Wednesday, November 30, 2011

trouble shooting

Werid securid login problem
After configured securid pam on linux, rsa server always shown "passcode incorrect". No other error message on either the client or the server side.
Only after installed PAM 7.0 for securid, it is possible to enable trace option (/etc/sd_pam.conf). From the log, there is this line:



[thin] 12:26:44.001 File:creadcfg.c Line:459 # readcfg reading sdconf.rec

[thin] 12:26:44.001 File:creadcfg.c Line:1165 # match_sdopts_server() sdopts server 0 returning 0  MATCHED REAL ADDR

[thin] 12:26:44.001 File:creadcfg.c Line:263 # server[0] = [10.213.72.11]

[thin] 12:26:44.001 File:acinit.c Line:271 # Not a multihomed machine, will use result of GetMyHostAddress()

[thin] 12:26:44.001 File:loadbal.c Line:449 # set_run_priorities() using server 0 10.213.72.11 ACTIVE? on 0.0.0.0 priority 10

[thin] 12:26:44.001 File:acnetsub.c Line:354 # SendToServers(): autodetecting 0 (10.213.72.11)

After check all the host/dns related file, the problem lies in /etc/hosts. I had:
127.0.0.1 myhost.domain myhost

After change it to the real address, problem resolve. And here's the new log:



[thin] 12:27:28.472 File:creadcfg.c Line:263 # server[0] = [10.213.72.11]

[thin] 12:27:28.472 File:creadcfg.c Line:263 # server[1] = [10.213.72.12]

[thin] 12:27:28.472 File:creadcfg.c Line:263 # server[2] = [10.213.9.10]

[thin] 12:27:28.475 File:acinit.c Line:271 # Not a multihomed machine, will use result of GetMyHostAddress()

[thin] 12:27:28.475 File:loadbal.c Line:449 # set_run_priorities() using server 0 10.213.72.11 ACTIVE? on 10.213.72.11 priority 10

[thin] 12:27:28.475 File:acnetsub.c Line:295 # SendToServers(): sending to address 10.213.72.11

Console login
Could not login to console, got error in /var/log/secure:



Nov 30 13:11:52 newbisweb01-man login: pam_securetty(login:auth): access denied: tty 'tty1' is not secure !

Nov 30 13:12:00 newbisweb01-man login: FAILED LOGIN 1 FROM (null) FOR root, Authentication failure

By adding tty1 to /etc/securetty, problem solved. Apprently, the console is "tty1" not console.

Wednesday, November 23, 2011

HOWTO monitor HP DL3x0 G5 hardware with NagiosHP Proliant servers

http://exemen.wordpress.com/2011/05/16/howto-monitor-hp-dl3x0-g5-hardware-with-nagioshp-proliant-servers-g5-hardware-anyway-such-as-the-dl360-g5-and-dl380-g5-have-good-hardware-monitoring-capabilities-but-they-can-be-a-bit-complex-to/

HP Proliant servers (G5 hardware, anyway, such as the DL360 G5 and DL380 G5) have good hardware monitoring capabilities, but they can be a bit complex to monitor with Nagios. The lights-out management hardware only provides a WS-Management interface; there is no remote IPMI capability, and SNMP management requires the installation of a rather heavyweight set of OS-level management agents. With a little bit of setup work, though, it is completely possible to get good Nagios-based monitoring. I’ve identified a number of SNMP OIDs that cover the important general and subsystem-specific health indications.

(It’s also possible to do this with HP’s Systems Insight Manager software, and it might well be simpler to set that up, but the last thing I need is another monitoring system to administer in parallel with Nagios.)
Step 1: install the HP management agents on your servers. They can be downloaded here; choose your OS and then look under “Software – System Management.” For instance, the ESX 3.5 agents are here.
Step 2: download the SNMP MIBs from here (choose the HP-UX/Linux download link to get a tarball of MIBs). These should be installed in the usual SNMP MIB location on your Nagios server; on my Solaris boxes this is /etc/sma/snmp/mibs/.
Step 3: define an appropriate SNMP monitoring command in Nagios, so that you can specify OK and warning conditions. Note that the SNMP community string is $USER3 in my environment; change this as appropriate. The first argument is the OID, the second is the OK value, and the third is the range spanning the OK and warning values. (You’ll need to look through the MIBs to find these OIDs and values.)
define command {
command_name check-snmp-okwarn
command_line $USER1$/check_snmp -H $HOSTADDRESS$ -P 2c -C $USER3$ -o $ARG1$ -w $ARG2$ -c $ARG3$
}
Step 4: define the Nagios services to monitor. You will probably need to change the ‘use important-service’ and ‘hostgroup_name proliant’ directives to suit your own service template and hostgroup names. My HP servers use both Ethernet ports, so I have services defined for both; if you need to monitor more or fewer, you’ll need to define additional services, changing the instance number component of the OID (the last element) as appropriate.
define service {
use important-service
hostgroup_name proliant
service_description General system health
servicegroups system
check_command check-snmp-okwarn!CPQSTDEQ-MIB::cpqSeMibCondition.0!2!2:3
}
define service {
use important-service
hostgroup_name proliant
service_description RAID controller health
servicegroups system
check_command check-snmp-okwarn!CPQIDA-MIB::cpqDaCntlrCondition.0!2!2:3
}
define service {
use important-service
hostgroup_name proliant
service_description Server health
servicegroups system
check_command check-snmp-okwarn!CPQHLTH-MIB::cpqHeMibCondition.0!2!2:3
}
define service {
use important-service
hostgroup_name proliant
service_description Thermal condition
servicegroups system
check_command check-snmp-okwarn!CPQHLTH-MIB::cpqHeThermalCondition.0!2!2:3
}
define service {
use important-service
hostgroup_name proliant
service_description System fans
servicegroups system
check_command check-snmp-okwarn!CPQHLTH-MIB::cpqHeThermalSystemFanStatus.0!2!2:3
}
define service {
use important-service
hostgroup_name proliant
service_description CPU fans
servicegroups system
check_command check-snmp-okwarn!CPQHLTH-MIB::cpqHeThermalCpuFanStatus.0!2!2:3
}
define service {
use important-service
hostgroup_name proliant
service_description Power supplies
servicegroups system
check_command check-snmp-okwarn!CPQHLTH-MIB::cpqHeFltTolPwrSupplyCondition.0!2!2:3
}
define service {
use important-service
hostgroup_name proliant
service_description Ethernet 0
servicegroups system
check_command check-snmp-okwarn!CPQNIC-MIB::cpqNicIfPhysAdapterCondition.1!2!2:3
}
define service {
use important-service
hostgroup_name proliant
service_description Ethernet 1
servicegroups system
check_command check-snmp-okwarn!CPQNIC-MIB::cpqNicIfPhysAdapterCondition.2!2!2:3
}
define service {
use important-service
hostgroup_name proliant
service_description Advanced Memory Protection
servicegroups system
check_command check-snmp-okwarn!CPQHLTH-MIB::cpqHeResilientMemCondition.0!2!2:3
}
This configuration works well for me, but there’s undoubtedly room for improvement by monitoring additional OIDs. Feel free to leave a comment with your suggestions.

