You are on page 1of 118

Administration Guide

Alcatel 1350
Management Suite

1350 Rel.7.1
Network Release

3AL 88893 CAAA Ed.03

3AL 88893 CAAA Ed.03

1350 REL.7.1 ADMINISTRATION GUIDE

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

TABLE OF CONTENTS
LIST OF FIGURES AND TABLES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . HISTORY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 PRELIMINARY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.1 General Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 Handbook applicability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3 Product-release handbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.3.1 Handbooks related to the specific software application . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4 Referred External Documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.4.1 NR Related Handbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.5 Registered Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.6 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1.7 Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 INTRODUCTION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 IP ADDRESS AND NODE NAME MANAGEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.1 Fuctional Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.2 Basic Fuctions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.3 Network Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4 Node Name Management Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.1 1 INIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.2 2 ADD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.3 3 REMOVE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.4 4 PUT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.5 5 LIST . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.6 6 TOTALIGN & 7 ACTALIGN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.7 8 GRPOPEN, 9 GRPIMPORT & 10 GRPMERGE . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.8 11 CHIPADDR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.9 12 CHHOSTNAME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.10 13 CHNETMASK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.11 14 CHGATEWAY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.12 15 DNSADD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.13 16 DNSCHANGE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3.4.14 17 DNSREMOVE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 03 02 01 060303 050901 050428 DATE CHANGE NOTE ECR31574 ECR24299 F.Casasole ITAVE F.Casasole ITAVE F.Casasole ITAVE APPRAISAL AUTHORITY 4 5 7 7 7 8 8 8 9 10 10 10 11 13 14 14 15 16 16 17 18 18 18 18 19 20 23 26 26 27 27 28

B.Bosisio ITAVE S.Franco B.Bosisio ITAVE M.Occhietti B.Bosisio ITAVE ORIGINATOR

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

1350 Management Suite NR7.1 ADMINSTRATION GUIDE

ED

03 3AL 88893 CAAA 112 1 / 112

4 BACKUP AND RESTORE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1 Full disks backup/restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.1.1 Full Backup Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2 Single Volume Group Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.2.1 Single Volume Group Backup Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3 Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.1 Ignite Recovery tape restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.2 1359HA OS Cluster Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.3 Mirror Disk configuration rebuild . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.4 Restriction on Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.5 Required disk space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.6 Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.3.7 Restriction on Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.4 FULL BACKUP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.4.1 Start the scbackup script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.4.2 Create the IRT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.4.3 Backup the entire disks contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5 FULL RESTORE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5.1 Restore of IRT Tape Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5.2 Restore from Fbackup Tape Set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5.3 Restore MIrror Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.5.4 Restore Warning and/or Error Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.6 BACKUP AND RESTORE Know problems and workaroundS . . . . . . . . . . . . . . . . . . . . . . 4.6.1 Ignite Rcovery Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.6.2 Recovery Archive Error Ignite recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4.6.3 Full User Disk Backup problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 MIRROR DISK/UX MANAGEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1 Configuring Mirror Disk/UX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1.1 Prerequisite . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1.2 Install Mirror Disk/UX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5.1.3 Configure Mirror Disk/UX with Alcatel Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 NETWORK DEPOT MANAGEMENT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.1 Platform Software Depot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.1.1 Build Depot know bug and workaround . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.1.2 Additional Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.1.3 Software Depot Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2 Application Software Depot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2.1 Authorize Access to Application Depot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6.2.2 Disk Requirement Tables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 SECURITY . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2 Security Preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2.1 Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2.2 Security User and Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2.3 Customize Login and FTP Banners . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2.4 Security Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2.5 Access to Secure Host . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.2.6 Define the System Password Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.3 Security SetUp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.3.1 Security in High Availability environment Restictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.3.2 Security Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

29 30 30 31 31 32 32 33 33 33 33 33 33 34 34 35 36 46 46 48 52 55 59 59 61 63 65 65 65 66 67 71 71 72 73 73 73 74 74 75 75 75 75 76 76 77 77 78 79 79 79

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 2 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

7.3.3 Required Software Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.3.4 Security set up Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.4 Remove Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7.5 Change Security Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 PRINTER CONFIGURATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.1 Configure a Printer Queue within Local Spooler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.1.1 Start the System Spooler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8.2 Configure Printer Booting from Local System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 GSP & MP PROCESSORS CONFIGURATION . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1 Configure Guardian Service Processor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1.1 Access the GSP with Local Terminal or PC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1.2 Configure GSP LAN console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1.3 Define the Administrator User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1.4 Enable the Access via LAN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1.5 Check the GSP LAN Console Accessibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.1.6 How to get to the GSP Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.2 Configure Management Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.2.1 Access the MP with Local Terminal or PC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9.2.2 Configure Lan Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . APPENDIX A FILE EXAMPLES . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . A.1 security.params . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

80 83 86 86 87 88 92 93 99 99 99 100 102 105 106 106 107 107 108 111 111

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 3 / 112

LIST OF FIGURES AND TABLES


FIGURES Figure 1. Network Example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Figure 2. Example of disk configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Figure 3. Printer Characteriscs Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . TABLES Table 1. Bus types required for DLT to be recognized as a bootable media . . . . . . . . . . . . . . . . . . . . Table 2. Disk requirements for NMS Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Table 3. Software requested by 1350 MS Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Table 4. Security User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Table 5. Security Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Table 6. Security Feature . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Table 7. Security Password Structure Constants . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Table 8. Security Password Aging Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Table 9. Printer Configuration Data Requested. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

15 69 89

32 74 75 76 76 77 78 78 87

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 4 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

HISTORY
Edition
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

Date April 2005 September 2005 March 2006

Notes OSConf Administration Guide Included security feature Added error message description in restore form backup tape.

Ed. 01 Ed. 02 Ed. 03

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 5 / 112

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03

3AL 88893 CAAA


All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

112

6 / 112

1 PRELIMINARY 1.1 General Information


WARNING ALCATEL makes no warranty of any kind with regards to this manual, and specifically disclaims the implied warranties of merchantability and fitness for a particular purpose. ALCATEL will not be liable for errors contained herein or for damages, whether direct, indirect, consequential, incidental, or special, in connection with the furnishing, performance, or use of this material. NOTICE The product specification and/or performance levels contained in this document are for information purposes only and are subject to change without notice. They do not represent any obligation on the part of ALCATEL. COPYRIGHT NOTIFICATION The technical information of this manual is the property of ALCATEL and must not be copied, reproduced or disclosed to a third party without written consent.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

1.2 Handbook applicability


This handbook applies to the following product-releases:

PRODUCT 1350 PRODUCT 1350 N.B. RELEASE 7.1 VERSION (N.B.) 7.1D

ANV P/N 3AL 88852 AAAA ANV P/N 3AL 88851 ABAA

NOTES FOR HANDBOOKS RELEVANT TO SOFTWARE APPLICATIONS Handbooks relevant to software applications (typically the Operators Handbooks) are not modified unless the new software version distributed to Customers implies manmachine interface changes or in case of slight modifications not affecting the understanding of the explained procedures. Moreover, should the screen prints included in the handbook contain the product-releases version marking, they are not replaced in the handbooks related to a subsequent version, if the screen contents are unchanged.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 7 / 112

1.3 Product-release handbooks


The list of handbooks given here below is valid on the issue date of this Handbook and can be changed without any obligation for ALCATEL to update it in this Handbook. Some of the handbooks listed here below may not be available on the issue date of this Handbook. The standard Customer Documentation in the English language for the equipment whose product-release-version is stated in para.1.2 on page 7 consists of the following handbooks: 1.3.1 Handbooks related to the specific software application THIS HANDBOOK

REF

HANDBOOK 1350 Rel7.1 Administration Guide 1350 Rel7.1 Installation Guide 1350 Rel7.1 System Management Operators Handbook

ANV Part No.

[1]

3AL 88893 CAAA

[2]

3AL 88893 BAAA

[3]

3AL 88893 AAAA

1.4 Referred External Documents


For factory internal use only. [4] HP System Partitions Guide Revision 3.1 E Copyright 2002 HewlettPackard Company. All rights reserved. Part Number: B235590746

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 8 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

1.4.1 NR Related Handbooks THIS HANDBOOK or note

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

REF

HANDBOOK

ANV Part No.

[5]

1353NM 7.0 Administration Guide 1354RM 7.1 Administration Guide 1354BM 7.1A ATM Administration Guide 1354BM 7.1E ETH Administration Guide 1354BM 7.1R PR Installation Guide 1355VPN 4.0 Administration Guide 1359HA OSCluster 7.1 Administration Guide 1359HA OSResilience 7.1 Administration Guide 1359IOO 5.1 Administration Guide 1359ISN 4.0 Administration Guide

3AL 89061 BAAA

[6]

3AL 61345 BAAA

[7]

3AG 23946 BAAA

[8]

3AG 23946 DAAA

[9]

3AG 23946 FAAA

[10]

3AL 72170 CAAA

[11]

3AL 88127 BAAA

[12]

3AL 88129 BAAA

[13]

3AL 88347 AAAA

[14]

3AL88235 AAAA

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 9 / 112

1.5 Registered Trademarks


UNIX is a registered trademark of UNIX System Laboratories in the U.S.A. and other countries. OSF/Motif is a trademark of the Open Software Foundation. HP is a registered trademark of HewlettPackard Corporation. HP9000/700 and HPUX are trademarks of HewlettPackard Corporation. HP OpenView and HP OpenView Window are trademarks of HewlettPackard. ORACLE is a registered trademark of Oracle Corporation.
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

1.6 Overview
This document describes how to install and configure the HP 9000 computer systems in order to allow the correct usage of Network Map Management (NM) application.

1.7 Conventions
The following conventions are used in this manual: [Enter] A key name is shown between square brackets to indicate that you press a named key on the keyboard. Courier type is uses to indicate the output produced by the system or data that you can find. Bold italic letters indicate informations that you must enter from the keyboard. Data shown between angle brackets means that these data depending by the particular instance of the system. It must be substituted with the correct data. Actions must be performed as root. Actions must be performed as root. Actions must be performed as normal user (not as root). Actions must be performed as oracle user. Actions must be performed in SQL utility.

courier

bold italic <data>

# ..,sys,root # ..,$ ..,oracle> SQL>

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 10 / 112

2 INTRODUCTION
This document describes how to administering a HP 9000 Server with OSConf configuration tools. OS Conf provides some function to make easier the HPUX administration in agreement with Alcatel Software Management. These tools provide aids for software installation and removal, combined with HPUX operating system configuration and security improvements.

1AA 00014 0004 (9007) A4 ALICE 04.10

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

ED

03 3AL 88893 CAAA 112 11 / 112

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03

3AL 88893 CAAA


All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

112

12 / 112

3 IP ADDRESS AND NODE NAME MANAGEMENT


The purpose of the Node Name Management tool is provide a centralized and integrated mechanism to administer the IP address and host name relationship for the HP servers used inside the Alcatel TMN application. Node Name Management allows configuring the TCP/IP address and host name relationship on the entire nodes in the Alcatel Network Management. Its main purpose is allowing the host naming distributed management. The code design philosophy is based on the working group concept. The group is an entity that includes the entire node needs to work together. The first node placed in configuration creates the group, and then the other will be added. Each node belongs the group has a copy of entire node name repository, and it is able to add a new node to the group, or remove an existing one. Any action can be carried on only if there is the group node member quorum. We decide to implement this philosophy after the experience on the previous NR where it was very difficult to review the configuration when a node was failed or simply unreachable. The node group members are not the only entities in the repository database, in fact the communications are not limited to the node group members, but there are other nodes in the TPC/IP network that can be useful to know. These nodes can be described in the database as External, that means them can be added and removed such as a Member one, but them can non remove nether add any thing, and them are not voters to reach the quorum. Another special entity are the Cluster nodes, that are specific designed for virtual IP Address of MC/Service Guard cluster application packages, the characteristic of this kind of element are: them have to be defined in the Kerberos database like Members, but them are not voters for quorum, nether useful to execute actions. An important principle regards the security, in fact to prevent backdoors or other strategy to allow the action of a node to another, to include a new node in the group, it is not enough that a member node add it to the database, but it have to authorize the group access, by performing a add action by itself. Just to better explain the behavior with an example: We have a group with three members: hosta, hostb and hostc, if have to add hostd to the group the first action has to be done from one of the three members, it have to add hostd to the database, that means all the three nodes will know hostd and its IP address, and implicitly accept request from that source. Then hostd have to accept the group membership by performing an add on itself specifying one of the group members. With this action hostd authorize the other group member to operate on itself. N.B. This tool does not provide any support for the IP network design, it just allow to reduce the effort in describing an already planned network.

1AA 00014 0004 (9007) A4 ALICE 04.10

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

ED

03 3AL 88893 CAAA 112 13 / 112

3.1 Fuctional Restrictions


The Node name Management program bases network communication on OSKernel Remotizer library, that means OSKernel have to be installed and customized before be able to correctly execute the Node name Management program. The Node Name Management can not be started before OSKernel installation and customization. To allow the correct execution of the program, the involved machines does not have more five minutes difference in system time. Be careful, the relevant system time does not involve the Time Zone, so you have to check the time difference by entering the command: date u

3.2 Basic Fuctions


This paragraph briefly shows the actions foreseen by OSConf Node Name Management: Found the group is done by network management first node. Add new node allows adding any type of host to the database. Remove a node allows removing any type of host to the database. List of data provides the contents of database in terms of hostname and its characteristics. IP address and hostname changes. Single or multiple node alignment. Change network gateway and subnet mask. Add and remove DNS configuration. Group management.

All these functions are available through a menu driven interface, this interface is described hereafter.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 14 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

3.3 Network Example


To make easier understand the software behavior an example of network will be provided. Within this network management system we have five HP9000 servers, with the following information: hosta hostb hostc hostd hoste IP address 192.200.49.1 IP address 192.202.21.7 IP address 192.202.21.8 IP address 192.202.22.4 IP address 192.200.22.5 Role 1354RM Client Role 1353NM Master Role 1354RM Client Role 1354RM Master Role 1353SH Master

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

There are other network equipments, such as rooters, printers (local and network), personal computer, and time synchronization equipments: router1 router2 gpsrec1 router3 lp1 IP address 192.200.49.244 IP address 192.202.21.244 IP address 192.202.21.51 IP address 192.202.22.244 IP address 192.202.22.6 Left LAN router Central LAN router Time synchronization via Global Position System. Right LAN router Network line printer.

hosta gpsrec1 (GPS time receiver) lp1 (network printer)

WAN

hostc hostb Figure 1. Network Example hostd hoste

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 15 / 112

3.4 Node Name Management Interface


The Node name Management program interface is menu oriented, when you can start this software by login as user root and entering: ...,sys,root # scNMmng [Enter] It prompts you the following menu:
Network Management Nodes (V2.3.1) Management options: 1 2 3 4 5 6 7 8 9 10 INIT ADD REMOVE PUT LIST TOTALIGN ACTALIGN GRPOPEN GRPMERGE = network map init. = add a node = remove a node = put network map = list network map = alignment each node = alignment a single node = open the current group = merge two groups [0] exit 11 12 13 14 15 16 17 CHIPADDR CHNETMASK CHGATEWAY DNSADD DNSCHANGE DNSREMOVE = change IP addr. = change netmask = change gateway = add to DNS = change DNS = remove from DNS

CHNODENAME = change hostname

GRPIMPORT = import a remote group

Enter management option [0..17] :

3.4.1 1 INIT Establish the Group: you are installing the first NMS system of the entire network. Before perform any activity you have to initialize the Node Management persistent data. The detailed procedure is: a) b) Login a node as root user (hostb of example in paragraph 3.3 ). Run the scNMmng script (see paragraph 3.4 at page 16) then enter 1 and [Enter] to execute the initialization. This action creates the group. The execution will be confirmed by the message: ** MESSAGE: node <hostname> (<IP_addr>) initialized. Press [Enter] to continue. The Node Management Persistent Data has been initialized. Press [Enter] to go back to main menu, then press [Enter] or 0 and [Enter] to exit.

c)

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 16 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

3.4.2 2 ADD The Node Name Management procedure have been design to guarantee the security of the entire system, that meas the access to any system in configuration must be formally granted. As consequence it is not possible to operate on a remote system without authorize the access to it in advance, that also means it is not possible to add a new node to a group in one shot. We have to authorize the new node to access the group, and then the new node authorize all the machines belonging to the group to operate with it. It is important to preform the to action in this order because the action performed by the adjoining machine have to be able to retrieve from the specified group member the data related to all the system belonging to the group. 3.4.2.1 Add a New Group Member You add a new node member to the group when the adding node is a TMN system, that have to swap data over the network with the other group members. To add a new member you have to perform the node addition on two machines: 1) First of all, you have to add the new system on a machine already belonging to the group. This action stores the new host in the database of all nodes belonging to the group, and authorize new candidate member to join the group. Then, execute again the add action on the machine that have to join the group. This action allow the new group member to retrieve the node name database from any other group memeber. Executing some commands you can see the following message, please ignore it: Redefining sub ConnectionManager::GetConnectionPort at /alcatel/ Kernel/lib/lib_perl/Remotizer.pm line 695

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

2)

N.B.

3.4.2.1.1 Add the New Menber to the Group To add a new host to the group as member you have to: Log in as root a system already group member. Start scNMmng. Enter 2 (ADD = add a new node). On ADD Management option window enter 2 to choose add remote node (member). Enter the hostname and IP Address of the new host on demand. Wait the end of program execution. Now the new host is known by all group member systems. 3.4.2.1.2 New Member Joins the Group To complet the action, you have to execute the add also from the joining host. To do it you have to: Log in as root the new incoming host. Start scNMmng. Enter 2 (ADD = add a new node). On ADD Management option window enter 1 to choose add current node. Enter the hostname and IP Address of a group member node on demand. Wait the end of program execution. Now the new node is member of the group.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 17 / 112

3.4.2.2 Add a New External Node You add a new external node to the group when the adding node is NOT a TMN system, it can be a printer or any other kind of machine not running Alcatel TMN system based on OSKernel. This case you have just to perform the add on any group member node. The information will be automatically distributed to the entire group. 3.4.2.3 Add a Cluster Node A specific area has been defined to allow the definition of the Virtual Hostname requested by MC ServiceGuard configurations. In fact this requires a special management, the host have to be authorized to swap messages with the other group members, but is must be not included in the voters for reaching the quorum. 3.4.3 3 REMOVE This menu choice allows to remove any node form the database. This command has been designed to be able to remove the system also if it is not reachable through the network. 3.4.3.1 Remove Entry for the Current Node There are two way to remove entries related to the current node: one for the primary or physical hostname and another for the virtual hostname for cluster configurations. Choose the option related to the action you want to execute from the menu. The entry is removed from all group members databases. 3.4.3.2 Remove Entry for Other Group Member You can also remove the entry for other group members, for both primary and virtual hostname. Choose the option related to the action you want to execute from the menu. The entry will be removed from all group members databases. 3.4.3.3 Remove Entry for External Nodes. A specific remove choice is foreseen also for the external nodes. Choose the option related to the action you want to execute from the menu. The entry will be removed from all group members databases. 3.4.4 4 PUT A specific menu option is foreseen for update the node name database of a remote group member. This can be useful in case to align a node database. 3.4.5 5 LIST List option allow to read the database contents of the current or any other group member node. 3.4.6 6 TOTALIGN & 7 ACTALIGN This two option allows to align all the group member nodes to the specified one or a specific one to another group memeber.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 18 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

3.4.7 8 GRPOPEN, 9 GRPIMPORT & 10 GRPMERGE Functions to enable the comunication and, eventually, the merge between two different hosts groups configured on the same network. To perform this, is necessary to execute two different steps in the following sequence: 1) First of all, you have to enable on a host belonging to a hosts group, the remote access from a specific host belonging to other hosts group (GRPOPEN). Then, you can choose to include the remote group description on the current group hosts (GRPIMPORT) or merge the current and remote hosts groups (GRPMERGE) obtaining as final result a single group containing the description of the hosts of both indicated groups.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

2)

3.4.7.1 GRPOPEN To enable the access on the current host, belong to a network hosts group, from a remote host (and ONLY from it) belong to other network hosts group you have to: Log in as root the group member you want to enable to remote group comunication. Start scNMmng. Enter 8 (GRPOPEN = open the current group). Enter the hostname and IP Address of the remote host you want to link. Wait the end of program execution. Now the two groups to which belong the current and the remote hosts can comunicate each other. 3.4.7.2 GRPIMPORT N.B. You can to activate this function ONLY from the remote host indicated during the GRPOPEN operation previously executed.

