CHARON-VAX for Linux utilities

General description

CHARON-VAX provides the following set of utilities:

Utility	Description
mkdskcmd	Used to create CHARON virtual disk containers of custom or standard types. This utility also may be used to transfer virtual disks of one type to virtual disks of another type.
hasp_srm_view	Used to display the CHARON license contents, to collect the host system fingerprint and to transfer software licenses from one host to another.
hasp_update	Sentinel standard utility used to retrieve Sentinel protection key information, detache a license from a Sentinel SL key and rehost a license from a Sentinel SL key
ncu	Used to dedicate a host interface to CHARON-VAX, to release it back to the host and to manage CHARON virtual interfaces (TAPs).
mtd	Used to create CHARON tape images from physical tapes and to write tape images back to physical tapes.

All these utilities are invoked from Linux console command line.

Back to Table of Contents

'mkdskcmd' utility

Creating disk images

The "mkdskcmd" utility:

Creates empty disk images of a given standard disk type or a custom disk size
Transfers existing disk images of one type to disk images of another type.

The first step is to obtain the name of the disk that needs to be created:

$ mkdskcmd --list

This command results in a list of all supported disk types.

Choose the desired disk (for example "RZ22"), then use the "mkdskcmd" command to create the virtual disk image as shown below:

$ mkdskcmd --disk rz22 --output rz22.vdisk

A disk container "rz22.vdisk" will be created in the current directory.

A file "rz22.avdisk" will also be created. This file helps CHARON accurately recognize a specific disk image type. It is recommended to put the ".avdisk" file in the same directory as the created disk image.

It is also possible to create custom disk images using "--blcount" (blocks count) and "--blsize" (blocks size) switches.

To get all the available parameters please use the "–help"switch:

mkdisk for CHARON utility v. 1.14
Copyright: STROMASYS, 2015

Usage:
mkdskcmd [Options]

Options:
--help - to see help screen
-h - to see help screen

--output <full name> - to specify output file name
-o <full name> - to specify output file name

--disk <disk name> - to specify the disk name from Disk table
-d <disk name> - to specify the disk name from Disk table

--blsize <number> - to specify the block size in bytes (custom disk image)
-z <number> - to specify the block size in bytes (custom disk image)

--blcount <number> - to specify number of the blocks (custom disk image)
-c <number> - to specify number of the blocks (custom disk image)

--avtable <full_name> - to specify AVDISK table file
-a <full_name> - to specify AVDISK table file

-t - please see the '--transform' options description
--transform <source_disk_name> <source_disk_params> - to transform the the disk image (change actual size)
<source_disk_name> - the file name of the disk image to be transformed
<source_disk_params> - the name of the disk from the list of available at the Disk table
The source disk size will changed accordingly the reach the specified parameters.
To specify the transform parameters manually, follow the option below:
--transform <source_disk_name> --blsize <number> --blcount <number>

--shrink - parameter which needs to be EXPLICITLY provided, if the disk size is to be decreased
-k - parameter which needs to be EXPLICITLY provided, if the disk size is to be decreased

--list <full_name> - to display AVDISK table
-l <full_name> - to display AVDISK table

--silent - silent mode running
-s - silent mode running

Return value:
0 - for Success
Non zero - in case of failure

Examples:
mkdskcmd -h
mkdskcmd -l
mkdskcmd -a /opt/charon/utils/mkdsk.vtable -o /etc/rk07.vdisk -d rk07
mkdskcmd -o /etc/custom.vdisk -z 512 -c 16384
mkdskcmd -t /etc/rz22.vdisk rz25 -a /opt/charon/utils/mkdsk.vtable
mkdskcmd -t /etc/rz22.vdisk rz25 -a /opt/charon/utils/mkdsk.vtable -z 512 -c 262134

The "--avtable" parameter is used to work with an alternative disk specification database (or to point to the standard database ("mkdsk.vtable") if it is in a location other than the current directory).

The "--blcount" (blocks count) and "--blsize" (blocks size) switches are used to create custom disk images.