Tuesday, November 22, 2011

Set up RedHat satellite server

http://docs.redhat.com/docs/en-US/Red_Hat_Network_Satellite/5.3/html/Installation_Guide/s1-summary-steps.html

Implementing a fully functional RHN Satellite requires more than installing software and a database. Client systems must be configured to use the Satellite. Custom packages and channels should be created for optimal use. Since these tasks extend beyond the basic installation, they are covered in detail in other guides, as well as this RHN Satellite Installation Guide. For a full list of the necessary technical documents, refer to Chapter 2, Requirements.

For this reason, this section seeks to provide a definitive list of all required and recommended steps, from evaluation through custom package deployment. They should take place in roughly this order:

After an evaluation, you contact your Red Hat sales representative to purchase RHN Satellite.
Your Red Hat contact sends you an RHN Entitlement Certificate via email.
Your Red Hat contact creates a Satellite-entitled account on the RHN website and sends you the login information.
Log into the RHN website (rhn.redhat.com) and download the distribution ISOs for Red Hat Enterprise Linux AS 4 or Red Hat Enterprise Linux 5 and RHN Satellite. These can be found within the Downloads tab of the respective Channel Details pages. Refer to the RHN Reference Guide for instructions.
While still logged into the RHN website, download the Channel Content ISOs to be served by your Satellite, also available through the Downloads tab of your Satellite's Channel Details page. These Channel Content ISOs differ from the distribution ISOs previously mentioned in that they contain metadata necessary for parsing and serving packages by Satellite.
If installing a Stand-Alone Database, prepare your database instance using the formula provided in Chapter 2, Requirements.
Install Red Hat Enterprise Linux and then RHN Satellite on the Satellite machine.
Create the first user account on the Satellite by opening the Satellite's hostname in a Web browser and clicking Create Account. This will be the Satellite Administrator's (also referred to as the Organization Administrator) account.
Use the RHN Satellite Synchronization Tool to import the channels and associated packages into the Satellite.
Register a representative machine for each distribution type, or channel (such as Red Hat Enterprise Linux 4 or 5), to the Satellite.
Copy (using SCP) the rhn_register and up2date configuration files from the /etc/sysconfig/rhn/ directory of each machine individually to the /pub/ directory on the Satellite. The rhn-org-trusted-ssl-cert-*.noarch.rpm will already be there.
Download and install from the Satellite the configuration files and rhn-org-trusted-ssl-cert-*.noarch.rpm on the remaining client systems of the same distribution type. Repeat this and the previous step until all distribution types are complete.
Through the Satellite's website, create an Activation Key for each distribution aligned to the appropriate base channel. At this point, system groups and child channels may also be predefined.
Run the Activation Key from the command line (rhnreg_ks) of each client system. Note that this step can be scripted to batch register and reconfigure all remaining client systems in a distribution.
Record all relevant usernames, passwords and other login information and store in multiple secure places.
Now that the Satellite is populated with standard Red Hat channels and packages and all clients are connected to it, you may begin creating and serving custom channels and packages. Once the custom RPMs are developed, you can import them into the Satellite using RHN Push and add custom channels in which to store them through the Satellite's website. Refer to the RHN Channel Management Guide for details.

http://www.outsidaz.org/blog/2010/07/30/migrating-rhn-satellite-to-new-hardware/

Recently, I had a requirement to migrate a system running RHN Satellite 5.3 with the embedded database from a host running RHEL4 i386 to another host running RHEL5 x86_64. Looking through the various documents included in the rhn-upgrade package on RHN, I noticed that there wasn’t a procedure available for the upgrade we were planning. There was a procedure for migrating from RHEL4 -> RHEL5 while also upgrading the version of the RHN Satellite software. I really only needed the first part, as our RHN Satellite software was already the latest (and greatest :). This document is based on/etc/sysconfig/rhn/satellite-upgrade/rhn-satellite-5-upgrade-scenario-1a.txt included with the rhn-upgrade package. I have removed the steps that require database upgrades as the version of RHN Satellite is not changing. Additionally, this document is written to enable building the replacement Satellite Server in parallel to the new system. That way, if the upgrade goes horridly wrong, reverting back to your working Satellite is very easy. During this document, I will use $ORIGINAL and $NEW to refer to the old and new Satellite servers.