To configure on the current node (and on each node belonging to the same nodes group) the nodes belonging to a remote nodes group you have to: Log in as root the group member you want to configure the hosts of the remote group. Start scNMmng. Enter 9 (GRPIMPORT = import a remote group). Enter the hostname and IP Address of the remote host belonging to the group you want to link. N.B. Must be the same of the node where you executed the GRPOPEN. Wait the end of program execution. Now the configuration of each host member of local group include the description of all hosts member of the remote group. 3.4.7.3 GRPMERGE N.B. You can to activate this function ONLY from the remote host indicated during the GRPOPEN operation previously executed.

1AA 00014 0004 (9007) A4 ALICE 04.10

To merge the hosts members of two different groups in a single group you have to: Log in as root the host member of the group you want to merge with the remote group. Start scNMmng. Enter 10 (GRPMERGE = merge two groups). Enter the hostname and IP Address of the remote host belonging to the group you want to merge. N.B. Must be the same of the node where you executed the GRPOPEN. Wait the end of program execution. Now all the hosts members of the two groups has been merged in a singre group.

ED

03 3AL 88893 CAAA 112 19 / 112

3.4.8 11 CHIPADDR This paragraph shows how to change the IP address of a system configured with OSConf Node Management script. There are two different situations: 1) The IP address have to be change is related to a group member, that means you have to change an IP address configuration, and inform all the other network nodes about the change. The IP address have to be change is related to an external system, and you have just to inform all network nodes about this change.

2)

3.4.8.1 Change Member Node IP Address To better understand how to proceed it is advisable have clear in mind some concepts of OSConf network management: To be able to communicate each other using the hostname alias, two machines have to register the correct relationship between hostname and IP address in /etc/hosts file. Changing the IP address on a node the communication can be lost. The hostname/IP address relationship has to be changed on the entire network. The new IP address have to be defined in agreement with IP addressing plan of the local area network where the system have to operate. NO IP ADDRESS DUPLICATION IS ALLOWED. When changing the IP address also the IP Network or subnetwork (RFC 1878) is changed, you have to change also any related routing information. Do not run the scNMmng procedure on the machine where the IP address has to be changed by using remote connection or X Motif interface, because the connection can be lost and the CDE can gets blocked. Because of these reasons we decide to split the change IP address in two actions: 1) The hostname/IP address relationship change on all network nodes but the one that the IP address is defined on. The IP address change on the node where the IP address is defined on.

2)

The first action have to be performed on any group member node different that ome where the IP address is defined.The the second one on node where the IP address have to be really changed. Is important to preform the to action in this order. The communication can not be establish again before both of these steps will be not completed. Before proceed is better to verify that the communication among the machine with the new IP address and the remaining group members are established again.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 20 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

3.4.8.2 Change External Node IP Address The external node IP address change does not require any modification on the LAN card configuration of any network node. That means this action can be done in one shot over all the nodes. In any case you have to synchronize yourself with who is in charge to perform the IP address change on the external system, in order to reduce the down time between that external system and the node belonging to the group. 3.4.8.3 Change Node IP address to the Other Members This activity allows to change the relationship between an IP address on all the group member nodes at once. The detailed procedure is: N.B. In the following sequence to form the hypothesis to change from hostb node of example in paragraph. 3.3 , the IP address of hostc node from 192.202.21.8 to 192.202.21.99. Login a group member node as root user (hostb of example in paragraph. 3.3). Run the scNMmng script (see paragraph 3.4 at page 16) then enter 11 [Enter] to change the IP address of a node. On the display will be appear the Change IP Addr. Menu: Network Management Nodes (V2.3.1) CHANGEIP Management options: 1 change the IP addr. on current node 2 change the IP addr. on remote node (member) [0] Main menu Enter management option [0..2] : Enter 2 and [Enter] . The procedure ask you the following questions: Please insert the HOSTNAME for remote host : <hostname> [Enter] Please insert the OLD IP ADDR. for remote host : <cur_IP_addr> [Enter] Please insert the NEW IP ADDR. for remote host : <new_IP_addr> [Enter] Please insert the NETWORK ID for remote host : <lan_ID> [Enter] Where <hostname>, <cur_IP_addr> (displayed automatically) and <new_IP_addr> are the remote hostname, the current and the new IP address of the node you want to modify (respectively hostc, 192.202.21.8 and 192.202.21.99 in the example). <lan_ID> is the LAN identification number (0=lan0, 1=lan1, ...). d) The procedure ask you to confirm the current execution: Do you confirm the execution [Y/N def.=Y]? : Enter Y and [Enter] to proceed or N and [Enter] to go back to main menu. If you continue the operation, the procedure will start a update on all the group member nodes. Wait the end of the activity as requested by: WAIT THE END OF THE ACTIVITY (DO NOT PRESS ANY KEY !!). The execution will be confirmed by the message: ** MESSAGE: IP ad. of <hostname> Press [Enter] to continue.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

a) b)

c)

e)

f)
1AA 00014 0004 (9007) A4 ALICE 04.10

(<cur_IP_addr>) changed in <new_IP_addr>.

The IP address of indicated node has to be changed. Press [Enter] to go back to main menu, then press [Enter] or 0 and [Enter] to exit.

ED

03 3AL 88893 CAAA 112 21 / 112

3.4.8.4 Change Node IP address on Local Member The IP address change can have influence on the application behavior. In fact any open connection can fault down, because IP address change need to shutdown the LAN services. For the same reason it is forbidden perform such kind of action using network connection (such as telnet connection and Xterminal emulation GoGlobalUX) involving the LAN interface subject to change. Moreover, if you are changing the IP address on a hp9000 workstation, you must exit any CDE interface and login in console mode (black screen). Because the tool is not able to identify when started from a network opened shell, no check can be done to prevent the execution from a wrong source. The detailed procedure is: N.B. a) b) The sequence completes the hostc IP address chence from 192.202.21.8 to 192.202.21.99. Login changing group member node as root user (hostc of example in paragraph. 3.3). Run the scNMmng script (see paragraph 3.4 at page 16) then enter 11 [Enter] to change the IP address of a node. On the display will be appear the Change IP Addr. Menu: Network Management Nodes (V2.3.1) CHANGEIP Management options: 1 2 change the IP addr. on current node change the IP addr. on remote node (member)

c)

[0] Main menu Enter management option [0..2] : Enter 1 and [Enter] . The procedure ask you the following questions: Please insert the OLD IP ADDR. for local host : <cur_IP_addr> [Enter] Please insert the NEW IP ADDR. for local host : <new_IP_addr> [Enter] Please insert the NETWORK ID for local host : <lan_ID> [Enter] Where <cur_IP_addr> (displayed automatically) and <new_IP_addr> are the current and the new IP address of the node (192.202.21.8 and 192.202.21.99 in the example). <lan_ID> is the LAN identification number (0=lan0, 1=lan1, ...). d) The procedure ask you to confirm the current execution: Do you confirm the execution [Y/N def.=Y]? : Enter Y and [Enter] to proceed or N and [Enter] to go back to main menu. e) If you continue the operation, the procedure will start a update on all the group member nodes. Wait the end of the activity as requested by: WAIT THE END OF THE ACTIVITY (DO NOT PRESS ANY KEY !!). N.B.
1AA 00014 0004 (9007) A4 ALICE 04.10

The activity may take a few minutes (a Kernel serivces reconfiguration is required). DO NOT ABORT THE PROGRAM !!

f)

The execution will be confirmed by the message: ** MESSAGE: IP ad. of <hostname> Press [Enter] to continue.

(<cur_IP_addr>) changed in <new_IP_addr>.

ED

03 3AL 88893 CAAA 112 22 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

The IP address of indicated node has to be changed. Press [Enter] to go back to main menu, then press [Enter] or 0 and [Enter] to exit.
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

3.4.9 12 CHHOSTNAME This paragraph shows how to change the node name of a system configured with OSConf Node Management script. There are two different situations: 1) The node name have to be change is related to a group member, that means you have to change an node name configuration, and inform all the other network nodes about the change. The node name have to be change is related to an external system, and you have just to inform all network nodes about this change.

2)

3.4.9.1 Change Member Node Name To better understand how to proceed it is advisable have clear in mind some concepts of OSConf network management: To be able to communicate each other using the hostname alias, two machines have to register the correct relationship between hostname and IP address in /etc/hosts file. Changing the node name on a mode the communication can be lost. The hostname/IP address relationship has to be changed on the entire network. OSConf has to guarantee the execution of the action declared succeeded.

Because of these reasons we decide to split the change node name in two actions: 1) 2) The hostname/IP address relationship change on all the other network nodes. The node name change on the local node.

The first action have to be performed on any other one it the configuration, the the second one on node where the node name have to be really changed. Is important to preform the to action in this order. The communication can not be establish again before both of these steps will be not completed. 3.4.9.2 Change External Node Name The external node node name change does not require any modification on the LAN card configuration of any network node. That means this action can be done in one shot over all the nodes. In any case you have to synchronize yourself with who is in charge to perform the node name change on the external system, in order to reduce the down time between that external system and the node belonging to the group.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 23 / 112

3.4.9.3 Change Node Name to the Other Members This activity allows to change the relationship among a node name on all the group member nodes at once. The detailed procedure is: N.B. In the following sequence to form the hypothesis to change from hostb node of example in paragraph. 3.3, the node name of hostc node from hostc to hostx. Login a group member node as root user (hostb of example in paragraph. 3.3). Run the scNMmng script (see paragraph 3.4 at page 16) then enter 12 [Enter] to change the name of a node. On the display will be appear the Change Hostname Menu:
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

a) b)

c)

Network Management Nodes (V2.3.1) CHANGEIP Management options: 1 2 change the hostname on current node change the hostname on remote node (member)

[0] Main menu Enter management option [0..2] : Enter 2 and [Enter] . The procedure ask you the following questions: Please insert the OLD HOSTNAME for remote host : <hostname> [Enter] Please insert the IP ADDR. for remote host : <IP_addr> [Enter] Please insert the NEW HOSTNAME for local host : <new_hostname> [Enter] Where <hostname>, <IP_addr> (displayed automatically) and <new_hostname> are the current name, the IP address and the new name of the remote node you want to modify (respectively hostc, 192.202.21.8 and hostx in the example). d) The procedure ask you to confirm the current execution: Do you confirm the execution [Y/N def.=Y]? : Enter Y and [Enter] to proceed or N and [Enter] to go back to main menu. e) If you continue the operation, the procedure will start a update on all the group member nodes. Wait the end of the activity as requested by: WAIT THE END OF THE ACTIVITY (DO NOT PRESS ANY KEY !!). The execution will be confirmed by the message: ** MESSAGE: nodename <hostname> changed in <new_hostname>. Press [Enter] to continue. The IP address of indicated node has to be changed. Press [Enter] to go back to main menu, then press [Enter] or 0 and [Enter] to exit.
1AA 00014 0004 (9007) A4 ALICE 04.10

f)

ED

03 3AL 88893 CAAA 112 24 / 112

3.4.9.4 Change Node Name on Local Member After the Change Nodename activity execution on other group member nodes, you have to execute the same action on the node you want to modify. The detailed procedure is: N.B. a) b) The sequence completes the hostc name chence from hostc to hostx. Login a group member node as root user (hostc of example in paragraph. 3.3). Run the scNMmng script (see paragraph 3.4 at page 16) then enter 12 [Enter] to change the name of a node. On the display will be appear the Change Hostname Menu:

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

c)

Network Management Nodes (V2.3.1) CHANGEIP Management options: 1 2 change the hostname on current node change the hostname on remote node (member)

[0] Main menu Enter management option [0..2] : Enter 1 and [Enter] . The procedure ask you the following questions: Please insert the NEW HOSTNAME for local host : <new_hostname>

[Enter]

Where <new_hostname> is new name of the remote node you want to modify (hostx in the example). d) The procedure ask you to confirm the current execution: Do you confirm the execution [Y/N def.=Y]? : Enter Y and [Enter] to proceed or N and [Enter] to go back to main menu. e) If you continue the operation, the procedure will start a update on all the group member nodes. Wait the end of the activity as requested by: WAIT THE END OF THE ACTIVITY (DO NOT PRESS ANY KEY !!). N.B. The activity may take a few minutes (a Kernel serivces reconfiguration is required). DO NOT ABORT THE PROGRAM !!

f)

The execution will be confirmed by the message: ** MESSAGE: nodename <hostname> changed in <new_hostname>. ** WARNING: reboot your system immediately after this operation !! Press [Enter] to continue. The IP address of indicated node has to be changed. Press [Enter] to go back to main menu, then press [Enter] or 0 and [Enter] to exit.

1AA 00014 0004 (9007) A4 ALICE 04.10

N.B.

After the node name changing, a system reboot is required !!

ED

03 3AL 88893 CAAA 112 25 / 112

3.4.10 13 CHNETMASK N.B. This function manage each network interface configured.
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

To change the subnetwork mask of a group member host you have to: Log in as root the host member where you want to change the subnetwork mask. Start scNMmng. Enter 13 (CHNETMASK = change netmask). Enter the new subnetwork mask and LAN identification number (0=lan0, 1=lan1, ...). Wait the end of program execution. At the end of this operation, on current host the new subnetwork mask is actvated on line automatically. 3.4.11 14 CHGATEWAY N.B. This function manage each network interface configured.

To change the current gateway IP address and hostname of a group member host you have to: Log in as root the host member where you want to change the gateway configuration. Start scNMmng. Enter 14 (CHGATEWAY = change gateway). Enter the following informations: current gateway IP address have to be replaced. If you want to modify the default gateway, you have to indicate the key default. new gateway hostname and new gateway IP address. Wait the end of program execution. At the end of this operation, on current host the new the new gateway IP address and hostname are actvated on line automatically.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 26 / 112

3.4.12 15 DNSADD To allow to add a new server to the current Distributor Names Server (DNS) configuration of a group member host. If the DNS is not already configured, it will be initialized. To perform this you have to: Log in as root the host member where you want to define or update the DNS configuration. Start scNMmng. Enter 15 (DNSADD = add the DNS). Enter the following informations: new DNS server hostname . new DNS server IP address. new DNS local domain name (required only if the DNS is not yet configured on the current host). Wait the end of program execution. Now, on the current member host the DNS configuration is updated. 3.4.13 16 DNSCHANGE To allow to modify the current Distributor Names Server (DNS) configuration of a group member host. Its possible to: a) b) c) replace a Distributor Names Server (DNS) nameserver currently configured with a new one. replace the current local domain name with a new one. perform an update of the search domain list.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

To perform this you have to: Log in as root the host member where you want to modify the current DNS configuration. Start scNMmng. Enter 16 (DNSCHANGE = change DNS). Enter the following informations: current DNS nameserver name (optional required only if you want to replace a DNS nameserver currently configured). new DNS nameserver name (optional required only if you want to replace a DNS nameserver currently configured). new DNS nameserver IP addr (optional required only if you want to replace a DNS nameserver currently configured). new DNS local domain name (optional if is not indicated, the current local domain name will be maintained. search list for hostname lookup (optional if is not indicated, the current search domain list will be maintained. Wait the end of program execution. Now, on the current member host the DNS configuration is modifyed.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 27 / 112

3.4.14 17 DNSREMOVE Remove a server from the current Distributor Names Server (DNS) configuration of a group member host. If the DNS Server indicated is the last configured on the local node, the DNS will be unconfigured: Log in as root the host member where you want to remove the DNS nameserver. Start scNMmng. Enter 17 (DNSREMOVE = remove from DNS). Enter the DNS nameserver name and DNS nameserver IP addr of the server you want to remove. Wait the end of program execution.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 28 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

4 BACKUP AND RESTORE


The OSConf includes a backup/restore function. This function allows to make a security archive tape set of the entire system, or a specified volume group, reducing the down time of the system where it is possible. The backup function can be executed in two ways: Full backup of the entire system. Single volume group back.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

Both of them allow the online execution, and are integrated with the other OSConf feature such as disk mirror management.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 29 / 112

4.1 Full disks backup/restore


The target of the procedure is: provide an easy tool to allow the backup and restore of the complete disks contents (including the disk partitioning), to allow the system recovery in case of disk failure or data corruption that does not allow the HPUX to boot again from disk. Basically the procedure use three HPUX tools: 1) 2) 3) fbackup frecover Ignite UXt Backup tool included in the HPUX 11.11 Core Recover tool included in the HPUX 11.11 Core Add on HP tool for installation and recovery

The tools reference versions are: HPUX 11i 11.11 Ignite UXt B.3.6.82 for HPUX 11.11 This means the scbackup behavior is not guarantee with different version. 4.1.1 Full Backup Strategy The system backup is always done using two tape cassette sets: a) The fist tape set is the Ignite Recovery Tape (IRT). It is created online by Ignite UX with a reduced HPUXt and allows the boot from tape. Usually the IRT is done using just one 4 Gbyte tape. The contents of IRT depends also by the Logical Volume Management (LVM) configuration, it the Physical Volume Group (PVG) are defined, only the disk beloging to PVG0 will be stored in the IRT, this is done this way because Ignite does not manage mirror disk nor PVG. This approach has been implemented to be able to build again the same configuration in the restore. The second tape set is created by fbackup tool with the entire disk contents. This activity can be carried out online or offline depending by the system configuration and status. These are the conditions to be able to perform the online full backup: 1) 2) 3) If entire file system is mirrored. If there are no stale phisycal extent. If there is no Virtual Array in configuration.

b)

This tape set can be require more than one tape. N.B. If you have both DAT and DLT tape device, it is allowed to create the two tape sets using different type of tape cassettes, such as DAT tape for IRT and DLT for fbackup. But it is NOT allowed to mix different type tape cassettes in the same tape set.

