority\=127,lpar_proc_compat_mode\=default<br />
PARTITION_CONFIG =<br />
lpar_id\=2,name\=vios1,lpar_env\=vioserver,mem_mode\=ded,min_mem\=1024,desired_mem\=4096,max_mem\=16384,hpt_ratio\=6,mem_expansion\=0.00,min_procs\=2,desired_procs\=2,max_procs\=64,proc_mode\=shared,shared_proc_pool_id\=0,sharing_mode\=uncap,min_proc_units\=0.10,desired_proc_units\=1.00,max_proc_units\=10.00,uncap_weight\ 255,allow_perf_collection\=0,work_group_id\=none,"io_slots\=21010013/none/0,21030015/none/0,2104001E/none/0","virtual_eth_adapters\=3/1/1//1/0/0/36BACB2677A6/all/none,6/1/4094//0/0/1/468CA1242EC8/all/none",virtual_scsi_adapters\=2/server/1/novalink_212E3CA/4/0,auto_start\=1,boot_mo<br />
...<br />
...<br />
<br />
<br />
<u>The VIOS configuration data backup can be manually initiated by using the viosvrcmd –id X –c “viosbr” command:</u><br />
<b>$ viosvrcmd –-id 2 –c “viosbr –backup –file /home/padmin/cfgbackups/vios_2_example.viosbr”</b><br />
Backup of this node (gannet2.pbm.ihost.com.pbm.ihost.com) successful<br />
<b>$ viosvrcmd --id 2 -c "viosbr -view -file /home/padmin/cfgbackups/vios_2_example.viosrb.tar.gz"</b><br />
<br />
<br />
<b>$ viosvrcmd –-id X –c “backupios –cd /dev/cd0 –udf -accept”</b> <--creates bootable media<br />
<b>$ viosvrcmd –-id X –c “backupios –file /mnt [-mksysb]” </b> <--for NIM backup on NFS (restore with installios (or mksysb)<br />
<b>$ viosvrcmd –-id X –c “backupios –file /mnt [-mksysb] [-nomedialib]”</b> <--exclude optical media<br />
<br />
---------------------------------------------------------------------<br />
<div>
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0tag:blogger.com,1999:blog-5391325129965939458.post-17827400965918349262020-04-14T19:19:00.001+02:002022-04-05T14:10:36.508+02:00DEVOPS - GIT<b><u>Git Basics</u></b><br />
<br />
The purpose of Git is to keep track of the changes, which have been made on files. In more official wording: Git is a distributed version control system. Version Control System can be any software that records changes to files over time so that you can recall specific versions later. It helps software teams to keep track of modifications to the source code. If a mistake is made, developers can turn back the clock and compare earlier versions of the code to help fix the mistake. (Git was created by Linus Torvalds in 2005 to help during the development of the Linux Kernel with other kernel developers.)<br />
<br />
Git is distributed, which means everyone has a local copy of all the files, so they can work independently of a central server. (In opposite, a Central Version Control system is located in one place, and people can check out from the central location, make changes and check everything back in.)<br />
<br />
When someone completes a task, he needs to do a commit. Commit is a snapshot of the state of your files, plus some metadata (such as who made the commit and when, with a comment, and a pointer to the previous commits). Every time you commit, or save the state of your project, Git basically takes a picture of what all your files look like at that moment and stores a reference to that snapshot. As time goes by, each commit is pointing to its parent to keep track all the changes that have been made:<br />
<br />
Arrows are identifying a commit's parent (pointing to the left)<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj14HjR1Aiac14HAdoalRC8v9stVMkSMT-6Dc3rAf34dhBC91QQAFnVPEKY40JW5hN6AFGfmyQWoxOPKLpqw-pcoG3GqNEtJ1dICqFo86S5bs6IKDn5kqWvDM-U0yOeEfl36lLLVmFZYyQ8/s1600/a3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="195" data-original-width="427" height="182" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj14HjR1Aiac14HAdoalRC8v9stVMkSMT-6Dc3rAf34dhBC91QQAFnVPEKY40JW5hN6AFGfmyQWoxOPKLpqw-pcoG3GqNEtJ1dICqFo86S5bs6IKDn5kqWvDM-U0yOeEfl36lLLVmFZYyQ8/s400/a3.JPG" width="400" /></a></div>
<br />
<br />
<u>Some terminology:</u><br />
-<b>repository </b>- this is where git stores all details, metadata which is needed for tracking (.git directory in the project dir)<br />
-<b>commit </b>- record changes to the repository (the local one)<br />
-<b>branch </b>- like in a tree, another path is taken in the main line of development, so the main line keeps untouched<br />
-<b>merge </b>- will take the independent lines of development (branches) and integrate them into a single branch<br />
-<b>master </b>- the repository’s main branch, usually other branches are checked out from this<br />
-<b>clone </b>- copies an existing git repository, which we don't have, (it is usually used only once)<br />
-<b>fetch </b>- downloads commits, files ...from a remote repository into your local repo and updates that local copy<br />
-<b>pull </b>- fetch (download) content from a remote repository and update local repository. (git fetch followed by git merge)<br />
-<b>push </b>- is used to submit the code to a remote repository<br />
-<b>head </b>- is a reference which points to the last commit we have made.<br />
-<b>checkout </b>- switch to another branch. To prepare working on a branch. (Pointing the head to that branch)<br />
<br />
----------------------------------------------<br />
<br />
<b><u>Repository (.git directory)</u></b><br />
<br />
Git stores all necessary information, metadata (which is needed to track all changes) in a data structure called a repository. The Git repository is in the same directory as the project itself, in a subdirectory called .git. You can obtain a Git repository in one of two ways:<br />
<br />
<b>1. You can take a local directory that is currently not under version control, and turn it into a Git repository.</b><br />
You can go to any directory and use the command: git init. This creates a new subdirectory named .git that contains all of your necessary repository files. At this point, nothing in your project is tracked yet. If you want to start version-controlling existing files , you need to track those files (with git add) and do an initial commit (git commit).<br />
<br />
<b>2. You can clone an existing Git repository from elsewhere.</b><br />
If you want to get a copy of an existing Git repository, "git clone" needs to be used. Then Git receives a full copy of all data that the server has. Every version of every file for the history of the project is pulled down by default<br />
<br />
<b>git clone <url> </b> <--clone a repository to the current directory<br />
<b>git clone <url> <new name> </b> <--clone the repository into a directory named something other<br />
<br />
----------------------------------------------<br />
<br />
<b><u>Working with Git</u></b><br />
<br />
During our work in Git (using specific Git commands) our files can be in different states:<br />
-<b>Committed</b>: It means that the data is safely stored in your local database.<br />
-<b>Staged</b>: It means that you have marked a modified file in its current version to go into your next commit.<br />
-<b>Modified</b>: It means that you have changed the file but have not committed it to your database yet.<br />
<br />
<u>The basic Git workflow goes something like this: </u><br />
You switch to the project you would like to work with command: git checkout. The you start to work in your working directory and modify files there. After finishing some work, you mark the files you have been worked on with command: git add. This will stage those files to be part of the next commit. In other words it will add those changes (files) to the staging area. After that when you do a commit, it will take the files as they are in the staging area and stores that snapshot permanently to your Git directory.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKkAUBYbsL1Cs9Wm_-rjqTV4eGRrD6s6leudcG35YuxaVgxId4pZKax_QHaSQ_MBMlW3WFnuIvSCPQ8o9fYaeU6HPqc_0lahJyN9P9HETEhHV65433I7_-ZH7MoJZVzSXPcnWpiHHAbbwN/s1600/a4.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="301" data-original-width="552" height="217" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKkAUBYbsL1Cs9Wm_-rjqTV4eGRrD6s6leudcG35YuxaVgxId4pZKax_QHaSQ_MBMlW3WFnuIvSCPQ8o9fYaeU6HPqc_0lahJyN9P9HETEhHV65433I7_-ZH7MoJZVzSXPcnWpiHHAbbwN/s400/a4.JPG" width="400" /></a></div>
<br />
The .git directory is where Git stores the metadata and object database for your project. This is the most important part of Git, and it is what is copied when you clone a repository from another computer. If a particular version of a file is in the Git directory, it’s considered committed.<br />
<br />
The staging area is a file, generally contained in your .git directory, that stores information about what will go into your next commit. If a file has been modified and was added to the staging area (with the command git add), it is staged.<br />
<br />
The working directory (sometimes it is called working tree) is a single checkout of one version of the project. These files are pulled out of the compressed database in the Git directory and placed on disk for you to use or modify.<br />
<br />
Everything in Git is check-summed before it is stored (committed) and is then referred to by that checksum. This means it’s impossible to change the content of a file or directory without Git knowing about it. The mechanism that Git uses for this checksumming is called a SHA-1 hash. This is a 40-character string.<br />
<br />
----------------------------------------------<br />
<br />
<b><u>Starting to work with git</u></b><br />
<br />
After install (like yum install git) some configuration is needed, for example to add your name to the checkouts and changes.<br />
Config details can be seen by "git config --list" and changing configs can be done:<br />
<br />
<b>git config --global user.name "<user name>"</b><br />
<b>git config --global user.email "<user email>"</b><br />
<br />
<u>After that we can start to initialize a directory to be tracked by git:</u><br />
1. go to the directory you would like to track<br />
2. git init (it will create a .git directory which contains all details needed for tracking)<br />
3. git status (show status of files if those are up to date, tracked etc..)<br />
<br />
If there are files we don't want to track create .gitignore file:<br />
<b># vi .gitignore:</b><br />
.filename<br />
*.filename<br />
<br />
If this file exists "git status" will not show that file.<br />
<br />
----------------------------------------------<br />
<br />
<b><u>Adding files to Staging area</u></b><br />
<br />
When a new file is created it is not tracked automatically by Git. Git needs to be informed directly to track that file with git add. If you modify the file after you run git add, you have to run git add again to stage the latest version of the file. Otherwise the version when it was when you last ran the git add command will go into the commit, not the version of the file as it looks now.<br />
<br />
This message can pop up in this case: “Changes not staged for commit”:<br />
It means that a file that is tracked has been modified in the working directory but not yet staged. To stage it, you need to the git add command, which is a multipurpose command. You use it to begin tracking new files, to stage files, and to do other things. It may be helpful to think of it more as "add precisely this content to the next commit"<br />
<br />
----------------------------------------------<br />
<br />
<b><u>Committing files:</u></b><br />
<br />
When your staging area is set up, you can commit your changes. The usage is, git commit -m "Some message". If -m is omitted an editor will be popped up to put commit message there. With the commit, which will do a snapshot of the actual state of the staged files, these things will be saved: who did the commit, commit date, what SHA-1 checksum the commit has, what is the commit message etc.<br />
(The commit records the snapshot you set up in your staging area. Anything you didn’t stage is still sitting there modified.)<br />
<br />
<b>1. git add -A</b> <--add everything to the staging area<br />
<b>2. git status</b> <--show the status<br />
<b>3. git diff </b> <--shows changes made to the code<br />
<b>3. git commit -m "message"</b> <--committing files in the staging area (adds file to the repository)<br />
<b>4. git log</b> <-- will show the commit what we made (hash number, name , date, message)<br />
<br />
(git commit command commits only to the local branch we are working on and has no effect on other local branches, and it has no effect on remote repository as well)<br />
<br />
----------------------------------------------<br />
<br />
<b><u>Commands:</u></b><br />
<br />
<b>git config --help </b> <--help<br />
<b>git --version</b> <--check version<br />
<b>git init </b> <--turn a directory into git repository (.git subdir is added with metadata)<br />
<b>rm -rf .git </b> <--stop git tracking that directory by git (remove .git subdirectory)<br />
<b>.gitignore</b> <--this file contains all the files which will be ignored from git<br />
<br />
<b>git status </b> <--show the actual status of the working dir<br />
<b>git log </b> <--shows commit history with hashes, dates, messages<br />
<b>git log --stat </b> <--shows which files have been changed and part of the commit<br />
<b>git reflog</b> <--shows in order check-outs, commits, resets<br />
<br />
<b>git add <file> </b> <--adds a files to tracking (or if it is tracked puts in staging, which is needed before commit)<br />
<b>git add -A</b> <--adds all files in current dir for tracking or to the staging area (git add . is the same)<br />
<b>git mv <file_old> <file_new></b> <--rename a file in Git<br />
<br />
<b>git rm --cached <file> </b> <--remove a file from git tracking (keeps the file on your hard drive but Git will not track)<br />
<b>git rm <file> </b> <--remove a file from git tracking and from working dir (deletes from hard drive)(commit is needed)<br />
<b>git rm -f <file> </b> <--if file is already added to staging area, then -f option (force) is needed for removal<br />
<br />
<b>git reset <filename> </b> <--remove files from the staging area, unstaging a staged file<br />
<b>git reset </b> <--will remove everything from the staging area<br />
<b><br /></b>
<b>git commit -m "<message>" </b> <--commit with a message<br />
<b>git commit --amend -m "new message" </b> <--change commit message to a new message<br />
<b>git commit --amend</b> <--if we missed a file from last commit and want that to be part of that last commit<br />
(it brings up a vi editor, just save it: wq)<br />
<br />
<b>git branch </b> <--list all local branches (* will show which branch we are currently working on)<br />
<b>git branch --merged </b> <--lists the branches that have been merged already<br />
<b>git branch -a </b> <--lists all the branches of the repository (not only locally, remotely as well)<br />
<b>git branch -r </b> <--lists all remote branches<br />
g<b>it branch <new branch name></b> <--create a branch<br />
<b>git branch -d <branch> </b> <--deletes branch locally<br />
<br />
<b>git checkout <branch name> </b> <--changing to the given branch (so we that given branch<br />
<b>git checkout --<filename></b> <--if a file is modified and we want to dismiss modifications and go back to the original state<br />
<br />
----------------------------------------------<br />
<b><br /></b>
<b>git remote </b> <--lists remote servers you have configured (shortname)<br />
<b>git remote -v </b> <--shows you the URLs that Git has stored for the shortname<br />
<b>git remote show <remote></b> <--show more information about a particular remote<br />
<br />
<b>git remote add <shortname> <url> </b> <--add a new remote Git repository as a shortname to reference<br />
<b>git remote add origin <url></b> <--will create new remote (called origin) located at the specified link<br />
<b>git remote rename <current> <new></b> <--change a remote’s shortname from <current> to <new><br />
<b>git remote remove <remote></b> <--remove a remote<br />
<br />
<b>git clone <url> <where to clone></b> <-- clone remote repository to given location<br />
<b>git clone ../remote_repo.git . </b> <--cloning example<br />
<br />
If you clone a repository, the command automatically adds that remote repository under the name "origin". So, "git fetch origin" fetches any new work that has been pushed to that server since you cloned (or last fetched from) it. (git fetch will not do merge, just download the data)<br />
<br />
If your current branch is set up to track a remote branch, you can use the git pull command to automatically fetch and then merge that remote branch into your current branch. By default, the git clone command automatically sets up your local master branch to track the remote master branch on the server you cloned from. Running git pull fetches data from the server you originally cloned from and automatically tries to merge it into the code you’re currently working on.<br />
<br />
<b>git fetch <remote></b> <--get data from a remote project, it pulls down all the data from that remote project<br />
<b>git pull</b> <--it is a combination of 2 comands: git fetch + git merge<br />
<b>git pull origin master </b> <--pulls any changes since the last time we have pulled from a repository<br />
<br />
<b>git push origin master</b> <-- push your master branch to your origin server<br />
<b>git push <remote> <branch> </b> <--submit branch to the remote repository<br />
<b>git push -u origin <branch name></b> <--- -u is doing association between origin and our branch<br />
<br />
----------------------------------------------<br />
<br />
<b>git diff <file></b> <--shows what exactly has been changed in given file<br />
<b>git diff <hash1> <hash2> </b> <--show difference between hashes<br />
<b>git diff <source_branch> <target_branch></b> <--doing a preview before a merge<br />
<b>git revert </b> <--will revert everything ???<br />
<br />
<b>git tag </b> <--showing tags (these are the versions which are added to commits)<br />
<b>git tag -a v1.0 -m "Version 1.0 release" </b> <--point to the current release<br />
<br />
----------------------------------------------<br />
<br />
<b><u>Fixing (undoing) a commit (git commit --amend):</u></b><br />
(Committing accidentally too early and possibly forget to add some files, or we mess up our commit message.)<br />
<br />
If we did a commit and then realize we forgot to stage the changes in a file we wanted to add to this commit, then we can use "git commit --amend" to fix this:<br />
<b>1. git commit -m "<initial commit>"</b><br />
<b>2. git add <forgotten file></b><br />
<b>3. git commit --amend</b><br />
<br />
The second commit replaces the first, as a result we end up with a single commit, and the earlier commit will not show up in the repository history<br />
<br />
This command takes the staging area and uses it for the commit. If there are no changes since the last commit (if we run this command immediately after a commit) then only the commit message can be changed. A commit-message editor pops up, which already contains the message of our previous commit, which we can change and save.<br />
<br />
-----------------------------------------------------<br />
<br />
<b><u>Branch and Merge:</u></b><br />
<br />
<u>Branch:</u><br />
<b>1. git branch </b> <--shows how many branches we have (* shows which branch we are currently on)<br />
<b>2. git branch <name> </b> <--create a new branch<br />
<b>3. git checkout <branch></b> <--switch to the given branch<br />
<b>4. do some work there</b><br />
<br />
<u>Merging a branch to master (locally and remotely)</u><br />
(All merging is done into the branch where you are.)<br />
<br />
<b>1. git checkout master </b> <--switch to our master branch<br />
<b>2. git pull origin master </b> <--pull the changes down to make sure if there were any changes by others we have those<br />
<b>3. git branch --merged </b> <--lists the branches that have been merged already (our branch is not on the list)<br />
<b>4. git merge <branch name> </b> <--merge given branch to where we are (currently it is master)<br />
<br />
After merging branch to the master (local), these changes can be pushed to the remote master:<br />
<b>git push origin master </b> <--all these changes are pushed to the master on the remote repository<br />
<br />
-----------------------------------------------------<br />
<b><u><br /></u></b>
<b><u>Deleting a branch</u></b><br />
<br />
After we finished merging our branch, that feature is done and we can delete that branch:<br />
<b>1. git branch --merged </b> <--just to double check everything was successfully merged<br />
<b>2. git branch -d <branch> </b> <--deletes branch locally<br />
<br />
If we pushed that branch to the remote repository, we can delete from there as well:<br />
<b>git branch -a </b> <--list branches (our local branch is not there anymore, but we still have on remote repository)<br />
<b>git push origin --delete <branch></b> <--to delete a branch on remote repository<br />
<br />
-----------------------------------------------------<br />
<b><u><br /></u></b>
<b><u>Fixing an accidental commit to a wrong branch:</u></b><br />
(moving a commit to another branch)<br />
<br />
<b>1. git log </b> <--check the hash of the commit you want to move (only first 6-8 characters)<br />
<b>2. git checkout <branch> </b> <--switch to the branch (you can check git log again)<br />
<b>3. git cherry-pick <hash></b> <--it will bring over the given commit to the branch where I am<br />
<br />
We still have the commit on the master branch (cherry-pick will not delete that). To delete that from the master branch:<br />
<b>4. git checkout master</b> <--switch to master branch<br />
<b>5. git log </b> <--check hash and commits<br />
<b>6. git reset …</b>. <--reset back a specified commit, it has 3 types (soft, mixed, hard):<br />
<b>git reset --soft <hash></b> <--reset back a commit, but will keep files in staging area<br />
<b> git reset --mixed <hash></b> <--(default) it is same as soft, but files will be not in staging area, instead in the working dir<br />
<b> git reset --hard <hash></b> <--reset all tracked file to the state that they were (it leaves any untracked file there)<br />
<b>7. git clean -df </b> <--after git reset, get rid of any untracked directories (-d) and untracked file (-f)<br />
<br />
-----------------------------------------------------<br />
<div>
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0tag:blogger.com,1999:blog-5391325129965939458.post-53529159736052220772020-04-14T17:01:00.004+02:002022-04-05T14:10:10.756+02:00DEVOPS - RH 6,7 INSTALL<b><u>Red Hat - Netboot and Install from NIM server</u></b><br />
<br />
A NIM server can boot up and install AIX servers from network using TFTP, BOOTP protocols. As other operating systems are using these same protocols for network boot (and install), our NIM server could be utilized for network booting and installing RHEL 6 or 7 servers as well. The process is basically the same on each environment, but the setup and configuration is different for AIX, RHEL 6 and RHEL 7. (In the Linux world there are many other methods to achieve this, like a Kickstart server, here wanted to show that NIM server is capable of doing these tasks.)<br />
<br />
<u>RHEL 6:</u><br />
After network boot is started (tftp, bootp) the first reference on NIM is the /etc/yaboot.conf file, which points to a kickstart file (ks.cfg), which does the automatic install. For initiating a network boot we will use a fixed IP (172.23.72.15), but later during kickstart we will use dhcp (as it did not work with static ip, just with a local cdrom install) ks.cfg is configured to download install packages by HTTP (I tested with NFS and FTP but it did not really worked.)<br />
<br />
<u>RHEL 7:</u><br />
Similar as above, just after network boot, /boot/grub/powerpc-ieee1275/grub.cfg file is used, this points to the kickstart config file as well.<br />
<br />
<br />
<u>Some additional details found on internet:</u><br />
RHEL7 has moved to Grub2 as the boot loader, so there are a few things that are different... The biggest thing is that Grub2 will look for it's configuration in /boot on the TFTP server (not /etc like Yaboot does). RHEL7 is also smarter on NFS versions, so you shouldn't have to specify the version if using version 3 like you do on RHEL 6.<br />
<br />
The Yaboot binary automatically looks for /etc in the TFTP directory. Since AIX doesn't chroot TFTP, you have to put things were Yaboot can find it. Similarly, if you are using Grub2 from and AIX boot system, it will look in /boot/grub2 for things it needs when network booting.<br />
<br />
<br />
<u>These steps will show how to install RH6 and RH7 servers via network from NIM:</u><br />
1. HTTP access<br />
2. Copy data from DVD<br />
3. /etc/bootptab<br />
4. Boot config files<br />
5. /etc/tftpaccess.ctl<br />
6. Kickstart file<br />
7. Netboot<br />
<br />
All the configuration will be done on the NIM server. A RH LPAR has been created earlier (same LPAR can be used for RH6 or RH7 install) and a fixed IP is reserved for this purpose:<br />
172.23.72.15 - IP configured initially on RH for netboot<br />
172.23.74.4 - IP of NIM server<br />
172.23.72.1 - gateway<br />
255.255.248.0 - subnet mask<br />
<br />
----------------------------------------<br />
<br />
<b><u>1. HTTP access:</u></b><br />
<br />
During installation we will use HTTP, so on our NIM server a webserver has been installed (Apache) and in httpd.conf this was needed to add at the end:<br />
<br />
# vi /opt/freeware/etc/httpd/conf/httpd.conf<br />
#RHEL image creation<br />
Alias /export "/export/"<br />
<Directory "/export/"><br />
Options Indexes FollowSymLinks Includes MultiViews<br />
Require all granted<br />
</Directory><br />
<br />
<br />
After that stop/start:<br />
# /etc/rc.d/init.d/httpd start<br />
# /etc/rc.d/init.d/httpd stop<br />
<br />
----------------------------------------<br />
<br />
<b><u>2. Copy data from DVD</u></b><br />
<br />
On the NIM server we need to copy the whole content of the RH DVD iso to a direrctory:<br />
(this directory will be used during OS installation to install all the packages via http)<br />
<br />
# loopmount….<br />
# cp -prh /mnt /export/nim/rhel_6.10_ppc64<br />
# cp -prh /mnt /export/nim/rhel_7.6_ppc64<br />
<br />
<br />
