Tag Archives: Linux

Installing Enterprise Manager agent on Oracle Linux 6.7 SPARC

I have access to an EM13 Enterprise Manager server, and I am going to add my Oracle Linux 6.7 SPARC to this system for monitoring.

First – check that you have the latest plugins and agents installed for the platform.

Screenshot-Self Update: Agent Software - Oracle Enterprise Manager - Mozilla Firefox

Next, on the hosts, create a user to ‘own’ the agent software

[root@host-8-160 ~]# groupadd -g 10001 oinstall
[root@host-8-160 ~]# useradd -g oinstall -s /bin/bash -d /home/agent13 -m agent13
[root@host-8-160 ~]# passwd agent13
Changing password for user agent13.

Create a directory structure for the software

[root@host-8-160 ~]# mkdir -p /u01/app
[root@host-8-160 ~]# chgrp -R oinstall /u01
[root@host-8-160 ~]# chmod g+rwx /u01

Now, back in Enterprise Manager go.. Setup -> Add Target -> Add Target Manually -> Install Agent on Host.

Enter the fully qualified domain name of your host, and the correct Platform

Screenshot-Add Host Targets : Host and Platform - Mozilla Firefox

 

Enter the installation location

Enter the credentials for agent13 and root user and hit next.

Then you can hit deploy agent.

 

Post install configuration/Worries

 

The agent installed successfully – but the host target is not being marked as available.

Looking at the output of emctl status agent I have 2 concerns.

[agent13@host-8-160 bin]$ ./emctl status agent
Oracle Enterprise Manager Cloud Control 13c Release 2 
Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.
---------------------------------------------------------------
Agent Version : 13.2.0.0.0
OMS Version : 13.2.0.0.0
Protocol Version : 12.1.0.1.0
Agent Home : /u01/app/agent13/ngc13/agent_inst
Agent Log Directory : /u01/app/agent13/ngc13/agent_inst/sysman/log
Agent Binaries : /u01/app/agent13/ngc13/agent_13.2.0.0.0
Core JAR Location : /u01/app/agent13/ngc13/agent_13.2.0.0.0/jlib
Agent Process ID : 20636
Parent Process ID : 20497
Agent URL : https://host-8-160.blah.com:3876/emd/main/
Local Agent URL in NAT : https://host-8-160.blah.com:3876/emd/main/
Repository URL : https://ngc13c.blah.com:4901/empbs/upload
Started at : 2017-06-13 10:52:26
Started by user : agent13
Operating System : Linux version 4.1.12-94.3.4.el6uek.sparc64 (sparcv9)
Number of Targets : (none)
Last Reload : (none)
Last successful upload : (none)
Last attempted upload : (none)
Total Megabytes of XML files uploaded so far : 0
Number of XML files pending upload : 0
Size of XML files pending upload(MB) : 0
Available disk space on upload filesystem : 98.09%
Collection Status : Collections enabled
Heartbeat Status : Ok
Last attempted heartbeat to OMS : 2017-06-13 10:57:31
Last successful heartbeat to OMS : 2017-06-13 10:57:31
Next scheduled heartbeat to OMS : 2017-06-13 10:58:31

 

There are no targets, and there has not been a successful upload.

[agent13@host-8-160 bin]$ ./emctl pingOMS
Oracle Enterprise Manager Cloud Control 13c Release 2 
Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.
---------------------------------------------------------------
EMD pingOMS completed successfully

[agent13@host-8-160 bin]$ ./emctl upload agent
Oracle Enterprise Manager Cloud Control 13c Release 2 
Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.
---------------------------------------------------------------
EMD upload completed successfully

If I look in my targets.xml it is pretty empty

[agent13@host-8-160 ngc13]$ cat ./agent_inst/sysman/emd/targets.xml
<Targets AGENT_TOKEN="67DBE4C8ECBA03FA5DC991893B75619C55C9B1CEACAA6ED68074AB9C65CFF973"/>

[agent13@host-8-160 bin]$ ./emctl config agent listtargets
Oracle Enterprise Manager Cloud Control 13c Release 2 
Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.
[agent13@host-8-160 bin]$

On the enterprise manager server I had errors similar to this

 
Metric evaluation error start - Unable to connect to the agent at https://host-8-161.blah.com:3876/emd/main/ [No route to host]

Tried putting that URL into my browser… cannot connect to it.

Firewall! DOH! Of course!