Prerequisites
[*] Both systems ($ORIGINAL & $NEW) registered on the RHN hosted site.
[*] RHN Satellite Certificate downloaded on $NEW.
[*] RHN Satellite Installation ISO downloaded on $NEW

Procedure
[*] Build $NEW with Red Hat Enterprise Linux 5 x86_64 according to the specifications of the Red Hat Network Satellite Guide. This means turning on SELinux to Permissive or Enforcing mode if it is set to Disabled. Reboot if necessary to enable the system to do its filesystem relabel.
[*] Ensure the hostname of the $NEW server is EXACTLY the same as the $ORIGINAL server
[*] Mount the new RHN Satellite ISO (without running the installation program). Ensure the ISO matches the operating system of the server you are installing it on. In my case it wasredhat-rhn-satellite-5.3-server-x86_64-5-embedded-oracle.iso
[*] Perform the command-line portion of the RHN Satellite Server v5.3 installation. Doing the installation in disconnected mode means that Satellite won’t attempt to contact RHN via the install

./install.pl --disconnected --enable-tftp

[*] Shut down RHN Satellite services on $NEW

/usr/sbin/rhn-satellite stop

[*] Restore the following files/directories (and all subdirectories) from $ORIGINAL to $NEW:/var/satellite, /var/www/html/pub, /root/ssl-build, and /etc/tnsnames.ora. I used rsync to mirror these from $ORIGINAL to $NEW
[*] Install the rhn-httpd-ssl-key-pair-*-noarch.rpm file. For this, I needed to use the (–force) switch as the version of the rhn-httpd-ssl-key-pair*-noarch.rpm was the same (version 1.0-1 in my case)

rpm -Uvh /root/ssl-build/<MACHINE_NAME>/rhn-httpd-ssl-key-pair-<VERSION>.noarch.rpm --force

rpm -Uvh /root/ssl-build/<MACHINE_NAME>/rhn-org-httpd-ssl-key-pair-<VERSION>.noarch.rpm --force

[*] Use scp to copy the database backup from the $ORIGINAL to $NEW, ensuring you also locate and copy the backup-log.dat file. These files should all be copied to a single directory, preferably under /tmp.
[*] Restore the database using the db-control command. This is documented in more detail in the RHN Satellite Installation Guide
[*] Start the embedded database if it isn’t already.

/sbin/service oracle start

[*] Fix up the database. Since we are migrating RHN Satellite from a 32-bit system to a 64-bit system, we need to recompile the (now) invalid schema objects in the database. Red Hat provides a script for this in the rhn-upgrade package, which isn’t installed on $NEW. We’ll need to install it, and then run it as the oracle user.

yum install rhn-upgrade
su - oracle
cd /etc/sysconfig/rhn/satellite-upgrade/
export ORACLE_SID=rhnsat
sqlplus '/ as sysdba' @satellite-oracle-64-bit-fix.sql
exit

[*] Activate the RHN Satellite (again, in disconnected mode)

rhn-satellite-activate --rhn-cert <ABSOLUTE PATH TO RHN CERT> \
--ignore-version-mismatch --disconnected

[*] Rebuild Search Indexes

/sbin/service rhn-search cleanindex

[*] Redeploy configuration settings

/usr/share/spacewalk/setup/upgrade/rhn-load-config.pl

[*] Restart services

/usr/sbin/rhn-satellite restart

[*] Insert the SSL CA public certificate into the database. It should already be there, since you restored the database from backup. The rhn-ssl-dbstore command will tell you if that is the case.

rhn-ssl-dbstore -vvv --ca-cert /root/ssl-build/RHN-ORG-TRUSTED-SSL-CERT

[*] Update Satellite monitoring scout setup

/usr/share/spacewalk/setup/upgrade/rhn-update-monitoring.pl

[*] Enable RHN push functionality. This assumes the following
# *must* have your SSL build directory in /root as /root/ssl-build
# *must* have your CA SSL public certificate located in your pub/
# directory and named as such:
# /var/www/html/pub/RHN-ORG-TRUSTED-SSL-CERT

/sbin/service jabberd stop
/sbin/service osa-dispatcher stop
/usr/share/spacewalk/setup/upgrade/rhn-enable-push.pl

[*] Port over any custom changes in /etc/rhn/rhn.conf. I didn’t have any, but if you do, import them, and then restart Satellite services

/usr/sbin/rhn-satellite restart

[*] Test / verify $NEW. In my case, $NEW was using DHCP, so I added a /etc/hosts entry on a couple of hosts to point to the hostname of $ORIGINAL, using the IP of $NEW. Then performed the following validation
- Download RPMs from Red Hat provided & custom channels. This process was a little slow as Satellite was rebuilding repodata during this process.
- Ensure I could do configuration file tasks (rhncfg-client list)
[*] Change $ORIGINAL to use a different IP address, either static or DHCP. Shutdown Satellite services on $ORIGINAL
[*] Change $NEW’s IP address to the one that $ORIGINAL used to possess.
[*] On the hosted site, remove the Satellite entitlement from $ORIGINAL.
[*] Convert Satellite from disconnected mode. Modify the server.satellite.rhn_parent variable in /etc/rhn/rhn.conf to read

server.satellite.rhn_parent = satellite.rhn.redhat.com

[*] Restart Satellite services to commit the above changes

/usr/sbin/rhn-satellite restart

[*] Activate the RHN Satellite. This time, not in disconnected mode. This will take care of getting $NEW the Satellite entitlement that was formerly assigned to $ORIGINAL.

rhn-satellite-activate --rhn-cert <ABSOLUTE PATH TO RHN CERT> \
--ignore-version-mismatch

[*] On $NEW, update the RHN profile, install any errata (mainly updated Satellite packages)

rhn-profile-sync
yum update

[*] Restart Satellite services

/usr/sbin/rhn-satellite restart

[*] More testing
- Synchronize satellite with RHN (satellite-sync)
- Ensure $NEW is listed as a Satellite on the hosted site
- Ensure clients can run updates.
[*] Final Steps
- Retire $ORIGINAL.
- Remove $ORIGINAL’s system entitlement from RHN
- Ensure backups are working on $NEW.

