FS
Documentation

FAQ

From Documentation

(Difference between revisions)
Jump to: navigation, search
Revision as of 01:45, 28 April 2006
Daniels (Talk | contribs)
(How do I define a scheduled time for once a fortnight)
← Previous diff
Revision as of 01:46, 28 April 2006
Daniels (Talk | contribs)
(How do I define a scheduled time for the last Friday of June and December (6 monthly))
Next diff →
Line 314: Line 314:
==== How do I define a scheduled time for the last Friday of June and December (6 monthly) ==== ==== How do I define a scheduled time for the last Friday of June and December (6 monthly) ====
-Setup new scheduled time as follows: Ord:nnn+Setup new scheduled time as follows:
-When:June, Dec - last Friday+ 
-Schedule Cmd:D1=`cal | tail -c4` ; D2=`expr $D1 - 7` ; db_datemat -m6,12 -d$D2-$D1 -w5 $Today $Start+ Ord:nnn
-Crontab string:* * 5+ When:June, Dec - last Friday
-Check cron:yes+ Schedule Cmd:D1=`cal | tail -c4` ; D2=`expr $D1 - 7` ; db_datemat -m6,12 -d$D2-$D1 -w5 $Today $Start
 + Crontab string:* * 5
 + Check cron:yes
 + 
On some platforms the flag to the tail command may have to be ... tail -4c On some platforms the flag to the tail command may have to be ... tail -4c
 +
=== Backup and Recovery === === Backup and Recovery ===
==== How do I perform a recovery from a backup without the COSmanager Framework? ==== ==== How do I perform a recovery from a backup without the COSmanager Framework? ====

Revision as of 01:46, 28 April 2006

Contents

Frequently Asked Questions

Listed below are some of the questions often asked about our products. If the answer you are looking for is not listed below, more information on our products can be found in your documentation, or at the Technical Notes section.

Functional Software reserves the right to change the information in this Frequently Asked Questions list at any time and without notice. If you are unable to find the answer to your problem in the documentation, or on this website, please contact the Functional Support Line.

sentinel3G

General Questions

How do I fix this GLIBC error when starting sentinel3G under RedHat 9.0?

When starting sentinel3G GUI under RedHat 9.0 I get a message like : couldn't load file ./home/COS_4.2/lib/tnm2.1.10.so. : /home/COS_4.2/lib/tnm2.1.10.so: symbol _res, version GLIBC_2.0 not defined in file libc.so.6 with link time reference. What causes this, and how do I fix it?

The variable ‘_res’ in the system GLIBC 2.3.2 (kernel 2.4.20 and probably higher) is no longer global. Thus you get an error when starting the sentinel3G Host Monitor or Event Manager regarding an undefined symbol ‘_res’. This results in the Sentinel daemons failing to start, and a message in the sentinel3G logfile.

According to some documents found on the Web, the changes to the DNS code was done to make it ‘thread safe’, and this means chaning this global variable to a per-thread variable. This makes it incompatible with binaries linked with earlier libraries (as is the case with sentinel3G). Luckilly there is a simple workaround:

  • Set the evironment variable ‘LD_ASSUME_KERNEL’ to ‘2.4.18’ (or lower) and the libraries will dynamically link the ‘old’ way using the ‘_res’ global variable.
  • The simplest way to get this to happen in sentinel3G is to edit the file ~cosmos/bin/COSstartup, and near the top add the lines: LD_ASSUME_KERNEL=2.4.18
     export LD_ASSUME_KERNEL

Restart ‘cos’. You should now be able to start the sentinel3G daemons correctly.

How do I print the contents of a window?

If you are accessing sentinel3G from a PC running our GUI, you can export the contents of a window to the associated application (normally notepad for text files) and then print it.

If you are able to print the contents of a window then a small printer icon will be displayed next to the search (magnifying glass) icon on the button bar of the window. If the printer icon does not display check the following:

  • Config > COSmanager configuration > Settings > Default printer - by default Default printer is set to either $PRINTER or $LPDEST (depending on platform)
  • Check that the printer set by Default printer exists
  • If set to $PRINTER or $LPDEST check your environment that these variables are set. You may have to set them in .profile (or similar)

Once you know the global setting Default printer is set correctly exit COSmanager completely and rerun cos

How do I print a graph?

