Professional Documents
Culture Documents
5 Administration
Guide
Revision history
www.vce.com
1
2014 VCE Company,
LLC.
All Rights Reserved.
Revision history
Revision history
Date
VCE Vision
Intelligent
Operations version
Document revision
Author
Description of
changes
May 2014
2.5
2.1
Megan Grasso
Table of contents
Table of contents
Introduction ................................................................................................................................................. 5
Accessing VCE documentation ................................................................................................................. 6
Referencing third party licenses ............................................................................................................... 7
Managing passwords.................................................................................................................................. 8
Changing the default password for user root ......................................................................................... 8
Changing the CAS password ................................................................................................................. 9
Changing access credentials for components ...................................................................................... 11
Customizing VCE Vision settings ........................................................................................................... 15
Taking snapshots of the VCE Vision virtual machine ........................................................................... 15
Changing VCE Vision virtual machine network properties ................................................................... 18
Configuring Plug-in for vCenter settings ............................................................................................... 21
Changing the interval of the component discovery cycle ..................................................................... 22
Changing the interval of the component health discovery cycle .......................................................... 24
Configuring login banners ..................................................................................................................... 25
Viewing information about your Vblock system .................................................................................... 27
Viewing the Vblock System and its components .................................................................................. 27
Changing the name, location, and contact information for your Vblock System .................................. 28
Assuring your Vblock System is compliant ........................................................................................... 30
Working with the Compliance Checker ................................................................................................ 30
Updating the compliance content ......................................................................................................... 31
Customizing the Compliance Checker to reflect your environment ..................................................... 33
Running a compliance scan ................................................................................................................. 34
Viewing the results of a compliance scan ............................................................................................ 35
Monitoring the health of the Vblock System .......................................................................................... 36
Health Metric ......................................................................................................................................... 36
Components that reflect health ...................................................................................................... 36
Where is the health status exposed? ............................................................................................. 38
How does it work? .......................................................................................................................... 39
Calculated health statuses ............................................................................................................. 41
Monitoring your Vblock System .............................................................................................................. 42
Monitoring and filtering events.............................................................................................................. 42
Overview of VCE Vision logs ................................................................................................................ 44
Viewing the VCE Vision logs ................................................................................................................ 46
Viewing the System Library logs from a centralized directory ....................................................... 47
2014 VCE Company, LLC.
All Rights Reserved.
Table of contents
Introduction
Introduction
This document provides information to manage a Vblock System using the VCE Vision Intelligent
Operations software.
The target audience for this document includes personnel responsible for administering a Vblock System using
the VCE Vision System Library and the VCE Vision Plug-in for vCenter. It is assumed that the user of this
document has a working knowledge of the VMware vCenter Console.
VCE Vision Intelligent Operations supports the US English keyboard.
The VCE Glossary provides terms, definitions, and acronyms that are related to Vblock Systems. Refer to
Accessing VCE documentation.
To suggest documentation changes and provide feedback on this book, send an e-mail to
docfeedback@vce.com. Include the name of the topic to which your comment applies.
Resource
Customer
support.vce.com
A valid username and password are required.
VCE Partner
www.vcepartnerportal.com/resourcelib-vce.asp?loc=331
A valid username and password are required.
www.vceportal.com/solutions/68580567.html
VCE employee
www.vceview.com/solutions/products/
or
vblockproductdocs.ent.vce.com
Procedure
1. Open a Web browser.
2. Type https://<fqdn>:8443/license/vblock-vcevision-2-5-software-license-ref.pdf.
where <fqdn> is the configured fully qualified domain name of the VCE Vision virtual machine.
3. Accept the security certificate.
Managing passwords
Managing passwords
Changing the default password for user root
The VCE Vision virtual machine is delivered as a VMware virtual appliance running on CentOS Linux with a
default password for user root that you can change. You can implement password aging to change the
password for root on a regular basis, for example, every 60 days.
Before you begin
You need the following:
The default password for root specified during the Vblock System configuration process.
Note:
The number of days for which the password will be valid if you are implementing password aging.
Procedure
1. Start an SSH session to the VCE Vision virtual machine and log on as the root user.
2. Change the default password for root using the Linux passwd command.
3.
To implement password aging, type chage -M nn, where nn is the number of days for which the
password is valid.
Managing passwords
Must include one uppercase letter, one digit, and one special character, such as !, @, #, $, %. Do not
use these characters when creating a new password: \, <, or >
Case sensitive.
Procedure
1. Start an SSH session to the VCE Vision virtual machine and log on as the root user.
2. Navigate to the /opt/vce/fm/bin directory.
3. To change the CAS password, type ./slibCasChangepw.sh.
4. Enter the admin password for VCE Vision.
Managing passwords
5. Enter the new CAS password for the admin user and then confirm the new password.
What to do next
If you use the "admin" user for authentication to the Plug-in for vCenter, you must update the password
through the Plug-in for vCenter. See the Plug-in for vCenter online help for more information. If you use the
"admin" user for authentication to the Adapter for vCenter Operations Manager, you must update the
password through the Adapter for vCenter Operations Manager. See the VCE Vision Intelligent Operations
Version 2.5 Adapter for vCenter Operations Manager User Guide for more information.
10
Managing passwords
In the vblock.xml file, only modify the access credentials (username and password) for a component.
Do not change other configuration information. Contact VCE Support at http://support.vce.com/ if
you require other changes in the vblock.xml file.
Note:
There are no restrictions for the username and password for a component, such as the length and
including special characters.
