Configure Secure TCP for Oracle VM Manager

The configuration of the TCPS service requires a certain amount of understanding about keystores and certificates. It is similar to the HTTPS configuration of Weblogic, so if you are involved in setting up overall Oracle VM security, this will be straightforward.

It's preferred to use the bundled scripts to create keystore and enable TCPS service for Oracle VM Manager.

Using Bundled Scripts

When you perform a fresh install of Oracle VM Manager 3.1.1, 3.2.x or 3.3.x, scripts are provided under /u01/app/oracle/ovm-manager-3/bin of the Oracle VM Manager server

·         secureOvmmTcpGenKeyStore.sh: create the keystore

·         secureOvmmTcp.sh: use the generated keystore to enable the TCPS service for Oracle VM Manager

For Oracle VM Manager 3.2.x and 3.3.x, the scripts are included as part of the default installation.

For detailed instructions how to use the scripts, please refer to the documentation:

• Oracle VM Manager 3.1.1: Enabling Remote Log Ins of Oracle VM Installation and Upgrade Guide.
• Oracle VM Manager 3.2: http://docs.oracle.com/cd/E35328_01/E35330/html/vmiug-manager-tcps.html
• Oracle VM Manager 3.3: http://docs.oracle.com/cd/E50245_01/E50251/html/vmadm-utils-tcps.html

After you follow the instructions to create keystore and enable TCPS service for Oracle VM Manager. Once Oracle VM Manager is restarted, you can verify the status to confirm that Oracle VM Manager is now listening for TCPS requests on port 54322 by default.

# netstat -a | grep  54322 tcp       0     0*:54322                    *:*                         LISTEN

Additional Resources

For more information, see the following links:

• Oracle VM Download: http://www.oracle.com/technetwork/server-storage/vm/downloads/index.html
• Oracle VM Documentation: http://www.oracle.com/technetwork/server-storage/vm/documentation/index.html
• Oracle Enterprise Manager Documentation: Registering Oracle VM Manager

How to Create Virtual Disk without Oracle VM Manager

In some situations, it may be necessary to know how to create a Virtual Disk on OVM 2.2 without using OVM Manager, and attach it to a Virtual Machine.

This can be done in OVM 2.2 via the following process:

1. Log into the Oracle VM server where the VM is running.

2. Change the directory at which the repository is mounted, e.g.:

# cd /to/path/to/repo

3. Create the raw format .img disk image, e.g. initiating 4 GB Virtual Disk:

# dd if=/dev/zero of=newdisk.img bs=1M count=4096

4. Then add new disk image to disk = [ ] section of vm.cfg file of a Virtual Machine. Format:

disk = [ 'file:/mnt/el4u5_64_hvm//system.img,hda,w' ]

Note: Making any change to vm.cfg file effective requires a domain re-creation which is Virtual Machine shutdown then start (NOT restart.)

5. If an outage on the Virtual Machine is not possible, then hot plug read/write as /dev/xvdX by:

# xm block-attach [domain ID] /path/to/image /dev/xvdX w

To increase Virtual Machine Memory in the OVM Manager GUI ?

To increase Virtual Machine Memory in the OVM Manager GUI, Please follow the following steps 


1. Using Oracle VM Manager GUI:

2. Login to Oracle VM Manager (GUI).

3. Select the VM and click on edit.

4. Check the assigned "Max. Memory (MB):" and "Memory (MB):".

5. If the "Max. Memory (MB):" is the same as "Memory (MB):", then you have to shut down the VM to increase the "Max. Memory (MB):" and "Memory (MB):".

6. If the "Max. Memory (MB):" is higher than the "Memory (MB):", then you can increase the "Memory (MB):" till "Max. Memory (MB):".

7. Ensure the "Memory (MB):" should not be higher than "Max. Memory (MB):"

8. Click on Save.

Login to the VM and verify allocated memory. 

Memory allocated to the VM can be check by Oracle VM Manager either by going to the Server and 
VM tab or by going to Health tab in GUI  then selecting Server and VM statistics. 

How to Inject ESX 5.2.1 Host Drivers into VMware ESXi 5.0U1 Media

The procedure for PXE Booting or SAN Booting an ESXi 5.0U1 host is the same as for an ESXi 4.0 host, with the exception of creating the injecting the host drivers into the ESXi 5.0U1 bundle. The following text documents how to inject the host drivers. Use the following text instead of the text for the remaster-iso script in the XgOS Remote Booting Guide.

