VNX not able to login in glogal domain or Control Station

Problems :

  • Uninitializing and recreating the VNX Unified/File domain for both the Block and File  components
  • EMC SW: VNX Operating Environment (OE) for Block 05.31.000.5.502 and later
  • EMC SW: VNX Operating Environment (OE) for File 7.0.35.3 and later
  • Product: VNX File/Unified
  • /nas/http/webui/bin/domain_admin
  • Security not initialized on the storage system.
  • issue the Control Station and the Clariion back end is not on the same domain

Severity :     Warning
System :     VNXCS01
Domain :     Local
Created :     Apr 25, 2012 5:15:21 PM
Message :     Logging into 10.0.50.131 encountered an error.
Full Description :     An error occurred during the login process. The control station did not log in properly.
Recommended Action :     The login error may have occurred because:
1. Certificates are not accepted.
2. Both storage processors or the control station are not accessible.
3. You have logged in to a File or Block system using a local user account not defined on both the File and Block systems.
Event Code :     0xfffffffffffffff9

Solution :

[root@VNXCS01 ~]# /nas/sbin/navicli -h spa domain -list

Node:                 VNXCS01

IP Address:           10.0.50.132

Name:                 SPB

Port:                 80

Secure Port:          443

IP Address:           10.0.50.131 (Master)

Name:                 SPA

Port:                 80

Secure Port:          443

[root@VNXCS01 ~]# ls -la /nas/http/domain

total 2

drwxr-xr-x  2 apache apache 1024 Feb  9 17:17 .

drwxr-xr-x 14 root   root   1024 Feb  9 17:38 ..

[root@VNXCS01 ~]#

[root@VNXCS01 ~]# ls -la /nas/http/domain
total 2
drwxr-xr-x  2 apache apache 1024 Feb  9 17:17 .
drwxr-xr-x 14 root   root   1024 Feb  9 17:38 ..
[root@VNXCS01 ~]# cd /nas/http/domain
[root@VNXCS01 domain]# /nas/sbin/navicli -h 10.0.50.131 domain -messner          -uninitialize 10.0.50.131
WARNING: You are about to remove the domain and security configuration. Proceed?                                                                              (y/n) y

[root@VNXCS01 domain]# /nas/sbin/navicli -h 10.0.50.132 domain -messner -uninitialize 10.0.50.132
WARNING: You are about to remove the domain and security configuration. Proceed?  (y/n) y
The current system is not participating in a domain. Add this system to a domain or use the -setmaster command to create a new domain.

[root@VNXCS01 domain]# /nas/sbin/naviseccli -h 10.0.50.131 -user sysadmin -password sysadmin -scope 0  security -adduser -user sysadmin -password sysadmin -scope 0  -role administrator -type system
WARNING: You are about to add user:  sysadmin

Proceed?(y/n) y

[root@VNXCS01 domain]# /nas/sbin/navicli -h spa domain -list
Node:                 VNXCS01
IP Address:           10.0.50.131 (Master)
Name:                 SPA
Port:                 80
Secure Port:          443
IP Address:           10.0.50.132
Name:                 SPB
Port:                 80
Secure Port:          443

[root@VNXCS01 domain]# /nas/sbin/naviseccli -h 10.0.50.132 -user sysadmin -password sysadmin -scope 0 domain -list
Node:                 VNXCS01
IP Address:           10.0.50.132
Name:                 SPB
Port:                 80
Secure Port:          443
IP Address:           10.0.50.131 (Master)
Name:                 SPA
Port:                 80
Secure Port:          443

[root@VNXCS01 domain]# /nas/sbin/naviseccli -h 10.0.50.131 -user sysadmin -password sysadmin -scope 0 domain -list
Node:                 VNXCS01
IP Address:           10.0.50.131 (Master)
Name:                 SPA
Port:                 80
Secure Port:          443
IP Address:           10.0.50.132
Name:                 SPB
Port:                 80
Secure Port:          443

[root@VNXCS01 domain]# /nas/http/webui/bin/domain_admin -i 10.0.50.131

[root@VNXCS01 domain]# /nas/sbin/naviseccli -h 10.0.50.131 -user sysadmin -password sysadmin -scope 0 domain -messner -add -system 10.0.50.135
WARNING: This command is intended only to push a File system’s IP at initialization and by appropriate personnel. Any other use of the command may result in undefined behavior, including an unusable domain.
File IP Address: 10.0.50.135
Proceed? (y/n) y

[root@VNXCS01 domain]# /nas/http/bin/set_passphrase
Set Domain Passphrase.  ( passphrase= 7VTS0J344T82PR2I9TQP1V3OGB0771KE )
[root@VNXCS01 domain]# /nas/sbin/cst_setup -getKey domain
7VTS0J344T82PR2I9TQP1V3OGB07sbin/navicli -h spa domain -list                                                                                                 Node:                 VNXCS01
IP Address:           10.0.50.132
Name:                 SPB
Port:                 80
Secure Port:          443
IP Address:           10.0.50.131 (Master)
Name:                 SPA
Port:                 80
Secure Port:          443
IP Address:           10.0.50.135
Name:                 control_station
Port:                 80
Secure Port:          443

[root@VNXCS01 domain]# ls -la /nas/http/domain
total 12
drwxr-xr-x  3 apache apache 1024 Apr 26 12:50 .
drwxr-xr-x 14 root   root   1024 Feb  9 17:38 ..
drwxr-xr-x  2 apache apache 1024 Apr 26 12:50 bak
-rw-r–r–  1 apache apache   58 Apr 26 12:50 domain_list
-rw-r–r–  1 apache apache  126 Apr 26 12:50 domain_master
-rw-r–r–  1 apache apache 5597 Apr 26 12:50 domain_provider_xml
-rw——-  1 apache apache   56 Apr 26 12:50 domain_users
-rw-r–r–  1 apache apache    0 Apr 26 12:50 lock_file
[root@VNXCS01 domain]#

Tuning for Oracle Database on UNIX

Operating System Tools

Several operating system tools are available to help you assess database performance and determine database requirements. In addition to providing statistics for Oracle processes, these tools provide statistics for CPU usage, interrupts, swapping, paging, context switching, and I/O for the entire system.

Common Tools

The following sections provide information on common tools:

  • vmstat
  • sar
  • iostat
  • swap, swapinfo, swapon, or lsps
See Also:

For more information about these tools, see the operating system documentation and UNIX man pages.

vmstat

Note:

On Mac OS X, the vm_stat command displays virtual memory information. See the vm_stat man page for more information about using this command.

Use the vmstat command to view process, virtual memory, disk, trap, and CPU activity, depending on the switches that you supply with the command. Enter one of the following commands to display a summary of CPU activity six times, at five-second intervals:

  • HP-UX and Solaris:
  • AIX, Linux, and Tru64 UNIX:
·         $ vmstat -S 5 6
·
·         $ vmstat 5 6
·

The following example shows output from the command on Solaris SPARC:

procs     memory            page            disk          faults      cpu
 r b w   swap  free  si  so pi po fr de sr f0 s0 s1 s3   in   sy   cs us sy id
 0 0 0   1892  5864   0   0  0  0  0  0  0  0  0  0  0   90   74   24  0  0 99
 0 0 0  85356  8372   0   0  0  0  0  0  0  0  0  0  0   46   25   21  0  0 100
 0 0 0  85356  8372   0   0  0  0  0  0  0  0  0  0  0   47   20   18  0  0 100
 0 0 0  85356  8372   0   0  0  0  0  0  0  0  0  0  2   53   22   20  0  0 100
 0 0 0  85356  8372   0   0  0  0  0  0  0  0  0  0  0   87   23   21  0  0 100
 0 0 0  85356  8372   0   0  0  0  0  0  0  0  0  0  0   48   41   23  0  0 100

The w column, under the procs column, shows the number of potential processes that have been swapped out and written to disk. If the value is not zero, swapping is occurring and your system is short of memory. The si and so columns under the page column indicate the number of swap-ins and swap-outs per second, respectively. Swap-ins and swap-outs should always be zero. The sr column under the page column indicates the scan rate. High scan rates are caused by a shortage of available memory. The pi and po columns under the page column indicate the number of page-ins and page-outs per second, respectively. It is normal for the number of page-ins and page-outs to increase. Some paging always occurs even on systems with lots of available memory.

Note: The output from the vmstat command differs between platforms. See the man page for information about interpreting the output on your platform.

 

sar Use the sar(system activity reporter) command to display cumulative activity counters in the operating system, depending on the switches that you supply with the command. On a Solaris system, the following command displays a summary of I/O activity ten times, at ten-second intervals:

$ sar -b 10 10

The following example shows output from the command on Solaris:

13:32:45 bread/s lread/s %rcache bwrit/s lwrit/s %wcache pread/s pwrit/s
13:32:55       0      14     100       3      10      69       0       0
13:33:05       0      12     100       4       4       5       0       0
13:33:15       0       1     100       0       0       0       0       0
13:33:25       0       1     100       0       0       0       0       0
13:33:35       0      17     100       5       6       7       0       0
13:33:45       0       1     100       0       0       0       0       0
13:33:55       0       9     100       2       8      80       0       0
13:34:05       0      10     100       4       4       5       0       0
13:34:15       0       7     100       2       2       0       0       0
13:34:25       0       0     100       0       0     100       0       0

Average        0       7     100       2       4      41       0       0

 

 

Note: On Tru64 UNIX systems, the sar command is available in the UNIX SVID2 compatibility subset, OSFSVID.

