digiturf.net

Creating new LV for “systemdump & making it “primary” when there is no “sysdump” available already on server.


*** /dev/hd6 is the default Paging device in AIX. (Differs based on sys config – http://lparbox.com/how-to/aix/20)
*** Now we will see how to create a new LV and make it “default / primary dumpdevice” in server where there is no “dumpdevice” already existing.

 
# sysdumpdev -l        – shows the existing config of “dumpdevice”.
primary              /dev/hd6
secondary            /dev/sysdumpnull
copy directory       /var/adm/ras
forced copy flag     TRUE
always allow dump    FALSE
dump compression     ON

# lsvg -l rootvg           – Here “/dev/hd6” is taken as “paging space” & “sysdump” is not available.
rootvg:
LV NAME             TYPE       LPs   PPs   PVs  LV STATE      MOUNT POINT
hd5                 boot       1     1     1    closed/syncd  N/A
hd6                 paging     5     5     1    open/syncd    N/A
hd8                 jfslog     1     1     1    open/syncd    N/A
hd4                 jfs        16    16    1    open/syncd    /
hd2                 jfs        21    21    1    open/syncd    /usr
hd9var              jfs        1     1     1    open/syncd    /var
hd3                 jfs        1     1     1    open/syncd    /tmp
hd1                 jfs        1     1     1    open/syncd    /home
hd10opt             jfs        33    33    1    open/syncd    /opt
paging00            paging     3     3     1    open/syncd    N/A
lv00                jfs        8     8     1    open/syncd    /usr/local

# lsvg rootvg            – As we’ve free PP’s we can create a new LV.
VOLUME GROUP:       rootvg                   VG IDENTIFIER:  00584c4e00004c00000001149388259d
VG STATE:           active                  PP SIZE:        64 megabyte(s)
VG PERMISSION:      read/write    TOTAL PPs:      1084 (69376 megabytes)
MAX LVs:            256                      FREE PPs:       993 (63552 megabytes)
LVs:                11                              USED PPs:       91 (5824 megabytes)
OPEN LVs:           10                       QUORUM:         2
TOTAL PVs:          2                        VG DESCRIPTORS: 3
STALE PVs:          0                        STALE PPs:      0
ACTIVE PVs:         2                       AUTO ON:        yes
MAX PPs per VG:     32512                                    
MAX PPs per PV:     1016               MAX PVs:        32
LTG size (Dynamic): 256 kilobyte(s)          AUTO SYNC:      no
HOT SPARE:          no                     BB POLICY:      relocatable

# sysdumpdev -e
Estimated dump size in bytes: 39007027

# bc                   –  calculating the estimated dump size shown above in MB’s.
39007027/1024/1024
37

# mklv -t sysdump rootvg 3     – as we’ve not specified LV name, SYS created it as “lv01”.
lv01

# lsvg -l rootvg        – We see “lv01” as “sysdump” here.
rootvg:
LV NAME             TYPE       LPs   PPs   PVs  LV STATE      MOUNT POINT

hd6                 paging     5     5     1    open/syncd    N/A
hd8                 jfslog     1     1     1    open/syncd    N/A
hd4                 jfs        16    16    1    open/syncd    /
……………………………………………………………………………..
paging00        paging     3     3     1    open/syncd    N/A
lv00                jfs        8     8     1       open/syncd    /usr/local
lv01                sysdump    3     3     1    closed/syncd  N/A

# sysdumpdev -Pp /dev/lv01     – Making “lv01” primary dump device.
primary              /dev/lv01
secondary            /dev/sysdumpnull
copy directory       /var/adm/ras
forced copy flag     TRUE
always allow dump    FALSE
dump compression     ON

* Thanks lparbox.com for such nice articles and we give credits to them.

sudo permission to jdapp (sudo su – jdapp) for chkprod user.

# visudo             ^ This edits “/etc/sudoers” file. Added the following lines.

Cmnd_Alias JDAPP=/u01/app/jd-apps/bin/jdapp.sh
chkprod ALL=(jdapp) NOPASSWD: JDAPP,/bin/bash  ^Allowing “chkprod” to su as “jdapp” and he can execute “jdapp.sh” and given access to “Bash shell”.

 NOTES :

* * su will always prompt for password. Entering the password for chkprod when running ” # sudo su – jboss “ will allow changing to the jdapp user.
* * Running ” sudo -u jboss /bin/bash ” as chkprod will allow the change to jdapp user without entering password.

Unix File Permissions for single user / Notes on POSIX ACL / setfacl


# setfacl -m user:userid:rwx filename / directory  ^ Syntax for applying permissions on file for single user.

* * The following STEPS are only required for “ext3 and ext4” on Linux kernels older than 2.6.38. All other filesystems that support ACLs enable them automatically.