With COSmanager version 4.2 graphs cannot be printed directly. If data is being collected and logged, this can be exported to a CVS file and imported to a spreadsheet application (eg Microsoft Excel) and a graph generated and printed.

If you are accessing sentinel3G from a PC running our GUI, you can export the contents of a window to the associated application (normally excel for csv files) and then either print the raw data, or use the application's graphing facility.

The export feature is also a great way to get information into your reports

How do I download icons to my PC or XWindows GUI?

An icon only needs to be downloaded if you see a sentry represented by a square box with a ‘?’ inside. This can occur when Knowledge Bases are installed on Host Monitors and not the Event Manager hosts, or when using PC GUI.

Config > COSmanager configuration > Other tables > icon - select the icon represented by the square box with a ‘?’, then Icon > Download.

How do I upload icons from the Host Monitor to the Event Manager?

If an icon looks incorrect on the sentinel3G console, it may be that it only exists on the Host Monitor but not the Event Manager. This could be due to an installed Knowledge Base that has supplied new icons.

From the console change into the Host View, new select the Host Monitor host, then click Configure > Global tables.

Double click on Other tables, then double click on the Icon table.

Highlight the icon you want to upload to the Event Manager, then click Icon > Upload and choose the Event host.

Note: The COSmanager GUI system is distributed to allow greater flexability and efficiency. If you know the icon exists on the Host Monitor host, but it still displays incorrectly it you may need to download it to your GUI host (normally your PC).

Why are my sentries not sorted by their instance name?

Sentries are displayed in the order the agent recieves its data at the time the Host Monitor (HM) is started. The order in which they are displayed on the console will not change even if the subsequent agent polls return their data in a different order..

To force sentries to be displayed in a desired order, ensure you agent command sorts the output correctly.

Remember, sorting can be a performance issue.

Why don't the threshold lines show when I select more than one sentry?

Threshold lines are ignored when graphing multiple sentries due to the potential for each sentry to have different threshold values

Why do graphs disappear when I restart the Host Monitor?

Graphs are driven directly from the Host Monitor process responsible for the sentry being graphed. Therefore, if a host monitor is restarted, its' process is killed and started. Killing the process breaks the communication link and hence the graph disappears.

How do I configure SSH communications?

By default COSmanager uses the rsh protocol for network communication. As this is not always installed or enabled due to security concerns, ssh can be used as an alternative.

When COSmanager is installed a cosmos user is created, and this user needs to be configured at an OS level to use ssh. The end result is that as the cosmos user on HostA you can run ‘ssh HostB <command>’ (and vice versa) without entering a passphrase.

Click here to display instructions on setting up SSH communications. Click again to hide the solution.. The COSmanager Framework version 4.1 and later optionally support ssh as their communications method rather than rsh (Remote Shell). However, its configuration requires more effort, because keys for the ‘cosmos‘ user must be generated and copied to the remote hosts. This process must be repeated for each host on which COSmanager is installed.

The following commands assume that you are running a reasonably modern version of ssh which supports ‘protocol version 2’, and the ‘DSA algorithm’. They also assume that the ssh package has been installed correctly on your hosts, and that the sshd daemon process is running on each.

To allow COSmanager on host ‘hostA’ to run remote COSmanager commands on ‘hostB’, follow the following instructions:

  1. On ‘hostB’, login as root, and run: su cosmos
  2. Type the command ‘id’ to make sure that your user ID is ‘cosmos’.
  3. Generate a dsa public key/private key pair: ssh-keygen -t dsa or ssh-keygen -d

If you get the message ‘not found’, check that the SSH ‘bin’ directory is in your shell's path, and if not add it.

This command should generate a ‘dsa’ private/public key pair for user ‘cosmos’. Hit ENTER to accept all default value when it asks for the file name to save the key, and also hit ENTER each time you are asked for a passphrase (we do NOT want to use a passphrase).

This should create the files:

   * ~cosmos/.ssh/id_dsa
   * ~cosmos/.ssh/id_dsa.pub
   * ~cosmos/.ssh

Copy the file ‘id_dsa.pub’ to a temporary directory on ‘hostA’. This file will be accessed later when you log onto hostA.