You need to know the new access credentials for the component.
The name of the configuration file, if different from the default vblock.xml.
Procedure
1. Start an SSH session to the VCE Vision virtual machine.
Note:
Press Ctrl+C and type exit to quit the SSH session and discard your changes at any time.
3. Run the following command to stop the System Library services: stopFMagent
4. Run the following command to start the configuration script: configTool.sh
The script then prompts you to display a list of templates or enter the path to the vblock.xml file, as
follows:
Press Enter to display the list of available templates, or Enter the full path of an existing
vblock.xml file: [/opt/vce/fm/conf/template] :
11
Managing passwords
The script then prompts you to select from a list of files in the path, as in the following example:
Press Enter to display the list of available templates, or Enter the full path of an existing
vblock.xml file: [/opt/vce/fm/conf/template] :/opt/vce/fm/conf/
(1)
configcollector.xml
(2)
configcollector_2.6.0.0.xml
(3)
fmagent.xml
(4)
log4j.xml
(5)
log4j_slib_sec.xml
(6)
vblock-simulator.xml
(7)
vblock.xml
Enter the number that corresponds to the system you are configuring ['0' to specify new file
or directory]:
7. Enter 0 to continue to the next step. You should not modify these attributes.
The script then prompts you to modify the location attributes for the Vblock System, as follows:
VblockLocation
Vblock
1
building: '350 Campus',
floor: '1rd', geo: 'Marlborough, MA', room: 'Eisenhower', row: 'Dev', tile: '2'
(1) building, '350 Campus'
(2) floor, '1rd'
(3) geo, 'Marlborough, MA'
(4) room, 'Eisenhower'
#160;
(5) row, 'Dev'
(6) tile, '2'
To change an attribute enter the corresponding number from the list ('0' to continue to next
step):
8. Enter 0 to continue to the next step. You should not modify these attributes.
The script then prompts you to modify component attributes such as IP addresses and access
credentials.
12
Managing passwords
Enter 0 to navigate through the various components to find the access credentials that you need
to change.
Enter the number that corresponds to the access credential you need to change.
10. Enter v to validate changes to the vblock.xml file after you change the access credentials.
The following example explains how to change the password for a Cisco UCS Manager, but this
process is similar for all components.
The script prompts you to change the IP address of the Cisco UCS Manager. You should press 0 to
continue to the next step, as follows:
Server
Compute
3
address:
'http://192.168.101.123/nuova', componentTag: 'VMABO-UCS-1', esxi: 'null', ipaddress:
'192.168.101.123', name: 'sys', type: 'UCS'
(1) ipaddress, '192.168.101.123'
To change an attribute enter the corresponding number from the list ('0' to continue to next
step): 0
The script then prompts you to change the access credentials, which include the SNMP community
string, password, and username. To change the password, you should enter 2, as follows:
Credentials
Server
4
community: 'public',
ipaddress: 'Not Applicable', method: 'xml', password: '1BadDude', username: 'admin', which:
'null'
(1) community, 'public'
(2) password, '1BadDude'
(3) username, 'admin'
Enter selection ('0' to continue to next step, or 'v' to validate ): 2
The script then prompts you to enter a new value for the password. You should enter the new
password as appropriate, as in the following example:
Enter new value for attribute 'password' [1BadDude] ('s' to skip):NewPassw0rd
The script displays the new value for the password. You should verify the change is correct and then
enter v to validate the changes to the vblock.xml file, as follows:
Credentials
Server
4
community: 'public',
ipaddress: 'Not Applicable', method: 'xml', password: 'NewPassw0rd', username: 'admin',
which: 'null'
(1) community, 'public'
(2) password, 'NewPassw0rd'
(3) username, 'admin'
Enter selection ('0' to continue to next step, or 'v' to validate ): v
The script then displays the validation output, as in the following example:
Validating XmlApi connection. Please wait...
Validating XmlApi connection succeeded!
13
Managing passwords
11. Continue navigating through the script prompts until you have made all required changes to the
access credentials.
When you configure all components, the script validates the vblock.xml file. The script displays
validation output, as in the following example:
Validating VCenter connection: url=https://10.3.17.12/sdk, user=Administrator,
password=Vcem0123. Please wait...
Validating VCenter connection succeeded!
Validating XmlApi connection. Please wait...
Validating XmlApi connection succeeded!
Validating SNMP connection. Please wait...
Validating SNNP connection succeeded!
Validating SSH connection. Please wait...
a. Press Enter.
The script prompts you with the following:
File exists would you like to overwrite (y/n)? y
b. Enter y.
The system displays the following message:
Saved to: /opt/vce/fm/conf/vblock.xml
13. Run the following command to stop the System Library services: startFMagent
14
As a best practice you should remove virtual machine snapshots after you make the required changes
to VCE Vision settings. Refer to the VMware documentation for more information. Knowledge base
article ID 1025279 provides information on best practices for snapshots in a VMware environment.
Procedure
1. Power down the virtual machine to ensure that you backup applications in a reliable state.
a. Start an SSH session to the VCE Vision virtual machine.
b. Log in as user root.
Note:
c.
The following message displays when the VCE Vision virtual machine shuts down:
The system is going down for halt NOW!
2. Log in to the VMware vSphere Client using an account with administrative privileges.
15
3. In the Navigation bar, select Home > Inventory > Hosts and Clusters.
The following screen capture shows Hosts and Clusters in the Navigation bar:
The VMware vSphere Client displays the hosts and clusters available in the environment.
4.
