Skip to main content

Veritas Cluster - Commands - Middleware News

Veritas Cluster - Commands - Middleware News



VRTSvcs VERITAS Cluster Server
VRTSvcswz VERITAS Cluster Server Wizard
VRTScsga VERITAS Cluster Server Graphical Administrator
VRTSgab VERITAS Group Membership and Atomic Broadcast
VRTSllt VERITAS Low Latency Transport
VRTSvcsor VERITAS Cluster Server Oracle Enterprise Extension
VRTSvcssy VERITAS Cluster Server Sybase Enterprise Extension
VRTSperl VERITAS Perl for VRTSvcs

Cluster Name of your HA environment
Nodes Physical systems that make up the cluster
Service group Abstract container of related resources
Resource Cluster components (i.e. NICs, IPs, disk groups,
volumes, mounts, processes, etc...)
Attributes Parameter values that define the resources
Dependencies Links between resources or service groups

Cluster Mgr Cluster Monitor : Log in, add clusters, change preferences
Cluster Mgr Cluster Explorer: Monitor systems, service grps,
resources, attributes & dependencies
Cluster Mgr Log Desk : Monitor log messages received
from engine, view GUI commands
Cluster Mgr Command Center : Build VCS commands and send to engine
LLT Low Latency transport provides fast kernel-kernel
comm. & monitors network connx.
GAB Grp membership & Atomic Broadcast maintains a synch.
state & monitors disk comm.

Config files VCS etc directory
$VCSETC=/etc/VRTSvcs
Config files VCS configuration directories
$VCSCONF=/etc/VRTSvcs/conf/config
Binary files VCS opt directory
$VCSOPT=/opt/VRTSvcs
Binary files VCS binary path
$VCSBIN=/opt/VRTSvcs/bin
Log files VCS log path
$VCSLOG=/var/VRTSvcs/log
Config files VCS configuration file
/etc/VRTSvcs/conf/config/main.cf
LLT tab file LLT configuration file
/etc/llttab
LLT hosts file LLT host name database
/etc/llthosts
GAB file Grp membership & Atomic Broadcast file
/etc/gabtab

quick-start VCS Quick-start wizard
# $VCS_HOME/wizards/config/quick_start
quick-NFS VCS Quick-NFS wizard
# $VCS_HOME/wizards/services/quick_nfs
llt Verify LLT
# /sbin/llstat -n
llt Get interface MAC Address
# /opt/VRTSllt/getmac device_name
llt Check network connectivity
# /opt/VRTSllt/dlpiping -s|-c -v device_name
gab Verify GAB
# /sbin/gabconfig -a ; /sbin/gabconfig -l
hasys List systems in cluster
# /opt/VRTSvcs/bin/hasys -list
hasys Detailed info on each cluster node
# /opt/VRTSvcs/bin/hasys -display (sysname)
hasys Increase system count in gabtab startup
# /opt/VRTSvcs/bin/hasys -add (sysname)
hasys Delete a system
# /opt/VRTSvcs/bin/hasys -delete (sysname)
hastart Start VCS cluster
# /opt/VRTSvcs/bin/hastart
hastart Force start a stale VCS cluster
# /opt/VRTSvcs/bin/hastart -force -stale
hastop Stop VCS on all systems
# /opt/VRTSvcs/bin/hastop -all
hastop Stop VCS had, keep srvc-groups running
# /opt/VRTSvcs/bin/hastop -local -force
hastop Stop VCS, migrate srvc-groups to sysname
# /opt/VRTSvcs/bin/hastop -sys (sysname) -evacuate
hastatus Provide continual status of service grps
# /opt/VRTSvcs/bin/hastatus
hastatus Verify status of service groups
# /opt/VRTSvcs/bin/hastatus -summary
hacf Check for syntax errors in main.cf
# /opt/VRTSvcs/bin/hacf -verify /etc/VRTSvcs/conf/config/main.cf
hacf Generate dependency tree in main.cf
# /opt/VRTSvcs/bin/hacf -generate /etc/VRTSvcs/conf/config/main.cf