Login in as your normal user ID (assumed to be registered to COSmanager as a ‘Manager’), and run: cos cosmos -C This should bring up the ‘COSmanager Global Configuration’ window.

Double-click on ‘Hosts’, and a list of COSmanager hosts should appear in another window. Double-click on ‘hostA’, and when the form appears, change the ‘Comm method’ field to ‘ssh’. Hit Accept to save the change. If ‘hostA’ is NOT in the list, select ‘Maintain > Add’, and add an entry for hostA, with the ‘Comm method’ field set to ‘ssh’.

Login to hostA as ROOT, and run: su cosmos Run the command: ssh-keygen -t dsa or ssh-keygen -d to generate the keys for hostA.

Change to the ~cosmos/.ssh directory and append the copy of id_dsa.pub copied from hostB (NOT the one in the local directory which was just created by the ssh-keygen command) to the file ‘authorized_keys2’. If ‘authorized_keys2’ does not exist simply copy the id_dsa.pub file from hostB to it. This allows the ‘cosmos’ user on hostB to run a command as user ‘cosmos’ on hostA.

ssh is very fussy about the permissions and ownerships of the files in the .ssh directory, and the ~cosmos & ~cosmos/.ssh directories themselves. Ensure that they are all owned by user "cosmos" and that the permissions are:

~cosmos drwxr-xr-x (755) ~cosmos/.ssh drwxr-xr-x (755) ~cosmos/.ssh/authorized_keys2 -rw------- (600) ~cosmos/.ssh/id_dsa -rw------- (600) ~cosmos/.ssh/id_dsa.pub -rw-r--r-- (644)

Copy the file id_dsa.pub from the .ssh directory to a temporary directory on hostB.

Now go back to hostB, login as ROOT, run: su cosmos and then try the command: ssh hostA pwd (of course the ‘ssh’ program must be in a directory in your search path). When run for the first times to a new host, ssh may say that the host cannot be authenticated, and will ask you if you want to connect. Reply "yes". ssh should add hostA to list of known hosts (file known_hosts2), and you should never be asked again.

If the ~cosmos directory name is NOT returned, then you have a problem! It may be that the public key was not copied into authorized_keys2 correctly, or that the permissions or ownerships of some ssh files are not correct. The easiest way of debugging is to kill the sshd process on the other host (hostA), and run in in DEBUG mode (as root): sshd -Dddd This will NOT start it as a daemon, and will give a lot of debugging information, which should help you pinpoint the problem. Note: sshd will probably NOT be in your search path. Some common locations for it are: /sbin /usr/sbin /usr/local/sbin You will probaly need to use the full pathname when running it. Note: killing sshd is probably not a good idea if other people or applications are using ssh to that host.

Finally, you must go back to hostA, and repeat steps e & f, this time using hostB rather than hostA. Then login as ROOT, run ‘su cosmos’ and repeat steps i through l, using hostB instead of hostA.

Congratulations, COSmanager is now configured to use ssh in both directions between hostA & hostB.

Note: If you are using an older version of ssh, which does not support protocol version 2, you should follow the above instructions, except the filenames under the .ssh directory are different: id_dsa == identity id_dsa.pub == identity.pub authorized_keys2 == authorized_keys known_hosts2 == known_hosts There is also an ssh configuration file often found in /etc/ssh/ssh_config. In this file you can effectively force ssh to use either protocol 1 or protocol 2 by specifying the identity file. Normally no identity file should be specified as ssh is smart enough to determine which to use in any given situation. If you are having problems configuring ssh to use protocol 2 (symptoms include falling back to password authentication even though the keys have been exchanged correctly), check this file and comment out the IdentityFile line: # IdentityFile ~/.ssh/identity

Once this is complete you can configure COSmanager to use ssh:

  1. Start COSmanager configuration (cos cosmos -C from the command line, or click on Config > COSmanager configuration) and double click on the hosts icon.
  2. Select the remote host that you wish to access via ssh and double click it to modify its configuration.
  3. Change the ‘comm meth’ field to ssh.
  4. Test your connectivity by clicking on the Planet icon on the button bar and select ‘Remote‘.
  5. Choose the host you just configured. You should see the button bar for the remote host.
  6. Repeat this process to allow access from HostB back to HostA.