For network boot we need to copy additional files from DVD, but there is a difference between RH6 and RH7, what files are needed on which locations:<br />
<br />
<u><b>RHEL 6:</b></u><br />
- copy yaboot.conf from iso: /ppc/ppc64/yaboot.conf to /etc/yaboot.conf on NIM<br />
- copy vmlinux (linux kernel) and initrd.img under /tftpboot directory<br />
<span style="white-space: pre;"> </span># mkdir -p /tftpboot/rhel6_ppc64<br />
<span style="white-space: pre;"> </span># cp /export/nim/rhel_6.10_ppc64/ppc/ppc64/initrd.img /tftpboot/rhel6_ppc64<br />
<span style="white-space: pre;"> </span># cp /export/nim/rhel_6.10_ppc64/ppc/ppc64/vmlinuz /tftpboot/rhel6_ppc64<br />
<br />
<br />
<u><b>RHEL 7:</b></u><br />
the main directory is /boot, which was copied from ISO image:<br />
# cp -prh /export/nim/rhel_7.6_ppc64/boot /boot<br />
<br />
Beside that initrd.img and vlinuz was also copied to /boot:<br />
# cp /export/nim/rhel_7.6_ppc64/ppc/ppc6/initrd.img /boot<br />
# cp /export/nim/rhel_7.6_ppc64/ppc/ppc6/vmlinuz /boot<br />
<br />
----------------------------------------<br />
<br />
<b><u>3. /etc/bootptab</u></b><br />
<br />
/etc/bootptab has to be updated manually so network communication is possible during netboot.<br />
<br />
Added these lines at the end of bootptab file:<br />
(yaboot and core.elf files have been copied earlier)<br />
<br />
<u><b>RHEL 6:</b></u><br />
ls-rh-ppc64-base:bf=/export/nim/rhel_6.10_ppc64/ppc/chrp/yaboot:ip=172.23.72.15:ht=ethernet:sa=172.23.74.4:gw=172.23.72.1:sm=255.255.248.0:<br />
<br />
<u><b>RHEL 7:</b></u><br />
ls-rh-ppc64-base:bf=/boot/grub/powerpc-ieee1275/core.elf:ip=172.23.72.15:ht=ethernet:sa=172.23.74.4:gw=172.23.72.1:sm=255.255.248.0:<br />
<br />
<br />
After installation completed these lines should be removed manually.<br />
<br />
----------------------------------------<br />
<br />
<b><u>4. Boot config files</u></b><br />
<br />
The main config file for inital network boot is different for RHEL6 and 7:<br />
RH6: yaboot.conf<br />
RH7: grub.cfg<br />
<br />
<u><b>RHEL 6: /etc/yaboot.conf</b></u><br />
During network boot a filename with MAC address is searched, if that file is missing, then boot process will check different MAC address and IP variations. For each variation there is a timeout if that file is not found… so we don’t want to wait 2 mins, create a link with MAC address to this file:<br />
# cd /etc<br />
# ln -s yaboot.conf 01-fa-8e-09-73-18-20<br />
<br />
(I tried to use NFS which worked here, but later in the kickstart file it did not work NFS, so I changed to HTTP everywhere)<br />
# cat /etc/yaboot.conf<br />
init-message = "\nWelcome to the 64-bit Red Hat Enterprise Linux 6.10 installer!\nHit <TAB> for boot options.\n\n"<br />
timeout=50<br />
default=linux<br />
<br />
image=rhel6_ppc64/vmlinuz<br />
label=linux<br />
initrd=rhel6_ppc64/initrd.img<br />
# append="ks=nfs:nfsvers=3:172.23.74.4:/export/nim/misc/rhel6_ppc64_ks.cfg ksdevice=eth0 ip=172.23.72.15 netmask=255.255.248.0 gateway=172.23.72.1"<br />
append="ks=http://172.23.74.4/export/nim/misc/rhel6_ppc64_ks.cfg ksdevice=eth0 ip=172.23.72.15 netmask=255.255.248.0 gateway=172.23.72.1"<br />
read-only<br />
<br />
<br />
<br />
<u><b>RHEL 7: /boot/grub/powerpc-ieee1275/grub.cfg</b></u><br />
# cat /boot/grub/powerpc-ieee1275/grub.cfg<br />
set default=0<br />
set timeout=5<br />
<br />
echo -e "\nWelcome to the Red Hat Enterprise Linux 7.6 installer!\n\n"<br />
<br />
menuentry "RHEL for PowerPC" {<br />
linux /boot/vmlinuz ro ip=172.23.72.15::172.23.72.1:255.255.248.0:ls-rh-ppc64-base:eth0:none inst.repo=http://172.23.74.4/export/nim/rhel_7.6_ppc64/ inst.ks=http://172.23.74.4/export/nim/misc/rhel7_ppc64_ks.cfg<br />
initrd /boot/initrd.img<br />
}<br />
<br />
----------------------------------------<br />
<br />
<b><u>5. /etc/tftpaccess.ctl</u></b><br />
<br />
On the NIM server we need to grant access to the needed resources. Some lines have been added to /etc/tftpaccess.ctl.<br />
<br />
# cat /etc/tftpaccess.ctl<br />
# NIM access for network boot<br />
allow:/tftpboot<br />
allow:/tftpboot/rhel6_ppc64<br />
allow:/export/nim/rhel_6.10_ppc64<br />
allow:/etc/yaboot.conf<br />
<br />
<br />
<u>Some side note:</u><br />
<i>NFS export is not needed as we use HTTP. I did some experiment with NFS and I leave here commands I used (just in case):</i><br />
<i>exportfs -i /export/nim/rhel_6.10_ppc64</i><br />
<i>exportfs -i /export/nim/misc</i><br />
<i><br /></i>
<i>unexport:</i><br />
<i>exportfs -u /export/nim/rhel_6.10_ppc64</i><br />
<i>exportfs -u /export/nim/misc</i><br />
<br />
----------------------------------------<br />
<br />
<b><u>6. Kickstart file:</u></b><br />
<br />
Kickstart files are controlling what settings should be used during install (timezone, language...) 2 files have been created in /export/nim/misc, one for RH6 and one for RH7. (the url line contains the path on NIM sever for the install resources)<br />
<br />
<u><b>RHEL 6:</b></u><br />
# cat rhel6_ppc64_ks.cfg<br />
lang en_US<br />
keyboard us<br />
timezone Europe/Vienna --isUtc<br />
rootpw $1$3Qm1F030$Q6ExOTiF/ndBk7neDKNZp1 --iscrypted<br />
#platform IBM pSeries<br />
reboot<br />
text<br />
#cdrom<br />
url --url http://aix-mgmt.mydomain.org/export/nim/rhel_6.10_ppc64<br />
bootloader --location=mbr --append="rhgb quiet crashkernel=auto"<br />
zerombr<br />
clearpart --all --initlabel<br />
autopart<br />
#network --device=eth0 --bootproto=static --ip=172.23.72.15 --netmask=255.255.248.0 --gateway=172.23.72.1<br />
network --device eth0 --bootproto dhcp --hostname ls-rh-ppc64-base<br />
auth --passalgo=sha512 --useshadow<br />
selinux --disabled<br />
firewall --disabled<br />
skipx<br />
firstboot --disable<br />
<br />
%post<br />
mkdir /root/.ssh<br />
echo 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkG2Q00DnTLjXrU+gP7mxdrEMao55555555555Xs2HzfIjX73f7imMO5dEP7lWEFuKbXgTjgMsaWnFC6SCRiqCBFi9aPcTfTc12FVUHf2D18oqoi2LjqAslHSFUILRwhJi0dn0k6u8U1k7c7oV3VWb1bsMipn86/De+axa7endkXfTLOgWu3A1c/2H/Wf2nfpw2ElPOPZJJ3kVGqCJXFnHbOrWm9nw1GCDfQPNi82qySiuuCPBzjb953JdMrNVX++tmObFr6veH9775z4ucE/a67wp/XnGEy2lYogQcWj5lPULc6bUFSQvl0hT1HotvQlaywm2fB1eb6U88RSUV5VZ user@aix.mydomain.org' >> /root/.ssh/authorized_keys<br />
%end<br />
<br />
<u><b>RHEL 7:</b></u><br />
same as for RHEL 6, only the url line is different:<br />
url --url http://aix-mgmt.lnz.lab.dynatrace.org/export/nim/rhel_7.6_ppc64<br />
<br />
----------------------------------------<br />
<br />
<b><u>7. Netboot:</u></b><br />
<br />
After all these steps have been prepared, netboot of RH LPAR can be initiated from HMC:<br />
ssh hscroot@hmc01 "lpar_netboot -v -f -D -i -t ent -s auto -T off -d auto -S 172.23.74.4 -C 172.23.72.15 -G 172.23.72.1 -K 255.255.248.0 rh-ppc64-lpar default_profile man-sys-01"<br />
<br />
----------------------------------------<br />
<br />
if needed logging in yaboot.conf or grub.conf: https://wwoods.fedorapeople.org/doc/boot-options.html#_inst_syslog<br />
user@aix-mgmt:/var/log $ tail -f user<br />
<br />
----------------------------------------<br />
<div>
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com1tag:blogger.com,1999:blog-5391325129965939458.post-20967312214246092142020-04-14T15:00:00.001+02:002022-04-05T14:08:44.981+02:00DEVOPS - YUM<br />
<b><u>YUM (Yellowdog Updater Modified)</u></b><br />
https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/README-yum<br />
<br />
YUM is package manager for RPM packages, which allows automatic updates, package and dependency management. Yellowdog was a Linux distribution which was based on Red Hat. It had a package manager, which was called Yellowdog UPdater (YUP). It has been rewritten to support Red Hat based Linux system, and since then it is called YUM (Yellowdog Updater Modified.) YUM under the hood depends on RPM; which is a packaging standard.<br />
<br />
YUM doesn't recognize AIX installp dependencies. For example: OpenSSL libraries are provided by AIX in installp format, so if an RPM package depends on a specific OpenSSL version then user should make sure to keep his OpenSSL version updated.<br />
<br />
--------------------------------------------------------------------------------<br />
<br />
<u><b>RPM:</b></u><br />
<br />
It is a free and open source package management system, which is available on AIX.<br />
<br />
<u>Without YUM thes RPM commands can be used on AIX</u><br />
<i><b>rpm -qa </b></i> shows what rpm packages are installed<br />
<i><b>rpm -ql <package name> </b></i> shows where the files are installed (rpm -qlp .. shows the absolut paths???)<br />
<i><b>rpm -q --filesbypkg cdrecord </b></i> list all the files on installed rpm package<br />
<i><b>rpm -qf /usr/bin/lynx </b></i>query a file to find the source rpm package<i><b><br />rpm -qi <package name></b></i> list information on an installed rpm package<br />
<i><b>rpm -qR <package name></b></i> list all dependencies on any rpm package<br />
<br />
<i><b>rpm -ivh httpd-2.2.8.aix5.1.rpm</b></i> install the rpm package<br />
<br />
<i><b>rpm -ivh --force *.rpm</b></i><br />
<i><b>rpm -ivh --force --nodeps <package name></b></i> does not check dependency (same can be done with "rpm -Uvh..." for upgrade)<i><b><br />rpm -e <package name> </b></i> removes the rpm package<br />
<br />
<i><b>rpm -Va </b></i> shows which files are missing from the RPM database<br />
<i><b>rpm -Vv <package name></b></i> verifies a package<br />
<i><b>rpm --rebuilddb </b></i> compress and rebuild the RPM database<br />
<br />
<i><b>/usr/sbin/updtvpkg </b></i> enables the rpm command to recognize that the libraries have been installed<br />
<br />
In some cases you might get an error about failed dependencies when you install RPMs on AIX (for example, error: failed dependencies: libX11.a(shr4.o) is needed by tk-8.3.3-1). Most likely the error occurs because the rpm command does not recognize the shared library. If the error occurs, check to see if the X11 libraries are installed in the directory /usr/lpp/X11/lib. If they are not installed, use the AIX product media to install them. After you have installed the libraries, run the above command (updtvpkg). The command enables the rpm command to recognize that the libraries have been installed.<br />
<br />
---------------------------------<br />
<br />
<b><u>Installing yum on AIX</u></b><br />
<br />
<b>1. install latest rpm.rte: https://ftp.software.ibm.com/aix/freeSoftware/aixtoolbox/INSTALLP/ppc/</b><br />
# installp -qacXYd rpm.rte all<br />
<br />
<b>2. install all rpm packages contained in yum_bundle.tar</b><br />
https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/<br />
# tar -xvf yum_bundle.tar<br />
# rpm -Uvh *<br />
<br />
Another way to install yum is to download yum.sh from https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/ezinstall/ppc/.<br />
Running this script will download and install the latest rpm.rte and yum_bundle.tar.<br />
<br />
yum.conf file will be installed under the path /opt/freeware/etc/yum.<br />
Additional yum repository files can be created under the path /opt/freeware/etc/yum/repos.d.<br />
<br />
---------------------------------<br />
<br />
<b><u>AIX Toolbox Repositories</u></b><br />
<br />
IBM provides the most widely used GNU and opensource Linux tools on AIX (like gcc, git, coreutils, perl, python, ruby, php etc.). These can be downloaded from the AIX Toolbox site: https://www.ibm.com/support/pages/node/882892<br />
<br />
It is also possible to use AIX Toolbox as a yum repository, so dependencies will be handled automatically by yum. After installing yum, by default 3 IBM repositories are enabled for rpm packages in /opt/freeware/etc/yum/yum.conf.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcXJreXS-RZkOfcGdR-Rk6pBGGpfh40AksOUTuXCqwyqD9dzELDzPbGWVz7DRDPvvMB9SKfr8EG130kTBRkt0w8om_yGHb7kVp7FdvE7OlhpfDiI5mjC1ABZysH95qc_XabwgUOtyg0-sB/s1600/a2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="573" data-original-width="754" height="486" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjcXJreXS-RZkOfcGdR-Rk6pBGGpfh40AksOUTuXCqwyqD9dzELDzPbGWVz7DRDPvvMB9SKfr8EG130kTBRkt0w8om_yGHb7kVp7FdvE7OlhpfDiI5mjC1ABZysH95qc_XabwgUOtyg0-sB/s640/a2.JPG" width="640" /></a></div>
<br />
<u>These 3 repositories are: ppc, noarch and ppc-X.X</u><br />
<b>ppc</b>: Contains most of the rpms. These rpms are built on AIX 5.3, 6.1 and these can be installed on any higher versions of AIX<br />
<b>noarch</b>: Contains architecture independent packages (scripts, text files, which are not binaries), these can be installed on any AIX<br />
<b>ppc-6.1</b>: Contains gcc which can be installed only on aix6.1.<br />
<b>ppc-7.1</b>: Contains gcc which can be installed only on aix7.1.<br />
<b>ppc-7.2</b>: Contains gcc/gcc-go which can be installed only on aix7.2.<br />
<br />
The reason behind this is, that some of the rpm packages like gcc can only be installed on a specific version of AIX. For example, gcc built on AIX 6.1 will be allowed to be installed only on AIX 6.1 machines, so with the configuration of these separate repositories "yum install gcc" will work on all AIX servers, irrespective of AIX version.<br />
<br />
-------------------------------------------------<br />
<br />
<b>/opt/freeware/etc/yum/yum.conf</b> <--main yum configuration file<br />
<br />
<b>yum clean all</b> <--cleans up cache (to see new config, packages in repo cache has to be cleaned up)<br />
<b>yum search <keyword></b> <--to find packages containing the specified keywordin description from repository<br />
<b>yum list <package></b> <--shows status of a package (if it is installed or available in repositiry)<br />
<b>yum list <package> --showduplicates </b> <--lists all versions in repository (installed and all available versions)<br />
<b>yum info <package> </b> <--info about a package<br />
<b>yum whatprovides <filename></b> <--shows which package contains given file (like: yum whatprovides zlib.so)<br />
<b>yum provides <filename> </b> <--to find which package provides the file<br />
<br />
<b>yum install <package></b> <--installs a package + dependencies (more packages: yum install package1 package2 …)<br />
<b>yum install <package_name>-<version_info> </b> <--installs a specific version (like: yum install gcc-6.3.0-1)<br />
<b>yum localinstall </path/to/package> </b> <--installing a package from local path instead of a repository<br />
<br />
<b>yum update <package></b> <--updates a package (with its dependencies if needed)<br />
<b>yum check-update </b> <--check if a newer version of a package is available<br />
<b>yum remove <package></b> <--remove a package<br />
<br />
<b>yum history </b> <--lists history of yum actions (same as yum history list all)<br />
<b>yum history info <transaction_ID></b> <--gives details about the specified history transaction id<br />
<b>yum history undo <transaction_ID></b> <--roll backs the given tranaction id<br />
<br />
<b>yum repolist </b> <--list repositories<br />
<b>yum --disablerepo="*" --enablerepo="epel" list available </b> <--lists packages only in a specific repo (use output of "yum repolist" )<br />
<b>yum --disablerepo=* --enablerepo=LIVE* list Centrify*</b> <--lists installed and available packages from LIVE* repos<br />
<br />
<b>createrepo --checksum sha --update /etc/repo</b> <--update repo after a new package is copied there<br />
<br />
---------------------------------<br />
<br />
<b><u>Creating local YUM repository</u></b><br />
<br />
We need to choose an AIX or Linux server with HTTP access (Apache/NGNIX) that can be used as a repository server. The ideal scene is if it has access to the internet (so it can sync packages from IBM site). If it is not possible then we need to copy there manually the rpm packages. The YUM clients are connecting to the repository server using HTTP connections. (I guess that is why the curl package is a prerequisite for the yum package.)<br />
<br />
Detailed steps are described here: https://developer.ibm.com/articles/configure-yum-on-aix/ and here: https://www.djouxtech.net/posts/aix-yum-installation/<br />
<br />
<b>1. Install yum-utils and createrepo (with dependencies)</b><br />
<br />
<b>2. Download all rpm packages what you need in repo</b><br />
We can use the default IBM repositories to download rpm packages (if we have internet on the repository server). By default /opt/freeware/etc/yum/yum.conf contains the IBM repositories (yum repolist should show them), and reposync command will sync (download) content of a repository<br />
# reposync -p <target_path> -r AIX_Toolbox -a ppc<br />
# reposync -p <target_path> -r AIX_Toolbox_61 -a ppc<br />
# reposync -p <target_path> -r AIX_Toolbox_71 -a ppc<br />
# reposync -p <target_path> -r AIX_Toolbox_72 -a ppc<br />
# reposync -p <target_path> -r AIX_Toolbox_noarch<br />
(-p path to download, -r: the name of the repository, -a: architecture)<br />
<br />
<b>3. create repo</b><br />
Run createrepo for all the downloaded packages:<br />
# createrepo <target_path>/AIX_Toolbox<br />
# createrepo <target_path>/AIX_Toolbox_61<br />
# createrepo <target_path>/AIX_Toolbox_71<br />
# createrepo <target_path>/AIX_Toolbox_72<br />
# createrepo <target_path>/AIX_Toolbox_noarch<br />
<br />
<b>4. on AIX servers update repo config files with correct locations</b><br />
On client servers, create new repo file in /opt/freeware/etc/yum/repos.d: like localrepos.repo:<br />
# cat /opt/freeware/etc/yum/repos.d/localrepos.repo<br />
[local_AIX_Toolbox]<br />
name=local AIX generic repository<br />
baseurl=http://reposerver.mydomain.com/ias-AIX/Toolbox/<br />
enabled=1<br />
gpgcheck=0<br />
priority=1<br />
<br />
[local_AIX_Toolbox_noarch]<br />
name=local AIX noarch repository<br />
baseurl=http://reposerver.mydomain.com/ias-AIX/Toolbox_noarch/<br />
enabled=1<br />
gpgcheck=0<br />
priority=1<br />
<br />
[locaL_AIX_Toolbox_71]<br />
name=local AIX 7.1 specific repository<br />
baseurl=http://reposerver.mydomain.com/ias-AIX/Toolbox_71/<br />
enabled=1<br />
gpgcheck=0<br />
priority=1<br />
<br />
<b>5. disable IBM repos (if needed)</b><br />
If localrepos will be used in /opt/freeware/etc/yum/yum.conf file IBM repositories can be disabled (enabled=0)<br />
<br />
-------------------------------------------------<br />
<br />
<b><u>YUM repository update:</u></b><br />
<br />
If we want to add additional packages to a repo, do these steps on the repository server:<br />
1. copy package to correct repository (make sure permissions and user are correct)<br />
3. update repo: createrepo --checksum sha --update /srv/packer/ias-AIX/Toolbox<br />
4. on clients clean cache: yum clean all (so new packages vill be visible for yum commands)<br />
<br />
-------------------------------------------------<br />
<div>
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com3tag:blogger.com,1999:blog-5391325129965939458.post-66217045796065088342020-04-14T11:28:00.001+02:002022-04-05T14:08:12.973+02:00POWERVC - SSP<br />
<b><u>SSP Administration</u></b><br />
<br />
<b><u>PowerVC and SSP</u></b><br />
<br />
SSP is a fully supported storage provider in PowerVC. SSP was developed much earlier than PowerVC, but its shared setup can fit very well to the cloud nature of PowerVC. After creating an SSP (few clicks in HMC GUI), PowerVC (which is connected to the HMC) will recognize it automatically and without any additional tasks we can start to create LUs and deploy VMs. (There is no strict distinction, but the word LUN is used more for physical volumes attached to VIOS (lspv), and the word LU for virtual disks created in SSP.)<br />
<br />
What is important that each VIO server, which is part of the SSP cluster, has to see the same LUNs. The virtual disks (LUs), which are created in SSP, can be found as files in a special filesystem: /var/vio/SSP/SSP_Cluster_1/D_E_F_A_U_L_T_061310. This fs is created during SSP creation and it is available on each VIO server. (These LUs are basically files in that filesystem, and because these LUs are thin provisioned, these files are so called 'sparse files'). SSP commands can be run as padmin on each VIOS.<br />
<br />
<b>/var/vio/SSP/SSP_Cluster_1/D_E_F_A_U_L_T_061310/VOL1</b> <--contains LUs available in PowerVC<br />
<b>/var/vio/SSP/SSP_Cluster_1/D_E_F_A_U_L_T_061310/IM</b> <--contains Images available in PowerVC<br />
<br />
<b>cluster -list</b> <--lists available SSP clusters<br />
<b>cluster -status -clustername <CLUSTER_NAME> -verbose</b> <--it will show primary database node as well (grep -p DBN)<br />
<br />
<b>lu -list</b> <--lists SSP LUs<br />
<b>snapshot -list</b> <--lists snapshots (images in PowerVC)<br />
<b>lssp -clustername <Cluster_Name> -sp <SSP_Name> -bd</b> <--old command to list LUs (bd is backing device)<br />
<br />
<br />
-------------------------------------<br />
<br />
<b><u>Adding a new LUN to SSP</u></b><br />
<br />
If we want to increase the available free space in SSP we need to add a new LUN to it.<br />
<br />
<b>1. request a new LUN from SAN team</b> <--should be a shared LUN assigned to each VIO server in SSP<br />
<b>2. cfgmr (or cfgdev as padmin)</b> <--bring up new disk on all VIO, make sure it is the same disk<br />
<b>3. chdev -l hdisk$i -a queue_depth=32</b> <--set any parameters needed<br />
<b>4. in HMC GUI add new disk to SSP</b> <--on HMC SSP menu choose SSP, then check mark SSP (System Default) --> Action --> Add Capacity<br />
<br />
After that PowerVC will automatically recognize, no steps are needed in PowerVC. df -g can be used to monitor available free space in /var/vio/SSP/SSP_Cluster_1/D_E_F_A_U_L_T_061310.<br />
<br />
-------------------------------------<br />
<br />
<b><u>Removing leftover LUs from SSP</u></b><br />
<br />
Sometimes a volume has been deleted in PowerVC, but they are still visible in SSP. These can be removed from SSP commands with lu -remove ... What is important, to make sure these LUs are really not used by anything. (LUs can be used by VMs and also by Images!!!)<br />
<br />
<b>1. check LU list on HMC, PowerVC and VIO</b> <--HMC and PowerVC GUI lists LUs, on VIO 'lu -list' can be used<br />
<b>2. lu -list -attr provisioned=false</b> <--on VIO lists LUs which are not assigned to any LPARs<br />
<b>3. lu -remove -clustername <Cluster_Name> -luudid <ID></b> <--remove a LU from SSP<br />
<br />
If there are many LUs this for cycle can be used as well:<br />
<b>$ for i in `lu -list -attr provisioned=false | awk '{print $4}'`; do lu -remove -clustername SSP_Cluster_1 -luudid $i; done</b><br />
<br />
-------------------------------------<br />
<br />
<b><u>PowerVC Images, Snapshots, LUs and SSP</u></b><br />
<br />
When an Image is created in PowerVC sometimes a file is created in SSP, sometimes not. It depends on how Image creation has been started. This "inconsistency" can lead to problems when we want to find that specific file in SSP which contains our Image in PowerVC.<br />
<br />
<u>Images and LUs are stored in 2 different places in SSP:</u><br />
# ls -l /var/vio/SSP/SSP_Cluster_1/D_E_F_A_U_L_T_061310<br />
drwxr-xr-x 2 root system 8192 Feb 19 11:19 IM <--Images (these are LUs, but "lu" commands will not list them)<br />
drwxr-xr-x 8 root system 512 Feb 03 2018 VIOSCFG<br />
drwxr-xr-x 2 root system 32768 Feb 20 08:47 VOL1 <--LUs <br />
<br />
<br />
<b>Volume and LU:</b><br />
Both are referring to the same disk, just Volume is used in PowerVC, and LU is used in SSP commands. When we create a PowerVC Volume, in the background PowerVC will create a new disk in SSP. The end result is a file in the VOL1 directory (/var/vio/SSP/SSP_Cluster_1/D_E_F_A_U_L_T_061310/VOL1). The lu ... SSP commands will list files in VOL1 directory (not in IM).<br />
<br />
<b>Image and Snapshot:</b><br />
PowerVC images are needed to create new AIX VMs. The word Image is used only in PowerVC (not in SSP commands). Images can be created in 2 different ways:<br />
<b>-capturing a VM</b> (in PowerVC VMs menu): a new file is created in IM directory and it takes minutes<br />
<b>-creating from a Volume</b> (in PowerVC Images menu): no new files are created (same LU is used from VOL1), it takes seconds<br />
<br />
When an Image is ready, we can use it to create (deploy) new AIX VMs. During deployment a "snapshot" is created. A snapshot is a link to the disk from which it was created, and this snapshot is the "disk" of the new AIX VM. The actual size of this AIX VM in SSP is very minimal (sometimes I could not recognize the change), because it contains the same data as the Image.<br />
<br />
When we create a Volume in PowerVC, a LU is created in SSP. This LU can exist without any assignment or dependency. When we modify this LU to be an Image in PowerVC it is still "independent". But when we deploy AIX VMs from this Image, snapshots will be created which are depending on the LU. It means we cannot remove this LU (or Image) file until there are snapshots which are referring to it. (In PowerVC GUI, we can remove images at any time, but this is a "fake" removal. PowerVC will show that it deleted successfully an image, but in the background if snapshots from that image still exist, no free space will be reclaimed, the used storage space will be the same. If we check "snapshot -list" command we could be surprised to find a lots of images in the output, which does not exist in PowerVC anymore, but still exist in SSP.)<br />
<br />
-------------------------------------<br />
<br />
<b><u>snapshot -list:</u></b><br />
<br />
This command displays all Images and its Snapshots. It does not matter how Images were created (from a Volume or from a VM) it will be listed. The output has 2 parts. The first part (which start with "Lu Name") will list Images which are created from Volumes (in VOL1 directory) and its Snapshots. The second part (which start from "Lu(Client Image)Name") will lists Images in IM directory and its Snapshots.<br />
<br />
<b>$ snapshot -list</b><br />
<b>Lu Name Size(mb) ProvisionType %Used Unused(mb) Lu Udid</b><br />
volume-bb_dd_61-c20cc6.. 153600 THIN 0% 153609 9191dee4a3ba... <--this is a Volume and Image (in VOL1)<br />
Snapshot<br />
72a40f070213e2450b8d19672f22a5dcIMSnap <--this is a VM, shows LUN id (without IBMsnap)<br />
<br />
<b>Lu(Client Image)Name Size(mb) ProvisionType %Used Unused(mb) Lu Udid</b><br />
