HP UX System Adstration Open Source Components, Utility Setup Command, Open Source pdsh Commands

Page 11

Table 1-3 Command Fanout Commands (continued)

Command

What it Does

cps

Distributes a ps(1) command to multiple

 

hosts in parallel. In a Serviceguard cluster,

 

issues command cluster-wide by default.

When to Use it

To collect process information from groups of systems simultaneously.

cuptime

Reports uptime(1) information for

To check uptime, users, and load averages.

 

multiple systems. In a Serviceguard

 

 

cluster, issues command cluster-wide by

 

 

default.

 

cwall

Displays a wall(1M) broadcast message

 

on multiple hosts. In a Serviceguard

 

cluster, issues command cluster-wide by

 

default.

To broadcast a message to all logged-in users across a group of systems.

Table 1-4 Utility Setup Command

Command

What it Does

csshsetup

For the current user, performs a secure

 

shell (ssh) public key distribution to

 

multiple systems.

When to Use it

To greatly simplify ssh key distribution. pdsh and the command fanout (cexec-related) commands all rely on a proper ssh key distribution. The csync_wizard requires ssh access to managed clients. For example, in a Serviceguard cluster, this allows ssh access from any member to any other member, so pdsh and cexec can be used from any cluster member.

1.2 Open Source Components

The open source components and their commands are described in the following table. These open source components used by DSAU are based on the high level cfengine language. For additional information on cfengine, see the cfengine manpage; for the individual commands, see their respective manpages and open source documentation at /opt/dsau/doc. For supported open source options, refer Appendix A (page 87) HP-Supported Open Source pdsh Options.

Table 1-5 Open Source cfengine Commands

Command

What it Does

cfagent

System configuration agent that performs the configuration actions defined in a

 

configuration policy file.

cfexecd

A scheduling and report service. This is an optional component.

cfkey

Security key generation tool. cfkey is run once on every host to create a

 

public/private key pair.

cfrun

Tool to activate a remote cfagent.

cfservd

A file server and remote activation service.

Table 1-6 Open Source pdsh Commands

Command

What it Does

dshbak

Formats output from pdsh commands; consolidates identical output from multiple

 

hosts.

pdcp

Tool to make file and directory copies in parallel to a set of remote systems.

pdsh

Tool to execute shell commands in parallel across a set of systems.