How can I see all actions available for a sentry folder?

To display all the actions for a sentry, select that sentry and run Configure > Actions.

Why does ‘no data to display’ show for quarterly and monthly service level reports, but not for today?

The monthly and quarterly reports finish on the last day of the last month just past.

The weekly and fortnightly reports end today.

The no data to display messages are showing because the logging only started this month, so a monthly or quarterly report quite rightly has nothing to display.

How do I stop a filesystem (or filesystems) from being monitored?

Change the agent to exclude the filesystem.

For example, you may be running web cache software such as Squid, which monitors its own disk usage. Let us assume Squid is running, and has two filesystems configured for its cache, /squid1 and /squid2.

From the console, select one of the filesystems you are monitoring Choose ‘Configure > Agent’ In the ‘Exclude’ field, add your filesystems (/squid1 and /squid2). The ‘Exclude’ field is just a list of instances to ignore, it is not a condition.

How do I monitor a particular filesystem using different thresholds to the others?

Clone the sentry and change it's cloning condition.

For example the /boot filesystem is typically static, so the normal threshholds do not apply.

  1. From the console, choose ‘Configure > Host monitor...’.
  2. Right click on the ‘Free Space’ sentry and choose ‘Clone’
  3. Change the description to ‘Free disk space (/boot static filesystem)’.
  4. Enter a condition in ‘Clone if’: $Filesystem == “/boot”
  5. Hit accept to write the changes.

You should now have two copies of the Free_Space sentry (hint: read the description to tell them apart).

  1. Right click on the original sentry and choose ‘Change’
  2. Change the description to ‘Free disk space (excluding /boot filesystem)’.
  3. Enter a condition in ‘Clone if’: $Filesystem != “/boot”
  4. Hit accept to write the changes.
  5. Exit the ‘Sentry Details’ window From the console
  6. Restart the Host Monitor and ensure all the filesystems appear correctly.
  7. If not, look at the ‘Host log’ for any error messages. The most common problem is entering the condition incorrectly. Remember the condition is case sensitive and the double-quotes are important.

Now the /boot filesystem is a different sentry, and you can modify its threshholds (Configure > Constants) without affecting the other filesystems.

The states for these two sentries are shared, so if you want to change them you will be prompted to first copy the states to the new sentry, or continue to share them.

You must restart the Host Monitor before any changes to the constants will be applied.

Note: If you had two filesystems that you wanted to separate out, all you need to do is change the conditions slightly.

For example, on some operating systems the /usr filesystem is also quite static.

To add /usr to the /boot sentry just change the "Clone if" conditions.

You should understand the boolean operators ‘||’ (logical or) and ‘&&’ (logical and) before attempting this.

On the sentry this is monitoring /boot and /usr the condition should be:

$Filesystem == “/boot” || == “/usr” 

And on the sentry that is monitoring the other filesystems the condition should be:

$Filesystem != “/boot” && $Filesystem != “/usr”

Why is my customized notification not working?

If a COSmanager user is configured to use a notification method other than email, an address for that user must be specified - even if the method does not require an address.

If no address is specified, the default email method will be used.

Linux KB

Why is one or more of my services not showing in the services folder?

Services to be monitored are discovered by parsing the startup scripts in the system startup directory (either /etc/rc.d/init.d or /etc/init.d).

The header comments must contain the following directive to be monitored: # processname:

How do I monitor failed attempts to ‘su’ to another user ID?

By default, the Bad su sentry is turned off as different versions and flavours of Linux log failed su attempts differently.

By default the sentry uses the standard log file agent to monitor the messages file.

For more information on this problem, please click here. Click again to hide information By default, the Bad su sentry is turned off because different versions and flavours of Linux log failed su attempts differently. By default the sentry uses the standard log file agent to monitor the messages file (/var/log/messages) for entries like: Jun 26 10:43:08 bink PAM_pwdb[12444] : 1 authentication failure; marks (uid=667) -> root for su service It does this by matching the following regular expression: n failure.*su service and then it extracts columns using the () operators in another regular expression: uid=([^\)]*)\) -> (.*) for su service This sets the first column to the uid and the second column to the target user. Firstly you should check to see whether the default configuration works on your system:

  1. From the sentinel3G console, configure the host monitor on which you want the sentry to be run (Configure > Host Monitor)
  2. Find the Bad_SU sentry and turn it on
  3. Restart the host monitor
  4. Generate a failed su attempt (as your own user id, run su and enter an incorrect password)

Within a few seconds a new folder (Security) should appear under that host on the console, with an icon indication the user that failed to su. If this does not occur, you will need to reconfigure the agent:

  1. Identify which log file failed su attempts are written to (by default this will be the messages file: /var/log/messages) and find the message generated
  2. You will need to construct a regular expression (see the regex manual page on your system for more details) that will match the given line. For example, if instead the line was: Jun 26 10:43:08 bink PAM_pwdb[12444]: failed su; marks(uid=667) -> root our pattern could be as simple as: ‘failed su’
  3. Create a second regular expression to extract the data we are interested in with round brackets around the data we want to see. For our example it would be: uid="([^\)]*)\) -> (.*)"

To configure the agent, start from the console and follow: Configure > Host Monitor > Select Bad_SU sentry > Right Click > Agent > Agent Options. You then need to configure the select pattern and the variable assignment pattern.

Restart the host monitor and generate another failed su to test your configuration

Solaris KB

How do I add a service to be monitored?

sentinel3G has a full list of possible services that may run on Solaris. This list is far from exhaustive and you may need to add services to be monitored.

Select the Services folder and run action.

Select Add new service to monitor

Squid KB

Why am I having problems accessing squid statistics using SNMP?

The Squid knowledge base uses SNMP to monitor the proxy server. The installation notes for this KB describe how to configure Squid to enable SNMP, but sometimes there can be networking problems that interfere.

This problem is reported in the Host Monitor Log as ‘no SNMP response’

In the Squid configuration file (squid.conf under your squid installation directory) there is a set of access control lists which are used in the sentinel3G specific configuration. By default the localhost acl is as follows: acl localhost src 127.0.0.1/255.255.255.255 If the hostname localhost does not resolve to 127.0.0.1 on the system (for example localhost is configured with a different IP address in /etc/hosts), this acl will not be correctly recognized. The localhost logname should preferably resolve to 127.0.0.1, but if this is not desired, you can change the acl in the squid.conf file to match the correct IP address.

For example, if you run "ping localhost" and the IP address that localhost resolves to is 10.0.0.1 then you should change the acl in the squid.conf file to: acl localhost src 10.0.0.1/255.255.255.255 Then if you restart squid and the monitor, it should be monitored correctly

What does the message ‘snmp_port TAG incorrect or non-existent’ in the Host Monitor Log

By default the SNMP port for squid is configured to be 3041.

If the Squid server is running and SNMP is configured correctly, the snmp_port tag in the squid.conf file is not required.

However, if the Squid server is not running, or there are other problems with the SNMP configuration, you may see this message.

To correct this problem, specify the snmp_port tag in the squid.conf file.

In most cases this is as simple as uncommenting the line: #snmp_port 3041

COSmanager

Scheduler

How do I define a scheduled time for the last Friday of the month?

Set up a new scheduled time as follows:

Ord:nnn
When:Monthly - last Friday
Schedule Cmd:D1=`cal | tail -c4` ; D2=`expr $D1 - 7` ; db_datemat -d$D2-$D1 -w5 $Today $Start
Crontab string:* * 5
Check cron:yes

On some platforms the flag to tail the command may have to be... tail -4c

How do I define a scheduled time for the last working day of the month

Setup new scheduled time as follows:

Ord:nnn
When:Monthly - last working day
Schedule Cmd:day=`cal | tail -c4` ; last="`date +%Y%m$day`" ; [ "`db_date`" -eq "`db_datemat -p -b -w1-5 $last`" ]
Crontab string:* * *
Check cron:yes

On some platforms the flag to the tail command may have to be ... tail -4c

How do I define a scheduled time for once a fortnight

Setup new scheduled time based on the following:

Example: schedule time for the first Monday each fortnight:

Ord:nnn
When:Fortnightly - 1st Monday
Schedule Cmd:WK=`date +%U` db_datemat -w1 && [ 1 -eq `expr $WK % 2` ]
Crontab string:* * 1
Check cron:yes

Example: schedule time for the second Wednesday each fortnight:

Ord:nnn
When:Fortnightly - 2nd Wednesday
Schedule Cmd:WK=`date +%U` db_datemat -w3 && [ 0 -eq `expr $WK % 2` ]
Crontab string:* * 3
Check cron:yes

Explanation of example Schedule Commands above:

WK=`date +%U` gets the week number for today.
db_datemat -w3 returns true if today is Wednesday. -w0 is Sunday, -w6 is Saturday.
`expr $WK % 2` returns a modulo 2 number, 1 for the first week in a fortnight, and 0 for the second.