The procedure manages both volume group configuration provided for Alcatel TNM Applications: Single Volume Group Multiple Volume Group

1AA 00014 0004 (9007) A4 ALICE 04.10

The Single Volume Group configuration has all disks in configuration defined in the same HP Logical Volume Manager (LVM) volume group (VG), where there are also the HPUX system partitions. The Multiple Volume Group configuration foreseen a different VG for each disk (vg01, vg02, vg03, etc.) with the exception of the Mirror UX configuration where each VG must contains two disks. Within the Alcatel TNM environment it is RECOMMENDED to use this tool in together with the Alcatel Application Backup feature, because often there is application data on different systems that have to be consistent each other. N.B. The full backup usage is forbidden with 1359HA OSCluster environment. 03 3AL 88893 CAAA 112 30 / 112

ED

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

4.2 Single Volume Group Backup


The single volume group backup has been introduced to allow the backup when there are 1359HA OS Cluster System configuration. The 1359HA OSCluster specific volume group management does not allow to perform the full backup in the usual way, because them are shared between two systems, and their Logical Volume Manager (LVM) configuration must be managed by 1359HA OSCluster scripts. Single volume group backup feature is also due to the Virtual Array (VA7110) backup method, in fact there is a specific feature of VA7110 to make an online copy of any Logical Unit (LUN), this mechanism allow the online backup of any information stored with the VA7110, but require an extra space on device equal to the amount of space that have to be backup at once. Basically the procedure uses the following HPUX tools: 1) 2) 3) 4) fbackup frecover Ignite UXt CommandView SDMt Backup tool included in the HPUX 11.11 Core Recover tool included in the HPUX 11.11 Core Add on HP tool for installation and recovery Virtual Array Command

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

The tools reference versions are: HPUX 11i Ignite UXt CommandView SDM 11.11 B.3.6.82 for HPUX 11.11 V1.06.00

This means the scbackup behavior is not guarantee with different version. 4.2.1 Single Volume Group Backup Strategy The behavior of the single volume group backup is more flexible, but more complex than the full backup one. Within the single VG backup it is possible to distinguish two different VG types: 1) 2) hpuxt system volume group (vg00). Data volume group (different than vg00)

The backup of the system volume group (vg00) is perform with the full backup approach, it is done with two tapes (IRT and fbackup) to be able to rebuitd a minimum hpuxt system and the data stored inside. Instead the data volume group backup is related only the data. As result of this policy is the single volume group backup require a number of tapes equal to the number of volume group plus one, and all of them have to be properly labeled to prevent misusage. N.B. The manual Single Volume Group Backup usage is forbidden. It must be integrated within 1359HA OSCluster Backup feature.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 31 / 112

4.3 Restrictions
4.3.1 Ignite Recovery tape restrictions The Ignite Recovery Tape (IRT) has some restrictions with using the DLT tape driver. DLT MUST BE attached to HP 9000 Enterprise servers via FastWide Differential interface cards. DLT boot WILL NOT work when attached via singleended SCSI. DLT boot IS NOT supported for systems that use NIO FastWide Differential SCSI cards (Part number 28696A). The matrix below explains systems (by class) along with the bus types required for DLT to be recognized as a bootable media device. Table 1. Bus types required for DLT to be recognized as a bootable media

CLASS

BUS

SCSI Interface Card

DLT boot support ? yes no yes no no no no yes yes yes no no no no see 4 ) see 3 ) see 3 ) see 3 ) see 3 )

Notes

KClass

HSC NIO HSC Core EISA HSC NIO PCI PCI PCI NIO NIO NIO NIO

A2969A FWD A28655A SE, A28696A FWD A4107A FWD

see 1 ) and 2 )

see 2 )

DClass

TClass NClass LClass VClass EClass GClass HClass IClass

A3644A FWD A28655A SE FWD FWD A4800A FWD A28655A SE, A28696A FWD A28655A SE, A28696A FWD A28655A SE, A28696A FWD A28655A SE, A28696A FWD

Notes: 1) This class system has two internal bus types, HSC and NIO. DLT is only bootable from the HSC bus. The HSC and GSC busses are the same busses. These terms are used interchangeably. NIO and HPPB refer to the same bus. IPR (Independent Peripheral Release). A firmware upgrade (at least 4.3, product number B6044AA) is required to enable tape boot for the VClass. The release date for firmware upgrade version 4.3 is September 1998. Contact your HP representative about required firmware upgrades.

2) 3)
1AA 00014 0004 (9007) A4 ALICE 04.10

4)

ED

03 3AL 88893 CAAA 112 32 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

4.3.2 1359HA OS Cluster Support The OS Cluster environment is supported only with Single Volume Group in conjunction with 1359HA OS Cluster backup feature. 4.3.3 Mirror Disk configuration rebuild The restore procedure after restoring the data it will inform the user if the system was mirrored at the backup time, the mirror rebuild is not managed directly by the restore procedure, but it must activated separately. For systems protected with Mirror/Disk UX, it is possible to proceed with the full online disk backup by using the scbackup script, after the disk restore via screstore script the scmirrorfs script can be invoked to rebuild the mirror configuration, this script will require to specify the mirror disks to be used (refer to appendix 4.5.3 at page 52). 4.3.4 Restriction on Console The fbackup is executed in single user mode during the HPUX boot phase, but it is VERY IMPORTANT to know that switching off the console terminal or disconnecting the Web console during the fbackup execution, the fbackup itself will be interrupt, and the backup will be not completed. 4.3.5 Required disk space The Ignite UX tool require at least 32Mbyte free in the file system where /var directory is located. 4.3.6 Compatibility The scbackupscrestore version 2.0 in not compatible with the previous version of the Alcatel backuprestore software, so the tapes produced with old versions cannot be managed by the new one. Pay attention to label correctly the new tapes and to keep them separated from the previous. 4.3.7 Restriction on Backup The system you want to backup may have volume groups not active or logical volumes not mounted; these will not be managed by the procedure and you will be informed by warning messages. Moreover: is strictly recommended do NOT perform the backup of file systems mounted using a path containing symbolic link. In fact, the backup of a file system of this type will generate a recovery archive error during the restore procedure (see paragraph 4.6.2 at page 61). pay particular attention to perform a full user disk backup in a Cluster environment configured with a Virtual Array. It could be generate a backup error (see paragraph 4.6.3 at page 63).

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 33 / 112

4.4 FULL BACKUP


This chapter shows how to perform the backup of the entire disk structure and contents by using the scbackup procedure. The script is design to be executed in following the phases showed below: a) b) Create the Ignite recovery tape (IRT). Perform backup On line: 1) 2) 3) Split the mirror disk, creating a offline copy of the entire system. Perform the backup of the off line copy Merge back the offline copy in the mirror disk configuration.

Off line: 1) 2) 3) Prepare HPUX system to execute standard backup at HPUXt Run Level 2. Perform the backup during the HPUX system reboot. Reboot the system to restore it in service.

4.4.1 Start the scbackup script To activate the scbackup script and execute the backup of your environment you have to proceed as follow: a) b) c) Login as root. Insert the tape cassette into the tape device. Start the procedure by entering: ..,sys,root # scbackup [Enter] The scriot foreseen a timeout on the tape cassete request, the default value is 60 minutes, if you want to have a different timeout period or inibit any timeout you have to use the t option.: ....sys,root # scbackup t 180 ...,sys,root # scbackup t 0 d) To increase the timeout to three hours. To disable the timeout.

The script will ask you to enter the HPUX device file for the IRT to be able to identify the tape driver you want to use by issuing the request: Enter tape device for Ignite <default=<tape_device>>: Enter the HPUX file associated to the tape device (i.e.: /dev/rmt/0m) you want to use for the IRT tape set and press [Enter], or just press [Enter] to select the shown file (<tape_device>).

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 34 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

4.4.2 Create the IRT Now we get into the IRT creation phase. The script issues the following message to ask you to insert a tape cassette into the tape driver.
Please load Tape with label Ignite on device: </dev/rmt/0m> and press Enter when READY

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

You have now to insert an unprotected tape cassette waiting until the drive light stops blinking. The tape cassette MUST BE NOT WRITEPROTECT ! When the device light will be stable on, press [Enter] key to start the activities on the tape. The IRT creation can take up to 40 minutes. (20 minutes with a HP9000 R380 Server with a DDS2 tape driver). The output of the execution will shown on the terminal. Any error detected will abort the execution. When the IRT will be completed without errors, the following message will be shown:
************************************************** Remove Tape media and recommended label is: hosta Ignite Bootable 01Dec2003 14:04

Please label the tape as suggested by the message. ATTENTION: The root password saved into IRT has to be used at the recovery time. Do not forget it! 4.4.2.1 IRT Integration Data To have a better view of the backuped system configuration it is required to printout some information and attach them to IRT. The required information are issued by the following command: ...,sys,root # vgdisplay v [Enter] ...,sys,root # scextendfs i [Enter] Print the output of these two commands and store it with the IRT, them can be useful in case of disk failure.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 35 / 112

4.4.3 Backup the entire disks contents When the IRT creation is completed, the scbackup goes to the next query require entering the HPUX device file for the fbackup, by issuing the message: Enter tape device for Fbackup <default=<tape_device>>: Enter the HPUX file associated to the tape device (i.e.: /dev/rmt/0m) you want to use for backup the entire disk contents and press [Enter], or just press [Enter] to select the shown file (<tape_device>). After this question it determinate if there are the condition to perform the online backup. 4.4.3.1 Online full backup This procedure checks if the mirror software is installed on the system, in case of positive result it evaluates if a full mirrored/stable disks configuration is present and activates the split of the logical volumes to prepare the data for the online backup from the mirrored disks.
************************************************** Verificaton of FULL MIRROR

Checking correct configuration of Logical Volumes mirror ...

In case of compatible system configuration, It is suggested to stop the Alcatel TNM applications before to continue as reported at follows: During the splitting phase, in order to preserve the data integrity, it is required to shutdown of the Alcatel TNM applications.
MIRROR verificaton End Successfully

***************************************************************************** To preserve data integrity and avoid problems you should: STOP ALL APPLICATIONS before start backup. *****************************************************************************

***************************************************************************** NOTE: If you need to stop anything, do it before answer YES to the next question. *****************************************************************************

Do you want continue with backup operation (y|n) ? : y

When you answer y the logical volumes split will be executed. If the split succeeds the following message will inform you to reactivate the Alcatel TMN applications and the full backup will be started.
***************************************************************************** ATTENTION: NOW you can RESTART APPLICATIONS !!! *****************************************************************************

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 36 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

It is necessary to attend the fbackup execution, because of it can ask for more tape cassettes, and when it requires a new cassette you have to remove the current tape and insert a new unprotected one. The fbackup by default will wait up to 1 hour for the new tape cassette after issuing the message:
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

Please MOUNT TAPE Volume <x> where <x> means the tape cassette number. If the cassette will be not replaced in 1 hour or you insert a wrong tape the fbackup will fail. N.B. N.B. The default timeout can be changed using the t option on scbackup commad. Fbackup DOES NOT CHECK if you are inserting the IRT one, in this case the IRT will be destroyed.

If everything goes well you will recevive the following output:


************************************************** SPLIT procedure

Start split operation for Logical Volume /dev/vg00/lvol3

Check FS on splitted Logical Volume

Mount FS on backup directory /sconlinebackup ... SPLIT End Successfully ***************************************************************************** ATTENTION: NOW you can RESTART APPLICATIONS !!! ***************************************************************************** ************************************************** ONLINE BACKUP process ************************************************** Preparation Tape media for BACKUP Fbackup tape devices /SCINSTALL/data/backup/fbackup_tape Backup Tape check : Please MOUNT TAPE Volume 1

01Dec2003 14:28 Execute Backup Execute Backup

: Start Backup ... : End Successfully

***************************************************************************** DATA ARE SUCCESSFULLY BACKUPED *****************************************************************************

************************************************** Remove Tape media and recommended label is: hosta Fbackup Volume x of n 01Dec2003 14:26 Content: Full backup **************************************************

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 37 / 112

After the full online backup the backup logical volumes will be reduced.
************************************************** MERGEDELETE process Start MERGEDELETE process activated on backup Logical Volumes This operation takes a while, please wait ... All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

MERGEDELETE End Successfully

***************************************************************************** ONLINE BACKUP End Successfully *****************************************************************************

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 38 / 112

4.4.3.1.1 Online Full Backup Error Management If problems occour during execution of sconlinebackup, the disks configuration will be automatically restored. In case of errors during the logical volumes split operation, the user can decide to continue with standard backup or to stop the procedure in order to analyse the problem, make the corrections and run again the command sconlinebackup (refer to paragraph 4.4.3.1.1.4 for an example). The sconlinebackup procedure can also run alone just if a new IRT is not required. In this case it will show the following output:
************************************************** sconlinebackup (BackupRestore Ver. 2.0)

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

************************************************** Environment verification

***************************************************************************** ATTENTION: sconlinebackup procedure can be invoked directly just if your SYSTEM IS NOT CHANGED since the last creation of the IRT (Ignite Recovery Tape). ***************************************************************************** ***************************************************************************** If you have doubt or if you need to create a new IRT, answer NO to the next question and use the scbackup command instead of sconlinebackup. ***************************************************************************** Do you want continue with backup operation (y|n) ? : y ***************************************************************************** NOTE: You choose to proceed with backup. The last produced IRT MUST BE VALID. *****************************************************************************

If the user decides to proceed, the script will work as previously described in this chapter.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 39 / 112

4.4.3.1.1.1 Full Mirror faults The check on the system full mirror can fails for two main reasons: logical volumes are not mirrored, in this case a message like the one at follows will be shown:
***************************************************************************** WARNING: Logical Volume /dev/vg00/lvol13 not mirrored. ALL Significant Logical Volumes must be mirrored. ***************************************************************************** All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

logical volumes have the stale status, a message like the following will be shown:
***************************************************************************** WARNING: Logical Volume /dev/vg00/lvol13 has status available/stale This indicates problems in mirroring synchronization. *****************************************************************************

The procedure skips the full online backup when it finds the first logical volume who doesnt meet the requirements and before continue with standard backup it will show the message:
***************************************************************************** WARNING: MIRROR verificaton End with warnings ***************************************************************************** ***************************************************************************** NOTE: ONLINE BACKUP NOT SUPPORTED by this system *****************************************************************************

4.4.3.1.1.2 System crash As you can realize this process is quite critical because in case of crash during the online backup there is the necessity to recover the original disks configuration. For this purpose an automatic recover procedure will be activated at the system startup in case of failure (sconlinebackup_recover). 4.4.3.1.1.3 Logs There are three log files where you can check in case of errors to identify the reason of the fault: /var/adm/syslog/sconlinebackup.log records information related to the SPLIT phase.

/var/adm/syslog/sconlinebackup_recover.log info about the MERGE_DELETE/RECOVER phase. /var/adm/syslog/fbackup.log keeps the full online FBACKUP information.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 40 / 112

4.4.3.1.1.4 Split problems Problems should appear during the splitting operation, if the applications have not stopped, because a file system check is activated on the splitted logical volume and it could find inconsistent state and uncorrectable errors. In this condition the backup procedure ends as reported at follows:
... Start split operation for Logical Volume /dev/vg00/lvol7 Check FS on splitted Logical Volume ***************************************************************************** ERROR: exit status 36 for command fsck F vxfs /dev/vg00/lvol7backup *****************************************************************************

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

***************************************************************************** ATTENTION: Recover process activated due to ERROR. Error during data copy phase see: /var/adm/syslog/sconlinebackup.log ***************************************************************************** ************************************************** RECOVER process RECOVER process activated on backup Logical Volumes This operation takes a while, please wait ... RECOVER End Successfully ***************************************************************************** ERROR: during data COPY phase. ***************************************************************************** Do you want continue with standard backup (y|n) ? : n ***************************************************************************** ERROR: during data COPY phase See ONLINE backup log: /var/adm/syslog/sconlinebackup.log After correction run again procedure sconlinebackup. *****************************************************************************

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 41 / 112

4.4.3.1.1.5 Timeout expiration If the user forget to mount the tape and the mount timeout expires, the process terminates with the message at follows:
************************************************** ONLINE BACKUP process

************************************************** Preparation Tape media for BACKUP Fbackup tape devices /SCINSTALL/data/backup/fbackup_tape Execute Backup : ERROR: timeout expired for Mount Tape

***************************************************************************** ERROR: DATA ARE NOT CORRECTLY BACKUPED ***************************************************************************** 02Dec2003 09:40 ERROR: timeout expired and Tape media was not mounted

**************************************************

************************************************** REDUCE process

Start REDUCE process on backup Logical Volumes This operation takes a while, please wait ...

REDUCE End Successfully ***************************************************************************** ERROR: Online Backup ends with errors. See FBACKUP log: /var/adm/syslog/fbackup.log After correction run again procedure sconlinebackup. *****************************************************************************

The user shuold mount the tape and run again the sconlinebackup command. 4.4.3.1.2 MergeDelete problems Normally the merge of the logical volumes works fine, but if it fails the disks mirroring will be faulty, to solve this kind of problem you must check the log file for errors and run manually the sconlinebackup_merge command.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 42 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

4.4.3.2 Standard Full backup Proceding with the standard full backup, in order to guarantee the contents of the files it is required to shutdown of the Alcatel TNM applications and reboot the HPUX system. Because of this it is necessary to carefully schedule this activity. The time required full backup depends by: Amount of the disk space used by files. Type of tape device. I/0 system.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

The scbackup require to perform the shutdownreboot immediately. The procedure shows the messages at follows and it asks if the system is ready for the shutdown, if you answer with y the system will reboot, if you answer n the backup will be aborted.
***************************************************************************** ATTENTION: you can continue with standard system backup, but this requires the system SHUTDOWNREBOOT . *****************************************************************************

***************************************************************************** Applications is better already stopped before start shutdown, do it before answer YES at the next question. *****************************************************************************

***************************************************************************** NOTE: If you answer NO at the question the backup will be aborted. ***************************************************************************** Is system READY for execute standard backup with SHUTDOWN & REBOOT (y|n) ? :

If you decide to answer y, it is better to shutdown the Alcatel Application, also if the procedure will stop the system with shutdown r command. If you decide to proceed the procedure asks to insert an unprotected tape cassette in the tape driver specified for the full backup issuing the following message:
************************************************** Preparation Tape media for FBACKUP tool

Please load Tape with label Fbackup on device: </dev/rmt/0m> and press Enter when READY

You have to insert the tape cassette in the requested tape drive and press [Enter] when the drive will be ready. The following message will be issued by scbackup invites you to enter the grace time to allow the user to logout.
1AA 00014 0004 (9007) A4 ALICE 04.10

Enter time for users to log off, before shutdown Enter time in SECONDS [decimal integer or now] >

N.B.

