PPT

1
Copyright 2013, Oracle and/or its affiliates. All rights reserved.
Confidential Oracle Internal
ACSLS 8.3
Martin Ryder
Chris Morrison
George Noble
Program Agenda
Whats New
Installation
SELinux
Enhancements, Features and Utilities
Bug Fixes
Whats New with ACSLS 8.3
ACSLS on Solaris 11
ACSLS on Linux 6
Customer-defined
Installation Directories
Platform Support
ACSLS 8.3 is supported on seven platforms
SPARC Solaris-10 Update 10
X86 Solaris-10 Update 10
Oracle Linux 6.3
Solaris 10
Full functionality
ACSLS on Solaris-10 is fully functional
All physical libraries and drives
Logical Library Support
The ACSLS GUI
lib_cmd
ACSLS HA 8.2.1
Solaris 11
Full support, but without HA.
Functional ACSLS features on Solaris-11
The ACSLS GUI
lib_cmd
ACSLS HA 8.3 is in development
Linux 6
Logical Libraries and HA are not supported
Functional ACSLS features on Linux 6
The ACSLS GUI
lib_cmd
Linux 6
SCSI Library Support on Linux
Includes support for FC-attached libraries: SL150, SL500
Uses the sg driver - no mchanger driver for Linux
The install_scsi_Linux.sh utility installs a rules file for udev

The mchanger links are created and maintained by udev
Linux 6
SCSI Library Support on Linux mchanger links
The /dev/mchanger* links on Linux look different than those on Solaris
The link includes a unique identifier supplied by udev
Example:
/dev/mchanger-3500104f0007a8532
Using the identifiers allows persistent device links for ACSLS

The targets of those links (/dev/sg<n>) are volatile
The links are automatically updated by udev
10
Linux 6
SCSI Library Support on Linux install_scsi_Linux.sh
# ./install_scsi_Linux.sh
Installing SCSI device(s) for Oracle StorageTek ACSLS.
Adding ACSLS rules for udev ...
Starting udev:
OK
Successfully built the following...

/dev/mchanger-3500104f00079f9d2: STK SL500 V-1485 336-cells 10-drives
/dev/mchanger-3500104f0007a8532: STK SL500 V-1485 205-cells 6-drives
/dev/mchanger-3500104f000cc6a67: STK SL150 V-0182 59-cells 4-drives
Installation of SCSI device(s) successfully completed.
11
Java Support
Supported Java Versions
Java 6
Java 7
12
Browser Support
Tested Browsers with the ACSLS 8.3 GUI
Firefox 22.0
Chrome 28.0
IE 8+ Requires a custom SSL certificate.
13
Installation
14
Installation Packages
Download from the Oracle eDelivery site
Solaris Sparc: V39783-01.zip
Solaris X86:
V39784-01.zip
Linux:
15
V39785-01.zip
Installation Flexibility
Customer decides where ACSLS resides.
Solaris:
# pkg_install.sh
Should the base directory be /export/home? (y/n) n
Enter the path to the base directory [?,q] /opt/home
Linux:
# rpm ivh --prefix /opt/home STKacsls_8.3.0.i686.rpm
16
PostgreSQL Installation
PostgreSQL Versions
PostgreSQL 8.3 (Solaris)
PostgreSQL 8.4 (Linux)
17
Solaris 10: PostgreSQL is already installed
PostgreSQL 8.3
18
Solaris 11: Five PostgreSQL packages to install
Installed automatically with pkg_install.sh
SUNWpostgr-83-server
SUNWpostgr-83-client
SUNWpostgr-83-server-data-root .
SUNWpostgr-83-libs
SUNWopenssl-libraries
19
Linux: PostgreSQL must be downloaded
from the Oracle yum repository
Setup the Yum Repository
# cd /etc/yum.repos.d
# server=public-yum.oracle.com
# repository=public-yum-repo
# wget http://$server/$repository
20
Linux: Install 8 packages with yum
# yum install unixODBC
# yum install glibc.i686
# yum install pam.i686
# yum install postgresql-libs.i686
# yum install libxml2
# yum install libxml2.i686
# yum install libstdc++.i686
# yum install postgresql.i686
21
Linux: Install PostgreSQL ODBC libraries
# cd /opt
# server=public-yum.oracle.com
# path=repo/OracleLinux/OL6/3/base/i386/
# pkg1=postgresql-odbc 08.04.02001.el6.i686.rpm
# wget http://$server/$path/$pkg1
# rpm -ivh $pkg1
22
Linux: Install PostgreSQL Server
# pkg2=postgresql-server-8.4.11-1.el6_2.i686.rpm
# wget http://$server/$path/$pkg2
# rpm -ivh --nodeps $pkg2
23
ACSLS 8.3 Installation

Added flexibility in install.sh
User can install the entire product or selected subsystems.
User can install, re-install, or remove selected components.
User can now preserve an existing database
If DB is not installed, it will be installed automatically.
If DB is installed, user is prompted whether to re-install.
24

