How much can you find out about a HP-UX process?

31 January 2009 1 Comment

The answer to this question can be important many times. Let’s take some examples of what can be done to find out all we can about a particular process.

There are, of course, simple things that can be done. Let’s take midaemon as an example. From the command line, we can find out where it is, what it is, and some description of it:

# type midaemon
midaemon is /opt/perf/bin/midaemon
# what `which midaemon`
/opt/perf/bin/midaemon:
        midaemon       C.04.70.000  10/03/07 HP-UX 11 =*=
# file `which midaemon`
/opt/perf/bin/midaemon: ELF-32 executable object file - IA64
# ldd `which midaemon`
        libpthread.so.1 =>      /usr/lib/hpux32/libpthread.so.1
        libIO.so =>     /opt/perf/lib/hpux32/libIO.so
        libc.so.1 =>    /usr/lib/hpux32/libc.so.1
        libdl.so.1 =>   /usr/lib/hpux32/libdl.so.1
# man midaemon
# cd /sbin/init.d
# grep midaemon
# cd /etc/rc.config.d
# grep -i midaemon *
# swlist -l file | grep midaemon
  MeasurementInt.MI: /opt/perf/bin/midaemon
  MeasurementInt.MI: /opt/perf/man/man1/midaemon.1
  MeasurementInt.MI-JPN: /opt/perf/man/ja_JP.SJIS/man1/midaemon.1
#

This tells us a lot already: it’s part of the performance system (/opt/perf) and is 32-bit and is part of the MeasurementInt package (and has a Japanese man page!). The man page explains the program in detail.

But there’s more. Let’s suppose that lsof is on hand (as it should be!); then we can do this:

# lsof -c midaemon
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF  NODE NAME
midaemon 2198 root  cwd    DIR 64,0x3     8192     2 /
midaemon 2198 root  txt    REG 64,0x5   828932 13799 /opt/perf/bin/midaemon
midaemon 2198 root  mem    REG 64,0x8    19799   956 /usr/lib/tztab
midaemon 2198 root  mem    REG 64,0x8    87900    78 /usr/lib/hpux32/libnss_dns.so.1
midaemon 2198 root  mem    REG 64,0x8   169104   722 /usr/lib/hpux32/libnss_files.so.1
midaemon 2198 root  mem    REG 64,0x8    76236 19454 /usr/lib/hpux32/libdl.so.1
midaemon 2198 root  mem    REG 64,0x8  4929272   695 /usr/lib/hpux32/libc.so.1
midaemon 2198 root  mem    REG 64,0x5   115124 13809 /opt/perf/lib/hpux32/libIO.so
midaemon 2198 root  mem    REG 64,0x8  1505144   734 /usr/lib/hpux32/libpthread.so.1
midaemon 2198 root  mem    REG 64,0x8  1065976 19453 /usr/lib/hpux32/dld.so
midaemon 2198 root  mem    REG 64,0x8   176988 19535 /usr/lib/hpux32/uld.so
midaemon 2198 root    2u   REG 64,0x9     1174 17923 /var (/dev/vg00/lvol9)
midaemon 2198 root    3u   REG 64,0x9     1174 17923 /var (/dev/vg00/lvol9)
midaemon 2198 root    4u   REG 64,0x9    11303 17949 /var (/dev/vg00/lvol9)
midaemon 2198 root    5u   REG 64,0x9    11303 17949 /var (/dev/vg00/lvol9)
midaemon 2198 root    7r   REG 64,0x9    13689  1620 /var/opt/perf/parm

This shows that the working directory is / (root); stdin and stdout are closed (0u and 1u in the FD column); stderr is still open and tied to /var; and there are four other file descriptors open: three on /var and one is the /var/opt/perf/parm file (configuration). We can also deduce that there was another file descriptor opened which is now closed (and would have been 6u).

There is also no network connections open, or pipes, or other things.

The ps output provides more details:

# ps -elf | sed -n '1p; /midaem[.]*on/p;'
  F S      UID   PID  PPID  C PRI NI             ADDR   SZ            WCHAN    STIME TTY       TIME COMD
541 R     root  2198     1  0 -16 20 e00000060de31b80  524                -  Jan 15  ?        28:55 /opt/perf/bin/midaemon

From this we can see it is relatively small (SZ = 524). This example also shows a couple of tricks: using sed this way keeps the header intact (1p) and also matches midaemon without matching the search string.

