Professional Documents
Culture Documents
Its usual students of mine to decide to study some backup software and, in the middle
of way, they always complaint of the lack of a good environment to test all concepts and
procedures, mainly because theres not free robot and just making backup on disk is boring. ;)
Actually, theres a very good VTL software named mhVTL (
http://sites.google.com/site/linuxvtl2 ) which could be used in a perfect way and emulating
great brands like StorageTek (nowadays, Oracle). By the way, in this example, Im going to
explain how to setup a VTL (using first a very nice Web interface) and, after everything is
working and accessable from another remote host, Im going to show you details about the
configuration files.
To show you these step-by-step, Im using VMware Workstation 8 and my virtual
network have three virtual machines: the first running CentOS 6.0 64 bits (our VTL), the second
running CentOS 6.0 64 bits too (supposedly our backup machine) and the third running
Windows 7 ( supposedly another backup machine it could be a Windows 2008). Lets see the
procedure.
(On CentOS which will run the VTL)
a) In your first CentOS 64 bits you should prepare your system to download the packages
from Web. As a root user, do:
# rpm --import http://elrepo.org/RPM-GPG-KEY-elrepo.org
# rpm -Uvh http://elrepo.org/elrepo-release-6-5.el6.elrepo.noarch.rpm
b) Now that your CentOS is configured with the new repository, execute the following
command to install the mhVTL software:
# yum install mhvtl-utils kmod-mhvtl
c) Verify if the SELinux is enabled:
# sestatus
SELinux status:
enabled
SELinuxfs mount:
/selinux
Current mode:
enforcing
Mode from config file:
enforcing
Policy version:
24
Policy from config file:
targeted
d) If true, disable it:
# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
http://alexandreborges.org
Pgina 1
e) Open the port 3260 (iscsi) in the iptables firewall file and save the rule:
# iptables -I INPUT -m state --state NEW -p tcp --dport 3260 -j ACCEPT
# service iptables save
f)
Unfortunately, configuring the VTL in the command line is hard, so you can install a web
interface to help you in this task. Lets do it:
1) mkdir /guivtl
2) Download the Web Manage Console GUI from:
https://github.com/niadev67/mhvtl-gui/tarball/master/
3) cp niadev67-mhvtl-gui-1.4.7-3-g9f3bde0.tar.gz /guivtl
4) cd /guivtl
5) tar zvxf niadev67-mhvtl-gui-1.4.7-3-g9f3bde0.tar.gz
6) cd niadev67-mhvtl-gui-9f3bde0/
7) yum install httpd
8) chkconfig httpd on
9) cp -r * /var/www/html/
10) yum install php
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: centos.secrel.com.br
* elrepo: elrepo.org
* extras: centos.secrel.com.br
* updates: centos.secrel.com.br
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package php.x86_64 0:5.3.3-23.el6_4 will be installed
--> Processing Dependency: php-common(x86-64) = 5.3.3-23.el6_4 for package: php-5.3.323.el6_4.x86_64
--> Processing Dependency: php-cli(x86-64) = 5.3.3-23.el6_4 for package: php-5.3.323.el6_4.x86_64
--> Running transaction check
---> Package php-cli.x86_64 0:5.3.3-23.el6_4 will be installed
---> Package php-common.x86_64 0:5.3.3-23.el6_4 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
===============================================================================
=
Package
Arch
Version
Repository
Size
===============================================================================
=
http://alexandreborges.org
Pgina 2
php-common.x86_64 0:5.3.3-23.el6_4
Complete!
11) Now, its needed to allow the web server user to run all commands as root:
# echo apache ALL=(ALL) NOPASSWD: ALL >> /etc/sudoers
12) Edit /etc/sudoers and comment out the line Defaults requiretty (highlighted
below):
