2017年12月18日 星期一

EMC Data Protection Advisor 6.4 安裝


  • OS: CentOS 7  *2 
  • 先安裝DPA Datastore,再安裝DPA Application (必要條件)
  • 安裝選項可將Datastore和Application裝在同一台,但是原廠支援的方式是兩個服務裝在不同機器(VM)的架構。
  • 使用FQDN

在CentOS 使用root權限,
安裝Datastore                                                                                               
# chmod +x EMC-DPA-Server-Linux-x86_64-6.4.0.8.bin
# ./EMC-DPA-Server-Linux-x86_64-6.4.0.8.bin

出現License Agreement   按Enter繼續

============================================================================
Choose Install Folder
---------------------

Please choose a target folder for the installation of the DPA services

Where would you like to install?

  Default Install Folder: /opt/emc/dpa

ENTER AN ABSOLUTE PATH, OR PRESS <ENTER> TO ACCEPT THE DEFAULT
      :



============================================================================
Choose Install Set    務必先安裝Datastore
------------------

Please choose the Install Set to be installed by this installer.

  ->1- Application Service
    2- Datastore Service
    3- Application and Datastore Service

ENTER THE NUMBER FOR THE INSTALL SET, OR PRESS <ENTER> TO ACCEPT THE DEFAULT
   : 2



=============================================================================
Low Memory Detected
-------------------

The installer has determined that while there is enough memory on the host to
permit the DPA services to start, the amount of memory is below the
recommended minimum.
Reason :Low memory availablity for installation

Performance and stability issue could arise if you decide to continue with the
installation.

Please increase the amount of memory allocated to this host.


PRESS <ENTER> TO ACCEPT THE FOLLOWING (OK):



=============================================================================
Advanced Configuration
----------------------


This installer is capable of supporting advanced installation options for the
service selected.

In most cases a standard (non-advanced) installation will suffice, but if you
would like to tailor the installation, please enter 'Y'.

Please note: advanced configuration options can be executed post installation
using the DPA command line interface.

Show Advanced Installation Options (Y/N): y



=============================================================================
Datastore Advanced Options
--------------------------


Advanced Datastore options are :

- Do not register DPA services
- Do not start DPA services
- Do install with advanced layout options
- Configure existing unix user account

Do you want to select advanced options (Y/N): N



=============================================================================
Pre-Installation Summary
------------------------

Review the following settings before proceeding

Product Name:
    Data Protection Advisor

Install Folder:
    /opt/emc/dpa

Install Set:
    Datastore Service

IPv4 Present
    TRUE

IPv6 Present
    TRUE

Disk Space Information (for Installation Target):
    Required:      873.3 MegaBytes
    Available: 39,173.16 MegaBytes

PRESS <ENTER> TO CONTINUE:



=============================================================================
Installing...
-------------
 
Please Wait
-----------

============================================================================
Please Wait
-----------

Creating DPA Datastore Service Account...
-

============================================================================
Please Wait
-----------

===============================================================================
Datastore Bind Addresses
------------------------


Please specify which IP addresses the datastore service should allow DPA
applications services access from.


Please also include the IP you wish to use for this machine.

Please note that listening addresses can be either IPv4 or IPv6, but not both.

    1- fe80:0:0:0:8474:410f:6836:170d%2
    2- 192.168.1.131

Select Option(s): 2



=============================================================================
Please Wait
-----------

Configuring the datastore bind address...
\

=============================================================================
Datastore Client Addresses
--------------------------

Please enter the IP addresses for all DPA application service hosts that will
connect to and use this datastore.


At least one IP address must be provided.
 Additional clients can be added to the datastore access using the DPA command
line interface.
    1- Add an Application Client Address
    2- Remove an Application Client Address

    3- Review and Complete

Select action: 3

At least one application node must be specified as a client to this datastore.

Current List:

    1- Add an Application Client Address
    2- Remove an Application Client Address

    3- Review and Complete

Select action: 3

At least one application node must be specified as a client to this datastore.

