Upload
elie-el-masry
View
4
Download
1
Tags:
Embed Size (px)
DESCRIPTION
100813_106197_ppt
Citation preview
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 1
ACSLS 8.3
Martin Ryder
Chris Morrison
George Noble
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 3
Program Agenda
What’s New
Installation
SELinux
Enhancements, Features and Utilities
Bug Fixes
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 4
What’s New with ACSLS 8.3
ACSLS on Solaris 11
ACSLS on Linux 6
Customer-defined
Installation Directories
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 5
Platform Support
SPARC Solaris-10 Update 10
SPARC Solaris-10 Update 11
SPARC Solaris-11 Update 1
X86 Solaris-10 Update 10
X86 Solaris-10 Update 11
X86 Solaris-11 Update 1
Oracle Linux 6.3
ACSLS 8.3 is supported on seven platforms
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 6
Solaris 10
ACSLS on Solaris-10 is fully functional
– All physical libraries and drives
– Logical Library Support
– The ACSLS GUI
– lib_cmd
– ACSLS HA 8.2.1
Full functionality
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 7
Solaris 11
Functional ACSLS features on Solaris-11
– All physical libraries and drives
– Logical Library Support
– The ACSLS GUI
– lib_cmd
ACSLS HA 8.3 is in development
Full support, but without HA.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 8
Linux 6
Functional ACSLS features on Linux 6
– All physical libraries and drives
– The ACSLS GUI
– lib_cmd
Logical Libraries and HA are not supported
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 9
Linux 6
Includes support for FC-attached libraries: SL150, SL500
Uses the sg driver - no mchanger driver for Linux
The install_scsi_Linux.sh utility installs a rules file for udev
The mchanger links are created and maintained by udev
SCSI Library Support on Linux
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 10
Linux 6
The /dev/mchanger* links on Linux look different than those on Solaris
The link includes a unique identifier supplied by udev
Example: /dev/mchanger-3500104f0007a8532
Using the identifiers allows persistent device links for ACSLS
The targets of those links (/dev/sg<n>) are volatile
The links are automatically updated by udev
SCSI Library Support on Linux – mchanger links
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 11
Linux 6
# ./install_scsi_Linux.sh
Installing SCSI device(s) for Oracle StorageTek ACSLS.
Adding ACSLS rules for udev ...
Starting udev: [ OK ]
Successfully built the following...
/dev/mchanger-3500104f00079f9d2: STK SL500 V-1485 336-cells 10-drives
/dev/mchanger-3500104f0007a8532: STK SL500 V-1485 205-cells 6-drives
/dev/mchanger-3500104f000cc6a67: STK SL150 V-0182 59-cells 4-drives
Installation of SCSI device(s) successfully completed.
SCSI Library Support on Linux – install_scsi_Linux.sh
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 12
Java Support
Java 6
Java 7
Supported Java Versions
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 13
Browser Support
Firefox 22.0
Chrome 28.0
IE 8+ Requires a custom SSL certificate.
Tested Browsers with the ACSLS 8.3 GUI
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 14
Installation
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 15
Installation Packages
Solaris Sparc: V39783-01.zip
Solaris X86: V39784-01.zip
Linux: V39785-01.zip
Download from the Oracle eDelivery site
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 16
Installation Flexibility
Solaris:
# pkg_install.sh
Should the base directory be /export/home? (y/n) n
Enter the path to the base directory [?,q] /opt/home
Linux:
# rpm –ivh --prefix /opt/home STKacsls_8.3.0.i686.rpm
Customer decides where ACSLS resides.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 17
PostgreSQL Installation
PostgreSQL 8.3 (Solaris)
PostgreSQL 8.4 (Linux)
PostgreSQL Versions
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 18
PostgreSQL Installation
PostgreSQL 8.3
Solaris 10: PostgreSQL is already installed
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 19
PostgreSQL Installation
Installed automatically with pkg_install.sh
– SUNWpostgr-83-server
– SUNWpostgr-83-client
– SUNWpostgr-83-server-data-root .
