Manuals / HP / Computer Equipment / Software

HP UX Encrypted Volume and Filesystem (EVFS) manual Reporting Problems, Collecting Data

Models: UX Encrypted Volume and Filesystem (EVFS)

1 174

Download 174 pages 22.98 Kb

Page 139

Reporting Problems

If you are unable to resolve a problem with EVFS, complete the following steps:

1.Read the EVFS product release notes to see if the problem is a known problem. If it is, follow the documented solution.

2.Determine if you have a valid warranty or support contract for your HP-UX system. Your operations manager can supply you with the necessary information.

3.Go to the HP IT Response Center website at the following URL: http://itrc.hp.com

Search the technical knowledge databases to determine if the problem you are experiencing has already been reported. The type of documentation and resources you have access to depend on your level of entitlement.

4.If this is a new problem or if you need additional help, log your problem with the HP Response Center, either on line through the support case manager at http://itrc.hp.com, or by calling HP Support.

If your warranty has expired or if you do not have a valid support contract for your product, you can still obtain support services for a fee, based on the amount of time and materials required to solve your problem.

Collecting Data

Collect and submit the following data when reporting a problem:

•A description of your environment, including the HP-UX and EVFS version numbers.

•A description of the problem, including what works and what does not work. If an EVFS command failed, include the run string and error message.

•If the system failed, the system dump files and a description of the system activities at the time of the failure.

•Output from the following commands:

lsdev grep evfs ls -l /dev/evfs/*

ls -l /usr/lib/evfs/* cat /etc/evfs/evfstab cat /etc/evfs/evfs.conf evfsadm stat -a evfsvol display -a evfspkey lookup keyname

Reporting Problems 139

Image 139

HP UX Encrypted Volume and Filesystem (EVFS) manual Reporting Problems, Collecting Data

