Oracle/OVM–OVM Server UUID Challenges

 

While installation of the Oracle OVM server, it automatically selects a “random” number to setup a “UUID” – a unique ID number for itself. It is THIS UUID that the OVM Manager detects and registers within itself for all further communication between the OVM Manager and the OVM Server.

 

Having said that, did you land yourself into a situation wherein:

a.       The OVM server refuses to boot successfully?

b.      The OVM server does boot, but the VMs doesn’t appear?

c.       The OVM manager is unable to communicate with the OVM server?

 

What had happened just before you land up in the above scenarios?

1.       Motherboard of the OVM Server was replaced?

2.       NIC of the OVM server was replaced?

 

Any of the above two scenarios can land you up in to the above 3 situations J

Fear not, below is the reason why and how to get out of it. J

 

Every OVM Server receives a unique ID (also called UUID) when the agent starts. Without this ID, a server can’t join a cluster and the manager can’t dispatch commands to the agent.

 

But the million Dollar Question: “How does this UUID get set in the first place? From where does the OVM Server decides where to pick up the UUID from?

 

What I discovered is this:

 

The ovs-agent will do the following:

 

1.       Ask SMBIOS for an id and if it’s valid use it.

2.       If not valid or no ID then, Get the MAC address of physical Ethernet devices on the system and concatenate in an UUID

 

This poses a great risk because if for some reason you change the motherboard (other SMBIOS) or 1 of the network devices on the system (other MAC), you’ll have a new UUID.

 

Now, how do we detect a changed UUID?

 

The following errors points to a changed UUID:

 

1.       Unable to join cluster after reboot

2.       “Unable to send notification” messages on the console

3.       The OVM Manager fails to rediscover the server after reboot (tries 5 times and gives up)

4.       The OVM Server in OVM Manager will become in ERROR state with an error that looks like: “The server has changed IP or is unreachable”

 

 

Solution?? – Fake it…. I mean, FakeUUID it!!!

In order to solve this issue, the agent has an ini parameter you can set to ensure the same UUID all the time. You can find it in the file /etc/ovs-agent/agent.ini. Get the server UUID from OVM Manager and set it in this parameter.

 

[Server]
fakeuuid=34:45:4c:4c:5a:00:10:20:80:59:b5:c0:4a:42:35:45

 

I personally set this on every OVM installation that I do to ensure there are no issues with this ID changing.

Solaris/Linux: Emails & attachments

 

“mailx” is the utility to send emails from Solaris to the outside world. Emails can be sent in many formats:

 

(1)   Contents of file in email as text:

# mailx -s 'Subject-Here' abc@xyz.com < input.file

# mailx -s 'Uptime Report' abc@xyz.com < /tmp/output.txt

 

Where,

-s ‘Subject’: Specify subject on command line.

abc@xyz.com: To email user.

/tmp/output.txt: Send the content of /tmp/output.txt file using mail command.

 

(2)   Attaching a file as an “attachment” to the email

Example: Attach /tmp/list.tar.gz and and send it

# uuencode /tmp/list.tar.gz /tmp/list.tar.gz | mailx -s "Reports" abc@xyz.com

 

(3)   Attaching a file as an “attachment” and contents of a file as body of the email

Example: Email photo.png along with a text message read from body.txt

# (cat body.txt; uuencode photo.png photo.png) | mailx -s "Subject" abc@xyz.com

 

(4)   Attaching multiple files as “attachments”

Example: Email files - file1.doc, file2.doc & file3.doc – to a single email.

# (uuencode file1.doc file1.doc; uuencode file2.doc file2.doc; uuencode file3.doc file3.doc) | mailx -s "Subject" abc@xyz.com

 

Above commands can be scripted to send emails from the system:

1.      As alerts to the system admins, on adhoc – on-event-basis.

2.      As Periodic/scheduled emails – performance reports, healthcheck reports

3.      On need basis

OEL/Linux: Turning off or disabling SELinux

SELinux is a set of extra security restrictions on top of the normal Linux security tools. It gives the systems administrator a finer grain of control than what the kernel typically provides.