 

 

The sar output provides a snapshot of system I/O activity at a point in time. If you specify the interval time with more than one option, the output can become difficult to read. If you specify an interval time of less than 5, the sar activity itself can affect the output. For more information about sar, refer to the man page. iostat Use the iostat command to view terminal and disk activity, depending on the switches that you supply with the command. The output from the iostatcommand does not include disk request queues, but it shows which disks are busy. This information is valuable when you need to balance I/O loads. The following command displays terminal and disk activity five times, at five-second intervals:

$ iostat 5 5

The following example shows output from the command on Solaris:

tty          fd0           sd0           sd1           sd3          cpu
 tin tout Kps tps serv  Kps tps serv  Kps tps serv  Kps tps serv  us sy wt id
   0    1   0   0    0    0   0   31    0   0   18    3   0   42   0  0  0 99
   0   16   0   0    0    0   0    0    0   0    0    1   0   14   0  0  0 100
   0   16   0   0    0    0   0    0    0   0    0    0   0    0   0  0  0 100
   0   16   0   0    0    0   0    0    0   0    0    0   0    0   0  0  0 100
   0   16   0   0    0    0   0    0    2   0   14   12   2   47   0  0  1 98

Use the iostat command to look for large disk request queues. A request queue shows how long the I/O requests on a particular disk device must wait to be serviced. Request queues are caused by a high volume of I/O requests to that disk or by I/O with long average seek times. Ideally, disk request queues should be at or near zero. swap, swapinfo, swapon, or lsps

 

Note: See the “Determining Available and Used Swap Space” section for more information about swap space on Mac OS X systems.

 

 

Use the swap, swapinfo, swapon, or lsps command to report information about swap space usage. A shortage of swap space can stop processes responding, leading to process failures with ‘Out of Memory’ errors. The following table lists the appropriate command to use for each platform:
Command

lsps -a

swapinfo -m

swapon -s

swap -l and swap -s

swapon -s

Platform
AIX
HP-UX Linux Solaris Tru64 UNIX

The following example shows sample output from the swap -lcommand on Solaris:

swapfile             dev        swaplo blocks        free
/dev/dsk/c0t3d0s1    32,25      8      197592        162136

 

AIX Tools

The following sections describe tools available on AIX systems.

 

See Also: For more information about these tools, see the AIX operating system documentation and man pages.

 

 

 

AIX System Management Interface Tool

The AIX System Management Interface Tool (SMIT) provides a menu-driven interface to various system administrative and performance tools. Using SMIT, you can navigate through large numbers of tools and focus on the jobs that you want to perform.

Base Operation System Tools

The AIX Base Operation System (BOS) contains performance tools that are historically part of UNIX systems or are required to manage the implementation-specific features of AIX. The following table lists the most important BOS tools:
Description

Displays the attributes of devices

Displays information about a logical volume or the logical volume allocations of a physical volume

Displays the contents of network-related data structures

Displays statistics about Network File System (NFS) and Remote Procedure Call (RPC) activity

Changes the initial priority of a process

Displays or sets network options

Displays the status of one or more processes

Reorganizes the physical-partition allocation within a volume group

Displays the elapsed execution, user CPU processing, and system CPU processing time

Records and reports selected system events

Manages Virtual Memory Manager tunable parameters

Tool
lsattr
lslv netstat nfsstat nice no ps reorgvg time trace vmo

AIX Performance Toolbox

The AIX Performance Toolbox (PTX) contains tools for monitoring and tuning system activity locally and remotely. PTX consists of two main components, the PTX Manager and the PTX Agent. The PTX Manager collects and displays data from various systems in the configuration by using the xmperf utility. The PTX Agent collects and transmits data to the PTX Manager by using the xmserd daemon. The PTX Agent is also available as a separate product called Performance Aide for AIX. Both PTX and Performance Aide include the following monitoring and tuning tools:
Description

Optimizes an executable program for a particular workload

Uses the trace facility to monitor and report the activity of the file system

Displays the placement of a file’s blocks within logical or physical volumes

Displays statistics about contention for kernel locks

Facilitates interactive placement of logical volumes within a volume group

Uses the trace facility to report on network I/O and network-related CPU usage

Simulates systems with various memory sizes for performance testing

Captures and analyzes information about virtual-memory usage

Records and counts system calls

Uses the trace facility to report CPU usage at module and source-code-statement levels

Reports the memory access patterns of processes

Permits subroutine-level entry and exit instrumentation of existing executables

Tool
fdpr
filemon fileplace lockstat lvedit netpmon rmss svmon syscalls tprof BigFoot stem

 

See Also: For more information about these tools, see the Performance Toolbox for AIX Guide and Reference, and for more information about the syntax of some of these tools, see the AIX 5L Performance Management Guide.

 

 

 

HP-UX Tools

The following sections describe tools available on HP-UX systems.

Performance Tuning Tools

The following table lists the tools that you can use for additional performance tuning on HP-UX:

 

See Also: For more information about these tools, see the HP-UX operating system documentation and man pages.

 

 

 
Description

Collects run-time application data for system analysis tasks such as cache misses, translation look-aside buffer (TLB) or instruction cycles, along with fast dynamic instrumentation. It is a dynamic performance measurement tool for C, C++, Fortran, and assembly applications.

Creates an execution profile for programs.

Monitors the program counter and calls to certain functions.

Monitors the network.

Reports statistics on network performance.

Displays statistics about Network File System (NFS) and Remote Procedure Call (RPC) activity.

Captures network events or packets by logging and tracing.

Creates an execution profile of C programs and displays performance statistics for your program, showing where your program is spending most of its execution time.

Copies program counter information into a buffer.

Displays the top processes on the system and periodically updates the information.

Tools
caliper (Itanium only)
gprof monitor netfmt netstat nfsstat nettl prof profil top

HP-UX Performance Analysis Tools

The following HP-UX performance analysis tools are also available on HP-UX systems:

    • GlancePlus/UX
  • HP PAK

 

GlancePlus/UX This HP-UX utility is an online diagnostic tool that measures the system’s activities. GlancePlus displays how system resources are being used. It displays dynamic information about the system’s I/O, CPU, and memory usage in a series of screens. You can also use the utility to monitor how individual processes are using resources. HP PAK HP Programmer’s Analysis Kit (HP PAK) currently consists of two tools, Puma and Thread Trace Visualizer (TTV):

    • Puma collects performance statistics during a program run. It provides several graphical displays for viewing and analyzing the collected statistics.
  • TTV displays trace files produced by the instrumented thread library, libpthread_tr.sl, in a graphical format. It allows you to view how threads are interacting and to find where threads are blocked waiting for resources.

 

HP PAK is bundled with the HP Fortran 77, HP Fortran 90, HP C, HP C++, HP ANSI C++, and HP Pascal compilers.

Linux Tools

On Linux systems, use the top, free, and cat /proc/meminfo command to view information about swap space, memory, and buffer usage.

Mac OS X Tools

On Mac OS X systems, you can use the following additional performance tuning tools:

    • Use the top command to display information about running processes and memory usage.
  • Use the Apple Computer Hardware Understanding Developer (CHUD) tools, such as Shark and BigTop, to monitor system activity and tune applications.

 

For more information about the CHUD tools, see the following Web site:

http://developer.apple.com/documentation/Performance/Conceptual/PerformanceFundamentals/index.html

 

Solaris Tools

On Solaris systems, use the mpstat command to view statistics for each processor in a multiprocessor system. Each row of the table represents the activity of one processor. The first row summarizes all activity since the last system reboot; each subsequent row summarizes activity for the preceding interval. All values are events per second unless otherwise noted. The arguments are for time intervals between statistics and number of iterations. The following example shows sample output from the mpstatcommand:

CPU minf mjf xcal  intr ithr  csw icsw migr smtx  srw syscl  usr sys  wt idl
  0    0   0    1    71   21   23    0    0    0    0    55    0   0   0  99
  2    0   0    1    71   21   22    0    0    0    0    54    0   0   0  99
CPU minf mjf xcal  intr ithr  csw icsw migr smtx  srw syscl  usr sys  wt idl
  0    0   0    0    61   16   25    0    0    0    0    57    0   0   0 100
  2    1   0    0    72   16   24    0    0    0    0    59    0   0   0 100

Tuning Memory Management

Start the memory tuning process by measuring paging and swapping space to determine how much memory is available. After you have determined your system memory usage, tune the Oracle buffer cache.

The Oracle buffer manager ensures that the more frequently accessed data is cached longer. If you monitor the buffer manager and tune the buffer cache, you can have a significant influence on Oracle Database performance. The optimal Oracle Database buffer size for your system depends on the overall system load and the relative priority of Oracle over other applications.

Allocate Sufficient Swap Space

Try to minimize swapping because it causes significant UNIX overhead. To check for swapping, use the sar or vmstat commands. For information about the appropriate options to use with these commands, see the man pages.

If your system is swapping and you must conserve memory:

  • Avoid running unnecessary system daemon processes or application processes.
  • Decrease the number of database buffers to free some memory.
  • Decrease the number of UNIX file buffers, especially if you are using raw devices.
Note:

On Mac OS X systems, swap space is allocated dynamically. If the operating system requires more swap space, it creates additional swap files in the /private/var/vm directory. Ensure that the file system that contains this directory has sufficient free disk space to accommodate additional swap files.

To determine the amount of swap space, enter one of the following commands, depending on your platform:

Platform Command
AIX lsps -a
HP-UX swapinfo -m
Linux swapon -s
Solaris swap -l and swap -s
Tru64 UNIX swapon -s

 

To add swap space to your system, enter one of the following commands, depending on your platform:

Platform Command
AIX chps or mkps
HP-UX swapon
Linux swapon -a
Solaris swap -a
Tru64 UNIX swapon -a

 

Set the swap space to between two and four times the system’s physical memory. Monitor the use of swap space and increase it as required.

See Also:

For more information about these commands, see your operating system documentation.

Control Paging

Paging might not present as serious a problem as swapping, because an entire program does not have to be stored in memory to run. A small number of page-outs might not noticeably affect the performance of your system.

To detect excessive paging, run measurements during periods of fast response or idle time to compare against measurements from periods of slow response.

Use the vmstat (vm_stat on Mac OS X) or sar command to monitor paging. See the man pages or your operating system documentation for information about interpreting the results for your platform. The following columns from the output of these commands are important on Solaris:

Column Description
vflt/s Indicates the number of address translation page faults. Address translation faults occur when a process refers to a valid page not in memory.
rclm/s Indicates the number of valid pages that have been reclaimed and added to the free list by page-out activity. This value should be zero.