After completing the following procedure, you can use the SAN Boot procedure for ESXi 4.0 hosts document to configure the ESXi 5.0U1 host for SAN Booting.
 

Considerations:

Be aware of the following:

• Creating the custom ISO is accomplished through Microsoft Windows PowerShell—and specifically the VMware vSphere PowerCLI plug-in for PowerShell. The Windows server will need this tool installed

• Creating the custom ISO is supported on a Windows host server only. The server requirements are determined by the PowerShell application

• You use a pre-configured ESXi bundle as a baseline, then inject the Xsigo/Oracle bits into it. The OS file is available on the VMware website: update-from-esxi5.0-5.0_update01.zip

• You will need full administrative rights on the Windows server where you will be creating the custom ISO

Manually Injecting the Host Drivers into the ESXi 5.0U1 Bundle.

The following procedure assumes the working directory is: \images\New for the user “adminA”.
 

To inject the host drivers into the ESXi 5.0U1 bundle, follow this procedure:

Step 1 Install PowerShell on the Windows server if you have not done so already.

Step 2 Install the PowerCLI plug-in if you have not done so already.

Step 3 Download the update-from-esxi5.0-5.0_update01.zip file to the Windows server.

Step 4 Start PowerCLI.

Step 5 In PowerCLI, run the following commands to import the ESXi 5.0 bundle and the host drivers into PowerCLI:
 

Add-EsxSoftwareDepot -DepotUrl C:\<file directory>\update-from-esxi5.0-5.0_update01.zip
Add-EsxSoftwareDepot -DepotUrl C:\<file directory>\xsigo_5.2.1.ESX.1-1vmw.500.0.0.472560.zip

Step 6 Run the following command to specify the profile that you want to use when creating the output ISO:

New-EsxImageProfile -CloneProfile ESXi-5.0.0-20120302001-standard -Name ESXi-5.0.0-20120302001-standard-xsigo

Step 7 Run the following commands to add the IB stack and other dependencies to the depot:

Add-EsxSoftwarePackage -ImageProfile <profile name> -SoftwarePackage net-ib-core
Add-EsxSoftwarePackage -ImageProfile <profile name> -SoftwarePackage net-mlx4-core
Add-EsxSoftwarePackage -ImageProfile <profile name> -SoftwarePackage net-ib-mad
Add-EsxSoftwarePackage -ImageProfile <profile name> -SoftwarePackage net-ib-sa
Add-EsxSoftwarePackage -ImageProfile <profile name> -SoftwarePackage net-mlx4-ib
Add-EsxSoftwarePackage -ImageProfile <profile name> -SoftwarePackage net-xscore
Add-EsxSoftwarePackage -ImageProfile <profile name> -SoftwarePackage net-xsvnic
Add-EsxSoftwarePackage -ImageProfile <profile name> -SoftwarePackage net-xve
Add-EsxSoftwarePackage -ImageProfile <profile name> -SoftwarePackage scsi-xsvhba

Step 8 Run the following commands to create single output ISO containing all required files from the depot. The following example assumes unsigned drivers to provide the most complete example:
 

Export-EsxImageProfile -ImageProfile ESXi-5.0.0-20120302001-standard-xsigo -ExportToIso -FilePath C:\<file directory>\ESXi-5.0U1-623860.xsigo-5.2.1.iso

NoSignatureCheck

Supported Host Drivers

This section documents information about the supported ESX host drivers and how to obtain them.
 

Downloading Supported Drivers

You need access to the support site to download the drivers. To get the drivers:

Step 1 Log in to the download portal (http://www.oracle.com/technetwork/server-storage/xsigo-1870185.html).

Step 2 Navigate to the binaries and download them.

VMware ESXi 5.0 Host Drivers

For this release, host drivers for VMware ESXi Server 5.0U1 are: update-from-esxi5.0-5.0_update01.zip
 

Both the InfiniBand and host drivers are contained in this bundle, which is a new packaging method for distributing Xsigo/Oracle host drivers. Due to this new packaging method, the method for installing the host drivers has changed. See: Installing 5.0.0-ESX Host Drivers Directly from the ESXi 5.0 Bundle

How to Collect Diagnostic Data From VMware ESX/ESXi and VirtualCenter Server

There are a couple of methods for collecting diagnostic data from VMware ESX/ESXi Servers / VirtualCenter Server.

A) One method is to login as root to the ESX/ESXi Server Service Console command line as user 'root'. In the /root directory run the command vm-support. This will generate a tarball named something similar to:

esx-2008-month-day--hour.min.<PID>.tgz.