If user elects to install Logical Library support, then the following are
installed automatically.
smce
stmf
surrogate
rmi-registry
WebLogic
ACSLS GUI
lib_cmd
25

If user elects not to install Logical Library support, then
The user may elect to install the GUI
Thu user may elect to install lib_cmd.
If the ACSLS GUI is already installed,
the user may elect

to keep the existing GUI configuration
to re-install/rebuild the GUI configuration
to remove the GUI
26
SELinux
27
SELinux
Security Enhanced Linux
Initially developed by the NSA in the late 1990s
Designed to meet common security goals
Mandatory Access Control
Type enforcement
Role-based access control
Multi-level security
Released with Linux Kernel 2.6.0 in 2003
28
SELinux
Mandatory Access Control (MAC)
POSIX Discretionary Access Control:
user:group:other
Read:write:execute
SELinux Mandatory Access Control:

user:group:other
user-role:type:level
read:write:execute:append:create:remove:execmod
link:unlink:swapon:quotaon:mounton:rename:setattr
execut_no_trans:entrypoint:lock:unlock:ioctl
29
SELinux
SELinux Policy Enforcement
Every process runs in a security domain
confined vs. unconfined
Every resource is identified by its type

process vs. file.
Access is governed by specific policies.

Policies are enforced by the Linux kernel
A policy governs:
The level of access within a domain
for a specific resource type.
30
SELinux
SELinux Enforcement
To disable enforcement
# setenforce 0
To enable enforcement
# setenforce 1
To disable enforcement across reboots:
edit /etc/selinux/config:
Change SELINUX=enforcing to SELINUX=permissive
31
SELinux
Monitoring SELinux Enforcement
To view the current status of SELinux:
# sestatus
SELinux status: enabled
Current mode: enforcing
To view the actual rules that disallowed access:
# vi /var/log/audit/audit.log
32
SELinux
Custom Policy Modules
To create a policy module in response to a failed operation:
# cd /var/log/audit
# audit2allow -a -M <ModuleName>
This creates a file: <ModuleName>.pp

To load the newly-created policy module:
# semodule -i <ModuleName.pp>
To unload a policy module:
# semodule -r <ModuleName>
33
SELinux
ACSLS Policy Modules
Three ACSLS policy modules are loaded
when you run install.sh on Linux:

allowPostgr
acsdb
acsdb1
These policies extend access to resources that are
running in a confined domain (e.g. PostgreSQL )

for users acsss and acsdb.
34
Enhancements,
Features, and Utilities
35
ACSLS 8.3 Enhancements

More Robust Automatic Cleaning
When a cleaning attempt fails, try to select another cleaning
cartridge to clean the drive.

Identify used-up (spent) cleaning cartridges in query clean, volrpt,
display volume, and the acsss_event.log.

Retry the failed dismount of a cleaning cartridge.
Ensure cleaning cartridges are used up before
their usage is maxed-out.
36

Support Library and Tape Drive Enhancements
Support up to 16 partitions in an SL8500
Library Complex
The SL8500 now lets customers define partitions
in a library complex of multiple SL8500s
connected via pass-thru ports.
37

Support Library and Tape Drive Enhancements
Support T10000D Fibre Channel over Ethernet
(FCoE) Tape Drives
Note:
ACSLS 8.2 supports Fibre and FICON T10000D
tape drives.
38

acsls_startup_policy (Solaris)
The SMF startup time limit for acsls is now adjustable.
Library configuration determines normal start-up time:

# $ACS_HOME/bin/calc_acsls_start_timeout.sh
If this calculated timeout is not sufficient:

a) Run acsss timeout to see the current timeout.
b) Edit ~/data/external/acsls_startup_policy
c) Assign a value in minutes to the line that begins:
additional_startup_time=
d) Run acsss timeout to see the new timeout value.
39

acsls_startup_policy (Solaris)
Customers can exempt startup recovery of troublesome libraries.
To exempt a particular ACS from offline-to-online recovery:
Edit ~/data/external/acsls_startup_policy
Remove the comment character (#) from the target ACS:
#ACS3_desired_startup_state_is_offline
ACS3_desired_startup_state_is_offline
40

Improved status granularity with acsss_config
41

The acsss utility
Improved granularity with acsss status
# acsss
status
acsdb [online|offline]
smce [online|offline]
stmf [online|offline]
surrogate [online|offline]
rmi-registry [online|offline]
acsls [online|offline|starting]
weblogic [online|offline|starting|stopping]
42

The acsss utility
New status options
acsss a-status (Show the status of acsls)

acsss d-status (Show the status of acsdb)
acsss w-status (Show the status of weblogic)
acsss timeout (Set|Show the start time limit for acsls)
43

New diagnostic logs
acsls_start.log (Linux)
acsdb_start.log (Linux)
chkloc.log (Captures errors from cron-activated chkloc.sh )
44
ACSLS 8.3 Utilities