volume-Image_7241-5c5b80ac-170b153 THIN 0% 153609 48004e96ecc2... <--this is an image in IM<br />
Snapshot<br />
c397bc118de59c4592429b2eb0bba738IMSnap <--this is a VM with LUN id<br />
618afc4622c5286808a8173468ae161bIMSnap <--this is a VM with LUN id<br />
<br />
-------------------------------------<br />
<br />
<b><u>lu -list</u></b><br />
<br />
This command will list all LUs and if a LU is functioning as an Image (Images in VOL1 dir) its Snapshots will be also displayed. Images which are in IM directory (captured from a VM) are not displayed here.<br />
<br />
<b>$ lu -list</b><br />
POOL_NAME: SSP_1<br />
TIER_NAME: System<br />
<b>LU_NAME SIZE(MB) UNUSED(MB) UDID</b><br />
volume-aix-central-111~ 153600 84140 81d15130e9a76596ad0b3564973d4912<br />
volume-bb_dd_61-c20cc6~ 153600 153609 9191dee4a3ba8fe3c7753af592027aad <--this is a Volume and Image (in VOL1)<br />
SNAPSHOTS<br />
<b>72a40f070213e2450b8d19672f22a5dcIMSnap </b><--its Snapshot (AIX VM is created from Image)<br />
volume-bb_dd_61_VM-1ce~ 153600 153160 <b>72a40f070213e2450b8d19672f22a5dc </b><--LU of the deployed AIX (same IDs)<br />
volume-cluster_1-71eda~ 20480 20473 e12ba154470b2c8bd9a54eb588fc9d2e<br />
volume-cluster_2-c8ab7~ 20480 20432 4e36795de9a3f90710ba995b97d7ccbd<br />
<br />
-------------------------------------<br />
<br />
<b><u>Image removal if it is listed in snapshot -list command:</u></b><br />
<br />
<b>1. $ snapshot -list</b><br />
….<br />
volume-Image_ls-aix-test8_capture_1_volume_1-fc19d9fd-5dac153600 THIN 1% 150942 8256526c4e512b54cbdd689d4e1e321a<br />
<br />
<br />
<b>2. $ lu -remove -luudid 8256526c4e512b54cbdd689d4e1e321a</b><br />
Logical unit with udid "8256526c4e512b54cbdd689d4e1e321a" is removed.<br />
<br />
After that file will be deleted in IM directory as well<br />
<br />
-------------------------------------<br />
<br />
<b><u>Image removal if it is not listed in snapshot commands:</u></b><br />
<br />
In this case there are files in IM directory, but usual SSP commands will not list them. It is possible to manually remove those files (rm), but it works only if these images (LUNs) are not listed as "LU_UDID_DERIVED_FROM"<br />
<br />
<b>1. Checked files in IM direcory:</b><br />
ls -ltr /var/vio/SSP/SSP_Cluster_1/D_E_F_A_U_L_T_061310/IM<br />
volume-Image_AIX-710404_base2_puppet_capture-445b36df-bbee.b38417a6fd9f8eab66c2f7e6e02818cc<br />
<br />
It lists PowerVC images (some were not listed in PowerVC GUI). The characters after the dot (.) showing the LUN id, which can be used in searches.<br />
<br />
<b>2. Searching LUN ids in "lu -list verbose":</b><br />
for i in `ls -ltr /var/vio/SSP/SSP_Cluster_1/D_E_F_A_U_L_T_061310/IM | awk -F'.' '{print $2}'`; do ls /var/vio/SSP/SSP_Cluster_1/D_E_F_A_U_L_T_061310/IM| grep $i; lu -list -verbose| grep -p $i; echo "========="; echo; done<br />
<br />
<b>3. Remove files if possible:</b><br />
If there are no reference for a specific Image file (LUN id) in this verbose command then "rm filename" will work, otherwise, we get this error:<br />
# rm volume-Image_AIX-710404_base_nocloud_capture-0d466084-d9bb.054d6d02cf133e4aef56437f4524f016<br />
rm: 0653-609 Cannot remove volume-Image_AIX-710404_base_nocloud_capture-0d466084-d9bb.054d6d02cf133e4aef56437f4524f016.<br />
Operation not permitted.<br />
<br />
-------------------------------------<br />
<br />
<b><u>SSP dd examples</u></b><br />
<br />
<b># cd /var/vio/SSP/SSP_Cluster_1/D_E_F_A_U_L_T_061310/IM</b><br />
<br />
To export the volume to a file from SSP:<br />
<b># dd if=volume-New-SSP-Image-Volume.7e2e5b5738d7adf4be3b64b9b731c2ff of=/tmp/aix7_img bs=1M</b><br />
<br />
To import the volume from a file to SSP:<br />
<b># dd if=/tmp/aix7_img of=VOL1/volume-New-SSP-Image-Volume.7e2e5b5738d7adf4be3b64b9b731c2ff bs=1M </b><br />
<br />
-------------------------------------<br />
<div>
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com1tag:blogger.com,1999:blog-5391325129965939458.post-53442305400682397492020-04-13T12:59:00.001+02:002022-04-05T14:07:51.552+02:00DEVOPS - QEMU<br />
<b><u>QEMU - AIX on x86</u></b><br />
<br />
QEMU (Quick EMUlator) is a machine emulator program, which is capable to create VMs with different processor architectures. For example if we want to test a Solaris (with RISC processor) or an HP-UX (with HPPA) or an AIX (with Power processor) QEMU can emulate that processor type and run the specified OS on that. So on Windows or Linux (on x86) with QEMU we can run AIX.<br />
<br />
After installing QEMU, we can use a command to create an empty virtual disk and after a VM (with specified RAM and additional devices). If we use an AIX DVD during the boot, AIX will be installed there. (After installation not all AIX commands are available but many things still possible to do.)<br />
<br />
<u>Without any prior experience in QEMU, I used these 2 sources:</u><br />
https://astr0baby.wordpress.com/2018/11/04/running-aix-7-2-tl3sp1-on-x86_64-via-qemu-system-ppc64/<br />
http://gibsonnet.net/blog/cgaix/resource/AIX_QEMU_blog.pdf<br />
<br />
--------------------------------------------------------------<br />
<br />
<b><u>AIX on Linux</u></b><br />
<br />
Very important: be patient during this process, things can be (very) slow sometimes.<br />
<br />
On Windows I installed VirtualBox and I created a Linux VM (CentOS 8). The plan was that on this linux VM in VirtualBox I will create an AIX VM using QEMU. After CentOS 8 installation completed, I configured network, so I could ssh to my linux server and do these steps:<br />
<br />
<b>0. Download AIX DVD </b><br />
From IBM ESS site download AIX DVD. I used 7.1 TL5 SP5, DVD1 is enough (710505.iso). Copy to any directory, I used /root/aix.<br />
<br />
<b>1. Install Qemu</b><br />
I could not find latest qemu package on linux (only version 2 was available, but that did not support latest Power systems), so it had to be compiled from source code:<br />
(I had to install git and other missing things like glib-devel ...)<br />
<b># git clone git://git.qemu.org/qemu.git</b> <--it downloads latest source code (automatically creates a qemu dir where I start command)<br />
<b># cd qemu </b> <--go to qemu dir which was created by git<br />
<b># mkdir build; cd build </b> <--create a build directory and go there<br />
<b># ../configure</b> <--checks if all requirements are OK<br />
<b># make </b> <--this compiles the source code (it can take long)<br />
<b># make install</b> <--it installs compiled software<br />
<b># qemu-system-ppc64 --version</b> <--check if it works correctly<br />
QEMU emulator version 4.2.50 (v4.2.0-2665-g3d0ac34603)<br />
Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers<br />
<br />
<b>2. Create a disk file</b><br />
Go to the AIX DVD dir and create a disk which will be used by AIX<br />
<b># qemu-img create -f qcow2 hdisk0.qcow2 20G</b><br />
It will create an empty 20GB qcow2 disk image file, but its initial size is very small, as it is a sparse file. (So we have AIX DVD and this image file in our dir)<br />
<br />
<b>3. Create an AIX VM</b><br />
This command will create an AIX VM with specified settings and boot it from DVD:<br />
<b># qemu-system-ppc64 -cpu POWER8 -machine pseries -m 2048 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -cdrom 710505.iso -prom-env "boot-command=boot cdrom:"</b><br />
<br />
<u>Parameters used:</u><br />
<b>-cpu:</b> processor type, here POWER8<br />
<b>-machine:</b> machine type, here pseries<br />
<b>-m</b>: memory size, here 2GB<br />
<b>-serial:</b> redirects serial output to specified device<br />
<b>-drive</b>: the disk file we created before<br />
<b>-device:</b> virtio-scsi-pci (not fully sure, but maybe this will create a virt. eth. adapter device)<br />
<b>-device:</b> scs-hd (probably this will create hdisk device)<br />
<b>-cdrom:</b> this is our downloaded AIX DVD which will be used during boot<br />
<b>-prom-env:</b> sets NVRAM variable for PPC and SPARC servers, here a boot-command is used, which points to cdrom (DVD)<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-tcEUKlAUf4eZdvRXJ-rQQxgIBSBqVHXXpScpa8LcR2HVSxjCVH_99JEZXc31jiW3M3zbyApV4peUC4j6uhxfB1eDOoL-HWC1lt6e03h_tBZ50xNjSz-Eg4uax2BoD6gIYbEnwsMlTLEl/s1600/a1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="374" data-original-width="920" height="260" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-tcEUKlAUf4eZdvRXJ-rQQxgIBSBqVHXXpScpa8LcR2HVSxjCVH_99JEZXc31jiW3M3zbyApV4peUC4j6uhxfB1eDOoL-HWC1lt6e03h_tBZ50xNjSz-Eg4uax2BoD6gIYbEnwsMlTLEl/s640/a1.JPG" width="640" /></a></div>
<br />
AIX boot will take several minutes, sometimes output can hang for 3-5 minutes. If everything is fine, the usual AIX install menu will apper (choose console and english language and default settings during install). The install will take about 2 hours, and disk file size will grow to 2.3GB. The installation process tries to restart AIX automatically after the install completed, but it was hanging, so after some time I did CTRL-C.<br />
<br />
<b>4. Fix fsck64 issue in Maintenance mode</b><br />
fsck fails during boot and boot will hang. A workaround to this issue is to overwrite fsck64 file with exit 0. Boot our new AIX to maintenance moe:<br />
<b># qemu-system-ppc64 -cpu POWER8 -machine pseries -m 2048 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -cdrom 710505.iso -prom-env "boot-command=boot cdrom:"</b><br />
<br />
When the "Welcome to Base Operating System" menu appears: <b>choose 3 (Start Maintenance Mode) --> 1 (Access a Root VG) --> 0 Continue --> 1 (VG on hdisk0) --> 1 (Access this VG and start a shell). </b><br />
<br />
<u>After that we will get a prompt with an environment where filesystems are already mounted:</u><br />
<b># cd /sbin/helpers/jfs2</b> <--go to this location<br />
<b># > fsck64 </b> <--delete content of that file<br />
<b># vi fsck64 </b> <--vi and insert these 2 lines. File is readonly, so save and quit with :w! and :q<br />
#!/bin/ksh<br />
exit 0<br />
<br />
<b># cat fsck64 </b> <--it should contain 2 lines (#!/bin/ksh and exit 0)<br />
<b># sync ; sync</b> <--write cached memory to disk<br />
<b># halt </b> <--halt AIX<br />
<br />
<br />
<b>5. Boot from disk</b><br />
This is the first time AIX will be booted from disk:<br />
<b># qemu-system-ppc64 -cpu POWER8 -machine pseries -m 2048 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -cdrom 710505.iso -prom-env "boot-command=boot disk:"</b><br />
<br />
This boot will take much longer (about 5-10 minutes) as some daemons will fail and it will hang at NFS part until timeout, but we will get a prompt. After that some services will be disabled (so next boots will be faster) and installed ssh from DVD.<br />
<u>Disabling services in inittab:</u><br />
<b># rmitab rcnfs</b><br />
<b># rmitab cron</b><br />
<b># rmitab piobe</b><br />
<b># rmitab qdaemon</b><br />
<b># rmitab writesrv</b><br />
<b># rmitab naudio2</b><br />
<b># rmitab naudio</b><br />
<b># rmitab aso</b><br />
<b># rmitab clcomd</b><br />
<b># chrctcp -S -d tftpd</b><br />
<br />
<u>Install ssh and change root pw:</u><br />
<b># chfs -a size=+200M /home</b><br />
<b># mount -v cdrfs -o ro /dev/cd0 /mnt</b><br />
<b># mkdir /home/ssh; cd /mnt/installp/ppc; cp openssh.base openssh.license openssh.man.en_US openssh.msg.en_US /home/ssh; umount /mnt</b><br />
<b># cd /home/ssh; installp -acXY -d . all</b><br />
<b># passwd root</b><br />
<b># halt</b><br />
<br />
After that booting up from disk should be faster.<br />
<br />
<b>6. Network setup</b><br />
I wanted to use ssh on AIX, so network setup was needed. (When I worked in qemu terminal and I did ctrl-c, the whole qemu session (process) was stopped, so I had to boot again the VM, that was another reason to use ssh sessions.) Without knowing linux network virtualization techniques, it was not easy, but found this site, which worked: http://hostrepo.com/article.php?id=193. Basically a network bridge was needed, so network communication could be possible between my Linux and AIX VM. On Linux this network bridge function can be achieved by a TAP (Terminal Access Point) device and with ARP proxy. The following steps are needed each time after Linux is restarted, so these can be put in a script as well. (There are lots of internet sites which shows different other methods.)<br />
<br />
current IP on Linux: 10.0.2.15 (enp0s3)<br />
planned IP on AIX: 10.0.2.16 (en0)<br />
<br />
<u>On the Linux VM:</u><br />
<b># ip tuntap add tap0 mode tap</b> <--create tap0 interface ('ifconfig' will not show it, 'ip a' shows state is DOWN)<br />
<b># ip link set tap0 up</b> <--bring up tap0 ineterface ('ifconfig' will show tap0 state is UP)<br />
<b># echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp</b> <--enable proxy arp on tap0 (empty file was already there)<br />
<b># ip route add 10.0.2.16 dev tap0 </b> <--setup routing for 10.0.2.16 (AIX IP) on tap0 device ('ip route' shows new route)<br />
<b># arp -Ds 10.0.2.16 enp0s3 pub</b> <--broadcast ARP for AIX IP ('yum install net-tools' was needed for arp, netstat commands)<br />
<br />
<u>Boot up AIX using tap0 device:</u><br />
<b># cd /root/aix</b><br />
<b># qemu-system-ppc64 -cpu POWER8 -machine pseries -m 2048 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -cdrom 710505.iso -prom-env "boot-command=boot disk:" -net nic,macaddr=56:44:45:30:31:32 -net tap,script=no,ifname=tap0</b><br />
<br />
<u>Then on AIX:</u><br />
<b># chdev -l en0 -a netaddr=10.0.2.16 -a netmask=255.255.255.0 -a state=up</b><br />
<br />
After that ping and ssh is possible to AIX. AIX IP configuration will survive restarts, but Linux steps are needed each time after Linux VM is rebooted. In future if we want to start AIX in the background without a console this can be used:<br />
<b># qemu-system-ppc64 -cpu POWER8 -machine pseries -m 2048 -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -cdrom 710505.iso -prom-env "boot-command=boot disk:" -net nic,macaddr=56:44:45:30:31:32 -net tap,script=no,ifname=tap0 -daemonize</b><br />
<br />
(logout from session, after AIX shutdown is possible using "~~.", same as in HMC console)<br />
<br />
--------------------------------------------------------------<br />
<br />
<b><u>AIX on Windows</u></b><br />
<br />
It is possible to do the same steps (as above) directly on Windows without VirtualBox and a Linux VM. The only difference is that we need to give qemu commands in command prompt (cmd) or in a terminal emulator (like MobaXterm). With these terminals on Windows there could be character problems.<br />
<br />
We need to install latest Qemu on Windows: https://www.qemu.org/download/#windows. After install completed, above steps can be followed, with slight modification in qemu commands:<br />
<br />
<u>Create a disk file: </u><br />
<b>"C:\Program Files\qemu\qemu-img.exe" create -f qcow2 hdisk0.qcow2 20G</b><br />
<u><br /></u>
<u>Boot an AIX VM and install AIX from DVD:</u><br />
<b>"C:\Program Files\qemu\qemu-system-ppc64.exe" -cpu POWER8 -machine pseries -m 2048 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -cdrom 710505.iso -prom-env "boot-command=dev / 0 0 s\" ibm,aix-diagnostics\" property boot cdrom:\ppc\chrp\bootfile.exe -s verbose" -display vnc=:1</b><br />
<br />
<u>Boot our newly installed VM into Maintenance Mode and fix fsck64:</u><br />
<b>"C:\Program Files\qemu\qemu-system-ppc64.exe" -cpu POWER8 -machine pseries -m 2048 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -cdrom 710505.iso -prom-env "boot-command=boot cdrom:" -display vnc=:1</b><br />
<br />
<u>Boot AIX from disk:</u><br />
<b>"C:\Program Files\qemu\qemu-system-ppc64.exe" -cpu POWER8 -machine pseries -m 2048 -serial stdio -drive file=hdisk0.qcow2,if=none,id=drive-virtio-disk0 -device virtio-scsi-pci,id=scsi -device scsi-hd,drive=drive-virtio-disk0 -cdrom 710505.iso -prom-env "boot-command=boot disk:" -display vnc=:1</b><br />
<br />
--------------------------------------------------------------<br />
<div>
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com54tag:blogger.com,1999:blog-5391325129965939458.post-47638754313514635702020-04-09T18:51:00.004+02:002022-04-05T14:07:20.812+02:00POWERVM - VIOS INSTALL<br />
<b><u>VIO Install, Config (VIO Build)</u></b><br />
<br />
<br />
<u>These main steps will be followed:</u><br />
- VIO Server creation on HMC<br />
- VIO Server installation<br />
- VIO Server configuration<br />
- Network configuration (SEA, VLANs)<br />
- Performance Tuning<br />
- Additional things<br />
<br />
-----------------------------------------------------------------<br />
<div>
<br /></div>
<b><u>VIO Server creation on HMC </u></b><br />
<br />
<u>CPU settings:</u><br />
Shared, Uncapped weight: 255 (Proc. compatibility mode: Default)<br />
Proc. Unit: min: 0.1, desired: 2, max: number of CPUs in server (for smaller servers desired can be 1)<br />
Virt. Proc: min: 1, desired: 6, max: number of CPUs in server (for smaller servers desired can be 3)<br />
<br />
<u>Memory settings:</u><br />
min: 1 GB, Desired: 6 GB (it depends on how it will be utilized) max: 3x of desired<br />
<br />
<u>Adapters:</u><br />
SAS RAID Adapter + USB + add only 1Gb Network to have correct device sequence later (after VIO install add 10Gb + FC adapter)<br />
<br />
<u>After VIO is created, in General Settings of VIO:</u><br />
- Enable Mover Service Partition<br />
- Enable Connection Monitoring (this is the connection between LPAR and HMC)<br />
- Allow Perf. Information Collection<br />
<br />
<u>VIO IP address</u><br />
Usually a 1GB adapter is used to login and install VIO, an IP address will be needed for that (it may need to be registered in DNS)<br />
<br />
-----------------------------------------------------------------<br />
<br />
<b><u>VIO Server installation</u></b><br />
<br />
<u>There are more options for VIOS installation:</u><br />
VIOS install from USB stick<br />
VIOS install from HMC<br />
VIOS install from NIM<br />
<br />
<br />
<b><u>VIOS install from USB stick: </u></b><br />
- Download ISO from IBM whose name contains the word flash<br />
- Using software from Rufus (https://rufus.ie/) a bootable USB stick can be created<br />
- After plug in USB stick in the Power server, and booting up VIOS LPAR, installation can be completed in HMC console<br />
<br />
<br />
<b><u>VIOS install from HMC</u></b><br />
- Download DVD ISO from IBM<br />
- Upload ISO images to HMC, using menu point on HMC: HMC Management --> Templates and OS Images<br />
- During VIO activation on HMC, choose VIO install (takes more than an hour, at the end progress bar was hanging for 20 minutes)<br />
- After installation completed accept License and close window<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhR606cCwvXBMHY9DOAa6p0WvqL2wpw2E7Kw3651V9fe_trSUKkKvSgGgV_aQvmERduBMnJn0vaNc3Mo7Z9r5r9fPvy8ntPDWQDisIPQRFOcAT-GYkNTymd0gNgtt0IRVVHxrmubw_R5-Hn/s1600/a6.JPG" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="407" data-original-width="847" height="307" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhR606cCwvXBMHY9DOAa6p0WvqL2wpw2E7Kw3651V9fe_trSUKkKvSgGgV_aQvmERduBMnJn0vaNc3Mo7Z9r5r9fPvy8ntPDWQDisIPQRFOcAT-GYkNTymd0gNgtt0IRVVHxrmubw_R5-Hn/s640/a6.JPG" width="640" /></a></div>
<br />
<b><u>VIOS install from NIM</u></b><br />
<br />
<u>Prepare mksysb from ISO images:</u><br />
- download DVD1 and DVD2 ISO images and copy to NIM<br />
- mount ISO images: # loopmount -i dvdimage.v1.iso -o "-V cdrfs -o ro" -m /mnt2<br />
- copy mksysb images from /usr/sys/inst.images to another directory (on Volume1 there are 2 mksysbs, on Volume 2 there is only one, during copy change name to avoid overwrite)<br />
- combine 3 mksysb images into 1 (with command cat): # cat mksysb_image mksysb_image2 mksysb_image3 > vios2.2.3.4.mksysb<br />
<br />
<u>Create NIM resources and initiate restore:</u><br />
- create mksysb res.: # nim -o define -t mksysb -a server=master -a location=/nim/mksysb/vios/gi_vios_2234.mksysb mksysb_gi_vios_2234<br />
- create spot: # nim -o define -t spot -a server=master -a location=/export/spot -a source=mksysb_gi_vios_2234 spot_gi_vios_2234<br />
- add VIOS IP to /etc/hosts (I used here newvio1 as a name)<br />
- VIO NIM client: nim -o define -t standalone -a platform=chrp -a if1="find_net newvio1 0" -a netboot_kernel=64 -a connect=nimsh newvio1<br />
- initiate restore: # nim -o bos_inst -a source=mksysb -a mksysb=mksysb_gi_vios_2234 -a spot=spot_gi_vios_2234 -a accept_licenses=yes -a no_client_boot=yes newvio1<br />
<br />
SMS boot, configure IPs, restore mksysb....<br />
<br />
-----------------------------------------------------------------<br />
<br />
<b><u>VIO Server configuration</u></b><br />
(after installation is completed)<br />
<br />
<u>During first login:</u><br />
give password for padmin:<br />
accept conditions: a<br />
oem_setup_env --> license -accept<br />
<br />
<u>Set IP and Hostname</u><br />
# chdev -l en0 -a netaddr=172.23.88.67 -a netmask=255.255.254.0 -a state=up<br />
# chdev -l inet0 -a route=0,172.23.88.1<br />
# smitty hostname<br />
<br />
<u>Update VIO if needed:</u><br />
# mount nimserver:/mgmt /mnt<br />
$ updateios -accept -install -dev /mnt/VIO/VIO_3.1.0.10_Update<br />
$ shutdown -restart<br />
$ updateios -commit<br />
<br />
<u>Network files:</u><br />
update resolv.conf with domain, search list and nameservers (root.staff, 644)<br />
update netsvc.conf with "hosts = local, bind4" (root.system, 664)<br />
update /etc/hosts with needed host entries<br />
<br />
<u>paging space:</u><br />
(6 GB (remove: paging00 and increase hd6 6GB, (12 pp with pp size 512MB))<br />
# swapoff /dev/paging00<br />
# rmps paging00<br />
# chps -s 11 hd6<br />
<br />
<u>dump device</u><br />
(set dump device: lv_dump00 (8 pp with pp size 512MB))<br />
# lsvg -l rootvg<br />
# sysdumpdev -l<br />
# sysdumpdev -Pp /dev/sysdumpnull<br />
# extendlv lg_dumplv 6<br />
# chlv -n lv_dump00 lg_dumplv<br />
# sysdumpdev -Pp /dev/lv_dump00<br />
<br />
<u>NTP</u><br />
create missing files with touch:<br />
$ ls -l /home/padmin/config<br />
total 32<br />
-rwxrw---- 1 root staff 730 Jan 06 06:46 ntp.conf<br />
-rwxrw---- 1 root staff 9 Jul 01 2007 ntp.drift<br />
-rwxrw---- 1 root staff 1 Jan 06 06:47 ntp.log<br />
-rwxrw---- 1 root staff 1 Jan 06 06:47 ntp.trace<br />
<br />
add missing things to ntp.conf:<br />
# cat /home/padmin/config/ntp.conf:<br />
server ntp.mydomain.com<br />
driftfile /home/padmin/config/ntp.drift<br />
tracefile /home/padmin/config/ntp.trace<br />
logfile /home/padmin/config/ntp.log<br />
<br />
uncomment ntp line in /etc/rc.tcpip with vi:<br />
start /usr/sbin/xntpd -a '-c /home/padmin/config/ntp.conf' "$src_running"<br />
<br />
<u>TZ (Time Zone)</u><br />
# cat /etc/environment | grep TZ<br />
TZ=Europe/Vienna<br />
<br />
<u>mirror rootvg</u><br />
$ extendvg rootvg hdisk1<br />
$ mirrorios -defer hdisk1<br />
# bosboot -ad hdisk0<br />
# bosboot -ad hdisk1<br />
<br />
<u>dumplv</u><br />
We need 2 dumpdevices with correct name and size (one on hdisk0 one on hdisk1):<br />
lv_dump00 sysdump 8 8 1<br />
lv_dump01 sysdump 8 8 1<br />
<br />
# mklv -t sysdump -y lv_dump01 rootvg 8 hdisk1; sysdumpdev -Ps /dev/lv_dump01<br />
<br />
<u>syslog</u><br />
# vi /etc/syslog.conf<br />
*.debug<span style="white-space: pre;"> </span>/var/log/messages rotate size 1m files 10<br />
auth.debug<span style="white-space: pre;"> </span>/var/log/auth.log rotate size 1m files 10<br />
<br />
# touch /var/log/messages; touch /var/log/auth.log; refresh -s syslogd<br />
<br />
<u>ssh key</u><br />
Remove authorized_keys2 and create authorized_keys file with needed ssh pub key<br />
<br />
<u>add missing adapters</u><br />
(make sure device name numbers are correct)<br />
add 10GB network cards<br />
add FC adapter<br />
<br />
<u>set recommended rules</u><br />
$ rules -o diff -s -d (to view the differences between system and the recommended settings)<br />
$ rules -o deploy -d (deploy the VIOS recommended default setting)<br />
<br />
<u>shutdown+activate LPAR</u><br />
(make sure setting in profile are correct)<br />
$ shutdown<br />
<br />
-----------------------------------------------------------------<br />
<br />
<b><u>Network configuration:</u></b><br />
<br />
In HMC Enhanced GUI Link aggregation and SEA can be fully configured there (no VIOS commands needed)<br />
(this is good if adapter IDs are not important as we cannot specify those there)<br />
<br />
<u>Create LACP Etherchannel: </u><br />
Virtual Networks --> Link Aggr. Devices --> Add device (ieee8023ad)<br />
<br />
<u>Add virtual networks (VLANs)</u><br />
(on HMC the Network Bridge means actually the SEA)<br />
Add a new VLAN: give a name, Bridged, 802.1Qtagging yes, then it will create a new Network Bridge (SEA): Bridge PVID 1, Large Send<br />
When first VLAN is created an additional Virt. Network is also created automatically (with VLAN ID 1), it can be renamed if needed<br />
Add additional VLANs<br />
<br />
----------------------------------------<br />
<b>If manual configuration is needed in command line (dual VIOS setup):</b><br />
<u><br /></u>
<u>Creating Virt. Eth. adapter on HMC (create as many as needed, then save in profile):</u><br />
$ chhwres -r virtualio -m myp950 -p myvio01 -o a -s 100 --rsubtype eth -a "ieee_virtual_eth=1,port_vlan_id=4000,\"addl_vlan_ids=3029,1874\",is_trunk=1,trunk_priority=1"<br />
$ chhwres -r virtualio -m myp950 -p myvio02 -o a -s 100 --rsubtype eth -a "ieee_virtual_eth=1,port_vlan_id=4000,\"addl_vlan_ids=3029,1874\",is_trunk=1,trunk_priority=2"<br />
$ mksyscfg -r prof -m myp950 -p myvio01 -o save -n default --force<br />
$ mksyscfg -r prof -m myp950 -p myvio02 -o save -n default --force<br />
<br />
<u>Creating Etherchannel (Link Aggregation, LACP) on VIOS: </u><br />
$ mkvdev -lnagg ent4 ent5 -attr mode=8023ad hash_mode=src_dst_port<br />
<br />
<u>Creating SEA on VIOS:</u><br />
$ mkvdev -sea ent18 -vadapter ent12 ent14 ent16 ent17 -default ent12 -defaultid 4000 -attr ha_mode=auto<br />
$ chdev -dev ent20 -attr ha_mode=sharing (first VIOS1 after VIOS2)<br />
----------------------------------------<br />
<br />
-----------------------------------------------------------------<br />
<br />
<b><u>Performance tuning:</u></b><br />
<br />
<u>increase buffers for Virt. Eth. adapters in SEA</u><br />