Contents

Encrypted Volume and File System v1.1 Administrators Guide Trademark Notice Table of Contents Upgrading from Evfs v1.0 to Evfs Preparing Evfs for ConfigurationAdministering Evfs 101 129 145 141153 171 169Page Software Types List of FiguresPage List of Tables Page Typographic Conventions About This DocumentIntended Audience Document OrganizationHP Encourages Your Comments Related InformationUser input Evfs provides the following features Features and BenefitsEvfs Introduction LVM DLO Support Evfs Architecture Encryption Metadata EMD Evfs Data FlowEvfs Encryption Keys Using HP-UX Trusted Computing Services with Evfs Volume Encryption KeysUser Keys How Evfs Uses Keys 3illustrates how Evfs uses keys to enable an Evfs volumeAlternate Storage Databases and Distributed Key Storage Key Names and Key IDsUser Key and Passphrase Storage File NamesSummary of Key Type and Privileged User Capabilities User Key PrivilegesEvfspkey Evfs CommandsEvfsvol utility configures and manages the Evfs volumes EvfsadmSoftware Types Supported SoftwareProduct Limitations and Precautions Evfs Introduction Workaround Known ProblemsSymptoms Possible Device File CollisionFeedback and Enhancement Requests Installation Operating System Requirements System RebootPrerequisites Hardware RequirementsLog on to the target system as the root user Installing EvfsUse the following procedure to install Evfs Swinstall utility will install the Evfs componentsUpgrading from Evfs v1.0 to Evfs Verifying for Preconfiguration Preparing Evfs for ConfigurationStart the Evfs subsystem. See Starting the Evfs Subsystem Preparation OverviewCreating the Evfs Pseudo-User Account Configuring an Alternate Evfs Pseudo-UserSetting the evfsuser Attribute Creating the User GroupPreparing Evfs for Configuration Passphrases that secure user private keys Optional Configuring Alternate Key Database DirectoriesKeys Private keysKey Storage Directory Requirements Default pubkey, privkey and passkey Attribute StatementsExample NFS Directory for Public and Private Keys Example Alternate Directory for Public KeysExample Fallback Directory for Nonprivileged Users Pbe EmdbackupOptional Modifying Evfs Global Parameters DatacipherExample Starting the Evfs SubsystemEvfsadm start -n numberthreads Evfspkey keygen -p-s -c cipher -u user -k keyname Creating Keys for Evfs Volume OwnersCreating User Key Pairs Guidelines for Creating User KeysEvfspkey keygen -c rsa-2048 -r -k keyname Creating Recovery KeysStoring the recovery users Private Key ExamplesUser name as the key name Creating Keys for authorized usersEncrypted file Rsa-2048 RSA 2048-bit keys# evfspkey keygen -u root -k rootkey1 ExamplesUser Session # evfsadm startPage Configuration Overview Configuring an Evfs VolumeBefore using this procedure, you must complete the tasks Option 1 Creating a New Evfs VolumeCreating an LVM or VxVM Volume for Evfs Configuring an Evfs VolumeCreating Evfs Volume Device Files Creating the EMD Evfsadm map volumepathOptional Adding Recovery Keys and authorized user Keys Evfsvol enable -p-k keyname evfsvolumepath Enabling the Evfs VolumeSpecifies that the key pair is a recovery key pair Evfsvol add -u user -k keyname evfsvolumepath whereEvfsvol prompts you for the passphrase for the private key Etc/evfs/evfstab file for this volume and have a storedSpecifies non-interactive mode. Evfs uses the key ID from Option, you must add a key ID to the entry# newfs -F vxfs /dev/evfs/vg01/rlvol5 Creating and Mounting a File System on an Evfs VolumeOptional Using fsck to Check the File Volume Creating a New File System with newfsCreating the Mount Point Mount the File System on the Evfs VolumeOptional Adding an Entry to /etc/fstab Dev/evfs/vg01/lvol5 /opt/encrypteddata vxfs defaults 0 Evfsadm stat -a Verifying the ConfigurationEvfsvol display evfsvolumepath Evfsadm stat -a Evfsvol display evfsvolumepathRemount the file system using the mount command Optional Migrating Existing Data to an Evfs Volume Optional Configuring the Autostart Feature See evfstab4 for more information Dev/vg01/lvol5 /dev/evfs/vg01/lvol5 init.initkey bootlocalBacking Up Your Configuration Page Preparing the File System and Data Map the regular volume to an Evfs volumeStart inline encryption Mount the file system to the Evfs volumePerforming Inline Encryption Iencrypt Inline EncryptionConfiguring an Evfs Volume Verifying the Configuration Remount the file system using the mount command # strings /dev/vg01/lvol5 grep TOP Secret Optional Configuring the Autostart Feature Example Backing Up Your Configuration Option Existing size is 96 MB we now extend it by 4 MB, to 100 MB Existing size is 96 MB we now extend it by 4 MB, to 100 MB Page Administering Evfs Starting and Stopping Evfs Enabling Encryption and Decryption Access to Evfs VolumesStarting the Evfs Subsystem Causes Evfs to use a stored passphrase to enable encryption Disabling Encryption/Decryption Access to Evfs VolumesUses the user name as the key name Stopping the Evfs Subsystem Evfsvol disable -p evfsvolumepathEvfsvol disable -a Enter the following evfsadm stop command evfsadm stopClosing Raw Access to Evfs Volumes Opening Raw Access to Evfs VolumesRestoring User Keys Displaying Key IDs for an Evfs VolumeInformation for the volume Managing Evfs Keys and UsersUser Specifies the name of the file containing private key that Changing Owner Keys for an Evfs VolumeCorresponds to a recovery users key in the EMD. If you do To execute this command evfsvol prompts you forEvfspkey delete -u username-r -p -k keyname Recovering