Temporarily disabled the iptables firewall

[root@host-8-161 /]# service iptables stop
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]

Now I can connect to the agent address in my browser.

 

So.. the choice is disable the firewall, or alter the rules. As I’m in a lab, I’m going straight to disabling the firewall.

[root@host-8-161 /]# chkconfig iptables off

Now, try to get the agent to generate the internal target list (host, ORACLE_HOME)

[agent13@host-8-161 bin]$ ./emctl config agent listtargets
Oracle Enterprise Manager Cloud Control 13c Release 2 
Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.

[agent13@host-8-161 bin]$ ./emctl config agent addinternaltargets
Oracle Enterprise Manager Cloud Control 13c Release 2 
Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.
2017-06-13 12:00:37,234 [main] WARN oracle.sysman.gcagent.comm.agent.http.SSLInit - User requested cipher suite SSL_RSA_WITH_RC4_128_MD5, which is not supported for SSLContext TLSv1.2
2017-06-13 12:00:37,242 [main] WARN oracle.sysman.gcagent.comm.agent.http.SSLInit - User requested cipher suite SSL_RSA_WITH_RC4_128_SHA, which is not supported for SSLContext TLSv1.2

[agent13@host-8-161 bin]$ ./emctl config agent listtargets
Oracle Enterprise Manager Cloud Control 13c Release 2 
Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.

Now when I look at my targets.xml it has entries

[agent13@host-8-161 agent_inst]$ cat ./sysman/emd/targets.xml
<Targets AGENT_TOKEN="6A415CAF76EC952756AE3BC675B0080ADAEE066B3F9B10B1B4A6410870130843">
 <Target TYPE="host" NAME="host-8-161.blah.com" DISPLAY_NAME="host-8-161.osc.uk.oracle.com" EMD_URL="https://host-8-161.blah.com:3876/emd/main/" TIMEZONE_REGION="" IDENTIFIER="TARGET_GUID=51D4595ED5982DE8E0539011038AD7DB"/>
 <Target TYPE="oracle_emd" NAME="host-8-161.blah.com:3876" DISPLAY_NAME="host-8-161.blah.com:3876" EMD_URL="https://host-8-161.blah.com:3876/emd/main/" TIMEZONE_REGION="" IDENTIFIER="TARGET_GUID=0958C84AFB17CE4D3F9FB85C81250615"/>
 <Target TYPE="oracle_home" NAME="agent13c1_1_host-8-161.blah.com_1639" DISPLAY_NAME="agent13c1_1_host-8-161.blah.com_1639" EMD_URL="https://host-8-161.blah.com:3876/emd/main/" TIMEZONE_REGION="" IDENTIFIER="TARGET_GUID=C13E4BCE40F4509C3FC788A3C08EED68">
 <Property NAME="HOME_TYPE" VALUE="O"/>
 <Property NAME="INVENTORY" VALUE="/u01/app/oraInventory"/>
 <Property NAME="INSTALL_LOCATION" VALUE="/u01/app/agent13/ngc13/agent_13.2.0.0.0"/>
 </Target>
</Targets>

When I look at the hosts in Enterprise Manager they are now marked as up.

 

linux

Thoughts and other questions..

The agent13 user on the primary domain has automatically been given the permission to run read only ldm commands (similar to the privileges that need to be manually applied to the user on Solaris).

Unlike on other platforms (e.g. SuperCluster) the hierachy of LDOMs does not seem to be recorded.

Advertisements

Installing and configuring DTRACE on Oracle Linux SPARC

DTRACE is one of the killer features of Solaris, and allows you to programmatically monitor system statistics and diagnose performance issues.  See https://github.com/opendtrace/toolkit for toolkit scripts so you do not have to write your own.

Dtrace is not shipped with the install media. You need to manually download the rpms from

http://www.oracle.com/technetwork/server-storage/linux/downloads/linux-dtrace-2800968.html

 

 

Dtrace is very kernel version dependent. Do not yum update your kernel without checking that dtrace is available for that release or you will have problems!