 

If your system consistently has excessive page-out activity, consider the following solutions:

  • Install more memory.
  • Move some of the work to another system.
  • Configure the SGA to use less memory.

Adjust Oracle Block Size

A UNIX system reads entire operating system blocks from the disk. If the database block size is smaller than the UNIX file system block size, I/O bandwidth is inefficient. If you set the Oracle database block size to be a multiple of the file system block size, you can increase performance by up to five percent.

The DB_BLOCK_SIZE initialization parameter sets the database block size. However, to change the value of this parameter, you must recreate the database.

To see the current value of the DB_BLOCK_SIZE parameter, enter the SHOW PARAMETER DB_BLOCK_SIZE command in SQL*Plus.

Tuning Disk I/O

Balance I/O evenly across all available disks to reduce disk access times. For smaller databases and those not using RAID, ensure that different data files and tablespaces are distributed across the available disks.

Use Automatic Storage Management

If you choose to use Automatic Storage Management for database storage, all database I/O is balanced across all available disk devices in the ASM disk group. ASM provides the performance of raw device I/O without the inconvenience of managing raw devices.

By using ASM, you avoid the need to manually tune disk I/O.

Choose the Appropriate File System Type

Depending on your operating system, you can choose from a range of file system types. Each file system type has different characteristics which can have a substantial impact on database performance. The following table lists common file system types available on UNIX platforms:

File System Platform Description
S5 AIX, HP-UX, Solaris UNIX System V file system
UFS AIX, HP-UX, Mac OS X, Solaris, Tru64 UNIX Unified file system, derived from BSD UNIX

Note: On Mac OS X, Oracle does not recommend the use of the UFS file system for either software or database files.

VxFS AIX, Solaris, HP-UX VERITAS file system
None All Raw devices (no file system)
ext2/ext3 Linux Extended file system for Linux
AdvFS Tru64 UNIX Advanced file system
CFS Tru64 UNIX Cluster file system
JFS/JFS2 AIX Journaled file system
HFS Plus, HFSX Mac OS X HFS Plus is the standard hierarchical file system used by Mac OS X. HFSX is an extension to HFS Plus that enables case-sensitive file names.
GPFS AIX General parallel file system
OCFS Linux Oracle Cluster file system

 

The suitability of a file system to an application is usually not documented. For example, even different implementations of the Unified file system are hard to compare. Performance differences can vary from 0 to 20 percent, depending on the file system that you choose. If you choose to use a file system:

  • Make a new file system partition to ensure that the hard disk is clean and unfragmented.
  • Perform a file system check on the partition before using it for database files.
  • Distribute disk I/O as evenly as possible.
  • If you are not using a logical volume manager or a RAID device, consider placing log files on a different file system from data files.

Monitoring Disk Performance

The following sections describe how to monitor disk performance.

Monitoring Disk Performance on Mac OS X

Use the iostat and sar commands to monitor disk performance on Mac OS X systems. For more information about using these commands, see the man pages.

Monitoring Disk Performance on Other Operating Systems

To monitor disk performance, use the sar -b and sar -u commands.

Table 8-1 describes the columns of the sar -b command output that are significant for analyzing disk performance.

Table 8-1 sar -b Output Columns

Columns Description
bread/s, bwrit/s Blocks read and blocks written per second (important for file system databases)
pread/s, pwrit/s Partitions read and partitions written per second (important for raw partition database systems)

 

An important sar -u column for analyzing disk performance is %wio, the percentage of CPU time waiting on blocked I/O.

Note:

Not all Linux distributions display the %wio column in the output of the sar -u command. For detailed I/O statistics, you can use iostat -x command.

Key indicators are:

  • The sum of the bread, bwrit, pread, and pwrit columns indicates the level of activity of the disk I/O subsystem. The higher the sum, the busier the I/O subsystem. The larger the number of physical drives, the higher the sum threshold number can be. A good default value is no more than 40 for two drives and no more than 60 for four to eight drives.
  • The %rcache column value should be greater than 90 and the %wcache column value should be greater than 60. Otherwise, the system may be disk I/O bound.
  • If the %wio column value is consistently greater than 20, the system is I/O bound.

System Global Area

The System Global Area (SGA) is the Oracle structure that is located in shared memory. It contains static data structures, locks, and data buffers. Sufficient shared memory must be available to each Oracle process to address the entire SGA.

The maximum size of a single shared memory segment is specified by the shmmax kernel parameter (shm_max on Tru64 UNIX). The following table shows the recommended value for this parameter, depending on your platform:

Platform Recommended Value
AIX Not applicable.
HP-UX The size of the physical memory installed on the system.

See Also: HP-UX Shared Memory Segments for an Oracle Instance for information about the shmmax parameter on HP-UX.

Linux Half the size of the physical memory installed on the system.
Mac OS X Not applicable. The largest SGA size on Mac OS X is 1000 MB
Solaris 4294967295 or 4 GB minus 16 MB. Can be greater than 4 GB on 64-bit systems.
Tru64 UNIX 4294967295 or 4 GB minus 16 MB.

Note: The value of the shm_max parameter must be at least 16 MB for the Oracle instance to start. If your system runs both Oracle9i and Oracle Database 10g instances, you must set the value of this parameter to 2 GB minus 16 MB.

 

If the size of the SGA exceeds the maximum size of a shared memory segment (shmmax or shm_max), Oracle Database 10g attempts to attach more contiguous segments to fulfill the requested SGA size. The shmseg kernel parameter (shm_seg on Tru64 UNIX) specifies the maximum number of segments that can be attached by any process. Set the following initialization parameters to control the size of the SGA:

  • DB_CACHE_SIZE
  • DB_BLOCK_SIZE
  • JAVA_POOL_SIZE
  • LARGE_POOL_SIZE
  • LOG_BUFFERS
  • SHARED_POOL_SIZE

Alternatively, set the SGA_TARGET initialization parameter to enable Oracle to automatically tune the SGA size.

Use caution when setting values for these parameters. When values are set too high, too much of the system’s physical memory is devoted to shared memory, resulting in poor performance.

Oracle databases configured with Shared Server require a higher setting for the SHARED_POOL_SIZE initialization parameter, or a custom configuration that uses the LARGE_POOL_SIZE initialization parameter. If you installed the database with the Oracle Universal Installer, then the value of the SHARED_POOL_SIZE parameter is set automatically by Database Configuration Assistant. However, if you created a database manually, increase the value of the SHARED_POOL_SIZE parameter in the parameter file by 1 KB for each concurrent user.

Determine the Size of the SGA

You can determine the SGA size in one of the following ways:

  • Enter the following SQL*Plus command to display the size of the SGA for a running database:
·         SQL> SHOW SGA
·

The result is shown in bytes.

  • Determine the size of the SGA when you start your database instance. The SGA size is displayed next to the heading Total System Global Area.
  • On systems other than Mac OS X, enter the ipcs command as the oracle user.

Shared Memory on AIX

On AIX, shared memory uses common virtual memory resources across processes. Processes share virtual memory segments through a common set of virtual memory translation resources, for example tables and cached entries, for improved performance.

With Oracle Database on AIX, shared memory can be pinned to prevent paging and to reduce I/O overhead. To do this, set the LOCK_SGA parameter to true. On AIX 5L, the same parameter activates the large page feature whenever the underlying hardware supports it.

Enter the following command to make pinned memory available to Oracle Database on AIX systems:

$ /usr/sbin/vmo -r -o v_pinshm=1

Enter a command similar to the following to set the maximum percentage of real memory available for pinned memory, where percent_of_real_memory is the maximum percent of real memory that you want to set:

$ /usr/sbin/vmo -r -o maxpin%=percent_of_real_memory

When using the maxpin%option, it is important that the amount of pinned memory exceeds the Oracle SGA size by at least 3 percent of the real memory on the system, allowing free pinnable memory for use by the kernel. For example, if you have 2 GB of physical memory and you want to pin the SGA by 400 MB (20 percent of the RAM), then enter the following command:

$ /usr/sbin/vmo -r -o maxpin%=23

Use the svmon command to monitor the use of pinned memory during the operation of the system. Oracle Database attempts to pin memory only if the LOCK_SGA parameter is set to true. Large Page Feature on AIX POWER4-Based Systems To turn on and reserve 10 large pages each of size 16 MB on a POWER4 system, enter the following command:

$ /usr/sbin/vmo -r -o lgpg_regions=10 -o lgpg_size=16777216

This command proposes bosboot and warns that a reboot is required for the changes to take affect.

Oracle recommends specifying enough large pages to contain the entire SGA. The Oracle instance attempts to allocate large pages when the LOCK_SGA parameter is set to true. If the SGA size exceeds the size of memory available for pinning, or large pages, the portion of the SGA exceeding these sizes is allocated to ordinary shared memory.

See Also:

For more information about enabling and tuning pinned memory and large pages, see the AIX documentation.

Tuning the Operating System Buffer Cache

To take full advantage of raw devices, adjust the size of the Oracle Database buffer cache and, if memory is limited, the operating system buffer cache.

The operating system buffer cache holds blocks of data in memory while they are being transferred from memory to disk, or from disk to memory.

The Oracle Database buffer cache is the area in memory that stores the Oracle database buffers. Because Oracle Database can use raw devices, it does not need to use the operating system buffer cache.

If you use raw devices, increase the size of the Oracle Database buffer cache. If the amount of memory on the system is limited, make a corresponding decrease in the operating system buffer cache size.

Use the sar command to determine which buffer caches you must increase or decrease. For more information about the sar command, see the man page.

Note:

For Tru64 UNIX, do not reduce the operating system buffer cache, because the operating system automatically resizes the amount of memory that it requires for buffering file system I/O. Restricting the operating system buffer cache can cause performance issues.

 

VxVM Troubleshooting – Procedure to Replace Internal FibreChannel (FC) Disks controlled by VxVM

Hot swapping of a failed disk is fairly straight procedure if the disks are regular SCSI disks, but for the Fibre Channel (FC) disks we should follow different procedure for hot swaping.