– SUNWpostgr-83-libs
– SUNWopenssl-libraries
Solaris 11: Five PostgreSQL packages to install
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 20
PostgreSQL Installation
Setup the Yum Repository
# cd /etc/yum.repos.d
# server=public-yum.oracle.com
# repository=public-yum-repo
# wget http://$server/$repository
Linux: PostgreSQL must be downloaded
from the Oracle yum repository
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 21
PostgreSQL Installation
# yum install unixODBC
# yum install glibc.i686
# yum install pam.i686
# yum install postgresql-libs.i686
# yum install libxml2
# yum install libxml2.i686
# yum install libstdc++.i686
# yum install postgresql.i686
Linux: Install 8 packages with yum
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 22
PostgreSQL Installation
# cd /opt
# server=public-yum.oracle.com
# path=repo/OracleLinux/OL6/3/base/i386/
# pkg1=postgresql-odbc 08.04.02001.el6.i686.rpm
# wget http://$server/$path/$pkg1
# rpm -ivh $pkg1
Linux: Install PostgreSQL ODBC libraries
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 23
PostgreSQL Installation
# pkg2=postgresql-server-8.4.11-1.el6_2.i686.rpm
# wget http://$server/$path/$pkg2
# rpm -ivh --nodeps $pkg2
Linux: Install PostgreSQL Server
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 24
ACSLS 8.3 Installation
User can install the entire product or selected subsystems.
User can install, re-install, or remove selected components.
User can now preserve an existing database
– If DB is not installed, it will be installed automatically.
– If DB is installed, user is prompted whether to re-install.
Added flexibility in install.sh
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 25
ACSLS 8.3 Installation
If user elects to install Logical Library support, then the following are
installed automatically.
– smce
– stmf
– surrogate
– rmi-registry
– WebLogic
– ACSLS GUI
– lib_cmd
Added flexibility in install.sh
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 26
ACSLS 8.3 Installation
If user elects not to install Logical Library support, then
– The user may elect to install the GUI
– Thu user may elect to install lib_cmd.
If the ACSLS GUI is already installed,
the user may elect
– to keep the existing GUI configuration
– to re-install/rebuild the GUI configuration
– to remove the GUI
Added flexibility in install.sh
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 27
SELinux
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 28
SELinux
Initially developed by the NSA in the late 1990s
Designed to meet common security goals
– Mandatory Access Control
– Type enforcement
– Role-based access control
– Multi-level security
Released with Linux Kernel 2.6.0 in 2003
Security Enhanced Linux
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 29
SELinux
POSIX Discretionary Access Control:
– user:group:other
– Read:write:execute
SELinux Mandatory Access Control:
– user:group:other
– user-role:type:level
– read:write:execute:append:create:remove:execmod
link:unlink:swapon:quotaon:mounton:rename:setattr
execut_no_trans:entrypoint:lock:unlock:ioctl
Mandatory Access Control (MAC)
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 30
SELinux
Every process runs in a security domain
– confined vs. unconfined
Every resource is identified by its type
– process vs. file.
Access is governed by specific policies.
Policies are enforced by the Linux kernel
A policy governs:
– The level of access within a domain
– for a specific resource type.
SELinux Policy Enforcement
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 31
SELinux
To disable enforcement
# setenforce 0
To enable enforcement
# setenforce 1
To disable enforcement across reboots:
– edit /etc/selinux/config:
– Change SELINUX=enforcing to SELINUX=permissive
SELinux Enforcement
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 32
SELinux
To view the current status of SELinux:
# sestatus
SELinux status: enabled
Current mode: enforcing
To view the actual rules that disallowed access:
# vi /var/log/audit/audit.log
Monitoring SELinux Enforcement
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 33
SELinux
To create a policy module in response to a failed operation:
# cd /var/log/audit
# audit2allow -a -M <ModuleName>
This creates a file: <ModuleName>.pp
To load the newly-created policy module:
# semodule -i <ModuleName.pp>
To unload a policy module:
# semodule -r <ModuleName>
Custom Policy Modules
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 34
SELinux
Three ACSLS policy modules are loaded
when you run install.sh on Linux:
– allowPostgr
– acsdb
– acsdb1
These policies extend access to resources that are
running in a confined domain (e.g. PostgreSQL )
for users acsss and acsdb.