Using glance, we can find out even more. Using the text mode command glance, first select the process (using the command key s and entering the pid – 2198). Then a view of the current activity by the process is given. In this case, we can see the total size is 51.6Mb (VSS) and in memory size is 44.8Mb (RSS). We can also see that the process appears to be switching voluntarily almost all of the time – that is, it never utilizes its full time slice when scheduled.

From that process summary display, enter the command key M. This provides a detailed memory display of the process – very useful. The various types of memory used by the process are broken down at the bottom in summary: text refers to the program code; data is program data; stack is a working area as well as where function calls are stored; shmem refers to shared memory (memory shared between processes); and other, which is everything else. All these areas are shown explicitly above in the main display.

Using the command key F, we can see again what lsof showed us. With an inode number, we can search for the file explicitly. Using lsof:

# lsof  | sed -n '1p;  / 17949 /p'
COMMAND     PID     USER   FD   TYPE             DEVICE    SIZE/OFF    NODE NAME
scopeux    2150     root    0u   REG             64,0x9       11303   17949 /var (/dev/vg00/lvol9)
scopeux    2150     root    1u   REG             64,0x9       11303   17949 /var (/dev/vg00/lvol9)
scopeux    2150     root    2u   REG             64,0x9       11303   17949 /var (/dev/vg00/lvol9)
scopeux    2150     root    4u   REG             64,0x9       11303   17949 /var (/dev/vg00/lvol9)
scopeux    2150     root    5u   REG             64,0x9       11303   17949 /var (/dev/vg00/lvol9)
midaemon   2198     root    4u   REG             64,0x9       11303   17949 /var (/dev/vg00/lvol9)
midaemon   2198     root    5u   REG             64,0x9       11303   17949 /var (/dev/vg00/lvol9)
# lsof  | sed -n '1p;  / 17923 /p'
COMMAND     PID     USER   FD   TYPE             DEVICE    SIZE/OFF    NODE NAME
midaemon   2198     root    2u   REG             64,0x9        1174   17923 /var (/dev/vg00/lvol9)
midaemon   2198     root    3u   REG             64,0x9        1174   17923 /var (/dev/vg00/lvol9)
#

It would appear that scopeux (another command) is sharing a file with midaemon (inode 17949) on /var, and that inode 17923 is not shared. Since there is no file listed, it is likely that these files were created, then deleted after opening. (The inode remains, but the file is not listed in the directory).

Another useful tool is tusc:

sybil # tusc 2198
( Attached to process 2198 ("/opt/perf/bin/midaemon") [32-bit] )
ki_call(KI_TRACE_GET, 0x40080ab0, 0x80000, 0x7ffff860) ............................................................... [sleeping]
In user-mode ......................................................................................................... [sleeping]
In user-mode ......................................................................................................... [sleeping]
In user-mode ......................................................................................................... [sleeping]
In user-mode ......................................................................................................... [sleeping]
ksleep(PTH_CONDVAR_OBJECT, 0x400108b0, 0x400108b8, NULL) ............................................................. [sleeping]
ki_call(KI_TRACE_GET, 0x40080ab0, 0x80000, 0x7ffff860) ............................................................... = 8
kwakeup(PTH_CONDVAR_OBJECT, 0x400108b0, WAKEUP_ONE, 0x7ffff7c0) ...................................................... = 0
ksleep(PTH_CONDVAR_OBJECT, 0x400108b0, 0x400108b8, NULL) ............................................................. = 0
ki_call(KI_TRACE_GET, 0x40080b50, 0x80000, 0x7ffff860) ............................................................... = 8
kwakeup(PTH_CONDVAR_OBJECT, 0x400108b0, WAKEUP_ONE, 0x7ffff7c0) ...................................................... = 0
ksleep(PTH_CONDVAR_OBJECT, 0x400108b0, 0x400108b8, NULL) ............................................................. = 0
ki_call(KI_TRACE_GET, 0x40080bf0, 0x80000, 0x7ffff860) ............................................................... = 8
kwakeup(PTH_CONDVAR_OBJECT, 0x400108b0, WAKEUP_ONE, 0x7ffff7c0) ...................................................... = 0
ksleep(PTH_CONDVAR_OBJECT, 0x400108b0, 0x400108b8, NULL) ............................................................. = 0
ki_call(KI_TRACE_GET, 0x40080c90, 0x80000, 0x7ffff860) ............................................................... = 8
ksleep(PTH_CONDVAR_OBJECT, 0x400108b0, 0x400108b8, NULL) ............................................................. = 0
kwakeup(PTH_CONDVAR_OBJECT, 0x400108b0, WAKEUP_ONE, 0x7ffff7c0) ...................................................... = 0
ki_call(KI_TRACE_GET, 0x40080ab0, 0x80000, 0x7ffff860) ............................................................... = 8
kwakeup(PTH_CONDVAR_OBJECT, 0x400108b0, WAKEUP_ONE, 0x7ffff7c0) ...................................................... = 0
ksleep(PTH_CONDVAR_OBJECT, 0x400108b0, 0x400108b8, NULL) ............................................................. = 0
( Detaching from process 2198 ("/opt/perf/bin/midaemon") )