Below specific procedure should be used when replacing one of the internal disks in a system with internal fibre drives (Sun Fire 280R, Sun Fire V480, Sun Fire V490, Sun Fire V880, Sun Fire V890), especially if the disk is under Veritas Volume Manager (VxVM) control.

the procedure below ensures to alert VxVM to the fact that the drive is being replaced, although the disks are hot-swappable. Failure to follow this procedure could result in a duplicate entry for the replaced disk in VxVM, in ‘vxdisk list’ command

For example:

# vxdisk list
EVICE TYPE DISK GROUP STATUS
c1t0d0s2 sliced rootdisk rootdg online
c1t1d0s2 sliced – – error
c1t1d0s2 sliced – – error

To remove the duplicate entries from the above command, the easy way is to reboot the server. Following below procedure will prevent the duplicate device from being created in the first place.

Please not If the disk is not under VxVM control, you can skip steps 3,5,10,11,12

Procedure To Replace FC Disk which is under VxVM Control

Step1 : Collect the information

NOTE: All data on these devices should have been backed up. Before replacing any disk under VxVM control, it should be in either a ‘failed’ or ‘removed’ state:

# vxdisk list

DEVICE TYPE DISK GROUP STATUS
c1t0d0s2 sliced rootdisk rootdg online
c1t1d0s2 sliced – – online
– – disk01 rootdg failed was:c1t1d0s2

If the disk does not show up as “failed was”, as shown above, then you should run ‘vxdiskadm’ and choose option #4 to remove the disk for replacement. After running ‘vxdiskadm’, the output should look like this:

# vxdisk list

DEVICE TYPE DISK GROUP STATUS
c1t0d0s2 sliced rootdisk rootdg online
c1t1d0s2 sliced – – online
– – disk01 rootdg removed was:c1t1d0s2

NOTE: If this is a root-disk or root-mirror, check the following removed disk information, before this operation. This information is needed to change nvramrc.

WWN information:

For example,

# ls -al /dev/rdsk/c1t0d0s0

lrwxrwxrwx 1 root root 74 Mar 6 2003 c1t0d0s0 -> ../../devices/pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w21000004cfa19920,0:a,raw

devalias and boot-device in nvramrc

For example,

# eeprom nvramrc

devalias rootdisk /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w2100004cfa19920,0:a
devalias mirrdisk /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w2100004cfa19838,0:a
boot-device=rootdisk mirrdisk

Step 2. If this is a root-disk or root-mirror, use the dumpadm command to ensure that the dump-device is not on the failed disk. If it is, move it to the good side of the mirror, for example:

# dumpadm -d /dev/dsk/c1t0d0s1

Step 3. If vxdiskadm option 4 is used to remove the disk for replacement, instruct VxVM to re-read the device tree by running the command

# vxdctl enable

Step 4. Put the disk into the “offline” state with the following command:

# vxdisk offline c1t1d0s2

Step 5. Verify the disk has been marked “offline” with “vxdisk list”:

# vxdisk list

DEVICE TYPE DISK GROUP STATUS
c1t0d0s2 sliced rootdisk rootdg online
c1t1d0s2 sliced – – offline
– – disk01 rootdg removed was:c1t1d0s2

Step 6. Once Veritas has recognized the disk as offline and ready for replacement, you need to tell the operating system. This is done as follows:

# /usr/sbin/luxadm remove_device /dev/rdsk/c1t1d0s2

This will produce output similar to the following:

WARNING!!! Please ensure that no file systems are mounted on these device(s).

All data on these devices should have been backed up.

The list of devices which will be removed is:

1: Device name: /dev/rdsk/c1t1d0s2 Node WWN: 20000020371b1f31
Device Type: Disk device
Device Paths: /dev/rdsk/c1t1d0s2
Please verify the above list of devices and then enter c or to  Continue or q to Quit. [Default: c]:c

stopping: /dev/rdsk/c1t1d0s2…. Done
offlining: /dev/rdsk/c1t1d0s2…. Done
The drives are now off-line and spun down.

Physically remove the disk and press the Return key.

Hit after removing the device(s).
picld[87]: Device DISK1 removed
Device: /dev/rdsk/c1t1d0s2
No FC devices found. – /dev/rdsk/c1t1d0s2

NOTE:  The picld daemon notifies the system that the disk has been removed.

If no errors are printed, continue to step 6. Otherwise, if you receive any errors during this step:

physically pull the bad disk from the host run the commands:

# vxdisk rm c1t1d0s2
# luxadm -e offline /dev/rdsk/c1t1d0s2

if the disk is multipathed, run the ‘luxadm -e offline’ on the second path as well.

Step 7. Initiate devfsadm cleanup subroutines by entering the following command:

# /usr/sbin/devfsadm -C -c disk

The default devfsadm operation, is to attempt to load every driver in the system, and attach these drivers to all possible device instances. The devfsadm command then creates device special files in the /devices directory, and logical links in /dev.

With the “-c disk” option, devfsadm will only update disk device files. This saves time and is important on systems that have tape devices attached.

Rebuilding these tape devices could cause undesirable results on non-Sun hardware.

The -C option cleans up the /dev directory, and removes any lingering logical links to the device link names. This should remove all the device paths for this particular disk. This can be verified with:

# ls -ld /dev/dsk/c1t1d*

This should return no devices.

Step 8. Verify that the reference to this disk is gone by running the commands

# vxdisk list (if the disk is under vxvm control)

# format

It is now safe to physically replace the disk.

Step 9. After replacing the disk, create the necessary entries in the Solaris OS

device tree with one of the following commands:

# devfsadm

or

# /usr/sbin/luxadm insert_device

where sx is the slot number.

NOTE: In many cases, luxadm insert_device does not require the enclosure name and slot number.

Use the following to find the slot number:

# luxadm display

To find the use:

# luxadm probe

Run “ls -ld /dev/dsk/c1t1d*” to verify that the new device paths have been created.

NOTE: After inserting disk and running devfsadm(or luxadm), the old ssd id was changed to a new one. So, just ignore this change.

For example:

When an error occurs on the following disks(ssd3).

  • WARNING: /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w21000004cfa19920,0 (ssd3):
  • Error for Command: read(10) Error Level: Retryable
  • Requested Block: 15392944 Error Block: 15392958

(After inserting disk)

  • picld[287]: [ID 727222 daemon.error] Device DISK0 inserted
  • qlc: [ID 686697 kern.info] NOTICE: Qlogic qlc(2): Loop ONLINE
  • scsi: [ID 799468 kern.info] ssd10 at fp2: name w21000011c63f0c94,0, bus address ef
  • genunix: [ID 936769 kern.info] ssd10 is /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w21000011c63f0c94,0
  • scsi: [ID 365881 kern.info]
  • genunix: [ID 408114 kern.info] /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w21000011c
  • 63f0c94,0 (ssd10) online

Step 10. Label the disk using the format command.

If the disk is under VxVM control, be sure to write an SMI label(Solaris 9 4/03 OS or later):

# format -e /dev/rdsk/c1t1d0s2

format> l

[0] SMI Label

[1] EFI Label

Specify Label type[1]: 0

Auto configuration via format.dat[no]? no

Auto configuration via generic SCSI-2[no]? yes

Ready to label disk, continue? yes

If the disk is not under VxVM control, label the disk to local requirements, otherwise, it could be labeled with a standard vtoc. Steps 9a – 9c are only required if this is a system running SunCluster

Note: It’s possible to get errors from c0t0d0 which is the cdrom/dvd drive on Sun fire v480,v880 etc..

Step 11. Instruct VxVM to re-read the device tree by running the command

# vxdctl enable

Step 12. The disk will remain in the “offline” state until the new disk is initialized.

To initialize it, use the command line first:

# vxdisksetup -i c1t1d0

Then, use ‘vxdiskadm’ and choose option #5 to replace the failed or removed disk.

– OR –

Run ‘vxdiskadm’ and choose option #5 to initialize it and replace the failed or removed disk. If the ‘vxdiskadm’ command is run, and option #5 is chosen, it will show that “Access is disabled” for this new disk (because it is still “offline”), and will be asked whether or not you wish to “enable access” to it. Answer ‘yes’ to this question.

Step 13. The disk should now be online and functional, within the operating system and VxVM. Confirm this with “vxdisk list”.

NOTE: Do not re-boot the system and Setp-13(modify nvramrc) until a synchronization is completed. If it is re-booted, it cannot boot from a new disk or modify devalias. Confirm this with “vxtask list”:

# vxtask list

Step 14. If a swap partition had to be moved, move it back, for example:

# dumpadm -d /dev/dsk/c1t1d0s1

Step 15. If this was a root-disk or a root-mirror, then you need to make sure and run /etc/vx/bin/vxbootsetup command. The vxbootsetup utility configures a disk by writing a boot track at the beginning of the disk and by creating physical disk partitions in the UNIX VTOC that match the mirrors of the root, swap, /usr and /var.

#/etc/vx/bin/vxbootsetup -g rootdg rootdisk

Step 16. If this was a root-disk or root-mirror, then ensure the nvram aliases are updated so you can boot.

# ls -al /dev/rdsk/s0

example: ls -al /dev/rdsk/c1t1d0s0

Check the WWN from the ls output with the appropriate root alias entries in the NVRAM. (eeprom nvramrc) and look at rootmirror or rootdisk entries.

NOTE: The change method of devalias in nvramrc. From removed disk information to new disk information.

For example,

– List before modifying nvramrc. (removed disk information)

# eeprom nvramrc

devalias rootdisk /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w2100004cfa19920,0:a

devalias mirrdisk /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w2100004cfa19838,0:a

– List the new disk information

# ls -al /dev/rdsk/c1t0d0s0

lrwxrwxrwx 1 root root 74 Mar 6 2003 c1t0d0s0 -> ../../

devices/pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w21000011c63f0c94,0:a,raw

– Modify nvramrc

(This example is written in the bourne shell)

# eeprom nvramrc= ‘devalias root-disk /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@ w21000011c63f0c94,0:a [enter once] devalias rootmirror /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w21000004cfa19838,0:a ‘  [enter second time]

– List after modifying nvramrc.