chdev -l ent9 -a max_buf_huge=128 -P<br />
chdev -l ent9 -a min_buf_huge=64 -P<br />
chdev -l ent9 -a max_buf_large=128 -P<br />
chdev -l ent9 -a min_buf_large=64 -P<br />
chdev -l ent9 -a max_buf_medium=512 -P<br />
chdev -l ent9 -a min_buf_medium=256 -P<br />
chdev -l ent9 -a max_buf_small=4096 -P<br />
chdev -l ent9 -a min_buf_small=2048 -P<br />
chdev -l ent9 -a max_buf_tiny=4096 -P<br />
chdev -l ent9 -a min_buf_tiny=2048 -P<br />
<br />
<u>same in 1 liner:</u><br />
# chdev -l ent9 -a max_buf_huge=128 -P; chdev -l ent9 -a min_buf_huge=64 -P; chdev -l ent9 -a max_buf_large=128 -P; chdev -l ent9 -a min_buf_large=64 -P; chdev -l ent9 -a max_buf_medium=512 -P; chdev -l ent9 -a min_buf_medium=256 -P; chdev -l ent9 -a max_buf_small=4096 -P; chdev -l ent9 -a min_buf_small=2048 -P; chdev -l ent9 -a max_buf_tiny=4096 -P; chdev -l ent9 -a min_buf_tiny=2048 -P<br />
<br />
<u>largesend and large_receive</u><br />
On VIO largesend was already turned on, and large_recieve was on "no", so this have to be changed to "yes" (online)<br />
# chdev -l ent10 -a large_receive=yes<br />
<br />
<u>queue_depth for hdisks (if needed)</u><br />
(num_cmd_elems for FC adapters should be already set by VIOS rules)<br />
chdev -l hdiskX -a queue_depth=32 -P<br />
<br />
-----------------------------------------------------------------<br />
<br />
<b>!!! Reboot!!!</b><br />
<br />
-----------------------------------------------------------------<br />
<br />
<u>Additional things may needed:</u><br />
- check LPAR profile (just to be sure config is OK)<br />
- install additional device drivers<br />
- install additional tools like rsync, screen, lsof...<br />
- add VIO server to monitoring tool (like LPAR2RRD)<br />
- set up crontab (for backup scripts ...)<br />
- create a backup<br />
<br />
-----------------------------------------------------------------aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com3tag:blogger.com,1999:blog-5391325129965939458.post-31548053242714141812020-04-06T21:03:00.001+02:002022-04-05T14:06:58.351+02:00HMC - INSTALL, CONFIG<b><u>HMC Install, Config</u></b><br />
<br />
<u><b>HMC network types:</b></u><br />
<br />
<b>HMC has 2 different networks:</b><br />
<b>- private network</b>: for accessing/managing Power servers through the FSP<br />
<b>- open network</b>: this network used for user logins, and each LPAR is doing DLPAR operations through this network<br />
<br />
<b><u>Private networks</u></b><br />
<br />
The only devices on the HMC private network are the HMC itself and each of the managed systems to which that HMC is connected. The HMC is connected to each managed system's FSP (Flexible Service Processor). On most systems, the FSP provides two Ethernet ports labeled HMC1 and HMC2. This allows you to connect up to two HMCs.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7JB1X7mWTtNfcol0ChGwWxNcPd52Zb2RcGnt6YxkTSa-mwdxdp6u1M4wDzuhEmb1Qwh4dZKBORNnXmcS4V55Mr7Qu5UlxLMiNU_BD5ruTQFkiGN7iMrBvPVMYwWJfZtaa0ZirrdGYimrd/s1600/a1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="318" data-original-width="502" height="253" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh7JB1X7mWTtNfcol0ChGwWxNcPd52Zb2RcGnt6YxkTSa-mwdxdp6u1M4wDzuhEmb1Qwh4dZKBORNnXmcS4V55Mr7Qu5UlxLMiNU_BD5ruTQFkiGN7iMrBvPVMYwWJfZtaa0ZirrdGYimrd/s400/a1.JPG" width="400" /></a></div>
<br />
This figure shows a redundant HMC environment with two managed systems. The "blue" HMC is connected to the first port on each FSP, and the "red" (redundant) HMC is connected to the second port. Each HMC is configured as a DHCP server, using a different range of IP addresses. The connections are on separate private networks. As such, it is important to ensure that no FSP port is connected to more than one HMC.<br />
<br />
Each managed system's FSP port that is connected to an HMC requires a unique IP address. To ensure that each FSP has a unique IP address, use the HMC's built-in DHCP server capability. When the FSP detects the active network link, it issues a broadcast request to locate a DHCP server. When correctly configured, the HMC responds to that request by allocating one of a selected range of addresses.<br />
<br />
--------------------------------------<br />
<br />
<b><u>Open networks</u></b><br />
<br />
The open (public) network used for user logins and for DLPAR operations. Connecting to the Internet allows the HMC to "call home" when there are any hardware errors that need to be reported.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHzx_BTmEuZILkc_rUzQULDYH-hpm19tVk_kPXjthKUe6o1-hJpzQ12fWwOlk9yeE_hwCvPcqNVgVL4CcpY6Iznl295O0YrDF-cBv875MpgOK9OL7Qd4gr82eTJCdzkUE9a1j2XcQAx9Ta/s1600/a2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="333" data-original-width="497" height="268" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjHzx_BTmEuZILkc_rUzQULDYH-hpm19tVk_kPXjthKUe6o1-hJpzQ12fWwOlk9yeE_hwCvPcqNVgVL4CcpY6Iznl295O0YrDF-cBv875MpgOK9OL7Qd4gr82eTJCdzkUE9a1j2XcQAx9Ta/s400/a2.JPG" width="400" /></a></div>
<br />
This figure shows two HMCs connected to a single managed server on the private network and to three logical partitions on the public network.<br />
<br />
(If you decide to use a private network, use DHCP, and if you will use an open network to manage an FSP, you must set the FSP’s address manually through the Advanced System Management Interface menus, however a private, non-routable network is recommended.)<br />
<br />
--------------------------------------<br />
<br />
<b><u>INSTALLING AND CONFIGURING A NEW HMC:</u></b><br />
<br />
If this is a new installation, ensure that the managed system is not connected to a power source. If this is a second HMC that is connected to the same managed system, the managed system can be connected to a power source.<br />
<br />
1. Turn on the HMC and wait for the HMC to automatically select the default language and locale preference after 30 seconds.<br />
2. Accept the HMC license agreements and click "Log on and launch the Hardware Management Console web application."<br />
3. Login with hscroot und default-pw abc123<br />
4. Launch "Guided Setup Wizard"<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0BkNweQIuOWhWILGfXMDRL2A3hpD1zG6bSkwq1WFuUEks0bzhrFKZX-eIlgMYZ4YsNOCteIF6KRWcFtNpPQwAw7kaippM4tvvQJ0twNLO_msYtdg6s85FrqBlqrl2nHa04QsMBNno5klZ/s1600/a3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="255" data-original-width="503" height="202" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg0BkNweQIuOWhWILGfXMDRL2A3hpD1zG6bSkwq1WFuUEks0bzhrFKZX-eIlgMYZ4YsNOCteIF6KRWcFtNpPQwAw7kaippM4tvvQJ0twNLO_msYtdg6s85FrqBlqrl2nHa04QsMBNno5klZ/s400/a3.JPG" width="400" /></a></div>
<br />
5. Change date/time/timezone<br />
6. Change default password for hscroot<br />
7. Configure HMC networks<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMWUF_Hb9Bf5zsvsL9j5jfEItTg8oaoQK5CdqFFnUvshdBYnJqB9tlZbeoEYfXBRDRTPm4ByCALrg8lD9bxED2VRKyZHbDzaz7PrjCiKZiiF67HDdVXArwouNqvTYuTLiH_5_K47LdUVpi/s1600/a4.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="183" data-original-width="506" height="144" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgMWUF_Hb9Bf5zsvsL9j5jfEItTg8oaoQK5CdqFFnUvshdBYnJqB9tlZbeoEYfXBRDRTPm4ByCALrg8lD9bxED2VRKyZHbDzaz7PrjCiKZiiF67HDdVXArwouNqvTYuTLiH_5_K47LdUVpi/s400/a4.JPG" width="400" /></a></div>
<br />
<b> eth0 (private network):</b><br />
network type = private network<br />
Speed = default is "Autodetection" (if conn. to a switch, configure it manually: Change network sett. -> LAN Adapter)<br />
Enable DHCP = specify a DHCP address range<br />
(You can configure the HMC to be a DHCP server only on a private network)<br />
<br />
<b>eth1 (public network: hmc-admin interface)</b><br />
network type = public network<br />
speed = default is "Autodetection" (if conn. to a switch, configure it manually: Change network sett. -> LAN Adapter)<br />
setup IP, netmask and gateway<br />
<br />
8. Enable firewall-settings for eth1 (in the eth1 dialog-box)<br />
check or allow the following Services and Ports:<br />
ssh 22:tcp<br />
secure remote web access 443:tcp,8443:tcp,9960:tcp<br />
RMC 657:udp,657:tcp<br />
<br />
9. Leave all other dialogs unchanged and finish changes made by the Wizard.<br />
<br />
10. On the main view click on „HMC-Management“ and do the following:<br />
Enable „Remote Command execution“<br />
Enable „Remote Virtual Terminal“<br />
Enable „Remote Operation“<br />
<br />
11. Reboot the HMC (so configuration changes will be available)<br />
12. Login with the new hscroot password<br />
13. Plug network cables into the HMC and check if HMC is answering DHCP request by plugging the cable to your laptop.<br />
<br />
--------------------------------------<br />
<br />
<b><u>vHMC on Windows</u></b><br />
<br />
(In this procedure I will use Cygwin, which I don't really like, because it is not easy to uninstall, but I could not find other working method. If you try below steps please keep in mind the complexity of uninstallation of Cygwin.)<br />
<br />
Since some years IBM offered the possibility to run HMC on a VM (as an LPAR or in VMware on x86 ...), it is called vHMC (virtual HMC). Earlier the only option was to buy a physical HMC device, where the HMC application was running. With vHMC we download an image and use it on a VM.<br />
<br />
For tests at home Ben Swinney wrote a great document how to run vHMC on Mac computers (http://gibsonnet.net/blog/cgaix/resource/vHMC_running_on_Apple_hardware.pdf) and based on that I tested vHMC on Windows:<br />
<br />
<b>1. install VirtualBox</b><br />
<b>2. download vHMC image from IBM ESS</b> (KVM image has been downloaded, it is a 4GB tar.gz file)<br />
<b>3. unzip </b>(file size was still 4GB) and tried to untar, but untar is not easy on Windows:<br />
The downloaded tar file (beside some other files) contains a disk image file (disk1.img). This disk image is 500GB, but to save disk space it is a special file, called: sparse file. (If a file contains a lots of consecutive "0"s, and if that file is a sparse file, the actual "0"s will not be written on the disk, some method will remember for that, so we can save a lots of disk space.) IBM requirement for a disk in a vHMC is 500GB, but the HMC application is max. 10-20GB, so the rest in that image are a lots of "0"s. (The process to untar and convert that file may need temporarily more space, at first conversion failed with 100GB free space on local drive, so I decided to use an external drive with 1TB free space, but at the end file size will be about 10GB.)<br />
<br />
<u>Windows 10 supports sparse files, but it is not easy to untar a file on Windows and keep it as a sparse file. I used Cygwin:</u><br />
- install cygwin, and start a cygwin terminal<br />
- mount download dir as sparse: <b>mount -o sparse D:/tmp /mnt</b> (my image was in D:\tmp, please note in mount command "/" character is used)<br />
- untar with sparse: <b>tar -Sxvf /mnt/vHMC_KVM_image.tar</b> (ls shows 500GB, but if free space is checked on Win., it shows max 20GB is taken)<br />
<br />
<b>4. convert disk1.img to virtual box compatible vdi file: "C:\Program Files\Oracle\VirtualBox\VBoxManage.exe" convertdd "D:\tmp\disk1.img" "D:\tmp\disk1.vdi"</b><br />
This conversion is done by VBoxManage.exe, which should be installed by default during VirtualBox installation. After the conversion we should have a normal vdi file (not sparse file) with about 10GB:<br />
<br />
<div class="separator" style="clear: both; text-align: left;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivgMJkBbsTsrb1KuSXEG0MeFLwPBpNKAyELRYmG6RrTYIpYjykDkCeVfcBw867LmrfjUYq1CSqDPAyjRXOX9b2YdnwW5LsjT7FoBBtwR2ctdLo6GIVYz4Oc-BmH1Ad4SJZ89J0HeLOyBC7/s1600/a2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="53" data-original-width="737" height="27" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEivgMJkBbsTsrb1KuSXEG0MeFLwPBpNKAyELRYmG6RrTYIpYjykDkCeVfcBw867LmrfjUYq1CSqDPAyjRXOX9b2YdnwW5LsjT7FoBBtwR2ctdLo6GIVYz4Oc-BmH1Ad4SJZ89J0HeLOyBC7/s400/a2.JPG" width="400" /></a></div>
<br />
<b>5. create a VM in Virtualbox.</b> I used these specifics:<br />
- type: Linux, version: Red Hat (64bit)<br />
- Memory size: 4096MB<br />
- using an existing virtual hard disk file (I copied disk1.vdi to VirtualBox VM directory)<br />
After creation (before starting the VM) in Settings:<br />
- in Display change Video Memory to 64MB<br />
- in Audio disable audio<br />
- in Networks enable Adapters (for me it was a test, I did not configure them for real usage):<br />
Adapter 1: NAT with Port Forwarding (in Advanced section): Host IP: 127.0.1.1, Host and Guest port:22, IP I used: 192.168.0.9<br />
Adapter 2: Bridged Adapter with default settings<br />
Adapter 3: Bridged Adapter with default settings<br />
<br />
<b>6. Start VM and follow Guided Setup Wizard to configure your vHMC :)))))</b><br />
Start up time will take longer, but after it should work normally. If network/IP configured correctly it can be accessed remotely:<br />
<div>
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiC3WqflhyzRTzAkmzzWEZkn_QrIMAkidjE0-lwhExnsLRs1pt_Cy3Amp1tXcX-FW2bR9FT2Khu-e7s3l22NVOL6ZI3jOKPTdXeTwFxHxxSrMu4tYcBKDDIu11dqta7Iq4x1Jvoz9y8tNRy/s1600/a5.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="616" data-original-width="989" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiC3WqflhyzRTzAkmzzWEZkn_QrIMAkidjE0-lwhExnsLRs1pt_Cy3Amp1tXcX-FW2bR9FT2Khu-e7s3l22NVOL6ZI3jOKPTdXeTwFxHxxSrMu4tYcBKDDIu11dqta7Iq4x1Jvoz9y8tNRy/s1600/a5.JPG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div>
<br /></div>
--------------------------------------<br />
<br />
<b><u>HMC LDAP configuration</u></b><br />
<br />
By default HMC is using local authentication, but it is possible to change it to LDAP. If LDAP authentication is configured, HMC users needs to be modified to use LDAP. It is also possible that some HMC users use LDAP and others use local authentication. (It is a user parameter (Auhtentication type) which decides how the user should login.)<br />
<br />
<u>Configuring LDAP</u><br />
<b>1. find out ldap server, port and protocol (ldap or ldaps)</b><br />
We need to know the ldap server and ldap or ldaps protocol will be used, and which port can be used for LDAP requests:<br />
<b>Ports: 389 (LDAP) / 636 (LDAPS)</b> <--request information from local domain controller (search in the home domain of the global catalog)<br />
<b>Ports: 3268 (LDAP) / 3269 (LDAPS)</b> <--queries specifically targeted for the Global Catalog (search in the entire forest)<br />
(In below example we will use server myldap.mydomain.org, with ldaps protocol on port 3269)<br />
<br />
<b>2.AD account for LDAP communication with Active Directory</b><br />
An AD user and password is needed, that is used by HMC for LDAP communication. This user does not need to exist on the HMC. When someone wants to login to the HMC, it will connect to AD and performs searches in AD. (In below example we will use HMCAD1 user with password abcd1234.)<br />
<br />
<b>3. Change HMC authentication from local to LDAP</b><br />
For this an HMC user account is needed (like hscroot) with hmcsuperadmin role:<br />
<b>$ chhmcldap -o s --primary 'ldaps://myldap.mydomain.org:3269' --basedn 'DC=mydomain,DC=org' --binddn 'CN=HMCAD1,OU=Functional,OU=Accounts,DC=mydomain,DC=org' --auth ldap --loginattribute 'sAMAccountName' --bindpw 'abcd1234' --scope sub --referrals 1 --automanage 0</b><br />
<br />
<b>4. Check config on HMC</b><br />
<b>$ lshmcldap -r config -v</b><br />
primary=ldap://myldap.mydomain.org:3269,backup=,"basedn=DC=mydomain,DC=org",timelimit=30,bindtimelimit=30,referrals=1,ssl=0,loginattribute=sAMAccountName,hmcauthnameattribute=userPrincipalName,hmcuserpropsattribute=ibm-aixAdminPolicyEntry,"binddn=CN=HMCAD1,OU=Functional,OU=Accounts,DC=mydomain,DC=org",bindpwset=1,automanage=0,auth=ldap,searchfilter=,scope=sub,tlscacert=,hmcgroups=,authsearch=base<br />
<br />
Details:<br />
<br />
Get LDAP Config:<br />
LdapSettings query primary[ldap://myldap.mydomain.org:3269]<br />
LdapSettings query backup {}<br />
LdapSettings query loginattribute[sAMAccountName]<br />
LdapSettings query basedn[DC=mydomain,DC=org]<br />
LdapSettings query timelimit[30]<br />
LdapSettings query timelimit[30]<br />
LdapSettings query referrals[1]<br />
LdapSettings query bindtimelimit[30]<br />
LdapSettings query tlscheckpeer {rc=1, stdOut=QueryTlsCheckPeer: tls_checkpeer not found!<br />
, stdErr=}<br />
LdapSettings query ssl[0]<br />
LdapSettings query binddn[CN=HMCAD1,OU=Functional,OU=Accounts,DC=mydomain,DC=org ]<br />
LdapSettings query bindpw [*************]<br />
LdapSettings query searchfilter[]<br />
LdapSettings query scope[sub]<br />
LdapSettings query pam_authc_search {rc=1, stdOut=, stdErr=_QueryConfigAttr: pam_authc_search not found!<br />
}<br />
LdapSettings query tls_cacert[]<br />
LdapSettings query authnameattribute[userPrincipalName]<br />
LdapSettings query propsattribute[ibm-aixAdminPolicyEntry]<br />
LdapSettings query hmcgroups[]<br />
<br />
<br />
<u>New user creation with LDAP:</u><br />
<b>$ mkhmcusr -i "name=gomaata3,taskrole=hmcsuperadmin,authentication_type=ldap,remote_webui_access=1,description=Super AIX Admin"</b><br />
(Or use HMC GUI: Users and Roles --> Manage User Profiles and Access)<br />
<br />
<br />
<u>Modifying existing user from local authentication to LDAP:</u><br />
<b>$ chhmcusr -i "name=gomaata3,authentication_type=ldap"</b><br />
(Or use HMC GUI: Users and Roles --> Manage User Profiles and Access)<br />
<br />
--------------------------------------<br />
<br />
<b><u>Determining HMC adapter names:</u></b><br />
<br />
If you set up a DHCP server, that server can operate only on eth0 and eth1.(You might need to determine which adapter to plug the ethernet cable into.)<br />
<br />
To determine the name the HMC has assigned to an Ethernet adapter, do the following:<br />
1. Open the restricted shell terminal. Select HMC Management -> Open Restricted Shell Terminal.<br />
2. Type the following at the command line: tail -f /var/log/messages<br />
3. Plug in your Ethernet cable. (If the cable was already plugged in, then unplug it, wait 5 seconds, and plug in the cable again.)<br />
5. You will see a similar output on the console: Aug 28 12:41:20 termite kernel: e1000: eth0: e1000_watchdog: NIC Link is Up 100.<br />
6. Repeat this procedure for all other Ethernet ports, and record your results.<br />
7. Type Ctrl+C to stop thetailcommand.<br />
<br />
--------------------------------------<br />
<br />
<b><u>Testing the connection between the HMC and the managed system:</u></b><br />
<br />
This option enables you to verify that you are properly connected to the network:<br />
(to test network connectivity, you must be a member of super administrator or service representative)<br />
1. In the Navigation area, click HMC Management.<br />
2. Click Test Network Connectivity.<br />
3. In the Ping tab, type the host name or IP address of any system to which you want to connect. To test an open network, type the gateway.<br />
4. Click Ping.<br />
<br />
--------------------------------------<br />
<br />
<b><u>put ssh_key to HMC (passwordless login as hscroot)</u></b><br />
<br />
<b>version 1:</b><br />
- scp hscroot@hmc_name:.ssh/authorized_keys2 temp_hmc<br />
- cat id_rsa.pub >> temp_hmc<br />
- scp temp_hmc hscroot@hmc_name:.ssh/authorized_keys2<br />
- Test it: ssh hscroot@hmc_name date<br />
<br />
<b>version 2:</b><br />
scp id_rsa.pub hmc9: <--copy your public key to hmc<br />
ssh hmc9 <--login to hmc (it will ask for a password at this time)<br />
KEY=`cat id_rsa.pub` <--put in the cat command to a variable<br />
mkauthkeys -a "$KEY" <--puts the public key into authorized_keys file<br />
ssh hmc9 <--logint without a password<br />
<br />
--------------------------------------<br />
<br />
<b><u>NTP configuration on a HMC</u></b><br />
<br />
<b># lshmc -r -Fxntp,xntpserver </b> <--check if ntp service is enabled: enable,<ntp_server_name> (/var/log/ntp logfile can be checked as well)<br />
<b># chhmc -c xntp -s add -a <ntp_server_name></b> <--configure ntp service and add ntp server to HMC<br />
<b># chhmc -c xntp -s enable </b> <--activate NTP service<br />
<br />
--------------------------------------<br />
<br />aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com2tag:blogger.com,1999:blog-5391325129965939458.post-43067958176912301612020-04-03T19:08:00.003+02:002022-04-05T14:06:35.729+02:00POWERVC - MAINTENANCE<b><u>PowerVC Upgrade/Install</u></b><br />
<br />
After extracting the content of the downloaded package, the same install script will be used for installing or upgrading PowerVC. This script will recognize if PowerVC is already installed. (If we do an upgrade, one of the steps during the upgrade is to uninstall current PowerVC version and then install the new one.)<br />
<br />
<b><u>0. Backup</u></b><br />
- vmware snapshot<br />
<br />
<br />
<b><u>1. Red Hat update if needed</u></b> (for PowerVC 1.4.4 minimum RHEL 7.7. is needed):<br />
<b> # cat /etc/redhat-release</b><br />
Red Hat Enterprise Linux Server release 7.6 (Maipo)<br />
<br />
<b> # sudo yum check-update</b><br />
<b> # sudo yum update -y</b><br />
<b> # sudo shutdown -r now</b><br />
<br />
<u>Updating to a specific release with "releasever" parameter:</u><br />
(system should be registered with subscription manager, if releasever is not specified, system will be updated to latest major release)<br />
<b> # yum --releasever=7.7 update</b><br />
<br />
<br />
<b><u>2. PowerVC Install/Upgrade</u></b><br />
- download tgz (from ESS)<br />
- copy to PowerVC node and<br />
- as root:<br />
<b> # tar -vzxf …</b><br />
<b> # cd <local directory>/powervc-1.4.4.0/</b><br />
<b> # ./install</b><br />
<br />
<b> Upgrade/Install complained about these missing prerequisites:</b><br />
<b>- missing python packages</b>: # yum install python-fpconst-0.7.3-12.el7.noarch.rpm python-twisted-core-12.2.0-4.el7.x86_64.rpm python-twisted-web-12.1.0-5.el7_2.x86_64.rpm python-webob-1.2.3-7.el7.noarch.rpm python-webtest-1.3.4-6.el7.noarch.rpm python-zope-interface-4.0.5-4.el7.x86_64.rpm SOAPpy-0.11.6-17.el7.noarch.rpm<br />
<b>- disabling epel repository</b>: # /usr/bin/yum-config-manager --disable epel<br />
<b>- disabling ipv6 kernel module</b>: # export ERL_EPMD_ADDRESS=::ffff:127.0.1.1<br />
<b>- disabling IPv6 entirely:</b> export EGO_ENABLE_SUPPORT_IPV6=N<br />
<br />
If everything is fine, it will do the upgrade… ask license, firewall questions etc, logs can be checked in /opt/ibm/powervc/log<br />
(as I saw during upgrade it uninstalled current PowerVC, then did a new installation.)<br />
# if it is a new installation it will ask edition: Standard, Cloud PowerVC Manager<br />
# License text --> press 1 and Enter<br />
# Do you want the IBM PowerVC setup to configure the firewall? 1-Yes or 2-No? 2<br />
# Continue with the installation: 1-Yes or 2-No? 1<br />
<br />
<br />
It will take long (about an hour) until it is finished and output will show something like this:<br />
...<br />
...<br />
...<br />
Installation task 7 of 7<br />
<br />
Done with cleanup actions.<br />
<br />
The validation of IBM PowerVC services post install was successful.<br />
<br />
************************************************************<br />
IBM PowerVC installation successfully completed at 2020-01-22T17:41:07+01:00.<br />
Refer to /opt/ibm/powervc/log/powervc_install_2020-01-22-170753.log for more details.<br />
<br />
Use a web browser to access IBM PowerVC at<br />
https://powervc.lab.domain.org<br />
<br />
Firewall configuration may be required to use PowerVC.<br />
Refer to the Knowledge Center topic 'Ports used by PowerVC'.<br />
<br />
************************************************************<br />
<br />
<br />
================================<br />
<br />
<br />
<b><u>Removing and adding back SSP to PowerVC</u></b><br />
<br />
Once PowerVC behaved strangely when Image or Volumes were created (it was hanging, new items did not show up) and IBM recommendation was to remove SSP from PowerVC then adding back should help. (Below steps will not delete data from SSP, the volumes and all data in SSP will remain there, these will be removed from PowerVC only.)<br />
<br />
<br />
<b>1.Backup PowerVC</b><br />
- powervc-backup: https://www.ibm.com/support/knowledgecenter/en/SSXK2N_1.4.3/com.ibm.powervc.standard.help.doc/powervc_backup_data_hmc.html<br />
<span style="white-space: pre;"> </span><br />
<b>2.in PowerVC UI record details (print screen)</b><br />
- each network: name,vlan id, subnet mask, dns,ip range, SEA mappings , SR-IOV mappings<br />
- each host: display name, management server (hmc or novalink name), DRO options, Remote restart value<br />
- each image in SSP: name of the image, OS type, version, details of each VOLUME in that image: volume details, wwn, storage provider name, storage id name etc.<br />
- export images to file from SSP:<br />
# cd /var/vio/SSP/SSP_Cluster_1/D_E_F_A_U_L_T_061310/IM<br />
# dd if=volume-Image_AIX-72_TMP_volume_1-61475a18-3726.fdb060e56143f9e7408e2ffe78de92ea of=/backup/powervc_image_dd/AIX-61_TMP bs=1M<br />
<br />
<br />
Next steps will impact powervc management - NO impact on running VMs or systems<br />
<br />
<b>3.Unmanage all VMs and Hosts </b><br />
- in Virtual Machines: unmanage each VM<br />
- in Hosts: "remove host" on each host which uses the SSP<br />
- confirm SSP no longer exists in storage view of PowerVC UI<br />
<span style="white-space: pre;"> </span><br />
<b>4. Remove HMC</b><br />
- record details of HMC: hmc name and ip, user id, password<br />
- from hosts view of PowerVC click on the HMC connections tab, remove the HMC which had hosted the SSP<br />
<br />
VMs, Hosts, Storage and Images have been removed from PowerVC, next steps will rebuild the environment.<br />
<br />
<b>5. Add back HMC and hosts</b><br />
- in Hosts view, HMC connections tab, click add HMC: enter hmc name, ip , user and password<br />
- in Hosts view, add host, leave hmc as connection type, select HMC addeded above<br />
- Select to add all hosts<br />
<br />
<b>6. Confirm SSP was added back to PowerVC</b><br />
- in storage view SSP should exist again<br />
<br />
<b>7. Create networks (if needed)</b><br />