hares List all resources
# /opt/VRTSvcs/bin/hares -list
hares List a resource's dependencies
# /opt/VRTSvcs/bin/hares -dep (resource_name)
hares Get detailed info on a resource
# /opt/VRTSvcs/bin/hares -display (resource)
hares Add a resource
# /opt/VRTSvcs/bin/hares -add (resource_name (resource_type (service_group)
hares Modify attributes of the new resource
# /opt/VRTSvcs/bin/hares -modify (resource_name (attribute_name (value)
hares Delete a resource
# /opt/VRTSvcs/bin/hares -delete (resource_name)
hares Online a resource
# /opt/VRTSvcs/bin/hares -online (resource_name) -sys (system_name)
hares Offline a resource
# /opt/VRTSvcs/bin/hares -offline (resource_name) -sys (system_name)
hares Monitor resource on a system
# /opt/VRTSvcs/bin/hares -probe (resource_name) -sys (system_name)
hares Clear a faulted resource
# /opt/VRTSvcs/bin/hares -clear (resource_name) [-sys system_name]
hares Make a resource's attribute value local
# /opt/VRTSvcs/bin/hares -local (resource_name) (attribute_name) value)
hares Make a resource's attribute value global
# /opt/VRTSvcs/bin/hares -global (resource_name) (attribute_name) value)
hares Specify a dependency between 2 resources
# /opt/VRTSvcs/bin/hares -link (parent_res) (child_res)
hares Remove dependency between 2 resources
# /opt/VRTSvcs/bin/hares -unlink (parent_res) (child_res)
hares Modify a Share res. by adding options
# /opt/VRTSvcs/bin/hares Share_cicgt-as4-p_apps Options "%-o rw,root=dcsa-cln1"

hagrp List all service groups
# /opt/VRTSvcs/bin/hagrp -list
hagrp List a service group's resources
# /opt/VRTSvcs/bin/hagrp -resources [service_group]
hagrp List a service group's dependencies
# /opt/VRTSvcs/bin/hagrp -dep [service_group]
hagrp Detailed info about a service group
# /opt/VRTSvcs/bin/hagrp -display [service_group]
hagrp Start service group, bring res. online
# /opt/VRTSvcs/bin/hagrp -online (service_group) -sys (system_name)
hagrp Stop service group, bring res. offline
# /opt/VRTSvcs/bin/hagrp -offline (service_group) -sys (system_name)

hagrp Switch service group between nodes
# /opt/VRTSvcs/bin/hagrp -switch (service_group) -to (system_name)
hagrp Freeze svcgroup, (disable onl. & offl.)
# /opt/VRTSvcs/bin/hagrp -freeze (service_group) [-persistent]
hagrp Thaw a svcgroup, (enable onl. & offl.)
# /opt/VRTSvcs/bin/hagrp -unfreeze (service_group) [-persistent]
hagrp Enable a service group
# /opt/VRTSvcs/bin/hagrp -enable (service_group) [-sys system_name]
hagrp Disable a service group
# /opt/VRTSvcs/bin/hagrp -disable (service_group) [-sys system_name]
hagrp Enable all resources in a service group
# /opt/VRTSvcs/bin/hagrp -enableresources (service_group)
hagrp Disable all resources in a service group
# /opt/VRTSvcs/bin/hagrp -disableresources (service_group)
hagrp Specify dependenciy between 2 svc groups
# /opt/VRTSvcs/bin/hagrp -link (parent_group) (child_group) (relationship)
hagrp Remove dependenciy between 2 svc groups
# /opt/VRTSvcs/bin/hagrp -unlink (parent_group) (child_group)
hagrp Auto-Enable a servicegroup marked
# /opt/VRTSvcs/bin/hagrp -autoenable (service_group) [-sys system_name]
disabled due to prob with system_name.