# eeprom nvramrc

devalias rootdisk /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w21000011c63f0c94,0:a

devalias mirrdisk /pci@8,600000/SUNW,qlc@2/fp@0,0/ssd@w2100004cfa19838,0:a

NOTE: If this is a root-disk or rootmirror, the device path contains the WWN of the new disk. It is necessary to update the nvramrc devalias entries to the new device path, so the system will be able to boot from the newly-replaced rootdisk or rootmirror.

OSSEC v2.0 commands

ossec-reportd is a program to create reports from OSSEC alerts. ossec-reportd accepts alerts on stdin, and outputs a report on stderr.

Note

Since ossec-reportd outputs to stderr some utilities like less will not work if you do not redirect the output. End the ossec-reportd with 2>&1 to redirect stderr to stdout. more or less can be easily used after the stderr redirect.

ossec-reportd argument options

-h

Display the help message

-f <filter> <value>

Filter the results.

-r <filter> <value>

Show related entries.

-n <string>

Create a description for the report.

-s

Show the alerts related to the summary.

ossec-reportd example usage

Example 1: Show Successful Logins

# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f group authentication_success

Example 2: Show Alerts Level 10 and Greater

# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f level 10

Example 3: Show the srcip for all users

# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f group authentication -r user srcip

Example 4: Show Changed files as reported by Syscheck

# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -f group syscheck -r location filename

Example output

# cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd 2>&1 | more

2011/07/11 21:01:36 ossec-reportd: INFO: Started (pid: 1444).

2011/07/11 21:01:41 ossec-reportd: INFO: Report completed. Creating output…

Report completed. ==

————————————————

->Processed alerts: 17

->Post-filtering alerts: 17

->First alert: 2011 Jul 11 00:00:46

->Last alert: 2011 Jul 11 00:16:52

……………………………………………………………………………

…………………………………………………………………………………………………….

In case you have not had a chance to check it out OSSEC v2.0 added a command-line “reporting” tool. It is great for checking to see if agents, syslog etc is actually making it into OSSEC|OSSIM without having to install the web gui on OSSIM.

Note: These commands are from the OSSEC tutorial but I have made a change in the path to the ossec-reportd binary:

_________________________________________________________

Show all IP addresses/users that logged in during the day

cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -n “Logins summary” -f group authentication_success

_________________________________________________________

Show all IP addresses/users that logged in during the day and related srcips locations for each user

cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -n “Logins summary” -f group authentication_success -r user srcip -r user location

_________________________________________________________

Show all multiple authentication failures (brute force attacks)

cat /var/ossec/logs/alerts/alerts.log | /var/ossec/bin/ossec-reportd -n “Failures summary” -f group authentication_failures

_________________________________________________________

Show a summary for the month (or day) <July 2009>

zcat /var/ossec/logs/alerts/2009/Jul/*.gz | /var/ossec/bin/ossec-reportd -n “Month Summary”

 

RHCE "Cheat Sheet"

This document attempts to provide answers to all study points on the RHCE and RHCT Exam Preparation Guide in a single-page (and thus, printable) format. This is not a “brain dump” or an attempt to cheat the RH302 exam in any way. These are just my self-study notes. Use them at your own risk.

Other “Cheat Sheets”

The following links may have updated/additional information, but I am not responsible for any of it. If you are a Red Hat employee, and you believe that I’ve linked to something that violates the Red Hat NDA, please let me know, and I’ll remove the link immediately.

Testing Environment with Sun VirtualBox

install guest additions:

yum install gcc kernel-devel
sh /media/VBOXADDITIONS*/VBoxLinuxAdditions-x86.run
reboot

Prerequisite skills for RHCT and RHCE

Candidates should possess the following skills, as they may be necessary in order to fulfill requirements of the RHCT and RHCE exams:

use standard command line tools (e.g., ls, cp, mv, rm, tail, cat, etc.) to create, remove, view, and investigate files and directories

use grep, sed, and awk to process text streams and files

use a terminal-based text editor, such as vim or nano, to modify text files

use input/output redirection

operator description
> redirect STDOUT to a file
2> redirect STDERR to a file
&> redirect all output to a file
2>&1 redirect all output to a pipe
  • use >> to append instead of overwrite

understand basic principles of TCP/IP networking, including IP addresses, netmasks, and gateways for IPv4 and IPv6

use su to switch user accounts

su - <user>

use passwd to set passwords

passwd <user>

use tar, gzip, and bzip2

# compress (tar/gzip)
tar cvzf <file>.tgz <directory>
 
# extract (tar/gzip)
tar xvzf <file>.tgz
 
# compress (tar/bzip)
tar cvjf <file>.tbz <directory>
 
# extract (tar/bzip)
tar xvjf <file>.tbz

configure an email client on Red Hat Enterprise Linux

echo "message" | mail <email> -s "subject"
mail <email> -s "subject" < <file>

use text and/or graphical browser to access HTTP/HTTPS URLs

  • elinks
  • lynx

use lftp to access FTP URLs

RHCT skills

Troubleshooting and System Maintenance

RHCTs should be able to:

boot systems into different run levels for troubleshooting and system maintenance

append the desired runlevel to grub’s kernel line:

  • 1-5 runs appropriate rc and init scripts
  • single only runs rc.sysinit
  • emergency skips all rc and init scripts

diagnose and correct misconfigured networking

  1. check /etc/sysconfig/network
  2. check /etc/sysconfig/network-scripts/ifcfg-
  3. service network restart
  4. chkconfig network on
  5. ifconfig
  6. ping
  7. netstat -r
  8. ping
  9. ping 4.2.2.2

redhat network config tool:

system-config-network

diagnose and correct hostname resolution problems

  1. check /etc/nsswitch.conf
  2. check /etc/resolv.conf
  3. check /etc/hosts
  4. dig @ google.com

redhat network config tool:

system-config-network

configure the X Window System and a desktop environment

install x:

yum groupinstall "x window system"
  • init respawns /etc/X11/prefdm -nodaemon to keep x running in runlevel 5
  • startx to start manually

xfs is supposedly required for x windows (even though i can run x fine without it…):

service xfs on
chkconfig xfs on

x environment config:

  • /etc/sysconfig/desktop
  • /etc/X11/xinit/xinitrc
  • /etc/X11/xinit/Xclients
  • ~/.xinitrc
  • ~./Xclients

redhat display config tool:

system-config-display [--reconfig]

install gnome desktop:

yum groupinstall "gnome desktop environment"

switchdesk allows you to change your desktop environment:

yum install switchdesk
switchdesk

if switchdesk is not available, edit /etc/sysconfig/desktop:

DISPLAYMANAGER=<GNOME|KDE|XDM>
DESKTOP=<GNOME|KDE>

add new partitions, filesystems, and swap to existing systems

partitions

manage partitions:

fdisk <device>
partprobe
filesystems

make filesystems:

mkfs.<ext2|ext3>

label filesystems:

e2label <partition> <label>
blkid

manage filesystem settings:

tune2fs <partition>
dumpe2fs <partition>
swap

note that it’s possible to create a swap file instead of a partition:

dd if=/dev/zero of=<file> bs=1024 count=<size>

format the file/partition:

mkswap <partition|file>
nano -w /etc/fstab
swapon -va
cat /proc/swaps

use standard command-line tools to analyze problems and configure system

  • check for full filesystems, quotas

Installation and Configuration

RHCTs must be able to:

perform network OS installation

at boot prompt:

linux askmethod

implement a custom partitioning scheme

configure printing

printing support is provided by cups:

service cups start
chkconfig cups on

redhat printer config tool:

system-config-printer

web config tool:

http://localhost:631

printing via command line:

# print
lpr <file>
# view print queue
lpq
# remove print job
lprm <job number>

configure the scheduling of tasks using cron and at

cron

make sure vixie cron is installed and running:

yum install vixie-cron
service crond start
chkconfig crond on
  1. if /etc/cron.allow exists, only these users are allowed (/etc/cron.deny is ignored)
  2. if /etc/cron.allow does not exist, everyone allowed except users in /etc/cron.deny
  3. if neither exists, only root allowed
  4. empty /etc/cron.deny means all users allowed (default)

edit your cron jobs:

crontab -e

crontab format:

<minute> <hour> <day of month> <month> <day of week> <command>

Note: /etc/crontab has additional user field before command.

at/batch

make sure at is installed and running:

yum install at
service atd start
chkconfig atd on
  1. if /etc/at.allow exists, only these users are allowed (/etc/at.deny is ignored)
  2. if /etc/at.allow does not exist, everyone allowed except users in /etc/at.deny
  3. if neither exists, only root allowed
  4. empty /etc/at.deny means all users allowed (default)

example session:

# add jobs
at now + 1 hour
at> <command>
 
at 09:00 2009-07-23
at> <command>
 
batch
at> <command>
 
# list jobs
atq
 
remove jobs
atrm <job>

attach system to a network directory service, such as NIS or LDAP

redhat config tools:

system-config-authentication
authconfig-tui

required packages for nis:

yum install ypbind portmap

required packages for ldap:

yum install nss-ldap openldap

configure autofs

make sure the autofs service is running:

service autofs start
chkconfig autofs on

ensure the following line in /etc/nsswitch.conf:

automount: files nis

define an autofs-controlled mountpoint called test by adding the following to /etc/auto.master:

/test /etc/auto.test

create /etc/auto.test:

blah example.com:/pub/something
* example:/home/&
  1. local /test/blah => remote example.com:/pub/something
  2. local /test/user => remote example:/home/user (Note: this method can be used to automount home directories)

test automounting:

ls /test/blah
ls /test/user
 
# redhat defaults
ls /net/<hostname>
ls /misc/cd

add and manage users, groups, quotas, and File Access Control Lists

redhat user/group config tool:

system-config-users
users

/etc/passwd file format:

username:password:uid:gid:gecos:homedir:shell

/etc/shadow file format:

username:password:lastpwchange:minpwchange:maxpwage:pwchangewarn:inactive:expire

command line user management:

useradd <user>
usermod <user>
chage <user>
userdel <user>
pwck
  • default account expiration settings in /etc/login.defs
groups