- adding hosts will "discover" networks defined, any manually created networks may be recreated.<br />
<span style="white-space: pre;"> </span><br />
<b>8. Recreating images</b> (https://www.ibm.com/support/knowledgecenter/en/SSXK2N_1.4.3/com.ibm.powervc.standard.help.doc/powervc_manually_import_export_volumes_hmc.html)<br />
- PowerVC cannot "discover" the old images that existed, the volumes from those images remain in the SSP<br />
To import the volume from a file to SSP:<br />
# create a volume<br />
# cd /var/vio/SSP/SSP_Cluster_1/D_E_F_A_U_L_T_061310/VOL1<br />
dd if=/backup/powervc_image_dd/AIX-61_TMP of=volume-AIX-61_TMP-ci-4043e86a-8e35.5249022804b1cebcc0bbf569fd2b5bd3 bs=1M<span style="white-space: pre;"> </span><br />
<br />
<b>9. Validate the environment</b><br />
<br />
================================aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com2tag:blogger.com,1999:blog-5391325129965939458.post-3540624009343904332020-04-01T19:05:00.004+02:002022-04-05T14:03:00.969+02:00HA - SMUI<br />
<b><u>SMUI (System Mirror User Interface)</u></b><br />
<br />
PowerHA V7.2 includes a browser-based GUI to monitor cluster environments, which is called PowerHA SMUI.<br />
<br />
SMUI provides following functions:<br />
- Monitors the status for all clusters, sites, nodes, and RGs in your environment.<br />
- Scans event summaries and reads a detailed description for each event.<br />
- Searches and compares log files. We can search in hacmp.out, cluster.log, clstrmgr.debug, syslog,caa....T<br />
- View properties for a cluster (version, node names, repository disk information)<br />
- We can create zones to split clusters by geographical location, by business areas etc..<br />
- With the Health Summary, the health of our cluster is visualized<br />
<br />
====================================<br />
<br />
<b><u>Installation:</u></b><br />
<br />
<b>SMUI clients</b>: A node that is part of an AIX or Linux PowerHA cluster.<br />
<b>SMUI server:</b> A server running Linux or AIX that provides SMUI.<br />
<br />
Although the SMUI server can be a cluster node, it a best practice to place it on a separate stand-alone AIX or Linux system. Also, ideally the SMUI server must have internet access to download more open source packages as required.<br />
<br />
Packages installed on SMUI server:<br />
cluster.es.smui.common 7.2.3.0<br />
cluster.es.smui.server 7.2.3.0<br />
<br />
<br />
Packages installedon SMUI client (PowerHA nodes):<br />
cluster.es.smui.agent 7.2.3.0<br />
cluster.es.smui.common 7.2.3.0<br />
<br />
Then folllowed this:<br />
<br />
#######################################################################<br />
#######################################################################<br />
##<br />
## The IBM PowerHA SystemMirror for AIX graphical user interface<br />
## (GUI) server installation is starting. To complete the process,<br />
## you must install additional files when the installation completes.<br />
## These additional files were not included in the server fileset<br />
## because they are licensed under the General Public License (GPL).<br />
## However, they are necessary in order for the GUI server to run.<br />
## You can automatically download the required files by running the<br />
## following script:<br />
##<br />
## /usr/es/sbin/cluster/ui/server/bin/smuiinst.ksh<br />
##<br />
## If smuiinst.ksh is behind a firewall, but you have a proxy, the<br />
## "-p" flag can be used to specify an HTTP proxy (the "http_proxy"<br />
## environment variable is also honored). Run "smuiinst.ksh -h -v"<br />
## to get more information.<br />
##<br />
## If no proxy is available, the smuiinst.ksh script can be copied<br />
## to a system outside of the firewall and used from there to<br />
## download the needed files (using the "-d" flag). Those files can<br />
## then be transferred to the GUI server system and installed using<br />
## "smuiinst.ksh -i". Note that the external system does not have to<br />
## be AIX-based, but must have basic UNIX tools support, along with<br />
## PERL 5.<br />
##<br />
## This is a one-time only setup procedure. Once it is done, it will<br />
## not need to be repeated.<br />
##<br />
#######################################################################<br />
#######################################################################<br />
<br />
I installed these manually with yum (not these versions but higher versions)<br />
"info-4.13-3.aix5.3.ppc.rpm" is partially downloaded.<br />
"cpio-2.11-2.aix6.1.ppc.rpm" appears to be downloaded already.<br />
"readline-6.2-2.aix5.3.ppc.rpm" is partially downloaded.<br />
"libiconv-1.13.1-2.aix5.3.ppc.rpm" is partially downloaded.<br />
"bash-4.2-5.aix5.3.ppc.rpm" is partially downloaded.<br />
"gettext-0.17-6.aix5.3.ppc.rpm" is partially downloaded.<br />
"libgcc-4.9.2-1.aix6.1.ppc.rpm" is partially downloaded.<br />
"libgcc-4.9.2-1.aix7.1.ppc.rpm" is partially downloaded.<br />
"libstdc++-4.9.2-1.aix6.1.ppc.rpm" is partially downloaded.<br />
"libstdc++-4.9.2-1.aix7.1.ppc.rpm" needs to be retrieved.<br />
<br />
<br />
libgcc, libstdc can be downloaded from http://www.bullfreeware.com/pkg?id=2289<br />
<br />
Tried this as well: /usr/es/sbin/cluster/ui/server/bin/smuiinst.ksh -i /home/labuser<br />
After the installation completed successfully, opened a web browser and used this URL (IP is the address where SMUI is installed): <b>https://10.10.42.47:8080/#/login</b><br />
<br />
After login first I had to create zone then add cluster to that zone using hostname.....<br />
<br />
====================================aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0tag:blogger.com,1999:blog-5391325129965939458.post-53555353479737356532020-04-01T19:03:00.001+02:002022-04-05T14:02:40.825+02:00HA - RESOURCES<br />
<b><u>Resource, Resource Group </u></b><br />
<br />
<b>Resources</b>: File systems, service IPs, applications... which are highly available (These can be moved from one node to another.)<br />
<b>Resource Group (RG)</b>: Those resources which are grouped together, and moved together during a failover<br />
<b>Default node priority</b>: The order in which the nodes are defined in the RG. A RG with default attributes will move from node to node in this order as each node fails.<br />
<b>Home node</b>: The highest priority node in the default node list. RG will initially be activated there. (It is not the node where the RG is currently active on.)<br />
<b>Fallover</b>: The process of moving a RG that is online on one node to another node in the cluster in response to an event.<br />
<b>Fallback</b>: The process of moving a RG that is currently online on a node that is not its home node, to a re-integrating node.<br />
<b>Node failure:</b> If a node fails, the RGs that were active on that node are distributed among the other nodes in the cluster, depending on their fallover policies.<br />
<b>Node recovery</b>: When a node recovers and is reintegrated into the cluster, RGs can be reacquired depending on their fallback policies.<br />
<br />
------------------------------------<br />
<br />
<b>Resource group (RG)</b><br />
<br />
Resource groups allow PowerHA to manage resources as a single entity. For example, an application can consist of start and stop scripts, a database, and an IP address. These resources are then included in a resource group for PowerHA to control as a single entity. PowerHA ensures that resource groups remain highly available by moving them from node to node.<br />
<br />
<u>Resource group states:</u><br />
<b>- Online</b>: The RG is currently operating properly on one or more nodes in the cluster.<br />
<b>- Offline:</b> The RG is not operating and currently not in error condition (the user may requested this state or dependencies were not met)<br />
<b>- Acquiring:</b> A RG is currently coming up on a node. In normal conditions status changes to Online.<br />
<b>- Releasing:</b> The RG is in the process of being released (going down). In normal conditions after released, the status changes to offline.<br />
<b>- Error</b>: The resource group has reported an error condition. User interaction is required.<br />
<b>- Unknown:</b> The RG’s current status cannot be obtained, possibly because of loss of communication, or a resource group dependency is not met...<br />
<br />
Each node that joins the cluster automatically attempts to bring online any of the resource groups that are in the ERROR state.<br />
<br />
<u>Start up options:</u><br />
<b>- Online on home node only</b>: The RG is brought online when its home node joins the cluster. If home node isn't available, it stays offline<br />
<b>- Online on first available node:</b> The RG is brought online when the first node in its node list joins the cluster.<br />
<b>- Online on all available nodes</b>: The RG is brought online on all nodes in its node list as they join the cluster.<br />
<b>- Online using distribution policy</b>: The RG is brought online only if the node has no other resource group of this type already online.<br />
<br />
<u>Fallover options:</u><br />
<b>- Fall over to next priority node in list</b>: The RG falls over to the next node in the resource group node list.<br />
<b>- Fallover using dynamic node priority</b>: The RG will be aquired by that node which has for example most free memory, most free cpu...user script is also possible<br />
<b>- Bring offline, on error node only</b>: The RG is brought offline in the event of an error. This option is designed for RGs that are online on all available nodes.<br />
<br />
<u>Fallback options: (when a node joins back the cluster)</u><br />
<b>- Fall back to higher priority node in list:</b> The RG falls back to a higher priority node when it joins the cluster.<br />
<b>- Never fall back:</b> The RG does not move if a high priority node joins the cluster. RGs with online on all available nodes must be configured with this option.<br />
<br />
------------------------------------<br />
<br />
<b><u>Resource Group attributes during Startup,Fallover,Fallback</u></b><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEim8yzzlfkiezvXU1vffrJVszG-ppHex_onBm0MZAulOF-8nVJoQEqMmJo_WBl8L16LZ6w-BzVBfickcW5pVFMeU9jdkmyoucI034q1zDtFuGsJSr8-iDoS8e0kBUqeHSevJ5z4ZZpIS7rw/s1600/a7.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="298" data-original-width="687" height="277" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEim8yzzlfkiezvXU1vffrJVszG-ppHex_onBm0MZAulOF-8nVJoQEqMmJo_WBl8L16LZ6w-BzVBfickcW5pVFMeU9jdkmyoucI034q1zDtFuGsJSr8-iDoS8e0kBUqeHSevJ5z4ZZpIS7rw/s640/a7.JPG" width="640" /></a></div>
<br />
<b>Settling time</b><br />
If a RG has the setting of "online on first available node", settling time ensures that a RG does not start on an early integrated node that is low in its priority list, then keep falling over to higher priority nodes as they integrate. If the settling time is set for a resource group and the node that integrates into the cluster is its highest priority node then it goes online immediately, otherwise it waits the settling time to see if another higher priority node joins.<br />
<br />
<b>Delayed fallback timers</b><br />
Configures the frequency for a fallback operation, which can be daily, weekly, monthly, yearly. Fallback will happen at the configured time.<br />
<br />
<b>Distribution policy</b><br />
This node-based distribution policy ensures that on cluster startup, each node will acquire only one resource group with this policy set.<br />
<br />
<b>Resource group processing order</b><br />
If a node is attempting to bring more than one resource group online, the default behavior is to merge all the resources into one large resource group and then process them as one “resource group.” This is called parallel processing, although it is not true parallel processing because it is single thread. This default behavior can be altered and serial processing can be specified for particular resource groups by specifying a serial acquisition list. This order defines only the order of processing on a particular node, not across nodes. If serial processing is set, the specified RGs are processed in order, RGs containing only NFS mounts are processed in parallel. The reverse order is used on release.<br />
<br />
------------------------------------<br />
<br />
<b><u>Resource group dependencies</u></b><br />
<br />
An example for RG dependencies, when a database must be online before the application server is started. If the database goes down and falls over to a different node, the RG that contains the application server will also be brought down and back up on any of the available cluster nodes. If the fallover of the database RG is not successful, then both RGs (database and application) will be put offline.<br />
<br />
<u>Resource group dependencies (combination of two out of three types of RG dependency can be set):</u><br />
<b>- Parent/child dependency</b>: a RG cannot be started until a particular RG is already active<br />
<b>- Location dependency</b>: certain RGs will be always online on the same node or on different nodes<br />
<b>- Start/stop after dependency</b>: similar to parent/child dependency, but based on the setting during start or stop RGs can be processed together<br />
<br />
<br />
<b>Parent/Child dependency:</b><br />
A parent/child dependency allows binding resource groups in a hierarchical manner. A child resource group depends on a parent resource group. The parent resource group must be online before any of its children can be brought online. If the parent resource group is to be taken offline, the children must be taken offline first. There can be only three levels of dependency for resource groups. A resource group can act both as a parent and a child. You cannot specify circular dependencies among resource groups. It is important to have startup application monitors for the parents. After the startup application monitor confirmed that the application has successfully started, the processing of the child resource groups can then continue.<br />
<br />
<b>Location dependency</b><br />
It ensure that RGs will always be online on the same node or on different nodes (or sites).<br />
- Online on same node: A RG can be brought online on the node where other RGs in the same set are already online<br />
- Online on different nodes: The specified RGs will be distributed on different nodes.<br />
- Online on same site: A RG can only be brought online on a site where other RGs with this dependency are currently in an online state<br />
<br />
<b>Start/Stop after dependency</b><br />
- Start after dependency: The target RG must be online before a source (dependent) RG can be activated. There is no dependency when releasing RGs, they are released in parallel.<br />
- Stop after dependency: Te target RG must be offline before a source (dependent) RG can be brought offline. There is no dependency when acquiring RGs and they are acquired in parallel.<br />
<br />
<u>Set or display the RG dependencies (clrgdependency):</u><br />
# clrgdependency -t [PARENT_CHILD | NODECOLLOCATION | ANTICOLLOCATION |SITECOLLOCATION ] -sl<br />
# clrgdependency -t PARENT_CHILD -sl<br />
#Parent Child<br />
rg1 rg2<br />
rg1 rg3<br />
<br />
Another way to check is by using the odmget HACMPrg_loc_dependency command.<br />
<br />
------------------------------------aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0tag:blogger.com,1999:blog-5391325129965939458.post-2190567683479868432020-04-01T18:49:00.001+02:002022-04-05T14:02:14.228+02:00HA - NFS<b><u>NFS</u></b><br />
<br />
<div style="text-align: justify;">
PowerHA provides highly available NFS services, which allows the backup NFS server to recover the current NFS activity if the primary NFS server fails. This feature is available only for two-node clusters when using NFSv2/NFSv3, and more than two nodes when using NFSv4. If NFS exports are defined through PowerHA, all NFS exports must be controlled by PowerHA. AIX and PowerHA NFS exports cannot be mixed. NFS information is kept in /usr/es/sbin/cluster/etc/exports, which has the same format as the AIX exports file (/etc/exports).</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
When configuring NFS through PowerHA, you can control these items:</div>
<div style="text-align: justify;">
- The network that PowerHA will use for NFS mounting.</div>
<div style="text-align: justify;">
- NFS exports and mounts at the directory level.</div>
<div style="text-align: justify;">
- the field “file systems mounted before IP configured” must be set to true (this prevents client access before needed)</div>
<div style="text-align: justify;">
- default is to export filesystems rw to the world, in /usr/es/sbin/cluster/etc/exports you can control that</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3F5BYTiSBAttObeZVkS-1nMNt9D6P8WSXkXmxBT6JQcEJ5Ey4mAfQd4u9rr0a3ciGPf_wGNdrSYkenK09P8tjCkxbSVPOqXqXU0cg9mDXvvycRE9hMWDWP_CDmg3YTJY8_V6LZAI8He8-/s1600/a6.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="457" data-original-width="719" height="406" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg3F5BYTiSBAttObeZVkS-1nMNt9D6P8WSXkXmxBT6JQcEJ5Ey4mAfQd4u9rr0a3ciGPf_wGNdrSYkenK09P8tjCkxbSVPOqXqXU0cg9mDXvvycRE9hMWDWP_CDmg3YTJY8_V6LZAI8He8-/s640/a6.JPG" width="640" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
-------------------------------------------</div>
<div style="text-align: justify;">
</div>
<div style="text-align: justify;">
<b><u>NFS cross-mounts</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
By default, NFS exported file systems, will automatically be cross-mounted (so each node will be an NFS client). This means, that the node that is hosting the resource group mounts the file systems locally, NFS exports them, and NFS mounts them (This node becomes NFS server and NFS client at the same time.) All other nodes of the resource group simply NFS-mount the file systems, thus becoming NFS clients. If the resource group is acquired by another node, that node mounts the file system locally and NFS exports them, thus becoming the new NFS server.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Syntax for configuration: /a; /fsa (/a: local mount point; /fsa: exported dir)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
For example:</div>
<div style="text-align: justify;">
Node1 with service IP label svc1 will locally mount /fsa and NFS exports it.</div>
<div style="text-align: justify;">
Node1 will also NFS-mount svc1:/fsa on /a</div>
<div style="text-align: justify;">
Node2 will NFS-mount svc1:/fsa on /a</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
-------------------------------------------</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>NFS tiebreaker</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
When we use a linked cluster (where the cluster nodes are located at different geographical sites), there is an option to use a tiebreaker disk or NFS tiebreaker.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
A cluster split event splits the cluster into two (or more) partitions, each of them containing one or more cluster nodes. The resulting situation is commonly referred to as a split-brain situation. In a split-brain situation, the two partitions have no knowledge of each other’s status, each of them considering the other as being offline. As a consequence, each partition tries to bring online the other partition’s resource groups (RGs), thus generating a high risk of data corruption.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
When a split-brain situation occurs, each partition attempts to acquire the tiebreaker by placing a lock on the tiebreaker disk or on the NFS file. The partition that first locks the SCSI disk or reserves the NFS file wins, and the other loses. All nodes in the winning partition continue to process cluster events, and all nodes in the losing partition attempt to recover according to the defined split and merge policies. (most probably restarting the cluster services)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
-------------------------------------------</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0tag:blogger.com,1999:blog-5391325129965939458.post-27950058079347934822020-03-26T18:44:00.002+01:002022-04-05T14:01:52.916+02:00HA - RSCT<div style="text-align: justify;">
<b><u>RSCT (Reliable Scalable Cluster Technology)</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
RSCT (as its name says) is a sort of Cluster Technology. It comes with AIX by default (no additional installation is needed) and it consists of several low-level components (daemons, subsystems). These components create a basic cluster environment (with nodes and heartbeat between these nodes etc.) which is monitored by RSCT. If a node crashes an event is generated and RSCT informs the RSCT-aware client. (PowerHA, or more precisely the cluster manager (clstrmgrES) is itself an RSCT-aware client). Historically RSCT was a separate product, but starting with AIX 5.1 it is shipped with the operating system. On AIX 7.2 the actual RSCT fileset version is 3.2. It is possible to check/remove the RSCT filesets, which name is like rsct... (lslpp -l | grep rsct), and as a comparison to CAA, CAA is built into AIX so inherently, that is is part of the Base Operating System (CAA is contained in bos.cluster... filesets).</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The key point here is that RSCT provides services, such as cluster monitoring, which is used by PowerHA and PowerHA provides "high availability services" to applications. For example, responding to an unexpected event, it is necessary to know when it occurs. This is the job of the RSCT to monitor for certain failure. Beside PowerHA, RSCT-aware clients are GPFS, SSP or the HMC too.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<u>RSCT’s role in a PowerHA cluster is to provide:</u></div>
<div style="text-align: justify;">
- Failure detection and diagnosis for topology components (nodes, networks, and network adapters)</div>
<div style="text-align: justify;">
- Notification to the cluster manager of events</div>
<div style="text-align: justify;">
- Coordination of the recovery actions (fallovers, fallbacks and dealing with individual NIC failures by moving or swapping IP addresses)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
We can use the ctversion command to finnd out which version of RSCT is running on a particular AIX (or lslpp):</div>
<div style="text-align: justify;">
<b># /opt/rsct/install/bin/ctversion</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
==================================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>RSCT components</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG1P_b5AV96lZ2lIwWqkHVcpRrLX9OST7PAccAD6yon17eniHYeZu6i4YrB7VjVh4ijgLwV8f9S17UoQQILkCkBFcXD1fzp3cBtozZvDXij3ZpVZr30VIhJXyZgI9U3eX26fLc2S-CQDNl/s1600/Capture1.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="407" data-original-width="785" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhG1P_b5AV96lZ2lIwWqkHVcpRrLX9OST7PAccAD6yon17eniHYeZu6i4YrB7VjVh4ijgLwV8f9S17UoQQILkCkBFcXD1fzp3cBtozZvDXij3ZpVZr30VIhJXyZgI9U3eX26fLc2S-CQDNl/s1600/Capture1.JPG" /></a></div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<u>The main RSCT components are:</u></div>
<div style="text-align: justify;">
<b>Resource</b>: A resource is the fundamental concept of the RSCT architecture; it is an instance of a physical or logical entity. Examples of resources include lv01 on node A, Ethernet device en0 on node B, and IP address 9.117.7.21. A set of resources that have similar characteristics is called a resource class.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Resource Monitoring and Control (RMC):</b> This is the main component in RSCT. RMC can be configured to monitor resources (disk space, CPU usage, processes etc.) and perform an action in response to a defined condition. For example, using the RMC API or CLI it is possible to create conditions or events which will automatically expand a file system if its usage exceeds 95 percent. These events are created based on the messages received from the Resource Managers. RMC also coordinates between the various RSCT components.<br />
<br />
<b>Resource Managers (RMs):</b> Resource Managers are software layers between a resource (for example a filesystem) and RMC. RMs are managed by RMC. They are making the actual commands for each resource and then sending data to the RMC. For example there are File System Resource Manager, Host Resource Manager, Audit Log Resource Manager, Event Response Resource Manger ...</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Security Services:</b> This provides the security infrastructure that enables RSCT components to authenticate. (These days only RMC and the Resource Managers are using the RSCT security services)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Group Services:</b> Group Services is responsible for coordinating and monitoring changes across all cluster nodes and ensures all of them finished properly. Group Services is a client of RMC and CAA (or Topology Services). In a PowerHA setup, CAA (in earlier PowerHA versions the Topology Services) sends information to the Group Services, which reports the failures to the PowerHA Cluster Manager(clstrmgrES). From Group Services point of view the "application running on multiple nodes" is the Cluster Manager. Then the Cluster Manager makes cluster-wide coordinated responses to the failure. (The PowerHA cluster manager is an RSCT client and it registers itself with both the RMC and the Group Services. After an event has been reported to the PowerHA Cluster Manager, it responds to this event with recovery commands and event scripts. These scripts are coordinated via the Group Services.)<br />
<br />