But SELINUX can sometimes get in your way. For example, I have had typical services, such as Apache, appear to start up correctly, but remain inaccessible from the outside world because I forgot to allow the apache user rights to open that port or maybe my distro forgot about it. Before you turn off SELinux make sure you know why you are turning it off and the security concerns you might be opening yourself up to.

 

Test if SELinux is running

You can test to see if SELinux is currently enabled with the following command:

Root/#> selinuxenabled && echo enabled || echo disabled

 

Turning off SELinux temporarily

Disabling SELinux temporarily is the easiest way to determine if the problem you are experiencing is related to your SELinux settings. To turn it off, you will need to become the root users on your system and execute the following command:

Root/#> echo 0 > /selinux/enforce

 

This temporarily turns off SELinux until it is either re-enabled or the system is rebooted. To turn it back on you simply execute this command:

Root/#> echo 1 > /selinux/enforce

 

As you can see from these commands what you are doing is setting the file /selinux/enforce to either '1' or '0' to denote 'true' and 'false'.

 

Configuring SELinux to log warnings instead of block

You can also configure SELinux to give you a warning message instead of actually prohibiting the action. This known as permissive mode. To change SELinux's behavior to permissive mode you need to edit the configuration file. On Fedora and RHEL systems that file is located at /etc/selinux/config. You need to change the SELINUX option to permissive like so:

SELINUX=permissive

 

Note that these changes will not take effect until the system is rebooted, which is why the first section comes in handy on a system you either cannot or do not want to reboot right now.

 

Completely turning off SELinux

To completely disable SELinux instead of setting the configuration file to permissive mode you set it to disabled like:

SELINUX=disabled

 

You will need to reboot your system or temporarily set SELinux to non-enforcing mode to create the desired effect like the example above.

OEL - Firewall not disabled on OEL 6 after running chkconfig iptables off and system reboot

To fix the problem you need to disable libvirtd

# chkconfig libvirtd off

# chkconfig libvirt-guests off

# chkconfig ip6tables off

# chkconfig iptables off

# chkconfig --list | egrep 'iptables|ip6tables|libvirt'

ip6tables 0:off 1:off 2:off 3:off 4:off 5:off 6:off

iptables 0:off 1:off 2:off 3:off 4:off 5:off 6:off

libvirt-guests 0:off 1:off 2:off 3:off 4:off 5:off 6:off

libvirtd 0:off 1:off 2:off 3:off 4:off 5:off 6:off

 

After a reboot the firewall should be disabled now

[root@grac43 ~]# service iptables status

iptables: Firewall is not running.

 

Linux: Extract single file from a compressed tarball

In Linux, execute the following command:

# tar -zxvf FILE.tar.gz --wildcards --no-anchored SINGLE_FILE_TO_EXTRACT

Where FILE.tar.gz corresponds to compressed tarball file and SINGLE_FILE_TO_EXTRACT is a desired file to extract to original directory inside current directory.

Solaris / Linux: Change a text string inside file without using an editor

This is useful when we need to change string or sentence inside file without editing it with and editor like vi or vim.

Execute the following command script to change the desired string globally, in other words this syntax changes all corresponding strings inside file:

perl -pi -e 's/OLD_STRING/NEW_STRING/g' FILE

 

Example:

perl -pi -e 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config

 

RHEL / Solaris : RSYNC – sync the data between two servers

How to sync the data between two servers without using SAN replication? Do you have better than RSYNC tool for this job ? I don’t think so, you we will not get better than RSYNC. It uses ‘rsync algorithm’ which provides a very fast method for syncing the directories or filesystems. An important feature of rsync is that the mirroring takes place with only one transmission in each direction and which is not available in other similar programs.