Current List:

    1- Add an Application Client Address
    2- Remove an Application Client Address

    3- Review and Complete

Select action: 1

New Address: 192.168.1.132             填入Application的IP

Current List:
            192.168.1.132

    1- Add an Application Client Address
    2- Remove an Application Client Address

    3- Review and Complete

Select action: 3

Current List:
            192.168.1.132
Completed ? (Y/N): y



===============================================================================
Please Wait
-----------

Configuring the datastore client address...
\

===============================================================================
Datastore Replication Option
----------------------------


By default the DPA datastore service is installed not configured for
replication.
If replication is required please enter 'Y' and then the role of this
datastore installation.
Do you wish to configure for replication (Y/N): Y           (如果要Replication這裡要選Yes)         
    1- Install datastore as a MASTER
    2- Install datastore as a SLAVE

Select replication role: 1



===============================================================================
Datastore Replication Data Entry
--------------------------------


This datastore is being installed as a MASTER datastore.

You can specify the address of the SLAVE datastore that it will replicate to
below, or specify it on the command line subsequently.

Note that the MASTER has been set to IPv4, so the SLAVE's address also needs
to be IPv4.
Enter IP address:



=============================================================================
Please Wait
-----------

=============================================================================
Agent Installation Options
--------------------------


Advanced Application options are :

- Do not start DPA Agent service
- DPA Agent will monitor Oracle Databases

Do you want to select advanced options (Y/N): n



=============================================================================
Configure Agent
---------------

Please enter the IP Address of the DPA Application Service that the installed
DPA Agent needs to communicate with.
Please note that if you are using clustered DPA Application servers you must
provide the Load balancer IP Address.

IP Address  (Default: 192.168.1.132):



=============================================================================
Please Wait
-----------

Installing DPA Datastore Service...
/

===============================================================================
Please Wait
-----------

Starting DPA Datastore Service...
|

===============================================================================
Please Wait
-----------

Creating required tablespaces...
/

=============================================================================
Set Datastore Password                             設定Datastore密碼         
----------------------


Please set the Datastore password.
The password must have:
- at least 9 characters
- at least 1 uppercase letter
- at least 1 lowercase letter
- at least 1 special character
- at least 1 digit

Enter Password:
Re-enter Password:



=============================================================================
Please Wait
-----------

Installing DPA Agent Service...
/

=============================================================================
Please Wait
-----------

Starting DPA Agent Service...
/

=============================================================================
Installation Complete
---------------------

Congratulations! Data Protection Advisor has been successfully installed to:

/opt/emc/dpa

For support, visit the Data Protection Advisor Product Page on the EMC Online
Support Site :

https://support.emc.com/products/829



PRESS <ENTER> TO EXIT THE INSTALLER:






安裝Application                                                                                            
# chmod +x EMC-DPA-Server-Linux-x86_64-6.4.0.8.bin
# ./EMC-DPA-Server-Linux-x86_64-6.4.0.8.bin


出現License Agreement   按Enter繼續

============================================================================
Choose Install Folder
---------------------

Please choose a target folder for the installation of the DPA services

Where would you like to install?

  Default Install Folder: /opt/emc/dpa

ENTER AN ABSOLUTE PATH, OR PRESS <ENTER> TO ACCEPT THE DEFAULT
      :



============================================================================
Choose Install Set    
------------------

Please choose the Install Set to be installed by this installer.

  ->1- Application Service
    2- Datastore Service
    3- Application and Datastore Service

ENTER THE NUMBER FOR THE INSTALL SET, OR PRESS <ENTER> TO ACCEPT THE DEFAULT
   : 1



=============================================================================
Low Memory Detected
-------------------

The installer has determined that while there is enough memory on the host to
permit the DPA services to start, the amount of memory is below the
recommended minimum.
Reason :Low memory availablity for installation

Performance and stability issue could arise if you decide to continue with the
installation.

Please increase the amount of memory allocated to this host.


PRESS <ENTER> TO ACCEPT THE FOLLOWING (OK):



=============================================================================
Advanced Configuration
----------------------


This installer is capable of supporting advanced installation options for the
service selected.

In most cases a standard (non-advanced) installation will suffice, but if you
would like to tailor the installation, please enter 'Y'.

Please note: advanced configuration options can be executed post installation
using the DPA command line interface.

