HP UX System Adstration manual Introduction

Page 9

1 Introduction

The Distributed Systems Administration Utilities provide several tools for simplifying the management of groups of systems and of Serviceguard clusters.

There are three utilities:

Configuration Synchronization: - with this utility, based on the open source tool cfengine or “configuration engine,” the administrator can centrally define management actions to be applied to a set of managed systems. cfengine is a client/server based tool. The central configuration master system hosts the configuration description file that defines the management actions to be performed on each managed client. The configuration master also hosts the “golden image” files, which are master copies of files that are distributed to the clients. The administrator can use cfengine to perform tasks such as:

Ensure that client systems are using a correct set of configuration files

Disable inappropriately configured files on the client

Check file permissions, ownership, and track checksum changes

Perform edits to files

Execute arbitrary shell commands on each client

Check for processes, signal processes

A Configuration Synchronization Wizard is available to help the administrator quickly configure cfengine for managing a set of distributed systems or configuring it as a highly available service in a Serviceguard cluster. This wizard is described in Chapter 2:

“Configuration Synchronization” (page 13). For additional information, see the cfengine and csync_wizard manpages.

Consolidated Logging: standard UNIX syslogd offers UDP-based log forwarding to a central log consolidator today. The DSAU utilities provide the open source tool syslog-ngor “syslog next-generation.” syslog-ngoffers additional features that make it a powerful tool for log forwarding, log centralization and log consolidation.

The Configuration Synchronization Wizard helps to configure syslog-ngon a log consolidation server and log forwarding clients. Centralized log consolidation offers the following benefits:

Easier log file analysis

A centralized log provides a single location for the administrator to perform log file analysis. It offers a single view of events that impact multiple systems.

The DSAU utilities are specifically designed to optimize this method for managing a Serviceguard cluster. Member syslogs and package logs can be centralized for simpler log file access and analysis. DSAU utilities also allow the cluster to offer a highly available consolidated logging service.

Increased security

A security breach might compromise the local logs but not the centralized copy.

Simplified archiving of logs

It is usually simpler to archive a set of centralized logs rather than per-system logs.

This wizard is described in Chapter 3: “Consolidated Logging” (page 41). For additional information, refer to the clog_wizard and syslog-ngmanpages.

Command fanout is based on the open source tool Parallel Distributed Shell (pdsh). pdsh enables the administrator to execute shell commands in parallel across a set of systems. It can use remsh or ssh as the network transports. The csshsetup tool is provided to simplify the distribution of ssh keys. The companion utility Parallel Distributed Copy (pdcp) enables

