Versions Compared

Old Version 11

changes.mady.by.user Bruno Miretti

Saved on

compared with

New Version 12

changes.mady.by.user Bruno Miretti

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

‘nano’ is a basic text editor, very simple to use and displaying available commands at the bottom of the screen. For example, to leave ‘nano’ , use ^X (press CTRL + X)

How to setup ‘ssh’ trusts between Linux and

...

HP-UX

Info
titleNotes
  • The prompts will tell you where to execute the commands, "Tru64#HPUX#" (root user) or "Linux#"  (root user)
  • Remember Linux/Unix is case sensitive
  • If hosts are not known by each other, fill the /etc/hosts file for example (using vi for example)
  • linuxhost represents the name of your CHARON Charon server (can be any name you want)
  • tru64host hpuxhost represents the hostname of your Tru64 HP-UX virtual machine
  • Generate the key

...

On the HP-UX system, enter the following commands if the folder does not already exist:

HPUX# mkdir /.ssh
HPUX# chmod 600 /.ssh

On the Linux server, enter:

Linux# ssh-keygen -t rsa

→  Do not specify

a

any passphrase.


Linux#

ssh-keygen -e -f

chmod 600 id_rsa*
Linux# scp id_rsa.pub

> linuxhost

hpuxhost:/.ssh/linuxhost_rsa.pub

...

Tru64# cd /.ssh2
Tru64# echo "Key linuxhost.pub" >> authorization

  • Initialize the first ssh connection (answer 'yes' to confirm)

...

Linux# ssh tru64host date

then retry the same command to verify the trust is working.

...

→ Enter the password for the copy operation to complete



On the HP-UX system, add the Linux server key to the authorized keys:

HPUX# cd /.ssh
HPUX# cat linuxhost_rsa.pub >>authorized_keys
HPUX# chmod 600 authorized_keys

Perform a simple test on the Linux server:

Linux# ssh hpuxhost hostname
hpuxhost

(question) If trying to execute a remote command on the Tru64 HP-UX system, a message telling "no matching cipher found" is displayed, the cipher has to be setup on the Linux server side in the /root/.ssh/config file:

# Linux# cat /root/.ssh/config

Host tru64hosthpuxhost
  Hostname tru64hosthpuxhost
  KexAlgorithms +diffie-hellman-group1-sha1
  HostKeyAlgorithms +ssh-dss
  Ciphers +3des-cbc


Div
classpagebreak


How to setup

...

‘rsh’ trusts between Linux and

...

HP-UX

(warning) Do not forget the dot at the end of the authorization file name

...

classpagebreak

...

Info
titleNotes
  • The prompts will tell you where to execute the commands, "VMS$HPUX#" (system root user) or "Linux#"  (root user)
  • Remember Linux/Unix is case sensitive, VMS is notLinux: if VMS host is not known, add it to
  • If hosts are not known by each other, fill the /etc/hosts file for example
  • VMS: if Linux is not known, add it using: $ UCX SET HOST LINUX /ADDR=xx.xx.xx.xx

...

VMS$ SET DEF SYS$LOGIN
VMS$ @TCPIP$CONFIG

...

...
* Create a new default server host key? YES: YES
     Creating private key file: TCPIP$SSH_DEVICE:TCPIP$SSH.SSH2]HOSTKEY
     Creating public key file: TCPIP$SSH_DEVICE:TCPIP$SSH.SSH2]HOSTKEY.PUB
...

...

Linux# ssh-keygen -t rsa

→ Do not specify a passphrase
Linux# ssh-keygen -e -f /root/.ssh/id_rsa.pub > /root/.ssh/linuxserver.pub

  • Copy the generated file /root/.ssh/linuxserver.pub (or use copy/paste between putty session for example) to the VMS system in the SYS$SYSROOT:[SYSMGR.SSH2] directory
    (lightbulb) If this folder does not exist, create it using the following command: $ CREATE /DIRECTORY SYS$SYSROOT:[SYSMGR.SSH2]

...