1.2 Open Source Components 11

Image 11
Contents Distributed Systems Administration Utilities Users Guide Copyright 2009 Hewlett-Packard Development Company, L.P Table of Contents HP-Supported Open Source pdsh Options Index List of Figures Syslog-ngLog-Forwarding ConfigurationList of Tables Consolidated Logging CommandsTarget Node Error Messages Related Information About this DocumentIntended Audience Typographic ConventionsProduct Support HP Encourages Your Comments Introduction Command Fanout Commands Distributed Systems Administration Utilities CommandsConfiguration Synchronization Command Consolidated Logging CommandsOpen Source Components Utility Setup CommandOpen Source cfengine Commands Open Source pdsh CommandsDsau Manual Page Sections Distributed Systems Administration Utilities Manual PagesOpen Source syslog-ng Command Cfengine Overview Configuration SynchronizationConfiguration Synchronization Cfengine Daemons and CommandsCfengine Overview Cfengine Master Server Deployment ModelsUsing the Configuration Synchronization Wizard Configuring cfengineWizard displays the following introductory screen Configuration Data for csyncwizard# /opt/dsau/sbin/csyncwizard Wizard proceeds to configure the system as a master server # /opt/dsau/sbin/csyncwizard Configuration Synchronization Configuring cfengine Would you like to manage clients? N Serviceguard Automation Features Cluster Configuration Notes for cfengineVar/opt/dsau/cfengine/inputs directory Opt/dsau/bin/csyncdispatcher Memberadded newhost Using the Wizard to Configure a Synchronization ClientWhen prompted, enter the name of the client to add Manual Configuration# mkdir -p /var/opt/dsau/cfenginemaster/inputs Manually Configuring a Standalone Synchronization ServerStart by creating the directory # cp localhost.pub root-10.0.0.5.pub # /opt/dsau/sbin/cfkey # /var/opt/dsau/cfengine/ppkeys# cfrun -v -- --verbose # /sbin/init.d/cfservd start# cfagent --no-lock --verbose --no-splay # cfrun -- --inform# mkdir -p /csync/dsau/cfenginemaster/masterfiles Initial Serviceguard Package PreparationList Managed Clients in cfrun.hosts Policyhost = csync.abc.xyz.com# /opt/dsau/sbin/cfkey Edit the cfservd.conf File# cexec /sbin/init.d/cfservd start # ccp /etc/rc.config.d/cfservd /etc/rc.config.d/cfservd# cp localhost.pub root-192.10.25.12.pub # ccp * /var/opt/dsau/cfengine/ppkeys# cmapplyconf -P csync.conf # cmmodpkg -e csync Test the configuration by performing the following steps# ccp csync csync.conf /etc/cmcluster/csync Apply the package and start itOn a managed client, use the command Configuring a Synchronization Managed ClientChoosing a Synchronization Invocation Method Security NotesEncryption Checksum alerts Key ExchangeCsync Network Port Usage Encryption# /sbin/init.d/cfservd stop Disabling Use of cfengineLogging Options Checksum AlertsUnable to connect to a cfengine client or master Cfengine TroubleshootingSyntax error due to missing or superfluous spaces #cfagent -KCfagent -d, -d1, -d2, or -d3 cfservd Cfrun 2describes syslog Facilities Messages Consolidated LoggingIntroduction to syslog Syslog Message FormatImproved Log Consolidation Log Consolidation OverviewMessage Filtering Syslog Co-existence Etc/cmcluster/package-name/package-name.log Syslog-ng Log Consolidator Configuration Log Consolidation ConfigurationOpt/dsau/sbin/clogwizard Using the Log Consolidation WizardConfiguration Data for clogwizard Answer yes y. The wizard then prompts Where N is the expected number of clientsAnswer yes y or press Enter. The next question is If these choices are correct, continue Next prompt is Log files that reside on this cluster can be consolidated Consolidated package logs would be located here Cluster Configuration Notes for clog Minimizing Message Loss During Failover Or press Enter. The next question is Configuring a Log Forwarding Client Using clogwizardEnter the ssh port to be used for port forwarding Manually Configuring a Standalone Log Consolidation Server Manually Configuring Log ConsolidationFor example, for TCP # /sbin/init.d/syslogd stop # /sbin/init.d/syslogd startReplace the %UDPLOOPBACKLOG% token with Add the following lines Create the following symbolic linkChange the Clogconfigured line to If using the TCP protocol, addLog Consolidation Configuration SYSLOGDOPTS=-D -N KEEPALIVE% tokens with appropriate values UDPLOOPBACKSOURCE% and %UDPLOOPBACKLOG% tokens Creating the clog Package If consolidating package logs of this cluster, addIf using VxVM, comment out the LVM Volume Group line Then use cmviewcl to make sure it is running Testing and Starting the clog PackageDistribute it cluster-wide Manually Configuring a Standalone Log Forwarding Client Manually Configuring Log Forwarding ClientsUsing VxVM Instead of LVM Ln -sf /etc/syslog-ng.conf.client /etc/syslog-ng.conf # /sbin/init.d/syslog-ng start # cpp /etc/rc.config.d/syslogd /etc/rc.config.d Destination dsyslog%TYPE% %TYPE%%IP%port%PORT% Create the following symbolic link on each cluster member If using the TCP protocol, add the following linesIf using ssh port forwarding, add Otherwise, if using the UDP protocol, addForwarding Ascii Log Data Start syslog-ngon all cluster members usingFor the filter line For the destination lineFor the log line Consolidating Package Logs on the Log Consolidation Server#/sbin/init.d/syslogd stop Perform the following steps to disable log consolidationDisabling Log Consolidation Disabling a Standalone Log Consolidation System# /sbin/init.d/syslog-ng stop Disabling a Serviceguard Cluster Log Consolidation SystemDisabling a Standalone Log Forwarding Client #/sbin/init.d/syslogd start#/sbin/init.d/syslogd stop #/sbin/init.d/syslogd start Disabling a Serviceguard Cluster Log Forwarding ClientSsh Port Forwarding Securing Consolidated LogsLog File Protections # cd /opt/ssh/etc # ccp sshhost* /opt/ssh/etc Using Bastille to Harden the SystemClog Network Port Usage To log in to the System Management Homepage, navigate to Using the System and Consolidated Log ViewerViewing System and Consolidated Logs Starting System Management HomepageViewing System and Consolidated Logs Page Parallel Distributed Shell Command FanoutCwall displays a wall1M broadcast message on multiple hosts Pdsh Utility WrappersAll nodes Systems# csshsetup -r -f memberslist.txt Security ConfigurationRemote Shell Security Setup Ssh Security SetupTarget Node Error Messages Command Fanout TroubleshootingSsh Command Messages Rsh Command MessagesHP-Supported Open Source pdsh Options Page Cfanouthosts IndexLVM UDP