You can use yum to install the rpms

[root@host-8-161 sfw]# yum localinstall dtrace*
Loaded plugins: downloadonly, ulninfo
Setting up Local Package Process
Examining dtrace-utils-0.6.0-3.el6.sparc64.rpm: dtrace-utils-0.6.0-3.el6.sparc64
Marking dtrace-utils-0.6.0-3.el6.sparc64.rpm to be installed
Examining dtrace-utils-devel-0.6.0-3.el6.sparc64.rpm: dtrace-utils-devel-0.6.0-3.el6.sparc64
Marking dtrace-utils-devel-0.6.0-3.el6.sparc64.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package dtrace-utils.sparc64 0:0.6.0-3.el6 will be installed
---> Package dtrace-utils-devel.sparc64 0:0.6.0-3.el6 will be installed
--> Processing Dependency: libdtrace-ctf-devel > 0.4.0 for package: dtrace-utils-devel-0.6.0-3.el6.sparc64
--> Running transaction check
---> Package libdtrace-ctf-devel.sparc64 0:0.5.0-3.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package Arch Version Repository Size
================================================================================
Installing:
 dtrace-utils sparc64 0.6.0-3.el6 /dtrace-utils-0.6.0-3.el6.sparc64 766 k
 dtrace-utils-devel
 sparc64 0.6.0-3.el6 /dtrace-utils-devel-0.6.0-3.el6.sparc64 77 k
Installing for dependencies:
 libdtrace-ctf-devel
 sparc64 0.5.0-3.el6 public_ol6_latest 15 k

Transaction Summary
================================================================================
Install 2 Packages (+1 Dependent package)

Total size: 857 k
Total download size: 15 k
Installed size: 877 k
Is this ok [y/N]: y
Downloading Packages:
libdtrace-ctf-devel-0.5.0-3.el6.sparc64.rpm | 15 kB 00:00 
warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID ec551f03: NOKEY
Public key for libdtrace-ctf-devel-0.5.0-3.el6.sparc64.rpm is not installed
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
Importing GPG key 0xEC551F03:
 Userid : "Oracle OSS group (Open Source Software group) <build@oss.oracle.com>"
 Fingerprint: 4214 4123 fecf c55b 9086 313d 72f9 7b74 ec55 1f03
 Package : 6:oraclelinux-release-6Server-7.0.8.sparc64 (@anaconda-OracleLinuxServer-201705232044.sparc64/6.7)
 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
Is this ok [y/N]: y
Running Transaction Check
Running Transaction Test
Transaction Test Succeeded
Running Transaction
 Installing : dtrace-utils-0.6.0-3.el6.sparc64 1/3 
 Installing : libdtrace-ctf-devel-0.5.0-3.el6.sparc64 2/3 
 Installing : dtrace-utils-devel-0.6.0-3.el6.sparc64 3/3 
 Verifying : dtrace-utils-devel-0.6.0-3.el6.sparc64 1/3 
 Verifying : libdtrace-ctf-devel-0.5.0-3.el6.sparc64 2/3 
 Verifying : dtrace-utils-0.6.0-3.el6.sparc64 3/3

Installed:
 dtrace-utils.sparc64 0:0.6.0-3.el6 dtrace-utils-devel.sparc64 0:0.6.0-3.el6

Dependency Installed:
 libdtrace-ctf-devel.sparc64 0:0.5.0-3.el6

Complete!

 

 

At this point when you run dtrace it doesn’t show anything useful and has no probes available.

[root@host-8-160 sfw]# dtrace -l
dtrace: module license 'CDDL' taints kernel.
Disabling lock debugging due to kernel taint
 ID PROVIDER MODULE FUNCTION NAME
 1  dtrace                   BEGIN
 2  dtrace                   END
 3  dtrace                   ERROR

 

You need to manually load the kernel modules for the probes and providers you want to use.  There is a list of providers in the the Oracle Linux Dtrace Tutorial manual and the Oracle Linux Dtrace Guide

A summary of what is available at the time of writing (June 2017) is below.

Provider Kernel Module Description
dtrace dtrace Provides probes that relate to DTrace itself, such as BEGIN, ERROR, and END. You can use these probes to initialize DTrace’s state before tracing begins, process its state after tracing has completed, and handle unexpected execution errors in other probes.
fasttrap fasttrap Supports user-space tracing of DTrace-enabled applications.
io sdt Provides probes that relate to data input and output. The io provider enables quick exploration of behavior observed through I/O monitoring tools such as iostat.
proc sdt Provides probes for monitoring process creation and termination, LWP creation and termination, execution of new programs, and signal handling.
profile profile Provides probes associated with an interrupt that fires at a fixed, specified time interval. These probes are associated with the asynchronous interrupt event rather than with any particular point of execution. You can use these probes to sample some aspect of a system’s state.
sched sdt Provides probes related to CPU scheduling. Because CPUs are the one resource that all threads must consume, the sched provider is very useful for understanding systemic behavior.
syscall systrace Provides probes at the entry to and return from every system call. Because system calls are the primary interface between user-level applications and the operating system kernel, these probes can offer you an insight into the interaction between applications and the system.