Navigate to the VCE Vision virtual machine for which you want to take a snapshot.
5.
Right-click the virtual machine and select Snapshot > Take Snapshot.
The following screen capture shows the Take Snapshot option in the context menu:
16
The VMware vSphere Client prompts you to specify a name and description for the snapshot:
17
18
In the Virtual Machine Properties window, select Properties from the Options tab. The Virtual
Machine Properties window appears.
3. Specify the appropriate network properties for the virtual machine and then click OK.
4.
19
If any of the preceding steps fail, the console displays the following message:
Failed!
Please check /opt/vmware/var/log/subsequentboot for details.
To ensure that the IP address has changed, start an SSH session to the VCE Vision virtual machine
and type ifconfig.
What to do next
If you have changed the fully qualified domain name of System Library, you must update the hostname in the
administration settings section of the Plug-in for vCenter. Refer to Configuring Plug-in for vCenter settings for
more information.
20
If you changed the CAS password in the VCE Vision virtual machine for the "admin" username,
update the username field.
If you updated the fully qualified domain name in the VCE Vision virtual machine, update the
hostname field.
If you deployed a new VCE Vision virtual machine, update the hostname, port number, and
username fields.
If you want to view a different Vblock System in your data center, update the hostname, port
number, and username fields.
Procedure
1. Launch a Web browser and log on to the vCenter Web Client at https://<IP or FQDN of vCenter
Web Client>:9443/vsphere-client.
2. In the Navigation area on the Home page, click Administration > VCE Vision Plug-in for vCenter >
Settings.
3. Enter the following in the Settings page.
Field
Description
Hostname
The fully qualified domain name of the VCE Vision virtual machine.
Port
8443 is the default port. Only change this if you have defined a different secure port for
VCE Vision.
Username
The user name for the Central Authentication Server (CAS) for VCE Vision
authentication.
Password
Confirm password
21
If you find that your discovery cycle takes longer than 15 minutes, modify the discovery interval to
make it longer.
You can modify the interval at which the components are discovered by System Library. The interval cannot
be less than five minutes or greater than 1440 minutes. If you set the interval to less than five minutes, the
system automatically defaults to five minutes. If you set the interval to more than 1440 minutes, the system
automatically defaults to 1440 minutes. VCE recommends that you set the discovery interval for components
to 15 minutes.
Before you begin
You must have:
Access to the root desktop on the virtual machine through the VMware vSphere Web Client
Procedure
1. Start an SSH session into the VCE Vision virtual machine as root.
2. To stop the System Library FM Agent, type stopFMagent.
3. From the root desktop, navigate to the /opt/vce/fm/conf directory.
4. Open the fmagent.xml file using a text editor, such as Gedit or vi.
22
5. In the SchedulerConfig section, change the value of the DiscoveryCycle to an interval between 15
and 1440 minutes.
- <FMAgentConfig>
- <SchedulerConfig>
<DiscoveryCycle>15</DiscoveryCycle>
<HealthPollCycle>5</HealthPollCycle>
</SchedulerConfig>
</FMAgentConfig>
23
Access to the root desktop on the virtual machine through the VMware vSphere Web Client
Procedure
1. Start an SSH session to the VCE Vision virtual machine and log on as the root user.
2. To stop the System Library FM Agent, type stopFMagent.
3. From the root desktop, navigate to the /opt/vce/fm/conf directory.
4. Open the fmagent.xml file using any a text editor, such as Gedit or vi.
5. In the SchedulerConfig section, change the value of the HealthPollCycle to an interval between 2
and 15 minutes.
- <FMAgentConfig>
- <SchedulerConfig>
<DiscoveryCycle>15</DiscoveryCycle>
<HealthPollCycle>5</HealthPollCycle>
</SchedulerConfig>
</FMAgentConfig>
24
/etc/motd
/etc/issue
/etc/issue.net
3. Enter the text that you want to be the login banner to each file and configure these files as your
company requires them to look.
Note:
If there is content already in the /etc/motd file, do not overwrite the existing content.
25
Start a new SSH session to the VCE Vision virtual machine and log on as the root user.
The new login banner with your company text appears after you log in to the VCE Vision virtual
machine.
26
Action
1.
2.
3.
4.
27
(Optional) The name of the contact person for the Vblock System.
Procedure
1. Start an SSH session to the VCE Vision virtual machine and log on as the root user.
2. Run the following command:
Note:
When using the setSNMPParams command, you need to surround a value with double
quotes if the value includes spaces.
For example, setSNMPParams -n sysName Vblock System 700-23" f.
28
-n sysName <vblock_system_name> Specifies the name of the Vblock System. The default is the
hostname.
-l sysLocation <vblock_system_location> Specifies the location of the Vblock System. The default
is an empty string.
Note:
If you do not specify the -f option, the changes take effect when you restart the System
Library FM Agent using the service vce-fm-master restart command.
29
The Vblock System Release Certification Matrix (RCM) - (RCM Compliance Validation) This allows
you to identify firmware and software that may need to be updated. VCE produces a new RCM every
month.
VCE security hardening guidelines (Security Compliance Validation - an optional module) - This
allows you to identify security vulnerabilities and risks that may exist on the Vblock System. The scan
uses the VCE security standards described in the VCE Vblock System Security Guide:
Configuration.
The Compliance Checker compares the actual settings found on your Vblock System to the expected values
found within the benchmark and profile you select. The results of the scans are displayed in detailed
compliance reports. When you view the reports, the overall compliance score lets you see at a glance how
close the Vblock System is to being compliant with the requirements of the benchmark and profile you selected
for the scan.