Build a new satellite server

build a new rhel with base only packages
login rhn and remove the old system entry if needed.
register to rhn by "rhn_register"
edit /etc/sysconfig/rhn/up2date for for http only if needed:
useNoSSLForPackages=1
noSSLServerURL=http://xmlrpc.rhn.redhat.com/XMLRPC
if because of firewall restriction, do not want update from RH's akami servers, on rhn.redhat.com, edit the system properties, uncheck "Support Location-Aware update access".
on rhn, add "Red Hat Network Tools for RHEL Server" from "Software"->"Software Channels".
mount the "satellite-embedded-oracle" iso and run "install.pl" from it.
When run into "Public key for ...<package> is not installed", edit /etc/yum.conf, set "pgpcheck=0"

Build new satellite server behind firewall

1. Complete a minimal installation of RHEL 4 or 5 (depending on the version of RHN Satellite that you will install).

2. Configure the system so that it can connect to RHN behind the HTTP proxy. Edit the file /etc/sysconfig/rhn/up2date.conf

enableProxy=1
enableProxyAuth=1
httpProxy=<http-proxy-fqdn>
proxyUser=<proxy-username>
proxyPassword=<proxy-password>

3. Register the system to RHN.

4. Begin the installation of RHN Satellite with the disconnected option.

 # ./install.pl --disconnected

5. Once the installation is completed, you will need to add/modify your settings to the /etc/rhn/rhn.conf file:

server.satellite.http_proxy = <http-proxy-fqdn>
server.satellite.http_proxy_username = <proxy-username>
server.satellite.http_proxy_password = <proxy-password>

disconnected=0

6. Restart the Satellite service:

# service rhn-satellite restart

7. Reactivate the Satellite as a connected Satellite:

# rhn-satellite-activate --rhn-cert=<path-to-cert>

Regist to Redhat Satellite
rpm -Uvh http://your-satellite.com/pub/rhn-org-trusted-ssl-cert-1.0-1.noarch.rpm
rhnreg_ks --activationkey mykey --serverUrl https://your-satellite.com/XMLRPC
/etc/sysconfig/rhn/sources specifies where up2date will search for packages.
/etc/sysconfig/rhn/up2date "serverURL=https://satellite-server/XMLRPC " specifies the satellite server
To update from the redhat server, use xmlrpc.rhn.redhat.com

satwho # list satellite user
satpasswd <user> # change satellite user password
satellite-sync -l # list satellite channels
satellite-sync -c channel # subscribe to channel
satellite-sync

rhn-satellite-activate
rhn-satellite restart

rhnpush : put package in customized channel

Redhat Satellite
config: /etc/sysconfig/rhn/systemid
packages: /var/satellite/redhat/

extend the size of a tablespace in my Red Hat Satellite database
https://access.redhat.com/kb/docs/DOC-11037
# service rhn-satellite stop (or rhn-satellite stop if using RHN Satellite 5.3.0)
# service rhn-database start (or /etc/init.d/oracle start if using RHN Satellite 5.3.0)

 su - oracle -c "db-control report"
 su - oracle -c "db-control extend <tablespace name>"

# service rhn-database stop (or /etc/init.d/oracle stop if using RHN Satellite 5.3.0)
# service rhn-satellite start (or rhn-satellite start if using RHN Satellite 5.3.0)

On Satellite 5.4.1:
# service rhn-satellite stop
Warning: /etc/init.d/rhn-satellite is obsolete.
Each service has its own init script now.
The whole suite can be manipulated using command /usr/sbin/rhn-satellite instead.
Correct procedure would be:
# rhn-satellite stop
# service oracle start
# su - oracle
-bash-3.2$ db-control extend DATA_TBS # repeat to increase further
-bash-3.2$ db-control report
-bash-3.2$ exit
# service oracle stop
# rhn-satellite start

rhn5 update:
# yum update

upgrade from DVD
https://access.redhat.com/knowledge/solutions/9743
http://www.howtoforge.com/creating_a_local_yum_repository_centos
Creation of yum repositories is handled by a separate tool called createrepo, which generates the necessary XML metadata.

 # yum install createrepo

Mount ISO
# mkdir -p /mnt/iso/{1,2,3}
# mount -o loop /path/to/centos1.iso /mnt/iso/1
Create a repository
# cd /mnt/iso
# createrepo .
# yum clean all # clean repo
Create config file
# vi /etc/yum.repos.d/iso.repo
Append following text:
[My ISO Repository]
baseurl=file:///mnt/iso
enabled=1

# yum install package-name --noplugins
If problem occur, run "yum clean all" first

(# yum clean all && yum clean metadata && yum clean dbcache && yum makecache && yum update -y)

For RHEL 4 (up2date)
In /etc/sysconfig/rhn/sources, comment out the following line:
#up2date default
Next, in the same file, create a line like the following:
dir mydvdrepo /media/cdrom/RedHat/RPMS

# up2date --nosig install gcc

Copy/Extract from satellite
We provide a utility called "reposync" which can be used to pull down /download the packages from RHN. You can use this command as given below:

# reposync --gpgcheck -l --repoid=channel-id --download_path=/downloadpath
Eg : # reposync --gpgcheck -l --repoid=rhel-x86_64-server-5 --download_path=/downloadpath

The above command will download the all the 64 bit packages for RHEL 5 in the mentioned download path. Then you need to run the following command to create the repository.

# cd /downloadpath
# createrepo .

'reposync' utility is provided by yum-utils package and 'createrepo' utility is provided by the package createrepo. You can install it on your system using yum.

Wednesday, November 16, 2011

Xen tasks

http://docs.vmd.citrix.com/XenServer/5.6.0/1.0/en_gb/reference.html
http://docs.vmd.citrix.com/XenServer/5.0.0/1.0/en_gb/
http://docs.vmd.citrix.com/XenServer/4.0.1/reference/reference.html

In XenServer a Storage Repository is a storage target that contains virtual disks (VDIs) and isos.

A PBD (physical device block) is what they call the interface between a physical host and an attached SR, which is responsible for storing the device config that allows the host to interact with the storage target.