How do I define a scheduled time for the last Friday of June and December (6 monthly)

Setup new scheduled time as follows:

Ord:nnn
When:June, Dec - last Friday
Schedule Cmd:D1=`cal | tail -c4` ; D2=`expr $D1 - 7` ; db_datemat -m6,12 -d$D2-$D1 -w5 $Today $Start
Crontab string:* * 5
Check cron:yes

On some platforms the flag to the tail command may have to be ... tail -4c

Backup and Recovery

How do I perform a recovery from a backup without the COSmanager Framework?

Performing a restore without COSmanager can be easily accomplished as all backup methods provided make use of common Unix commands. The formats involved are cpio, tar and dump. However, because of the flexabilty in setting up backups through COSmanager, a backup may be comprised of multiple format tape files, and even accross multiple volumes. Then the main issue in recovering files at the command line level is not so much knowing the commands, but knowing what the layout of a given tape, or set of tapes is. Following are the commands required to recover in full a tape file as backed up using a provided backup method.

Recovery Commands

Let us assume that the format and layout of the backup tape is known. Firstly you need to change directory to the base directory you are about to recover. cd <base directory> Secondly, you need to skip to the to the beginning of the appropriate tape file. Remember that the electronic media label is the first tape file. For example, you need to recover /usr which is the third step in your backup, therefore you need to skip to the beginning of the fourth tape file. mt -f <no-rewind device> fsf 3 or mt -t <no-rewind device> fsf 3if on HP/UX or dd if=<no-rewind device> of=/dev/null three times. Then recover the tape file according to the backup format as follows. For the standard cpio backup using the FS-wrapper FScpio use the following command to recover in full: dd if=$Device_nr ibs=<bs> | cpio -icdum For the standard tar backup using the FS-wrapper FStar use the following command to recover in full: dd if=$Device_nr ibs=<bs> | tar xpf - For the standard dump backup using the FS-wrapper FSdump use the following command to recover in full: dd if=$Device_nr ibs=<bs> | ufsrestore xf - for SVR4 versions of Unix, or dd if=$Device_nr ibs=<bs> | restore xf - for SVR3 and Berkley versions of Unix. Where <bs> is the blocksize associated with the media type multiplied by 1024. For example, if your DAT media type has a blocksize of 32 kbytes associated with it then <bs> will be 32768.

How do I print a catalogue of my backup tapes?

COSmanager can simplify this by automatically printing a log of a media set contents immediately after a backup has completed. To do this place the following command in the At-end cmd for the backup job definition. ( medrep -d 0 ; FSdrive $Drive list ) | asuser fsadmin $PRINTCMD Or you can key in the script shown at the end of this section called ~fs/FSadmin/local/bin/medcat and use the following command in either the At-end cmd or the At-unload cmd of the backup job definition. Remember to make the script executable. ( banner $Set_ID ; medcat $Set_ID ; FSdrive $Drive list ) | asuser fsadmin $PRINTCMD An example of this media contents log is shown below. The printout also shows the tape drive operations commands for the backup drive. Knowing these and the devices involved will be useful when, for example, you need to recover /var/spool - the fifth tape file.