If you are performing the backup of a 1353SH Master, 1354RM IM, 1354NN IM, or the main CoHosted system, it is advisable to ask also the user logged on the presentation to exit. 03 3AL 88893 CAAA 112 43 / 112

ED

After the specified time the system will be shouted down and rebooted. During the HPUX startup the fbackup will be automatically started. N.B. The fbackup foreseen to have the tape drive ready to write.
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

It is necessary to attend the fbackup execution, because of it can ask for more tape cassettes, and when it require a new cassette you have to remove the current tape and insert a new unprotected one. The fbackup by default will wait up to 1 hour for the new tape cassette issuing the message: Please MOUNT TAPE Volume <x> where <x> means the tape cassette number. If the cassette will be not replaced in 1 hour or you insert a wrong tape the fbackup will fail. N.B. N.B. The default timeout can be defined using the t option on scbackup commad. Fbackup DOES NOT CHECK if you are inserting the IRT one, in this case the IRT will be destroyed.

At the end of the fbackup the system will proceed with the startup as usual, and the result of the activity will be available in the file /var/adm/syslog/fbackup.log. Moreover a message with the backup result will be shown at any login.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 44 / 112

4.4.3.2.1 Login messages At the end of full backup, just in case of problems, you will find one of the following messages:
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

Full backup issues a warning. You have to check in the file /var/adm/syslog/fbackup.log, ignoring warning messages related to the volume header: WARNING: unable to read a volume header. Delete the file /var/adm/syslog/fbackup.msg to remove the login message:
THIS SYSTEM IS NOT CORRECTLY BACKUPED *******************

******************

02Dec2003 10:30

Warning: during Fbackup see /var/adm/syslog/fbackup.log To fix the problem, check the log file

***************************************************************************** Note: If you remove file: /var/adm/syslog/fbackup.msg cancel this message

Full backup issues an error. You have to check in the file /var/adm/syslog/fbackup.log to identify the reason of the fault, but the backup it is not useful. Delete the file /var/adm/syslog/fbackup.msg to remove the login message:
THIS SYSTEM IS NOT CORRECTLY BACKUPED *******************

******************

02Dec2003 10:30

ERROR

: during Fbackup see /var/adm/syslog/fbackup.log

To fix the problem, check the log file

***************************************************************************** Note: If you remove file: /var/adm/syslog/fbackup.msg cancel this message

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 45 / 112

4.5 FULL RESTORE


The full backup and restore tool is design to restore on the same physical system the complete contenst of the hard disks in use with Logical Volume Manager (LVM), the restore on a different hardware it is not guarantee, also if the Ignite UX tool allows such kind of stuff. The restore is divided in two phases. The first one is done using the IRT tape set and recreates the LVM disk configuration existing at backup time, that means the current contents of the disk will be destroyed. The second phase recovers the contents of the backup file systems. 4.5.1 Restore of IRT Tape Set The first step in the recovery process consists in: Reconfiguring all the hard disks in use at backup time exactly as them was. Restoring a minimum set of HPUXt operating system on the hard disks, to be able to operate with frecover tool.

These two activities are perform by booting the HP9000 system from IRT. 4.5.1.1 Boot from IRT Tape To boot the HP9000 system from tape you have to: a) b) c) Switch off the machine. Switch on the machine. Wait the message: To discontinue, press any key within 10 seconds Press any key to get the console main menu. d) e) Insert IRT in the tape driver, and wait for ready condition of the tape. Enter the command: sea to identify the tape device in a list like: To discontinue search, press any key (temination may not be immediate). Path Number Device Path (dec) Device Type P0 8/4.8 Random access media P1 8/4.3 Sequential access media P2 10/12.12 Random access media f) Boot from tape by enter the command: boot p<x> where: p<x> g)
1AA 00014 0004 (9007) A4 ALICE 04.10

is the path number corresponding to tape drive (P1 in the example).

Do not interact with IPL by entering n at query: Interact with IPL (Y, N or C) >

ED

03 3AL 88893 CAAA 112 46 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

h)

Now the machine have to boot from tape by issuing messages like: HARD Booted ISL Revision ...... ISL Booting hpux (;0) INSTALL Boot ...: tape (...

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

i) j)

If the boot is correctly started you do not get the ISL prompt after three minutes. The Ignite will perform the recovery of the LVM disk structure and the HPUX in minimum configuration. You do not need to enter any command, just check for any error message. N.B. The IRT recovery reboots the system twice.

The recovery of IRT can take up to 90 minutes, it depend by the model of the system. in case of error the Ignite will give a message like the one at follows:
ERROR: The disk at HW path: 0/0/1/1.2.0 was specified in the configuration files but does not exist on the system. And since allow_disk_remap=false, no attempt to find a substitute will be made. Because of the error(s) above, the userinterface must be used to correct them... Noninteractive install canceled. Press Return to continue:

When you press Enter the Ignite prompt you a window like: Hardware Summary: System Model: 9000/800/rp7400 ++++ [Scan Again] | Disks: 10 (113.9GB)| Floppies: 0 | LAN cards: 3 | | CD/DVDs: 1 | Tapes: 1 | Memory: 2040Mb| | Graphics Ports: 0 | IO Buses: 8 | CPUs: 4 | [H/W Details] ++++ [ [ [ [ [ Reboot ] Install HPUX Run a Recovery Shell Advanced Options Read SysAdmin Message ] ] ] ] [

Help

That means there is some thing different in the system configuration that prevents Ignite to perform the automatic recovery, in this case you hove to drive Ignite manually to bypass the problem. k) Wait until the end of second reboot. Some time the machine does not reboot automatically, it stop for a long time (more then 20 minutes) just after issue the message: NOTE: tlinstall is searching filesystem please be patient In this case you can force it to proceed by typing [ctrl]c

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 47 / 112

l)

4.5.2 Restore from Fbackup Tape Set At the end of the recovery of IRT you can proceed with the recovery of the fbackup tape set: Do not perform the restore by a session open via network, because in case of network disconnection the restore has no recovery procedure, and have to be started again from the beginning. Do not try to login with GoGlobalUX tool it is not yet available. a) Login as root. N.B. b) You have to enter the same password which was active when the backup was done!

After restoring the Ignite tape the system is not fully restored, this means not all the required files are available at this time, it is for this reason that at the login some messages are printed:
Cannot chdir to /var/news cat: Cannot open /SCINSTALL/data/boot_version*: No such file or directory

Ignore them, obviously these messages will desappear when the restore will be completed. c) This is an optional step. If some preliminary actions are required on the system before to activate the restore, it is possible to create a commands procedure named screstore_init in the directory SCINSTALL/etc that will be executed before to activate the frecover command. Start the screstore script by entering: ..,sys,root # screstore [Enter] e) screstore asks you to enter the tape device file that have to be used for the restore by issuing the following request message:
************************************************** Selection of Tape device Enter tape device for Frecover <default=<tape device>

d)

Enter the HPUX file associated to the tape device (ex: /dev/rmt/0m) you want to use for the fbackup tape set and press [Enter], or just press [Enter] to select the shown file (<tape device>).
1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 48 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

When the system will start again from the restored disks, you can see on the console one or more messages like the following one: INIT: Command is respawning too rapidly. Will try again in 5 minutes. Check for possible errors. id: ..... Do not worry about them in this phase, in fact they are due to the partial restore of performed by Ignite, and to the temporary inconsistency between the restored files and /etc/inittab contents. The messages have to disappear after the restore of fbackup set shown at paragraph 4.5.2 page 48.

f)

Now the procedure asks you to insert the first tape of fbackup tape set. You have to insert the first cassette into the shown tape device, wait the tape device is ready, and press [Enter] to start.
Preparation Tape media for RECOVER Please load Tape with label Fbackup on device: </dev/rmt/0m> and press Enter when READY

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

g)

The recovery will start showing you the label that you should have on the Fbackup tape:
************************************************** Execution of RECOVER ************************************************** Mounted Tape media should have this label: hosta Fbackup Volume x of n 01Dec2003 14:26 Full Backup ************************************************** Press Enter to continue

h)

After you press [Enter] a check on the tape data is made to verify if it is consistent with the current system configuration. First of all a report is provided regarding the list of saved volume groups:
************************************************** Tape data compared with the system ***************************************************************************** Backup tape contains the volume groups: vg00 *****************************************************************************

i)

Then the some more information are checked, refer to paragraph 4.5.4.1 at page 55 to see the foreseen warning message and the tips for check them. The script issue the following message to ask you the authorisation to change the HPUX run level to level three:
***************************************************************************** Now all Application must be stopped, system go to run level 3 ***************************************************************************** Are you ready, system go to run level 3 (y|n) ? :

j)

Just enter y and press [Enter] to proceed. k) The recovery will start, but it is necessary to attend the frecover execution, because it can ask for more tape cassettes, and when it require a new cassette you have to remove the current tape and insert the next one. Mount the next tape when the request message Please MOUNT next TAPE Volume appears, and press ENTER after the message: frecover(5404): Press return when the next volume is ready on /dev/rmt/0m: N.B. Dont warry for the messages like the following:

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 49 / 112

frecover(1075): moved emsagent to emsagent.2510 since it was executing. Remove emsagent.2510 when done.
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

l)

If you insert the wrong tape the frecover will return some messages and questions like the ones reported at follows, you have to answer as indicated in the example. frecover(5423): frecover(5424): frecover(5433): frecover(5412): frecover(5411): incorrect volume mounted; expected volume 1, and got 2 Do you wish to continue using this volume?([yY]/[nN]) n Do you wish to try to salvage this volume?([yY]/[nN]) n Do you wish to try a different volume? ([yY]/[nN]) y

PLEASE MOUNT next TAPE Volume Mount the correct tape when the previous message appears, and then press ENTER at the request. The frecover can take 150% of the backup time. m ) At the end of the restore, if the system was mirrored at the backup time, the procedure will give you the message reported at follows.
************************************************** Frecover end successfully Unload Fbackup Tape ***************************************************************************** NOTE: The restored data was mirrored at the backup time. You can use the procedure scmirrorfs to rebuild the mirror: scmirrorfs [<vgname>] ***************************************************************************** Press Enter to continue

If you like to rebuild the mirror, you can activate the script scmirrorfs when the backup is ended (refer to appendix 4.5.3 at page 52 for an example). n) After you press [Enter] the creation of Physical Volume Group 0 will be activated.

***************************************************************************** Make PVG0 for volume groups: vg00 ***************************************************************************** =>Wed Feb 11 16:40:10 MET 2004 =>START: OSConf File(s) System Creation of Physical Volume Group 0

NOTE:

Updating of LVM physical volume group information file

NOTE:

Set Logical Vol allocation policy to PVGstrict x select Volume Group

=>Wed Feb 11 16:40:16 MET 2004 =>END: OSConf File(s) System Creation of Physical Volume Group 0
1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 50 / 112

o)

When the restore is completed the system must be reboot again to perform the HPUX startup with the complete environment available on disks.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

***************************************************************************** Now you must execute SHUTDOWN and REBOOT for go to Production *****************************************************************************

Is system READY for execute SHUTDOWN & REBOOT (y|n) ? :

Just enter y and press [Enter] to proceed. p) screstore asks for the time to reboot:

Enter time for users to log off, before shutdown Enter time in SECONDS [decimal integer or now] >

Enter now and press [Enter] to proceed. q) When the system will be ready again you can perform the Alcatel TNM application data restore following the appropriate recovery procedure (if any), and then startup again the application too.

If the backuped machine was configured with mirror configuration you have to proceed with Restore Mirror Condifuration paragraph 4.5.3 at page 52.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 51 / 112

4.5.3 Restore MIrror Configuration The full restore function does not cover mirror disk configuration, it restores the entire file system, including Disk Mirror/UXt but it does not configure the mirror. The reasons of this choice are two: 1) 2) hp IgniteUXt recovery procedure does not support the mirror disk recovery. Perform the mirror configuration during the restore phase increases the down time of the TMN Applications.

To make easier the mirror configuration OSConf provides a specific script scmirrorfs to setup the mirror configuration again. To be able to setup again the mirror configuration, it is advisable that all the disks previously present in the configuration are available. Really scmirrorfs does not completely know the mirror disk configuration present during the backup, so you have to assign again the mirror copy disks. N.B. Assigning the disks is possible to change the previous configuration.

The procedure will show you the current disk usage asking you to enter the device name of the disk that have to be used to store the mirror copy of the data. It is not mandatory that disks belonging to the mirror copy disk set have to be physically identical to the main disk set, but the amount of space have to be enough to store all the logical volume currently defined, and it is advisable that disks belonging to mirror copy disk set do not share the same SCSI chain of the main disk ones. When the configuration script recognize that the disk you are adding to the mirror copy is connected to a SCSI chain already in use for the main disk set the following warning message is issued: WARNING: Controller disk already used in Main path (pvg0) Do you want to choose another disk ? If you have to guarantee the machine functionality also in case of failure of the disk controller, you must to choose another disk belonging to another chain. This is an example of the input required and the output produced by scmirrorfs script.
..,sys,root =>Tue Dec =>START: # scmirrorfs vg00 [Enter]

2 16:29:05 MET 2003 OSConf File(s) System Mirroring

Hardware detection in progress, please wait ........

Total disk(s) found = Total CDRoms found =

6 1

Press [Enter] to continue...

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 52 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

_______________________________________________________________________________ Disks Selection Mirroring need Alternate Boot disk on Volume Group:vg00 _______________________________________________________________________________ Device c1t2d0 c2t2d0 c4t8d0 c4t9d0 c5t12d0 c5t13d0 MByte Hardware Path 8680 0/0/1/1.2.0 8680 0/0/2/0.2.0 8680 0/4/0/0.8.0 8680 0/4/0/0.9.0 8680 0/7/0/0.12.0 8680 0/7/0/0.13.0 Usage Type VolGroup vg00 _____________ _____________ _____________ _____________ _____________

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

_______________________________________________________________________________ Pri_Boot _Main_ _(free)_ ______ _(free)_ ______ _(free)_ ______ _(free)_ ______ _(free)_ ______

_______________________________________________________________________________ Select Alternate BOOT dev name or [q] to quit: c4t8d0 _______________________________________________________________________________ Disks Selection _______________________________________________________________________________ Device c1t2d0 c2t2d0 c4t8d0 c4t9d0 c5t12d0 c5t13d0 MByte Hardware Path 8680 0/0/1/1.2.0 8680 0/0/2/0.2.0 8680 0/4/0/0.8.0 8680 0/4/0/0.9.0 8680 0/7/0/0.12.0 8680 0/7/0/0.13.0 Usage Type VolGroup vg00 _____________ vg00 _____________ _____________ _____________

_______________________________________________________________________________ Pri_Boot _Main_ _(free)_ ______ Alt_Boot Mirror _(free)_ ______ _(free)_ ______ _(free)_ ______

_______________________________________________________________________________ Confirm selection of device c4t8d0 Press [y] for yes, [n] for no or [q] to quit, then press [Enter] y NOTE: Updating of LVM physical volume group information file

NOTE:

Set Logical Vol allocation policy to PVGstrict x select Volume Group

NOTE:

Preparation of Mirroring Volume Group: vg00

NOTE:

Mirroring all Logical Volume of Volume Group: vg00 2 16:31:27 MET 2003

=>Tue Dec
1AA 00014 0004 (9007) A4 ALICE 04.10

.......

Mirroring Logical Volume:/dev/vg00/lvol1, with Allocation policy contiguous

=>Tue Dec

2 16:31:40 MET 2003

ED

03 3AL 88893 CAAA 112 53 / 112

.......

Mirroring Logical Volume:/dev/vg00/lvol2, with Allocation policy contiguous

.......

Mirroring Logical Volume:/dev/vg00/lvol3, with Allocation policy contiguous

=>Tue Dec .......

2 16:33:37 MET 2003

Mirroring Logical Volume:/dev/vg00/lvol4 2 16:33:44 MET 2003

=>Tue Dec .......

Mirroring Logical Volume:/dev/vg00/lvol5 2 16:36:01 MET 2003

=>Tue Dec .......

Mirroring Logical Volume:/dev/vg00/lvol6 2 16:36:19 MET 2003

=>Tue Dec .......

Mirroring Logical Volume:/dev/vg00/lvol7 2 16:38:09 MET 2003

=>Tue Dec .......

Mirroring Logical Volume:/dev/vg00/lvol8 2 16:38:53 MET 2003

=>Tue Dec .......

Mirroring Logical Volume:/dev/vg00/lvol9 2 16:39:19 MET 2003

=>Tue Dec ....... NOTE:

Mirroring Logical Volume:/dev/vg00/lvol10 Check /etc/lvmrc .....

=>Tue Dec NOTE:

2 16:42:30 MET 2003

Set Alternate Boot Hardware Path to disk:c4t8d0 2 16:42:30 MET 2003 OSConf File(s) System Mirroring

=>Tue Dec =>END:

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 54 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

=>Tue Dec

2 16:33:13 MET 2003

4.5.4 Restore Warning and/or Error Messages In order to prevent errors due to tape labeling mistake, or simple tape swap, screstore procedure foreseen to perform some checks before start the file system(s) restore. This paragraph summarize the possible warning messages and provides information to support who is operating to decide when proceed and when stop. In case of inconsistency between the data present on tape and the system configuration, you will receive error or warning message. Normally this should happen for three main reasons: a) The IRT and Fbackup tape was not produced on the same system, tapes coming from different systems have been mixed. The IRT and Fbackup tape have been produced at different time and with different system configuration. That means you are trying to restore a Fbackup tape over a system where the disk configuration is so different that the target file system is not available or not enough large to perform the restore. The tape set is the correct one, but something has been modified during the Ignite recover process (interactive restore installation), or after the successful Ignite recover and before the scretore process.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

b)

c)

For the first two possibilities you should check the tapes validity and the last one obviously should create problems. If an inconsistency occurs it is advisable to stop the restore process in order to investigate on the problem and after the correction you can run again the screstore procedure. At follows are reported some examples listed in category order, where it is possible a corrective action is described: 4.5.4.1 /alcatel File System Not Empty Each time the backup involves the system volume group (vg00) the following message is shown:
***************************************************************************** NOTE: If you have activated the screstore procedure after the system recover from the Ignite tape, do NOT take into account the message at follows related to the /alcatel directory ***************************************************************************** ***************************************************************************** WARNING: Mount Point: /alcatel is not an empty directory *****************************************************************************

The message is shown because the file system mount on to /alcatel directory is not empty, but this case can occur very often, because every NMS instance can create a directory in /alcatel one. So the best way to proceed is: ignore this warning message if you have just restore hpuxt from IRT. Otherwise it is better to not go on.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 55 / 112

4.5.4.2 Host inconsitency


***************************************************************************** Current host > hosta Backuped host > hostb All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel. ATTENTION: Current host is different from the one backuped. *****************************************************************************

N.B.

This message can be ignored when you are restoring on a 1359HA OSCluster system.

4.5.4.3 Volume Group Configuration Mismatch


***************************************************************************** ERROR: Volume group name 1353NM_1 present on tape but not defined on system *****************************************************************************

Verify the IRT and Fbackup tape consistency.