# mount -o remount,acl filesystem  ^ This step is enough in most cases, if not, use next command as well.
# tune2fs -o acl /dev/partitionname

Example : User “ENDNOTE” to have RWX permission on “/prod/products” filesystem.

# setfacl -m user:endnote:rwx /prod/products    
setfacl: /prod/products: Operation not supported

* Before executing the below step we had error shown above

# mount -o remount,acl /prod/products      ^ Mounting the filesystem with ACL’s enabled.
# setfacl -m user:endnote:rwx /prod/products   ^ Giving user “endnote” required permission on /prod/products.

# getfacl /prod/products      ^ Checking ACL’s on directory “/prod/products”.
getfacl: Removing leading ‘/’ from absolute path names
# file: prod/products
# owner: isiprod
# group: prod
user::rwx
user:endnote:rwx
group::rwx
mask::rwx
other::r-x

endnote:/prod/products# touch 123   ^ Making sure user “endnote” has access to /prod/products.
 
endnote:/prod/products> ls -l       ^ File is written and listed here.
total 16
-rw-r–r– 1 endnote users     0 2012-12-06 22:00 123
drwxrwx— 2 root    root  16384 2012-02-09 05:48 lost+found

Move /usr/local/www from SAN filesystem to local disk, destroy unused LV’s, VGs, etc.


* /usr/local/www is on vg01, which is on SAN.  SAN is to be retracted from “blgate” server, so /usr/local/www needs to be moved to local disk.

# Extend /usr by 512MB
[blgate]#  chfs -a size=+512M /usr
Filesystem size changed to 9437184

# Unmount /usr/local/www
[blgate]#  umount /usr/local/www

# mount /dev/wwwlv as /mnt
[blgate]#  mount /dev/wwwlv /mnt

# Listing files after the mount
[blgate :/mnt]# ls
.history       .profile       MPL            gu.c           local          nohup.out      repository     vdkw_cgi@7273
.mc.ini        .sh_history    a.out          isirad         lost+found     ns-home        start_verity
.pine-debug1   ISIHDRV1.GIF   bin            linkchecker    mail           old_stuff      test
.pinerc        MLogon-frozen  form.html      live           new            perl5.003      usage.html

# Checking if there are any files existed already in destination Dir.
[blgate:/usr/local/www]# ls -la
total 16
drwxr-xr-x   2 root     system          512 Apr 06 2007  .
drwxr-xr-x  22 root     system          512 Dec 10 2012  ..

# Copy contents of /mnt to /usr/local/www
[blgate:/usr/local/www]# cp -Rp /mnt/*  .    ^^ This error and then ” #cp -RP ” solved this, but permissions of files are reset.
cp: jtquery.cgi: There are too many levels of symbolic links to translate a path name.
cp: jtsearch.cgi: There are too many levels of symbolic links to translate a path name.

# Copy contents of /mnt to /usr/local/www
[blgate:/usr/local/www]# cp -RP /mnt/* .

# Backup filesystem config file.
[blgate]#  cp -p /etc/filesystems /filesystems04072014

# Unmount /mnt
[blgate]#  umount /mnt

[blgate]#  ls -l /mnt
total 0

# To find list of LV’s from vg01
[blgate]#  lsvg -l vg01
vg01:
LV NAME             TYPE       LPs   PPs   PVs  LV STATE      MOUNT POINT
loglv02                   jfs2log        1       1     1    closed/syncd  N/A
fslv01                     jfs2           592   592   1    closed/syncd  N/A
wwwlv                   jfs2            16     16    1    closed/syncd  N/A

# Removing the LV’s Listed from vg01.
[blgate]#  rmlv loglv02 fslv01 wwwlv
Warning, all data contained on logical volume loglv02 will be destroyed.
rmlv: Do you wish to continue? y(es) n(o)? y
rmlv: Logical volume loglv02 is removed.
Warning, all data contained on logical volume fslv01 will be destroyed.
rmlv: Do you wish to continue? y(es) n(o)? y
rmlv: Logical volume fslv01 is removed.
Warning, all data contained on logical volume wwwlv will be destroyed.
rmlv: Do you wish to continue? y(es) n(o)? y
rmlv: Logical volume wwwlv is removed.