 

Rsync’s default port is 873 and it’s an opensource software. Rsync is available for Unix, Linux and windows operating systems. You can freely download rsync source code from rsync.samba web portal.

 

Here we will see how to sync data between two servers using automated script.

Operating system:                  Red Hat Linux

Source Server IP:                     192.168.10.20 (mylinz1)
Source Server Path:                /db/oracle/

Destination Server IP:             192.168.10.25 (mylinz2)
Destination Server Path:         /db/oracle-bck/

 

Before proceeding to rsync part,you need to configure key-less authentication to ensure each can communicate using that.

 

Configuring  key-less authentication

1.      Verify whether your host will allow to perform RSA key-less authentication.If you didn’t get similar output,then  you need to comment out the lines in sshd_config.

 

[root@mylinz1 ~]# cat /etc/ssh/sshd_config |egrep "RSA|Pubkey|Authorized" |grep -v "#"

RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile      .ssh/authorized_keys

 

[root@mylinz1 ~]#

 

[root@mylinz2 ~]# cat /etc/ssh/sshd_config |egrep "RSA|Pubkey|Authorized" |grep -v "#"

RSAAuthentication yes

PubkeyAuthentication yes

AuthorizedKeysFile      .ssh/authorized_keys

 

2.      Generate the keygen if you didn’t have one already. Here the user is “root”.

[root@mylinz1 ~]# ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

94:e6:6f:66:bb:cd:a8:30:4d:90:94:31:ae:64:f6:5e root@mylinz1

The key's randomart image is:

+--[ RSA 2048]----+

|      +o         |

|     o.o .       |

|    + + +        |

|   + o =         |

|    . . E        |

|     . + .       |

|      + . =      |

|       o + =     |

|        ..+.o    |

+-----------------+

 

[root@mylinz1 ~]# cd .ssh/

[root@mylinz1 .ssh]# ls -lrt

total 8

-rw-r--r--. 1 root root  394 Jun 19 00:43 id_rsa.pub

-rw-------. 1 root root 1671 Jun 19 00:43 id_rsa

 

[root@mylinz1 .ssh]#

 

[root@mylinz2 ~]# ssh-keygen

Generating public/private rsa key pair.

Enter file in which to save the key (/root/.ssh/id_rsa):

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in /root/.ssh/id_rsa.

Your public key has been saved in /root/.ssh/id_rsa.pub.

The key fingerprint is:

e7:a8:19:ac:dd:e3:28:b3:42:00:a0:84:4a:10:4e:fe root@mylinz2

The key's randomart image is:

+--[ RSA 2048]----+

|B+               |

|O.               |

|=o               |

|o .              |

| . E    S .      |

|  .  .   +       |

| .    o . .      |

|  . oo *.        |

|   .o+=.o.       |

+-----------------+

 

[root@mylinz2 ~]# cd .ssh/

[root@mylinz2 .ssh]# ls -lrt

total 12

-rw-r--r--. 1 root root  395 Jun 19 00:17 known_hosts

-rw-------. 1 root root 1675 Jun 19 00:44 id_rsa

-rw-r--r--. 1 root root  394 Jun 19 00:44 id_rsa.pub

 

3.      Share the “id_rsc.pub” file across the servers to enable the ssh key-less authentication.

[root@mylinz1 .ssh]# scp -r id_rsa.pub 192.168.10.25:/root/.ssh/authorized_keys

The authenticity of host '192.168.10.25 (192.168.10.25)' can't be established.