There are other flags and switches you may use with the vm-support command to generate:

1) Performance snapshots
2) Gather Virtual Machine specific debugging
3) Suspend Virtual Machine to generate VM core files and include VM memory state with vm-support output.

For complete information on the command line options you can run with vm-support see the manpage for vm-support on your ESX/ESXi Server.

B) Second method is from within the VI Client connecting directly to the host go to File - Export - Export Diagnostic Data.

C) Third method using the VI Client to connect directly to the VirtualCenter Server managing multiple ESX Server hosts - go to the Administration pull down menu - Export Diagnostic Data - Select ESX hosts and make sure box is checked to "Include information from VirtualCenter Server and VI Client".

Choose where on the Windows Server hosting your VirtualCenter Server to store the diagnostic data. This method not only collects VirtualCenter Server specific information but also generates and collects the vm-support output for the ESX Server hosts you select.

You want to use the VirtualCenter method to generate and collect diagnostic data if:

1) Problem is VMotion, Migration related
2) Problem is related to creating or deploying templates or clones
3) Problem affects more than one ESX host
4) Problem is VirtualCenter Server related, for example VC Server performance reporting
5) Problem is related to VirtualCenter Server Plugins / Addons such as HA, DRS, VCB, Update Manager, Capacity Planner, VMware Converter etc...
6) Problems using the Snapshot Manager

How to Find ESXi 5.x Host Driver Version Installed

There are multiple ways to accomplish this. 

First is by logging into the Fabric Director as user 'admin' and running the 'show physical-servers' command:

perf01  2c9030005f7d4  cslab-rum01:ServerPort19  VMware/ESX5.2.0.EAX1C.1/x86_64   2.7.0/3.0.0  perf01-rum

Another way is to login to the ESXi 5.0 host as user 'root' and executing this command:

# esxcli software vib list |grep xsvnic, xsigo, xsvhba or xscore

In the ESXi 5.x vm-support or xsigo-support logs go to the 'commands' folder:

-bash-3.2$ ls
action.log  bootbank  commands  error.log  errors-ignored.log  etc  json  proc  README  reconstruction  reconstruct.sh  usr  var  vmfs

In the 'commands' directory grep the 'localcli_software-vib-get.txt' file for xsvnic or xsvhba:

-bash-3.2$ grep -i xsvnic localcli_software-vib-get.txt
VMware_bootbank_net-xsvnic_5.0.2.ESX.1-1vmw.500.0.0.406165:
   Name: net-xsvnic
   Summary: xsvnic: net driver for VMware ESX
   Provides: com.xsigo.xsvnic-9.2.0.0

Veritas NetBackup OpsCenter upgrade

Veritas NetBackup OpsCenter upgrade

Pre-Checks:

1. OpsCenter should run on same version as Netbackup is running or should run on higher version. OpsCenter/OpsCenter Analytics must always be running the same or higher version.

2. Make sure that OpsCenter is compatible with Operating System and Netbackup.

3. OpsCenter should always run on a dedicated server and not on a NBU master

4. Ensure that all required ports are open on OpsCenter Server.

OpsCenter Port requirement:

Technote: https://www.veritas.com/support/en_US/article.100002391

Steps to Upgrade OpsCenter Analytics

1.    Backup OpsCenter Database

OpsCenter is shipped with a database backup script that performs backup of the database , the corresponding database password file, and the encryption key file without interrupting its operations, which is referred to as hot backup. On UNIX as well as Windows platforms, the script overwrites the existing database files before backing up or restoring them.

Note:

Regular file system backups are not sufficient for backing up the OpsCenter database. You must schedule periodic hot backups for the OpsCenter database to avoid losing any important data.

To back up the OpsCenter database

1. Log on to the OpsCenter database server host in one of the following ways:

Windows	As an administrator or user in the Administrator group
UNIX	root

2. Open the Windows command prompt or the UNIX console.
3. Run the backup script that is appropriate for your platform. Specify one of the following backup directories depending on your platform:

LINUX	/opt/SYMCOpsCenterServer/bin/dbbackup.sh /u01/backup/OpsCenter/

4. The backup script backs up the database files, database password files, and encryption key file in the backup directory that you specified.
5. Ensure the compatibility of the OpsCenter with the OS Version ad Bit.
6. Download OpsCenter installation file to the OS.
7. Run the installation and follow the process.