Back to Table of Contents

Transferring disk images

The "mkdskcmd" utility is able to transfer (copy) disk images of one type to a disk image of another type.

This operation is needed, for example, to obtain more free space on a disk image that already contains data.

Note: it is not possible to add more free space dynamically. CHARON-VAX must be stopped before performing this operation.

If a source disk image is larger than the target disk image, the extra data is lost. If the source disk image is smaller, it will be extended and padded with null bytes ('\0').

An example of the syntax follows:

$ mkdskcmd --transfer <source disk file name> <source disk parameters> [--shrink] [-k]

where:

<source disk file name> - a file name of the disk image to be transferred
<source disk parameters> - the name of the disk from the list of available on "mkdskcmd --list" request or the disk geometry specification (see below).
--shrink or -k - used in the case when the target disk is transferred to a smaller disk.

Example:

$ mkdskcmd --transfer /etc/rz22.vdisk rz25

It is also possible to specify the disk parameters manually with "--blcount / -c" (blocks count) and "--blsize / -z" (blocks size) switches:

$ mkdskcmd --transfer <source disk file name> -blsize <number> -blcount <number>

Example:

$ mkdskcmd -t /etc/custom.vdisk -z 512 -c 262134

There is a certain delay between the moment when the utility reports that a disk image has been transferred and its actual availability to CHARON. This delay can reach to several minutes in case of very big disks transfers. It happens because the host operating systems needs some time for actual allocation of the enlarged file on HDD.

Back to Table of Contents

'mtd' utility

The "mtd" utility is used to:

Create a CHARON tape image from a physical tape
Write a tape image to a physical tape.

Usage is the following:

$ mtd [options] <tape device name> <tape container name>

where the options are:

Parameter	Description
`-l <file name>`	Creates an execution log “file name”.
`-r <number>`	Specifies a number of attempts to read a damaged data bock
`-i`	Directs to ignore bad blocks and continue processing w/o interruption. It implies "-r 0"
`-n`	Do not rewind tape
`-p`	Disable progress reporting
`-v`	Enable verbose trace of data transfer (implies "-p")

Example:

$ mtd -l tape1.txt -r 10 /dev/st5 /charon/tapes/tape1.vtape

Use the following syntax to write the content of a tape container to a physical tape:

$ mtd <tape container name> <tape device name>

Example:

$ mtd /charon/tapes/tape1.vtape /dev/st5

Back to Table of Contents

'hasp_srm_view' utility

The "hasp_srm_view" utility displays content of CHARON-AXP licenses.

Run the utility with one of the following parameters to see the license(-s) details:

"-l" (or without parameters) - CHARON default license details
"-all" - all available CHARON licenses details
"-key <key number>" - specific CHARON license (defined by its "key number") details

The "hasp_srm_view" utility provides the following functionality:

Display the CHARON-AXP licenses details. It is possible to view all available license or some specific one.
Collecting license status information
Collecting host fingerprint information
Managing software license transfer procedure.

Run the utility without any options to display the license details.

# hasp_srm_view -help

CHARON Sentinel HASP utility
Copyright: STROMASYS, 2015

Options:
-? or -h or -help - to see help screen

-l - to see CHARON license details (for default key)
-all - to see CHARON license details (for all available keys)
-key <key number> - to see CHARON license details (for specific key)

-c2v <C2V file> - to collect the key status information (C2V file)
-fgp <C2V file> - to collect the host fingerprint information (C2V file)

-tfr <LicenseID> <recipient file> - to transfer SL license (V2C file)
-tfr <LicenseID> - to remove SL license (V2C file) from the local host
-idf - to get transfer recipient (ID) file "recipient.id"

The specific type of CHARON license defines what switches may be used in each case.

Collecting the "c2v" file can be done only from the CHARON host console.