ACSLS Policy Modules
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 35
Enhancements, Features, and Utilities
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 36
ACSLS 8.3 Enhancements
When a cleaning attempt fails, try to select another cleaning
cartridge to clean the drive.
Identify used-up (spent) cleaning cartridges in query clean, volrpt,
display volume, and the acsss_event.log.
More Robust Automatic Cleaning
Retry the failed dismount of a cleaning cartridge.
Ensure cleaning cartridges are used up before
their usage is maxed-out.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 37
ACSLS 8.3 Enhancements
Support up to 16 partitions in an SL8500
Library Complex
The SL8500 now lets customers define partitions
in a library complex of multiple SL8500s
connected via pass-thru ports.
Support Library and Tape Drive Enhancements
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 38
ACSLS 8.3 Enhancements
Support T10000D Fibre Channel over Ethernet
(FCoE) Tape Drives
Note:
ACSLS 8.2 supports Fibre and FICON T10000D
tape drives.
Support Library and Tape Drive Enhancements
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 39
ACSLS 8.3 Enhancements
The SMF startup time limit for acsls is now adjustable.
Library configuration determines normal start-up time:
# $ACS_HOME/bin/calc_acsls_start_timeout.sh
If this calculated timeout is not sufficient:
a) Run acsss timeout to see the current timeout.
b) Edit ~/data/external/acsls_startup_policy
c) Assign a value in minutes to the line that begins:
additional_startup_time=
d) Run acsss timeout to see the new timeout value.
acsls_startup_policy (Solaris)
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 40
ACSLS 8.3 Enhancements
Customers can exempt startup recovery of troublesome libraries.
To exempt a particular ACS from offline-to-online recovery:
– Edit ~/data/external/acsls_startup_policy
– Remove the comment character (#) from the target ACS:
#ACS3_desired_startup_state_is_offline
ACS3_desired_startup_state_is_offline
acsls_startup_policy (Solaris)
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 41
ACSLS 8.3 Enhancements Improved status granularity with acsss_config
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 42
ACSLS 8.3 Enhancements
Improved granularity with acsss status
# acsss status
acsdb [online|offline]
smce [online|offline]
stmf [online|offline]
surrogate [online|offline]
rmi-registry [online|offline]
acsls [online|offline|starting]
weblogic [online|offline|starting|stopping]
The acsss utility
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 43
ACSLS 8.3 Enhancements
New status options
acsss a-status (Show the status of acsls)
acsss d-status (Show the status of acsdb)
acsss w-status (Show the status of weblogic)
acsss timeout (Set|Show the start time limit for acsls)
The acsss utility
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 44
ACSLS 8.3 Enhancements
– acsls_start.log (Linux)
– acsdb_start.log (Linux)
– chkloc.log (Captures errors from cron-activated chkloc.sh )
New diagnostic logs
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 45
ACSLS 8.3 Utilities
chkFB.sh: enables/disables fast-boot for Solaris
– Applies only to Solaris-11 X86 machines.
– ACSLS disables this feature by default.
– Fast boot must be disabled for mchanger and qlt drivers.
Fast-boot control with chkFB.sh (Solaris X86)
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 46
ACSLS 8.3 Utilities
chkGui.sh checks the following:
– Is WebLogic running?
– Is the SlimGUI application deployed?
– Does a localhost http request to SlimGUI return success?
– Is a firewall utility (ipfilter or iptables) running?
– Does firewall policy accept input from ports 7001 and 7002?
Check GUI status with chkGui.sh
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 47
ACSLS 8.3 Utilities
Diagnostic files added to the get_diags payload.