<b>Topology Services:</b> This provides node and network monitoring and failure detection (heartbeats). It is responsible for building heartbeat rings for the purpose of detecting and reporting important informations to the Group Services, which then reports them to the Cluster Manager. In the heartbeat ring, each Topology Services daemon sends a heartbeat message to one of its neighbors and expects to receive a heartbeat from another. In this system of heartbeat messages, each member monitors one of its neighbors. If the neighbor stops responding, the member that is monitoring it will send a message to the "group leader". Topology Services is also responsible for the transmission of any RSCT-related messages between cluster nodes. After PowerHA 7.1.0, the RSCT topology service is deactivated and all its functions are performed by CAA topology services.<br />
<div>
<br /></div>
</div>
<div style="text-align: justify;">
==================================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>RSCT domains</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
RSCT can provide 2 types of "clusters", which are called in RSCT terminology: domains. Depending on the status of the nodes (if all of them are on equal level or if there is a special control node between them) these 2 RSCT domains exist: management domain and peer domain.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Management Domain</b>: (set of nodes that is configured for manageability or monitoring)</div>
<div style="text-align: justify;">
An RSCT management domain is a set of nodes that can be managed and monitored from one of the nodes, which is designated as the management control point (MCP). Except the MCP all other nodes are considered to be managed nodes. Topology Services and Group Services are not used in a management domain.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Peer Domain</b>: (set of nodes that is configured for high availability)</div>
<div style="text-align: justify;">
An RSCT peer domain is a set of nodes that have a knowledge of each other, and they share resources between each other. On each node within the peer domain, RMC depends on Topology Services, Group Services, and cluster security services. If PowerHA V7 is installed, Topology Services are not used, and CAA is used instead. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The general difference between them is the relationship between the nodes. In a peer domain, all nodes are considered equal and any node can monitor and control (or be monitored and controlled) by any other node. In a management domain, a management node is aware of all nodes it is managing but the nodes themselves know nothing of each other.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<u>Combination of management and peer domains</u></div>
<div style="text-align: justify;">
We can have a combination of management domains and peer domains. This example shows one Hardware Management Console (HMC) that is managing three LPARS. The HMC and Node A, Node B and NodeC are creating a Management Domain. Additionally on Node B and on Node C PowerHA is installed, so these 2 nodes are making a peer domain too. In a Power Systems environment, the HMC is always the management server (MCP) in the RSCT management domain. LPARs are automatically configured as managed nodes.</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhK0Gpq6fIQYLL63kCiDtK6TWckUm-xkv1lgzBi63XFjoKxqX8TXclefi4wOzF7eIL09O_rQe7EdblgYJphTdKni5MlDdMUWOBsy3p_2lTYbzK2fAmMosZBTbJORX_WhFBR7i3WvfxRERB/s1600/Capture2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="392" data-original-width="607" height="258" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhhK0Gpq6fIQYLL63kCiDtK6TWckUm-xkv1lgzBi63XFjoKxqX8TXclefi4wOzF7eIL09O_rQe7EdblgYJphTdKni5MlDdMUWOBsy3p_2lTYbzK2fAmMosZBTbJORX_WhFBR7i3WvfxRERB/s400/Capture2.JPG" width="400" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
==================================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>RSCT and CAA</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Cluster Aware AIX (CAA) introduces clustering capabilities to AIX (setup of a cluster, detecting the state of nodes and interfaces). When RSCT operates on nodes in a CAA cluster, a peer domain is created that is equivalent to the CAA cluster, and can be used to manage the cluster by using peer domain commands. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Only one CAA cluster can be defined on a set of nodes. Therefore, if a CAA cluster is defined then the peer domain that represents it is the only peer domain which can exist there. If no CAA cluster is configured, then existing and new peer domains can also be used. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
A CAA cluster and the equivalent RSCT peer domain operate hand in hand such that a change made to the CAA cluster by using CAA commands, is reflected automatically in the corresponding peer domain; similarly the existing peer domain commands result in equivalent changes to the CAA cluster. So, for example, when you create a CAA cluster by using mkcluster command, the equivalent peer domain also gets created, the same way if we used the mkrpdomain RSCT command. Similarly node add and delete operations that use either peer domain or cluster commands are applied to both the CAA cluster and the peer domain.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Starting with RSCT version 3.1.0.0, the Group Services subsystem can operate in a Cluster Aware AIX (CAA) environment. In this environment, Group Services rely on the CAA to provide node and adapter liveness information and node-to-node communication, thus removing its dependency on RSCT Topology Services. Instead of connecting to the Topology Services daemon, it gets information directly from the low-level cluster services in the CAA environment.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
RSCT version 3.1.2.0, or later, can be installed on the nodes and can coexist with prior RSCT releases. Because CAA delivers fundamental node and interface liveness information, the Topology Services subsystem is not active in a peer domain based on CAA. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
===========================</div>
<div style="text-align: justify;">
<br />
<u>Commands:</u><br />
<br />
<b>lssrc -ls cthags</b> shows info of RSCT cthags services<br />
<b>lssrc -ls IBM.StorageRM</b> shows info of StorageRM (Resource Monitor) objects<br />
<b>lssrc -ls IBM.ConfigRM</b> shows info of ConfigRM (Resource Monitor) objects<br />
<br />
<b>/opt/rsct/install/bin/ctversion</b> checking RSCT version<br />
<br /></div>
<div style="text-align: justify;">
===========================</div>
<div style="text-align: justify;">
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0tag:blogger.com,1999:blog-5391325129965939458.post-40636824870944423832020-03-20T18:30:00.002+01:002022-04-05T14:01:26.548+02:00DEVOPS - PUPPET FACTER<div style="text-align: justify;">
<b><u>Facter</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In Puppet, facter is a standalone tool that holds the environment level variables. In can be considered similar to env variable. In Puppet, the key-value pair is known as “fact”. We can list what Facter knows about the system by using command: facter</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b># facter</b></div>
<div style="text-align: justify;">
...</div>
<div style="text-align: justify;">
...</div>
<div style="text-align: justify;">
facterversion => 3.14.9</div>
<div style="text-align: justify;">
filesystems => ext2,ext3,ext4,xfs</div>
<div style="text-align: justify;">
fips_enabled => false</div>
<div style="text-align: justify;">
hypervisors => {</div>
<div style="text-align: justify;">
virtualbox => {</div>
<div style="text-align: justify;">
revision => "136177",</div>
<div style="text-align: justify;">
version => "6.1.4"</div>
<div style="text-align: justify;">
}</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
is_virtual => true</div>
<div style="text-align: justify;">
kernel => Linux</div>
<div style="text-align: justify;">
kernelmajversion => 4.18</div>
<div style="text-align: justify;">
kernelrelease => 4.18.0-147.el8.x86_64</div>
<div style="text-align: justify;">
kernelversion => 4.18.0</div>
<div style="text-align: justify;">
...</div>
<div style="text-align: justify;">
...</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Facter command can be used to list all the different environment variables and its associated values. These collection of facts comes with facter out-of-the-box and are referred to as core facts. One can add custom facts to the collection. Facter and facts are available throughout Puppet code as “global variable”, which means it can be used in the code at any point of time without any other reference.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>file {'/tmp/userfile.txt': </i></div>
<div style="text-align: justify;">
<i> ensure => file, </i></div>
<div style="text-align: justify;">
<i> content => "the value for the 'OperatingSystem' fact is: $OperatingSystem \n", </i></div>
<div style="text-align: justify;">
<i> } </i></div>
<div style="text-align: justify;">
<i><br /></i></div>
<div style="text-align: justify;">
<i>file{'motd':</i></div>
<div style="text-align: justify;">
<i> ensure => file,</i></div>
<div style="text-align: justify;">
<i> path => '/etc/motd',</i></div>
<div style="text-align: justify;">
<i> mode => '0644',</i></div>
<div style="text-align: justify;">
<i> content => "IP address is ${ipaddress}, hostname is ${fqdn}. It is running ${operatingsystem} ${operatingsystemrelease} and Puppet ${puppetversion}",</i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
===========================================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
There are three types of fact that can be used and defined: <b>Core Facts, Custom Facts, External Facts</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Core Facts</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Core facts are defined at the top level and accessible to all at any point in the code.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Just before an agent requests for a catalog from the master, the agent first compiles a complete list of information available in itself in the form of a key value pair. Facter data is treated as global variable. The facts are then available as top level variable and the Puppet master can use them to compile the Puppet catalog for the requesting agent. Facters are called in manifest as normal variable with $ prefix.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>if ($OperatingSystem == "Linux") { </i></div>
<div style="text-align: justify;">
<i> $message = "This machine OS is of the type $OperatingSystem \n" </i></div>
<div style="text-align: justify;">
<i>} else { </i></div>
<div style="text-align: justify;">
<i> $message = "This machine is unknown \n" </i></div>
<div style="text-align: justify;">
<i>} </i></div>
<div style="text-align: justify;">
<i><br /></i></div>
<div style="text-align: justify;">
<i>file { "/tmp/machineOperatingSystem.txt": </i></div>
<div style="text-align: justify;">
<i> ensure => file, </i></div>
<div style="text-align: justify;">
<i> content => "$message" </i></div>
<div style="text-align: justify;">
<i><br /></i></div>
<div style="text-align: justify;">
<i>[root@puppetagent1 /]# facter OperatingSystem </i></div>
<div style="text-align: justify;">
<i>Linux </i></div>
<div style="text-align: justify;">
<i><br /></i></div>
<div style="text-align: justify;">
<i>[root@puppetagent1 /]# puppet apply /tmp/ostype.pp </i></div>
<div style="text-align: justify;">
<i>Notice: Compiled catalog for puppetagent1.codingbee.dyndns.org </i></div>
<div style="text-align: justify;">
<i>in environment production in 0.07 seconds </i></div>
<div style="text-align: justify;">
<i>Notice: /Stage[main]/Main/File[/tmp/machineOperatingSystem.txt]/ensure: </i></div>
<div style="text-align: justify;">
<i>defined content as '{md5}f59dc5797d5402b1122c28c6da54d073' </i></div>
<div style="text-align: justify;">
<i>Notice: Finished catalog run in 0.04 seconds </i></div>
<div style="text-align: justify;">
<i><br /></i></div>
<div style="text-align: justify;">
<i>[root@puppetagent1 /]# cat /tmp/machinetype.txt </i></div>
<div style="text-align: justify;">
<i>This machine OS is of the type Linux</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Custom Facts</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Using the “export FACTER” Syntax one can manually add the facts using the export FACTER_{fact’s name} syntax.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Example:</div>
<div style="text-align: justify;">
<i>[root@puppetagent1 facter]# export FACTER_tallest_mountain="Everest" </i></div>
<div style="text-align: justify;">
<i>[root@puppetagent1 facter]# facter tallest_mountain Everest</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>External Fact</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
On the agent machine, we need to create a directory as mentioned below.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>$ mkdir -p /etc/facter/facts.d</i></div>
<div style="text-align: justify;">
<i>Create a Shell script in the directory with the following content.</i></div>
<div style="text-align: justify;">
<i><br /></i></div>
<div style="text-align: justify;">
<i>$ ls -l /etc/facter/facts.d </i></div>
<div style="text-align: justify;">
<i>total 4 </i></div>
<div style="text-align: justify;">
<i>-rwxrwxrwx. 1 root root 65 Sep 18 13:11 external-factstest.sh </i></div>
<div style="text-align: justify;">
<i>$ cat /etc/facter/facts.d/external-factstest.sh </i></div>
<div style="text-align: justify;">
<i>#!/bin/bash </i></div>
<div style="text-align: justify;">
<i>echo "hostgroup = dev" </i></div>
<div style="text-align: justify;">
<i>echo "environment = development"</i></div>
<div style="text-align: justify;">
<i>Change the permission of the script file.</i></div>
<div style="text-align: justify;">
<i><br /></i></div>
<div style="text-align: justify;">
<i>$ chmod u+x /etc/facter/facts.d/external-facts.sh</i></div>
<div style="text-align: justify;">
<i>Once done, we can now see the variable present with the key/value pair.</i></div>
<div style="text-align: justify;">
<i><br /></i></div>
<div style="text-align: justify;">
<i>$ facter hostgroup </i></div>
<div style="text-align: justify;">
<i>dev </i></div>
<div style="text-align: justify;">
<i>$ facter environment </i></div>
<div style="text-align: justify;">
<i>development </i></div>
<div style="text-align: justify;">
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0tag:blogger.com,1999:blog-5391325129965939458.post-88643576134595423512020-03-20T18:30:00.001+01:002020-04-13T13:05:05.793+02:00<b><u>Hiera</u></b><br />
<br />
Hiera is a "Hierarchical Database" to store values for variables (key/value pair). It provides to Puppet a separation between the code and the data. With Hiera it is possible to write Puppet code, where the value for a variable will be searched in Hiera database and if it is found there our Puppet class will use that. Puppet classes can request whatever data they need, and your Hiera data will act like a site-wide config file. It makes our code easy to share and reuse, because the code and the data is separated.<br />
<br />
Without Hiera our class would look like this:<br />
<i>class puppet::params {</i><br />
<i> $puppetserver = "puppet.example.com"</i><br />
<i>}</i><br />
<br />
Here we have a variable that will be needed somewhere else, and Hiera is a good place to keep these kind of variables. Hiera presents itself to Puppet as a function call and searches in special YAML or JSON files for the given variable. As an example one of our Hiera data file (written in YAML) could look like this:<br />
<i>puppetserver = 'puppet.example.com'</i><br />
<br />
Then we can rewrite our puppet code like this:<br />
<i>class puppet::params {</i><br />
<i> $puppetserver = hiera('puppetserver')</i><br />
<i>}</i><br />
<br />
In this example Puppet will use the hiera function to get the string value 'puppet.example.com' and place it into the $puppetserver variable.<br />
<br />
Hiera helps us to separate configuration from data. It helps us to create modules that are interchangeable blocks, so the details of that configuration (the data) stays in Hiera data files and the logic of the module stays in the Puppet manifests.<br />
<br />
==============================<br />
<br />
<b><u>Hiera installation</u></b><br />
<br />
Hiera is usually installed on Puppet Master server, it is optional and unnecessary on agent nodes.<br />
(When I installed on CentOS puppet agent ( dnf install puppet-agent), after that I could use hiera as well.)<br />
<br />
<b>puppet resource package hiera ensure=install</b> <--installing hiera with Puppet<br />
<b>gem install hiera </b> <--installing hiera using ruby<br />
<br />
After installation the main Hiera config file hiera.yaml is available. This file lists how we want to use for store key-value pairs (YAML or JSON) and lists as well all the hierarchy levels from top to down, where hiera will search for the requested variables. (Each top-level key in the hash must be a Ruby symbol with a colon (:)<br />
<br />
An example hiera.yaml file<br />
(it is written version 3, later versions have other syntax)<br />
<br />
<i>--- </i><--these 3 dashes (---) show the start of the document<br />
<i>:backends: </i><--lists how we want to store key-value pairs (yaml, json...),<br />
<i> - yaml</i><br />
<i>:yaml: </i><--for yaml we can set some configuration settings (like datadir...)<br />
<i> :datadir: /etc/puppet/hieradata </i><--the directory in which to find yaml data source files<br />
<i>:hierarchy: </i><--lists how search should happen, in which order hierarchy levels<i> are followed</i><br />
<i> - "%{::fqdn}" </i><--these are the name of the files where data is stored (in this case like myhost.domain.com.yaml)<br />
<i> - "%{::custom_location}"</i><br />
<i> - common </i><--the file name here will be common.yaml (/etc/puppet/hieradata/common.yaml)<br />
<br />
<br />
<u>These files in the hierarchy are called data sources, and they can be:</u><br />
<b>Static data source:</b> A hierarchy element without any variables used there (without any interpolation tokens). A static data source will be the same for every node. In the example above, "common" is a static data source, because a virtual machine named web01 and a physical machine named db01 would both use common.<br />
<br />
<b>Dynamic data source</b>: A hierarchy element with at least one interpolation token (variable). If two nodes have different values for the variables it references, a dynamic data source will use two different data sources for those nodes. In the example above: the special $::fqdn Puppet variable has a unique value for every node. A machine named web01.example.com would have a data source named web01.example.com.yaml, while a machine named db01.example.com would have db01.example.com.yaml.<br />
<br />
==============================<br />
<br />
<b><u>Backends</u></b><br />
<br />
A Backend is that part of a computer system or application that is not directly accessed by the user. It is typically responsible for storing and manipulating data. In Hiera the backends are those files where the actual key-value pairs are stored. Hiera will search in these files and provides the data for the user.<br />
<br />
The 2 main types which can be used are yaml and json. (It is possible to use other backends or write our own backends.) For each listed backends, the datadir is specified. This is the directory where our yaml (or json) files are stored (where the data source files are stored). It is possible to use variables (like %{variable}) with datadir, for example: /etc/puppet/hieradata/%{::environment}, so we can keep our production and development data separate.<br />
<br />
------------------<br />
<b>Multiple Backends</b><br />
We can specify multiple backends as an array in hiera.yaml. Hiera will give priority to the first backend, and will check every level of the hierarchy in it before moving on to the second backend.<br />
For example in the following yaml fiel we use yaml and json backends (in this order):<br />
<i>---</i><br />
<i>:backends:</i><br />
<i> - yaml</i><br />
<i> - json</i><br />
<i>:yaml:</i><br />
<i> :datadir: /etc/puppet/hieradata</i><br />
<i>:json:</i><br />
<i> :datadir: /etc/puppet/hieradata</i><br />
<i>:hierarchy:</i><br />
<i> - one</i><br />
<i> - two</i><br />
<i> - three</i><br />
<br />
If we search for something in the hierarchy, then hiera will check files in this order:<br />
one.yaml<br />
two.yaml<br />
three.yaml<br />
one.json<br />
two.json<br />
three.json<br />
------------------<br />
==============================<br />
<br />
<b><u>Hierarchies</u></b><br />
<br />
Hiera uses an ordered hierarchy to look up data, and this hierarchy is written in the hiera.yaml file. Each element in the hierarchy must be a string, which may or may not include variables (interpolation tokens). Hiera will treat each element in the hierarchy as the name of a data source.<br />
<br />
For example:<br />
<i>:hierarchy: </i><br />
<i> - "%{::fqdn}"</i><br />
<i> - common</i><br />
<br />
Hiera uses Puppet facts (like fqdn) and if we use these facts as variables in the hierarchy definitions, then we can create separate yaml files (server1.yaml, server2.yaml... based on fqdn) with their own separate configuration values for each server (server 1 needs this package, server2 needs other package). Remove Puppetʼs $ (dollar sign) prefix when using its variables in Hiera. (That is, a variable called $::clientcert in Puppet is called ::clientcert in Hiera.) Puppet variables can be accessed by their short name or qualified name<br />
<br />
Each element in the hierarchy resolves to the name of a data source(myhost.example.com.yaml, common.yaml). Hiera will check these data sources in order, starting with the first. If a data source in the hierarchy doesnʼt exist (the yaml file was deleted), Hiera will move on to the next data source. If a data source exists but does not have the piece of data Hiera is searching for, it will move on to the next data source (first checks myhost.examle.com.yaml, if data is not found it will check common.yaml). If a value is found in a normal (priority) lookup, Hiera will stop and return that value. If Hiera goes through the entire hierarchy without finding a value, it will use the default value if one was provided, or fail with an error.<br />
<br />
For example here the numbers show which data source (yaml file) is searched in which order:<br />
(it shows the hierarchy levels from hiera.yaml and the facts, which are used during search for node db01.example.com)<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitj2VtMeSI-txUAAnRxZyuzRcjKwoICQJH72JlH458Qu_bwW3fJqtbHSKILTdxbA-XPHui3l9RJVKhQVyIICMbDz1h79ZG3FttMO7SZsK3R2JU6TJm8Ao9cpq0_BfwAyJjmcH1RVkgWGdj/s1600/pup.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="456" data-original-width="723" height="401" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEitj2VtMeSI-txUAAnRxZyuzRcjKwoICQJH72JlH458Qu_bwW3fJqtbHSKILTdxbA-XPHui3l9RJVKhQVyIICMbDz1h79ZG3FttMO7SZsK3R2JU6TJm8Ao9cpq0_BfwAyJjmcH1RVkgWGdj/s640/pup.JPG" width="640" /></a></div>
<br />
<u>So the final hierarchy in this example:</u><br />
1. db01.example.com.yaml<br />
2. development.yaml<br />
3. common.yaml<br />
<br />
<br />
(There are other search mechanisms, for example when Hiera will not stop at the first occurencce, but searches through all the hierarchy levels, and at the end combines the different values into an array. It is called the Array merge lookup method. And there is another method called Hash merge, which I never used.)<br />
<br />
==============================<br />
<br />
<b><u>Data Sources (YAML, JSON)</u></b><br />
<br />
<b><u>YAML</u></b><br />
The yaml backend looks for data sources on disk, in the directory specified in its :datadir setting. It expects each data source to be a text file containing valid YAML data, with a file extension of<br />
.yaml. No other file extension (e.g. .yml) is allowed.<br />
<br />
<u>yaml data format examples:</u><br />
<br />
<i>---</i><br />
<i># array</i><br />
<i>apache-packages:</i><br />
<i> - apache2</i><br />
<i> - apache2-common</i><br />
<i> - apache2-utils</i><br />
<i><br /></i>
<i># string</i><br />
<i>apache-service: apache2</i><br />
<i><br /></i>
<i># interpolated facter variable</i><br />
<i>hosts_entry: "sandbox.%{fqdn}"</i><br />
<i><br /></i>
<i># hash</i><br />
<i>sshd_settings:</i><br />
<i>root_allowed: "no"</i><br />
<i>password_allowed: "yes"</i><br />
<i><br /></i>
<i># alternate hash notation</i><br />
<i>sshd_settings: {root_allowed: "no", password_allowed: "yes"}</i><br />
<i><br /></i>
<i># to return "true" or "false"</i><br />
<i>sshd_settings: {root_allowed: no, password_allowed: yes</i><br />
<br />
-------------------------------<br />
<br />
<b><u>JSON</u></b><br />
<br />
<br />
The json backend looks for data sources on disk, in the directory specified in its :datadir setting. It expects each data source to be a text file containing valid JSON data, with a file extension of<br />
.json. No other file extension is allowed.<br />
<br />
<u>json data format examples:</u><br />
<br />
<i>{</i><br />
<i><span style="white-space: pre;"> </span>"apache-packages" : [</i><br />
<i><span style="white-space: pre;"> </span>"apache2",</i><br />
<i><span style="white-space: pre;"> </span>"apache2-common",</i><br />
<i><span style="white-space: pre;"> </span>"apache2-utils"</i><br />
<i><span style="white-space: pre;"> </span>],</i><br />
<i><br /></i>
<i><span style="white-space: pre;"> </span>"hosts_entry" : "sandbox.%{fqdn}",</i><br />
<i><br /></i>
<i><span style="white-space: pre;"> </span>"sshd_settings" : {</i><br />
<i><span style="white-space: pre;"> </span> "root_allowed" : "no",</i><br />
<i><span style="white-space: pre;"> </span> "password_allowed" : "no"</i><br />
<i><span style="white-space: pre;"> </span> }</i><br />
<i>}</i><br />
<br />
===============================<br />
<br />
<b><u>Commands:</u></b><br />
<br />
<b>puppet lookup <variable></b> it will search for the given variable<br />
<br />
<b>hiera <variable></b> search for the given variable in hiera<br />
<b>-c <yaml conf file></b> path to an alternate hiera.yaml file<br />
<b> -d </b> debug mode<br />
<br />