Media written in the last 0 days. #1054DAT-hiWritten: 17/08/94Expires: 24/08/94Location: FS Full backup of gomez using portable cpio File 217/08/94-00:01full dumpgomez:/ Full backup of / File 317/08/94-00:13portable full cpiogomez:/usr Full backup of /usr File 417/08/94-00:18portable full cpiogomez:/opt Full backup of /opt File 517/08/94-00:53full targomez:/var/spool Full backup of /var/spool File 617/08/94-02:00 portable full cpiogomez:/local Full backup of /local

Drivedat (Sun DAT unit) TypeDAT-hi Hostgomez Device/dev/rmt/1 No-rewind device/dev/rmt/1n Drive namedat Operator messageDAT drive needs attention Drive classmt_tape (Tape operations via MT(1) command)


Operations ----------------------------------------------------

Statusmt -f $Device_nr status Rewindmt -f $Device_nr rewind Skip forwardmt -f $Device_nr fsf $N Skip backward mt -f $Device_nr bsf $N Unload mediamt -f $Device_nr offline Where $Device refers to the device /dev/rmt/1 above and $Device_nr refers to the no-rewind device /dev/rmt/1n. In the Skip forward and Skip backward operation, $N refers to the number of tape files to be skipped.

Script ~fs/FSadmin/local/bin/medcat #! /bin/sh

  1. medcat.sh
  2. Copyright (c) 1991-1994 Functional Software
  3. All Rights Reserved
  4. Media reports
  5. ident@(#)medcat.sh1.1 (Functional Software - FSadmin) 94/08/30

USAGE="Usage: medcat Set_ID"

if [ -z "$1" ]; then echo $USAGE >&2 exit 1 fi

SORTPARMS="Written Set_ID Sequence File" RPTPGM=msetrep.awk

db_sel media "Set_ID == \"$1\" && Usage != \"scratch\"" | \ db_join -n - medcont Number | \ db_sort - $SORTPARMS | \ db_rpt - $APPL_HOME/report/$RPTPGM 8. How do I accomodate for disaster recovery? (draft) A backup must contain the following:

  1. file system
  2. COSmanager directory structure
  3. audit trail directory /usr/spool/log


Have on hand the hardcopy catalogue of this tapes contents.

Initially recover the root file system, then COSmanager and the audit trail directory. See FAQ How do I perform a recovery from backup without COSmanager? to do this.

After recovering COSmanager, you must acknowledge the backup job that performed this backup so that the status tables are cleared. For version 2.4.x this done by performing the option Unload media from drive on the Manage removable media jobs menu. For version 2.5.x this is done by performing the option Acknowledge job completion on the Manage removable media jobs menu. This will return COSmanager to the status just after the above backup was completed.

You can now use COSmanager to perform the recovery of the rest of your system. This may mean applying incremental backups to full backups.

How do I perform an interactive dump recovery?

Setup new recovery method as follows: Method:dump interactive Description:Recover interactive from dump Format:dump Index Command: Full Recovery:cd $Directory ; ufsrestore -ivf $Device_nr < /dev/tty Selected Rcvry: Use STDOUT?no Remote support?no Run on host:file_host

How can I get a report detailing steps of all backup jobs run across my Data Center?

Setup an at-request duty that calls the following script: for host in `db_sel -h hostinfo "Admintype != \"\"" Hostname`; do for bujob in `FSremote $host "db_proj -h backup Job`; do echo "Host: $host\n\n" FSremote $host "showback $bujob" echo "\n\n" done done | scroll -H0

How can I get a background backup job to output the log to standard out?

Some people wish to capture the backup log to other than the log file itself. Either for it to be mailed to a user or to be captured by a task/batch scheduler system. This can be done by a minor change to ~fs/FSadmin/bin/FSbackup. Change the line (around line 206 in the background portion of the case statement) setpgrp runback ${load_now:+-L} "$Drive" $ID "$Job" >$LOG 2>&1 to setpgrp runback ${load_now:+-L} "$Drive" $ID "$Job" 2>&1 | tee $LOG

General Questions

How does COSmanager's remote system management affect the security of remotely managed systems? (draft)

To answer this it is necessary to explain how COSmanager manages those systems.

For the purpose of system management, COSmanager defines a host as either a Master, a Remote or a Slave. A Slave system can only administer itself. A Master can administer and any other host marked as Remote or Slave. A Remote system is another Master on the same network. This enables arbitary management domains to be defined.

To administer a Slave, a Master executes commands through a local program called FSremote. This program looks up a communication method, in the comm_meth table, and uses this to execute the command via the FSadmin command on the Slave.