# Verifying to make sure, there are no LV’s left in vg01.
[blgate]#  lsvg -l vg01
vg01:
LV NAME             TYPE       LPs   PPs   PVs  LV STATE      MOUNT POINT

# Removing the volume group by executing the following, this will not return any message on console and gives the prompt. 
[blgate]#  varyoffvg vg01
[blgate]#  exportvg vg01

# To find the disks associated / unassociated with vg01.
[blgate]#  lspv
hdisk1          0000153ff1ba173e                    rootvg          active
hdisk0          00584d0e5180facd                    rootvg          active
hdisk24         0000153f5da79954                    None
hdisk25         0000153f5da79ef4                    None
hdisk26         0000153f5da7a44c                    None
hdisk27         0000153f5da7a92d                    None
hdisk28         0000153f5da7ae57                    None
hdisk29         0000153f5da7b370                    None
hdisk30         0000153f5da7b867                    None
hdisk31         0000153f5da35f5d                    None
hdisk32         0000153f5da7bdc6                    None
hdisk33         0000153f5da7c38e                    None
hdisk34         0000153f5da7c8f9                    None
hdisk35         0000153feb7b7919                    None
hdisk36         0000153feb7b7e42                    None
hdisk37         0000153feb7b8390                    None
hdisk38         0000153feb7b88ba                    None
hdisk39         0000153feb7b8df9                    None

# Execute the following “One Liner” to remove all un-associated disks at once.
[blgate]# for i in hdisk24 hdisk25 hdisk26 hdisk27 hdisk28  hdisk29 hdisk30 hdisk31 hdisk32 hdisk33 hdisk34 hdisk35 hdisk36 hdisk37 hdisk38 hdisk39;
> do rmdev -dl $i ;
> done
hdisk24 deleted
hdisk25 deleted
hdisk26 deleted
hdisk27 deleted
hdisk28 deleted
hdisk29 deleted
hdisk30 deleted
hdisk31 deleted
hdisk32 deleted
hdisk33 deleted
hdisk34 deleted
hdisk35 deleted
hdisk36 deleted
hdisk37 deleted
hdisk38 deleted
hdisk39 deleted

# Make sure the disks / devices are removed.
[blgate]#  lspv
hdisk1          0000153ff1ba173e                    rootvg          active
hdisk0          00584d0e5180facd                    rootvg          active

# As we’ve already copied the files to existing /usr filesystem which is local and part of “rootvg”, files are there in it at /usr/local/www.
[blgate:/]# df -g
Filesystem    GB blocks      Free %Used    Iused %Iused Mounted on
. . . . . . . . . . . . . . . . . . . . .
/dev/hd2           4.50      0.00  100%    47446     5% /usr
. . . . . . . . . . . . . . . . . . . . .

# one last thing to mention here is after i took the backup of /etc/filesystems file, i’ve removed the following entry from it, which is a part of removed SAN Filesystem / volume group “vg01” which is removed / destroyed./usr/local/www:
        dev             = /dev/wwwlv
        vfs             = jfs2
        log             = /dev/loglv00
        mount           = true
        check           = false
        options         = rw
        account         = false

Freeing TCP Port which do not have PID / iNode Number.


QUESTION :  Could you please take a look on the server c000pcp. Looks like port 10901 is stuck with BigIP and not releasing it. “Middleware” application runs on that PORT generally.

$ netstat | grep 10901
tcp        1    200186    c000pcp:10901    bigipecomextb:55491    LAST_ACK

ANSWER :  Generally to FREE the TCP / UDP Port we will first, find the process name / PID number which is holding it by executing below commands and then kill the process which will free that particular PORT.

c000pcp:~ # netstat –programs | more
Active Internet connections (w/o servers)
Proto Recv-Q        Send-Q        Local Address               Foreign Address                        State              PID/Program name
tcp        0          0              c000pcp:ssh           U0117627-W7:56295                ESTABLISHED          3745/sshd
tcp        0          0              c000pcp:ssh           U0117627-W7:61993                ESTABLISHED          689/sshd
tcp        0          0              c000pcp:elcsd        prod-ecom-h0192:nfs                 ESTABLISHED                –
tcp        0          0              c000pcp:51876       c943frs:9354                             ESTABLISHED          30415/java
tcp        0          0              c000pcp:9354         c800ueq:37691                         ESTABLISHED          27702/java
tcp        0          0              c000pcp:9354         c943frs:49104                            ESTABLISHED          27702/java
tcp        0          0              c000pcp:55646       c852dpq:9352                           ESTABLISHED          30415/java
tcp        0          0              c000pcp:37526       c000pcp:9354                            ESTABLISHED          30415/java
tcp        0          0              c000pcp:iua            c000pcp:39437                          ESTABLISHED          27702/java
tcp        1    200186          c000pcp:10901       bigipecomextb:55491                 LAST_ACK                  –