Remote collection of status information

For remote collection of status information it is recommended to use "ssh" as shown in the following examples:

# ssh root@CHARON_HOST /opt/charon/bin/hasp_srm_view -c2v /opt/charon/bin/my_hasp_key.c2v
# ssh root@CHARON_HOST /opt/charon/bin/hasp_srm_view -fgp /opt/charon/bin/my_host_fingerprint.c2v

To see the license text on the console:

# ssh root@localhost /opt/charon/bin/hasp_srm_view

To collect license text to an output file on host server:

# ssh root@localhost /opt/charon/bin/hasp_srm_view > /opt/charon/bin/hasp_srm_view.txt

The "hasp_srm_view" utility always reports the ID and IP address of the host(s) where active licenses are found.

Back to Table of Contents

Software Licenses Transfer

Software Licenses (SL) can be transferred from one host to another one with the help of "hasp_srm_view" utility and "Sentinel Admin Control Center" (ACC).

The following example demonstrates the transfer procedure.

Let's suppose a Software License must be transferred from a host "SourceHost" to a host "RecipientHost":

Run "hasp_srm_view" utility on the "RecipientHost" with the following parameters to collect the host ID info:
$ hasp_srm_view -idf
The "recipient.id" file will be created in the current directory.
Copy the "recipient.id" file to the "SourceHost".

"recipient.id" is an ASCII file, so use the "ascii" option for FTP transfer.
On the "SourceHost", open the "Sentinel Admin Control Center" (ACC) ( http://localhost:1947). Note the number of the software license you are going to transfer.
Run the "hasp_srm_view" utility in the following way to create a transfer license for the host "RecipientHost":
$ hasp_srm_view -tfr <license number> recipient.id
The "license number" is the value collected at the step 3.
Example of collecting a transfer license:
$ hasp_srm_view -tfr 12345678 recipient.id
A "<license number>.v2c" file will be created in the current directory. In the example above, the name of the transfer license will be "12345678.v2c"
Copy the resulting "<license number>.v2c" file to the "RecipientHost".

"<license number>.v2c" is an ASCII file, so use the "ascii" option for FTP transfer.
On the "RecipientHost", open "Sentinel Admin Control Center" (ACC) (http://localhost:1947) and apply the "<license number>.v2c" file as described above.

Back to Table of Contents

Software Licenses Removal

When a Software License is removed completely from a host, the license is dumped to a specific license file ".v2c". The license is not destroyed and can be re-applied if needed.

To remove a software license from a host do the following:

Open "Sentinel Admin Control Center" (ACC) (http://localhost:1947). Note the number of the software license you are going to remove.
Run the "hasp_srm_view" utility in the following way to remove the license:
$ hasp_srm_view -tfr <license number>
The "license number" is the value collected at the step 1.
Example:
$ hasp_srm_view -tfr 12345678
The "<license number>.v2c" file will then be created in the current directory. In the example above the name of the transfer license will be "12345678.v2c"
It is always possible to re-apply the created ".v2c" file to restore the deleted software license.

Back to Table of Contents

'hasp_update' utility

The "hasp_update" is a Sentinel standard utility for license management included in CHARON-VAX kit.

To invoke the "hasp_update" utility login as "root" and use the following syntax:

# hasp_update <option> [filename]

where:

Parameter	Value	Description
<option>	u	Updates a Sentinel protection key / attaches a detached license
	i	Retrieves Sentinel protection key information
	d	Detaches a license from a Sentinel Software License (SL) key
	r	Rehost a license from a Sentinel Software License (SL) key
	h	Display help
[filename]		Path to the V2C/H2R file (in case of 'u'pdate/attach)
[filename]		Path to the C2V file Optional: uses "stdout" if file name is not specified (in case of 'i'nfo)

Example:

# hasp_update u license_update.v2c

We recommend to use this tool only for "Update a Sentinel protection key / attach a detached license" function ("u" option). For the rest use "hasp_srm_view" utility.

Back to Table of Contents

'ncu' utility

The "ncu" ("Network Control Utility") is used to dedicate a host interface to CHARON-VAX, to release it back to the host and to manage CHARON virtual interfaces (TAPs).

The utility allocates chosen network interfaces (both physical and virtual) and configures the offload parameters.