To make sure your Vblock System is compliant with either the RCM or Security Standards, you have to:
1. Select the benchmark and profile to use with the compliance scan
2. Run a compliance scan
3. Review the results of the scan
To make sure the scan is being run with the most current information, you must update the compliance content
(most recent RCM and the most current security standards).
Note:
30
If your Vblock System contains optional components, they are disabled by default and will not be
found in a compliance scan. To ensure the correct score, before you run the first compliance scan,
you must enable these optional components so that they can be included in the scan. Refer to the
Plug-in for vCenter online help for more information.
Depending on the number of compliance modules installed on the Vblock System, there may be more
than one RPM.
Download the Red Hat Package Manager (RPM) file that contains the updated compliance content
you plan to install. To access the RPM files, go to the VCE Download Center which is accessible
when logged into http://support.vce.com. Then go to the VCE Software folder for your Vblock System.
You will need the CAS authentication credentials for Administrator. The default username is admin
and the default password is 7j@m4Qd+1L.
Procedure
1. For each compliance module, do the following:
a. Copy the RPM file to any location in the VCE Vision virtual machine.
b. Change directory to the location that contains the RPM file.
c. Run the following command at the prompt as a user with root privileges:
rpm -Uvh vce-compliance-content-<build_number>.rpm
Where:
o
31
After you run the command, the RPM file saves the content in the
/opt/vce/compliance/content/subdirectory that corresponds to the compliance content that you
updated.
2. Run the following script: /opt/vce/compliance/content/install_content.sh
3. The update process uses the Compliance API to import content. For this reason, you must
authenticate to the CAS service to update your compliance content. When prompted, enter the CAS
administrative credentials. The default username is admin and the default password is
7j@m4Qd+1L.
After you authenticate, the script imports the updated compliance content for your environment. The following
message indicates that the content for two different modules, security hardening and RCM, has been installed
successfully:
CONTENT INSTALL RESULTS
Successfully imported content:
----------------------------------------------------------Hardening Content for VCE Vblock (TM) System 300 family
Hardening Content for VCE Vblock (TM) System 700 family
RCM Content for VCE Vblock (TM) System 100
RCM Content for VCE Vblock (TM) System 200
RCM Content for VCE Vblock (TM) System 300
RCM Content for VCE Vblock (TM) System 320
RCM Content for VCE Vblock (TM) System 340
RCM Content for VCE Vblock (TM) System 700
RCM Content for VCE Vblock (TM) System 720
32
33
For the most complete and accurate results, do not schedule scans without ensuring there is at least
ten minutes between scans.
Refer to the Plug-in for vCenter online help for instructions to run a compliance scan.
34
Score gives the overall percentage rating, shown in colored letters in the Score field. The number
indicates a weighted score reflecting the overall compliance of the scan. The color of the score
changes as the score improves. The numbers progress from red (less than 50 percent
compliance) to yellow (from 50-74 percent compliance) to green (for 75 percent or better
compliance).
Benchmark Information describes the benchmark information selected for the scan.
The report also provides a graphical representation (pie charts and bar graphs) of the various rules and their
results so you can see at a glance how closely your Vblock System is to being compliant.
35
The compute, network, storage, and management components are logical groups of physical
components and are not actual physical components themselves.
The sub-components within the compute, network, storage, and management components. For
example, a sub-component can be a chassis, disk array enclosure, fan, storage processor, or data
mover.
Each component and sub-component in the Vblock System reports an operationStatus, or operStatus. VCE
Vision System Library creates a calculatedStatus based on the operationStatus and a set of VCE-defined
best practices. In this way, the calculatedStatus provides an assessment of the impact the operationStatus
has on the overall system health.
Compute
Fabric Interconnects
Network
Catalyst switches
Nexus switches
Nexus 1000v
MDS switches
Storage
36
VNXe
VMAX (including the optional VNX VG2 Gateway and VNX VG8 Gateway)
VPLEX
Management (AMP-2)
37
Vblock
Compute
ComputeServer
FabricInterconnect
FabricModule
FabricPort
ComputeChassis
OperatingSystem
ProcessorUnit
Storage
StorageProcessor
DiskArrayEnclosure
DiskProcessorEnclosure
DataMoverChassis
ControlStationEncl
Disk
NetworkChassis
SwitchChassis
ExpansionModule
FixedSlot
FixedModule
FibreChannelPort
GigabitEthernetPort
StackPort
Note: The Plug-in for vCenter exposes a subset of the objects discovered by the API for
System Library.
API for System Library
SNMP
The health status is not directly exposed in the Adapter for vCOPs. Rather, the Adapter
for vCOPs uses the health status to provide a health score which ranges from 0 to 100.
For more detailed information, see the VCE Vision Intelligent Operations Version 2.0
Adapter for vCenter Operations User Guide.
38
39
The following methods are used to calculate the health of a Vblock System and its components:
This method...
Is used when...
Processing performed
Example
Percentagebased
There are
homogeneous
components that
serve as a resource
pool.
Local disks on a
blade server (RAID
0)
1+1
Redundancy
N+1
Redundancy
Weighted
40
There is a pair
of components
where only one unit
is required to be
functional and the
other is a backup.
Description
Operable
Minor
Degraded
Major
Critical
Inoperable
The Vblock System, or a component of the Vblock System, is not operating by design
or a failure has occurred.
Not Applicable
One or more components does not report health status to System Library.
