Topics: PowerHA / HACMP, SAN, SDD, Storage

Reservation bit

If you wish to get rid of the SCSI disk reservation bit on SCSI, SSA and VPATH devices, there are two ways of achieving this:

Firstly, HACMP comes along with some binaries that do this job:

# /usr/es/sbin/cluster/utilities/cl_SCSIdiskreset /dev/vpathx
Secondly, there is a little (not official) IBM binary tool called "lquerypr". This command is part of the SDD driver fileset. It can also release the persistant reservation bit and clear all reservations:

First check if you have any reservations on the vpath:
# lquerypr -vh /dev/vpathx
Clear it as follows:
# lquerypr -ch /dev/vpathx
In case this doesn't work, try the following sequence of commands: 
# lquerypr -ch /dev/vpathx
# lquerypr -rh /dev/vpathx
# lquerypr -ph /dev/vpathx
If you'd like to see more information about lquerypr, simply run lquerypr without any options, and it will display extensive usage information.

For SDD, you should be able to use the following command to clear the persistant reservation:
# lquerypr -V -v -c /dev/vpathXX
For SDDPCM, use:
# pcmquerypr -V -v -c /dev/hdiskXX

Topics: Red Hat / Linux, SAN, Storage

Emulex hbanyware

If you have Emulex HBA''s and the hbanyware software installed, for example on Linux, then you can use the following commands to retrieve information about the HBA''s:

To run a GUI version:

# /usr/sbin/hbanyware/hbanyware
To run the command-line verion:
# /usr/sbin/hbanyware/hbacmd listhbas
To get for attributes about a specific HBA:
# /usr/sbin/hbanyware/hbacmd listhbas 10:00:00:00:c9:6c:9f:d0

Topics: SAN, Storage

SAN introduction

SAN storage places the physical disk outside a computer system. It is now connected to a Storage Area Network (SAN). In a Storage Area Network, storage is offered to many systems, including AIX systems. This is done via logical blocks of disk space (LUNs). In the case of an AIX system, every SAN disk is seen as a seperate hdisk, with the advantage of easily expanding the AIX system with new SAN disks, avoiding buying and installing new physical hard disks.

SAN concept using IBM pSeries


Other advantages of SAN:
  • Disk storage is no longer limited to the space in the computer system itself or the amount of available disk slots.
  • After the initial investment in the SAN network and storage, the costs of storage per gigabyte are less than disk space within the computer systems.
  • Using two different SAN networks (fabrics), you can avoid having disruptions in your storage, the same as mirroring your data on separate disks. The two SAN fabrics should not be connected to each other.
  • Using two seperate, geographically dispersed storage systems (e.g. ESS), a disruption in a computer center will not cause your computer systems to go down.
  • When you place to SAN network adapters (called Host Bay adapters on Fibre Channel or HBA) in every computer system, you can connect your AIX system to two different fabrics, thus increasing the availability of the storage. Also, you'll be able to load balance the disk storage over these two host bay adapters. You'll need Multipath I/O software (e.g. SDD or PowerPath) for this to work.
  • By using 2 HBAs, a defect in a single HBA will not cause downtime.
  • AIX systems are able to boot from SAN disks.

Topics: System Admin

System administration best practices

System Administrators can be the worst kind of users on your system

The ideal computer system is a system that doesn't have any users on it, or isn't related to any user action. Why? Well, as long as users can't access the computer system or users can't create a load on a system, the system will run smoothly. But this isn't reality. Without users, there wouldn't be any computer systems. And without users, there wouldn't be system administrators. Although users can be idiots and amaze you of all the stupid things they do, it's the collegue system administrators you'll have to really watch out for, because they have root authority and can mess up this quite badly.

The people that install a system, should be responsible for the system

If you install a system, and know you'll have to manage it yourself once it's in production, you'll make sure the system in configured correctly. I've seen it many times: the people responsible for installing the system, aren't responsible for the maintenance of the system. This creates a "throw-it-over-the-fence" effect: people installing a system really don't have a clue what kind of administration nightmares they've created and all the problems administrators run into during the most horrible hours of the day (usually Murphy preferres Sunday night, or when you're about to go to sleep). Make absolutely sure that once a system is installed, the same people have to manage it, at least during the first two months of production.