/etc/group file format:

groupname:password:gid:members

command line group management:

groups <user>
groupadd <user>
groupmod <user>
groupdel <user>
grpck
quotas

install quota package

yum install quota

add fs options to /etc/fstab:

usrquota,grpquota

remount device

mount -o remount <mount point>

init quota database:

quotacheck -cugm <device>

enable/disable quotas

quotaon <device>
quotaoff <device>

edit quotas

edquota -u <user>
edquota -g <group>

edit grace time

edquota -ut <user>
edquota -gt <group>

check/report quotas

quota <user>
repquota -aug
Access Control Lists

install acl package

yum install acl

add fs options to /etc/fstab:

acl

remount device:

mount -o remount <mount point>

manage acls:

# set acls
setfacl -m [d:]u:<user>:<r|w|x|-> <file>
setfacl -m [d:]g:<group>:<r|w|x|-> <file>
 
# get acls
getfacl <file>
 
# remove acls
setfacl -x u:<user> <file>
setfacl -x g:<user> <file>
setfacl --remove-all <file>
setfacl --remove-default <file>

configure filesystem permissions for collaboration

  1. create new group
  2. add users to group
  3. chown folder to root.
  4. chmod folder to 2770 (g+s)

install and update packages using rpm

# install
rpm -ivh <package>.rpm
 
# update
rpm -Uvh <package>.rpm
 
# freshen
rpm -Fvh <package>.rpm
 
# remove
rpm -e <package>
 
# query by file name
rpm -qf <full path of file>
 
# verify a file
rpm -Vf > <full path of file>
 
# verify status of all packages
rpm -Va > /tmp/rpmverify

Note: while inside the rescue environment, use the –root option to specify the real location of your root file system (e.g. –root=/mnt/sysimage).

properly update the kernel package

  1. always do an install (i.e. rpm -ivh ) rather than an update
  2. check /boot/grub/grub.conf for proper configuration

configure the system to update/install packages from remote repositories using yum or pup

yum config goes in /etc/yum.repos.d/

[id]
name=my repo
baseurl=http://example.com/centos/
enabled=1

modify the system bootloader

  • production config is in /boot/grub/grub.conf
  • see examples in /usr/share/doc/grub-*/menu.lst

implement software RAID at install-time and run-time

to start, we need at least two devices/partitions of type “linux raid autodetect” (use fdisk to set partition type to “fd”)

create raid device:

mdadm --create /dev/md0 --level=<0|1|4|5|6|10> --raid-devices=<num> <device list>

fail disk in array:

mdadm /dev/md0 -f <device>

remove disk from array:

mdadm /dev/md0 -r <device>

add disk to array:

mdadm /dev/md0 -a <device>

stop array:

mdadm --stop /dev/md0

check raid status:

mdadm --detail /dev/md0
 
cat /proc/mdstat

format works as usual:

mkfs.ext3 /dev/md0

Note: don’t forget to configure /etc/fstab appropriately.

use /proc/sys and sysctl to modify and set kernel run-time parameters

config is in /etc/sysctl.conf

# search through parameters
sysctl -a | grep <whatever>
# apply changes from config file immediately
sysctl -p

use scripting to automate system maintenance tasks

configure NTP for time synchronization with a higher-stratum server

redhat config tool:

system-config-date
  • config is in /etc/ntp.conf

synchronization configuration example:

server 0.pool.ntp.org
server 1.pool.ntp.org
server 2.pool.ntp.org

apply changes:

service ntpd restart
chkconfig ntpd on

verify changes:

ntpq -p
RHCE skills

Troubleshooting and System Maintenance

RHCEs must demonstrate the RHCT skills listed above, and should be able to:

use the rescue environment provided by first installation CD

linux rescue
  • when working in non-chrooted rescue mode:
  • mount /dev/hdc /mnt/source (to access install files on the cd/dvd)
  • rpm commands should use the –root=/mnt/sysimage option

manually make /dev and /proc available in chrooted mode:

mount -o bind /dev /mnt/sysimage/dev
mount -o bind /proc /mnt/sysimage/proc

chroot /mnt/sysimage

diagnose and correct boot failures arising from bootloader, module, and filesystem errors

check in order: 1. mbr 1. /boot/grub/grub.conf 1. /etc/fstab 1. /etc/inittab 1. /etc/rc.d/rc.sysinit 1. /etc/rc.d/rc.d 1. /etc/rc.d/init.d/ 1. /etc/rc.d/rc.local

grub errors
  • in general, use the last line before the error message to see where grub error’d out
  • to find correct value for root option, type find /grub/stage1 at the grub command line (Note: remember that all file names in grub.conf are relative to the root option)
  • check for missing files in kernel and/or initrd lines
kernel errors
  • missing/corrupt initrd file results in: kernel panic – not syncing: vfs: unable to mount root fs on unknown-block
  • invalid root parameter for kernel results in: setuproot: error mounting /proc: No such file or directory
other

reinstall grub to mbr:

grub-install <device>

recreate initrd:

mkinitrd <filename> <kernel version>

fix corrupt filesystem:

fsck <partition>

if fsck is unable to locate a superblock, you can specify an alternative one:

dumpe2fs <partition>
fsck -b <block#> <partition>

diagnose and correct problems with network services (see Installation and Configuration below for a list of these services)

see what’s listening on what port:

netstat -ntaupe

add, remove, and resize logical volumes

redhat lvm config tool:

yum install system-config-lvm
system-config-lvm

create physical volume:

pvcreate <device>

create volume group:

vgcreate <name> <pv device> [pv device]

extend volume group:

vgextend <name> <pv device>

create logical volume:

lvcreate --size <size>M --name <lv name> <vg name>

extend logical volume:

lvextend --size <size>M <device>
resize2fs <device>

shrink logical volume:

resize2fs <device> <size>M
lvreduce --size <size>M <device>

remove logical volume:

lvremove <device>

diagnose and correct networking services problems where SELinux contexts are interfering with proper operation.

enable/disable selinux in /etc/sysconfig/selinux:

SELINUX=enforcing
SELINUXTYPE=targeted

install selinux troubleshooter:

yum install setroubleshoot
service setroubleshoot start
chkconfig setroubleshoot on

install selinux management tool:

yum install policycoreutils-gui

list selinux errors:

sealert -a /var/log/audit/audit.log | less

launch gui browser:

sealert -b

list selinux booleans:

getsebool -a

set selinux boolean:

setsebool -P <boolean> = <0|1>

list security contexts:

ls -Z <file>

change security contexts:

# using reference (copy contexts from existing known-good file)
chcon -R --reference <old file> <new file>
 
# manual
chcon -R -u <user> <file>
chcon -R -t <type> <file>

Installation and Configuration

RHCEs must demonstrate the RHCT-level skills listed above, and they must be capable of configuring the following network services. For each of these services, RHCEs must be able to:

  • install the packages needed to provide the service
  • configure SELinux to support the service
  • configure the service to start when the system is booted
  • configure the service for basic operation
  • Configure host-based and user-based security for the service

HTTP/HTTPS

install
yum install httpd mod_ssl
selinux

make new DocumentRoot match default DocumentRoot (Note: this applies to any directory that apache will serve files from):

chcon -R --reference /var/www /www
start at boot
chkconfig httpd on
basic config

requirements for ~user/ directories:

  • UserDir directive
  • chmod 701 the user’s home directory
  • change security context on the user’s UserDir

requirements for .htaccess file usage:

  • AllowOverride All directive

requirements for name-based virtual hosts:

  • NameVirtualHost *:80 and NameVirtualHost *:443 directives
  • each virtual host requires appropriate ServerName and ServerAlias directives
  • Note: a single virtual host cannot span multiple ports (i.e. 80 and 443). two separate VirtualHost *: sections are needed to do this.

self-signed ssl cert:

cd /etc/pki/tls/certs
rm localhost.crt
make testcert

check virtual host config:

httpd -D DUMP_VHOSTS
host-based security

firewall config:

protocol ports
tcp 80, 443

hosts are allowed by default and must be explicitly denied:

<Directory /var/www/html>
   Order deny,allow
   Deny from 192.168.0.0/255.255.255.0
   Deny from badguys.example.com
</Directory>

hosts are denied by default and must be explicitly allowed:

<Directory /var/www/html>
   Order allow,deny
   Allow from 192.168.0.0/255.255.255.0
   Allow from goodguys.example.com
</Directory>
user-based security

create web password file:

htpasswd -c /etc/httpd/webusers testuser1
htpasswd /etc/httpd/webusers testuser2

create web group file (/etc/httpd/webgroups):

testgroup: testuser1 testuser2

allow access by group:

<Directory /var/www/html>
   AuthType Basic
   AuthName "top secret area"
   AuthUserFile /etc/httpd/webusers
   AuthGroupFile /etc/httpd/webgroups
   Require group testgroup
</Directory>
verify service functionality

test http/https:

elinks <http|https>://<hostname>/[path]

SMB

install
yum install samba samba-client
selinux

allow samba to share home directories:

setsebool -P samba_enable_home_dirs=1

mark a directory as sharable with samba:

chcon -R -T samba_share_t <directory>
start at boot
chkconfig smb on
basic config

redhat samba config tool:

yum install system-config-samba
system-config-samba

set workgroup/domain:

workgroup = <workgroup>

security modes:

# connections check local pwdb (default)
security = user
 
# member server on a domain, uses pwdb on a dc
security = domain
workgroup = EXAMPLE
 
# member server on an ad domain using kerberos, uses pwdb on a dc
security = ads
realm = EXAMPLE.COM
password server = kerberos.example.com
 
# used when samba was not capable of being a domain member server (DO NOT USE)
security = server
encrypt passwords = yes
password server = <netbios name of dc>
 