Recover a Deleted XenServer Virtual Machine http://support.citrix.com/article/ctx117508

Add local storage
#: fdisk -l (or gdisk -l if using GPT (Globally Unique Identifier (GUID) Partition Table))
#: pvcreate /dev/sdb
sdb is my new volume. and then to configure it as a local storage :
#: xe sr-create type=lvm content-type=user device-config:device=/dev/disk/by-id/scsi-SATA_ST3320620AS_5QF7QZZL name-label=”LOCAL SR”
add option "sm-config:allocation=thin" to support thin provisioning
Confirm the new SR is created:
#: xe sr-list host=xen01-man
(you do not actually create a partition on your disk before turning it into a storage repository)
The device name can be found by ls -l /dev/disk/by-id or with "xe pbd-list"

Delete local storage
1. First, you have to determine the Storage-Repository-UUID:
# xe sr-list or xe sr-list name-label=Local\ storage
-> write down / take note of SR-UUID of the SR to delete
2. Find the corresponding Physical Block Device (PBD):
# xe pbd-list sr-uuid=your-SR-uuid-> write down / take note of PBD-UUID of the PBD to unplug and delete
3. Unplug the PBD:
# xe pbd-unplug uuid=your-PBD-uuid
4. Delete PBD:
# xe pbd-destroy uuid=your-PBD-uuid
5. Delete the association of your SR and the PBD:
# xe sr-forget uuid=your-SR-uuid
(
script:
SRUID=`xe sr-list name-label=Local\ storage --minimal`
PBDUID=`xe pbd-list sr-uuid=$SRUID --minimal`
xe pbd-unplug uuid=$PBDUID
xe pbd-destroy uuid=$PBDUID
xe sr-forget uuid=$SRUID
)

Delete Orphaned Disks

xe vdi-list

uuid ( RO)                : cb5781e0-c6f9-4909-acd6-5fd4b509d117

          name-label ( RW): Vista master for UIA

    name-description ( RW): Created by template provisioner

             sr-uuid ( RO): 72cc0d44-bea7-6c15-cf8d-c2965ca495b2

        virtual-size ( RO): 25769803776

            sharable ( RO): false

           read-only ( RO): false

xe vdi-destory uuid=cb5781e0-c6f9-4909-acd6-5fd4b509d117
xe sr-scan uuid=72cc0d44-bea7-6c15-cf8d-c2965ca495b2

Enable thin provisioning on local storage
warning: this will destroy all vm on the respective storage.
. find local storage repository
# cat /etc/xensource-inventory|grep "DEFAULT_SR_PHYDEVS"
. get UUID of the local SR
# xe sr-list type=lvm
. get UUID of PBD
# xe pbd-list sr-uuid=<sr-uuid>
. disconnect and destroy PBD
# xe pbd-unplug=<pbd-uuid>
# xe sr-destroy uuid=<pbd-uuid>
. create new sr with thin provisioning enable
# xe sr-create host-uuid=<host-uuid> content-type=user type=ext device-config=/dev/sda3 shared=false name-label="Local storage"
or
# xe sr-create host-uuid=<host-uuid> content-type=user type=lvm device-config=/dev/sda3 shared=false name-label="Local storage" sm-config:allocation=thin

XenServer allows us to use two different types of thin provisioned SR’s ext3 and LVHD. LVHD is the new default type of SR since version 5.5 of XenServer. The ext3 type SR is around much longer and as the name implies it is a simple EXT3 linux volume. On this volume the virtual disk of your VMs are stored as VHDs. And yes, you can access these file directly on your XenServer host or via SCP. Just navigate to /var/run/sr-mount/<sr-uui>. The ext-based SR, which has thin provisioning enabled by default. There is a little performance penalty for using thin provisioned storage, as the disk have to be extended during the runtime.

Reattach local storage
add a second disk /dev/sdb from other XenServer that contains a SR with VM or virtual disks.
. find out all physical disks
# pvdisplay
. make the new SR know to XenServer
# xe sr-introduce uuid=<vg-uuid> type=lvm name-label="Local storage 2" content-type=user
. connect the PBD with SR
(find the device name and host-uuid first)
# ls -l /dev/disk/by-id
# xe host-list
# xe pbd-create host-uuid=<host-uuid> sr-uuid=<uuid> device-config:device=/dev/disk/by-id/<device-id>
. active the pdb
# xe pbd-plug uuid=<uuid>

Extend a Virtual Disk
in XenCenter, shutdown the VM. select vm -> Storage -> Properties -> Size and Location -> Size
Or in cli:
. find vdi uuid
# xe vm-disk-list vm=<vm-name>
. extend the disk
# xe vdi-resize disk-size=<new size (GiB|MiB)> uuid=<vdi-uuid>

Then in Windows, extend from Server Manager -> Disk Management -> Extend
Or use DiskPart (in Windows 2008)
diskpart
DISKPART> list volume
DISKPART> select volume <#>
DISKPART> extend size=n (n in Megabyes)

In Linux ext3, to use resize2fs to resize data disk:
# umount /dev/xvdc1
# fdisk /dev/xvdc1
d (delete the partition and recreate it)
n
w
# e2fsck -f /dev/xvdc1
# resize2fs /dev/xvdc1
# mount /dev/xvdc1 /data

For Linux ext3 system partition:

(check current kernel parameters
xe vm-list name-label=<vm-name> params=PV-args,uuid )
shutdown vm
set vm to boot into single-user mode from XenServer host CLI
(Or from XenCenter 6, VM -> Start/Shut Down -> Start in Recovery Mode )
# ve vm-param-set uuid=<vm-uuid> PV-args=single
boot vm "xe vm-start" and change partition table of the disk:
# fdisk -l
# fdisk /dev/xvda
d
n
p (primary)
1 (partition number)
(size)
w
reboot the vm: reboot vm (may need boot to rescue media and run fsck)
resize the filesystem: resize2fs /dev/xvda1
on XenServer host, remove single-user boot mode setting
# ve vm-param-set uuid=<vm-uuid> PV-args=
. use xfs_growfs in xfs and resize_reiserfs in reiserfs to grow after resizing

For Linux LVM system partition:

boot to single user mode (init S)
use fdisk to add new partition with Linux LVM type 8e, (e.g. /dev/xvda3)
or extend the partition size
pvcreate /dev/xvda3 # or pvresize /dev/xvda3
pvscan # find out vg name, e.g. VolGroup
vgextend <VolGroup> /dev/xvda3 # skip this if extending partition
lvextend -L+3.99G /dev/VolGroup/lv_root or
lvextend -l +100%FREE /dev/VolGroup/lv_root
resize2fs /dev/VolGroup/lv_root
(vgchange -a y; lvreduce -L ..., lvcreate -L 20G -n logvol_name volgrp_name)