This status occurs when components are disabled or excluded from health
monitoring. This status does not affect the overall health of the Vblock System.
41
By default, call-home notifications for EMC VPLEX are disabled. As a result, System Library does not
receive events from EMC VPLEX. Likewise, you do not see any events for EMC VPLEX in the VCE
Vision event monitor page. You must enable call-home notifications to see events from EMC
VPLEX. Refer to EMC VPLEX documentation for instructions.
To see the events that the Vblock System components generate, do the following:
1.
42
43
44
Software
Name of log
Contents
FM Agent
FMAgent.log
snmpd.log
jsadkagt.log
netsnmp.log
syslogs
server.log
FMEvent.log
FMServer.log
boot.log
compliance-server.log
configcollector
collector.log
Postgres
postgresql-day.log
RabbitMQ
rabbit@fm11deploy02-sasl.log
JBoss
rabbit@fm11deploy02.log
shutdown_log
shutdown_err
startup_log
startup_err
CAS
cas
Cisco
firstboot
firstboot log
subsequentboot
subsequentboot logs
vami
VMware
45
46
Software
Name of log
FM Agent
FMAgent.log
/opt/vce/fm/logs
Note: The FMAgent.log file can also
be accessed at
/var/log/slib/fmagent.
snmpd.log
jsadkagt.log
netsnmp.log
JBoss
syslogs
/var/log/messages-yyyymmdd
server.log
/opt/jboss/standalone/log
or
/var/log/slib/jboss
FMEvent.log
FMServer.log
compliance-server.log
boot.log
configcollector
collector.log
/opt/vce/backup
Postgres
postgresql-day.log
/var/log/pg_log
or
/var/log/slib/pg_lg
RabbitMQ
rabbit@fm11deploy02-sasl.log
/var/log/rabbitmq
or
/var/log/slib/rabbitmq
rabbit@fm11deploy02.log
shutdown_log
shutdown_err
startup_log
startup_err
CAS
cas
/opt/jboss/standalone/log
Cisco
VMware
firstboot
/opt/vmware/var/log
or
/var/log/slib/vmware
subsequentboot
vami
/fmagent
/jboss
/pg_log
/vmware
47
48
/rabbitmq
adapter
agent
configcollector
dblog
master
rabbitmq
serverlogs
subagent
syslog
vmware
The export-fm-logs script creates a file called hostname-currentdate-currenttime.tar.gz file and exports it to the
/opt/vce/fm/backup directory. You can specify a directory if you do not want to use the default directory.
The script collects the current log files, by default. However, you can collect a subset of the logs that were
generated during a certain time frame, in number of days, hours, or minutes from the current time.
Before you begin
If you do not want to use the default file name, you will need a name for the tar.gz file.
If you are collecting a subset of log files for a certain time frame, for example, from the last three days
or the last five hours, you will need to know the time frame from which the logs should be collected.
The starting point is the current time.
49
Procedure
1. Start an SSH session to the VCE Vision virtual machine and log on as the root user.
2. To export the log files into a single file, type export-fm-logs [-f <archive_file_name>][-s <agent,
master, adapter, subagent, syslog, serverlogs, dblog, rabbitmq, vmware, configcollector all>][t <timestamp> [d|D] [h|H] [m|M]
[-h][-v]
where:
-f Specifies the name of the compressed gz file to export. The default is <hostname>-<current_date><current_time>.tar.gz.
-s Specifies the log file to be collected for one or more System Library services. The options are
<agent, master, adapter, subagent, syslog, serverlogs, dblog, rabbitmq, vmware,
configcollector, all>. The default is all. Use a comma to separate multiple options
-t Collects log files created or modified using a specified timestamp.
Timestamp option <timestamp> [d|D - for days][h|H - for hours][m|M - for minutes]
This option collects a subset of log files based on time. The starting point is always the current
time. For example, to collect log files from the last two days, you would specify 2D.
-h Displays the usage help
-v Displays the version
50
Description
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
51
By default, the log file is rotated when the file size reaches 10 MB.
By default, the log file is rotated daily, but this can be changed to weekly or monthly.
By default, four rotate log files are kept, but this can be changed to reflect your needs.
Procedure
1. Start an SSH session to the VCE Vision virtual machine and log on as the root user.
2. Open the /etc/logrotate.d/syslog file:
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
/opt/vce/fm/logs/snmpd.log
/opt/vce/fm/logs/jsadkagt.log
/opt/vce/fm/logs/netsnmp.log
{
missingok
notifempty
# Rotate the log file when file size reaches 10M
size 10M
# Rotate the log file daily
daily
# Compress the rotated log file
compress
# Dont compress until the next time the log is rotated.
# Should be used along with compress option
delaycompress
# limit the number of log file rotation
rotate 4
sharedscripts
postrotate
52
Whether or not the log file will be compressed the next time it is rotated.
The number of rotated log files to maintain. The default number is four.
53
-l host-ip [port] Lists the configured syslog forwarding entries. Specifying the host-ip [port] lists the
specific entry for the IP address of the syslog server and the port where the syslog server is
accepting syslog messages. If no option is specified, all entries that are configured will be listed.
-d host-ip [port] Deletes an entry for forwarding syslog messages to a syslog server.
-a host-ip [port] [options] Adds an entry for forwarding syslog messages to a syslog server. The
values for the options keyword are:
o
WorkDirectory= <location> The location for spool files. The default location is
/var/rsyslog/work.
ActionQueueFileName= <name> A unique prefix name for spool files. The default is the IP
address and port of the syslog server.