– SELinux audit log.
– Solaris SMF start/stop logs
– Linux init.d start logs (acsls and acsdb)
– WebLogic AdminServer.log
– Resource and Cluster checks for HA installs
– Date and time of get_diags snapshot.
The get_diags utility
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 48
ACSLS 8.3 Utilities
Supported on both Linux and Solaris systems
Bug 16788436: "-v" option showed only the first HBA
Changes to output for "-v" (verbose) option
No changes for default or "-p" (programmatic) option
The probeFibre.sh utility
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 49
ACSLS 8.3 Utilities
Emulex LP11002-M4 HBA is attached.
WWPN: 10000000c951d23c
STK SL500 LUN 0 WWPN: 500104f00079f9c9 WWNN: 500104f00079f9c8
STK SL150 LUN 1 WWPN: 500104f000cc6a68 WWNN: 500104f000cc6a67
STK SL150 LUN 1 WWPN: 500104f000cc6699 WWNN: 500104f000cc6698
STK SL500 LUN 0 WWPN: 500104f0007a8533 WWNN: 500104f0007a8532
WWPN: 10000000c951d23d
QLogic 375-3356-02 HBA is attached.
WWPN: 2100001b320c2b19
QLogic 375-3356-01 HBA is attached.
WWPN: 210000e08b94060b
WWPN: 210100e08bb4060b
“probeFibre.sh –v” on Solaris
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 50
ACSLS 8.3 Utilities
Model QLA2342 HBA is attached.
WWPN: 210000e08b865829
WWPN: 210100e08ba65829
STK SL150 LUN 1 WWPN: 500104f000cc6a68 WWNN: 500104f000cc6a67
STK SL500 LUN 0 WWPN: 500104f0007a8533 WWNN: 500104f0007a8532
STK SL500 LUN 0 WWPN: 500104f00079f9c9 WWNN: 500104f00079f9c8
STK SL150 LUN 1 WWPN: 500104f000cc6699 WWNN: 500104f000cc6698
Model QLA2462 HBA is attached.
WWPN: 210000e08b91e2a1
WWPN: 210100e08bb1e2a1
Model QLA2342 HBA is attached.
WWPN: 210000e08b8329a3
WWPN: 210100e08ba329a3
“probeFibre.sh –v” on Linux
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 51
ACSLS 8.3 Utilities
Includes updates (post 8.2) for Oracle GIT
Improved handling and correction of status and location,
especially for absent or misplaced volumes
Most updates are now integrated and happen automatically
The script can still be useful to correct pre-existing issues
(such as records imported by db_import.sh)
The fixVol.sh utility
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 52
Bug Fixes
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 53
Bug Fixes in ACSLS 8.3
For acsss_config, added cleanup of database records for logical
libraries when an ACS is removed from the configuration
– NOTE: this does not clean up all FC information
– Best practice: delete any logical libraries first
Logical Library Support
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 54
Bug Fixes in ACSLS 8.3
On Move Medium by FC clients, destination slot was not
recorded correctly by ACSLS (impacted dismount and “eject”
operations)
Absent logical volumes caused problems for FC clients
– Clients would find drives or slots reported
as full, although no volume was present.
Logical Library Support
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 55
Bug Fixes in ACSLS 8.3
When a dismount failed and the cartridge was left in the drive, the
vol_id in the drive database record was cleared.
Mount requests could hang in limbo when auto cleaning failed.
Always report cleaning failures because of spent
cleaning cartridges.
A volume being mounted from a reserved cell
could be marked absent
Mounts and Dismounts
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 56
Bug Fixes in ACSLS 8.3
Allow a reserved cell to be updated to inaccessible by audit.
Send an LSM Inoperative Event after LSM Not Ready.
CSI_MULTI_HOMED_CLient on x86 - Client
IP address had octets in reverse order.
Other ACSLS Functions
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 57
Questions?
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 58
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Confidential – Oracle Internal 59