9

Page 8 Page 10
Image 9
Page 8 Page 10
Contents Distributed Systems Administration Utilities Users Guide Copyright 2009 Hewlett-Packard Development Company, L.P Table of Contents HP-Supported Open Source pdsh Options Index List of Figures Syslog-ngLog-Forwarding ConfigurationConsolidated Logging Commands Target Node Error MessagesList of Tables Intended Audience About this DocumentTypographic Conventions Related InformationProduct Support HP Encourages Your Comments Introduction Configuration Synchronization Command Distributed Systems Administration Utilities CommandsConsolidated Logging Commands Command Fanout CommandsOpen Source cfengine Commands Utility Setup CommandOpen Source pdsh Commands Open Source ComponentsDistributed Systems Administration Utilities Manual Pages Open Source syslog-ng CommandDsau Manual Page Sections Cfengine Overview Configuration SynchronizationConfiguration Synchronization Cfengine Daemons and CommandsCfengine Overview Cfengine Master Server Deployment ModelsUsing the Configuration Synchronization Wizard Configuring cfengineConfiguration Data for csyncwizard # /opt/dsau/sbin/csyncwizardWizard displays the following introductory screen Wizard proceeds to configure the system as a master server # /opt/dsau/sbin/csyncwizard Configuration Synchronization Configuring cfengine Would you like to manage clients? N Serviceguard Automation Features Cluster Configuration Notes for cfengineVar/opt/dsau/cfengine/inputs directory Opt/dsau/bin/csyncdispatcher Memberadded newhost Using the Wizard to Configure a Synchronization ClientWhen prompted, enter the name of the client to add Manual ConfigurationManually Configuring a Standalone Synchronization Server Start by creating the directory# mkdir -p /var/opt/dsau/cfenginemaster/inputs # cp localhost.pub root-10.0.0.5.pub # /opt/dsau/sbin/cfkey # /var/opt/dsau/cfengine/ppkeys# cfagent --no-lock --verbose --no-splay # /sbin/init.d/cfservd start# cfrun -- --inform # cfrun -v -- --verbose# mkdir -p /csync/dsau/cfenginemaster/masterfiles Initial Serviceguard Package PreparationList Managed Clients in cfrun.hosts Policyhost = csync.abc.xyz.com# /opt/dsau/sbin/cfkey Edit the cfservd.conf File# cp localhost.pub root-192.10.25.12.pub # ccp /etc/rc.config.d/cfservd /etc/rc.config.d/cfservd# ccp * /var/opt/dsau/cfengine/ppkeys # cexec /sbin/init.d/cfservd start# ccp csync csync.conf /etc/cmcluster/csync Test the configuration by performing the following stepsApply the package and start it # cmapplyconf -P csync.conf # cmmodpkg -e csyncOn a managed client, use the command Configuring a Synchronization Managed ClientChoosing a Synchronization Invocation Method Security NotesCsync Network Port Usage Key ExchangeEncryption Encryption Checksum alertsLogging Options Disabling Use of cfengineChecksum Alerts # /sbin/init.d/cfservd stopSyntax error due to missing or superfluous spaces Cfengine Troubleshooting#cfagent -K Unable to connect to a cfengine client or masterCfagent -d, -d1, -d2, or -d3 cfservd Cfrun Introduction to syslog Consolidated LoggingSyslog Message Format 2describes syslog Facilities MessagesLog Consolidation Overview Message FilteringImproved Log Consolidation Syslog Co-existence Etc/cmcluster/package-name/package-name.log Syslog-ng Log Consolidator Configuration Log Consolidation ConfigurationUsing the Log Consolidation Wizard Configuration Data for clogwizardOpt/dsau/sbin/clogwizard Where N is the expected number of clients Answer yes y or press Enter. The next question isAnswer yes y. The wizard then prompts If these choices are correct, continue Next prompt is Log files that reside on this cluster can be consolidated Consolidated package logs would be located here Cluster Configuration Notes for clog Minimizing Message Loss During Failover Or press Enter. The next question is Configuring a Log Forwarding Client Using clogwizardEnter the ssh port to be used for port forwarding Manually Configuring a Standalone Log Consolidation Server Manually Configuring Log Consolidation# /sbin/init.d/syslogd stop # /sbin/init.d/syslogd start Replace the %UDPLOOPBACKLOG% token withFor example, for TCP Change the Clogconfigured line to Create the following symbolic linkIf using the TCP protocol, add Add the following linesLog Consolidation Configuration SYSLOGDOPTS=-D -N KEEPALIVE% tokens with appropriate values UDPLOOPBACKSOURCE% and %UDPLOOPBACKLOG% tokens Creating the clog Package If consolidating package logs of this cluster, addIf using VxVM, comment out the LVM Volume Group line Testing and Starting the clog Package Distribute it cluster-wideThen use cmviewcl to make sure it is running Manually Configuring Log Forwarding Clients Using VxVM Instead of LVMManually Configuring a Standalone Log Forwarding Client Ln -sf /etc/syslog-ng.conf.client /etc/syslog-ng.conf # /sbin/init.d/syslog-ng start # cpp /etc/rc.config.d/syslogd /etc/rc.config.d Destination dsyslog%TYPE% %TYPE%%IP%port%PORT% If using ssh port forwarding, add If using the TCP protocol, add the following linesOtherwise, if using the UDP protocol, add Create the following symbolic link on each cluster memberForwarding Ascii Log Data Start syslog-ngon all cluster members usingFor the filter line For the destination lineFor the log line Consolidating Package Logs on the Log Consolidation ServerDisabling Log Consolidation Perform the following steps to disable log consolidationDisabling a Standalone Log Consolidation System #/sbin/init.d/syslogd stopDisabling a Standalone Log Forwarding Client Disabling a Serviceguard Cluster Log Consolidation System#/sbin/init.d/syslogd start # /sbin/init.d/syslog-ng stop#/sbin/init.d/syslogd stop #/sbin/init.d/syslogd start Disabling a Serviceguard Cluster Log Forwarding ClientSecuring Consolidated Logs Log File ProtectionsSsh Port Forwarding Using Bastille to Harden the System Clog Network Port Usage# cd /opt/ssh/etc # ccp sshhost* /opt/ssh/etc Viewing System and Consolidated Logs Using the System and Consolidated Log ViewerStarting System Management Homepage To log in to the System Management Homepage, navigate toViewing System and Consolidated Logs Page Parallel Distributed Shell Command FanoutAll nodes Pdsh Utility WrappersSystems Cwall displays a wall1M broadcast message on multiple hostsRemote Shell Security Setup Security ConfigurationSsh Security Setup # csshsetup -r -f memberslist.txtSsh Command Messages Command Fanout TroubleshootingRsh Command Messages Target Node Error MessagesHP-Supported Open Source pdsh Options Page Cfanouthosts IndexLVM UDP
Top Page Image Contents