VMS$ SET DEF SYS$SYSLOGIN
VMS$ SET DEF SYS$SYSROOT:[.SSH2]
VMS$ OPEN/WRITE TMP AUTHORIZATION.

(warning) If the file already exists, use /APPEND instead of /WRITE
VMS$ WRITE TMP "KEY LINUXSERVER.PUB"
VMS$ CLOSE TMP

  • (using vi for example)
  • linuxhost represents the name of your Charon server (can be any name you want)
  • hpuxhost represents the hostname of your HP-UX virtual machine

Introduction

RSH executes commands on a remote host. It can be used to issue a shutdown on the Charon Tru64 virtual machine.

...

The RSH method requires the 'rsh' package. It can be installed using the following command:

# Linux# yum install rsh

Notes

On the Tru64 HP-UX system issuing the shutdown, create a proxy between the root user of the Charon server and the user.

Example ('ceres' is the Charon server name):

# HPUX# echo "ceres linuxhost root" >>~/.rhosts

If the Charon server name is not known to the TCPIP database, edit the /etc/hosts file and add the server ip address and its name.

Ensure manual commands can be passed to the Tru64 HP-UX system from the Charon server.

Example ('pluto' is the Tru64 hostname):

# Linux# rsh pluto linuxhost date

If a "poll: protocol failure in circuit setup" is returned, the firewall settings have to be set to open ports 113 and 1022.

Please always refer to your network administrator when changing the firewall rules, commands below are given as example only.

Example for Red Hat Enterprise Linux 6.x servers:

...

# iptables -I INPUT -p tcp --dport 113 --syn -j ACCEPT
# iptables -I INPUT -p tcp --dport 1022 --syn -j ACCEPT
# service iptables save

Example for Red Hat Enterprise Linux 7.x and CentOS 7.x servers:

...

# firewall-cmd --permanent --new-service=Charon
# firewall-cmd --permanent --service=Charon --add-port=113/tcp
# firewall-cmd --permanent --service=Charon --add-port=1022/tcp
# firewall-cmd --get-active-zones
public
interfaces: ens34 ens35
# firewall-cmd --zone=public --permanent --add-service=Charon
# firewall-cmd --reload

How to setup ‘rsh’ trusts between Linux and OpenVMS

Introduction

RSH executes commands on a remote host. It can be used to issue a shutdown on the Charon OpenVMS virtual machine.

Pre-requisites

The RSH method requires the 'rsh' package. It can be installed using the following command:

...

Notes

RSH and REXEC services must be available on the OpenVMS virtual machine. This depends on the OpenVMS version and a valid UCX license is required.

To enable these services, run @SYS$MANAGER:TCPIP$CONFIG, select the "Client components" and then enable and start "REXEC and RSH" services.

Create a proxy between the root user of the Charon server and the user on the OpenVMS system issuing the shutdown.

Example ('ceres' is the Charon server name):

...

If the Charon server name is not known to the TCPIP database, use the following command to add it.

Example:

...

Copy charon_shutdown.com script located in the /opt/charon/utils folder to SYS$MANAGER:CHARON_SHUTDOWN.COM on the OpenVMS system (using copy/paste for example). This is required as if the shutdown is executed directly from the 'rsh' command directly, 'rsh' will not timeout when the shutdown will be completed and the virtual machine will not be stopped cleanly, it will timeout depending on the service settings.

Ensure manual commands can be passed to the OpenVMS system from the Charon server.

Example ('vms084' is the OpenVMS hostname):

...

If a "poll: protocol failure in circuit setup" is returned, the firewall settings have to be set to open ports 113 and 1022.

1011 to 1023.

Please always refer to your network administrator when changing the firewall rules, commands below are given as example only.

Example for Red Hat Enterprise Linux 6.x servers:

...