## Sudoers allows particular users to run various commands as
## the root user, without needing the root password.
##
## Examples are provided at the bottom of the file for collections
## of related commands, which can then be delegated out to particular
## users or groups.
##
http://alexandreborges.org
Pgina 3
## Command Aliases
## These are groups of related commands...
## Networking
# Cmnd_Alias NETWORKING = /sbin/route, /sbin/ifconfig, /bin/ping, /sbin/dhclient, /usr/bin/net,
/sbin/iptables, /usr/bin/rfcomm, /usr/bin/wvdial, /sbin/iwconfig, /sbin/mii-tool
## Installation and management of software
# Cmnd_Alias SOFTWARE = /bin/rpm, /usr/bin/up2date, /usr/bin/yum
## Services
# Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig
## Updating the locate database
# Cmnd_Alias LOCATE = /usr/bin/updatedb
## Storage
# Cmnd_Alias STORAGE = /sbin/fdisk, /sbin/sfdisk, /sbin/parted, /sbin/partprobe, /bin/mount,
/bin/umount
## Delegating permissions
# Cmnd_Alias DELEGATING = /usr/sbin/visudo, /bin/chown, /bin/chmod, /bin/chgrp
## Processes
# Cmnd_Alias PROCESSES = /bin/nice, /bin/kill, /usr/bin/kill, /usr/bin/killall
## Drivers
# Cmnd_Alias DRIVERS = /sbin/modprobe
# Defaults specification
#
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
#
You have to run "ssh -t hostname sudo <cmd>".
#
# Defaults requiretty
#
# Refuse to run if unable to disable echo on the tty. This setting should also be
# changed in order to be able to use sudo without a tty. See requiretty above.
#
Defaults !visiblepw
#
# Preserving HOME has security implications since many programs
# use it when searching for configuration files. Note that HOME
# is already set when the the env_reset option is enabled, so
# this option is only effective for configurations where either
http://alexandreborges.org
Pgina 4
env_reset
env_keep = "COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS"
env_keep += "MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE"
env_keep += "LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES"
env_keep += "LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE"
env_keep += "LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY"
#
# Adding HOME to env_keep may enable a user to run unrestricted
# commands via sudo.
#
# Defaults env_keep += "HOME"
Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin
## Next comes the main part: which users can run what software on
## which machines (the sudoers file can be shared between multiple
## systems).
## Syntax:
##
## user
MACHINE=COMMANDS
##
## The COMMANDS section may have other options added to it.
##
## Allow root to run any commands anywhere
root ALL=(ALL)
ALL
## Allows members of the 'sys' group to run networking, software,
## service management apps and more.
# %sys ALL = NETWORKING, SOFTWARE, SERVICES, STORAGE, DELEGATING, PROCESSES, LOCATE,
DRIVERS
## Allows people in group wheel to run all commands
# %wheel
ALL=(ALL)
ALL
## Same thing without a password
# %wheel
ALL=(ALL)
NOPASSWD: ALL
## Allows members of the users group to mount and unmount the
## cdrom as root
# %users ALL=/sbin/mount /mnt/cdrom, /sbin/umount /mnt/cdrom
## Allows members of the users group to shutdown this system
# %users localhost=/sbin/shutdown -h now
## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment)
#includedir /etc/sudoers.d
apache ALL=(ALL) NOPASSWD: ALL
Pgina 5
Done. Its time to test if our steps has worked. Please, open a browser and type the following
url: http://localhost. You should see this image:
Figure 1
http://alexandreborges.org
Pgina 6
Figure 2
The mhVTL framework already has a configured robot, then were going to erase the current
configuration to prepare for our tests. Go to Setup page and click on Remove button:
Figure 3
http://alexandreborges.org
Pgina 7
Figure 4
Figure 5
On Select Library to remove combo box, take one library at time, toggle Remove All Tape
Media Also ? option to YES and click on Continue button. However, its impossible to
remove the last robot. No problem because were going to create our robot so soon and after
that itll be possible to remove this default robot ;)
Now, lets return to Setup section:
http://alexandreborges.org
Pgina 8
Figure 6
Figure 7
Second, as well will choose to create a StorageTek L700 tape library, then we must press
STK (StorageTek) and fill all required settings. Basically, my choices were:
http://alexandreborges.org
Pgina 9
Figure 8
Now, you must press Submit Query button, Finish twice and then Return. From there,
you should return to Console and start the mhVTL engine clicking on green Start button:
http://alexandreborges.org
Pgina 10
Figure 9
Please, you notice that we have two VTLs now and, if you want to erase the old one, feel free
to do it.