***************************************************************************** ERROR: Volume group name 1353NM_1 present on tape but not activated on system *****************************************************************************

Try to activate the volume group you can use the command: vgchange a y <Volume Group>, and look at the error messages issued by the activation command, if any. 4.5.4.4 Logical Volume Configuration Mismatch
***************************************************************************** ERROR: Logical volume /dev/vg00/lvol11 present on tape but not defined on system *****************************************************************************

Verify the IRT and Fbackup tape consistency.


***************************************************************************** ERROR: Logical volume /dev/vg00/lvol11 present on tape but not mounted on system *****************************************************************************

Try to mount the logical volume with the command: mount <Logical Volume Device> If the command succeded just run again screstore, otherwise if the error issued looks like: mount: /dev/vg00/lvol11 was either ignored or not found in /etc/fstab verify the IRT and Fbackup tape consistency.
***************************************************************************** WARNING: Logical volume /dev/vg00/lvol4 references different mount point. Tape mount point > /user System mount point > /home *****************************************************************************

Verify the IRT and Fbackup tape consistency.


1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 56 / 112

4.5.4.5 Mount Point Directory Mismatch


***************************************************************************** All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel. ERROR: Mount Point: /alcatel/Kernel/SystemInstances/1353NM_1_7.0_Master is not a directory *****************************************************************************

Verify the IRT and Fbackup tape consistency.


***************************************************************************** WARNING: Mount Point: /alcatel/Kernel/SystemInstances/1353NM_1_7.0_Master is not an empty directory *****************************************************************************

This message can be issued in case of mount point directory nesting, in this case you should have one or more empty directory, it it is the case you can proceed, otherwise check the contents. 4.5.4.6 File System Configuration Mismatch The disk size is erroneously shown in Kilo byte instead of Mega bytes.

***************************************************************************** WARNING: There is not enough space available on file system: /alcatel required space > 500 Kb free allocated space > 400 Kb *****************************************************************************

Extend the file system using the command: scextendfs <File System> <Free Mega Bytes>
***************************************************************************** WARNING: The dimension of the file system: /alcatel is smaller than the required required space > 600 Kb total allocated space > 550 Kb *****************************************************************************

Extend the file system using the command: scextendfs <File System> <Free Mega Bytes>

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 57 / 112

4.5.4.7 How to proceed Each time a waring message is issued the following messages are shown:
***************************************************************************** NOTE: Are you sure the CORRECT TAPE HAS BEEN MOUNTED ? ***************************************************************************** ***************************************************************************** WARNING: If you proceed you should have data or system problems. ***************************************************************************** Do you want continue the restore (y|n) ? : All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

If the warning messages have been analyzed and the warning condition are not present, enter y[Enter] to proceed.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 58 / 112

4.6 BACKUP AND RESTORE KNOW PROBLEMS AND WORKAROUNDS


4.6.1 Ignite Rcovery Problem The problem concerns the ignite recovery ERROR from bootable tape.
========================================================================== ======= 10/05/04 05:07:22 EDT HPUX Installation Initialization. (Tue Oct 05 05:07:22 EDT 2004) @(#) IgniteUX Revision B.5.1.33 @(#) install/init (opt) $Revision: 10.279 $ * Scanning system for IO devices... * Querying disk device: 0/0/1/1.0.0 ... * Querying disk device: 0/0/1/1.2.0 ... * Querying disk device: 0/0/2/0.0.0 ... * Querying disk device: 0/0/2/0.2.0 ... Recovery tape created from system: bonhomme on Mon Oct 4 11:10:15 2004

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

WARNING: The configuration information calls for a noninteractive installation.

Press <Return/Enter> within 10 seconds to cancel batchmode installation: * Using client directory: /var/opt/ignite/clients/0x001083FFA90A * Checking configuration for consistency... ERROR: There is not enough disk space to allocate for volume: /opt (short by 16Mb). Free space (786432KB) in /var/adm/crash where /var/adm/crash is located is less than system memory (1572864KB). This should be enough space to capture at least a single dump (and likely more than that if the dump is selective and/or compressed) in the event of a system crash. Additional space may be required to uncompress the dump in order to analyze it and to save multiple dumps. You can increase the size of the /var/adm/crash volume on the File System tab when using the advanced user interface. ... ... ... Because of the error(s) above, the userinterface must be used to correct them... Noninteractive install canceled. Press Return to continue: ==========================================================================
1AA 00014 0004 (9007) A4 ALICE 04.10

NOTE:

ED

03 3AL 88893 CAAA 112 59 / 112

4.6.1.1 Workaround This error is due to an Ignite fault, in some particular conditions the restore of filesystems extended over multiple disks fail.This should happen on hosts with many small disks. The problem has been alredy submitted to HP and it has been accepted, so the Ignite software will be updated, but at the moment we have no idea about the delivery date of the new Ignite release solving the problem. In consideration of the long time that should be taken by HP, a bypass will be implemented in the Alcatel BackupRestore product. As workarond you should make an adjustement, activate the recovery from the Ignite tape and when the error appears go in interactive and perform the following actions: a) From the Ignite selection menu click on the [ Install HPUX ] button, then select the [ * ] Advanced Installation option ( it is already flagged by default ), continue and select the File System menu (which is showing the error). Click on the [ Additional Tasks ] button, then go to Volume parameters. From the list select the volume associated to the mount directory which gives the error and then click on the [ Disk Mapping ] button. Change from Assigned Disk to Any. Apply the modified configuration so that Ignite will create the filesystem on any of the disks that has enough space.

b) c)

d) e)

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 60 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

4.6.2 Recovery Archive Error Ignite recovery The problem concerns the ignite recovery ERROR from bootable tape.
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel. ========================================================================== x ./monitor_bpr, 20480 bytes, 40 tape blocks * Download_minisystem: * Loading_software: Complete

Begin

* Installing boot area on disk. * Enabling swap areas. * Backing up LVM configuration for vg00. * Processing the archive source (Recovery Archive). * Wed Oct 06 05:47:55 EDT 2004: Starting archive load of the source (Recovery Archive). * Positioning the tape (/dev/rmt/0mn). * Archive extraction from tape is beginning. Please wait. pax_iux: alcatel/Kernel : File exists ERROR: Cannot load OS archive (Recovery Archive) The configuration process has incurred an error, would you like to push a shell for debugging purposes? (y/[n]): ==========================================================================

4.6.2.1 Problem solution If on the system was created by mistake a wrong file system, probably you have NOT respected the backup restrictions (see paragraph 4.3.7 at page 33). In this case, to correct the problem you have to perform the following actions: a) After the error, when the system suggest to push a shell for debugging, answer n so the system reboot:

========================================================================== ERROR: Cannot load OS archive (Recovery Archive) The configuration process has incurred an error, would you like to push a shell for debugging purposes? (y/[n]): n * Loading_software: ======= NOTE: Error Installation complete: Failure

10/05/04 05:01:03 EDT

Search for the word ERROR in the log file for details: on a server: /var/opt/ignite/clients/0x00306E086FA0/install.log on a client: /var/opt/ignite/local/install.log

1AA 00014 0004 (9007) A4 ALICE 04.10

NOTE: ...

Rebooting system.

==========================================================================

ED

03 3AL 88893 CAAA 112 61 / 112

b)

Wait for the message:


Press <Return/Enter> within 10 seconds to cancel batchmode installation: All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

c)

Press [Enter] and confirm the start of the userinterface:

========================================================================== ======= 10/05/04 05:07:22 EDT HPUX Installation Initialization. (Tue Oct 05 05:07:22 EDT 2004) @(#) IgniteUX Revision B.5.1.33 @(#) install/init (opt) $Revision: 10.279 $ * * * * * Scanning Querying Querying Querying Querying system for IO devices... disk device: 0/0/1/1.0.0 disk device: 0/0/1/1.2.0 disk device: 0/0/2/0.0.0 disk device: 0/0/2/0.2.0

... ... ... ... 4 11:10:15 2004

Recovery tape created from system: bonhomme on Mon Oct

WARNING: The configuration information calls for a noninteractive installation. Press <Return/Enter> within 10 seconds to cancel batchmode installation: Really cancel noninteractive install and start the userinterface? ([y]/n): y ==========================================================================

d)

Go in interactive and from the Ignite selection menu click on the [ Install HPUX ] button, then select the [ * ] Advanced Installation option (flagged by default), continue and select the menu File System. From the list select the file system associated to the mount directory defined by mistake and then go on the Mount Dir field. Change from wrong mount to correct mount, in particular for the TNDvy31274 ddt from: /alcatel/Kernel/SystemInstances/1353NM_13_7.0_Presentation to: /usr/Systems/1353NM_13_7.0_Presentation

e)

f)

g)

Then click the [ Modify ] button and after apply the modified configuration using the [ Go! ] button, so that Ignite will define the new mount point for the filesystem. Consequently to the modification when the screstore procedure will be activated after the recover completion the following error will be reported, it can be obviously ignored.

N.B.

1AA 00014 0004 (9007) A4 ALICE 04.10

***************************************************************************** ERROR: Logical volume /dev/vg00/lvol18 references different mount point: Tape mount point > /alcatel/Kernel/SystemInstances/1353NM_13_7.0_Presentation System mount point > /usr/Systems/1353NM_13_7.0_Presentation *****************************************************************************

ED

03 3AL 88893 CAAA 112 62 / 112

4.6.3 Full User Disk Backup problem The problem concerns the full user disk backup in a Cluster environment configured with a Virtual Array.
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

During the backup, there was an ERROR message (see the log below) . The backup was relaunched automatically after a recovery process. It seems that the backup eventually ended successfully.
========================================================================== ************************************************** scbackup (BackupRestore Ver. 2.3) ***************************************************************************** ATTENTION: You select the volume group 1354RM_3 this suppose your SYSTEM IS NOT CHANGED since the last creation of the IRT (Ignite Recovery Tape) ***************************************************************************** ************************************************** Selection of Tape device Enter tape device for Fbackup <default=/dev/rmt/0m> ************************************************** Environment verification sh: armdsp: not found. sh: armdsp: not found. ***************************************************************************** To preserve data integrity and avoid problems you should: STOP APPLICATIONS that use the volume group 1354RM_3 before start backup. ***************************************************************************** ***************************************************************************** NOTE: If you need to stop anything, do it before answer YES to the next question. ***************************************************************************** Do you want continue with backup operation (y|n) ? : y ************************************************** Business Copy procedure /SCINSTALL/bin/sconlinebackup[11]: test: Specify a parameter with this command. /SCINSTALL/bin/sconlinebackup[11]: armdsp: not found. ***************************************************************************** ERROR: (Internal Error in AddDiskVG), not found LUN 0 on Virtual Array: ***************************************************************************** ***************************************************************************** ATTENTION: Recover process activated due to ERROR. Error during data copy phase see: /var/adm/syslog/sconlinebackup.log ***************************************************************************** ************************************************** RECOVER process Start RECOVER process on backup Logical Volumes This operation takes a while, please wait ... RECOVER End Successfully

1AA 00014 0004 (9007) A4 ALICE 04.10

***************************************************************************** ERROR: during data COPY phase. *****************************************************************************

ED

03 3AL 88893 CAAA 112 63 / 112

Do you want continue with standard backup (y|n) ? : y ************************************************** Preparation Tape media for FBACKUP tool Please load Tape with label Fbackup on device: </dev/rmt/0m> and press Enter when READY Waiting on Rewind tape ***************************************************************************** To preserve data integrity and avoid problems you should: STOP APPLICATIONS that use the volume group 1354RM_3 before start backup; WAIT the backup completion and than restart applications. ***************************************************************************** ***************************************************************************** NOTE: If you need to stop anything, do it before answer YES to the next question. ***************************************************************************** Do you want continue with backup operation (y|n) ? : y ************************************************** Preparation Tape media for BACKUP Fbackup tape devices /dev/rmt/0m 21Oct2004 15:34 Execute Backup Execute Backup

: Start Backup ... : End Successfully

***************************************************************************** DATA ARE SUCCESSFULLY BACKUPED ***************************************************************************** ************************************************** Remove Tape media and recommended label is: bibiche Fbackup Volume x of n 21Oct2004 15:33 Cluster Single Volume 1354RM_3 ************************************************** ***************************************************************************** ATTENTION: NOW you can RESTART APPLICATIONS !!! ***************************************************************************** ==========================================================================

4.6.3.1 Problem solution The problem is due to the path not well configured for the VA commands, this is because the logic for the path setup has been changed starting from backup version 2.3. As conseguence of this problem in not possible to make the businesscopy of the volume group, however this have no impact on the backup but it require a logger downtime of the involved applications because you should not reactivate them until the backup is ended. N.B. The backup of the volume group is successful, obviously on condition that the involved applications have been stopped.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 64 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

5 Mirror Disk/UX Management


A specific configuration script is provided to aid in the Mirror Disk/UXt configuration, you have to enter the command:

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

5.1 Configuring Mirror Disk/UX


This paragraph describe how to configure disk fault protection with Mirror Disk/UXt in the Alcatel TNM environment using the script provided for this purpose. 5.1.1 Prerequisite The mirror configuration require that both hereafter conditions are satisfied: The HP Mirror Disk/UX is authorized and installed on the system. The amount of available hard disks is enought to create a copy of entire file system.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 65 / 112

5.1.2 Install Mirror Disk/UX Mirror Disk/UX is usually installed together HPUX operating system, if you need to install it later follow the hereafter procedure. N.B. N.B. a) b) Mirror Disk/UX is a HP Software, check that the customer has the related license of use. The Mirror Disk/UX installation forces the system to reboot. Login the system as user root. Enter the command: ...,sys, root # /SCINSTALL/etc/scinstall3PP MIRROR[Enter] Select the source between CD/DVD or depot: LAYERED PRODUCTS Repository 1 DVD/CDRom 2 DEPOT q quit Insert choice and press [Enter]: d) If you choose DVD/CDRom, you have to confirm the source device by replying the following question: Device selection for LAYERED Products installation Enter q to Quit or the CD device [def=/dev/dsk/c3t2d0]: e) If you choose depot, you have to provide the depot absolute path, including the host name when the depot is not local: Depot selection for LAYERED Products installation Enter q to Quit or the Depot absolute path name: f) Before start execution and reboot the system, the procedure give you last chance to postpone the activity by issuing the following message: ***************************************************************** ATTENTION Installation require shutdown and reboot Applications is better already stopped before start installation **************************************************************** Do you want execute installation NOW?: Press [y] for yes or [n] for no, then press [Enter] N.B. Replying no to this question you do not cancel the Mirror Disk/UX installation!

c)

Enter y[Enter] to reboot and start the installation, or n[Enter] to postpone it, in this case you have to resume the installation, when ready to reboot, by entering: ...,sys,root # /SCINSTALL/SCINSTALL start[Enter]
1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 66 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

5.1.3 Configure Mirror Disk/UX with Alcatel Script Alcatel TMN system configuration tools allow to easy manage the file system extension, but requires a specific mirror configuration. The mirror configuration can be execute in three different stages: 1) 2) 3) Initial system installation. Restore from full disk backup. New disk mirror configuration.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

The initial system installation automatically execute the entire file system mirroring, the remaining two cases the mirror have to be set up executing the following procedure. N.B. After the mirror disk set up, any file system belonging to mirrored volume group will be mirrored.

...,sys,root # scmirrorfs [Enter] And the procedure will show you the current system disk configuration: ___________________________________________________________________________ Disks Selection Mirroring need Alternate Boot disk on Volume Group:vg00 ___________________________________________________________________________ Device MByte Hardware Path Usage Type VolGroup ___________________________________________________________________________ c1t2d0 8680 0/0/1/1.2.0 Pri_Boot _Main_ vg00 c2t2d0 8680 0/0/2/0.2.0 __Data__ _Main_ vg00 c4t8d0 8680 0/4/0/0.8.0 _(free)_ ______ ___________ c4t9d0 8680 0/4/0/0.9.0 _(free)_ ______ ___________ c5t12d0 8680 0/7/0/0.12.0 _(free)_ ______ ___________ c5t13d0 8680 0/7/0/0.13.0 _(free)_ ______ ___________ ___________________________________________________________________________ Select Alternate BOOT dev name or [q] to quit: You have to select the disk for the mirror copy by follow the guide line shown at paragraph 5.1.3.1 Disk Mirror Configuration Policy at page 68. And as soon as the amount of disk space requested will be reached the procedure will configure the mirror by issuing messages like the following: NOTE: NOTE: Group NOTE: NOTE: Updating of LVM physical volume group information file Set Logical Vol allocation policy = PVGstrict on Active Volume

Preparation of Mirroring Volume Group: vg00 Mirroring all Logical Volume of Volume Group: vg00

1AA 00014 0004 (9007) A4 ALICE 04.10

=>Thu Jul 29 12:34:33 METDST 2004 ....... Mirroring Logical Volume:/dev/vg00/lvol1, with Allocation policy contiguousy

ED

03 3AL 88893 CAAA 112 67 / 112

5.1.3.1 Disk Mirror Configuration Policy The disk mirror capability is used for two main purposes: 1) 2) Allow system to survive in case of a single disk failure. Allow system to survive in case of a single disk controller failure.
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

It is possible to obtain the better high availability goal only with a correct configuration of the disk resources available on the system. HPUXt Mirror Disk/UXt allows to reach the first target without specific configuration, but to be able to reach the second one you must have an appropriate system configuration in terms of hardware and software. The hardware suggested by Alcatel are design to allow mirror configuration that allow system to survive to disk controller failure, but the software configuration has to be done as shown in this paragraph to do not loose this capability. First of all you have to be able to identify the hard disk present in the configuration, them are usually identified by their file name. In particular the file name can be very helpful to identify the disk controller relationship. Any disk in the configuration is identified by the following name: c#t#d# c[015] t[015] d[015] SCSI of Fiber Channel card instance of disk controller to which the disk is attached to. SCSI of Fiber channel address of the device on the interface. Is the device unit number, useful for disk array only, such as VA7110.

Using the c# of disk file name is possible to identify the relationship between disks and controllers. HPUXt allows to connect a single disk to two different controller (DualAccess), in this case the system command can show two device file for the same disk units, but the installation script manage this configuration by showing just one device with a D on the first column of the related line, hereafter an example of the selection menu shown by installation scripts: This section enables you to select the boot disk device. ___________________________________________________________________________ Disks Selection ___________________________________________________________________________ Device MByte Hardware Path Usage Type VolGroup ___________________________________________________________________________ c1t2d0 8672 0/0/1/1.2.0 _(free)_ ______ ________ c2t2d0 8672 0/0/2/0.2.0 _(free)_ ______ ________ D c4t8d0 8672 0/4/0/0.8.0 _(free)_ ______ ________ D c4t9d0 8672 0/4/0/0.9.0 _(free)_ ______ ________ c6t12d0 8672 0/7/0/0.12.0 _(free)_ ______ ________ c6t13d0 8672 0/7/0/0.13.0 _(free)_ ______ ________ ___________________________________________________________________________ Select Primary BOOT Disk device Name : Now you have to define two disk group (physical volume group) with the following characteristics: 1) 2) 3)
1AA 00014 0004 (9007) A4 ALICE 04.10

The sum of disk space amount of the two group have to be the same. The DualAccess disks can be assigned to any group. The non DualAccess disks connected to the same controller MUST belong to the same group. It is important to follow this rules starting from boot disk definition 5.1.3.2 at page 69.