The tusc command will show you what the process is doing, and what system calls it is making. If the process can be started from scratch (by restarting the program binary) then a lot of information can be gathered using tusc.

A summary view of this same data can be gotten from glance, using the L command key to show the system calls made and the time spent in each one. Just ask tusc related, in this case ki_call(), ksleep(), and kwakeup() are the three system calls be done.

Again using glance, if you want to see the wait states for the process (reasons the process gives up the CPU to other processes) use the W key command. For midaemon, it shows sleep as the reason for 85% of wait states in this process.

We can look through the binary for even more detail:

# strings `which midaemon` | head -n 7
/var/opt/perf/status.mi
/var/opt/perf/status.mi
/dev/ptym/
@$Header: miflock.c,v 1.2 95/09/27 08:43:20 thierry Exp $
@(#)midaemon       C.04.70.000  10/03/07 HP-UX 11 =*=
-pstat_freq
        4p
# tail -n 30 /var/opt/perf/status.mi
midaemon: Tue Oct 28 23:53:34 2008
Start midaemon       C.04.70.000  10/03/07 HP-UX 11 =*=
midaemon: Wed Oct 29 03:31:41 2008
Stop midaemon - non-permanent/no-client, normal MI termination
midaemon: Wed Oct 29 03:39:56 2008
Start midaemon       C.04.70.000  10/03/07 HP-UX 11 =*=
midaemon: Tue Nov 11 19:10:11 2008
Stop midaemon - non-permanent/no-client, normal MI termination
midaemon: Tue Nov 11 19:21:32 2008
Start midaemon       C.04.70.000  10/03/07 HP-UX 11 =*=
midaemon: Fri Nov 21 21:30:21 2008
Stop midaemon - non-permanent/no-client, normal MI termination
midaemon: Fri Nov 21 21:38:29 2008
Start midaemon       C.04.70.000  10/03/07 HP-UX 11 =*=
midaemon: Fri Nov 28 10:15:28 2008
Start midaemon       C.04.70.000  10/03/07 HP-UX 11 =*=
midaemon: Wed Dec 10 11:41:26 2008
Start midaemon       C.04.70.000  10/03/07 HP-UX 11 =*=
midaemon: Thu Jan 15 21:31:06 2009
Stop midaemon - Commanded MI termination
midaemon: Thu Jan 15 21:42:42 2009
Start midaemon       C.04.70.000  10/03/07 HP-UX 11 =*=
midaemon: Thu Jan 15 21:55:53 2009
Stop midaemon - Commanded MI termination
midaemon: Thu Jan 15 22:03:59 2009
Start midaemon       C.04.70.000  10/03/07 HP-UX 11 =*=

Filed under Debugging, HP-UX Tagged with , , ,

Backup in depth

29 January 2009 Leave a comment

In security circles, there is often talk about “defense in depth.” This refers to the fact that a security system is not relying on a single element to accomplish its goal; the “defense in depth” strategy is a form of remove a single point of failure from security mechanisms. That is, if one element in the security infrastructure goes down (such as firewall collapse) other elements will be waiting to prevent an attacker from entering further.