Managing VM from XenServer host
. listing VMs installed and their status
# xe host-vm-list -u root
. list configuration parameters of a VM
# xe vm-param-list -u root vm-name=<vm-name> (or vm-id=<vm-uuid>)
. start/shutdown/restart/suspend/resume/uninstall vm
# xe vm-start -u root vm-name=<vm-name>

# xe vm-shutdown -u root vm-name=<vm-name>

# xe vm-reboot -u root vm-name=<vm-name>

# xe vm-suspend -u root vm-name=<vm-name>

# xe vm-resume -u root vm-name=<vm-name>

# xe vm-uninstall -u root vm-name=<vm-name>

. clone a vm (make sure the vm is power off first)

# xe vm-clone -u root vm-name=<vm-name> new-name=<new-vm-name> new-description<description>

Backup VM

# xe vm-shutdown uuid=<uuid>
# xe vm-export uuid=<uuid> filename=/backup/vmfile.xva

---
# ls -l /dev/disk/by-uuid
# vgscan
# lvdisplay; vgdisplay; pvdisplay
# xe sr-probe type=local
# pvs
---

Add local ISO Repository

NFS
- enable nfs server
  - # cat > /etc/exports
  /iso 127.0.0.1(ro,sync,root_squash)
  - chkconfig portmap on; chkconfig nfs on # make sure services is turn on
  - service portmap restart; service nfs restart
- From XenCenter, add ISO repository through nfs, use 127.0.0.1:/iso
  The default xen partition is only 4G?. mount extra disk space for large ISOs
Create Storage Repository
Use the uuid returned by the pbd-create command as the input for pbd-plug
# UUID=$(uuidgen) or set UUID=`uuidgen` (for csh)
# echo $UUID
705c23ee-b53d-4cc9-9d0c-e7e395fa0f82
# xe sr-introduce name-label="devxen02 ISO Library" content-type=iso shared=false \
type=iso uuid=${UUID}
705c23ee-b53d-4cc9-9d0c-e7e395fa0f82
# xe sr-param-set other-config:auto-scan=true uuid=${UUID}
# xe pbd-create host-uuid=`xe host-list name-label=devxen02-man --minimal` \
sr-uuid=${UUID} device-config:location="/iso" device-config:options="-o bind"
c28bfc89-c207-7ef3-2776-50794e610e4e
# xe pbd-plug uuid=c28bfc89-c207-7ef3-2776-50794e610e4e
# xe sr-list
```
uuid ( RO)                : 705c23ee-b53d-4cc9-9d0c-e7e395fa0f82
          name-label ( RW): devxen02 ISO Library
    name-description ( RW):
                host ( RO): devxen02-man
                type ( RO): iso
        content-type ( RO): iso
```
?. Use /opt/xensource/bin/xe-mount-iso-sr (not working)

Set VM auto start for XenServer 6
. set XenServer to allow auto-start
# xe pool-list
# xe pool-param-set uuid=UUID other-config:auto_poweron=true
. set VM to auto start
# xe vm-list
# xe vm-param-set uuid=UUID other-config:auto_poweron=true

Shutdown VM
. get vm uuid
# xe vm-list
. normal shutdown
# xe vm-shutdown uuid=<vm-uuid> force=true
. if failed, reset power state
# xe vm-reset-powerstate uuid=<vm-uuid> force=true
. if failed, need to destroy the domain
# list_domains
# /opt/xensource/debug/xenops destroy_domain -domid <DOMID>

List snapshots
# vhd-util scan -f -m "VHD-*" -l VG_XenStorage-<uuid-of -sr> -p
. map disk back to VM
# xe vbd-list vdi-uuid=<UUID_of_disk>
# lvscan

Boot Linux in Recovery Mode
http://support.citrix.com/article/CTX132039
Unlike Microsoft Windows, which uses device drivers for paravirtualization, Linux virtual machines have a paravirtualized kernel. During the installation of Linux, it is actually running as a Hardware-Assisted Virtual Machine (HVM) and has access to DVD just like Windows. Once the Linux installation is complete, a Xen kernel is swapped in. However, as the paravirtualization is kernel based, this causes issues with accessing the DVD on boot, as the kernel is not loaded.

For XenCenter 5, boot by "Start/Shutdown -> Start in Recovery Mode".
Command line:
# xe vm-param-set uuid= HVM-boot-policy=BIOS\ order
# xe vm-param-set uuid= HVM-boot-params:order=dc
# xe vm-start name-label='<vm-name>'
Make sure that you have a cd selected for the vm. When you are done, do:
# xe vm-param-set uuid= HVM-boot-policy=
This will unset BIOS order so the vm will boot using pygrub again

Fix VM boot sector
From host, run: xe-edit-bootloader -n <vm-name-label> -u <vm-uuid> -p <partition-number>