Fast-boot control with chkFB.sh (Solaris X86)
chkFB.sh: enables/disables fast-boot for Solaris
Applies only to Solaris-11 X86 machines.
ACSLS disables this feature by default.
Fast boot must be disabled for mchanger and qlt drivers.
45
ACSLS 8.3 Utilities

Check GUI status with chkGui.sh
chkGui.sh checks the following:
Is WebLogic running?
Is the SlimGUI application deployed?
Does a localhost http request to SlimGUI return success?
Is a firewall utility (ipfilter or iptables) running?
Does firewall policy accept input from ports 7001 and 7002?
46
ACSLS 8.3 Utilities

The get_diags utility
Diagnostic files added to the get_diags payload.
SELinux audit log.
Solaris SMF start/stop logs
Linux init.d start logs (acsls and acsdb)
WebLogic AdminServer.log
Resource and Cluster checks for HA installs
Date and time of get_diags snapshot.
47
ACSLS 8.3 Utilities

The probeFibre.sh utility
Supported on both Linux and Solaris systems
Bug 16788436: "-v" option showed only the first HBA
Changes to output for "-v" (verbose) option
No changes for default or "-p" (programmatic) option
48
ACSLS 8.3 Utilities

probeFibre.sh v on Solaris
Emulex LP11002-M4 HBA is attached.
WWPN: 10000000c951d23c
STK SL500 LUN 0 WWPN: 500104f00079f9c9
STK SL150 LUN 1 WWPN: 500104f000cc6a68
STK SL150 LUN 1 WWPN: 500104f000cc6699
STK SL500 LUN 0 WWPN: 500104f0007a8533
WWPN: 10000000c951d23d
QLogic 375-3356-02 HBA is attached.
WWPN: 2100001b320c2b19
QLogic 375-3356-01 HBA is attached.
WWPN: 210000e08b94060b
WWPN: 210100e08bb4060b
49
WWNN:
WWNN:
WWNN:
WWNN:
500104f00079f9c8
500104f000cc6a67
500104f000cc6698
500104f0007a8532
ACSLS 8.3 Utilities

probeFibre.sh v on Linux
Model QLA2342 HBA is attached.
WWPN: 210000e08b865829
WWPN: 210100e08ba65829
STK SL150 LUN 1 WWPN: 500104f000cc6a68
STK SL500 LUN 0 WWPN: 500104f0007a8533
STK SL500 LUN 0 WWPN: 500104f00079f9c9
STK SL150 LUN 1 WWPN: 500104f000cc6699
WWPN: 210000e08b91e2a1
WWPN: 210100e08bb1e2a1
WWPN: 210000e08b8329a3
WWPN: 210100e08ba329a3
50
WWNN:
WWNN:
WWNN:
WWNN:
500104f000cc6a67
500104f0007a8532
500104f00079f9c8
500104f000cc6698
ACSLS 8.3 Utilities

The fixVol.sh utility
Includes updates (post 8.2) for Oracle GIT
Improved handling and correction of status and location,
especially for absent or misplaced volumes

Most updates are now integrated and happen automatically
The script can still be useful to correct pre-existing issues
(such as records imported by db_import.sh)
51
Bug Fixes
52
Bug Fixes in ACSLS 8.3

For acsss_config, added cleanup of database records for logical
libraries when an ACS is removed from the configuration

NOTE: this does not clean up all FC information
Best practice: delete any logical libraries first
53

On Move Medium by FC clients, destination slot was not
recorded correctly by ACSLS (impacted dismount and eject

operations)
Absent logical volumes caused problems for FC clients
Clients would find drives or slots reported
as full, although no volume was present.
54

Mounts and Dismounts
When a dismount failed and the cartridge was left in the drive, the
vol_id in the drive database record was cleared.

Mount requests could hang in limbo when auto cleaning failed.
Always report cleaning failures because of spent
cleaning cartridges.
A volume being mounted from a reserved cell
could be marked absent
55

Other ACSLS Functions
Allow a reserved cell to be updated to inaccessible by audit.
Send an LSM Inoperative Event after LSM Not Ready.
CSI_MULTI_HOMED_CLient on x86 - Client
IP address had octets in reverse order.
56
Questions?
57
58
59

PPT

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

PPT

Uploaded by

Copyright:

Available Formats

1

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Whats New with ACSLS 8.3

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Oracle Linux 6.3

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

ACSLS HA 8.3 is in development

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

The install_scsi_Linux.sh utility installs a rules file for udev

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Using the identifiers allows persistent device links for ACSLS

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Successfully built the following...

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

IE 8+ Requires a custom SSL certificate.

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

ACSLS 8.3 Installation

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

ACSLS 8.3 Installation

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal

ACSLS 8.3 Installation

If the ACSLS GUI is already installed,

the user may elect

Copyright 2013, Oracle and/or its affiliates. All rights reserved.

Confidential Oracle Internal