HP UX System Adstration manual If using VxVM, comment out the LVM Volume Group line

Page 64

1.Find the line “VG[0]=“<%SG_PKG_VOL_GRP%>”” and replace the token with the name of the VM volume group for the package. For example:

VG[0]=“vgclog”

If using VxVM, comment out the LVM Volume Group line

VG[0]=”<%SG_PKG_VOL_GRP%>”. Uncomment the line “VXVM_DG[0]=” and put in the VxVM Disk Group.

2.Find the line “LV[0]=“<%SG_PKG_LOG_VOL%>”” and replace the token with the full name of the logical volume. For example:

LV[0]=“/dev/vgclog/lvol1”

3.Find the line “FS[0]=“<%SG_PKG_FS%>”” and replace the token with the name of the filesystem created for this package. For example:

FS[0]=“/clog”

All the consolidated logs will reside on this filesystem. The specific location for the consolidated package logs and the consolidated syslogs is specified in the /etc/ syslog-ng.conf.serverfile. Using /clog as the example, the default locations based on the template /etc/syslog-ng.conf.serverfile are:

/clog/syslog/syslog.log /clog/packages/package name.log

4.Find the line “FS_MOUNT_OPT[0]=“<%SG_PKG_MNT_OPT%>”:” and replace the token with the filesystem’s mount options. For example:

FS_MOUNT_OPT[0]=-o rw,largefiles

5.Find the line “FS_TYPE[0]=“<%SG_PKG_FS_TYPE%>”” and replace the token with the filesystem type. For example:

FS_TYPE[0]=vxfs

6.Find the line “FS_UMOUNT_OPT[0]=“<%SG_PKG_FS_UMOUNT_OPT%>”” and replace the token with any filesystem umount options. The token can be removed and this option left blank if there are no special umount options. For example:

FS_UMOUNT_OPT[0]=“”

7.Find the line “FS_FSCK_OPT[0]=“<%SG_PKG_FS_FSCK_OPT%>”” and replace the token with any filesystem specific fsck options. The token can be deleted and this option left blank. For example:

FS_FSCK_OPT[0]=

8.Find the line “IP[0]=“<%SG_PKG_IP%>”” and replace the token with the IP address of the clog package. For example:

IP[0]= 192.119.152.3

9.Find the line “SUBNET[0]=“<%SG_PKG_SUBNET%>”” and replace the token with the subnet for the packages IP address. Use netstat -ito help determine the subnet. For example:

SUBNET[0]= 192.119.152.0

You next need to distribute the package files cluster-wide. To do this, perform the following steps:

1.First, create the package directory on all the other members:

#cexec mkdir /etc/cmcluster/clog

2.Copy the package control script and package ASCII configuration file:

#ccp clog clog.conf /usr/local/cmcluster/conf/clog/

3.Update the /etc/rc.config.d/syslog-ngfile, by adding the following lines:

CLOG_PKG_VOL_GRP=LVM-volume-group

CLOG_PKG_LOG_VOL=logical-volume(full path)