N.B.

The following picture is a schematic example of disk configuration that can produce the output shown before. This is not a typical system, but provided all the case that can occur in field.

ED

03 3AL 88893 CAAA 112 68 / 112

c1t2d0
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

c2t2d0 c4t9d0

c4t8d0

c6t12d0

c6t13d0

Figure 2. Example of disk configuration With this configuration the best one are: group 1 with c1t2d0, c4t8d0 and c4t9d0, group 2 with c2t2d0, c6t12d0 and c6t13d0. group 1 with c2t2d0, c4t8d0 and c4t9d0, group 2 with c1t2d0, c6t12d0 and c6t13d0. Because the I/O channel are balanced. Allowed configuration can be: group 1 with c4t8d0, c1t2d0, and c2t2d0, group c4t9d0, c6t12d0 and c6t13d0. Wrong configuration: group 1 with c1t2d0, c4t8d0 and c6t12d0, group 2 with c2t2d0, c4t9d0 and c6t13d0. Because the two non dualaccess disks have been assigned to the two groups, and the controller failure gets the system in failure too. 5.1.3.2 Main Boot Disk Selection The first disk you have to select is the main boot disk for the system, the list of the available disk will be shown in the window in the following format: This section enables you to select the boot disk device. ___________________________________________________________________________ Disks Selection ___________________________________________________________________________ Device MByte Hardware Path Usage Type VolGroup ___________________________________________________________________________ c1t2d0 8672 0/0/1/1.2.0 _(free)_ ______ ________ c2t2d0 8672 0/0/2/0.2.0 _(free)_ ______ ________ D c4t8d0 8672 0/4/0/0.8.0 _(free)_ ______ ________ D c4t9d0 8672 0/4/0/0.9.0 _(free)_ ______ ________ c5t12d0 8672 0/7/0/0.12.0 _(free)_ ______ ________ c5t13d0 8672 0/7/0/0.13.0 _(free)_ ______ ________ ___________________________________________________________________________ Select Primary BOOT Disk device Name : Enter the disk device that will be used as boot device then press [Enter]. N.B. A D character is shown before the device name in the Device column to advice the disk is accessible via two different disk controllers. This configuration is typically used with Fiber Channel device.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 69 / 112

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03

3AL 88893 CAAA


All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

112

70 / 112

6 NETWORK DEPOT MANAGEMENT


Multiple system installation can be improved by using network depot for software warehousing. The Alcatel TMN installation procedure foresees two type of software depot: platform and application depot.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

6.1 Platform Software Depot


After the HPUXt11i installation it is possible to performed the rest of installation of software layered products in unattended mode. This can be done devoting some Gbyte of a machine installed with OSConf to create a depot with all the software included in the CDs, then when the predispose script will ask you for the source you, have to reply with the following depot address: <depot host>:/alcatel/SCDEPOT. In fact OSConf includes scbuilddepot script that drives the depot building. Login the devoted depot system as root user and enter the command: ...,sys,root # scbuilddepot [Enter] The procedure will ask you to confirm your request by issuing the message: ======================================================================== OSConf Depot Builder ======================================================================== The depot copy requires 2.3 Gbytes extra space on disks * Do you have enough space available [Y/N] : If you have enough large disks replay with y , and the activity will start asking for the source media, the only media supported is the CDROM, you can just change the default with another one. The default provided is the CDROM device used to install HPUXt. * Enter the CDROM device [ /dev/dsk/c1t2d0 ] : NOTE: Checking/Extending /alcatel for depot creation

If the current size of the partition mounted at /alcatel is not enough, new disk resources will be required until reach the requested size. Here an example of the extension: Analyze Mount Point:/alcatel Request free MegaByte(s): 1950 Evaluate size MegaByte(s): 4128 Hardware detection in progress, please wait ........ Total disk(s) found = Total CDRoms found = 4 1

Press [Enter] to continue...

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 71 / 112

When finally the file system mounted at /alcatel will be large to contain the depot the procedure will ask you to introduce the first disk of the set: * Please insert CD SWPOSCONFV7.1.0 1/4 into the drive and press [Enter] when ready Insert the CD and press return when the CDROM driver led will stop blinking. The procedure will ask you again for all the disks of the set. The procedure will terminate displaying the following error message: ERROR: Depot /alcatel/SCDEPOT created with 1 errors

6.1.1 Build Depot know bug and workaround A software bug has been identified creating a depot with OSConf V7.1.0P05, two software packages are not automatically copied in the depot. If you are use this version creatre a depot you have to execute the following procedure: Mount the SWPOSCONFV7.1.0 volume 1/4 CDROM currently inserted in the CD driver: ...,sys,root # scmountcd /dev/dsk/<device name> /SD_CDROM[Enter] Copy two packages in the depot Note: The courier font has been used instead of to better show the second character of work PlRPC is a lower case L, and not an uppercase i. ...,sys,root # swcopy x enforce_dependencies=false \.[Enter] s /SD_CDROM NetDaemon PlRPC @/alcatel/SCDEPOT[Enter] Dismount the CD and remove it from CD or DVD drive: ...,sys,root # umount /SD_CDROM [Enter]

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 72 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

Mount Point need 1536MB on /dev/vg00 (PVG0) ___________________________________________________________________________ Disks Selection Mount Point: /alcatel ___________________________________________________________________________ Device MByte Hardware Path Usage Type VolGroup ___________________________________________________________________________ c0t5d0 4088 8/12.5.0 Pri_Boot _Main_ vg00 c0t6d0 2048 8/12.6.0 __Data__ _Main_ vg00 c1t4d0 2048 8/16/5.4.0 _(free)_ ______ __________ c1t5d0 2048 8/16/5.5.0 _(free)_ ______ __________ ___________________________________________________________________________ Select Data Area (Main instance) dev name or [q] to quit: c1t4d0

6.1.2 Additional Software To add the OSCONF Engine and 3PP description and the NMS description to the depot, is necessary to execute the following commands: Mount the SWPOSCONFV7.1.0 volume ADD1_P05 CDROM currently inserted in the CD driver: ...,sys,root # mount o rr /dev/dsk/<device name> /SD_CDROM[Enter] Copy OSCONF engine and 3PP description: ...,sys,root # swcopy x enforce_dependencies=false \ [Enter] s /SD_CDROM OSCONF OSC3PP @/alcatel/SCDEPOT [Enter] Dismount the CD and remove it from CD or DVD drive: ...,sys,root # umount /SD_CDROM [Enter]

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

When the depot construction will be completed, you can predispose any Network Management System in your local area network by choosing entering: <depot hostname>:/alcatel/SCDEPOT 6.1.3 Software Depot Update If a software platform depot already exists, before use it you have to upgrade also the software depot by execute again the depot building script: ...,sys,root# scbuilddepot [Enter]

6.2 Application Software Depot


This paragraph shows how to create the depot for Alcatel software. The depot size depends by the software you have to store on the disk, Table 2. summarizes the space required in Mega bytes. The following actions must be executed on the depot machine; preferably it should be a machine in the network. It may be the same machine that you are installing, if you have sufficient free disks space. You have to login to the alcatel depot machine as root user, and execute the following command: 1) Extend /alcatel to allow the storage of Alcatel software by entering the command: ...,sys,root # scextendfs /alcatel/DEPOT <required disk size> [Enter] Change the default directory on the depot one: ...,sys,root # cd /alcatel/DEPOT [Enter] For each distribution CD Rom that contains the software you have to install: a) b) c) Insert the CD into the driver. Check the CDROM type: ...,sys,root # fstyp /dev/dsk/<cdrom device file> [Enter] Mount the CD at /SD_CDROM directory: if the CDROM type at point b ) is cdfs use: ...,sys,root # mount o rr /dev/dsk/<cdrom device file> /SD_CDROM[Enter] if the CDROM type at point b ) is hfs use: ...,sys,root # mount r /dev/dsk/<cdrom device file> /SD_CDROM[Enter] Copy the entire CD contents to /alcatel/DEPOT directory by entering the command: ...,sys,root # cp p /SD_CDROM/* /alcatel/DEPOT [Enter] Dismount the CD: ...,sys,root # umount /SD_CDROM[Enter] Remove the CD from the device.

2)

3)

d) e)
1AA 00014 0004 (9007) A4 ALICE 04.10

f)

ED

03 3AL 88893 CAAA 112 73 / 112

6.2.1 Authorize Access to Application Depot To be able to retrieve the Alcatel software packages from the depot machine, the access to these files have to be granted to all the root users of all the machines that have to be installed. This can be done by temporary adding the hostname followed by keyword root for each machine involved in the /.rhosts file. Example: you have to install the following three systems: hosta, hostb and hostc (the depot machine itself). You have to write /.rhosts this way: hosta root hostb root hostc root N.B. N.B. At the end of installationn do not forget to delete the lines added in /.rhost file. All the host included in .rhosts file have to be defined in /etc/hosts one.

6.2.2 Disk Requirement Tables The following table shows the disk space requested for swap, program installation, and depot packages. The value are specified in M bytes NMS OSKernel 1353NM 1354BM ATM 1354BM ETH 1354BM PR 1354RM 1355VPN 1359HA OSRES 1359ISN 1359IOO Depot Package Size 750 2400 100 350 35 550 10 5 130 15

Table 2. Disk requirements for NMS Software

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 74 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

7 SECURITY
This chapter describes the security feature introduced to prevent unauthorized access to the system.
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

7.1 Introduction
The 1350 security provided a concrete improvement to standard HPUX system. It sets up HP Trusted System configuration and performs system hardening with HP Bastille. This approach considerably reduces the risk of attack, also if it can not guarantee 100% the system security. This security approach is based on user authentication, that means each user is identified by the system with it user identifier and the access is granted by a password.

7.2 Security Preparation


The security configuration script is provided with 1350 MS starting from Network Release 7.1D, but before use it, some activities as to be executed to allow the correct security setup. 7.2.1 Software Requirements The security setup procedure is base on software shown in the following table: Product B6849AA T1471AA KRNG11i ixSUDO logrotate Version B.02.01.01 A.03.71.00 B.11.11.07 A.02.001.6.7p5 3.7 Description HPUX Bastille Security Hardening Tool HPUX Secure Shell HPUX 11i Strong Random Number Generator Super User DO Logs rotate Tool

Table 3. Software requested by 1350 MS Security The security setup procedure will check the software in the target system, and it automatically activate the software installation procedure when any of them is not found, refer to paragraph 7.3.3 at page 80 for the specific procedure. N.B. N.B. The software installation can require the system reboot. When at least one required software is not present, the procedure does not activate the security profile, but just install the software.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 75 / 112

7.2.2 Security User and Groups The security setup requires defining the security administrator user and two user groups, the security group for the security administrator and a specific one for ftp guest users (ftpscoss). The UID and GID of these users and groups is defined in advance, in agreement with the UID and GID definition roles of 1350 MS environment, it is not allowed a different user and group definition then one shown in the following tables: Table 4. Security User

User name security

UID 199

Table 5. Security Groups

Group name security ftpscoss

GID 199 198

The user belonging to ftponly group will be manage as ftp guests. 7.2.3 Customize Login and FTP Banners 1350 MS security setup the banners pages that will be shown at login time for both shell and ftp access. The two banners are just as example, you have to customize them with your company trade marks, or replace them with your own one. The banner issued after the login with a shell is stored in /etc/motd file, instead the ftp one into /etc/ftpd/ftp_banner

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 76 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

7.2.4 Security Profiles Before set up security feature you have to choose the security profile. 1350 MS security provides two profiles base and advanced with two levels each one. Both of them set up HP Trusted System, and remove the useless network services, but the advanced provides the following feature more than base: Table 6. Security Feature

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

Feature HP Trusted System setup Shell login banner ftp login banner Disable unused network services Disable remote command Disable telnet Deactivate NFS Deactivate NIS Disabling sendmail daemon Predispose sendmail execution via cron Disabling ftp real user access Create Audit log file systems Create security user Enable rotation on system log files Configure Audit Disable XDMCP external access

Base1 n n n n

Base2 n n n n n

Adv1 n n n n

Adv2 n n n n n

n n n n n n

n n n n n n

n n n n n n n n n n

n n n n n n n n n n n

7.2.5 Access to Secure Host When the security is activate on host the telnet command is not more available, ssh (secure shell) must be used instead. If a profile of version 2 is configured also the r commands (rlogin, rcp ...) are disabled, so ssh must be used for connection and scp (secure copy) to copy files. Secure Shell software is installed on all secure Alcatel 1350 MS systems, refer to to ssh and scp man pages for more information.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 77 / 112

7.2.6 Define the System Password Configuration One o the most evident difference in the system behavior when security is active is related to the password, in fact the 1350 MS security forces roles in password structure definition and aging. In the following tables the default values for both structure and aging: Table 7. Security Password Structure Constants

Role Minimum password length in characters Minimum number of numeric characters Minimum number of special characters Number of changes before reuse the same password Table 8. Security Password Aging Parameters

Value 7 1 1 4

Parameter MIN_PASSWORD_LENGTH PASSWORD_MIN_DIGIT_CHARS PASSWORD_MIN_SPECIAL_CHARS PASSWORD_HISTORY_DEPTH

Role Expiration time (number of days) Minimum time interval between password changes Expiration warning time interval Grace period time

Value 180 0

Parameter PASSWORD_MAXDAYS PASSWORD_MINDAYS

14 21

PASSWORD_WARNDAYS gptm

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 78 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

7.3 Security SetUp


When the security profile have been properly reviewed, and the banners have been customized, you can proceed in the security setup. 7.3.1 Security in High Availability environment Restictions For system where is present 1359HA OSCluster or OSResilience the 1350 security has to be set up at the same profile level on every system, the different password storage method cause serious problems when the security are not aligned. 7.3.2 Security Activation 1350 Security can be activated by entering the command scsecurity followed by the requested security profiles (see 7.2.4 at page 77 for feature list): base1, base2, advanced1 and advanced2. 7.3.2.1 Audit Filesystem creation Meaningful for Advanced Profile Only The security advanced setup requires the creation of three new file systems: 1) 2) 3) /.ARCHIVE Archive file system where a compress copy of the log file are stored.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

/.AUDITING/1 first audit filesystem /.AUDITING/2 second audit filesystem

The filesystem creation is shown by following output: NOTE: Entering Critical Code Execution. Security has disabled keyboard interrupts.

Executing Archive log files File System Configuration =>Tue Aug =>START: 2 17:11:38 METDST 2005 OSConf Extend/Create File(s) System

___________________________________________________________________________ Analyze Mount Point:/.ARCHIVE Request free MegaByte(s): 481 Evaluate size MegaByte(s): 512 Create Logical Volume x /.ARCHIVE Extend Mount Point /.ARCHIVE to 512 MByte Making new file system (vxfs) on Mount Point /.ARCHIVE Mount /dev/vg00/lvol17 on /.ARCHIVE Updating /etc/fstab x Mount Point /.ARCHIVE ___________________________________________________________________________

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 79 / 112

___________________________________________________________________________ Analyze Mount Point:/.AUDITING/1 Request free MegaByte(s): 29 Evaluate size MegaByte(s): 32 Create Logical Volume x /.AUDITING/1 Making new file system (vxfs) on Mount Point /.AUDITING/1 Mount /dev/vg00/lvol18 on /.AUDITING/1 Updating /etc/fstab x Mount Point /.AUDITING/1 ___________________________________________________________________________ ___________________________________________________________________________ Analyze Mount Point:/.AUDITING/2 Request free MegaByte(s): 29 Evaluate size MegaByte(s): 32 Create Logical Volume x /.AUDITING/2 Making new file system (vxfs) on Mount Point /.AUDITING/2 Mount /dev/vg00/lvol19 on /.AUDITING/2 Updating /etc/fstab x Mount Point /.AUDITING/2 ___________________________________________________________________________ 7.3.3 Required Software Installation Meaningful for both Base and Advance Profiles. Each time the 1350 security script is activated for setting up a profile, it looks at the required software, if at least a software is missed, the script activates the automatic installation. N.B. If the software installation requires system reboot, the set up has to be execute again.

First of all, the procedure checks the disk space availability within the interested filesystems. It it is not enough the procedure tries to extend them, rarely the procedure can ask for adding one or more hard disks. If any process prevent the filesystem extension, the procedure will ask you to reboot the system, in this case the software installation will be done automatically during the system reboot, like scmanageswp. When the procedure completes the installation you have to execute again the security setup, to really setup the secure environment.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 80 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

7.3.3.1 Software Installation example This paragraph provides an example of base1 profile security setup output.
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

When the procedure starts, it verifies the amount of filesystem free space: ___________________________________________________________________________ Analyze Mount Point:/opt Request free MegaByte(s): 23 Mount Point /opt do not need extension, Free size available is 233 MByte ___________________________________________________________________________ ___________________________________________________________________________ Analyze Mount Point:/usr Request free MegaByte(s): 1 Mount Point /usr do not need extension, Free size available is 69 MByte ___________________________________________________________________________ ___________________________________________________________________________ Analyze Mount Point:/var Request free MegaByte(s): 4 Mount Point /var do not need extension, Free size available is 171 MByte =>Sat Jun 11 16:53:05 METDST 2005 =>END: OSConf Extend/Create File(s) System The it advice the possibility of reboot due to the software installation: WARNING: NOTE: procedure, otherwise the procedure will be aborted. Do you like to continue ? [yes|no] N.B. This message is just an advise, the software installation does not always require reboot, but it is better to plan it. One of the security software selected for the installation, it will require the system REBOOT. if you decide to continue the system will automatically reboot and when the system come up you have to run again this

Reply yes[Enter] when the reboot is possible. ATTENTION: You have accepted to REBOOT the system ! Are you sure ? Do you like to continue ? [yes|no] Another message is issued to be sure of the answer, reply yes[Enter] again when the reboot is possible, then press [Enter] to acknowledge the software predisposal activation message: SOFTWARE predisposition activated ... Now you have to specify where are stored the LAYERED PRODUCTS.
1AA 00014 0004 (9007) A4 ALICE 04.10

Press [Enter] to continue.