ActionQueueType=[FixedArray|LinkedList|Direct|Disk]
FixedArray - Uses a fixed, pre-allocated array that holds pointers to queue elements.
LinkedList - Uses asynchronous processing. This is the default.
54
Protocol=[UDP|TCP] The network protocol to transfer syslog messages. The default is TCP.
See Filters for forwarding syslog messages for the facility type and severity
level values.
-u host-ip [port] [options] Updates an entry for forwarding syslog messages to a syslog server.
The values for the options keyword are listed in the -a parameter description.
55
Filter
Value
Description
Facility type
auth
authpriv
daemon
Clock daemon
cron
System daemons
ftp
FTP daemon
lpr
kern
Kernel messages
Mail system
news
syslog
Services messages
user
uucp
local0
...
local7
emerg
alert
crit
err
warn
notice
info
debug
none
Severity level
56
/etc/snmp/snmpd.conf
/etc/logrotate.d/syslog
/etc/srconf/agt/snmpd.cnf
System Library administrative, configuration, and model database schemas and data files
In addition, after the Vblock System is up and running at your site, VCE Vision automatically backs up that
information daily at 12:00 AM and creates a single tar.gz file that includes backups of the files listed above.
You can change the time the back up runs and you can also run a back up on demand. For more information,
see Changing the VCE Vision backup schedule and Backing up the VCE Vision configuration files on demand.
By default, a maximum of the last seven backup snapshots are stored in a single tar.gz file in on the VCE
Vision virtual machine. You can move a copy of the backup files to a remote site for compliance and disaster
recovery.
57
Description
Procedure
Use the following procedure to change a scheduled backup of the System Library configuration files:
1. To view the current System Library configurations backup information, type crontab -l in the /var
partition.
[root@slib-auto-test4 var]# crontab -l
00 00 * * * /opt/vce/fm/install/backupConfig.sh > /dev/null 2>&1
2. Using the default vi text editor, type crontab -e and edit the cron job.
Note:
58
The cron job defaults to daily if you do not indicate a parameter for the day of the week,
month of the year, and day of the month fields.
59
-d <backup location> Specifies the root location for the backup file.
Note:
-p <prefix of dir name> Specifies the prefix of the backup directory name. For example, if the
prefix is slib, the directory name of the backup is:
/opt/vce/fm/backup/snapshots/slib2013_01_02_00_00.
-n <number of backups> Specifies the number of backups to keep. By default, a maximum of the
last 7 backups are kept in /opt/vce/fm/backup/snapshots.
The following example shows output after executing the sh backupConfig.sh command.
[root@slib-auto-test4 install]# sh backupConfig.sh -n 5
initialize /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup...
======================================================
backup slib configurations: /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup
-------------------------------------------------------------------------------| Backup jboss configuration
-------------------------------------------------------------------------------backup Jboss /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup...
Vault Key Store needs to be done
backup Jboss /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup done
-------------------------------------------------------------------------------| Backup FMAgent
-------------------------------------------------------------------------------backup FMAgent /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup...
========================================
Exported following Vblock (TM) Monitor config files
========================================
/opt/vce/fm/conf/vblock.xml
/opt/vce/fm/conf/vblock-vantageVB300.xml
60
...
.
.
.
4. To view the backup file information, check the backup.log file in /opt/vce/fm/backup/snapshots. The
following example shows initial sample output.
[root@slib-auto-test4 snapshots]# cd /opt/vce/fm/backup/snapshots/2012_12_31_15_24
[root@slib-auto-test4 2012_12_31_15_24]# ls
backup.log backup.tar.gz backup.tar.gz.md5
[root@slib-auto-test4 2012_12_31_15_24]# cat backup.log
===============================================================
backup slib configurations: /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup...
-------------------------------------------------------------------------------| Backup jboss configuration
-------------------------------------------------------------------------------backup Jboss /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup...
backup Jboss /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup done
-------------------------------------------------------------------------------| Backup FMAgent
-------------------------------------------------------------------------------backup FMAgent /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup...
backup FMAgent /opt/vce/fm/backup/snapshots/2012_12_31_15_24/backup done
.
.
.
61
The restore process stops the VCE Vision FM Agent and JBoss services.
1.
Start an SSH session to the VCE Vision virtual machine and log on as the root user.
2.
Note:
If you do not specify a snapshot to import, the console displays a list of available snapshot
files. Enter the number associated with the snapshot file that you want to import.
[root@slib-auto-test4 install]# sh restoreConfig.sh
-----------------------------------------------------------------------------choose the snapshot to restore
1) 2012_12_28_16_54 3) 2012_12_28_16_29 5) quit
2) 2012_12_28_16_31 4) 2012_12_28_00_00
#? 1
62
4. The console displays package information and a warning message similar to the following output.
Enter 1 to proceed or 2 to cancel the restore process.
Note:
Proceeding with the restore process automatically restarts the System Library FM Agent and
JBoss services.
---------------------------------------------------------------------------| WARNING!!
---------------------------------------------------------------------------This restoration will shut down Jboss and FMAgent applications
and overwrite current configurations
---------------------------------------------------------------------------Do you really want to restore
/opt/vce/fm/backup/snapshots/2012_12_21_05_00/backup.tar.gz?
1) Yes
2) No
#?1
5. To view information for the restored System Library configuration files, navigate to the
opt/vce/fm/backup/restore_logs/restore <snapshot_file name>.log file.
63
Perform daily backups of the VMware vCenter SQL Server database every four hours. This coincides
with server daily backups at 3, 7,11 AM and 3,7,11 PM.