64 Consolidated Logging

Image 64
Contents Distributed Systems Administration Utilities Users Guide Copyright 2009 Hewlett-Packard Development Company, L.P Table of Contents HP-Supported Open Source pdsh Options Index Syslog-ngLog-Forwarding Configuration List of FiguresTarget Node Error Messages Consolidated Logging CommandsList of Tables About this Document Intended AudienceTypographic Conventions Related InformationProduct Support HP Encourages Your Comments Introduction Distributed Systems Administration Utilities Commands Configuration Synchronization CommandConsolidated Logging Commands Command Fanout CommandsUtility Setup Command Open Source cfengine CommandsOpen Source pdsh Commands Open Source ComponentsOpen Source syslog-ng Command Distributed Systems Administration Utilities Manual PagesDsau Manual Page Sections Configuration Synchronization Cfengine OverviewCfengine Daemons and Commands Configuration SynchronizationCfengine Master Server Deployment Models Cfengine OverviewConfiguring cfengine Using the Configuration Synchronization Wizard# /opt/dsau/sbin/csyncwizard Configuration Data for csyncwizardWizard displays the following introductory screen Wizard proceeds to configure the system as a master server # /opt/dsau/sbin/csyncwizard Configuration Synchronization Configuring cfengine Would you like to manage clients? N Cluster Configuration Notes for cfengine Serviceguard Automation FeaturesVar/opt/dsau/cfengine/inputs directory Using the Wizard to Configure a Synchronization Client Opt/dsau/bin/csyncdispatcher Memberadded newhostManual Configuration When prompted, enter the name of the client to addStart by creating the directory Manually Configuring a Standalone Synchronization Server# mkdir -p /var/opt/dsau/cfenginemaster/inputs # /opt/dsau/sbin/cfkey # /var/opt/dsau/cfengine/ppkeys # cp localhost.pub root-10.0.0.5.pub# /sbin/init.d/cfservd start # cfagent --no-lock --verbose --no-splay# cfrun -- --inform # cfrun -v -- --verboseInitial Serviceguard Package Preparation # mkdir -p /csync/dsau/cfenginemaster/masterfilesPolicyhost = csync.abc.xyz.com List Managed Clients in cfrun.hostsEdit the cfservd.conf File # /opt/dsau/sbin/cfkey# ccp /etc/rc.config.d/cfservd /etc/rc.config.d/cfservd # cp localhost.pub root-192.10.25.12.pub# ccp * /var/opt/dsau/cfengine/ppkeys # cexec /sbin/init.d/cfservd startTest the configuration by performing the following steps # ccp csync csync.conf /etc/cmcluster/csyncApply the package and start it # cmapplyconf -P csync.conf # cmmodpkg -e csyncConfiguring a Synchronization Managed Client On a managed client, use the commandSecurity Notes Choosing a Synchronization Invocation MethodKey Exchange Csync Network Port UsageEncryption Encryption Checksum alertsDisabling Use of cfengine Logging OptionsChecksum Alerts # /sbin/init.d/cfservd stopCfengine Troubleshooting Syntax error due to missing or superfluous spaces#cfagent -K Unable to connect to a cfengine client or masterCfagent -d, -d1, -d2, or -d3 cfservd Cfrun Consolidated Logging Introduction to syslogSyslog Message Format 2describes syslog Facilities MessagesMessage Filtering Log Consolidation OverviewImproved Log Consolidation Syslog Co-existence Etc/cmcluster/package-name/package-name.log Log Consolidation Configuration Syslog-ng Log Consolidator ConfigurationConfiguration Data for clogwizard Using the Log Consolidation WizardOpt/dsau/sbin/clogwizard Answer yes y or press Enter. The next question is Where N is the expected number of clientsAnswer yes y. The wizard then prompts If these choices are correct, continue Next prompt is Log files that reside on this cluster can be consolidated Consolidated package logs would be located here Cluster Configuration Notes for clog Minimizing Message Loss During Failover Configuring a Log Forwarding Client Using clogwizard Or press Enter. The next question isEnter the ssh port to be used for port forwarding Manually Configuring Log Consolidation Manually Configuring a Standalone Log Consolidation ServerReplace the %UDPLOOPBACKLOG% token with # /sbin/init.d/syslogd stop # /sbin/init.d/syslogd startFor example, for TCP Create the following symbolic link Change the Clogconfigured line toIf using the TCP protocol, add Add the following linesLog Consolidation Configuration SYSLOGDOPTS=-D -N KEEPALIVE% tokens with appropriate values UDPLOOPBACKSOURCE% and %UDPLOOPBACKLOG% tokens If consolidating package logs of this cluster, add Creating the clog PackageIf using VxVM, comment out the LVM Volume Group line Distribute it cluster-wide Testing and Starting the clog PackageThen use cmviewcl to make sure it is running Using VxVM Instead of LVM Manually Configuring Log Forwarding ClientsManually Configuring a Standalone Log Forwarding Client Ln -sf /etc/syslog-ng.conf.client /etc/syslog-ng.conf # /sbin/init.d/syslog-ng start # cpp /etc/rc.config.d/syslogd /etc/rc.config.d Destination dsyslog%TYPE% %TYPE%%IP%port%PORT% If using the TCP protocol, add the following lines If using ssh port forwarding, addOtherwise, if using the UDP protocol, add Create the following symbolic link on each cluster memberStart syslog-ngon all cluster members using Forwarding Ascii Log DataFor the destination line For the filter lineConsolidating Package Logs on the Log Consolidation Server For the log linePerform the following steps to disable log consolidation Disabling Log ConsolidationDisabling a Standalone Log Consolidation System #/sbin/init.d/syslogd stopDisabling a Serviceguard Cluster Log Consolidation System Disabling a Standalone Log Forwarding Client#/sbin/init.d/syslogd start # /sbin/init.d/syslog-ng stopDisabling a Serviceguard Cluster Log Forwarding Client #/sbin/init.d/syslogd stop #/sbin/init.d/syslogd startLog File Protections Securing Consolidated LogsSsh Port Forwarding Clog Network Port Usage Using Bastille to Harden the System# cd /opt/ssh/etc # ccp sshhost* /opt/ssh/etc Using the System and Consolidated Log Viewer Viewing System and Consolidated LogsStarting System Management Homepage To log in to the System Management Homepage, navigate toViewing System and Consolidated Logs Page Command Fanout Parallel Distributed ShellPdsh Utility Wrappers All nodesSystems Cwall displays a wall1M broadcast message on multiple hostsSecurity Configuration Remote Shell Security SetupSsh Security Setup # csshsetup -r -f memberslist.txtCommand Fanout Troubleshooting Ssh Command MessagesRsh Command Messages Target Node Error MessagesHP-Supported Open Source pdsh Options Page Index CfanouthostsLVM UDP