Table of Contents

Requirements

System Requirements

Veritas File System KM for PATROL supports the following operating systems:

Operating System Version
AIX 5.1 and higher
HP-UX 11 and higher
Linux All distributions
Oracle Solaris 8 and higher

Software Requirements

Veritas File System KM for PATROL supports:

Software Version
Veritas Infoscale (Veritas File System) 6.0 and higher
BMC PATROL Agent Any version
BMC PATROL Console Any version
BMC ProactiveNet Performance Management 9.5 and higher
BMC TrueSight Operations Management 10 and higher
BMC Helix Operations Management 20 and higher
Java 1.8 and higher
When running the KM on… Fix
BMC PATROL Agent 11.0.00 on Windows BMC patch 11.0.00.01: Patch 1 for BMC PATROL Agent 11.0.00 must be installed.

For the Access Control List (ACL)

The KM stores all configuration information in the PATROL Agent configuration database (pconfig), under the /VFS/<node-id> and /Runtime/VFS/<node-id> paths. PATROL Agent user (default: patrol) should be able to read and write to these pconfig variables any time. If Access Control List (ACL) is used to control which users are authorized to connect to a PATROL Agent, please make sure that the mode for PATROL Agent user includes “C” in the PATROL Agent variable /AgentSetup/accessControlList. Please refer to the PATROL Agent Reference Manual for more details.

Security Requirements

A user account with administrative privileges must be configured in BMC PATROL or BMC TrueSight Operations Management to read and execute Veritas File System application programs and access file systems. Depending on the operating systems used, several options will be available.

The following user accounts can be used on UNIX/Linux platforms:

  • a root user
  • a non-root user, such as patrol, that has Sudo privileges on VxFS to execute application programs and access file systems

The user login details are configured in the KM. The password is encrypted and stored in the PATROL Agent.

This user needs read & execute permission to executable and library files under the paths listed below:

Here are the executable and library paths accessed by the Veritas File System KM User:

  • /opt/VRTS/bin
  • /opt/VRTS/lib

The Veritas File System KM includes some scripts which should be executable by the PATROL Agent user and the Veritas File System KM user. These scripts are stored under KM_HOME path, normally <PATROL_HOME>/lib/VFS.

Here are the paths and files accessed by the Veritas File System KM:

  • /var/adm/messages (on Solaris)
  • /var/adm/syslog/syslog.log (on HP-UX)
  • /var/log/messages (on AIX and Linux)
  • /etc/vfstab (on Solaris)
  • /etc/fstab (on HP-UX and Linux)

Sudo User Settings

If a non-root user with sudo privileges is preferred as the KM user, configure the account as a sudoer through the visudo utility using the entry below. The KM accepts any non-root user with the following or equivalent sudo configuration in the sudoers file.

User_Alias VFSKMUSERS = <vfs-km-user>
Defaults:VFSKMUSERS !lecture,!authenticate,!requiretty,env_keep+="PATH INSTALL_PATH KM_HOME KM_TEMP",env_reset
VFSKMUSERS ALL=/bin/cat,/usr/bin/du,/opt/VRTS/bin/*

<vfs-km-user> must be replaced with username used by the KM.

If there is a secure_path defined in the sudoers file, all binary paths listed in the sudoers file above should be listed:

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/opt/VRTS/bin

This KM user should be able to execute required VxFS and Operating System commands on the command line with just the sudo prefix to the command, without any sudo authentication. For example, the following commands show how to test the sudo settings:

[patrol@rt-iscale-lx1 ~]$ export PATH=/sbin:/bin:/usr/sbin:/usr/bin:/opt/VRTS/bin
[patrol@rt-iscale-lx1 ~]$ sudo vxstat -v -f sf -g testdg
                                         OPERATIONS          BLOCKS           AVG TIME(ms)     MIN(ms)     MAX(ms)    FAILED
TYP NAME                                 READ     WRITE      READ     WRITE   READ  WRITE   READ  WRITE   READ  WRITE      READS    WRITES
vol vol01                                 135       224      2259     70056   0.89  10.34   0.32   0.41   5.00  23.08         0         0
vol vol02                                   0         0         0         0   0.00   0.00   0.00   0.00   0.00   0.00         0         0
vol vol03                                   0         0         0         0   0.00   0.00   0.00   0.00   0.00   0.00         0         0

Here the KM user patrol is able to run the VxFS command vxstat using sudo without a password prompt and keep the user’s PATH settings inside the sudo.

This PSL code can be used to list all commands used by Veritas File System KM once the KM is installed. The commands that require sudo privileges are listed separately, if you prefer to restrict the sudoers entry to only those commands.

Warning! This non-root sudo user configured in the KM will be able to execute Veritas File System commands. To prevent unauthorized access, ensure this user is only used within the KM and not made public for general use.
Warning! Entering the non-root sudo user with ‘Use Sudo’ option selected into the login configuration dialog, before updating the sudoers file, will generate sudo errors. Also if the sudo user is configured differently, the KM may run sudo commands using incorrect sudo settings, which may expose the sudo user password.