# each share requires a password (DO NOT USE)
security = share

share options:

[<share name>]
# path for share
path = <path>
 
# share is visible
browseable = <yes|no>
 
# rw enabled
writeable = <yes|no>
 
# this is a shared printer
printable = <yes|no>
 
# all users connecting to this share use <group> as their primary group
group = <group name>

join domain:

net rpc join -U root

fstab example:

//<hostname>/<share> <mountpoint> cifs user=<username>,pass=<password> 0 0

Note: mount.cifs and umount.cifs need to be chmod’ed u+s in order to be used by non-root users

host-based security

firewall config:

protocol ports
tcp 139, 445
udp 137, 138

hosts allow/deny can be used per-server or per-share:

hosts allow = 127.0.0.1 192.168.2.0/24 192.168.3.0/24
hosts deny = 0.0.0.0/0
user-based security

account maintenance:

# add account (local linux account must exist first, or be translated via /etc/samba/smbusers):
smbpasswd -a <username>
 
# enable/disable account:
smbpasswd -e <username>
smbpasswd -d <username>
 
# remove account:
smbpasswd -x <username>

Note: service smb reload may be needed after account changes

share access:

valid users = <user1> @<group1>
  • share access is also controlled by unix file permissions
verify service functionality

list shares:

smbclient -L <hostname> -U <username>

browse shares:

smbclient //<hostname>/<share> -U <username>

test allow/deny statements for a host:

testparm /etc/samba/smb.conf <hostname> <ip address>

NFS

install
yum install portmap nfs-utils
start at boot
chkconfig portmap on
chkconfig nfs on
chkconfig nfslock on
chkconfig netfs on
basic config

redhat config tool:

yum install system-config-nfs
system-config-nfs

format of /etc/exports:

<mountpoint> <host>(<options>) [<host>(<options>) ...]

activate new exports:

/etc/init.d/nfs restart
host-based security

Note: edit /etc/sysconfig/nfs and restart nfs to set static ports

firewall config:

# see ports
rpcinfo -p

host based security is intrinsic to the format of the exports file

user-based security

use standard file permissions

verify service functionality

list exports:

showmount -e <host>

FTP

install
yum install vsftpd
selinux

allow local users to log in and cd into home directories:

setsebool -P ftp_home_dir=1
start at boot
chkconfig vsftpd on
basic config
host-based security
  • use ipchains with -[!]s option

firewall config:

protocol ports
tcp 21

Note: ftp data transfers will not work unless ip_conntrack_ftp is added to IPTABLES_MODULES in /etc/sysconfig/iptables-config

tcp_wrappers example:

vsftpd : 192.168.0.
user-based security
  • allow/deny controlled via /etc/vsftpd/user_list (Note: users in /etc/vsftpd/ftpusers are always denied via pam)
  • default allow/deny is configured by userlist_deny statement in vsftpd.conf
verify service functionality

test ftp:

ftp <server>

Web proxy

install
yum install squid
selinux

allow squid to connect to the network (this is recommended, but was not needed in my testing):

setsebool -P squid_connect_any=1
start at boot
chkconfig squid on
host-based security

firewall config:

protocol ports
tcp 3128

allow access from local networks:

acl our_networks src 192.168.1.0/24 192.168.2.0/23
http_access allow our_networks
user-based security

FIXME

verify service functionality

test proxy:

HTTP_PROXY=<server>:3128 elinks

SMTP

install
yum install postfix
alternatives --config mta
service sendmail stop
start at boot
chkconfig postfix on
basic config

listen on public interfaces:

inet_interfaces = all

specify all destination hostnames/domains:

mydestination = <hostname1>, <hostname2>, ...

specify origin domain:

myorigin = $mydomain

local aliases in /etc/aliases (Note: dont forget to run newaliases to apply changes):

<alias>: <user1>[, user2]

virtual aliases in /etc/postfix/virtual (Note: dont forget to run postmap /etc/postfix/virtual to apply changes):

<virtual alias>: <user>

enable virtual aliases:

virtual_alias_maps = hash:/etc/postfix/virtual

outbound address rewriting in /etc/postfix/generic (Note: dont forget to run postmap /etc/postfix/generic to apply changes):

<outbound alias>: <user>

enable outbound aliases:

smtp_generic_maps = hash:/etc/postfix/generic
host-based security
  • use ipchains with -[!]s option

firewall config:

protocol ports
tcp 25
user-based security

FIXME use smtp auth?

verify service functionality

test smtp:

telnet <server> 25

IMAP, IMAPS, and POP3

install
yum install dovecot
start at boot
chkconfig dovecot on
basic config

enable protocols:

protocols = <protocol list>

create custom ssl cert:

nano -w /etc/pki/dovecot/dovecot-openssl.cnf
/usr/share/doc/dovecot-*/examples/mkcert.sh
service dovecot restart
host-based security

use ipchains with -[!]s option

protocol ports
tcp 143, 110, 995, 993
user-based security

use pam_listfile in /etc/pam.d/dovecot

verify service functionality

test mailbox acess:

mutt -f <imap|imaps|pop|pops>://<user>@<server>

SSH

install
yum install openssh-server
start at boot
chkconfig sshd on
user-based security

allow/deny user access:

AllowUsers user1 user2 user3@example.com
DenyUsers user4 user5 user6@example.com
host-based security
  • use ipchains with -[!]s option

firewall config:

protocol ports
tcp 22

tcp_wrappers example:

sshd : 192.168.0.
verify service functionality

test logging in:

ssh <user>@<server>

DNS (caching name server, slave name server)

install
yum install bind-chroot caching-nameserver
start at boot
chkconfig named on
basic config

copy sample config:

cp -a /var/named/chroot/etc/named.caching-nameserver.conf /var/named/chroot/etc/named.conf

caching-only nameserver:

  • edit listen-on directives (comment out to listen on all interfaces)
  • edit allow-query directives (comment out allow queries from everyone)
  • edit match-clients and match-destinations directives to allow recursive queries from other hosts

slave nameserver:

  • get slave example from /usr/share/doc/bind-*/sample/etc/named.conf
host-based security

firewall config:

protocol ports
tcp 53
udp 53

allow-query example:

allow-query { 192.168.0.0/16; localnets; };
user-based security

N/A

verify service functionality

test query:

dig @<server> <domain>

test zone transfer:

dig @<server> <domain> axfr

NTP

install
yum install ntp
start at boot
chkconfig ntpd on
host-based security

firewall config:

protocol ports
udp 123

allow other servers to sync with us:

restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
user-based security

N/A

verify service functionality

show peers:

ntpq -p

RHCEs must also be able to:

configure hands-free installation using Kickstart

yum install system-config-kickstart
  1. make installation tree available
  2. create kickstart file (use system-config-kickstart to create ks.cfg) and validate (using ksvalidator)
  3. validate kickstart file
  4. make kickstart file available
    • bootable diskette (place in top level directory)
    • bootable cdrom (place in top level directory)
    • network (http, ftp, nfs)
  1. use bootable media and supply appropriate kernel parameter

ks=floppy:/ks.cfg ks=cdrom:/ks.cfg ks=http://example.com/ks.cfg ks=nfs:example.com:/ks.cfg

implement logical volumes at install-time

use iptables to implement packet filtering and/or NAT

Note: do not use system-config-securitylevel, as it will overwrite your custom iptables rules. the following method seems to be the best way to go:

  1. make changes in /etc/sysconfig/iptables
  2. run /etc/init.d/iptables restart to apply changes
packet filtering

packet filtering example:

-A <chain> -p <tcp/udp> -m <tcp/udp> [-s[!] <source address>] --dport <destination port> -j ACCEPT
NAT

enable ip forwarding in /etc/sysctl.conf:

net.ipv4.ip_forward = 1

to test from another machine:

ip route replace default via <ip address>

to make nat changes permanent, add the following to the top of /etc/sysctl.conf

*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# nat rules go here
COMMIT

inbound dnat:

iptables -t nat -A PREROUTING -p <tcp/udp> --dport <destination port> -j DNAT --to-dest <private server>:<port>

outbound dnat:

iptables -t nat -A OUTPUT -p <tcp/udp> --dport <destination port> -j DNAT --to-dest <private server>:<port>

masquerading:

iptables -t nat -A POSTROUTING -o <outbound interface> -j MASQUERADE

snat:

iptables -t nat -A POSTROUTING -j SNAT --to-source <public server>:<port>

example for forwarding port 80 requests to port 8080:

iptables -A PREROUTING -i eth+ -p tcp --dport 80 -j REDIRECT --to-port 8080

FIXME

use PAM to implement user-level restrictions

module documentation
  • /usr/share/doc/pam-*/txts
module configuration
  • /etc/pam.d
  • /etc/security
interface description
auth user authentication (e.g. verifies password, set group membership or kerberos tickets, etc.)
account verifies that access is allowed (e.g. expired account?, check group membership, etc.)
password handles password changes
session manages user sessions (e.g. mount home dir, create mailbox, logging, etc.)