Setup new/clone linux server
. get CD Depository, tar of the old server
. create new VM
- highlight the new vm, under "Storage" tab, select the created virtual disk, under Properties,
highlight the last entry on the left panel "vm name(Device 0,(Read/Write)". Change the "Device Position" would change the device name "/dev/hda"
- boot with redhat with "linux rescue"
sh-3.2# fdisk -l #confirm the device
sh-3.2# fdisk /dev/hda # create 3 partition 1:100m for /boot, 2:swap, 3:root
 # make sure the swap partition is type 82 (linux swap)
sh-3.2# mkfs.ext3 /dev/hda1
sh-3.2# mkfs.ext3 /dev/hda3
sh-3.2# mkdir /mnt/sysimage
sh-3.2# mount /dev/hda3 /mnt/sysimage
sh-3.2# mkdir /mnt/sysimage/boot
sh-3.2# mkdir /dev/hda1 /mnt/sysimage/boot
sh-3.2# cd /mnt/sysimage
sh-3.2# sftp dchen@10.213.66.23 #this is the underline xen
sh-3.2# #get the system tar file
sh-3.2# tar zxpf <server.tgz>
modify boot/grub/device.map; grub.conf (make sure root=/dev/hda3); etc/fstab; etc/hosts; etc/sysconfig/network; etc/sysconfig/network-script/ifcfg-eth0; etc/resolv,confl etc/ntp.conf
reboot to "linux rescue" mode again, system would find existing linux partition and mount it under /mnt/sysimage
sh-3.2# chroot /mnt/sysimage
sh-3.2# grub-install /dev/hda
sh-3.2# chkconfig network onThen force reboot in citrix
- make sure sub directory of /var exist. Many services depend on like /var/log /var/run /var/log/httpd
- remove packages: "hp-snmp-agents hpacucli hp-health"
- install package: tcsh, OpenIPMI, OpenIPMI-libs
- may want to run kudzu "harware discovery utility" once
- services may turn off:
acpid; atd; auditd (needed for selinux); anacron; autofs;
avahi-daemon: service discovery via mDNS;
bluetooth; cpuspeed; cups; firstboot; gpm; haldaemon; hidd; isdn;
irqbalance: needed for multi-cpu;
kudzu: hardware probe;
lm_sensors: motherboard sensor monitoring;
lvm2-monitor; mdmonitor;
messagebus: broadcasts notification of system events;
microcode_ctl;
pcscd: pc smart card;
netfs; nfslock; portmap; rpcbind; rpcgssd; rpcidmapd: for NFS
yum-updatesd;

VM don't start
- Storage Repositry (SR) is not available, in "broken" state, "Repair" first.
- find the broken Physical Block Device (PBD) storage:
# xe pbd-list currently-attached=false
- check logs: /var/log/xensource.log*; SMlog*; messages*

check if PBD unplugged
# grep "PBD.plug" xensource.log
# xe pbd-list host-uuid=<host-uuid> sr-uuid=<sr-uuid>
# xe pbd-plug uuid=<uuid>
# xe sr-list name-label="My SR" params=uuid
LUN/HDD → PV → VG (SR) → LV (VDI)

find device SCSI ID
# xe pbd-list params=device-config sr-uuid=<sr-uuid>
is LUN empty
# udevinfo -q all -n /dev/disk/by-id/<...>

VG name generated from SR uuid (+ prefix)
VG created on PV, the returned uuid should match
# pvs | grep <scsi id>
# xe sr-list name-label="My SR" params=uuid
LV name generated from VDI uuid (+ prefix)
these two return should match:
# cat /etc/lvm/backup/VG... | grep VHD
# xe vdi-list sr=<uuid> params=uuid
Displaying VG (vgs), PV (pvs), LV (lvs)
# vgs 'VG_XenStorage-<sr-uuid>
# pvs
# lvs
Addressing block devices (/dev/disk)
# ls -lR /dev/disk | grep <scsi id>
check /dev/disk/by-id; /dev/disk/by-scsibus; /dev/disk/by-path
Examining HDD/LUN with "hdparm -t"
# hdparm -t /dev/disk/by-id/scsi-<scsi id> # got ioctl error
Restoring PV & VG from backup
LVM metadata backup:
/etc/lmv/backup/VG_XenStorage-<sr uuid>

remove old VG & PV
# vgremove "VG_XenStorage-<sr-uuid>
# pvremove /dev/mapper/<scsi id>
recreating PV & VG
# pvcreate -uuid <PV uuid from backup file> --restorefile /etc/lvm/backup/VG_XenStorage-<sr-uuid>
# vgcfgrestore VG_XenStorage-<sr-uuid>
confirm VG_XenStorage<uuid> matches <sr-uuid>
# pvs
# xe sr-list name-label="My SR" params=uuid
plugging PBD back
# xe pbd-plug uuid=<...>
# xe sr-scan uuid=<...>
```
Error code: SR_BACKEND_FAILURE_46
Error parameters: , The VDI is not available [opterr=Error scanning VDI 7e5f83a7-b6c4-4fae-9899-1e6a2cdabd32]
```
# xe vdi-list uuid=<above uuid>
# lvremove /dev/VG_XenStorage-<uuid>/<uuid>
# xe sr-scan uuid=<...>

1. xe task-list to view the Pending tasks
2. xe task-cancel force=true uuid= to cancel a specific task

Replace a Network Interface Card
http://support.citrix.com/article/CTX127161
The following procedure describes the steps required to replace the management interface. If the NIC you are replacing is not the management interface you can skip steps 2 and 8. Step 7 is only required if you need to assign an IP address to the PIF.
1. Shutdown all the virtual machines on the host using XenCenter or from the console:
xe vm-shutdown uuid=<vm_uuid>

If cannot shutdown, go back the the console GUI to shutdown there

2. Disable the management interface using the host-management-disable command:
xe host-management-disable
3. Remove the PIF records of the NICs being replaced using the pif-forget command:
xe pif-forget uuid=<pif_uuid>

The VM using the pid need to be down before forget

(4. Shutdown the host and replace the NIC:
xe host-disable host=<host_name> )
5. Re-introduce the devices using the pif-introduce command:
xe pif-introduce device=<device_name> host-uud=<host-uuid> mac=<mac_address>

Example:
xe pif-introduce device=eth0 host-uuid=49e1cde9-a948-4f8f-86d5-3b681995566a mac=00:19:bb:2d:7e:7a
6. Verify the new configuration using the pif-list command:
xe pif-list params=uuid,device,MAC
(7. Reset the interface address configuration using the pif-reconfigure-ip command:
xe pif-reconfigure-ip uuid=<pif_uuid> mode=static IP=<ip_address> netmask=<netmask> gateway=<gateway> DNS=<dns>
8. Reset the host management interface using the host management-reconfigure command:
xe host-management-reconfigure pif-uuid=<pif_uuid> )
step 7,8 can be done in console UI. May need reboot twice.