<b>hiera my_var ::fqdn=localhost.localdomain</b> searching for variable (my_var) in hierarchy level, where ::fqdn is mentioned in hiera.yaml file<br />
<b>$gccs = hiera('gcc::versions', undef) </b> in puppet code a variable can get a value using hiera (if hiera does not find variable, it wll get undef value)<br />
<br />
<br />
===============================<br />
<br />
<b><u>My test setup</u></b><br />
<br />
<u>hiera config file:</u><br />
<i># cat hiera.yaml</i><br />
<i>---</i><br />
<i>:backends:</i><br />
<i> - yaml</i><br />
<i>:yaml:</i><br />
<i> :datadir: /root/hieradata</i><br />
<i>:hierarchy:</i><br />
<i> - "node/%{::fqdn}"</i><br />
<i> - "osfamily/%{osfamily}"</i><br />
<i> - common</i><br />
<br />
(I checked with facter what is current fqdn and it showd localhost.localdomain so I created that yaml file.)<br />
<br />
<u>directory and file structure:</u><br />
/root/hieradata<br />
├── node<br />
│ └── localhost.localdomain.yaml<br />
├── osfamily<br />
│ ├── Debian.yaml<br />
│ └── RedHat.yaml<br />
└── common.yaml<br />
<br />
<br />
<u>content of yaml files:</u><br />
<i># cat localhost.localdomain.yaml</i><br />
<i>my_var: node</i><br />
<i>gcc_version:</i><br />
<i> - '6.4.0'</i><br />
<i> - '8.3.0'</i><br />
<i> - '9.1.0'</i><br />
<i><br /></i>
<i># cat Debian.yaml</i><br />
<i>"tools::working_dir" : "/opt/debian"</i><br />
<i>my_var: debian</i><br />
<i><br /></i>
<i># cat RedHat.yaml</i><br />
<i>"tools::working_dir" : "/opt/redhat"</i><br />
<i><br /></i>
<i># cat common.yaml</i><br />
<i>my_var: common</i><br />
<br />
<br />
<u>Test results searching for variable: my_var</u><br />
<br />
<b># hiera my_var </b> <--without any specification it will be found in common.yaml<br />
common<br />
<br />
<b># hiera -d my_var ::fqdn=localhost.localdomain </b> <--with debug mode and specifying where to look<br />
DEBUG: 2020-03-20 17:41:17 +0100: Hiera YAML backend starting<br />
DEBUG: 2020-03-20 17:41:17 +0100: Looking up my_var in YAML backend<br />
DEBUG: 2020-03-20 17:41:17 +0100: Looking for data source node/localhost.localdomain<br />
DEBUG: 2020-03-20 17:41:17 +0100: Found my_var in node/localhost.localdomain<br />
node<br />
<br />
<b># hiera my_var osfamily=Debian </b> <--specifying in osfamily which yaml file to check<br />
debian<br />
<br />
<b># hiera my_var osfamily=RedHat </b> <--same as above, but in RedHat.yaml my_var is missing, found in common.yaml<br />
common<br />
<br />
<b># hiera tools::working_dir osfamily=Debian </b> <--checking a value os a variable in a class<br />
/opt/debian<br />
<br />
<b># hiera unknon_var </b> <--if variable does not exit<br />
nil<br />
<br />
<b># hiera unknon_var 1111</b> <--if variable does not exist give a default value to it<br />
1111<br />
<br />
<br />
================================<br />
<br />
<br />
<br />
<br />aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0tag:blogger.com,1999:blog-5391325129965939458.post-25031241528616245502020-03-18T15:32:00.001+01:002022-04-05T14:01:00.834+02:00DEVOPS - PUPPET GENERAL<div style="text-align: justify;">
<b><u>Puppet</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Puppet is a configuration management tool, which automates the configuration of servers. Puppet follows client-server model (Puppet Agents are connected to a Puppet Master), and agents are checking (by default every 30 mins) the status of the server, and if needed they download (pull) from master the necessary configuration (packages, files etc.) Master can be run only on Linux and using port 8140. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<u><b>Definitions:</b></u></div>
<div style="text-align: justify;">
<b>Declarative language</b>: it describes the desired state of a server (instead of saying “run this command that starts a service,” it says "ensure this service is running".)</div>
<div style="text-align: justify;">
<b>Idempotency</b>: if we implement it many times (eg. running a command many times) the state of the server will remain the same (adding a line to a file is not idempotent as the file will grow during runs)</div>
<div style="text-align: justify;">
<b>Fact</b>: Facts are details related to a node (fact can be a hostname, ip address, filenames etc.)</div>
<div style="text-align: justify;">
<b>Catalog</b>: Facts are compiled to catalogs. The agent uses catalogs to apply what is needed (install packages, create files..)</div>
<div style="text-align: justify;">
<b>Manifest</b>: a file with pp (puppet program) extension, which contains puppet code</div>
<div style="text-align: justify;">
<b>Resource</b>: anything which can be configured on a system, like a user, a specific file, a directory, a running service etc.</div>
<div style="text-align: justify;">
<b>Resource type</b>: similar resources can be grouped into types (like all existing users on a system belong to the user resource type)</div>
<div style="text-align: justify;">
<b>Classes</b>: a puppet code which contain multiple small operations working toward a single large goal can be organized into a class (like all ssh related things, would be called together the ssh class)</div>
<div style="text-align: justify;">
<b>Modules</b>: collection of files or directories (such as manifests, class definitions), reusable and shareable units of puppet</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzPnrSjGCTlOilzibiHjbPqgL6O6Lm6AUGhlmxRmeVWSyaqIuWqPyMS4AhaM48WDmceBLcEBdxiq9w5lUqg2Y8vewO3wVHQvTyQb5wPEv1dsiy5Kn7okJRl0ZeFrgcXmEB99zR4fEbsMhx/s1600/pup.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="540" data-original-width="961" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjzPnrSjGCTlOilzibiHjbPqgL6O6Lm6AUGhlmxRmeVWSyaqIuWqPyMS4AhaM48WDmceBLcEBdxiq9w5lUqg2Y8vewO3wVHQvTyQb5wPEv1dsiy5Kn7okJRl0ZeFrgcXmEB99zR4fEbsMhx/s1600/pup.JPG" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
==========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Puppet agent/master:</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Puppet master contains all the puppet code and definitions which are applied on every server where puppet agent is running. Puppet agent (on the client servers) runs as a service, and triggers a Puppet run at the configured time (usually every half an hour). Puppet agent does not have access to any manifests; instead, it requests a pre-compiled catalog from puppet master.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The Puppet master collects details (facts) of the target machine, then these are compared with the originally defined configuration details. After that Puppet master creates a catalog (a list which needs to be applied on the client) and sends it to the targeted Puppet agents. The Puppet agent then applies those configurations to get the system into a desired state. Finally, once one has the target node in a desired state, it sends a report back to the Puppet master.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_WESgp_3uQz8txAaqRfAb4LTvFI56B1ESeSJMdBF7hBrMPvwtuHNpbQ4nbYt9ziaFjhQuJNlazOFOAOr-bSy9Aew5VYF7X7cwwIs8_L3DH87uYRFKMJH0jfqcuGvaj6vO9qQICIsGQ8r4/s1600/pup2.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="568" data-original-width="405" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg_WESgp_3uQz8txAaqRfAb4LTvFI56B1ESeSJMdBF7hBrMPvwtuHNpbQ4nbYt9ziaFjhQuJNlazOFOAOr-bSy9Aew5VYF7X7cwwIs8_L3DH87uYRFKMJH0jfqcuGvaj6vO9qQICIsGQ8r4/s400/pup2.JPG" width="284" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
==========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Certificates</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
When the Puppet agent starts running at the first time, it generates a SSL certificate and sends it to the Puppet master which is going to manage it for signing and approval. Once the Puppet master approves the agent’s certificate signature request, it will be able to communicate and manage the agent node.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<u>Signing a certificate:</u></div>
<div style="text-align: justify;">
<b>1. puppet cert list</b> <--see all unsigned certificate requests (does not sontain a + sign, so cert is not signed yet)</div>
<div style="text-align: justify;">
<b>2. puppet cert sign <host></b> <--will sign the certificate request from given host (host can be checked from the above output)</div>
<div style="text-align: justify;">
<b>3. puppet cert sign --all</b> <--lists all certificates (signed and not signed, + means it is signed))</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>puppet cert clean <host></b> <--removing a host from puppet</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Master is the certificate authority for all agents. When agent tries to communicate with the master it checks if it has a signed certificate from the master, if not it generates a certificate request, sends it to the master, the master signs the certificate request and sends it back to the agent. The agent stores it and uses it for all future communications. Until master approves the certificate request, no communiaction will start between master and agent.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<u>auto sign:</u></div>
<div style="text-align: justify;">
<b>1. create file on master:</b></div>
<div style="text-align: justify;">
<i>maintenance@puppet:/$ cat /etc/puppet/autosign.conf</i></div>
<div style="text-align: justify;">
<i>*.mgmt.domain.com</i></div>
<div style="text-align: justify;">
<i>*.svc.domain.com</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>2. restart services on master</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
===========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Manifest</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Puppet code is contained in files which are called manifests, and they have .pp extension. These files contain what we want to achieve (a service is running, a directory exists, a user is not on the system anymore.)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
An example manifest file which removes a user (/home/user-absent.pp):</div>
<div style="text-align: justify;">
<i>user {'dave':</i></div>
<div style="text-align: justify;">
<i> ensure => absent,</i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
To run it:</div>
<div style="text-align: justify;">
<b># puppet apply /home/user-absent.pp</b></div>
<div style="text-align: justify;">
<i>Notice: Compiled catalog for aix_test.mydomain.org in environment production in 0.27 seconds</i></div>
<div style="text-align: justify;">
<i>Notice: /Stage[main]/Main/User[dave]/ensure: removed</i></div>
<div style="text-align: justify;">
<i>Notice: Finished catalog run in 0.48 seconds</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
We can have multiple manifest files which we can use at the same time, so they are not used directly when Puppet syncs resources:</div>
<div style="text-align: justify;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6hSAuYPLRuUcNwva_eXB_l5oXFiYnINsED7BQNWYHC8W9HFxf81jGvBlQHSGhwzpTJuIM-sLPWRG6EkXuOQHKBV8knk9qbsYAi9X6sL9mtdVaYUVlhcKT4vjqBGdeTGiNyn2vr2xTmnzq/s1600/pup3.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="531" data-original-width="287" height="400" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6hSAuYPLRuUcNwva_eXB_l5oXFiYnINsED7BQNWYHC8W9HFxf81jGvBlQHSGhwzpTJuIM-sLPWRG6EkXuOQHKBV8knk9qbsYAi9X6sL9mtdVaYUVlhcKT4vjqBGdeTGiNyn2vr2xTmnzq/s400/pup3.JPG" width="215" /></a></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Before being applied, manifests get compiled into a document called a “catalog,” which only contains resources and hints about the ordering to apply them. (In a master/agent Puppet environment agents can only see the catalog (and not the manifests)). By using this logic, manifests can be flexible and describe many systems at once. A catalog describes desired states for one system. (Agent nodes can only retrieve their own catalog)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>site.pp</b> is the main entry point (manifest) for the entire puppet network, this file is the main starting point for the catalog compilation (referred as site manifest)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
===========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Commands</u></b>:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>puppet help</b></div>
<div style="text-align: justify;">
<b>puppet help resource</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>/etc/puppet/puppet.conf</b> main configuration file</div>
<div style="text-align: justify;">
<b>puppet config print</b> lists puppet config parameters (config files, module path, users …)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>facter </b>lists environment variables</div>
<div style="text-align: justify;">
<b>facter <variable> </b> lists only one variable</div>
<div style="text-align: justify;">
<b>facter -p</b> see any facts that have been defined locally</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>puppet cert list </b> shows you any pending requests generated by the agents</div>
<div style="text-align: justify;">
<b>puppet cert list --all</b> shows all the approved and pending certificate requests</div>
<div style="text-align: justify;">
<b>puppet cert sign <FQDN></b> sign and approve the authentication request</div>
<div style="text-align: justify;">
<b>puppet cert clean</b> remove the existing certificate from the master</div>
<div style="text-align: justify;">
<b>puppet cert generate </b> generate certificate (by default it is not needed only in specific situations)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>puppet resource --types</b> list all default resource types that are available to Puppet</div>
<div style="text-align: justify;">
<b>puppet resource user </b> list all user resources on the server with attributes</div>
<div style="text-align: justify;">
<b>puppet resource user <user> </b> lists attributes of given user</div>
<div style="text-align: justify;">
<b>puppet resource user katie ensure=present shell="/bin/bash"</b> setting a new desired state for a resource</div>
<div style="text-align: justify;">
<b>puppet resource user katie --edit</b> change a resource in text editor, after it is saved Puppet will modify that resource</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>puppet describe </b> lists all of the associated attributes for Puppet resource types</div>
<div style="text-align: justify;">
<b>puppet describe --list</b> lists resources with some description (puppet resource --types, will lists only the names)</div>
<div style="text-align: justify;">
<b>puppet describe -s <TYPE> </b> print short information about a type</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>puppet parser validate demouser.pp</b> verify the code is error free (shows if there are syntax errors)</div>
<div style="text-align: justify;">
<b>puppet apply demouser.pp --noop</b> it shows what it would be done (it will not change anything, called smoke test)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<u>Puppet agent -t is --test:</u></div>
<div style="text-align: justify;">
The --test option runs the Puppet client in the foreground, outputs to standard out, and exits after the run is complete. </div>
<div style="text-align: justify;">
most common options used for testing. These are 'onetime', 'verbose', 'ignorecache', 'no-daemonize', 'no-usecacheonfailure', 'detailed-exitcodes', 'no-splay', and 'show_diff'.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>puppet agent -tv --noop </b> no operation mode (does not change anything on the client, it will show what Puppet would do, as a dry run)</div>
<div style="text-align: justify;">
<b>puppet agent -tv</b> apply configurations with verbose mode</div>
<div style="text-align: justify;">
<b>Puppet agent -td </b> apply configurations with debug mode</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>puppet apply -e 'notify {"Hello World": }'</b></div>
<div style="text-align: justify;">
<b>puppet apply -e 'if "Puppet" == "puppet" { notify { "true!?": } }'</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>puppet apply <path to manifests file></b> applying puppet code in the given manifest file</div>
<div style="text-align: justify;">
<b>puppet apply --modulepath=/mnt/test /mnt/test/site.pp</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>puppet master --no-daemonize --verbose --debug</b> on Puppet master (we can see the results of the run, it is logged as well)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>puppet module install puppetlabs-msql</b> install a specific module</div>
<div style="text-align: justify;">
<b>puppet module list</b> lists installed modules</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
===========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Installing Puppet</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Below method shows how to install puppet by using ruby and gems.</div>
<div style="text-align: justify;">
(It is good for opensource puppet, for enterprise may other method is needed.)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>1. install ruby</b></div>
<div style="text-align: justify;">
(AIX is already configured to use yum, so ruby install is pretty simple.) </div>
<div style="text-align: justify;">
<i># yum install ruby</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>2. install gems needed for puppet</b></div>
<div style="text-align: justify;">
<i># mkdir -p /etc/puppet /var/lib/puppet</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i># /opt/freeware/bin/gem install --no-rdoc --no-ri --version 2.5.1 facter</i></div>
<div style="text-align: justify;">
<i># /opt/freeware/bin/gem install --no-rdoc --no-ri --version 2.1.0 json_pure</i></div>
<div style="text-align: justify;">
<i># /opt/freeware/bin/gem install --no-rdoc --no-ri --version 1.3.4 hiera</i></div>
<div style="text-align: justify;">
<i># /opt/freeware/bin/gem install --no-rdoc --no-ri --version 3.8.7 puppet</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>3. create links for puppet commands</b></div>
<div style="text-align: justify;">
<i># ln -s /opt/freeware/lib64/ruby/gems/2.4.0/gems/puppet-3.8.7/bin/puppet /usr/bin/puppet</i></div>
<div style="text-align: justify;">
<i># ln -s /opt/freeware/lib64/ruby/gems/2.4.0/gems/facter-2.5.1/bin/facter /usr/bin/facter</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>4. fix some bugs/errors</b></div>
<div style="text-align: justify;">
Changing syck thing in YAML related ruby file:</div>
<div style="text-align: justify;">
<i># sed "s/$YAML_OLD/$YAML_NEW/g" $RUBY_FILE >$RUBY_FILE.new</i></div>
<div style="text-align: justify;">
<i># mv $RUBY_FILE.new $RUBY_FILE</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
for AIX 7.1 TL5 and 7.2 TL1 (and above) puppet chpasswd has a bug:</div>
<div style="text-align: justify;">
<i># sed '/(:chpasswd)/ s/, user//' $RUBY_CHPASSWD >RUBY_CHPASSWD.new</i></div>
<div style="text-align: justify;">
<i># mv RUBY_CHPASSWD.new $RUBY_CHPASSWD</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>5. after that puppet commands should work: </b></div>
<div style="text-align: justify;">
<i># puppet --version</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
===========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Visualizing resources into graphs (GraphViz):</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>1. generate dot files with puppet:</b></div>
<div style="text-align: justify;">
- puppet apply --modulepath=/mnt/test /mnt/test/site.pp --noop --graph</div>
<div style="text-align: justify;">
- 3 dot files will be under: /var/lib/puppet/state/graphs (expanded…, relationsh., resources)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>2. copy dot files to mobaxterm:</b></div>
<div style="text-align: justify;">
- first I copied to /mnt: cp /var/lib/puppet/state/graphs/*.dot /mnt</div>
<div style="text-align: justify;">
- scp labuser@172.16.116.115:/migrate/*.dot .</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>3. convert dot files to graphs (png)</b></div>
<div style="text-align: justify;">
/drives/c/_WORK/Tools/graphviz/bin/dot.exe -Tpng resources.dot -o resources.png</div>
<div style="text-align: justify;">
/drives/c/_WORK/Tools/graphviz/bin/dot.exe -Tpng relationships.dot -o relationships.png</div>
<div style="text-align: justify;">
/drives/c/_WORK/Tools/graphviz/bin/dot.exe -Tpng expanded_relationships.dot -o expanded_relationships.png</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
===========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Linter:</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Puppet also has a linter to enforce the style guide. It is called puppet-lint and can be installed from gems.</div>
<div style="text-align: justify;">
root@pro-puppet4:~#<i> </i><b>puppet-lint parent-scope.pp</b></div>
<div style="text-align: justify;">
<i>ERROR: ssh::params not in autoload module layout on line 2</i></div>
<div style="text-align: justify;">
<i>ERROR: ssh not in autoload module layout on line 10</i></div>
<div style="text-align: justify;">
<i>WARNING: top-scope variable being used without an explicit namespace on line 12</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
===========================</div>
<div style="text-align: justify;">
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0tag:blogger.com,1999:blog-5391325129965939458.post-47397198519706502212020-03-18T15:00:00.003+01:002022-04-05T14:00:38.163+02:00DEVOPS - PUPPET SYNTAX<div style="text-align: justify;">
<b><u>Syntax recommendations in general:</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
- Donʼt forget commas and colons. (Forgetting them causes parsing errors.)</div>
<div style="text-align: justify;">
- The resource type and the attribute names should always be lowercase.</div>
<div style="text-align: justify;">
- The values used for titles and attribute values will usually be strings, which you should usually quote. </div>
<div style="text-align: justify;">
- There are two kinds of quotes in Puppet: single (') and double ("). Double quotes let you interpolate $variables.</div>
<div style="text-align: justify;">
- Attribute names (like path, ensure, etc.) are special keywords, not strings. They shouldnʼt be quoted.</div>
<div style="text-align: justify;">
- It is recommended visually lining up the => arrows, because it makes it easier to understand a manifest at a glance.</div>
<div style="text-align: justify;">
- Puppet disallows duplicate titles within a given type (you canʼt declare the same resource twice)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
=========================================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Variables:</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>$my_variable='A bunch of text'</i></div>
<div style="text-align: justify;">
<i>notify{$my_variable:}</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Variables can hold strings, numbers, booleans, arrays, hashes, and the special undef value. If youʼve never assigned a variable, you can actually still use it - its value will be undef. Always include curly braces ({}) around variable names when referring to them in strings, for example, as follows:</div>
<div style="text-align: justify;">
<i>$value = "${one}${two} is the new value"</i></div>
<div style="text-align: justify;">
<i>source => "puppet:///modules/webserver/${brand}.conf",</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>notify { "operatingsystem is ${::operatingsystem}": }</i> <--printing out variables</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Variable scope:</b></div>
<div style="text-align: justify;">
Each class and definition introduces a new scope, and there is also a top scope for everything defined outside of those structures. Variables cannot be redefined inside the same scope they were defined in. (Puppet does not rely on order or sequence of the code, so redefining a variable (changing a value) would cause problem, because puppet does not know which definition is the first.)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Top scope is anything declared in site.pp or imported manifests. Top scope can be explicitly accessed by prepending :: to a variable. It is best practice to write fact variables as $::osfamily so as to use the fact at top scope, thus preventing the variable from being overwritten anywhere.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Local scope is the scope of a single class or defined type.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
If you reference a variable with its short name and it isnʼt present in the local scope, Puppet will also check the global top scope, so short name is most of the cases works well.</div>
<div style="text-align: justify;">
<b>$variable </b> short variable name</div>
<div style="text-align: justify;">
<b>$scope::variable</b> fully qualified variable name, e.g. name => $::ssh::params::ssh_package_name (the variable $ssh_package_name can be found in ssh::params class)</div>
<div style="text-align: justify;">
<b>$::variable </b> top scope variable name</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
All of the facts from facter can be referenced as top scope variables, e.g. the fully qualified domain name (FQDN) of the node may be referenced by "${::fqdn}". For the highest level scope, top scope or global, use two colons (::) at the beginning of a variable identifier: ${::fqdn} (:: is like / root)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>file { '/etc/motd':</i></div>
<div style="text-align: justify;">
<i> content => "Welcome to ${::fqdn}\n"</i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
People who write manifests often adopt the habit of always using the $::variable notation when referring to facts. As mentioned above, the double-colon prefix specifies that a given variable should be found at top scope. This isnʼt actually necessary, since variable lookup will always reach top scope anyway.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
=========================================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Quotes, Regular expressions</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Always quote parameter values that are not reserved words in Puppet. For example, the following values are not reserved words:</div>