Show Advanced Installation Options (Y/N): y



=============================================================================
Application Advanced Options
----------------------------


Advanced Application options are :

- Do not register DPA services
- Do not start DPA services
- Do install as a clusterable service

Do you want to select advanced options (Y/N): n



=============================================================================
Application Security Options
----------------------------


Advanced security option is :

- Use TLS 1.2 only
Configure the DPA service to use TLS protocol version 1.2 only.

DPA services running TLS protocol version 1.2 only are supported with DPA
Agent version 6.3 and later only.

Do you want to use TLS 1.2 only (Y/N): Y



=============================================================================
Pre-Installation Summary
------------------------

Review the following settings before proceeding

Product Name:
    Data Protection Advisor

Install Folder:
    /opt/emc/dpa

Install Set:
    Application Service

IPv4 Present
    TRUE

IPv6 Present
    TRUE

Disk Space Information (for Installation Target):
    Required:  1,284.62 MegaBytes
    Available: 39,173.4 MegaBytes

PRESS <ENTER> TO CONTINUE:


============================
Installing...
-------------

 [==================|==================|==================|==================]
 [------------------|------------------|------------------|------------------]



=============================================================================
Please Wait
-----------

Configuring to use TLS 1.2 only...
\

=============================================================================
Please Wait
-----------

Generating self-signed certificate...
-

=============================================================================
Identify the DPA Datastore to connect to
----------------------------------------

Please enter the IP Address for the instance of the DPA Datastore service that
this application service will connect to

Datastore Address (Default: ): 192.168.1.131




===============================================================================
Datastore Communication Failure     
Datastore OS的防火牆造成Applicaton安裝時的失敗,關閉Datastore的防火牆即可    
-------------------------------

The DPA Datastore service address entered is not visible from this host.
Please check the provided Address or your Network Configuration (including
Firewalls) to ensure that communications are available.

PRESS <ENTER> TO ACCEPT THE FOLLOWING (OK):


===============================================================================
Identify the DPA Datastore to connect to
----------------------------------------

Please enter the IP Address for the instance of the DPA Datastore service that
this application service will connect to

Datastore Address (Default: ): 192.168.1.131




===============================================================================
Please Wait
-----------



===============================================================================
Agent Installation Options
--------------------------


Advanced Application options are :

- Do not start DPA Agent service
- DPA Agent will monitor Oracle Databases

Do you want to select advanced options (Y/N): n



===============================================================================
Configure Agent
---------------

Please enter the IP Address of the DPA Application Service that the installed
DPA Agent needs to communicate with.
Please note that if you are using clustered DPA Application servers you must
provide the Load balancer IP Address.

IP Address  (Default: 127.0.0.1):



=============================================================================
Set Datastore Password            設定Datastore密碼
----------------------

Please set the Datastore password.
The password must have:
- at least 9 characters
- at least 1 uppercase letter
- at least 1 lowercase letter
- at least 1 special character
- at least 1 digit

Enter Password:
Re-enter Password:


===========================================================================
Set Administrator Password       設定管理者密碼
--------------------------


Please set the Administrator password.
The password must have:
- at least 9 characters
- at least 1 uppercase letter
- at least 1 lowercase letter
- at least 1 special character
- at least 1 digit

Enter Password:
Re-enter Password:



=============================================================================
Please Wait
-----------

Installing DPA Application Service...
\
=============================================================================
Please Wait
-----------

Starting DPA Application Service...
|

=============================================================================
Please Wait
-----------

Installing DPA Agent Service...
\

============================================================================
Please Wait
-----------

Starting DPA Agent Service...
-

============================================================================
Installation Complete
---------------------

Congratulations. Data Protection Advisor has been successfully installed to:

/opt/emc/dpa

Depending on the performance of the host servers, the initial startup of DPA
will typically take from 5 to 15 minutes. After this time, to launch the DPA
user interface, enter this URL into your web browser:

https://dpa-ap.domainname:9002


注意視窗彈跳封鎖,需使用flash。 administor / root的密碼





2017年12月7日 星期四

EMC Avamar 批次刪除或是expire儲存於DataDomain的大量備份



Avamar整合DataDomain時,如因備份空間不足時,需要刪除或是過期備份檔案。




使用modify-snapups 指令將2017/10/17前的backup列出,並產生expire 的Script
# modify-snapups --mode=expire --domain=/ --before=2017-10-17 > expire-backups-output-script.txt