Backup in depth (my term) is similar. In one environment I was priviledged to be in, the database administrator and I worked out a backup plan like this: each database would be backed up on the machine itself (backup #1); this backup would be saved to a location on a central server for up to 30 days (backup #2); and both the database servers and the central repository would be backed up to tape daily (backups #3 and #4). In at least one case, having the database backup on the local disk saved the database administrator from a long drawn out restore from tape.

When you are backing up your own personal data, this is also a good procedure to follow. Don’t rely just on tape or a remote site. Backup your data in several ways and in several locations (varying by ease of access and completeness of backup).

One could, for example, save your home directory to SpiderOak (the remote backup facility I mentioned earlier) and a copy to an external USB drive. SpiderOak thus provides the space and deep history, and the external drive provides immediate and fast restores that are not dependent on the Internet.

Virtual environments provide an inherint ability to create a “backup in depth” – the host can be backed up (including the virtual environments) and the virtual environments can do a standard backup.

With multiple backups in place, restoring a file should not be a problem in most cases – or restoring entire directories or systems. Isn’t that worth taking some time to accomplish on your personal machines?

Filed under Disaster recovery, Linux Tagged with , ,

HP-UX Boot Disks on Integrity systems (in contrast to PARISC systems)

28 January 2009 Leave a comment

On PARISC-based HP-9000 systems, configuration of system boot disks was simple: the entire disk was used, split apart using logical volumes with LVM. Thus, an HP-9000 system (PARISC) will have a “standard” full disk for the boot disk – such as /dev/disk/disk56 (using the new disk labeling).

However, when using Integrity systems, space must be made at the beginning for EFI and at the end for an HP System Partition – which shows up in HP-UX as a disk with three partitions.

An Integrity system will have several more disks associated with the boot disk (using disk32 as the example):

  • /dev/disk/disk32 – this is the full disk. The disk, however, is split into three parts as described below.
  • /dev/disk/disk32_p1 – this is the EFI partition. When the system boots, it is this partition which loads the EFI data and runs the EFI shell.
  • /dev/disk/disk32_p2 – this is where the HP-UX operating system data is stored. The logical volumes associated with HP-UX will be created here, and /dev/disk/disk32_p2 will be in volume group vg00.
  • /dev/disk/disk32_p3 – this partition is an HP system partition of some sort. It is automatically created during installation.

Thus, if you are on an Integrity system and are attempting to follow some older directions, remember to use the appropriate disk label.

There are tools that are designed for Integrity systems with EFI that will help maintain or document these partitions. First is idisk:

# idisk -p /dev/rdisk/disk32
idisk version: 1.44

EFI Primary Header:
        Signature                 = EFI PART
        Revision                  = 0x10000
        HeaderSize                = 0x5c
        HeaderCRC32               = 0x30a62aae
        MyLbaLo                   = 0x1
        MyLbaHi                   = 0x0
        AlternateLbaLo            = 0x88bb991
        AlternateLbaHi            = 0x0
        FirstUsableLbaLo          = 0x40
        FirstUsableLbaHi          = 0x0
        LastUsableLbaLo           = 0x88bb93f
        LastUsableLbaHi           = 0x0
        Disk GUID                 = 43b615f6-a561-11dd-8000-d6217b60e588
        PartitionEntryLbaLo       = 0x2
        PartitionEntryLbaHi       = 0x0
        NumberOfPartitionEntries  = 0xc
        SizeOfPartitionEntry      = 0x80
        PartitionEntryArrayCRC32  = 0x97c6286c