 

control flag description
required must pass, **continue** testing on failure
requisite must pass, **stop** testing on failure
sufficient failure is ignored, but if passing so far, return success at this point
optional pass or failure is irrelevant
include include another file
pam_listfile.so example

allow/deny users if listed in /etc/special:

auth required pam_listfile.so onerr=success item=user sense=<allow|deny> file=/etc/special
Additional Notes

tcp_wrappers

file format:

<daemon list> : <client list> [except <client list>] [: <option>]

search order:

  1. /etc/hosts.allow
  2. /etc/hosts.deny
  3. allow by default

Note: searching stops on first match

Troubleshooting

unable to log in

  • password wrong or expired?
  • account locked?
  • shell set to /sbin/nologin, /bin/false, etc.?
  • root user and PermitRootLogin no in /etc/ssh/sshd_config?
  • root user and terminal not listed in /etc/securetty?
  • non-root user and /etc/nologin exists?
  • check pam_listfile restrictions

Cisco MDS Series Switch CLI – Config Mode Commands Line Interface

The following example shows output from the config terminal command:
switch# config terminal

Enter configuration commands, one per line. End with CNTL/Z.
switch(config)#

Configuration Mode Commands and Submodes

Here is a list of configuration mode commands:

switch# config terminal

Enter configuration commands, one per line. End with CNTL/Z.

switch(config)#

 

aaa Configure the aaa
arp “no” remove an entry from the ARP cache
boot Configure the boot variables
callhome Enter the callhome configuration mode
clock Configure the time-of-day clock
end Exit to EXEC mode
exit Exit from the EXEC
fcalias Fcalias configuration commands
fcanalyzer Configure the fabric analyzer
fcc Configure the fc congestion control
fcdomain Enter the fcdomain configuration mode
fcdroplatency Configure the switch or network latency
fcflow Configure the fcflow
fcinterop Interoperate commands
fcns Name Server configuration
fcroute Configure the FC routes
fcs Configure the Fabric Config Server
fctimer Configure the fibre Channel timers
fspf Configure the fspf
interface Select an Interface to Configure
line Configure a terminal line
logging Modify the message logging facilities
no Negate a command or set its defaults
ntp NTP Configure
power Configure the Power supply
poweroff Power off a module in the switch
qos Configure the priority of FC control frames
radius-Server Configure the RADIUS related parameters
role Configure the Roles
snmp-server Configure SNMP server
span Enter SPAN configuration mode
ssh Configure the SSH parameters
switchname Configure the system’s network name
system System config command
telnet Enable the telnet

trunk

Configure the switch wide trunk protocol
username Configure the user information
vsan Enter the vsan configuration mode
zone Zone configuration commands
zoneset Zoneset configuration commands
ip Configure the IP features

 

How to obtain the serial number (SN) of a Brocade switch by command?

DS_300B:admin> chassisshow

POWER SUPPLY  Unit: 1
Time Awake:             2 days

FAN  Unit: 1
Time Awake:             2 days

FAN  Unit: 2
Time Awake:             2 days

FAN  Unit: 3
Time Awake:             2 days

CHASSIS/WWN  Unit: 1
Header Version:         2
Factory Part Num:       40-1000165-14
Factory Serial Num:     ALJ7852H0F5
Manufacture:            Day:  8  Month:  1  Year: 2012
Update:                 Day: 22  Month:  4  Year: 2012
Time Alive:             5 days
Time Awake:             2 days
ID:                     EMC0000CA
Part Num:               CONTRX0000300
Serial Num:             BRCALJ3254H0F6

DS_300B:admin>

Solaris fault manager overview

Solaris fault manager overview

One of the coolest features in Solaris 10 in the fault management service. Fault management allows system software to send telemetry data to the fmd(1m) daemon, which then diagnoses the problem, and takes action (e.g., offlining a faulty components and logging an error with FMRI/UUID information to syslog) based on the type of event received. The diagnosis phase is controlled by a set of diagnosis engines, which can be viewed with the fmadm(1m) utilities “config” option:

$ fmadm config

MODULE                   VERSION STATUS  DESCRIPTION
USII-io-diagnosis        1.0     active  UltraSPARC-II I/O Diagnosis
cpumem-retire            1.0     active  CPU/Memory Retire Agent
eft                      1.12    active  eft diagnosis engine
fmd-self-diagnosis       1.0     active  Fault Manager Self-Diagnosis
io-retire                1.0     active  I/O Retire Agent
syslog-msgs              1.0     active  Syslog Messaging Agent

If the fault manager daemon (fmd) detects a fault, it will log a detailed message to syslog, and update the fault manager error and fault logs. The contents of these logfiles can be viewed with the fmdump(1m) utility:

$ fmdump -v

TIME UUID SUNW-MSG-ID
fmdump: /var/fm/fmd/fltlog is empty

$ fmdump -e -v

TIME                 CLASS                                 ENA
fmdump: /var/fm/fmd/errlog is empty

If a device is diagnosed as faulty, this will be indicated in the fmadm(1m) “faulty” output:

$ fmadm faulty

   STATE RESOURCE / UUID
-- ------ ----------------------------------------------------------------------

The fault management daemon (fmd) keeps track of service events and numerous pieces of key statistical data. This information can be accessed and printed with the fmstat(1m) utility:

$ fmstat

module             ev_recv ev_acpt wait  svc_t  %w  %b  open solve  memsz  bufsz
USII-io-diagnosis        0       0  0.0    0.0   0   0     0     0      0      0
cpumem-retire            0       0  0.0    0.0   0   0     0     0      0      0
eft                      0       0  0.0    0.0   0   0     0     0   552K      0
fmd-self-diagnosis       0       0  0.0    0.0   0   0     0     0      0      0
io-retire                0       0  0.0    0.0   0   0     0     0      0      0
syslog-msgs              0       0  0.0    0.0   0   0     0     0    32b      0

If you are interested in learning more about this amazingly cool technology, you can check out the following resources:

Mike Shapiro’s ACM Fault Management Article

Mike Shapiro’s Fault Management Presentation

Linux : swapon: /dev/sda5: Invalid argument

Today I have resize all Linux partition and find that my swap is not mounted. I have make swap again and its working fine.

Before resize of partition :

alienvault:/var/log# df -h
Filesystem    Type    Size  Used Avail Use% Mounted on
/dev/sda1     ext3     95G   74G   16G  83% /
tmpfs        tmpfs   1008M     0 1008M   0% /lib/init/rw
udev         tmpfs     10M  616K  9.4M   7% /dev
tmpfs        tmpfs   1008M     0 1008M   0% /dev/shm
You have new mail in /var/mail/root
alienvault:/var/log# fdisk -l

Disk /dev/sda: 107.3 GB, 107374182400 bytes
255 heads, 63 sectors/track, 13054 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x000de769

Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1       12518   100550803+  83  Linux
/dev/sda2           12519       13054     4305420    5  Extended
/dev/sda5           12519       13054     4305388+  82  Linux swap / Solaris

alienvault:/var/log# free -m
total       used       free     shared    buffers     cached
Mem:          2014       1998         16          0          5        708
-/+ buffers/cache:       1284        729
Swap:         4204       1226       2978
alienvault:/var/log#
login as: root
root@10.1.50.115’s password:
Linux alienvault 2.6.31.6 #3 SMP Tue Jul 13 06:50:17 EDT 2010 x86_64
Profiles: Server Sensor Framework Database
=========================================================================
=========================================================================
==             _   _                                        _   _      ==
==      __ _  | | (_)   ___   _ __  __   __  __ _   _   _  | | | |_    ==
==     / _` | | | | |  / _ | ‘_ / / / _` | | | | | | | | __|   ==
==    | (_| | | | | | |  __/ | | | | V / | (_| | | |_| | | | | |_    ==
==     __,_| |_| |_|  ___| |_| |_|  _/   __,_|  __,_| |_|  __|   ==
==                                                                     ==
=========================================================================
===================== http://www.alienvault.com  ========================
=========================================================================
You have new mail.
Last login: Fri Apr  6 11:51:04 2012
alienvault:~#
alienvault:~#
alienvault:~# df -h
Filesystem    Type    Size  Used Avail Use% Mounted on
/dev/sda1     ext3     95G   53G   38G  59% /
tmpfs        tmpfs   1008M     0 1008M   0% /lib/init/rw
udev         tmpfs     10M  616K  9.4M   7% /dev
tmpfs        tmpfs   1008M     0 1008M   0% /dev/shm

After resize of partition:

alienvault:~# fdisk -l

Disk /dev/sda: 214.7 GB, 214748364800 bytes
255 heads, 63 sectors/track, 26108 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x000de769

Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1       25036   201101638+  83  Linux
/dev/sda2           25037       26108     8610840    5  Extended
/dev/sda5           25037       26108     8610808+  82  Linux swap / Solaris
alienvault:~# resize2fs /dev/sda1
resize2fs 1.41.3 (12-Oct-2008)
Filesystem at /dev/sda1 is mounted on /; on-line resizing required
old desc_blocks = 6, new_desc_blocks = 12
Performing an on-line resize of /dev/sda1 to 50275409 (4k) blocks.
The filesystem on /dev/sda1 is now 50275409 blocks long.

alienvault:~# fdisk -l

Disk /dev/sda: 214.7 GB, 214748364800 bytes
255 heads, 63 sectors/track, 26108 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Disk identifier: 0x000de769

Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1       25036   201101638+  83  Linux
/dev/sda2           25037       26108     8610840    5  Extended
/dev/sda5           25037       26108     8610808+  82  Linux swap / Solaris
alienvault:~# df -h
Filesystem    Type    Size  Used Avail Use% Mounted on
/dev/sda1     ext3    189G   53G  127G  30% /
tmpfs        tmpfs   1008M     0 1008M   0% /lib/init/rw
udev         tmpfs     10M  616K  9.4M   7% /dev
tmpfs        tmpfs   1008M     0 1008M   0% /dev/shm
alienvault:~# free -m
total       used       free     shared    buffers     cached
Mem:          2014       1995         18          0        784        197
-/+ buffers/cache:       1013       1001
Swap:            0          0          0

alienvault:~# swapoff -a

alienvault:~# swapon -a
swapon: /dev/sda5: Invalid argument

alienvault:~# mkswap /dev/sda5

Setting up swapspace version 1, size = 8817463 kB
no label, UUID=cc1ce0ea-364b-4acc-8f58-b54f91ff6349
alienvault:~#
alienvault:~# swapon -a
alienvault:~# df -h
Filesystem    Type    Size  Used Avail Use% Mounted on
/dev/sda1     ext3    189G   53G  127G  30% /
tmpfs        tmpfs   1008M     0 1008M   0% /lib/init/rw
udev         tmpfs     10M  616K  9.4M   7% /dev
tmpfs        tmpfs   1008M     0 1008M   0% /dev/shm
alienvault:~# free -m
total       used       free     shared    buffers     cached
Mem:          2014       1969         44          0        673        271
-/+ buffers/cache:       1024        989
Swap:         8408          0       8408
alienvault:~#