#

# iptables -I INPUT -p tcp --dport 1022 --syn -j ACCEPT
# service iptables save

Example for Red Hat Enterprise Linux 7.x and CentOS 7.x servers:

firewall-cmd --permanent --new-service=Charon
# firewall-cmd --permanent --service=Charon --add-port=

113/tcp
# firewall-cmd --permanent --service=Charon --add-port=1022

1011-1023/tcp
# firewall-cmd --get-active-zones
public
interfaces: ens34 ens35
# firewall-cmd --zone=public --permanent --add-service=Charon
# firewall-cmd --reload


Div
classpagebreak


Shutdown guests with Expect tool

Introduction

In case SSH cannot nor RSH can not be used to perform clean shutdown of the guests, the "expect" tool can be used to connect to the console, perform the login operation and execute the shutdown command depending on the console status (at login prompt, shell prompt or SRM prompt).

The operations performed during the "expect" script execution are detailed in the VM management - Create/Edit guest stop script chapter.

(warning) In this case the password is sent without encryption.

...

Warning

Console locked:

Any active session to the console must be killed before the "expect" script is executed.

(info) For example, if you are connected via "telnet" on the localhost/port (the kill is not done inside the expect script). Using the "/opt/charon/utils/charon_gstart_expect" script file the necessary operations will be performed.

(warning) If the console is locked from another host (if you use putty for example), you will have to cancel the connection by yourself otherwise the shutdown will not be performed cleanly.

This script can handle the following situations:

...

  • Expect: "Username: " (VMS) or "login: " (Tru64)
  • Action: An interactive session will be initiated based on <user> and <password> provided in the parameters

...

  • Expect: <prompt> provided in the parameters
  • (warning) This user must have privileges to perform shutdown as no logout will be issued
  • Action: Depending on the Operating system parameter (see <opsys> below), the shutdown command will be sent

...

  • Expect: ‘>>>’ (so works with VAX and Alpha with "P00>>>")
  • Action: A 'power off' command will be issued. If the command is not recognized, the F6 key will be sent (this must be enabled within the configuration file). If the F6 key did not stop the emulator, the script will exit with error code 9 meaning you will have to kill the emulator process yourself. Using the "/opt/charon/utils/charon_gstart_expect" script file the necessary operations will be performed.


Div
classpagebreak


Script usage

...

ParameterDescription
<port>telnet port number (example: 1000330001)
<user>username for login (must be able to perform shutdown)
<password>password
<prompt>shell prompt (including end space) or last characters of the prompt
<opsys>VMS or UNIX

Example:

...

HPUX or MPEIX (case sensitive)


Example for HP-UX:

# /opt/charon/utils/guest_shutdown.exp 30001 root 12345 "# " HPUX

Example for MPEIX:

# /opt/charon/utils/guest_shutdown.exp 30001 X X X MPEIX

How to restart CHARON-

...

PAR on Linux automatically on failure

(warning) This part only applies to Linux distributions using systemd thus Red Hat Enterprise Linux 6.x versions are not concerned.

...

Automatic restart on failure is managed by systemd at Linux level, please refer to systemd man pages.

For example, edit the service configuration file and add the following parameters

...

:


ParameterTypeDescription
RestarttextConfigures whether the service shall be restarted when the service process exits, is killed, or a timeout is reached
RestartSecnumericConfigures the time to sleep before restarting a service (as configured with Restart=). Takes a unit-less value in seconds, or a time span value such as "5min 20s". Defaults to 100ms.
StartLimitIntervalnumericConfigure service start rate limiting. By default, services which are started more than 5 times within 10 seconds are not permitted to start any more times until the 10 second interval ends. With these two options, this rate limiting may be modified. Use StartLimitInterval= to configure the checking interval (defaults to DefaultStartLimitInterval= in manager configuration file, set to 0 to disable any kind of rate limiting). Use StartLimitBurst= to configure how many starts per interval are allowed (defaults to DefaultStartLimitBurst= in manager configuration file).
StartLimitBurstnumeric


Include Page
KBCOMMON:DOC-GoToToc
KBCOMMON:DOC-GoToToc