For more detailed information, see the Administration Guide for the Vblock System you are managing.
64
The Vblock System configuration collector creates a copy of the configuration files for the following
components and stores the files in the collector.log file in the following directories:
/opt/vce/backup/compute
/opt/vce/backup/network
/opt/vce/backup/storage
/opt/vce/backup/amp2/compute
Vblock System
Component
65
Vblock System
Component
Cisco Nexus 5000
Cisco Nexus 1000V
Cisco UCS fabric interconnect
EMC Symmetrix VMAX
Management server(s)
Note:
Due to storage array limitations, the Vblock System configuration collector does not backup the
configuration files on a VNXe. For detailed instructions on how to backup the configuration files of a
Vblock System 100, refer to the VCE Vblock System 100 Gen 2.1 Administration Guide.
Note:
The Vblock System configuration collector tool does not back up the configuration files for the VMware
components. For information on how to protect the VMware components, see Best Practices. (Insert
link to section below)
By default, the Vblock System configuration collector runs automatically at 1:30 AM and 1:30 PM. The
retention period range is 3 to 30 days with the default set at seven days. If necessary, you can modify the
retention period using the collectConfig.sh command in the /opt/vce/fm/bin directory.
66
Best Practices
Move the files off site on a daily basis
The Vblock System configuration collector tool creates copies of the configuration files, but it is the
responsibility of the customer to move the files to an off site location on a daily basis. This procedure can be
done using the standard operating procedures for the data center.
To simplify this process, VCE Vision provides a REST resource that gathers every configuration file within a
Vblock System that is needed to restore the system. The resource produces a single ZIP file that contains all
the files under /opt/vce/backup. The ZIP file preserves the directory structure from the /backup directory.
Procedure to collect the Vblock System configuration files using the REST
resource
1. Open a Web browser.
2. In the address line, enter the following URL:
https://{sLib-host}:8443/fm/configcollector
Where sLib-host is the FM Agent host name (Vision server). The host name is case sensitive.
3.
When asked for login credentials, enter the username and password for CAS authentication on the
System Library.
4. The resource produces a single ZIP file that contains all the files under /opt/vce/backup. The backup
ZIP file contains the following files:
67
68
Troubleshooting
Troubleshooting
Starting the System Library Agent
Use this procedure to start the System Library FM Agent services.
Procedure
1. Start an SSH session to the VCE Vision virtual machine and log on as the root user.
2. To start the System Library FM Agent services, type startFMagent. The console displays the
following output when the System Library FM Agent services are started successfully.
[root@vcops-38 ~]# startFMagent
Enabling FMagent services to start automatically...
Waiting for the FMagent services to start......................................
vce-fm-master is running (pid=8937 )
vce-fm-adapter is running (pid=9526 )
vce-fm-agent is running (pid=9822 )
vce-fm-net-snmpd (pid=9237 ) is running
vce-fm-naaagent is running (pid=10151 )
Note:
For information about interpreting and resolving possible error messages after starting the
System Library FM Agent services, refer to the VCE Vision Intelligent Operations Version
2.5 Release Notes.
69
Troubleshooting
70
Troubleshooting
JBoss
PostgreSQL 9.1
RabbitMQ Server
rsyslog
vce-fm-master
vce-fm-adapter
vce-fm-agent
vce-fm-naaagent
Note:
For information about PostgreSQL 9.1 and RabbitMQ, refer to http://www.postgresql.org/ and
http://www.rabbitmq.com/.
Procedure
1. To view the current running status of a VCE Vision service, type service <service_name> status.
The following sample output shows that the rsyslog and JBoss services are running.
root@slib-auto-test1 fm]# service rsyslog status
rsyslogd (pid 11689) is running...
[root@slib-auto-test1 fm]# service jboss status
jboss-as is running (pid 11992)
2. To view the current running status of all System Library services, type service --status-all.
71
Troubleshooting
Description
vce-puppet-disable.pp
vce-puppet-enable.pp
vce-puppet-stop.pp
vce-puppet-start.pp
72
Troubleshooting
You can use either the getFMagentInfo or rpm -qi FMagent command to display the
information. The getFMagentInfo command was used to get the results in the following
example.