Poorly designed systems are difficult to administer

Take your time designing a system and learn about a specific application before implementing it. Rapid designs under high time-pressure usually end up causing lots of problems during production (and they give your administrator(s) a long-lasting headache). Make sure the documentation of a system is made, before going into production. And, as an administrator, perform a health check for accepting to manage the newly installed system. Also, keep the previous best-practice tip in mind: if you haven't installed the system, you have no clue what you're getting into. And finally: during the implementation phase of a project, as a system administrator, you should be involved in the project, to be able to help design, install, configure and document the system.

Don't combine different information systems on one server

Sharing one operating system image by different information systems usually leads to problems, as these different information systems conflict in tuning parameters, backup windows, downtime slots, user information, peak usage, etcetera. Systems that do different tasks should be separated from each other to avoid dependencies. A grouping of information systems can be made by use, for example put databases together on one server. Or you can group them by product, for example put a single product and its database on one box. But NEVER, EVER put software from different vendors on 1 system!

Naming conventions should be easy

When choosing names for your hosts, printers, users etcetera, keep a few simple rules in mind:

  • Choose names that are easy to remember and are not too long (8 characters max).
  • Choose names NOT related to any department or other part of your organisation. Departments keep changing over time; by not naming your systems after departments, it will save you lots of time.
  • Choose names NOT related to any location. Locations also change frequently, when assets are moved around.
  • Never EVER reuse a name. Choose new names for new assets or users. When migrating from one host to another, don't use the same hostname, choose a new one. Rather use DNS aliases when you wish to keep a hostname. Don't configure hostname aliases on a network interface to keep using the old hostname. And for users and groups, always use a new UID and GID.
  • When a system has more than 1 network interface, choose hostnames related to each other: Service address: rembrandt; Boot-address: rembrandt_boot; Standby-address: rembrandt_standby; etcetera.
  • Choose a standard naming convention; don't change your naming convention.
  • Never use a hostname twice, even though they are in seperate networks.

Never enough disk space

Never give your users too much disk space at once. Users will always find a way to fill up all disk space. Give them small amounts at a time. Encourage your users to clean up their directories, before requesting new disk space. This will save you time, disk space, backup throughput and money.

Temporary space (like /tmp) is TEMPORARY. Make sure your users know that. Clean out temporary space every night and be ruthless about it! Applications can NEVER use temporary space in /tmp; applications should use separate file systems for storing temporary files.

Put your static application data in a file system, SEPERATED from the changing data of an application. Usually every application should use 2 file systems at least: 1 for the application binaries and 1 for the data (and also log files). This will make sure your application file system will never run full.

Versioning

Keep the least amount of versions of applications or operating system levels on your systems. The lesser the number of versions, the less you have to manage and the easier it becomes. Try to standardize on a small amount of versions.

Only use supported versions of applications and operating systems. Check regularly which versions are supported. Upgrade in time, but not too fast! Usually a N-1 best practice should be used (always stay one version behind the released levels from vendors). Don't try to use the newest versions, as these versions usually suffer from all kinds of defects, yet to be discovered. This applies to application software, OS levels, service packs, firmware levels, etcetera.

Know what you're doing!

If you don't know what your doing EXACTLY, just don't do it.
  • Get educated. Take time away from your boss for training. Being away from your work will make sure, you won't be disturbed all the time during your studies. Switch your mobile off and tell everybody you're not available.
  • Take at least 2 courses a year with at least 40 hours of study each. An employer not wishing to pay for studies is not a good employer. IT is a fast-changing arena, so you have to keep up.
  • Take courses related to your work. Don't bother taking courses, where you learn someting, you'll never use.
  • Before going on a course, read about the subject. Learning is a lot more easier if you know already something about it.
  • Make sure you have all the prerequisites when taking a course.
  • After a course, actually use your new-gained knowledge.
  • Also, get certified. Good for your career, but also good for the understanding of a subject. Certification requires you to actually use a certain product for an extended period of time thoroughly and also requires you to read books or get training on the subject.
  • Don't do good-luck-certifications. Do your learning. Doing a certification 3 times on a single day, just to get certified, won't give you the needed knowledge.
  • At least 2 certifications a year!
  • Get a test system and try out your knowledge. Don't use production systems for testing. Also, make sure the test system isn't on the same network as your production system.
  • Write down what your doing. It is always easier to look something up again instead of guessing what you did.
  • Create procedures and stick to procedures. Keep procedures short!