You can manually load the probes

[root@host-8-160 log]# modprobe -a dtrace profile systrace sdt dt_test fasttrap

However, you may want to write  startup script to automatically load the probes at boot time if the dtrace device exists.

[root@host-8-160 sfw]# cat /etc/sysconfig/modules/dtrace.modules
 

#!/bin/sh
if [ ! -c /dev/dtrace/dtrace ] ; then
         exec /sbin/modprobe -a dtrace profile systrace sdt dt_test
 fi

[root@host-8-160 sfw]# chmod 755 /etc/sysconfig/modules/dtrace.modules

 

Once the module has been loaded into the kernel, you can list all probes using

[root@host-8-160 sfw]# dtrace -l

or for just a single provider

[root@host-8-160 etc]# dtrace -l -P io
 ID  PROVIDER MODULE    FUNCTION NAME
 266 io       vmlinux   end_bio_bh_io_sync done
 267 io       vmlinux   _submit_bh start
 269 io       vmlinux   __wait_on_buffer wait-start
 270 io       vmlinux   __wait_on_buffer wait-done


You may also want to look at the information in the manual about setting the permissions on the dtrace helper device to allow code that runs as a user other than root to be recorded.

Creating LDOMs on Oracle Linux 6.7 SPARC

Lots of things to work out in advance

  1. What disks are available for use by my LDOM? I have a couple of disks, but I’m going to try creating the LDOM virtual disks on logical volumes hosted on the disk /dev/sdc
  2. What networking can I use? This is fairly simple, I only have 1 active network connection on eth0 so this will have to be virtualised
  3. How much resource is in the server, and how much can I give to my guest domain? You can see the total resource available in ldm ls.  I know I have 2 x SPARC M7 CPU, each with 32 cores, and 8 threads per core.
NAME STATE FLAGS CONS VCPU MEMORY UTIL NORM UPTIME
primary active -ndcv- UART 512 958G 0.0% 0.0% 4h 40m

Use GNU-Parted to partition the disk

Sorry this part was written retrospectively – I had multiple problems with the creating of the device to host the LDOM operating system. This manifested itself as

  1. No stability of boot device. If I gave my LDOM an entire disk to use as a boot device, it would get a boot sector installed in the expected place. On power on/poweroff of the server, the Grub boot loader did use the OS image for the guest LDOM to boot the primary LDOM. I got round this by giving the guest LDOMs slices on a disk.
  2. Not very stable device tree. If you use the /dev/sdX type names to refer to devices in your LDOM definition,  this device  name can change on reboot. So use something more stable like the WWN of the device.

You can see which disks are available using lsscsi

[root@host-8-160 ~]# lsscsi
[0:0:0:0] disk HITACHI H109060SESUN600G A690 /dev/sda 
[0:0:1:0] disk HGST HSCAC2DA4SUN400G A29A /dev/sdb 
[0:0:2:0] disk HGST H101812SFSUN1.2T A770 /dev/sdc 
[0:0:3:0] disk HGST H101812SFSUN1.2T A770 /dev/sdd 
[1:0:0:0] disk HGST HSCAC2DA4SUN400G A122 /dev/sde 
[1:0:1:0] disk HGST HSCAC2DA4SUN400G A122 /dev/sdf 
[8:0:0:0] cd/dvd SUN Remote ISO CDROM 1.01 /dev/sr0 
[9:0:0:0] cd/dvd TEAC DV-W28S-B AT11 /dev/sr1 
[10:0:0:0] disk MICRON eUSB DISK 1112 /dev/sdg

I am going to use one of the 1.2 TB disks as the boot device for the guest LDOM.

I used GNU Parted to label the disk with 2 partitions. The tool works in both GB/MB (1000 bytes to a kb) and GiB/MiB (1024 bytes to a KiB)

parted /dev/sdc

(parted) p
Model: HGST H101812SFSUN1.2T (scsi)
Disk /dev/sdc: 1200GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

Number Start End Size File system Name Flags
 1 1049kB 537GB 537GB ext3 host854
 2 537GB 1075GB 538GB host161

(parted) quit

I created filesystems on the partitions – I don’t think this required, but sometimes OS installers are unhappy if the disk is completely blank.