hatype List resource types
# /opt/VRTSvcs/bin/hatype -list
hatype Detailed info on a resource type
# /opt/VRTSvcs/bin/hatype -display (resource_type)
hatype List all resources of a part. type
# /opt/VRTSvcs/bin/hatype -resources (resource_type)
hatype Add a resource type
# /opt/VRTSvcs/bin/hatype -add (resource_type)
hatype Set static attribute values
# /opt/VRTSvcs/bin/hatype -modify ...
hatype Delete a resource type
# /opt/VRTSvcs/bin/hatype -delete (resource_type)
haattr Add Attribute to a Type definition
# /opt/VRTSvcs/bin/haattr -add (resource_type) (attribute_name) /
(attribute_type -integer, -string, -vector)
haattr Delete a Entry in a Type definition
# /opt/VRTSvcs/bin/haattr -delete (resource_type) (attribute_name)
haconf Set VCS configuration file to r/w mode
# /opt/VRTSvcs/bin/haconf -makerw
haconf Set VCS configuration file to read mode
# /opt/VRTSvcs/bin/haconf -dump -makero
hauser Add a user with r/w access to VCS
# /opt/VRTSvcs/bin/hauser -add (user_name)
hauser Add a user with read access only to VCS
# /opt/VRTSvcs/bin/hauser -add VCSGuest
hauser Update a user
# /opt/VRTSvcs/bin/hauser -update (user_name)
hauser Delete a user
# /opt/VRTSvcs/bin/hauser -delete (user_name)
hauser Display all users
# /opt/VRTSvcs/bin/hauser -display
haagent Start agents manually
# haagent -start (agent_name) -sys (system_name)
haagent Stop agents manually
# haagent -stop (agent_name) -sys (system_name)
hagui Start Cluster Manager
# /opt/VRTSvcs/bin/hagui
hagui Start Cluster Manager in debug mode
# /opt/VRTSvcs/bin/hagui -D

Product Terminology comparisons
Sun SC 2.2 Veritas VCS 1.1
------------------------------------------------------
cluster name cluster name
admin workstation -
physical node A local system
physical node B remote system
physical node IP address maintenance IP address
logical host service group
logical host IP address service group IP address
- resources
disk group disk group
private heartbeats communication channels
- GAB disk (disk heartbeat)
Quorum disk -
Admin filesystem -
scinstall Quick-Start wizard
split-brain network partition

configuration files:
/etc/llthosts
/etc/llttab
/etc/gabtab
/etc/VRTSvcs/conf/config/main.cf
/etc/VRTSvcs/conf/config/sysname



Identifying vulnerable applications

The following commands can help you quickly and accurately identify whether you are running a vulnerable version that requires updating.

Solaris systems, run the following command:

# pkginfo -l VRTSvcs | grep VERSION
VERSION: 3.5

The base version will appear to the right of the VERSION tag. If it is 3.5, or 4.0, you are vulnerable. If nothing is returned, you do not have VERITAS Cluster Server for UNIX installed.

Linux systems, run the following command:

# rpm -q -i VRTSvcs | grep Version
Version: 2.2.rhel30 Vendor: VERITAS Software Corp.

The version (along with the platform, in this case, RHEL 3.0), will appear to the right of the Version tag. If it reads 2.2, you are vulnerable. If nothing is returned, you do not have VERITAS Cluster Server for UNIX installed.

AIX systems, type the following command:

# lslpp -l | grep VRTSvcs.rte
VRTSvcs.rte 4.0.0.0 COMMITTED VERITAS Cluster Server 4.0

The version will appear at the end of the line (in this case, 4.0). If it includes 3.5 or 4.0, you are vulnerable. If nothing is returned, you do not have VERITAS Cluster Server for UNIX installed.

HP-UX systems, type the following command:

# swlist | grep VRTSvcs
...
VRTSvcs 3.5 Veritas Cluster Server
...

The results may include several lines of output. Identify the line that starts with VRTSvcs and note the version number in the second column. If it reads 3.5, you are vulnerable. If this line does not appear in the output, you do not have VERITAS Cluster Server for UNIX installed.

Mitigation/Workarounds

For customers unable to apply the recommended fixes immediately, removing root suid permission on VCS 'ha' binaries and restricting access to Authorized VCS users can protect a VCS cluster from possible elevation of privileges until such time as proper updates can be applied.

NOTE: This workaround will require non-root users who require access to be assigned a valid VCS Username and password for use every time they communicate with the VCS Cluster.

Remove root suid permissions on any VCS 'ha' binaries

Find affected binaries as follows: -

On Linux, use the command "find /opt/VRTSvcs -perm 4000"

On Solaris, AIX, HP-UX use the command "find /opt/VRTSvcs -perm 4755"

chmod u-s


Restrict access to Cluster Nodes to only Authorized VCS users

Check the value of Cluster attribute AllowNativeCliUsers as: -

haclus -value AllowNativeCliUsers

If the value of the above attribute is 1, perform the following steps: -

haconf -makerw

haclus -modify AllowNativeCliUsers 0

haconf -dump -makero


Force non-root users to specify a valid VCS Username and password and use TCP for communication by setting the following environment variable:

VCS_TEST_HOST= where value is the hostname of the cluster node.

e.g., export VCS_TEST_HOST=sysa where sysa is the hostname of the cluster node.