Listing the Commands

To list all OS and VxFS commands used by the Veritas File System KM, execute the following PSL code from the PATROL Console, using PSL Task menu, after installing and loading the KM.

foreach var (grep("^/Runtime/VFS/.*CommandControls/",pconfig("LIST")))
{
	ctl=get(var);
	opt=ntharg(grep("Option",ctl),"2-"," =");
	nsa=ntharg(grep("NoSudoAttempt",ctl),"2-"," =");
	sua=ntharg(grep("SingleUserAttempt",ctl),"2-"," =");
	typ=ntharg(grep("CommandType",ctl),"2-"," =");
	cmd=nthargf(grep("CommandText",ctl),"2-","=","=");
	if(osp=="") { osp=trim(nthargf(grep("OSPlatform",ctl),"2-","=","="), " "); }
	fields=lines(ntharg(var,"1-","/"));
	old_host=host;
	host=(fields == 5)? ntharg(var,"3","/") : "localhost";
	if(host!=old_host)
	{
		if((osp!="WINDOWS") && sudoers) { printf("\n\nCommands used with sudo:\n%s",sort(sudoers)); }
		printf("\n\nOn %s:\n\n", host);
		i=0; sudoers=""; osp="";
	}
	if((typ == "")||(typ == "OS"))
	{
		met="";
		if(opt == "NoLogin") { met = "(run as patrol user)"; }
		elsif(nsa == "YES") { met = "(run as configured user without sudo)"; }
		elsif(sua == "YES") { met = "(run as supplied user - used in menu)"; }
		else
		{
			scmd=cmd;
			s=index(scmd,"%sudo");
			if(s) { scmd=replace(substr(scmd,s,length(scmd)),"%sudo",""); }
			sudoers=union(sudoers,ntharg(ntharg(scmd,1,">|"),"1-"," "," "));
		}
		printf("(%2d) %-30s %-40s: %s\n",i++,ntharg(var,fields,"/"),met,cmd);
	}
}
if((osp!="WINDOWS") && sudoers) { printf("\n\nCommands used with sudo:\n%s",sort(sudoers)); }

Disk Space Requirements

Veritas File System KM requires approximately:

  • 2.5 MBytes of available disk space on each monitored PATROL Agent system
  • 3.5 MBytes of available disk space on each PATROL Console system
  • 600 KBytes of available disk space on each PATROL Central Console Server system
  • 1.4 MBytes of available disk space on each PATROL Central Web Server system

It is installed under the PATROL installation path.

When monitoring a standard installation of Veritas File System, the PATROL Agent will generate approximately 250 KBytes of history data per day. An enterprise installation of Veritas File System on a VxFS node with multiple file systems, quick I/O files and quotas will generate more history data (as per other KMs used by the PATROL Agent). These history data files are recycled by PATROL depending on the PATROL Agent history retention period.

During execution, the KM creates and maintains temporary files under KM_TEMP(default: <PATROL_HOME>/lib/VFS/tmp) and KM_DEBUG (default: <PATROL_HOME>/log) paths, where <PATROL_HOME> path is usually /opt/bmc/Patrol3/ (on UNIX/Linux) or C:\Program Files\BMC Software\Patrol3\ (on Microsoft Windows). Please make sure you have sufficient space under these paths. These folders should have read, write and execute permissions for the PATROL Agent user.

Remote Monitoring Requirements

Remote monitoring is required for all servers on which no PATROL Agent can be installed. This feature is also interesting if you lack resources or time to deploy a PATROL Agent and Veritas File System KM on several servers since it allows to monitor multiple hosts from one agent.

Remote monitoring is not possible from a UNIX/Linux PATROL Agent system to a Windows-based VxFS server.

Please refer to the sections below to find out the remote monitoring requirements:

Java Runtime Environment

Veritas File System KM requires Java 1.8 or higher and a Java Runtime Environment (JRE) to be installed on the same system that runs the PATROL Agent.

The KM will automatically detect the JRE path if it has been installed in the default location or under the BMC PATROL Agent installation path. If it has been installed in a different location, you will have to set JAVA_HOME for the PATROL Agent default account before starting the PATROL Agent.

You can download the Java Runtime Environment along with the KM on Sentry Software Web site.

SSH/WMI Connection

An SSH (UNIX/Linux platforms) or a WMI (Windows platforms) connection is required to monitor remote VxFS servers. When using an SSH connection, the SSH host key authentication, which is enabled by default on most VxFS servers, must be disabled on the remote host.

To disable the SSH host key authentication:

  1. Open the global SSH configuration file (ssh_config) stored in the /etc/ssh/ directory on the remote host
  2. Add the line StrictHostKeyChecking no
  3. Save the file.
Keywords:
high-availability vxfs km patrol
No results.