 

 

[root@host-8-160 ~]# mkfs -t ext4 -L host8161 /dev/sdc2
mke2fs 1.43-WIP (20-Jun-2013)
Filesystem label=host8161
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
32833536 inodes, 131334144 blocks
6566707 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=4294967296
4008 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks: 
 32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208, 
 4096000, 7962624, 11239424, 20480000, 23887872, 71663616, 78675968, 
 102400000

Allocating group tables: done 
Writing inode tables: done 
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

 

[root@host-8-160 ~]# parted /dev/sdc
GNU Parted 2.1
Using /dev/sdc
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p 
Model: HGST H101812SFSUN1.2T (scsi)
Disk /dev/sdc: 1200GB
Sector size (logical/physical): 512B/512B
Partition Table: gpt

Number Start End Size File system Name Flags
 1 1049kB 537GB 537GB ext4 host854
 2 537GB 1075GB 538GB ext4 host161

 

As I had problems with device tree stability, I looked for a more stable naming method. Under the /dev/disk/ directory there are more stable naming interfaces that refer to characteristics that do not change, such as wwn. This is under the /dev/disk/by-id

 

[root@host-8-160 by-id]# ls -l wwn-0x5000cca02d021474-part1
lrwxrwxrwx. 1 root root 10 Jun 12 16:19 wwn-0x5000cca02d021474-part1 -> ../../sdc1
[root@host-8-160 by-id]# ls -l wwn-0x5000cca02d021474-part2
lrwxrwxrwx. 1 root root 10 Jun 12 16:19 wwn-0x5000cca02d021474-part2 -> ../../sdc2

 

 

Add the default services

Enable bridge control – there is a bunch of stuff in the release notes about the difference in virtual switch architecture for ldoms in linux.

http://docs.oracle.com/cd/E37670_01/E86243/html/ConfigureServicesControlDomain.html

The process is to change a file as follows

 

# sed -i '/SUBSYSTEM/ s/^#//' /etc/udev/rules.d/99-vsw.rules

and reboot.

You will not be able to see anything in the output from brctl show until the domain is bound.

Create the Virtual Consoles, Virtual Network Switch and Virtual disk Service

[root@host-8-160 ~]# ldm add-vcc port-range=5000-5100 primary-vcc0 primary
LDom primary does not support dynamic reconfiguration of IO devices
Initiating a delayed reconfiguration operation on the primary domain.
All configuration changes for other domains are disabled until the primary
domain reboots, at which time the new configuration for the primary domain
will also take effect.
[root@host-8-160 ~]# ldm add-vds primary-vds0 primary
------------------------------------------------------------------------------
Notice: The primary domain is in the process of a delayed reconfiguration.
Any changes made to the primary domain will only take effect after it reboots.
------------------------------------------------------------------------------

[root@host-8-160 ~]# ldm add-vsw net-dev=eth0 primary-vsw0 primary
------------------------------------------------------------------------------
Notice: The primary domain is in the process of a delayed reconfiguration.
Any changes made to the primary domain will only take effect after it reboots.


[root@host-8-160 ~]# ldm list-services
VCC
 NAME LDOM PORT-RANGE
 primary-vcc0 primary 5000-5100

VSW
 NAME LDOM MACADDRESS NET-DEV DVID|PVID|VIDs
 ---- ---- ---------- ------- --------------
 primary-vsw0 primary 00:14:4f:fb:cd:dc eth0 1|1|--

VDS
 NAME LDOM VOLUME OPTIONS MPGROUP DEVICE
 primary-vds0 primary

Reconfigure primary to free resources for the guest domain

I am going to assign 96 cores to the primary domain and 100GB memory.

[root@host-8-160 ~]# ldm set-vcpu 96 primary
------------------------------------------------------------------------------
Notice: The primary domain is in the process of a delayed reconfiguration.
Any changes made to the primary domain will only take effect after it reboots.
------------------------------------------------------------------------------

------------------------------------------------------------------------------

[root@host-8-160 ~]# ldm set-memory 100G primary
------------------------------------------------------------------------------
Notice: The primary domain is in the process of a delayed reconfiguration.
Any changes made to the primary domain will only take effect after it reboots.
------------------------------------------------------------------------------

Now reboot to activate the new configuration.