Other commands
xe host-list
xe vm-list
xe pif-list
xe vif-list

Change host name
xe host-set-hostname-live host-uuid=<host_uuid> host-name=<name>
xe host-param-set name-label=<name> uuid=<host-uuid>
xe host-set-hostname-live host-uuid=xxx hostname=xxx

Remove VM Interface
a) xe vm-vif-list <vm-selectors>
b) xe vif-unplug uuid=<vif-uuid> force=true
c) xe vif-destroy uuid=<vif-uuid>

Add a Permanent Search Domain Entry in the Resolv.conf

Use the following steps to complete the task:

To identify the management NIC on a given host run, use the following command:
xe pif-list host-name-label=<hostname of the xenserver to modify> management=true

To add the static search domain entry to the resolv.conf:
xe pif-param-set uuid=<pif uuid> other-config:domain=searchdomain.net
Multiple search domain entries can be entered separated by commas:

xe pif-param-set uuid=<pif uuid> other-config:domain=searchdomain.net,searchdomain2.net

Reboot the XenServer Host.

A cat /etc/resolv.conf should now show the search domain entry.

Leave pool
After the system join a pool, something messed up.

# xe pool-recover-slaves
The host is its own slave. Please use pool-emergency-transition-to-master or pool-emergency-reset-master.
# xe pool-emergency-transition-to-master
Host agent will restart and transition to master in 10 seconds...
# xe host-list
uuid ( RO) : f4457ca9-4526-42ec-af53-742e86475f9a
name-label ( RW): devxen02-man
name-description ( RW): Default install of XenServer

Enable autostart for XenServer 6.0

Re-enable the VM autostart feature for the pool object:
xe pool-param-set uuid=UUID_OF_THE_POOL other-config:auto_poweron=true

Set the following parameter for VMs you wish to have automatically starting:
xe vm-param-set uuid=UUID_OF_THE_POOL other-config:auto_poweron=true

Find orphaned vdi

ls -alh on the sr mount point,
# xe vbd-list vdi-uuid=<disk uuid> params=all
find out which VM the disk has is associated with. If the name-label of the VDI is "base copy", the disk is the original of the linked snapshot disks.
xe host-call-plugin host-uuid=<uuid> plugin=coalesce-leaf fn=leaf-coalesce args:vm_uuid=<uuid>

xe host-list params=all
List of VMs on XenServer (with UUIDs)
# xe vm-list params=all| \
awk '{if ( $0 ~ /name-label/) {$1=$2=$3=""; vmname=$0} \
if ($0 ~ /affinity.*\:\ [a-e,0-9]/) {host=$4; printf "%s \n", vmname}}'

# xe vm-list | awk '{if ( $0 ~ /uuid/) {uuid=$5} if ($0 ~ /name-label/) {$1=$2=$3="";vmname=$0; printf "%45s - %s\n", vmname, uuid}}'
List virtual machines: xe vm-list
Get uuid of all running VMs:
xe vm-list is-control-domain=false power-state=running params=uuid | egrep -o "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"
Shutdown VM: xe vm-shutdown --force vm=<uuid>

If does not work, find out the pending task queue: xe task-list
Cancel the process that hold up the system:
xe task-cancel uuid=<task uuid>
If still failed: xe-toolstack-restart
Yet still failed, find the domain number: list_domains | grep <vm-uuid>
then: /opt/xensource/debug/xenops destroy_domain –domid <domain-number>

Suspend VM: xe vm-suspend vm=<uuid>
List all the parameters available on the selected host:
xe vm-param-list uuid=<uuid>

CPUs
Set the number of cores with:

xe vm-param-set platform:cores-per-socket=4 uuid=xxxxxx

Set the number of CPUS at startup:

xe vm-param-set VCPUs-at-startup=8 uuid=xxxxxx

Set the max number of CPUS:

xe vm-param-set VCPUs-max=8 uuid=xxxxxxx

Hosts
List hosts

xe host-list

Shutdown host

xe host-shutdown host=<uuid>

Remove Host from Pool

xe host-forget uuid=<toasted_host_uuid>

Get Pool Master UUID

xe pool-list params=master | egrep -o "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"

Eject host from pool

xe pool-eject host-uuid=9712025f-9b98-4c25-81ef-9222993b71f9

Get VMs running on specified host

xe vm-list resident-on=<host uuid=""> is-control-domain=false

Pending tasks:

xe task-list #to view the Pending tasks
xe task-cancel force=true uuid=<UUID> #to cancel a specific task

Last resort:

xe-toolstack-restart

Networking
Lists networks

xe network-list

Lists Physical Network Cards with specified MAC Address

xe pif-list MAC=1c:c1:de:6b:9f:22

Create a new Network

xe network-create name-label=VLAN_DMZ

Assign a network to a Physical Network Card with a VLAN

xe vlan-create network-uuid=329b55d1-0f77-512a-63ed-8b6bcf429e99 pif-uuid=80c1ea1a-4beb-c1ee-f69d-14e3a699587e vlan=205

Backups
Export VM or snapshot to XVA

xe vm-export vm=<uuid_or_name> filename=/backup/Ubuntu_backup.xva

Import XVA file

xe vm-import vm=<name> filename=/backup/Ubuntu_backup.xva

Create a snapshot

xe vm-snapshot vm="<vm_name>" new-name-label="snapshot_name"

Convert snapshot to template

xe snapshot-copy uuid=<snapshot_uuid> sr-uuid=<sr_uuid> new-name-description="Description" new-name-label="Template Name"

http://wiki.xensource.com/xenwiki/Command_Line_Interface
convert centos to Xen VM
http://forums.citrix.com/thread.jspa?threadID=265091
backup live XenServer
http://www.computerforums.org/forums/server-articles/how-setup-live-xenservers-backups-208663.html
fast-clone VM
http://virtualfuture.info/2010/10/xenserver-fast-clone-a-vm-120-times-in-90-seconds/
Zero-Downtime Limited-Space Backup and Restore
http://community.citrix.com/display/xs/Zero-Downtime+Limited-Space+Backup+and+Restore
http://community.citrix.com/display/xs/XenServer+Final+Backup+Script+with+or+without+snapshot
http://www.charleslabri.com/back-up-xenserver-6-to-network-share-with-fancy-scripting-and-lots-of-fun-and-no-downtime/
** http://blog.andyburton.co.uk/index.php/2009-11/updated-citrix-xenserver-5-5-automatic-vm-backup-scripts/
http://www.8layer8.com/?p=260