Hp Linux Server Management Software Bedienungsanleitung

Distributed Systems Administration UtilitiesUser’s GuideHP Part Number: T2786-90337Published: March 2009Edition: 2.1

HP Encourages Your CommentsHP encourages your comments concerning this document. We are truly committed to providingdocumentation that meets your need

1 IntroductionThe Distributed Systems Administration Utilities provide several tools for simplifying themanagement of groups of systems and of Service

the distribution of ssh keys. The companion utility Parallel Distributed Copy (pdcp) enablesfile and directory copies to be performed in parallel to a

Table 1-3 Command Fanout Commands (continued)When to Use itWhat it DoesCommandTo check uptime, users, and load averages.Reports uptime(1) information

Table 1-7 Open Source syslog-ng CommandWhat it DoesCommandTool that performs consolidated logging.syslog-ng1.3 Distributed Systems Administration Util

The values of the environment variables such as $SGCONF are used in shell command examples.1.5 Red Hat and SLES File Path DifferenceThe location of th

16

2 Configuration SynchronizationManaging the configuration and configuration drift of a set of distributed systems is a constantchallenge for system ad

appropriate for each group of managed clients. For example, every five minutes, once anhour, or once a day. The administrator can also invoke cfagent

Figure 2-1 cfengine Overview13452cfexecd cron + /var/opt/dsau/cfengine/inputs -update.conf -cfagent.conf -cfservd.conf -cfrun.hosts+ /var/opt/dsau

CopyrightCopyright ©2007, 2009 Hewlett-Packard CompanyLegal NoticesConfidential computer software. Valid license from HP required for possession, use

synchronization service to groups of remote client systems. Those clients can be standalonesystems or Serviceguard clusters. The cluster providing the

NOTE: If you have used the wizard previously to configure a cfengine master server and rerunit to reconfigure the master server, stop the currently ru

Enter choice: 1The cfengine master server is being configured on: local_hostnameThe wizard then asks if you would like to additionally configure manag

Note that when configuring a master server but not adding any managed clients during theserver configuration, the members entry (list of managed clien

Configuration Synchronization Wizard Menu=========================================(1) Set up a cfengine master server(2) Add a client(3) Remove a cli

Once the storage infrastructure is configured and the IP address obtained, press return to accessthe default answer of ‘yes’ and proceed with creating

Verifying that the master has an entry in the /etc/hosts fileon each client...Starting cfengine on the master server and any managed clients.This may

update.conf and cfagent.conf define the master configuration synchronization server tobe the registered DNS name for the relocatable IP address of the

NOTE: When adding members to a cluster, consider the following:• When adding a member to a cluster that is configured as a highly available master ser

A remote Serviceguard cluster can be configured as a managed client. However, each membermust be configured individually. Repeat the configuration tas

Table of ContentsAbout this Document...9Intende

NOTE: You can use csshsetup to configure a trust relationship between the master serverand the managed clients. This will allow you to use command fan

the client’s domain could be determined based on the client’s IP address or subnet, asfollows:classes: # host in these ip address ranges xyz_dom

9. The file /var/opt/dsau/cfengine_master/inputs/cfservd.conf controls whichmanaged clients have access to the files served by cfservd on the master.

Serviceguard package and the mechanism used to distribute cfengine’s security keys. Follow allthe steps described below.• Initial Serviceguard Package

It is critical to keep this file very simple and avoid errors. Errors in this file will requiremanually copying a new version to each managed client.T

• Edit the cfservd.conf FileThe file /var/opt/dsau/cfengine_master/inputs/cfservd.conf controls whichmanaged clients have access to the files served b

This will create keys named localhost.priv and localhost.pub in the directory/var/opt/dsau/cfengine/ppkeys.2. The public key, localhost.pub is then co

# cp /dsau/share/serviceguard/templates/csync.script.templatecsync# chmod +x csync3. Edit the csync.conf package ASCII configuration file to replace t

5. Distribute the package control script and package ASCII configuration files clusterwide:# ccp csync csync.conf $SGCONF/csync/6. Apply the package a

# scp localhost.pub master_server:\ /var/opt/cfengine/ppkeys/root-client_IP_address.pubIt is important to use a utility such as secure copy (see scp(