或使用
modify-snapups 指令將一個月前的backup 列出,並建立出刪除的 Script。
# modify-snapups --mode=delete --domain=/ --before='1 month ago' > output-script.txt
# chmod +x output-script.txt

# more output-script.txt  


備份資料刪除後,DD並不會馬上就把空間清出,預設是每週二上午0600清除

可用df –h 查看可以刪除的檔案大小


sysadmin@dd# sysadmin@dd# filesys clean show schedule
Filesystem cleaning is scheduled to run "Tue" at "0600".
sysadmin@dd#

可以下指令直接方式清除
sysadmin@dd# sysadmin@dd#filesys clean start

並以下列指令察看進度
sysadmin@dd# sysadmin@dd#filesys clean watch


2017年12月5日 星期二

EMC DataDomain GUI 無法登入

EMC DataDomain GUI 無法登入

畫面如下:

"The GUI Service is temporarily unavailable" 




  • 以SSH登入DataDomain Console,輸入下列指令
adminaccess disable http
adminaccess disable https
adminaccess certificate generate self-signed-cert
adminaccess enable http
adminaccess enable https

開啟瀏覽器,即可登入DD GUI管理介面


















Ref:
https://emcservice.force.com/CustomersPartners/kA2f1000000X4ZOCA0

2017年9月25日 星期一

Ubuntu 16.04 安裝ntopng


將 Switch 之流量,以Port Mirror方式監視網路流量



網卡ens192即為Port Mirror的Port,將enp 192 設為up,IP可設或是不設。


可以使用tcpdump設測試是否有封包進來

 # wget http://apt-stable.ntop.org/16.04/all/apt-ntop-stable.deb
 # dpkg -i apt-ntop-stable.deb
 # apt-get clean all
 # apt-get update
 # apt-get install ntopng                         安裝ntopng
 # systemctl start ntopng.service            啟動ntopng 

使用瀏覽器開啟 http://< ntopng IP>:3000 
第一次預設燈入帳號admin 密碼 admin     












系統提示第一次登入,更改admin的密碼














即可看到Dashboard











PS. 要記得將Interfaces指定為Port Mirror的網卡,才收得到網路流量。




2017年9月22日 星期五

VNXe 1600 IOPS 測試使用Oracle Orion

測試環境
ESXi                5.5
gues OS:         ubuntu 16.04

Datasotre:       主機內接SAS  Disk  v.s.  VNXe 1600 v.s 內接SSD Disk

sda          SASII Disk *4 (Raid 5)
sdc          vnxe 1600  (Raid 5)               
sdd          內接NVMeSSD硬碟           




# mkfs.ext4 /dev/sdc1
# mkfs.ext4 /dev/sdd1
# mkdir /vnx-lun  /ssd-lun


# gzip -d orion_linux_x86-64.gz

執行時可能會發生libaio.so.1這Library沒有
# ./orion_linux_x86-64
./orion_linux_x86-64: error while loading shared libraries: libaio.so.1: cannot open shared object file: No such file or directory

安裝libaio.so.1
# apt-get install libaio1

編輯要測試的Disk,分別為內接硬碟、VNXe、內接SSD

# cat internal.lun vnxe1600.lun ssd.lun
/dev/sda1
/dev/sdc1
/dev/sdd1

# ./oracle_linu_x86_64 -run oltp -testname vnxe1600

Oracle Orion 測試結果:

IOPS 部份-

VNXe 1600 RAID 5 IOPS與內接SSD差不多,大概都有18萬左右。






Latency部份-






PS. 1. VNXe1600 內有兩顆200G SSD為Cache
       2. VNXe1600 及 內接SSD 僅切出Lun,沒有資料在內。







2017年9月7日 星期四

Ubuntu 16.04 LTS Audit 設定


 auditctl    (控制系統核心的稽核功能,其中包含新增與刪除稽核項目)
 ausearch  (條件式查詢稽核的記錄內容)
 aureport  (稽核報告清單檢視)