Name
: FMagent
Relocations: (not relocatable)
Version
: 2.5
Vendor: VCE
Release
: 6100
Build Date: Fri Feb 1 11:26:45 2013
Install Date: Fri Feb 1 12:19:41 2013
Build Host: fmdev08.iaas.lab
Group
: VCE Applications/System
Source RPM: FMagent-Cannes.0-6100.src.rpm
Size
: 47184355
License: Commercial
Signature
: (none)
URL
: http://www.vce.com
Summary
: VCE FMagent
Description :
VCE FMagent for System Library Integration
73
Troubleshooting
2. To see the public key that was used when signing the RPM packages, type rpm qi gpg-pubkeyd99b5d06-52c5ba0e:
[root@slib-auto-test16 ~]# rpm qi gpg-pubkey-d99b5d06-52c5ba0e
Distribution: (none)
Name
: gpg-pubkey
Relocations: (not relocatable)
Version
: d99b5d06
Vendor: (none)
Release
: 52c5ba0e
Build Date: Tue 07 Jan 2014 03:51:05 PM EST
Install Date: Tue 07 Jan 2014 03:51:05 PM EST
Build Host: localhost
Group
: Public Keys
Source RPM: (none)
Size
: 0
License: pubkey
Signature
: (none)
Summary
: gpg(VCE PE Build Release <pebuildrelease@vce.com>)
Description :
-----BEGIN PGP PUBLIC KEY BLOCK----Version: rpm-4.4.2.3 (beecrypt-4.1.2)
mQENBFLFug4BCACzBLZKvsMD6Rm7e6bz+i7uu8U+6qCMjqBsHfwdHVBeW4h9CE2BMOh3A74l
rTgMVbJmii6w3D9qWw6rpzGQznycn4+CKClJTyfhzNa/YGtAwF41a7b0mmcnkPOA17woudEO
k31Z7UCMFO0NsYhSBh88AsjNbVztNwZBW8T+t4eGAnp1q15ohj07Gi3+KoICLDUv/n4RQRS8
alBpYNH13+dTFYZzA7X+uQb49SK7Qnsf6bU97JXPj/OaMXgKy2jeoD9jF4f3PGDGV+uypoUL
MU9STARI7sSMTCK5zT+JHdBtyYnlD2ZtPYptJmPgH3c78uoqQJN1FLnmY6lqNVLnwbefABEB
AAG0LVZDRSBQRSBCdWlsZCBSZWxlYXNlIDxwZWJ1aWxkcmVsZWFzZUB2Y2UuY29tPokBOAQT
AQIAIgUCUsW6DgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ4BeS49mbXQacUgf/
Ry5M+OZLzK2Jaqe6HV322pnNYwyKGhTftkSiD9RL2n/eSm3Fn79Srz4w/GtQ3c16r+ER0wIR
74
Troubleshooting
ZGnfKjP8hcge8nrI3c6+fdwkCMb9lp8QK7CMZ4pKHZAPG2M/1fMpKQERu+pPRH76Eh6f8hAv
E2lGgFyLp7KIgbHAGB5RcELgaOGsrAgz8bbHbSPtg+yAJG2GoxfqlIeKYQ+rAhQcdntfiCPj
IhVJ2dnN6rySUfKnADJ/Pu2CFYIXYJjK7a3BRE0uZEo8oQvLr2yoW1JKLSvSb3QJ15Xs4S5+
8PQtoGI0xcIV68p4Q43A6RJiUZz+ebYBRIgbn3ylVmB/CPSdasC+QrkBDQRSxboOAQgAnMmn
BOFkrPXDgHk2R2+w2F/SXpEgfXecsgUOet2/otUx9nCcENw2Zzia720Aeyyh5VO7TXjaoZ/l
oB3CoqhA7/Golzu2GW60tRCi3RHOpR4jqkVqZ9jHRY0LFAi4xroulv/HT+TfQCbIhxvhyeKt
GnGAY2Ivm8ZX6vgZN0MhHAz0OZQ8Ra2kgKjzQmREb3W3z3SJ/OZn+qr9x34o3JJiWuBz+Fsy
fQzvlZzrUWQcKELemKA5J+rrJxx2/KNL8WqzFObcv0ZefbZIsA4RMmaGzar2sm6FazSnmv0j
j958AUn6xePFlx2RRGxgMk96I/IYBMQwifa6wF0x96VBHDj0HQARAQABiQEfBBgBAgAJBQJS
xboOAhsMAAoJEOAXkuPZm10GFhYH/21ub91DARtf56CA4oEmzRmitl/kguVVI2FY+WpK/OPo
UrHeiXrpN3oniZ6kft1zHFbSgKntJTQtg5CuvIAtiVYIOwIa4L5MgOyPudPiuPhPR3DHvDOQ
fx8dqC6pTJV5xVEUOx+F8L2KzikakYkqjoi3VG8y5EF82DkvHLUjkmPlGA2fLryIWLYACRrE
xBdwHHYvWGE7gEQJT6Mm+19/VgVfcy9w7m8wEoF3hiuLZINb4/If6xuUcj/C0VtXengA1RxG
MDh2ueU6grAwjeP2AU99e26vYqNaaktj/fNBWJxNQi0bGs0st3PCRaco+Dcxms6LOKJBoLrZ
YtUDmrsLx/U=
=xvPp
-----END PGP PUBLIC KEY BLOCK-----
75
Appendix
Appendix
System Library utilities
This following list of utilities can help you manage the System Library.
Utility name
Function
More details
configureSNMP
Logrotate
Puppet
setSNMPParams
export-fm-logs
getFMagentInfo
startFMagent
stopFMagent
export-fm-sh
import-sh-config.sh
76
Appendix
TCP ports
ssh
SNMP
port 161
port 162
RabbitMQ
port 4369
port 5672
SMI
port 22
port 5999
Jboss
port 8443
77
Appendix
UDP ports
SNMP
port 161
port 162
syslog
78
port 514
Appendix
ABOUT VCE
VCE, formed by Cisco and EMC with investments from VMware and Intel, accelerates the adoption of converged infrastructure and
cloud-based computing models that dramatically reduce the cost of IT while improving time to market for our customers. VCE,
through Vblock Systems, delivers the industry's only fully integrated and fully virtualized cloud infrastructure system. VCE solutions
are available through an extensive partner network, and cover horizontal applications, vertical industry offerings, and application
development environments, allowing customers to focus on business innovation instead of integrating, validating, and managing IT
infrastructure.
For more information, go to www.vce.com.
2014 VCE Company, LLC. All rights reserved. VCE, VCE Vision, Vblock, and the VCE logo are registered trademarks or trademarks of VCE Company, LLC, and/or
its affiliates in the United States or other countries. All other trademarks used herein are the property of their respective owners.
80