  Primary Partition Table (in 512 byte blocks):
    Partition 1 (EFI):
        Partition Type GUID       = c12a7328-f81f-11d2-ba4b-00a0c93ec93b
        Unique Partition GUID     = 43b61920-a561-11dd-8000-d6217b60e588
        Starting Lba Lo            = 0x40
        Starting Lba Hi            = 0x0
        Ending Lba Lo              = 0xf9fff
        Ending Lba Hi              = 0x0
    Partition 2 (HP-UX):
        Partition Type GUID       = 75894c1e-3aeb-11d3-b7c1-7b03a0000000
        Unique Partition GUID     = 43b6195c-a561-11dd-8000-d6217b60e588
        Starting Lba Lo            = 0xfa000
        Starting Lba Hi            = 0x0
        Ending Lba Lo              = 0x87f37ff
        Ending Lba Hi              = 0x0
    Partition 3 (HPSP):
        Partition Type GUID       = e2a1e728-32e3-11d6-a682-7b03a0000000
        Unique Partition GUID     = 43b61970-a561-11dd-8000-d6217b60e588
        Starting Lba Lo            = 0x87f3800
        Starting Lba Hi            = 0x0
        Ending Lba Lo              = 0x88bb7ff
        Ending Lba Hi              = 0x0

Be careful in using idisk, as you can completely destroy your data easily with idisk, and even render your machine unbootable.

Then there are a number of utilities to work with the EFI partition; these are:

  • efi_fsinit – initialize EFI partition;
  • efi_cp – copy EFI files to and fro;
  • efi_mkdir – make a directory on a EFI partition;
  • efi_ls – list files on a EFI partition;
  • efi_rm – remove files on an EFI partition; and
  • efi_rmdir – remove a directory from an EFI partition.

These commands are further documented in efi(4) and in their respective man pages.

Filed under HP-UX, Storage Tagged with , , , , , , , , ,

RAID is not a backup!

27 January 2009 5 Comments

This post describes the authors experience, almost losing his data on a RAID disk set. He also gives good details on why RAID is not a backup and how he rectified the situation. Remember: RAID is not a backup!

When working with corporate systems, a complete, reliable, and tested backup system is important. RAID does not protect you against many (or even most) disasters that could happen.

RAID is designed to protect against one thing: disk failure. It does not protect against user error, operator error, site destruction, and many more possibilities.

So how do I back things up? I must admit, I’ve improved my backup strategies of late. I currently have several tools that I use and would recommend to you:

  • SpiderOak. This is an online backup service which offers the first 2Gb backup free. They also maintain multiple version backup, so if you want a file from two versions back, it’ll still be there. This service is worth paying for, I’d say.
  • For my Mac, I’ve used PsyncX periodically (albeit not automated). It has come in handy more than once as my laptop died several times – I’ve one of those iBooks that was notorious for video hardware that failed annually (and Apple would fix for free, but never admitted fault). If you’ve a Mac, get an external drive and use PsyncX to save your home directory off. Also recommended: put your applications in your home directory, not the system directory: restoring your home directory will then be enough to get your applications back.
  • For UNIX, the similar alternative to PsyncX is rsync: again, get an external drive and save your home directory off to it regularly.
  • Also, come at it from the other direction: save your configuration by putting it into a cfengine or puppet setup and saving that as well. If the machine fails, running cfengine or puppet on startup will restore the system to its original state.
  • One other item – that may seem a bit unusual – is using Thinkfree Office. Thinkfree Office gives you a way to save documents locally and have them mirrored in the Internet cloud – and you can also manipulate your documents on the web as well. Of course, this is only entirely true for documents that Thinkfree Office can edit.

It would seem that cfengine v3 is now available for download – that will have to be a subject for a new article.

Filed under Disaster recovery, Linux, MacOS X, UNIX Tagged with , , , , ,

Pull files out of a Ignite-UX recovery archive

26 January 2009 Leave a comment

Perhaps you have a regular backup utilizing make_net_recovery, and want to get some files out of it. How is this done? The standard way to utilize a Ignite-UX backup is to restore the machine completely, using Ignite-UX.

However, if just one file – or a series of files – is desired, log into the Ignite server. Change to the directory /var/opt/ignite/recovery/archives and then into the directory matching the host you want to restore files to. The files in these directories are gzipped archives of the sort that you specified when you did the make_net_recovery (tar files by default). The file names are of the format YYYY-MM-DD,HH:MM.

Use your favorite tools to extract the files from the desired archive. For example, the following will extract the /stand directory (where HP-UX keeps its kernels):

gunzip -c 2009-01-24,07:05 | tar xvf - stand

The actual configuration of the archive process is kept in a different directory in /var/opt/ignite/clients followed by the host name. Most of these files should not be changed, as it would be easy to mangle the backup (or restore) process by making a bad change to one of these files.