RSA key fingerprint is 5a:56:fd:69:cf:f2:b8:78:b9:67:e8:d0:f2:a4:ef:cb.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.10.25' (RSA) to the list of known hosts.

root@192.168.10.25's password:

id_rsa.pub                               100%  394     0.4KB/s   00:00

 

[root@mylinz1 .ssh]#

 

[root@mylinz2 .ssh]# scp -r id_rsa.pub 192.168.10.20:/root/.ssh/authorized_keys

root@192.168.10.20's password:

id_rsa.pub                                  100%  394     0.4KB/s   00:00

 

[root@mylinz2 .ssh]#

 

4.      Verify your work.

[root@mylinz2 ~]# ssh 192.168.10.20

Last login: Wed Jun 19 00:42:27 2013 from 192.168.10.101

 

[root@mylinz1 ~]# ssh 192.168.10.25

Last login: Tue Jun 18 23:59:19 2013 from 192.168.10.101

 

[root@mylinz2 ~]#

 

Let’s move to RSYNC part.

RSYNC SCRIPT

Here is the rsync script which will be used for syncing the data between servers’ mylinz1 & mylinz2.

Here I am running script from mylinz1 to sync the data.

[root@mylinz1 ~]# cat rsync_oracle.sh

#!/bin/bash

# RSYNC SCRIPT TO SYNC TWO SERVER'S SPECIFIC DIRECTORIES

# Website:solariscat.blogspot.com

SOURCE_PATH='/db/oracle/'

SOURCE_SERVER='192.168.10.20'  #Added for reference

DESTINATION_PATH='/db/oracle-bck/'

DESTINATION_HOST='192.168.10.25'

DESTINATION_USER='root'

LOGFILE='rsync_oralce.log'

echo $'\n\n' >> $LOGFILE

rsync -av --rsh=ssh $SOURCE_PATH $DESTINATION_USER@$DESTINATION_HOST:$DESTINATION_PATH 2>&1 >> $LOGFILE

echo "Sync Completed at:`/bin/date`" >> $LOGFILE

 

[root@mylinz1 ~]#pwd

/root

 

[root@mylinz1 ~]#chmod 700 rsync_oracle.sh

This script creates log as well with newly synchronized files information.

 

Testing rsync script:

1.      Run the script manually.

[root@mylinz1 ~]#./rsync_oracle.sh

 

2.      Verify the log file.

[root@mylinz1 ~]# tail -1rsync_oralce.log

kshrc

latrace.conf

ld.so.cache

ld.so.conf

libaudit.conf

libuser.conf

sent 160321 bytes  received 1155 bytes  107650.67 bytes/sec

total size is 156728  speedup is 0.97

Completed at:Wed Jun 19 01:02:25 IST 2013

 

[root@mylinz1 oracle]#

 

3.      Create a new file to sync the data to mylinz2 server.

[root@mylinz1 oracle]#cd /db/oracle/

[root@mylinz1 oracle]# touch verify_rsync

[root@mylinz1 oracle]# ls -lrt verify_rsync

-rw-r--r--. 1 root root 0 Jun 19 01:04 verify_rsync

 

[root@mylinz1 oracle]# cd /root

 

[root@mylinz1 ~]# ./rsync_oracle.sh

 

[root@mylinz1 ~]#

 

[root@mylinz1 ~]# tail -10 rsync_oralce.log

sending incremental file list

./

verify_rsync

 

sent 1093 bytes  received 34 bytes  2254.00 bytes/sec

total size is 156728  speedup is 139.07

Completed at:Wed Jun 19 01:05:03 IST 2013

 

[root@mylinz1 ~]#

 

4.      Verify the whether the newly created file synced in mylinz2.

[root@mylinz2 ~]# cd /db/oracle-bck/

 

[root@mylinz2 oracle-bck]# ls -lrt verify_rsync

-rw-r--r--. 1 root root 0 Jun 19 01:04 verify_rsync

 

[root@mylinz2 oracle-bck]#

 

That’s it. Our rsync script is working fine.

Automating sync

If you want to sync the data between two servers automatically on preferred time interval,you can add the script in to crontab.

Add the below line in root’s crontab to sync the data for every 5 minutes. 

 

0,5,10,15,20,25,30,35,40,45,50,55 * * * * /root/rsync.sh 2>&1 > /dev/null

 

That’s it!!!