3.3.1 Using the Log Consolidation Wizard...503.3.1.1 Configuring a

synchronization. For details on using cfexecd in daemon-mode, refer to the cfengine tutoriallocated in /opt/dsau/doc/cfengine/.2.4 Security Notescfeng

2.4.3 EncryptionIn general, file transfer traffic between the master server and a managed client is not encrypted.For many system management related c

• Most cfagent.conf actions such as "copy," "editfiles," and "processes," supporta syslog = true option to cause the spe

cfrun(0): ... [ Hailing host1 ] ...cfrun(0): ... [ Hailing host2 ] ...cfrun:host2: Couldn’t open a socketcfrun:host2: sock

44

3 Consolidated LoggingDistributed Systems Administration Utilities offers consolidated logging features, including thestandard logging features offere

Table 3-2 syslog Facilities Messages (continued)DescriptionMessageUSENET news subsystem.LOG_NEWSMessages generated internally by syslogd.LOG_SYSLOGGen

• Improved filtering functionality. In addition to syslog's facility/priority level filtering,syslog-ng can perform regular expression filtering

Figure 3-1 syslog-ng Log-Forwarding Configuration1432syslog-ngfifosyslog-ngsyslogd cmcld TCP/IPor UDPLogreader+/var/log/ messages maillog+ /usr/loc

Figure 3-2 syslog-ng Log Consolidator Configuration132syslog-ngfifosyslog-ngsyslogd cmcld TCP/IPor UDPLogreader+/var/log/ messages mail logA BCCon

A.3 Uninstalling the DSAU rpm from your System...91B HP-Supported Open Sourc

IMPORTANT: The following notes are particularly for SLES 10 users.On Red Hat syslogd and syslog-ng coexist and both have different start up scripts wh

For a standalone system, the wizard first displays introductory paragraphs explaining logconsolidation and then asks:Do you want to configure log cons

source s_syslog_tcp { tcp(port(tcp_port) keep-alive(yes)max-connections(N)); };where N is the expected number of clients.Next, the wizard prompts for

The wizard will set up and create a Serviceguard package for the consolidated logging service.Make sure that this cluster’s MAX_CONFIGURED_PACKAGES va

LVM” in the chapter “Building an HA Cluster Configuration,” in the Managing Serviceguardmanual.NOTE: The wizard only supports creating packages based

to local port port_number using the TCP protocol. For high availability the Serviceguard package "clog" will be configur

DSAU maintains two configuration files that control whether the instance of syslog-ng on aparticular cluster member operates as a consolidation server

stanzas added in this section direct syslog-ng to filter package log messages into theappropriate consolidated package logs.— The clog_tail log monito

After entering the hostname or IP address of the log consolidation server, the wizard asks if youwant to use the TCP transport when forwarding log mes

When forwarding a cluster’s package logs, manual configuration is required on the consolidationserver in order to add the syslog-ng filtering lines to

List of Figures2-1 cfengine Overview...

Manual configuration is required for the following cases:• When a cluster is a log forwarding client and forwarding package logs, manual configuration

destination d_syslog { file(“<%FS%>/syslog/syslog.log”); }; becomes:destination d_syslog { file(“/clog/syslog/syslog.log”); }; Make sure that th

default suppresses duplicate messages. If you issue multiple logger test messages, makesure each is unique.3.3.2.2 Manually Configuring a Serviceguard

1. To configure syslog-ng, start with the same syslog-ng.conf templates used by theclog_wizard. On one cluster member, copy/opt/dsau/share/clog/templa

2. Manually replace the tokens in /etc/syslog-ng.conf.client on Red Hat or /etc/syslog-ng/syslog-ng.conf.client on SLES as follows:a. Delete the <%

3.3.2.2.1 Creating the clog PackageTo create the consolidated logging or clog package, start by copying the package templates:# mkdir $SGCONF/clog# cd

7. Find the line “FS_FSCK_OPT[0]=“<%SG_PKG_FS_FSCK_OPT%>”” and replace the tokenwith any filesystem specific fsck options. The token can be dele

1. Run /sbin/syslog-ng with the -s or --syntax-only option to verify the syntax ofthe/etc/syslog-ng.conf.server and/etc/syslog-ng.conf.client files on

5. Validate that log forwarding is working properly. If consolidating the cluster’s local syslogs,use “logger <test message>” and make sure this

3.3.2.3.1 Manually Configuring a Standalone Log Forwarding Client1. To configure syslog-ng, start with the same syslog-ng.conf templates used by thecl

List of Tables1 Conventions...