Note: OpsCenter should always run on a dedicated server and not on a NBU master

Documentation:

Backing up the OpsCenter database

Technote: https://www.veritas.com/support/en_US/doc/27537447-127427700-0/v28842080-127427700

Download OpsCenter:

Link: https://www.veritas.com/content/support/en_US/article.100019594.html 

How to Backup OpsCenter Database:

Link: https://www.veritas.com/support/en_US/doc/27537447-127427700-0/v28842080-127427700

Upgrading OpsCenter on UNIX

Use the following procedure to upgrade to OpsCenter software on UNIX hosts.
Note:

Veritas recommends that you do not cancel or interrupt the installation process once it is started.

To upgrade OpsCenter Server on UNIX

1. If you plan to upgrade your backup product and OpsCenter, ensure that you upgrade OpsCenter first. When upgrading OpsCenter, always upgrade the OpsCenter Server first followed by the Agent and then the View Builder.
2. Open a UNIX console and log on as root on the target host.
3. Mount the OpsCenter product DVD on the OpsCenter Server that you want to upgrade.
4. Untar OpsCenter_7.7_Unix.tar.gz
5. Cd /u01/share/soft/OpsCenter_7.7_Unix
6. Type the following command: ./install. Press Enter.
7. [root@em01 OpsCenter_7.7_Unix]# ./install

8. The Welcome message is displayed. Press Enter to continue.

9. The installer then checks if OpsCenter Server is installed on the system or not. It prompts you in case OpsCenter Server is already installed. The installer also examines the system for existing packages. 

10. The following prompt is displayed:

Where should the existing OpsCenter database and configuration files be backed up? 

An 'OpsCenterServer_backup' directory will be created within the directory that you specify to store these 

files. (/var/symantec/)

Type the directory name in which the existing OpsCenter database and configuration files can be saved and then press Enter.

To accept the default directory path (/var/symantec), press Enter.

11. The installer displays a list of components that will be installed or upgraded like PBX, OpsCenter Server, OpsCenter user interface and so on. Review this list and press Enter to continue.

12. The installer prompts you with the following question:

installOpsCenterServer is now ready to upgrade OPSCENTERSERVER.

Are you sure you want to upgrade OPSCENTERSERVER? [y,n,q] (y)

Press Enter to continue OpsCenter upgrade.

13. The installer prompts you with the following question:

Participate in the NetBackup Product Improvement program? [y,n,q] (y)

Press Enter if you want to participate in the NetBackup Product Improvement program or press n if you do not want to participate.

14. The installer prompts you with the following question:

Do you want to import users from <remote AT host name> to OpsCenter AT?

Press Enterto import users from the earlier OpsCenter versions.

For more details, refer to the About Importing Authentication Settings section.

If the import fails, you need to reset password of all OpsCenter(vx) users.

15. By default, in OpsCenter, the database is upgraded in the beginning. However, you can choose to first upgrade the OpsCenter software.

The database upgrade process starts. In this process, the OpsCenter data is migrated to the new OpsCenter database version. The database process may take time depending on your database size.

The following message is displayed:

The database upgrade is in progress. This may take some time based on the database size. You can see the progress and current status in /var/tmp/(directory)/db/log/dbManager_<timestamp>_.log file.

After complete installation, the logs are copied to the following location:/var/VRTS/install/logs/LogDirectory/db/log

LogDirectory is generated during the upgrade progress.

16. The installer displays the OpsCenter packages that are installed. Depending on the installed packages, the following message may be displayed:

The following packages were found on the system. However the package

versions are older than the ones required by OpsCenter.

VRTSOpsCenterServer existing version was found on the system, 

but OpsCenter requires VRTSOpsCenterServer new version

VRTSOpsCenterGUI existing version was found on the system, 

but OpsCenter requires VRTSOpsCenterGUI new version

VRTSOpsCenterLegacyServer existing version was found on the system, 

but OpsCenter requires VRTSOpsCenterLegacyServer new version

The installer then uninstalls the older packages and installs new version of OpsCenter Server.

17. OpsCenter Server is installed. Configuration changes are made to the system.
18. All the OpsCenter processes are started. The following information is also displayed:

o    Web URL to access OpsCenter console

o    Location of install log and summary files.

Note:

After successful upgrade, OpsCenter database password is set to an auto-generated string, if the earlier password is still the default one, that is 'SQL'. Veritas recommends that you change the database password after the installation.

If you had changed the default password in the earlier version, you do not need to change it again. The installer retains the old password that you can use in the current version.