NOTE: By removing the root suid permissions, a non-root user cannot communicate with VCS using root Unix Domain Sockets (UDS). By setting the VCS_TEST_HOST environment variable, the 'ha' command (e.g. hagrp) can be used by a non-root user after specifying a valid VCS username and password.

WARNING: Any 'cron' jobs running as a non-root user and using a VCS 'ha' command may fail because of not specifying a valid VCS username and password. For such cases, the appropriate VCS patch listed above should be applied.







Comments

adsrerrapop

Popular posts from this blog

IBM Websphere MQ interview Questions Part 5

MQ Series: - It is an IBM web sphere product which is evolved in 1990’s. MQ series does transportation from one point to other. It is an EAI tool (Middle ware) VERSIONS:-5.0, 5.1, 5.3, 6.0, 7.0(new version). The currently using version is 6.2 Note: – MQ series supports more than 35+ operating systems. It is platform Independent. For every OS we have different MQ series software’s. But the functionality of MQ series Default path for installing MQ series is:- C: programfiles\BM\clipse\SDK30 C: programfiles\IBM\WebsphereMQ After installation it will create a group and user. Some middleware technologies are Tibco, SAP XI. MQ series deals with two things, they are OBJECTS, SERVICES. In OBJECTS we have • QUEUES • CHANNELS • PROCESS • AUTHENTICATION • QUERY MANAGER. In SERVICES we have LISTENERS. Objects: – objects are used to handle the transactions with the help of services. QUEUE MANAGER maintains all the objects and services. QUEUE: – it is a database structure

IBM Websphere MQ Reason code list / mq reason codes / websphere mq error codes / mq error messages

Reason code list ================= The following is a list of reason codes, in numeric order, providing detailed information to help you understand them, including: * An explanation of the circumstances that have caused the code to be raised * The associated completion code * Suggested programmer actions in response to the code * 0 (0000) (RC0): MQRC_NONE * 900 (0384) (RC900): MQRC_APPL_FIRST * 999 (03E7) (RC999): MQRC_APPL_LAST * 2001 (07D1) (RC2001): MQRC_ALIAS_BASE_Q_TYPE_ERROR * 2002 (07D2) (RC2002): MQRC_ALREADY_CONNECTED * 2003 (07D3) (RC2003): MQRC_BACKED_OUT * 2004 (07D4) (RC2004): MQRC_BUFFER_ERROR * 2005 (07D5) (RC2005): MQRC_BUFFER_LENGTH_ERROR * 2006 (07D6) (RC2006): MQRC_CHAR_ATTR_LENGTH_ERROR * 2007 (07D7) (RC2007): MQRC_CHAR_ATTRS_ERROR * 2008 (07D8) (RC2008): MQRC_CHAR_ATTRS_TOO_SHORT * 2009 (07D9) (RC2009): MQRC_CONNECTION_BROKEN * 2010 (07DA) (RC2010): MQRC_DATA_LENGTH_ERROR * 2011 (07DB) (RC2011): MQRC_DYNAMIC_Q_NAME_ERROR * 2012 (07DC) (RC201

IBM WebSphere MQ – Common install/uninstall issues for MQ Version on Windows - Middleware News

Creating a log file when you install or uninstall WebSphere MQ WebSphere MQ for Windows is installed using the Microsoft Installer (MSI). If you install the MQ server or client through launchpad , MQPARMS or setup.exe , then a log file is automatically generated in %temp% during installation. Alternatively you can supply parameters on the installation MSI command msiexec to generate a log file, or enable MSI logging system-wide (which generates MSI logs for all install and uninstall operations). If you uninstall through the Windows Add/Remove programs option, no log file is generated. You should either uninstall from the MSI command line and supply parameters to generate a log file, or enable MSI logging system-wide (which generates MSI logs for all install and uninstall operations). For details on how to enable MSI logging, see the following article in the WebSphere MQ product documentation: Advanced installation using msiexec For details on how to enable system-w