Keep it Simple

We have difficulty understanding systems as they become more complex. Complexity leads to more errors and greater maintenance effort. We want systems to be more understandable, more maintainable, more flexible, and less error-prone. System design is not a haphazard process. There are many factors to consider in any design effort. All design should be as simple as possible, but no simpler. This facilitates having a more easily understood, and easily maintained system. This is not to say that features, even internal features, should be discarded in the name of simplicity. Indeed, the more elegant designs are usually the more simple ones. Simple also does not mean "quick and dirty." In fact, it often takes a lot of thought and work over multiple iterations to simplify. Result: Systems that are more maintainable, understandable, and less error-prone.

Manage the information system as a whole

Don't just administer the operating system and its supporting hardware. The OS is always used to provide some kind of basis for an information system. You need to know the complete picture of the information system itself; its parts, the interfaces, etcetera, to understand the role of the OS in it. System Administration is a lot easier, knowing what the information system is used for.

Therefore, manage a system from the users point of view. How will it affect the users if you change anything on the OS or on the underlying hardware level?

Backup, backup and backup!

Before doing anything on your system, make ABSOLUTELY sure you have a full, working backup of your system! Check this over and over again. A system should be backed up once every day. Determine what you should do when a backup fails. Determine how you should restore your system. Document your backup and restore procedures. And ofcourse, test it at regular intervals, by restoring a backup on a separate system.

Last but not least

Did you know that companies are spending roughly 70 to 90 percent of their complete IT budgets on maintaining their systems? Knowing this, it's a huge responsibility to maintain the systems in the best possible manner!

Topics: Red Hat / Linux

When was a password changed?

This command will show you when a user's password was last changed, for example for user root:

# chage -l root

Topics: Red Hat / Linux

Determining which adapter has link

If you need to determine on a Linux system which network interface actually has link on it (meaning, that it is cabled correctly to the switch), then run the following command:

# mii-tool -v

Topics: Red Hat / Linux

Authentication token lock busy

If you run into an error: "passwd: Authentication token lock busy" (E.g. on a RHEL server while trying to update the root password), then probably the root file system is set to read-only mode. You can make it read-write, by doing:

# mount -o remount,rw /

Topics: Red Hat / Linux

No SSH connectivity

If you've just installed a Red Hat (or Fedora) system and you find that even though the ssh daemon is running and you're very sure there's no firewall blocking your access, that you still are unable to ssh or telnet to the system, then you may have run into to firewall that gets installed with Red Hat (or Fedora).

A very easy way to flush all rules from that firewall can be done by running:

# iptables -F
Now check again if you access your system through ssh and/or telnet.

Topics: Installation, Red Hat / Linux

Enable the FTP server

Run to install:

# yum install pure-ftpd
Have it start at system reboot:
# chkconfig pure-ftpd on
Start it:
# /etc/init.d/pure-ftpd start
Enable UnixAuthentication in /etc/pure-ftpd/pure-ftpd.conf.

Restart the FTP server:
# /etc/init.d/pure-ftpd restart

Topics: Installation, Red Hat / Linux

Installing MySQL, PHP and Apache

Install the software:

# yum -y install mysql mysql-server php-mysql httpd php phpmyadmin
Create link from the DirectoryRoot of the webserver to PhpMyAdmin:
# cd /var/www/html
# ln -s /usr/share/phpMyAdmin
Make sure the services are started at boot time:
# chkconfig httpd on
# chkconfig --add mysqld
# chkconfig mysqld on
# service httpd start
# service mysqld start
Set the root password for mysql:
# mysqladmin -u root password root
Make additional security-related changes to mysql:
# mysql -u root -p
mysql> DROP DATABASE test; [removes the test database]
mysql> DELETE FROM mysql.user WHERE user = ''; [Removes anonymous access]
Following the above steps, the document root for Apache is /var/www/html/. Create a test PHP script (such as phpinfo.php) and place it in the document root. A useful test script sample:
<?php
   phpinfo();
?>
Test with a brower: http://hostname/phpinfo.php

Create a database:
mysql> create database testdb
Add the following to /etc/httpd/conf/httpd.conf:
<Directory "/usr/share/phpMyAdmin">
   Order allow,deny
   Allow from all
</Directory>
Set the ServerName entry to hostname:80

Add "index.php" to the DirectoryIndex entry, so the webserver also recognizes index.php as an index file.

Restart the http server:
# service httpd restart
Test with a browser: http://hostname/phpMyAdmin/

Number of results found: 469.
Displaying results: 441 - 450.