Create the Guest

This guest will have fully virtual I/O.

Create a virtual device to act as the DVD to allow the OS to be booted.

[root@host-8-160 ~]# ldm add-vdsdev /sfw/OL-201705232017-R6-U7-sparc-dvd.iso iso_vol@primary-vds0

Not all ldm commands have been implemented on Linux, so you cannot do some things such as add vcpu by core.. e.g

[root@host-8-160 ~]# ldm add-vcpu --core 16 host-8-161

Usage:
 ldm add-vcpu <number> <ldom>

My domain will be called host-8-161 to match the planned unix hostname.

[root@host-8-160 ~]# ldm add-domain host-8-161
[root@host-8-160 ~]# ldm add-vcpu 96 host-8-161
[root@host-8-160 ~]# ldm add-memory 100G host-8-161
[root@host-8-160 ~]# ldm add-vnet linkprop=phys-state vnet1 primary-vsw0 host-8-161
[root@host-8-160 ~]# ldm add-vdsdev /dev/disk/by-id/wwn-0x5000cca02d021474-part2 boot-8-161@primary-vds0
[root@host-8-160 ~]# ldm add-vdisk boot-8-161 boot-8-161@primary-vds0 host-8-161

I am also going to add the dvd device to allow the OS to be booted from here

[root@host-8-160 ~]# ldm add-vdisk vdisk_iso iso_vol@primary-vds0 host-8-161

Now bind the domain.

[root@host-8-160 ~]# ldm bind host-8-161
At this point you will be able to see output in the brctl show command
[root@host-8-160 ~]# brctl show
bridge name   bridge id              STP enabled  interfaces
              vsw0 8000.0010e08a4806 no           eth0
                                                  vif0.0

Start the domain

[root@host-8-160 ~]# ldm start host-8-161
LDom host-8-161 started

Connect to the console. This is different than on Solaris SPARC in that you use the ldmconsole command. To exit from this you use <ctrl>q

[root@host-8-160 ~]# ldmconsole host-8-161

{0} ok banner

SPARC T7-2, No Keyboard
Copyright (c) 1998, 2017, Oracle and/or its affiliates. All rights reserved.
OpenBoot 4.40.5, 256.0000 GB memory installed, Serial #83519177.
Ethernet address 0:14:4f:fa:66:c9, Host ID: 84fa66c9.


Booting and installing the Guest

Now we have the Open Boot Prom (OBP) ‘ok’ prompt which is familiar to people who work on SPARC Solaris.

We can see what device aliases have been created

{0} ok devalias
vdisk_iso       /virtual-devices@100/channel-devices@200/disk@1
boot-8-161      /virtual-devices@100/channel-devices@200/disk@0
vnet1           /virtual-devices@100/channel-devices@200/network@0
net             /virtual-devices@100/channel-devices@200/network@0
disk            /virtual-devices@100/channel-devices@200/disk@0
virtual-console /virtual-devices/console@1
name            aliases

 

I can now boot from my virtual iso device and install Linux

{0} ok boot vdisk_iso - install

After that the install is similar to the process documented in Installing Oracle Linux for SPARC on a T7-2

You will need to manually configure the networking and hostname, yum updates and install dtrace if required.

Check the name assigned to the virtualised network interface

[root@localhost ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host 
 valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
 link/ether 00:14:4f:fb:91:5d brd ff:ff:ff:ff:ff:ff

Edit the /etc/sysconfig/network-scripts/ifcfg-eth0 and set the correct parameters for your environment.

[root@host-8-161 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:14:4F:FB:91:5D
TYPE=Ethernet
UUID=eb521b4c-7e70-4963-af78-550163d2b214
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
IPADDR=1.2.3.161
PREFIX=22
GATEWAY=1.2.3.1
DNS1=1.2.34.4
DNS2=1.2.34.5
DOMAIN=blah.com
[root@host-8-161 ~]# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=host-8-161.blah.com

 

Troubleshooting communication problems with the service processor

I couldn’t contact the service processor to save the spconfig

[root@host-8-160 ~]# ldm ls-spconfig
The requested operation could not be performed because the communication
channel between the LDoms Manager and the system controller is down.
The ILOM interconnect may be disabled or down.

[root@host-8-160 ~]# ip addr show usb0
Device "usb0" does not exist.