ED

03 3AL 88893 CAAA 112 81 / 112

You have to provide the OSConf software distribution kit location replying, the same questions issued by the NMS predisposition procedure:
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

1 CDROM 2 DEPOT

LAYERED PRODUCTS Repository

Insert choice and press [Enter]: Depending by you answer, you have to reply with the network depot location or confirm the CD driver, and then installation will start issuing a report like the following: Checking Depot presence ... Predisposed installation for product: Bastille Predisposed installation for product: SecureShell Predisposed installation for product: KRNG11i Predisposed installation for product: ixSudo Predisposed installation for product: logrotate SOFTWARE predisposition was successful. Started installation of the security software... Alcatel Installation : Processing B6849AA B.02.01.01 Alcatel Installation : Processing T1471AA A.03.71.000 Alcatel Installation : Processing KRNG11i B.11.11.07 If the machine reboots, you have to enter again the scsecurity setup command. 7.3.3.2 Creation of Security User Meaningful for Advanced Profile Only Just for security advanced profile the procedure creates the security user. This user is allow to manage with the HP Trusted System password database, without permissions on root user password. The procedure issues a message like the following for asking to define the security user password: =>Tue Aug =>END: 2 17:12:05 METDST 2005 OSConf Extend/Create File(s) System

1AA 00014 0004 (9007) A4 ALICE 04.10

Checking Security Software... Software already installed. Executing Security User Configuration WARNING: home directory /home/security already defined. Owner and group for the directory and all files and subdirect... in the file hierarchy below it will be changed. Directory /home/security olduser=199 oldgroup=security Executing security user creation Define password for user security Changing password for security At the request of new password you have to enter a password useful for security administrator, the password have to be defined in agreement with the current password definition roles: New password: Reenter new password: The password is accepted on when this message is issued: Password successfully changed

ED

03 3AL 88893 CAAA 112 82 / 112

7.3.4 Security set up Execution The last activity is the real security setup. Hereafter an example of the output produced:
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

NOTE:

ftp banner file has been created: /etc/ftpd/ftp_banner Please, review/replace the contents of this file to apply more specifically to your organization. NOTE: Entering Critical Code Execution. Bastille has disabled keyboard interrupts. NOTE: Bastille is scanning the system configuration... Bastille is now locking down your system in accordance with your answers in the config file. Please be patient as some modules may take a number of minutes, depending on the speed of your machine. Executing File Permissions Specific Configuration Executing Account Security Specific Configuration Executing Inetd Specific Configuration Executing Daemon Specific Configuration Executing Sendmail Specific Configuration Executing DNS Specific Configuration Executing Apache Specific Configuration Executing FTP Specific Configuration Executing HPUXs Security Patch Check Configuration Executing IPFilter Configuration Please check /var/opt/sec_mgmt/bastille/TODO.txt for further instructions on how to secure your system. Executing Login Banners Configuration NOTE: issue login message file exists: /etc/issue Please, review its contents adding an Authorized Use Only warning message. message of the day file has been created: /etc/motd Please, review/replace the contents of this file to apply more specifically to your organization.

NOTE:

warning: commands will be executed using /usr/bin/sh warning: commands will be executed using /usr/bin/sh Setting Security Defaults Updating Password Settings Executing Accounting Configuration Accounting started Executing Auditing Configuration warning: commands will be executed using /usr/bin/sh warning: commands will be executed using /usr/bin/sh warning: commands will be executed using /usr/bin/sh

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 83 / 112

When the procedure is completed verify /var/opt/sec_mgmt/bastille/TODO.txt file contents, in the file Bastille writes the processes running related to TCP/IP services that has been closed, them will be no more started at the next reboot, but if you want to guarantee the higher security level you have to look at the file contents, and identify these processes. The process names are usually shown between two dash lines, see the following TODO.txt example: {Thu Aug 11 16:51:59 2005} Deactivating Inetd Service: rtools The following process(es) are associated with the inetd service rtools. They are most likely associated with a session which was initiated prior to running Bastille. To disable a process see kill(1) man pages or reboot the system Active Processes: ################################### rlogind ###################################

{Thu Aug 11 16:51:59 2005} Deactivating Inetd Service: bootps The following process(es) are associated with the inetd service bootps. They are most likely associated with a session which was initiated prior to running Bastille. To disable a process see kill(1) man pages or reboot the system Active Processes: ################################### bootpd ################################### Then execute the following procedure: a)
1AA 00014 0004 (9007) A4 ALICE 04.10

Login the system as root on system console or via Secure Shell, if you are connected in a different way executing the procedure you can kill your own login session.

ED

03 3AL 88893 CAAA 112 84 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

HPUX Secure Shell stopped HPUX Secure Shell started warning: commands will be executed using /usr/bin/sh warning: commands will be executed using /usr/bin/sh ATTENTION:scsecurity should be rerun whenever new software, OS revisions or patches are installed. It should also be rerun any time customizations are made that might loosen security. NOTE: Running scsecurity revert will revert the security changes, but it may not revert changes made in the interim (manually or by programs). In case of differences a copy of the modified files will be kept so that you can compare them. Security Setup ended.

b)

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

Identify the process identifier by entering: ...,sys,root # UNIX95= ps C <process name>[Enter] Where <process name> have to be replaced with the process name between dush lines (ex.: bootpd). Get the process identifiers from the PID column of the prevoius commnad output. for each PID enter the command: ...,sys,root# kill 15 <PID>[Enter] Where <PID> have to be replaced with the process identifiers issued by the command at point b ). Repeat the points: b ), c ) and d ) for each process shown in the TODO.txt file.

c) d)

e)

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 85 / 112

7.4 Remove Security


At any time you can remove1350 security setup entering the command: ...,sys,root #scsecurity revert [Enter] This command restore the system as it was before the security set up. If any changes to the system were made in the interim (either manually or by other programs), those changes should be reviewed again to make sure they still work and have not broken the system or compromised its security. In case of changes the involved items will be listed.

7.5 Change Security Profile


To change the security profile you must revert the system to any security profile and set up the new one.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 86 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

8 PRINTER CONFIGURATION
To configure the printer you have to use hpt hppi script. This script configures the printer on the system in order to allow the download of the software through the network, and also configures the spooler and the printer queues on all the system declared. This instaction is useful only for HP Printers. In this chapter two printer configuration aspects are considered. First case how to configure a printer spool queue within the local spooler. The second one how to configure a printer to retrieve its configuration from local machine. To be able to perform the printer configuration you must know some information Item Name Data Description Name is the up to 8 characters string assigned to printer by Customer Network administrator(1). IP Address is the IP network address assigned to printer by Customer Network administrator. - Yes - No Is this the system default queue? (it is suggested to set the first defined queue as default) Would you like to issue the banner page at the beginning of any print job? LAN HA is the card hardware address also known as MAC(2). Queue n Boot n

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

IP Address

Default Queue

Banner Page

- Yes

- No

LAN Hardware Address

Table 9. Printer Configuration Data Requested. Notes: 1) 2) It is advisable to declare the printer name as external node with scNMmng. The LAN hardware addres have to be retrieved from the printer itself. Refer to the printer installation guide and/or operator handbook to know how to get the hardware address. It is usually shown as six couple of hexadecimal figures column separted like: 00:30:6E:08:AF:6F

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 87 / 112

8.1 Configure a Printer Queue within Local Spooler


This section shows how to configure a HP printer already active in you network. This is the most useful hint to configure a network printer. The printer availble today can be configure from the font panel, and you just need to create a spool queue. To create the printer spool queue you have to log the system as root user. and enter hppi command: ..,sys,root # hppi [Enter] **************************************************************** *****] **** **** ] **** JetDirect Printer Installer for UNIX **** ]]]]] ]]]]] **** Version E.10.18 **** ] ] ] ] **** **** ] ] ]]]]] **** M A I N M E N U ***** ] **** ****** ] **** User: (root) OS: (HPUX B.11.11) I N V E N T **************************************************************** 1) Spooler Administration (superuser only) 2) JetDirect Configuration (superuser only) TCP/IP configurable parameters 3) Diagnostics: diagnose printing problems ?) Help q) Quit

Please enter a selection (q quit): Enter 1[Enter] to select the Spooler Administration item. **************************************************************** *****] **** **** ] **** JetDirect Printer Installer for UNIX **** ]]]]] ]]]]] **** Version E.10.18 **** ] ] ] ] **** **** ] ] ]]]]] **** Spooler Administration ***** ] **** ****** ] **** User: (root) OS: (HPUX B.11.11) I N V E N T **************************************************************** Spooler: 1) Add printer to local spooler 2) Delete printer from local spooler 3) Modify existing spooler queue(s) 4) Install New Model Script 5) Remove Model Script
1AA 00014 0004 (9007) A4 ALICE 04.10

?) Help Please enter selection: Enter 1[Enter] to add the printer to the local spooler.

q) Quit

ED

03 3AL 88893 CAAA 112 88 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

If you have already declare the printer name in the /etc/hosts file, directly of via scNMmng you can enter the printer node name, otherwise you have to enter the IP address. This second choice has the disadvantage that you have to review the printer configuration in case of printer IP address changes:
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

Enter the network printer name or IP address (q quit): <name>|<IP Ad.>[Enter] The latest model script can be downloaded from the web before creating any queue. This can be done by enabling Realtime Model Script Update. The Realtime Model Script Update can be Enabled/Disabled from the diagnostics menu. Do not enable the Realtime Model Script Update by replying just [Enter] to the next question: Do you want to Enable Realtime Model Script Update(0Enable, defaultDisable): [Enter] In any case, the procedure continue as follow:

The following is a list of suggested parameter values for this queue. You may change any settings by selecting the corresponding nonzero numbers. The values will be used to configure this queue when 0 is selected. To abort this configuration operation, press q. Configurable Parameters: 1) 2) 3) 4) 5) Current Settings

Lp destination (queue) name: [<Printername>_1] Status Log [(No Log)] Queue Class [(Not assigned)] Default Queue [NO] Additional printer configuration...

Figure 3. Printer Characteriscs Menu Select an item for change, or 0 to configure (q quit): 1 [Enter] Enter 1[Enter] to change the LP queue name: Currently used names: (no queues are configured) Enter the lp destination name (default=<Printername>_1, q quit): Enter the name you want to assing to the queue followed by [Enter], usually is the printer name itsef. The item shown in the Current Settings column will be updated and Printer Characteriscs Menu (Figure 3. ) will be issued again.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 89 / 112

If you are configuring the first printer queue or you want to define this one as the new default queue, enter 4[Enter]
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

Select an item for change, or 0 to configure (q quit): 4 [Enter] If you want to set the banner page issue, at the next Printer Characteriscs Menu (Figure 3. ) prompt enter 5[Enter]. Select an item for change, or 0 to configure (q quit): 5 [Enter] The following submenu will be shown on the dispaly, enter 5[Enter] again: The following is a list of suggested parameter values for this printer. To abort this operation, press q. Configurable Parameters: 1) 2) 3) 4) 5) 6) Model Script: Default Printing Language Job Recovery True EndofJob Banner Page PostScript Level Current Settings [net_lj4x] [AUTO] [ON] [ON] [OFF] [Level 1]

Select an item for change, or q when done: 5 [Enter] The Banner Page current setting will be change from [OFF] to [ON] and the submenu issued again. Enter q[Enter] to leave the submenu. Select an item for change, or q when done: q [Enter]

The Printer Characteriscs Menu (Figure 3. ) will be proposed again, enter 0[Enter] to finally create the printer queue. Select an item for change, or 0 to configure (q quit): 0 [Enter] Depending by the System Spooler status one of the one of the following messages will be issued: When the spooler is not running: The spooler is already not running in the system! It will not be switched on after the configuration When the spooler is running: Ready to shut down the spooler and configure the new print queue. The spooler will be running again after the configuration is done. WARNING: If there are jobs currently being printed, and the page count is enabled (i.e. when True EndofJob is turned on), this shutdown and rerun of the spooler may result in incorrect page count. If the spooler is running before enter y[Enter] check with lpstat t command that there is no print job queued. OK to continue? (y/n/q, default=y) y [Enter]

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 90 / 112

If the spooler is not running the following message will be issued to remind you to startup the spooler to have the print queue operational (see 8.1.1 at page 92).
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

WARNING : The spooler is not running! To print, turn on the spooler (lpsched) hppi returns to the Spooler Adminstration menu, enter q[Enter] two times to exit the procedure. Finished adding <Printername> to the spooler. **************************************************************** *****] **** **** ] **** JetDirect Printer Installer for UNIX **** ]]]]] ]]]]] **** Version E.10.18 **** ] ] ] ] **** **** ] ] ]]]]] **** Spooler Administration ***** ] **** ****** ] **** User: (root) OS: (HPUX B.11.11) I N V E N T **************************************************************** Spooler: 1) Add printer to local spooler 2) Delete printer from local spooler 3) Modify existing spooler queue(s) 4) Install New Model Script 5) Remove Model Script ?) Help Please enter selection: q [Enter] q) Quit

**************************************************************** *****] **** **** ] **** JetDirect Printer Installer for UNIX **** ]]]]] ]]]]] **** Version E.10.18 **** ] ] ] ] **** **** ] ] ]]]]] **** M A I N M E N U ***** ] **** ****** ] **** User: (root) OS: (HPUX B.11.11) I N V E N T **************************************************************** 1) Spooler Administration (superuser only) 2) JetDirect Configuration (superuser only) TCP/IP configurable parameters 3) Diagnostics: diagnose printing problems
1AA 00014 0004 (9007) A4 ALICE 04.10

?) Help

q) Quit

Please enter a selection (q quit): q [Enter]

ED

03 3AL 88893 CAAA 112 91 / 112

8.1.1 Start the System Spooler The hpuxt system spooler is automatically started during at system startup time only when there is at list a print queue defined. When you define the first queue it is usually not running, so to allow the correct print activities you have to munually start it by entering the follwoing command as root user: ..,sys,root # lpsched[Enter]

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 92 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

8.2 Configure Printer Booting from Local System


This printer configuration allow to remotely load the printer configuration at printer poweron time. If you decide to use this method it is advisable to choose two hpuxt system configured to setup the printers, and keep the two system database alligned. To perform this job you have to log in the system as root and enter the command: ..,sys,root # hppi [Enter] **************************************************************** *****] **** **** ] **** JetDirect Printer Installer for UNIX **** ]]]]] ]]]]] **** Version E.10.18 **** ] ] ] ] **** **** ] ] ]]]]] **** M A I N M E N U ***** ] **** ****** ] **** User: (root) OS: (HPUX B.11.11) I N V E N T **************************************************************** 1) Spooler Administration (superuser only)

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

2) JetDirect Configuration (superuser only) TCP/IP configurable parameters

3) Diagnostics: diagnose printing problems ?) Help q) Quit

Please enter a selection (q quit): Enter 2[Enter] to select the JetDirect configuration.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 93 / 112

OR Telnet Configure JetDirect: 4) Set IP Address locally (within your local subnet router) 5) Open Telnet Session to JetDirect Card ?) Help Me Decide Please enter selection: Enter 1[Enter] to create configure the printer for booting from this node. You will be asked a series of questions. After all of the questions have been answered, the responses are used to create an /etc/bootptab entry, and an optional configuration file. This configuration file is retrieved by the network printer with TFTP after it receives the BOOTP response. These responses apply to all questions: q returns you to the next higher level menu ? prints help text <return> skips optional parameters or selects the default value q) Quit

Enter the printers LAN hardware address: <Mac Address> [Enter] Enter the network printer name (q quit): Enter IP address: <IP Address> [Enter] Add <Printer Name> and <IP Address> to /etc/hosts? (y/n/q, default=y): y [Enter] Printer name and IP address have been added to /etc/hosts. If your /etc/ hosts file is updated automatically from a master source, add the name and IP address to your master source after the configuration is complete. Following are optional parameters you may set for JetDirect. Select any nonzero numbers to make the changes. The settings are used to create a BOOTP/TFTP database when 0 is selected. To abort the operation, press q <Printer Name> [Enter]

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 94 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

**************************************************************** *****] **** **** ] **** JetDirect Printer Installer for UNIX **** ]]]]] ]]]]] **** Version E.10.18 **** ] ] ] ] **** **** ] ] ]]]]] **** JetDirect Configuration Menu ***** ] **** ****** ] **** User: (root) OS: (HPUX B.11.11) I N V E N T **************************************************************** Printer Network Interface: 1) Create printer configuration in BOOTP/TFTP database 2) Remove printer configuration from BOOTP/TFTP 3) Check Bootp and TFTP operation (superuser only)

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

Other optional parameters: 1) Set printer location (uses tftp) 2) Set printer contact (uses tftp) 3) Set subnetmask 4) Set gateway 5) Set syslog (uses tftp) 6) Change idle timeout (uses tftp) 7) Create access list (up to 10 names). (Default: all allowed). (uses tftp) 8) Other SNMP parameters: (uses tftp) (GET/SET community name, trap and community name, authentication trap) 9) Set HP JetDirect lpd banner page Select an item for change, or 0 to configure (q quit): 1 [Enter] Enter the printer location (q quit): <Location name> [Enter] ... Select an item for change, or 0 to configure (q quit): 0 [Enter] (configuring) ... Completed creating BOOTP/TFTP configuration database for <Printer Name>. Tftp service is also used to boot up JetDirect. Make sure /var/adm/inetd.sec allows JetDirects IP to accesstftp service on this node. Please wait... (testing, please wait) ... Testing BOOTP with 080009000000...: RESULT: Passed BOOTP test 1 with 080009000000. ...... BOOTP/TFTP has been verified functional. Configuration data is now in place. The next test is to ping the printer for the IP name you just assigned it. To continue the test, you MUST do the following so that the printer can configure itself with the configuration data: Power cycle the printer. (operator must do a power cycle : power off power on) Wait until the printer finishes the self test. (Note: It may take 20 sec to 1 min for a token ring HP JetDirect interface to finish the configuration.) Press the return key to continue the test. If you are not ready for the next test (for example, the IP name has not taken affect in your DNS server), press q to return to the configuration menu now.

1AA 00014 0004 (9007) A4 ALICE 04.10

Do you want to send test file(s) to this printer (y/n, default=n)? y

[Enter]

ED

03 3AL 88893 CAAA 112 95 / 112

1) 2) 3) 4)

text file (if printer is in PCL or AUTO mode) PostScript file (if printer is in PS or AUTO mode) HPGL/2 file (if it is a HPGL/2 plotter) User supplied file

Which one should be transmitted? (1/2/3/q, default=1) 2 [Enter] =============================================================== Sending a test file to <Printer Name> ...