2. The syslog-ng startup procedure, /etc/init.d/syslog-ng, relies on severalconfiguration variables. Edit as follows:/etc/sysconfig/syslog-nga. Change

1. To configure syslog-ng, start with the same syslog-ng.conf templates used by theclog_wizard.On one cluster member, copy the /opt/dsau/share/clog/te

2. The syslog-ng startup procedure, /etc/init.d/syslog-ng, relies on severalconfiguration variables. Edit /etc/sysconfig/syslog-ng as follows:a. Chang

6. Test the configuration by performing the following steps:a. Run /sbin/syslog-ng with the -s or --syntax-only option to verify the syntaxof the /etc

CLOG_TEXT_LOG[1]=/var/adm/logs/mylog.logCLOG_TEXT_FORMAT[1]="custom"If the text file is already formatted using the syslog-compatible format

1. For each text log that will be forwarded from a client, add the following destination, filterand log lines to the file syslog-ng.conf.server, after

Restart syslog-ng on all cluster nodes.3. For each text log that is deleted from a client that is forwarding its text logs, delete thecorresponding de

3.4 Disabling Log ConsolidationThe clog_wizard enables log consolidation configurations but does not have an unconfigureor deconfigure option. Thus yo

2. Edit the /etc/sysconfig/syslog-ng file and change the CLOG_CONFIGURED line tothe following:CLOG_CONFIGURED=0Remove all other CLOG lines except for

traffic within a Serviceguard cluster (member to member). Standard TCP or UDP is used forintra-cluster log traffic.ssh port forwarding is transparent

8

Then from each log consolidation client, perform a standard ssh key exchange with the relocatableIP address of the clog package. One way to do this is

3.6.2 Using the System Log ViewerThe System Log Viewer will display the syslog-related logs for the system. By default, thisincludes the local logs fo

82

4 Command FanoutCommand fanout utilities allow the system administrator to replicate shell commands acrossmultiple systems. Traditionally, administrat

• Parallel copy commandThe pdcp command provides a parallelized copy command to copy a local source file tomultiple targets.• Setting ssh argumentsUse

ckill ckill allows the administrator to signal a process by name since the pid of a specificprocess will vary across a set of systems or the members o

If the “r” services are not disabled, use of the pdsh -R rsh option by unprivileged users is stilldisabled by default because of the inherent security

Table 4-3 Target Node Error MessagesTo CorrectCauseMessageUse full paths to specify commands.The command does not exist on thetarget node. The remote

88

A Installing DSAU on LinuxThis appendix describes how to install DSAU on Linux to run on supported HP Integrity andProliant servers. These instruction

About this DocumentDistributed Systems Administration Utilities provide tools to simplify the management of groupsof systems and of Serviceguard clust

Configuring the syslog-ng startup scripts.Configuring System Log Viewer for Systems Insight ManagerConfiguring System Log Viewer for System Management

Use "/etc/init.d/hpsmhd restart".The installation of the HP Distributed Systems Administration Utilities (DSAU) has finished.To complete the

92

B HP-Supported Open Source pdsh OptionsThis release of DSAU includes open source pdsh code that was compiled with the followingoptions:• readline supp

94

IndexAadoptive node, 28, 55alertchecksum, 41authentication errors, 42Bbackup file, 26Bastille, 80Berkeley commands, 85blanksin configuration files, 42

Kkeyexchange, 40integrity, 39public/private, 27, 35security, 29, 38known host fingerprint, 79Llockdown toolBastille, 80log consolidation, 55configurat

LVM, 24subdirectoriestimestamped, 26synchronization clientconfiguring, 28syslogintroduction, 45message format, 45syslog-ng, 47syslogd, 45, 47System Ma