 # netstat –program –numeric-hosts –numeric-ports –extend |grep — ‘-‘ | head -10
Proto Recv-Q Send-Q Local Address               Foreign Address             State       User       Inode      PID/Program name
tcp        0      0 10.216.31.60:866            10.215.126.165:2049         ESTABLISHED root       72902005   –
tcp        0      0 10.216.31.60:1055           167.68.248.95:48395         TIME_WAIT   root       0          –
tcp        0      0 10.216.31.60:704            10.216.126.252:2049         ESTABLISHED root       72901997   –
tcp        0      0 10.216.31.60:948            10.214.123.3:2049           ESTABLISHED root       72903931   –
tcp        0      0 10.216.31.60:1055           167.68.248.95:42057         TIME_WAIT   root       0          –
tcp        0      0 10.216.31.60:701            10.216.126.251:2049         ESTABLISHED root       72902001   –
tcp        1 200186 ::ffff:10.216.31.60:10901   ::ffff:167.68.224.207:55491 LAST_ACK    root       0          –
Proto RefCnt Flags       Type       State         I-Node PID/Program name    Path
unix  3      [ ]         STREAM     CONNECTED     10826  1595/hald-addon-acp

$ find -inum 72902001

         Which will show you a file which might lead you to a process. Here PORT we are looking for is showing Inode number as 0, hence we did not get any clue to FREE the port.

*    HENCE, THERE IS NO WAY OF FREEING THIS PORT, WE NEED TO REBOOT THE SERVER.
* *  If anyone of you know, other solution than reboot, let me know and i will update the post. thanks for visiting.

.

Remove network bonding in Linux.


* * This procedure is successful on Oracle Enterprise Linux 6.3 & should also work in RHEL aswell.
* * Login to console of server if you are not physically available at server to complete this process.

 # ifconfig bond0 down       –  Will Bring down the “bond0” down.
 # echo “-eth0” > /sys/class/net/bond0/bonding/slaves         – removes interface “eth0” from “bond0”.

 # echo “-eth1” > /sys/class/net/bond0/bonding/slaves         – removes interface “eth1” from “bond0”.

* * Important thing to be observed from above image is that MTU of interface is changed from “9000” to “1500” when it is removed from bonding. If the MTU is 9000 for network packet, it is called “Big Packet / Jumbo Frame”. When the interface is “standalone” it is better that it’s MTU be 1500.

 # echo “-bond0” > /sys/class/net/bonding_masters      – removes the config & Files related to “bond0”.

 # rmmod bonding            – removes the driver module named “bonding” which can be seen using #lsmod

* * The procedure is completed by this.

##  The following message will be given when tried to remove the non-existent device [ Here it is eth2 ] from “network bonding”.

Authentication token is no longer valid; new one required. You (user) are not allowed to access to (crontab) because of pam configuration.


* This problem is faced with RHEL and OEL (Oracle Enteprise Linux)

# I am now logged in as user “root”
ent10db:~ # id
uid=0(root) gid=0(root) groups=0(root)

# I’ve created /etc/cron.allow and added the shown users to it.
ent10db:~ # cat /etc/cron.allow
mcdm1
mcdm6

# login as user “mcdm1”
ent10db:~ # su – mcdm1
mcdm1@ent10db:~> id
uid=33301(mcdm1) gid=30000(db2iadm) groups=30000(db2iadm)

# See if user “mcdm1” has any scheduled cron jobs.
mcdm1@ent10db:~> crontab -l

Authentication token is no longer valid; new one required
You (mcdm1) are not allowed to access to (crontab) because of pam configuration.

# Now login as user “mcdm6”,
ent10db:~ # su – mcdm6
mcdm6@ent10db:~> id
uid=33306(mcdm6) gid=30000(db2iadm) groups=30000(db2iadm)

# listing scheduled cron jobs and it works perfectly well with “mcdm6”
mcdm6@ent10db:~> crontab -l
no crontab for mcdm6

 
* When checked the password age for both the users, “mcdm1” shows as “password must be changed”, hence cron is giving this error. Changing the password of that user solves this error.

ent10db:~ # chage -l mcdm1
Last password change                                                   : password must be changed
Password expires                                                           : password must be changed
Password inactive                                                          : password must be changed
Account expires                                                             : never
Minimum number of days between password change     : 0
Maximum number of days between password change    : 99999
Number of days of warning before password expires     : 7

ent10db:~ # chage -l mcdm6
Last password change                                                    : Dec 04, 2013
Password expires                                                            : never
Password inactive                                                           : never
Account expires                                                              : never
Minimum number of days between password chan         : 0
Maximum number of days between password change     : 99999
Number of days of warning before password expires      : 7