The standard communication method used by COSmanager is rsh. To use this method a .rhosts file is created for the user fsadmin on the Slave systems that allow root or fsadmin access from the Master. In itself, this .rhosts file does not represent a security threat. In version 2.5.2 the fsadmin account is not privileged and users remotely logging in are captured by a .profile and securely put into COSmanager.

The command, FSadmin, is a set UID root program used to either start COSmanager or execute a command passed as a parameter. Running the command CM results in the execution of FSadmin which starts COSmanager. Under normal usage, the FSadmin command performs security checks to validate the user ID and check that they are authorised to use COSmanager. If the FSadmin command is invoked by root or fsadmin and passed a command to execute the normal security checks are bypassed and the command is run as root. This is the case when it is executed by FSremote to manage a remote system.

Normally the slave FSadmin is executed as a request from a COSmanager Master. This ensures that the user on the Master is allowed to run that administration task. However, if the user on the Master can get an fsadmin or a root shell, then they can remotely execute any command on any slave as root. This is possible because the slave does not authenticate that the commands were sent by COSmanager. This means that root on the Master system has root privilages on all the remote systems. Most products currently available on the market do not perform authentication,and so are susceptable to the same problem.

By ensuring that the root account on COSmanager masters is protected from unauthorised use, COSmanager does not introduce further security risks to a network. COSmanager facilitates this by enabling the use of the root account to be minimised.

CPIO versus TAR versus DUMP (draft)

Advantages of CPIO:

   * allows file/pathnames of up to 1024 characters
   * streaming, ie. non-blocked, output is good for non-blocking devices (networks, disk files, some tape drives)
   * uses wildcards to match filenames upon restore
   * can interactively rename files during restore
   * reads list of filenames to backup from stdin; this allows for precise control of files backed up, but can be an inconvenience as well since more thought has to go into using the command
   * flexible use at the beginning or end of a shell pipeline, or as a filter (read filenames from stdin, send archive to stdout, or vice versa)
   * preserves hard links and symbolic links, as selected by options
   * SVR4 (and Solaris) support multiple volumes
   * backup and restore special device files
   * supports incremental backups

Disadvantages of CPIO:

   * recovering files from a damaged archive can prove difficult if the archive contains other cpio archives, since the embedded archive trailer will cause recovery to become out-of-sync
   * somewhat less portable than tar, although afio is freely available as source code
   * somewhat obnoxious options dealing with directory creation during a restore operation
   * filesystems being backed up *must* be mounted; a file could be modified while being written to media
   * no built-in method for incrementals (must use "find -mtime" technique, which has crude granularity)
   * format is not portable from SVR4 to SVR3

Disadvantages of TAR:

   * does not handle long filenames

Advantages of DUMP:

   * maintains an index on the tape
   * supports backup of unmounted filesystems

Disadvantages of DUMP:

   * does not read through the filesystem, but reads the raw device. Therefore dump backups can be out of sync with the in memory copy of the filesystem
   * filesystems should be unmounted before performing a dump backup
   * restore will not work remotely because it opens /dev/tty
   * format not portable across all platforms
   * not available on AIX 3.2
   * ATT 4.3 version of ufsdump is broken

When adding a user to a hostgroup, how do I perform commands on all hosts in the hostgroup?

Following is the code you need in your SetupUser script. if [ -n "$Access" ]; then AccessListAll=`db_sel -h acchost "Hostgroup == \"$Access\"" Hostname` fi

for host in $AccessListAll# execute on each host in access list do if [ "$ADMINHOST" = "$host" ] then $Command else FSremote $host "$Command" fi done "$Command" represents the command you wish to execute.

How do I access COSmanager man pages on the Sequent ptx 2.x port?

The normal method to access COSmanager man pages is to alter the MANPATH environment variable. The operating system Dynix/ptx 2.x does not have or use the MANPATH environment variable.

For ptx, third party software man pages need to be preprocessed (using nroff(1)), packed (using pack(1)) and linked to the standard man page directory. Following is a list of commands to do this for you: cd $Fshome/man/man1 for MP in `echo *.1`; do nroff -man $MP > $MP.tmp pack $MP.tmp mv $MP.tmp.z $MP.z ln -s $MP.z /usr/catman/man1/$MP.z done

$FShome/man/man1 contains COSmanager application related man pages. $FShome/man/manp contain Functional Toolset related man pages