Filed under Disaster recovery, HP-UX Tagged with , , ,

Using options in Perl programs (with Getopt)

24 January 2009 Leave a comment

The utility getopt (or getopts) gets command line parameters for your program. The bash and ksh shells come with getopt builtin; getopts is a separate program.

To use this capability from Perl, use the Getopt library: either Getopt::Std or Getopt::Long. Most of the time you’ll probably want to use Getopt::Long just for its flexibility.

To start using Getopt::Std, use something like this initial fragment:

use Getopt::Std;
%options=();
getopts("vs:i",\%options);

This will give you the options -v, -i, and -s arg. After this fragment executes, the associated hash table entries will be defined if the argument is present – and if it is present, the value will be either 1 or the argument given. For example, $options{v} might be set to 1, and $options{s} could be "arg".

Using Getopt::Long isn't much more difficult:

use Getopt::Long;
Getoptions("s" => \$sflag,
"verbose!" => \$verbose,
"file=s" => \$file,
"interval=i" => \$interval,
"auto:i" => \$auto)

This set of options shows most of the features of Getoptions(). The -verbose option is a toggle (as noted by the '!' at the end of the option name), and the alternate can be specified as -noverbose. For the -file option, a string argument is required (specified by the '=s' on the end of the option specification). The '=i' (as exemplified by the -interval option) means that an integer argument is required, and the ':i' for the -auto option means a integer argument is optional. Float values (real numbers) are also possible by using the 'f' flag (such as "real=f" - option -real requiring a float argument).

Filed under Perl, Programming Tagged with , , ,

The kconfig utility (HP-UX)

24 January 2009 Leave a comment

The kconfig utility is a utility which allows you to save a complete set of kernel tunables, ready for use in configuring other systems or in returning to an older configuration. These kernel configurations can be saved, copyed, deleted, and restored using the kconfig utility.

For example, consider a HP-UX virtual machine host that was pressed into service early as a general host. How to return to the original installation kernel configuration? Use the original configuration automatically created during installation, “last_install”.

For another example, consider a host configured for the applications you use. Save the configuration and it can be replicated elsewhere with a single command and perhaps a reboot.

For a current list, use the kconfig command by itself:


# kconfig
Configuration Title
backup Automatic Backup
ivm Virtual Machine Configuration
last_install Created by last OS install

The kernel configuration can be exported to a file:

# kconfig -e ivm ivm.txt

…and later imported (possibly on a new machine):

# kconfig -i ivm.txt

The current configuration can be saved to a particular name (such as ivm):

# kconfig -s ivm

All of the usual manipulations are possible, as mentioned before: copy, delete, rename, save, load, and so forth. The manual page is kconfig(1m) and should be available on your HP-UX 11i v2 or v3 system.

Filed under HP-UX, Tips, Tuning Tagged with , ,

Using BSD jot

23 January 2009 2 Comments

Most every Linux system comes with GNU seq (a utility to generate sequences of numbers or characters). However, a much older utility – and more flexible one – is the underutilized and unknown utility, jot. Every BSD system, including MacOS X, will come with jot (and not with seq).

Unfortunately, commercial UNIX tends to come with neither. So unless you are using an open source operating system, both of these utilities are unavailable. This is unfortunate.

To install jot under Debian Linux and variants (including Ubuntu), install the athena-jot package. FreeBSD, OpenBSD, and MacOS X should already have jot installed out of the box.

Using jot is easy:

  • Generate a count 1 to 6: jot 6
  • Generate a count 5 to 10: jot 6 5
  • Print “y” 100 times: jot -b y 100
  • Generate a count 1 to 6 separated by commas: jot -s "," 6
  • Generate abc1 to abc20: jot -w abc 20

This only begins to touch on the capabilities of jot. It can also generate random numbers and random character data.

In fact, to generate a large file (5Gb in this case), try this:

jot -r -c -s '' $(( 1024 * 1024 * 5 )) > file.5gb

If you do install the athena-jot package on Ubuntu or Debian, you may want to do this:


cd /usr/share/man/man1
sudo ln -s athena-jot.1.gz jot.1.gz

For some reason, the package – and the manpage – are called athena-jot but the utility is actually jot (not athena-jot). The FreeBSD man page for jot(1) (PDF)has more details.