from Problems with Owner KeysRemoving Keys from an Evfs Volume Changing the Passphrase for a KeyEvfspkey passgen -r recovkeyfile where Evfspkey passgen -u username -k keynameEvfspkey passgen -f-p-s -u username -k keyname where EMD Backup Directory Recovering from EMD Corruption# evfsvol destroy /dev/evfs/vg01/lvol5 Removing a Volume from the Evfs SubsystemExporting an Evfs Volume Exporting and Importing Evfs VolumesEvfspkey keygen -c cipher -u user -k keyname Use the following evfspkey keygen command syntaxKey owners name and keyname is the key name Importing an Evfs VolumeIs the key owners name and keyname is the key name Administering Evfs Managing Data on Evfs Volumes Vxresize -F Might Cause Data Loss or Corruption Creating a New Evfs Volume Overwrites Existing DataLVM Example Increasing Volume and File System Sizes Resizing Evfs Volumes and File SystemsCorrect Incorrect LVM Example Reducing Volume and File System SizesVxVM Example Reducing Volume and File System Sizes VxVM Example Increasing Volume and File System Sizes# fsadm -F vxfs -b 65536 /test5 Backing Up and Restoring Data on Evfs Volumes Backing Up Evfs Volumes Backup Types with LVM or VxVM Mirrored Volumes Backup Types with Nonmirrored Volumes Map the backup volume to EVFS. For example Backups Using LVM Mirrored VolumesThis creates the device files /dev/evfs/vg01/lvol5backup Evfsvol check -r evfsvolumepath Syntax is as follows Dev/vg01/lvol5backup# evfsvol display /dev/evfs/vg01/lvol6 Evfsvol check -r evfsvolumepath Disable the Evfs backup volume. For example Example File Utility Creating Cleartext Backup Media LVM Mirrored VolumesMap the backup VxVM volume to EVFS. For example Backups Using VxVM Mirrored Volumes# evfsvol raw /dev/evfs/vx/dsk/testdg/backupvol Backing Up and Restoring Data on Evfs Volumes # vxplex -g testdg -v vol05 dis vol05-02 # evfsvol enable -k mykey /dev/evfs/vx/dsk/testdg/backupvol Evfsvol check -r evfsvolumepath # fsck -F vxfs /dev/evfs/vx/rdsk/testdg/backupvol Backing Up Evfs Volumes Example Block Device Utility Creating Cleartext Backup Media VxVM Mirrored VolumesExample File Utility Backups Using Nonmirrored Volumes # evfsvol raw /dev/evfs/vg01/lvol5 Evfsadm stat -a Cp -r /opt/encrypteddata /opt/evfsbackup Restoring Backup Media Restoring Backup Data from an Evfs Volume to an Evfs Volume # cp -r /opt/backupevfs /opt/encrypteddata 128 Troubleshooting Tools Overview Troubleshooting EvfsMeaning of each field is as follows Displaying Evfs Volume InformationDisplaying I/O and Encryption Statistics evfsadm stat Evfsadm stat -a-s-zNumber of data blocks encrypted ADisplays the EMD information for all enabled Evfs volumesSize of the encrypted metadata EMD area, in kilobytes Syntax Verifying the EMD evfsvol check# evfspkey lookup -u root -k rootkey1 Key ID root.rootkey1 Verifying User Keys evfspkey lookupEvfspkey Cannot Generate Key Pairs Problem ScenariosEvfspkey Cannot Store Keys Evfsvol create Fails, Valid EMD Already Exists Evfsvol Cannot Retrieve Private KeySee the evfstab4 man page for more information Evfsadm map Fails, Invalid Device Evfsvol disable Fails, Evfs Volume Is BusyEvfsvol disable command returns the following error Evfsadm map command returns the following errorResets the dirty bit for the specified volume Evfsvol check -r -aevfsvolumepathwhereEMD Is Dirty Collecting Data Reporting Problems140 Product Specifications User Files Evfs provides the following commands Commands and Tools144 This appendix contains reference information about Evfs Evfs Quick ReferencePreparing Evfs Configuring Evfs# evfsadm map volumepath Option 1 Creating New Evfs VolumePerform inline encryption Start inline encryption Table B-1 Starting and Stopping Evfs Evfs Tasks and CommandsTable B-3 Managing Evfs Keys and Users Table B-4 Troubleshooting Evfs 152 Evfs and Serviceguard Overview Using Evfs with ServiceguardRequirements Restrictions Evfs Attribute Definition File ADF Installing Evfs Configuration Node Creating the Serviceguard Storage InfrastructureCreating an LVM Serviceguard Storage Infrastructure Creating a VxVM Serviceguard Storage StructureAdoptive Nodes Modifying /etc/evfs/evfstab Entries Configuring Evfs on the Configuration NodeCreating a Cluster Key Pair Adding the Cluster Keys to the EMD# vgchange -a n /dev/vg02 Preparing Evfs Volumes for Adoptive Nodes# vxdg deport evfsdg Creating a Local Passphrase File Configuring Evfs Volumes on the Adoptive NodesCopying the Evfs Configuration Files and Keys Restoring the Cluster Key Pair FilesVerifying Evfs Mapping the LVM or VxVM Volumes to EvfsDeactivating the Volumes Modifying the /etc/evfs/evfstab FileConfiguring the Autostart Feature Copying the Evfs Control and Module Scripts Configuring Serviceguard using Modular packagesInstalling the Evfs Attribute Definition File Halting an Existing Package# cmmigratepkg -p pkgname -o outputfile.conf where Creating a Modular Package Configuration FileMigrating a Legacy Package Configuration File Adding the Evfs package to the Configuration FileVerifying the Script Adding the Evfs Volumes to the Package Configuration FileLVM and VxVM Modular package example Converting a Package Control Script Configuring Serviceguard using Legacy packagesCreating the Package Configuration File Creating a Package Control ScriptLVM and VxVM Legacy package example Adding the Evfs Volumes to the Package Control ScriptInstalling the Evfs Control Script Modifying the Package Configuration FileAES GlossaryVolume EMD IndexPermissions, 85 /etc/rc.config.d/evfs, 62, 72 RSA Vxresize command Renaming