Its time to configure the robot STK L700 as an iSCSI target to make it ready to be connected by
one host initiator using iSCSI. Go to the iSCSI (tgt) section, press Enable and then
Return button :
http://alexandreborges.org
Pgina 11
To make things easier, click on Quick Start , Start and finally on Return button:
Figure 11
Figure 12
http://alexandreborges.org
Pgina 12
Figure 13
Figure 14
To confirm that the iSCSI target robot is configured, you should press on Target:
http://alexandreborges.org
Pgina 13
Figure 15
Weve finished the robot configuration. Now the reader are able to check some interesting
details about this configuration. For example, we can verify that robot tapes drives are
configured in /opt/mhvtl directory:
[root@centos2 mhvtl]# ls -al
total 88
drwxrws---. 22 vtl vtl 4096 Sep 5 02:40 .
drwxr-xr-x. 4 root root 4096 Aug 14 22:56 ..
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 CLN020TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00001TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00002TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00003TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00004TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00005TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00006TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00007TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00008TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00009TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00010TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00011TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00012TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00013TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00014TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00015TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00016TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00017TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00018TA
drwxrws--- 2 vtl vtl 4096 Sep 5 01:58 S00019TA
The robot STK L700 and and its tape drives are configured in /etc/mhvtl/device.conf:
http://alexandreborges.org
Pgina 14
Pgina 15
Pgina 16
Windows 7
Connecting a Windows system to VTL robot its very easy. First, we need to find out whats the
IP address of robot system.
[root@centos2 mhvtl]# ifconfig eth0
eth0
http://alexandreborges.org
Pgina 17
Figure 16
http://alexandreborges.org
Pgina 18
Figure 17
Its recommended to confirm that our VTL is recognized (at least seen) by Windows system:
http://alexandreborges.org
Pgina 19
Figure 18
Pgina 20
Pgina 21
Pgina 22
Oracle Solaris 11
Finally, lets configure the iSCSI initiator on the fantastic Oracle Solaris 11:
root@solaris11:~# svcs -a | grep initiator
online
1:38:43 svc:/system/fcoe_initiator:default
online
1:41:47 svc:/network/iscsi/initiator:default
root@solaris11:~# svcadm restart svc:/network/iscsi/initiator:default
root@solaris11:~# iscsiadm modify discovery -t enable
root@solaris11:~# iscsiadm add discovery-address 192.168.1.190:3260
root@solaris11:~# iscsiadm list target
Target: iqn.1994-05.com.redhat:3274326c6df:mhvtl:stgt:1
Alias: TPGT: 1
ISID: 4000002a0000
Connections: 1
root@solaris11:~# dmesg
Sep 5 01:43:47 solaris11 iscsi: [ID 559844 kern.info] NOTICE: iscsi session(6) iqn.199405.com.redhat:3274326c6df:mhvtl:stgt:1 online
Sep 5 01:43:47 solaris11 genunix: [ID 408114 kern.info] /iscsi/arraycontroller@0000iqn.199405.com.redhat%3A3274326c6df%3Amhvtl%3Astgt%3A10001,0 (nulldriver0) online
Sep 5 01:43:47 solaris11 vga_arbiter: [ID 197929 kern.info] vga_arbiter: device added:
PCI:0:0:f.0,decodes=io+mem+IO+MEM,owns=io+mem+IO+MEM,legalocks=none,norml
ocks=none
Sep 5 01:43:47 solaris11 vga_arbiter: [ID 254375 kern.info] 1 vga device(s) found
Sep 5 01:43:47 solaris11 rootnex: [ID 349649 kern.info] vga_arbiter0 at root
Sep 5 01:43:47 solaris11 genunix: [ID 936769 kern.info] vga_arbiter0 is /vga_arbiter
Sep 5 01:43:47 solaris11 isa: [ID 202937 kern.info] ISA-device: ecpp0
Sep 5 01:43:47 solaris11 genunix: [ID 936769 kern.info] ecpp0 is
/pci@0,0/isa@7/lp@1,378
Sep 5 01:43:47 solaris11 isa: [ID 202937 kern.info] ISA-device: asy0
Sep 5 01:43:47 solaris11 genunix: [ID 936769 kern.info] asy0 is
/pci@0,0/isa@7/asy@1,3f8
Sep 5 01:43:47 solaris11 isa: [ID 202937 kern.info] ISA-device: asy1
http://alexandreborges.org
Pgina 23
http://alexandreborges.org
Pgina 24
http://alexandreborges.org
Pgina 25
http://alexandreborges.org
Pgina 26