Result: The file has been successfully sent to <Printer Name>. Check output! =============================================================== Press the return key to continue ... [Enter]

**************************************************************** *****] **** **** ] **** JetDirect Printer Installer for UNIX **** ]]]]] ]]]]] **** Version E.10.18 **** ] ] ] ] **** **** ] ] ]]]]] **** JetDirect Configuration Menu ***** ] **** ****** ] **** User: (root) OS: (HPUX B.11.11) I N V E N T **************************************************************** Printer Network Interface: 1) Create printer configuration in BOOTP/TFTP database 2) Remove printer configuration from BOOTP/TFTP 3) Check Bootp and TFTP operation (superuser only) OR Telnet Configure JetDirect: 4) Set IP Address locally (within your local subnet router) 5) Open Telnet Session to JetDirect Card ?) Help Me Decide Please enter selection: q [Enter]
1AA 00014 0004 (9007) A4 ALICE 04.10

q) Quit

ED

03 3AL 88893 CAAA 112 96 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

This test is using test files to demonstrate that data bytes can be transmitted across the HP JetDirect interface setup. As long as a few characters print out, the test is successful. The printer must be ready, i.e. online and not printing anything. The following types of test files can be sent to the printer:

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

**************************************************************** *****] **** **** ] **** JetDirect Printer Installer for UNIX **** ]]]]] ]]]]] **** Version E.10.18 **** ] ] ] ] **** **** ] ] ]]]]] **** M A I N M E N U ***** ] **** ****** ] **** User: (root) OS: (HPUX B.11.11) I N V E N T **************************************************************** 1) Spooler Administration (superuser only)

2) JetDirect Configuration (superuser only) TCP/IP configurable parameters 3) Diagnostics: diagnose printing problems

?) Help

q) Quit

Please enter a selection (q quit): q [Enter] ..,sys,root #

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 97 / 112

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03

3AL 88893 CAAA


All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

112

98 / 112

9 GSP & MP PROCESSORS CONFIGURATION


The HP9000 Server of the following classes are provided with Guardian Service Processor (GSP) or Management Processor (MP), to be able to use the console you must use a local VT100 terminal or a PC with a VT100 terminal emulator. The GSP can be configured to allow to use the console via LAN, moreover the GSP rev B provides also the Web Console function. N.B. If you use a PC with the VT100 terminal emulator you must have a RS232 924 pin male/male cable adapter.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

9.1 Configure Guardian Service Processor


9.1.1 Access the GSP with Local Terminal or PC. To configure the GSP LAN console you must have the following information available: a) b) c) d) An IP address for the GSP An hostname for GSP The subnetmask The IP address of the gateway

Optional data requested: a) b) Username for GSP administrator Password for GSP administrator

Connect a terminal (or PC) to the console serial port and enter the GSP pressing [Ctrl]+b keys. Youll see the following message: Leaving Console Modeyou may lose write access. When Console Mode returns, type ^Ecf to get console write access Press [Enter] GSP replays with: [Read only use ^Ecf for console write access.] Enter [Ctrl]+E then c f to get to the GSP prompt (some times it does not succeed, please try it again).

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 99 / 112

9.1.2 Configure GSP LAN console The output provided in the following are related to a GSP rev A, that means the output of the GSP rev B can be different. At GSP prompt (GSP>) enter the command: lc [Enter] This command allows you to modify the LAN configuration. Current configuration: MAC Address : IP Address : GSP Host Name: Subnet Mask : Gateway : Do you want to 0x00306e0860d4 127.0.0.1 uninitialized 255.255.255.0 127.0.0.1 modify the LAN configuration? (Y/[N]) y [Enter]

Answer y to change the GSP LAN configuration. GSP will show you the current IP address configured asking you to change: Current IP Address: 127.0.0.1 Do you want to modify it? (Y/[N]) y [Enter] Answer y to change. Then it will ask you for the GAP IP address: Enter new IP Address: <GAP LAN IP address> [Enter] Enter the GSP LAN IP address followed by [Enter]. GSP will issues the following message requesting you to confirm you data entry: New IP Address: < GAP LAN IP address> Confirm? (Y/[N]): y [Enter] * IP Address will be updated. Enter y [Enter] if the IP address is correct and go on. The same method will be used by GSP to modify the hostname, subnetmask and gateway: Current GSP Host Name: uninitialized Do you want to modify it? (Y/[N]) y [Enter] y Enter new GSP Host Name:<hostname> [Enter] <hostname> New GSP Host Name: <hostname> Confirm? (Y/[N]): y [Enter] y > GSP Host Name will be updated. Current Subnet Mask: 255.255.255.0 Do you want to modify it? (Y/[N]) y [Enter] y

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 100 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

Enter new Subnet Mask: <subnet mask> <subnet mask> New Subnet Mask: <subnet mask> Confirm? (Y/[N]): y [Enter] y > Subnet Mask will be updated. Current Gateway: 127.0.0.1 Do you want to modify it?(Y/[N])(Default will be IP Address) y Enter new Gateway: <gateway IP address> [Enter] <gateway IP address> New Gateway: <gateway IP address> Confirm? (Y/[N]): y [Enter] y > Gateway will be updated. > Settings have been updated. GSP>

y [Enter]

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 101 / 112

9.1.3 Define the Administrator User Now you have to define a use profile for the GSP administrator in order to allow the GSP access to authorized people only: The GSP user can manage with reset and power management command, that means them can switch off the server from remote site! At GSP prompt enter the command: so [Enter] GSP> so SO This command allow you to modify the security options and access control. GSP wide parameters are: . Login Timeout: 1 minutes. . Number of Password Faults allowed: 3 . Flow Control Timeout: 5 minutes. Answer n on the GSP wide parameter modification request: Do you want to modify the GSP wide parameters? (Y/[N]) n [Enter] GSP shows you the first user profile, that usually has all field empty, access level operator and user state disable. GSP shows the user profile issuing: User number 1 parameters are: . Users Name: . Users Login: . Organizations Name: . Dialback configuration: Disabled . Access Level: Operator . Mode: Single . Users state: Disabled At the modify request answer with y: Do you want to modify the user number 1 parameters? (Y/[N]/Q to quit) y [Enter] Then you have to enter the name of the user (ex: John Smith) ( if it is not defined we suggest root): Current Users Name: Enter new Users Name: root [Enter] root New Users Name: root Confirm? (Y/[N]): y [Enter] y > Users Name will be updated.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 102 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

It is not necessary to set the Organization name: Current Organizations Name: Do you want to modify it? (Y/[N]) n

n [Enter]r

Enter the user name for the login (we suggest root): Enter new Login: root [Enter] root Enter new Login for confirmation: root root > Login will be updated. Now you have to enter the password for the administrator user: N.B. y Enter new Password: Enter new Password for confirmation: > Password will be updated. Do not enable the Dialback option: Current Dialback configuration: Disabled Do you want to modify it? (Y/[N]) n [Enter] n Change the default User Access from operator to administrator: Current Access Level: Operator Do you want to modify it? (Y/[N]) y [Enter] y Enter new Access Level (Operator / Administrator):A [Enter] A New Access Level: Administrator Confirm? (Y/[N]): y [Enter] y > Access Level will be updated. Change the current mode of the user from Single to Multiple by: Current Mode: Single Do you want to modify it? (Y/[N]) y [Enter] Enter new Mode (Single / Multiple): M [Enter] m New Mode: Multiple Confirm? (Y/[N]): y [Enter] y > Mode will be updated. The password will be not shown! Do you want to modify the current password? (Y/[N]) y [Enter]

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 103 / 112

Enable the user to complete the user definition: Current Users state: Disabled
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

Do you want to modify it? (Y/[N]) y [Enter] y Enter new Users state (Enabled / Disabled): E [Enter] e New Users state: Enabled Confirm? (Y/[N]): y [Enter] y > Users state will be updated. Then GSP shows you the second user profile, it is not required to set up also it, so enter q to quit: User number 2 parameters are: . Users Name: . Users Login: . Organizations Name: . Dialback configuration: Disabled . Access Level: Operator . Mode: Single . Users state: Disabled Do you want to modify the user number 2 parameters? (Y/[N]/Q to quit) q [Enter] > Settings have been updated. User may be disconnected in this process

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 104 / 112

9.1.4 Enable the Access via LAN Now the access to the console via LAN can be authorize, by entering the command el as shown int the following example: GSP> el [Enter] Current LAN port access: Disabled Do you want to modify this configuration? (Y/[N]) y [Enter] LAN port access options:

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

On GSP rev A: [A] All access enabled [D] All access disabled On GSP rev B: [A] [D] [T] [W]

All access enabled both Telnet and Web Disable LAN port prevent Telnet and Web access Telnet only enabled Web only enabled

In any case Please indicate the new mode for the LAN port, or <CR> to retain current value. Choose one of (...): A [Enter] New LAN port access settings will be: Enabled Confirm? (Y/[N]): y [Enter] Current LAN port access: Enabled

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 105 / 112

9.1.5 Check the GSP LAN Console Accessibility It is advisable to check the GSP LAN Console accessibility trying to connect it with a telnet connection from a PC or HPUX system. N.B. The behavior of the GSP depend by the last connection, so the example can be different than what you will see.

Example: ....,sys,root # telnet <IP address GSP> [Enter] Trying... Connected to ....... Escape character is ^]. Local flow control off Service Processor login: root Service Processor password: HewlettPackard Guardian Service Processor 9000/800/L100036 System Name: [Enter] [Read only use ^Ecf for console write access.] [Ctrl]+E c f [bumped user ] [Ctrl]+B Leaving Console Mode you may lose write access. When Console Mode returns, type ^Ecf to get console write access. GSP> The test is OK just if you are able to login. To close the connection press [Ctrl]+] (Control key +, and type close [Enter] at telnet> prompt. 9.1.6 How to get to the GSP Console To get in console mode at GSP prompt type: co [Enter] GSP> co [Enter] Leaving Guardian Service Processor Command Interface and entering Console mode. Type CtrlB to reactivate the GSP Command Interface. [Enter] [Read only use ^Ecf for console write access.] [Ctrl]+E c f [bumped user ] [Enter] GenericSysName [HP Release B.11.00] (see /etc/issue) Console Login:

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 106 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

9.2 Configure Management Process


This paragraph show only the minimum configuration for the Management Processor (MP) provided with one of the following HP9000 9000 servers: rp7410, rp3410, rp3440 and rp4440. 9.2.1 Access the MP with Local Terminal or PC. Like to GSP configuration MP must requires the following information available: a) b) c) d) An IP address for the MP An hostname for MP The subnetmask The IP address of the gateway

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

Connect a terminal (or PC) to the console serial port RS232 and enter the MP pressing [Enter] key, it have t reply requesting the Login and password: MP login: MP password: Both of them are initialized to Admin, entering them the MP shows you some information about the MP itself and the Main menu: Welcome to the rp7410 Management Processor (c) Copyright 19952002 HewlettPackard Co., All Rights Reserved. Version 3.05 MP MAIN MENU: CO: VFP: CM: CL: SL: HE: X: MP> Consoles Virtual Front Panel (partition status) Command Menu Console Logs Show chassis Logs Help Exit Connection

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 107 / 112

9.2.2 Configure Lan Console The minimum configuration consists of the lan parameter setup, if you want more information about how to use MP the HE command can provide a breaf explanation, for specific management realted to the hardware partitioning please refer to HP System Partitions Guide [4] at page 8. Enter the command CM to get into the Command Memu: MP> CM It replays with MP: CM > prompt: Enter HE to get a list of available commands MP:CM> To configure the lan interface you have to enter the command LC (Lanc Console). MP:CM> LC This command modifies the LAN parameters. Current configuration of MP LAN interface MAC address : 00:30:6e:38:b2:d0 IP address : 127.0.0.1 (0xef000001) Hostname : notdefined Subnet mask : 255.0.0.0 (0xff000000) Gateway : 0.0.0.0 (0x00000000) Status : UP and RUNNING AutoNegotiate : Enabled Data Rate : 10 Mb/s Duplex : Half Error Count : 46 Last Error : rx FIFO overflow The command shows the current lan configuration, then it starts to issue some questions to allow you to change any one of them. The first question is related to if you want to modify the Lan Console configuration reply y to the question: Do you want to modify the configuration for the customer LAN?(Y/[N]) y[Enter] The lan console condifugration asks you to change the IP Address: Current IP Address is: 127.0.0.1 Do you want to modify it? (Y/[N]) y[Enter] Enter new IP Address : <New IP Address> [Enter] New IP Address will be: .... Please confirm (Y/[N]) y[Enter] > IP Address will be updated.

Then it provides you the current hostname assigned to the MP:


1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 108 / 112

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

Current MP Network Name is: notdefined Do you want to modify it? (Y/[N]) y[Enter] Enter new MP Network Name : <New MP hostname> New MP Network Name will be: ... Please confirm (Y/[N]) y[Enter] > MP Network Name will be updated.

The next step is to change the Subnet mask: Current Subnet Mask is: 255.0.0.0 Do you want to modify it? (Y/[N]) y[Enter] Enter new Subnet Mask : <New Subnet Mask> New Subnet Mask will be: .... Please confirm (Y/[N]) y[Enter] > Subnet Mask will be updated.

The last question ragards the Gateway: Current Gateway is: 0.0.0.0 Do you want to modify it? (Y/[N]) (Default will be IP address.) y[Enter] Enter new Gateway : < New Gateway IP Address> New Gateway will be: .... Please confirm (Y/[N]) y[Enter] > Gateway will be updated.

And the terminates issuing the message, followed by the prompt: > Parameters have been updated. MP:CM> It is advisable to check the connecion via telnet from another system, if it fails check if the Lan Console Access is enabled with the EL commnad.

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 109 / 112

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03

3AL 88893 CAAA


All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

112

110 / 112

APPENDIX A FILE EXAMPLES


This appendix provides some configuration file examples.

All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

A.1 security.params
# # Copyright (c) 2004 by Alcatel Telecom. All rights reserved. # # # YOU CAN MAKE CHANGES UNDER THIS LINE # Users advised against problems # WARN_USERS_LIST=root ## List of users separated by blank # Parameters for UNTrusted Systems (SECURITY) # PASSWORD_MAXDAYS=180 ## Password expiration time interval (days) # # ATTENTION: IF THE VALUE OF THE NEXT VARIABLE IS CHANGED YOU SHOULD HAVE PROBLEMS IN # PASSWORD CHANGING. IT IS RECOMMENDED TO KEEP PASSWORD_MINDAYS=0 PASSWORD_MINDAYS=0 ## Minimum time interval between password changes (days) PASSWORD_WARNDAYS=14 ## Password expiration warning time interval (days) PASSWORD_HISTORY_DEPTH=4 ## Password history depth PASSWORD_MIN_DIGIT_CHARS=1 ## Password minimum digit characters PASSWORD_MIN_SPECIAL_CHARS=1 ## Password minimum special characters MIN_PASSWORD_LENGTH=7 ## Minimum password length # # end of UNTrusted System parameters # Parameters for Trusted Systems # usrpick=YES ## syspnpw=NO ## rstrpw=YES ## nullpw=NO ## syschpw=NO ## sysltpw=NO ## #mintm=PASSWORD_MINDAYS ## #exptm=PASSWORD_MAXDAYS ## gptm=21 ## llog=0 ## #expwarn=PASSWORD_WARNDAYS ## umaxlntr=1 ## tmaxlntr=3 ## dlylntr=2 ## lntmout=30 ##

1AA 00014 0004 (9007) A4 ALICE 04.10

User picks password System does not generate pronounceable.. Check password for triviality Null passwords are not allowed System does not generate passwords ha... System does not generate passwords ha... ##From SECURITY## ##From SECURITY## Grace period time (days) Last login time interval (days) ##From SECURITY## Maximum number of consecutive unsuces... Maximum unsuccessful login tries allo... Delay between login tries Login timeout in seconds

ED

03 3AL 88893 CAAA 112 111 / 112

# # End of Trusted System parameters


All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

# Auditing # # ATTENTION: # DO NOT CHANGE BELOW THIS LINE AFTER THE FIRST APPLY OF THE SECURITY PRI_SWITCH=24576 ## Switch size of primary audit log file (kbytes) SEC_SWITCH=24576 ## Switch size of secondary audit log file (kbytes)

END OF DOCUMENT

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03 3AL 88893 CAAA 112 112 / 112

LABELS AND ASSEMBLY INSTRUCTIONS TARGHETTE E INFORMAZIONI PER IL CENTRO STAMPA


All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

QUESTA PAGINA NON VA INSERITA NEL MANUALE


THIS PAGE MUST NOT BE INCLUDED IN THE HANDBOOK
3AL 88893 CAAA Ed.03 1350 Management Suite 1350 Rel.7.1 NR7.1 ADMINISTRATION GUIDE
COD.MANUALE HDBK P/N:

ORIGINALE INTERLEAF: FILE ARCHIVIAZIONE: cod ANV (PD1-PD2)


No PAGINE TOTALI PER ARCHIVIAZIONE: 114+4=118 DIMENSIONE BINDER SORGENTE (du ks): 3.511 Kbytes

INFORMAZIONI PER IL CENTRO STAMPA - ASSEMBLY INSTRUCTIONS


STAMPARE FRONTE/RETRO RECTO-VERSO PRINTING COMPOSIZIONE ED ASSIEMAGGIO DEL MANUALE: HANDBOOK COMPOSITION AND ASSEMBLY: SERVONO 5 BUSTE TRASPARENTI (Es.Cod.854.010.051 H) FIVE TRANSPARENT PLASTIC ENVELOPES ARE NECESSARY No pagine (facciate) No pages TARGHETTE - LABELS frontespizio front 2 numerate numbered da from a to

3AL 88893 CAAA Ed.03

manuale manual

112

1/112

112/112

INSERIRE LE 5 BUSTE TRASPARENTI INSERT FIVE TRANSPARENT PLASTIC ENVELOPES TOTALE PAGINE A4 (FACCIATE) TOTAL A4 PAGES: TOTALE FOGLI A4 TOTAL A4 SHEETS: WARNING FOR A-UNITS OTHER THAN A-ITALY
1AA 00014 0004 (9007) A4 ALICE 04.10

114 57

Labels are done according to A-Italy binder format. Source files: ALICE 6.10 ARCHIVED BY GAPI 4.1

ED

03

RELEASED 3AL 88893 CAAA 4 Y 1/ 4

QUESTA PAGINA NON VA INSERITA NEL MANUALE


THIS PAGE MUST NOT BE INCLUDED IN THE HANDBOOK
Site
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

Originators B.Bosisio S.Franco

1350 NR7.1 NR 7.1 ADMINISTRATION GUIDE

Domain Division Rubric Type Distribution Codes

: : : :

OND NM 1350 Internal : External :

Approvals Name App. F.Casasole

Name App.

INFORMAZIONI EDITORIALI ORIGINALE SU FILE: ALICE 6.10 sistemazione figlist

3AL 88893 CAAA Ed.03 1350 Management Suite 1350 Rel.7.1 NR7.1 Network Release ADMINISTRATION GUIDE

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03

RELEASED 3AL 88893 CAAA 4 Y 2/ 4

1350 Management Suite


All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.

1350 Rel.7.1
Network Release NR7.1

ADMINISTRATION GUIDE
3AL 88893 CAAA Ed.03

VOL.1/1

1350 Management Suite 1350 Rel.7.1


Network Release NR7.1 ADMINISTRATION GUIDE
3AL 88893 CAAA Ed.03

VOL.1/1
1350 Management Suite 1350 Rel.7.1
3AL 88893 CAAA Ed.03 Network Release NR7.1 ADMINISTRATION GUIDE Network Release NR7.1 ADMINISTRATION GUIDE VOL.1/1

1350 Management Suite 1350 Rel.7.1


3AL 88893 CAAA Ed.03 VOL.1/1

1350 Management Suite 1350 Rel.7.1


Network Release NR7.1
3AL 88893 CAAA Ed.03
1AA 00014 0004 (9007) A4 ALICE 04.10

ADMINISTRATION GUIDE

VOL.1/1

ED

03

RELEASED 3AL 88893 CAAA 4 Y 3/ 4

1AA 00014 0004 (9007) A4 ALICE 04.10

ED

03

RELEASED

FINE DEL DOCUMENTO INTERNO END OF INTERNAL DOCUMENT

3AL 88893 CAAA

4/ 4
All rights reserved. Passing on and copying of this document, use and communication of its contents not permitted without written authorization from Alcatel.