Filed under BSD, Debian, Linux, MacOS X, Tips, Ubuntu Tagged with , ,

Updating Ignite-UX on HP-UX

22 January 2009 Leave a comment

Every major UNIX operating system has its own method of automated installs; HP-UX uses Ignite-UX. However, “updating” Ignite-UX is a misnomer and not recommended.

The recommended method is to remove Ignite-UX first. Find the names, then remove the installed software:

# swlist -l product | grep -i ignite
Ignite-UX C.7.7.93 HP-UX System Installation Services
# swremove Ignite-UX

After removing the software (which does not remove the installed repositories), then install the updated version with swinstall.

After the software is installed, it must be configured, if it isn’t already:

# /opt/ignite/bin/make_config -s /var/opt/ignite/depots/Rel_B.11.31/core_media -c /var/opt/ignite/data/Rel_B.11.31/core_media_cfg
# /opt/ignite/bin/manage_index -a -f /var/opt/ignite/data/Rel_B.11.31/core_media_cfg -c "B.11.31 From OE Media"
# /opt/ignite/bin/manage_index -n "HP-UX B.11.31 Default" -c "B.11.31 From OE Media"

You could make this configuration the default:

# /opt/ignite/bin/manage_index -e -c "B.11.31 From OE Media"

Or you could list configurations:

# /opt/ignite/bin/manage_index -l

See manage_index(1m) for more information on manipulating Ignite-UX configurations.

Filed under HP-UX Tagged with , , , ,

Using OpenSSH public keys with OpenVMS (and SSH2)

21 January 2009 Leave a comment

Every Linux box comes with OpenSSH, as does every BSD (at least, I don’t know of any that don’t). UNIX almost invariably comes with OpenSSH as well (although Tru64 is a dying hold-out).

However, OpenVMS 8 comes with an implementation of SSH that appears to be very similar to the commercial SSH produced by F-Secure and distributed by Attachmate.

To use your OpenSSH keys with VMS, a conversion is required – and the configuration files are different as well.

The versions of SSH used are:

VMS $ ssh "-V"
$1$dga010:[sys1.syscommon.][sysexe]tcpip$ssh_ssh2.exe: SSH Secure Shell OpenVMS
(V5.5) 3.2.0 on HP rx2660 (1.40GHz/6.0MB) - VMS V8.3

UNIX $ ssh -V
OpenSSH_5.1p1, OpenSSL 0.9.8g 19 Oct 2007

First, the key must be converted. Using OpenSSH this is easy (assume that the OpenSSH key my_key.pub already exists):

$ ssh-keygen -e -f my_key.pub > my_vmskey.pub
$

Then copy this file to your VMS login directory, putting it into the directory [.ssh2] (relative to your VMS login directory). Let's assume that the UNIX host is named openssh:

VMS $ scp openssh:~/my_vmskey.pub .
VMS $

Then edit the file AUTHORIZATIONS to include this line:

key my_vmskey.pub

Then be sure to test it out from your OpenSSH host:

openssh $ slogin vms
The authenticity of host 'vms (10.6.4.4)' can't be established.
DSA key fingerprint is 46:43:2f:df:0a:4b:37:e2:4f:f9:63:05:21:84:c9:44.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'vms' (DSA) to the list of known hosts.
Welcome to HP OpenVMS Industry Standard 64 Operating System, Version V8.3

$

Note that since you've not logged into the VMS machine previously, it must have its fingerprint added to the file known_hosts.

There is a good article about key conversions that seems to cover all the bases.

The Geek Stuff blog also has an excellent article on connecting to a SSH2 server using OpenSSH, as well as excellent articles on setting up SSH2 for logins and setting OpenSSH for logins.

Of course, the definitive book is SSH: The Definitive Guide by by Daniel Barrett, Richard Silverman, and Robert Byrnes. This book is also now online.

Filed under BSD, Linux, OpenVMS, Security Tagged with , , , , ,

Older posts

Follow

Get every new post delivered to your Inbox.

Join 36 other followers