<div style="text-align: justify;">
<i>name => 'dave',</i></div>
<div style="text-align: justify;">
<i>mode => '0700',</i></div>
<div style="text-align: justify;">
<i>owner => 'root',</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
However, these values are reserved words and therefore not quoted:</div>
<div style="text-align: justify;">
<i>enable => true,</i></div>
<div style="text-align: justify;">
<i>ensure => running,</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<u>Regular expressions:</u></div>
<div style="text-align: justify;">
<i>if $::architecture =~ /64/ {</i> <--the text between the slashes to be matched (like grep 64)</div>
<div style="text-align: justify;">
<i>if $::kernel !~ /Linux/ { </i> <--if the text does not match</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Ruby's regular expression syntax at this website: http://www.tutorialspoint.com/ruby/ruby_regular_expressions.htm</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
===========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>If condition</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
An example code for if condition, which could be run with puppet apply:</div>
<div style="text-align: justify;">
<i>$color = 'blue'</i></div>
<div style="text-align: justify;">
<i><br /></i></div>
<div style="text-align: justify;">
<i>if $color == 'blue' {</i></div>
<div style="text-align: justify;">
<i> notify {"it is blue":}</i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
<i>else {</i></div>
<div style="text-align: justify;">
<i> notify {"it is not blue":}</i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
----------------------------------------------</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>if $::timezone == 'UTC' {</i></div>
<div style="text-align: justify;">
<i>if $::timezone != 'UTC' {</i></div>
<div style="text-align: justify;">
<i>if $::uptime_days > 365 {</i></div>
<div style="text-align: justify;">
<i>if $::mtu_eth0 <= 1500 {</i></div>
<div style="text-align: justify;">
<i>if ($::uptime_days > 365) and ($::kernel == 'Linux') {</i></div>
<div style="text-align: justify;">
<i>Boolean expressions: or, and </i></div>
<div style="text-align: justify;">
<i>if $crewmember in ['Frank', 'Dave', 'HAL' ]</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
----------------------------------------------</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The condition for an if statement has to resolve to a boolean true/false value. However, all facts are strings, and all non-empty strings — including the string "false" — are true. This means that facts that are “false” need to be transformed before Puppet will treat them as false.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
In this case, weʼre using the str2bool function. Surrounding the variable with double quotes — if it contained an actual boolean for some reason (and it usually wouldnʼt), this would convert it to a string. Passing the string to the str2bool function, which converts a string that looks like a boolean into a real true or false value:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>if str2bool("$is_virtual") {</i></div>
<div style="text-align: justify;">
<i> notify {"it is true":}</i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
<i>else {</i></div>
<div style="text-align: justify;">
<i> notify {"it is false":}</i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The str2boolfunction is part of the puppetlabs/stdlib module, which is included with Puppet Enterprise. If you are running open source Puppet, you can install it by running: </div>
<div style="text-align: justify;">
sudo puppet module install puppetlabs/stdlib</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
===========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Case condition</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>case $operatingsystem {</i></div>
<div style="text-align: justify;">
<i> centos: { $apache = "httpd" }</i></div>
<div style="text-align: justify;">
<i> redhat: { $apache = "httpd" }</i></div>
<div style="text-align: justify;">
<i> debian: { $apache = "apache2" }</i></div>
<div style="text-align: justify;">
<i> default: { fail("Unrecognized operating system for webserver") }</i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
<i>package{'apache':</i></div>
<div style="text-align: justify;">
<i> name => $apache,</i></div>
<div style="text-align: justify;">
<i> ensure => latest,</i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
(The above used fail function doesnʼt resolve to a value; instead, it fails compilation immediately with an error message.)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
----------------------------------------------</div>
<div style="text-align: justify;">
<u>Another example wit regex:</u></div>
<div style="text-align: justify;">
<i>case $ipaddress_eth0 {</i></div>
<div style="text-align: justify;">
<i> /^127[\d.]+$/: {</i></div>
<div style="text-align: justify;">
<i> notify{'misconfig':</i></div>
<div style="text-align: justify;">
<i> message=>"Possible network misconfiguration: IP address of $0",</i></div>
<div style="text-align: justify;">
<i> }</i></div>
<div style="text-align: justify;">
<i> }</i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Regex matches also assign captured subpatterns to $1, $2, etc. inside the associated code block, with $0 containing the whole matching string.</div>
<div style="text-align: justify;">
----------------------------------------------</div>
<div style="text-align: justify;">
===========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Array:</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Adding square brackets [] around a list:</div>
<div style="text-align: justify;">
<i>package { [ 'package1', 'package2', 'package3' ]: ensure => installed }</i> <-- array (specify many items in a single resource)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
or…</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>$packages = [ 'ruby1.8-dev',</i></div>
<div style="text-align: justify;">
<i> 'ruby1.8',</i></div>
<div style="text-align: justify;">
<i> 'ri1.8',</i></div>
<div style="text-align: justify;">
<i> 'libopenssl-ruby' ]</i></div>
<div style="text-align: justify;">
<i><br /></i></div>
<div style="text-align: justify;">
<i>package { $packages: ensure => installed }</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
===========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Hash:</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
A hash is like an array, but each of the elements can be stored and looked up by name (referred to as the key), for example (hash.pp):</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>$interface = {</i></div>
<div style="text-align: justify;">
<i> 'name' => 'eth0',</i></div>
<div style="text-align: justify;">
<i> 'ip' => '192.168.0.1',</i></div>
<div style="text-align: justify;">
<i> 'mac' => '52:54:00:4a:60:07'</i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
<i><br /></i></div>
<div style="text-align: justify;">
<i>notify { "(${interface['ip']}) at ${interface['mac']} on</i></div>
<div style="text-align: justify;">
<i> ${interface['name']}": }</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
===========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Selector:</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>$lunch = 'Filet mignon.'</i></div>
<div style="text-align: justify;">
<i>$lunchtype = $lunch ? {</i></div>
<div style="text-align: justify;">
<i> /fries/ => 'unhealthy',</i></div>
<div style="text-align: justify;">
<i> /salad/ => 'healthy',</i></div>
<div style="text-align: justify;">
<i> default => 'unknown',</i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
<i>notify { "Your lunch was ${lunchtype}": }</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
===========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Loops</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Most commonly an array is used to repeat a test with different values.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>$packages = ['vim', 'git', 'curl'] </i></div>
<div style="text-align: justify;">
<i><br /></i></div>
<div style="text-align: justify;">
<i>package { $packages: </i></div>
<div style="text-align: justify;">
<i> ensure => "installed" </i></div>
<div style="text-align: justify;">
<i>} </i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
===========================</div>
<div style="text-align: justify;">
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0tag:blogger.com,1999:blog-5391325129965939458.post-47487217659745125472020-03-18T15:00:00.002+01:002020-04-13T13:05:58.079+02:00<div style="text-align: justify;">
<b><u>Class</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
A class is a code block in Puppet, which can be created in one place and invoked elsewhere. Using classes allows to reuse Puppet code. </div>
<div style="text-align: justify;">
<b>Defining </b>a class makes it available by name, but doesnʼt automatically evaluate the code inside it. </div>
<div style="text-align: justify;">
<b>Declaring </b>a class evaluates the code in the class, and applies all of its resources.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<u>Defining a Class</u></div>
<div style="text-align: justify;">
Before you can use a class, you must define it, which is done with the class keyword (class names must start with a lowercase letters):</div>
<div style="text-align: justify;">
<i>class unix { </i></div>
<div style="text-align: justify;">
<i> file { </i></div>
<div style="text-align: justify;">
<i> '/etc/passwd': </i></div>
<div style="text-align: justify;">
<i> owner => 'superuser', </i></div>
<div style="text-align: justify;">
<i> group => 'superuser', </i></div>
<div style="text-align: justify;">
<i> mode => 644; </i></div>
<div style="text-align: justify;">
<i> } </i></div>
<div style="text-align: justify;">
<i> </i></div>
<div style="text-align: justify;">
<i> file {'/etc/shadow': </i></div>
<div style="text-align: justify;">
<i> owner => 'vipin', </i></div>
<div style="text-align: justify;">
<i> group => 'vipin', </i></div>
<div style="text-align: justify;">
<i> mode => 440; </i></div>
<div style="text-align: justify;">
<i> } </i></div>
<div style="text-align: justify;">
<i>} </i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Each class definition introduces a new variable scope. This means: Any variables you assign inside the class wonʼt be accessible by their short names outside the class; to get at them from elsewhere, you would have to use the fully-qualified name (e.g. $ntp::service_name)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
You can assign new, local values to variable names that were already used at top scope. For example, you could specify a new local value for $fqdn.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<u>Declaring a class</u></div>
<div style="text-align: justify;">
A class declaration occurs when a class is called in a manifest. A class declaration tells Puppet to evaluate the code within the class. </div>
<div style="text-align: justify;">
A normal class declaration occurs when the "include" keyword is used:</div>
<div style="text-align: justify;">
<i>include unix</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
This will cause Puppet to evaluate the code in our unix class. It has a limitation to include a single class only once.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The include function declares a class, if it hasnʼt already been declared somewhere else. If a class HAS already been declared, include will notice that and do nothing. This lets you safely declare a class in several places. If some class depends on something in another class, it can declare that class without worrying whether itʼs also being declared in site.pp.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
--------------------------------------------------</div>
<div style="text-align: justify;">
<u>Resource-like class declaration:</u></div>
<div style="text-align: justify;">
<i>class {'ntp':}</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
This looks like a resource declaration, just with a resource type of "class". If Puppet tries to evaluate this and the class has already been declared, it will fail with a compilation error. (We can't declare same resource more than once.) However, unlike include, resource-like declarations let you specify class parameters.</div>
<div style="text-align: justify;">
--------------------------------------------------</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
=========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Passing a parameter to a class:</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
To pass a parameter in a class, one can use the following construct:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>class tomcat($version) { </i></div>
<div style="text-align: justify;">
<i> ... class contents ... </i></div>
<div style="text-align: justify;">
<i>} </i></div>
<div style="text-align: justify;">
One key point to remember in Puppet is, classes with parameters are not added using the include function, rather the resulting class can be added as a definition.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>node webserver { </i></div>
<div style="text-align: justify;">
<i> class { tomcat: version => "1.2.12" } </i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
Default Values As Parameters in Class</div>
<div style="text-align: justify;">
<i>class tomcat($version = "1.2.12",$home = "/var/www") { </i></div>
<div style="text-align: justify;">
<i> ... class contents ... </i></div>
<div style="text-align: justify;">
<i>} </i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
==========================</div>
<div style="text-align: justify;">
==========================</div>
<div style="text-align: justify;">
==========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Module</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Modules are just directories with files, arranged in a specific structure. Puppet looks for modules in a specific place, known as the modulepath (which is a configurable setting).</div>
<div style="text-align: justify;">
If a class is defined in a module, you can declare that class by name in any manifest, Puppet will automatically find and load the manifest that contains the class definition. The manifest files within a module have to obey certain naming restrictions.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
This means you can have several modules (directories) with sophisticated Puppet code in them, and your site.pp manifest can look like this:</div>
<div style="text-align: justify;">
<i># /etc/puppetlabs/puppet/manifests/site.pp</i></div>
<div style="text-align: justify;">
<i>include ntp</i></div>
<div style="text-align: justify;">
<i>include apache</i></div>
<div style="text-align: justify;">
<i>include mysql</i></div>
<div style="text-align: justify;">
<i>include mongodb</i></div>
<div style="text-align: justify;">
<i>include build_e</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
It is considered best practice to use modules to organize almost all of your Puppet manifests.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>The Modulepath</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The modulepath is a set of directories that Puppet searches for module. The path to the location of modules on Master can be found in puppet.conf:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>[main]</i></div>
<div style="text-align: justify;">
<i>vardir = /var/opt/lib/pe-puppet</i></div>
<div style="text-align: justify;">
<i>logdir = /var/log/pe-puppet</i></div>
<div style="text-align: justify;">
<i>rundir = /var/run/pe-puppet</i></div>
<div style="text-align: justify;">
<i>modulepath = /etc/puppetlabs/puppet/modules:/opt/puppet/share/puppet/modules</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
When using puppet apply, the modulepath parameter can be applied, so puppet will search modules in that path:</div>
<div style="text-align: justify;">
<i>puppet apply --modulepath=/root/puppet/modules /root/puppet/site.pp</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b>Module Structure</b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
A module has a definite structure which needs to be followed:</div>
<div style="text-align: justify;">
A module is a directory. The moduleʼs name must be the name of the directory. It contains a manifests directory, which can contain any number of .pp files, but it should always contain an init.pp file. This init.pp file must contain a single class definition and the classʼs name must be the same as the moduleʼs name. Each manifest in a module should contain exactly one class. Each manifestʼs filename must map to the name of the class it contains.(In our module directory, the static files (for example a config file) should be in a directory called "files", and the dynamically changing files (like scripts with variables) should be in the directory called "templates".) </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Subdirectories in a module:</div>
<div style="text-align: justify;">
<b>manifests </b>- Contains all of the manifests in the module.</div>
<div style="text-align: justify;">
<b>files </b>- Contains static files, which managed nodes can download.</div>
<div style="text-align: justify;">
<b>templates </b>- Contains templates, which can be referenced from the moduleʼs manifests.</div>
<div style="text-align: justify;">
<b>lib </b>- Contains plugins, like custom facts and custom resource</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<u>We created a module called "ntp", with this structure:</u></div>
<div style="text-align: justify;">
/root/puppet</div>
<div style="text-align: justify;">
├── site.pp <--first entry point (in this example it contains only this 1 line: include ntp)</div>
<div style="text-align: justify;">
└── modules</div>
<div style="text-align: justify;">
└── ntp <-- our module is called ntp, so all files related to it are in this ntp directory</div>
<div style="text-align: justify;">
├── files <span style="white-space: pre;"> </span> <-- static files, like conf files which can be downloaded with puppet:///... (like ntp.conf.debian) </div>
<div style="text-align: justify;">
├── manifests</div>
<div style="text-align: justify;">
│ └── init.pp <--this should contain our ntp class dfinition</div>
<div style="text-align: justify;">
└── templates<span style="white-space: pre;"> </span> <--.erb template files, content is dynamic with ruby code and variables (like ntp.conf.debian.erb)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<u>Our init.pp looks like this:</u></div>
<div style="text-align: justify;">
<i># cat init.pp</i></div>
<div style="text-align: justify;">
<i>class ntp {</i></div>
<div style="text-align: justify;">
<i> case $operatingsystem {</i></div>
<div style="text-align: justify;">
<i> centos, redhat: {</i></div>
<div style="text-align: justify;">
<i> $service_name = 'ntpd'</i></div>
<div style="text-align: justify;">
<i> $conf_file = 'ntp.conf.el'</i></div>
<div style="text-align: justify;">
<i> }</i></div>
<div style="text-align: justify;">
<i> debian, ubuntu: {</i></div>
<div style="text-align: justify;">
<i> $service_name = 'ntp'</i></div>
<div style="text-align: justify;">
<i> $conf_file = 'ntp.conf.debian'</i></div>
<div style="text-align: justify;">
<i> }</i></div>
<div style="text-align: justify;">
<i> }</i></div>
<div style="text-align: justify;">
<i><br /></i></div>
<div style="text-align: justify;">
<i> package { 'ntp':</i></div>
<div style="text-align: justify;">
<i> ensure => installed,</i></div>
<div style="text-align: justify;">
<i> }</i></div>
<div style="text-align: justify;">
<i> file { 'ntp.conf':</i></div>
<div style="text-align: justify;">
<i> path => '/etc/ntp.conf',</i></div>
<div style="text-align: justify;">
<i> ensure => file,</i></div>
<div style="text-align: justify;">
<i> require => Package['ntp'],</i></div>
<div style="text-align: justify;">
<i> #source => "/root/ntp/${conf_file}"</i></div>
<div style="text-align: justify;">
<i> #source => "puppet:///modules/ntp/${conf_file}",</i></div>
<div style="text-align: justify;">
<i> content => template("ntp/${conf_file}.erb"),</i></div>
<div style="text-align: justify;">
<i> }</i></div>
<div style="text-align: justify;">
<i> service { 'ntp':</i></div>
<div style="text-align: justify;">
<i> name => $service_name,</i></div>
<div style="text-align: justify;">
<i> ensure => running,</i></div>
<div style="text-align: justify;">
<i> enable => true,</i></div>
<div style="text-align: justify;">
<i> subscribe => File['ntp.conf'],</i></div>
<div style="text-align: justify;">
<i> }</i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
We can run this module with puppet apply:</div>
<div style="text-align: justify;">
<i>puppet apply --modulepath=/root/puppet/modules /root/puppet/site.pp</i></div>
<div style="text-align: justify;">
(or with verbose mode: puppet apply -v --modulepath=....)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The init.pp file is special, it always contains a class with the same name as the module. Every other file must contain a class with a name like this: <MODULE NAME>::<FILENAME></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
So for example, if we had an apache module that contained a mod_passenger class, our file on disk would look like: apache/manifests/mod_passenger.pp</div>
<div style="text-align: justify;">
In mod_passenger.pp we would define the class like this: apache::mod_passenger</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
(if the file is inside a subdirectory of manifests/, it should be named: <MODULE NAME>::<SUBDIRECTORY NAME>::<FILENAME>)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
----------------------------</div>
<div style="text-align: justify;">
installing 3rd party modules:</div>
<div style="text-align: justify;">
puppet module install puppetlabs-msql</div>
<div style="text-align: justify;">
puppet module list</div>
<div style="text-align: justify;">
----------------------------</div>
<div style="text-align: justify;">
========================</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<b><u>Templates</u></b></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Templates are documents that contain a mixture of static and dynamic content. Puppet doesnʼt have its own templating language; instead, it uses ERB, a common Ruby-based template language. By using conditional logic and variables, they let you maintain one source document that can be rendered into any number of final documents. Templates are saved as files with the .erb extension, and should be stored in the "templates" directory of any module. There can be any number of subdirectories inside templates. </div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
To use a template, you have to render it to produce an output string. The "template" function takes a path to one or more template files and returns an output string:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>file {'/etc/foo.conf':</i></div>
<div style="text-align: justify;">
<i> ensure => file,</i></div>
<div style="text-align: justify;">
<i> require => Package['foo'],</i></div>
<div style="text-align: justify;">
<i> content => template('foo/foo.conf.erb'),</i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The whole erb file what we use in templates dir, should be written that when we run it, it produces an output string. Then we can use this output string as the value of the content attribute. The template function expects file paths to be in a specific format: <MODULE NAME>/<FILENAME INSIDE TEMPLATES DIRECTORY>. That is, template('foo/foo.conf.erb') would point to the file /etc/puppet/modules/foo/templates/foo.conf.erb.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Templates are powerful because they have access to all of the Puppet variables that are present when the template is rendered. Facts, global variables, and local variables from the current scope are available to a template as Ruby instance variables — instead of Puppetʼs $ prefix, they have an @ prefix. (e.g. @fqdn, @memoryfree, @operatingsystem, etc.). Like: </div>
<div style="text-align: justify;">
<%= @fqdn %></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Variables from other scopes can be accessed with the scope.lookupvar method, which takes a long variable name without the $ prefix. (For example, scope.lookupvar('apache::user')</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
------------------------------------</div>
<div style="text-align: justify;">
<u>Here's an example of how to use inline_template in a manifest:</u></div>
<div style="text-align: justify;">
(inline_template is different from a template file)</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
<i>cron { 'chkrootkit':</i></div>
<div style="text-align: justify;">
<i> command => '/usr/sbin/chkrootkit ></i></div>
<div style="text-align: justify;">
<i> /var/log/chkrootkit.log 2>&1',</i></div>
<div style="text-align: justify;">
<i> hour => inline_template('<%= @hostname.sum % 24 %>'),</i></div>
<div style="text-align: justify;">
<i> minute => '00',</i></div>
<div style="text-align: justify;">
<i>}</i></div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Anything inside the string passed to inline_template is executed as if it were an ERB template. That is, anything inside the <%= and %> delimiters will be executed as Ruby code, and the rest will be treated as a string. In this example, we use inline_template to compute a different hour for this cron resource (a scheduled job) for each machine, so that the same job does not run at the same time on all machines.</div>
<div style="text-align: justify;">
------------------------------------</div>
<div style="text-align: justify;">
<br /></div>
aixhttp://www.blogger.com/profile/11198511213080760662noreply@blogger.com0