 

My current settings

-> show /SP/network/interconnect hostmanaged

/SP/network/interconnect
 Properties:
 hostmanaged = true

-> show /SP/network/interconnect state

/SP/network/interconnect
 Properties:
 state = disabled

 

 

It should be..

-> show /SP/network/interconnect hostmanaged

/SP/network/interconnect
 Properties:
 hostmanaged = false

-> show /SP/network/interconnect state

/SP/network/interconnect
 Properties:
 state = enabled

After changing this – the usb0 network device should be available in the operating system.

[root@host-8-160 ~]# ip addr show usb0
10: usb0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
 link/ether 02:21:28:57:47:17 brd ff:ff:ff:ff:ff:ff

Hmm… still not quite right. It doesn’t have a network address assigned.

Try resetting the SP… no difference

rebooted the OS..

 

Success.

[root@host-8-160 ~]# ip addr show usb0
8: usb0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
 link/ether 02:21:28:57:47:17 brd ff:ff:ff:ff:ff:ff
 inet 169.254.182.77/24 brd 169.254.182.255 scope global usb0
 valid_lft forever preferred_lft forever
 inet6 fe80::21:28ff:fe57:4717/64 scope link 
 valid_lft forever preferred_lft forever
[root@host-8-160 ~]# ldm ls-spconfig

Installing Cisco AnyConnect VPN on Ubuntu 16.04

I was struggling setting up a new VPN to connect to my servers at the office as vpnsetup.sh was failing

# ./vpnsetup.sh 
Installing Cisco AnyConnect Secure Mobility Client...
Extracting installation files to /tmp/vpn.0Zgby3/vpninst625702875.tgz...
Unarchiving installation files to /tmp/vpn.0Zgby3...
Starting Cisco AnyConnect Secure Mobility Client Agent...
Failed to start vpnagentd.service: Unit vpnagentd.service not found.

I found a bunch of articles on the internet saying that this was due to missing libraries so started with the first batch of recommendations…

# apt install -y lib32z1 lib32ncurses5

This still didn’t work.

So I tried the next one, which was to also install the network-manager-openconnect package and reload the daemons

# apt install network-manager-openconnect

# systemctl daemon-reload

Success!

# ./vpnsetup.sh 
Installing Cisco AnyConnect Secure Mobility Client...
Removing previous installation...
mv: cannot stat '/opt/cisco/vpn/*.log': No such file or directory
Extracting installation files to /tmp/vpn.yUyv15/vpninst922924093.tgz...
Unarchiving installation files to /tmp/vpn.yUyv15...
Starting Cisco AnyConnect Secure Mobility Client Agent...
Warning: vpnagentd.service changed on disk. Run 'systemctl daemon-reload' to reload units.
Done!

 

 

 

Logins, Pam and sorting it out..

A colleague reported a problem with a server.. when he tried to ssh as the user Oracle to one server it constantly failed with :-

oracle@ed2qcomp05's password:
Permission denied, please try again.

He could su to oracle as root, he could ssh as oracle from another server with user equivalency, so was confident that the home directory was intact.

When we looked in the /var/log/secure we saw the following message:

Nov  7 12:23:20 ed2qcomp05 sshd[27305]: pam_tally2(sshd:auth): user oracle (1000) tally 49, deny 5
Nov  7 12:23:21 ed2qcomp05 sshd[27305]: Failed password for oracle from 10.130.3.216 port 39519 ssh2

In /etc/pam.d/sshd it was configured to deny access after 5 attempts

auth       required     pam_tally2.so deny=5 onerr=fail

So, it looked like pam had locked out the oracle user due to multiple failed login attempts. At this point on a production system you should start to investigate who has been trying to access your system, however,we knew what had caused the problem.

First check  how many failed logins pam had counted for that user.

[root@ed2qcomp05 pam.d]# pam_tally2 --user oracle
Login           Failures Latest failure     From
oracle             49    11/07/11 12:23:20  c1718-3-216-mgt.ssclabs.net

Then you reset the ‘tally’ for oracle

[root@ed2qcomp05 pam.d]# pam_tally2 --user oracle --reset
Login           Failures Latest failure     From
oracle             49    11/07/11 12:23:20  c1718-3-216-mgt.ssclabs.net

Verify that it has been reset

[root@ed2qcomp05 pam.d]# pam_tally2 --user oracle
Login           Failures Latest failure     From
oracle              0

And now the Oracle user can log in to the system