# apt-get install auditd audispd-plugins
# auditctl -l
No rules 

# useradd kitty
# passwd kitty
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

# ausearch -f /etc/passwd


# cat /etc/passwd | grep kitty
kitty:x:1001:1001::/home/kitty:

設定特定User kitty 存取的audit
# auditctl -a exit,always -F arch=x86_64 -S open -F auid=1001

# auditctl -l
-w /etc/passwd -p wa
-a always,exit -F arch=b64 -S open -F auid=1001

以帳號kitty登入,並執行下列指令
$ mkdir 123
$ top

ausearch --start today --loginuid 1001 > /tmp/kitty.audit
# vi /tmp/kitty.audit




監控特定目錄/var/www/html/public
-w /var/www/html/public/ -p wa -k WebPageChange

在/usr/share/doc/auditd/examples目錄下有幾個國際規範範例
capp.rules.gz
lspp.rules.gz
nispom.rules.gz
stig.rules.gz

以設定CAPP規範為例
# cp /usr/share/doc/auditd/examples/capp.rules.gz /etc/audit
# gzip -d  /etc/audit/capp.rules.gz


# auditctl -R /etc/audit/capp.rules
或是
# cp /etc/audit/capp.rules  audit.ruels
# systemctl restart auditd                       重啟auditd服務
## auditctl -l
-a always,exit -F arch=b32 -S stime,settimeofday,adjtimex -F key=time-change
-a always,exit -F arch=b64 -S adjtimex,settimeofday -F key=time-change
-a always,exit -F arch=b32 -S clock_settime -F a0=0x0 -F key=time-change
-a always,exit -F arch=b64 -S clock_settime -F a0=0x0 -F key=time-change
-w /etc/localtime -p wa -k time-change
-w /etc/group -p wa -k identity
-w /etc/passwd -p wa -k identity
-w /etc/gshadow -p wa -k identity
-w /etc/shadow -p wa -k identity
-w /etc/security/opasswd -p wa -k identity
-a always,exit -F arch=b32 -S sethostname,setdomainname -F key=system-locale
-a always,exit -F arch=b64 -S sethostname,setdomainname -F key=system-locale
-w /etc/issue -p wa -k system-locale
-w /etc/issue.net -p wa -k system-locale
-w /etc/hosts -p wa -k system-locale

Audit Report的簡單使用
# ausearch -ua 1001 -i                                                     在Audit Log上屬於uid 1001的User紀錄
# aureport --start 12/22/2018 00:00:00 --end 12/28/2018 00:00:00      一段時間內的Summary Report


2017年1月15日 星期日

Ubuntu Linux 設定SFTP限制使用者目錄切換

OS : Ubuntu 15.10

n   編輯 /etc/ssh/sshd_config 在最後一行加入下列
Subsystem sftp internal-sftp
Match Group sftpgroup
ChrootDirectory %h
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no

n   新增一個group命名為sftpgroup
# groupadd sftpgroup

n   新增一個使用者,groupsftpgroup Shell/bin/false(無法console登入)
# useradd kitty -d /export/home/kitty -g sftpgroup -s /bin/false
# passwd kitty                                                                     更改密碼
# usermod -G sftpgroup kitty                                            設定Kitty群組為sftpgroup

# mkdir -p /export/home/kitty                                           建立使用者家目錄
# chown root:root /export/home/kitty                               設定家目錄擁有者為root (重要*)

# mkdir /export/home/kitty/uploads                                  建立一個目錄uploads
# chown kitty:sftpgroup /export/home/kitty/uploads       設定擁有者為kitty,群組為uploads


n   重啟SSH服務
# service ssh restart


目錄結構
root@ubuntu:/export/home/kitty# ls -al
total 12
drwxr-xr-x 3 root  root      4096 Jan 16 10:09 .
drwxr-xr-x 3 root  root      4096 Jan 16 10:08 ..
drwxr-xr-x 2 kitty  sftpgroup  4096 Jan 16 10:09 uploads

PS. 設定限制目錄切換的時候有個重要的地方,User的家目錄權限要設為root,另外建一個目錄為user的權限,sftpgroup的群組。