The NetworkManager service must be running in order to have all the functionalities enabled with "ncu". If the service is not enabled please configure the network using the manual operations described in the section "Manual configuration of CHARON networking" of the Installation chapter of this Guide.

Dedication of a host physical interface to CHARON

Login as root. Type "ncu" and press Enter. The following menu will appear:

Interfaces Dedicated to State
---------- ------------ ------------
eth0 host         connected to host
eth1       host         connected from host
lo         host         unmanaged from host

==================================================================
bridge name bridge id STP enabled interfaces

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Print status
6 - Exit
:> 6

The utility lists available network interfaces (both physical and virtual) and indicates whether they are dedicated to the host or to CHARON and whether they are currently in use by host operating system.

"ncu" offers several options:

Dedicate interface to CHARON (press "1")
Release interface to host (press "2")
Create a bridge between a chosen physical network interface and the Linux virtual network and create a number of virtual network interfaces (press "3")
Remove the Linux virtual network and all the created virtual network interfaces (press "4")
Print status (press "5") - use it to display status of network interfaces and the menu shown above
Exit (press "6")

In the example above we see 2 network interfaces - "eth0" and "eth1", both of them are dedicated to host, but host uses only the interface "eth0".

Let's dedicate the interface "eth1" to CHARON-VAX.

Enter "1", then type "eth1" and press Enter:

Specify the interface to dedicate to CHARON:eth1
Turning off offloading for eth1.. Please wait

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Print status
6 - Exit
:> 5

Now the interface "eth1" is dedicated to CHARON-VAX:

Interfaces Dedicated to State
---------- ------------ ------------
eth0       host         connected to host
eth1       CHARON       disconnected from host
lo         host         unmanaged from host

==================================================================
bridge name bridge id STP enabled interfaces

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Print status
6 - Exit

Enter "6" to return to console prompt.

Now "eth1" can be used by CHARON-VAX.

Back to Table of Contents

Release of a host physical interface back to host

Login as root. Type "ncu" and press Enter. The following menu will appear:

Interfaces Dedicated to State
---------- ------------ ------------
eth0       host         connected to host
eth1       CHARON       disconnected from host
lo         host         unmanaged from host

==================================================================
bridge name bridge id STP enabled interfaces

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Print status
6 - Exit
:> 2

Let's say that we want to return the interface "eth1" (currently dedicated to CHARON) back to host. To do that enter "2" then "eth1":

Specify the interface to release to HOST:eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Print status
6 - Exit
:> 6

Enter "6" to quit the "ncu" utility.

The interface "eth1" is released back to host system now.

Back to Table of Contents

Creation of a virtual network

Login a root. Start "ncu" utility:

# ncu
CHARON Network Configuration Utility, STROMASYS (c) 2015 Version 1.5

Interfaces Dedicated to State
---------- ------------ ------------
eth0       host         connected to host
eth1       host         connected to host
lo         host         unmanaged from host

==================================================================
bridge name bridge id STP enabled interfaces

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Destroy Bridge
5 - Print status
6 - Exit
:> 3

Enter "3" to create a bridge between the host physical network adapter and the LINUX virtual network Interfaces (TAP) and specify the physical network interface ("eth1" in our example) and a number of the virtual network Interfaces to be created (2 in our example):

Specify the interface to be used for BRIDGE:eth1
How many tap should be created:2
Forming the bridge: ..1..2..3..4..5.. addif tap0 .. addif tap1 ..7..8 done!
Formed bridge br0_eth1 attached over eth1...

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Print status
6 - Exit
:> 5

Now enter "5" to see the created virtual interfaces:

Interfaces   Dedicated to    State
----------   ------------    ------------
eth0 host      connected to host
eth1         bridge    connected to bridge
lo           host      unmanaged from host
tap0     bridge    connected to bridge
tap1     bridge      connected to bridge

==================================================================
bridge name     bridge id           STP enabled        interfaces
br0_eth1        8000.525400698995a  no                 tap0
                                                       tap1

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Print status
6 - Exit
:> E

In the example above we see 2 virtual network Interfaces "tap0" and "tap1" connected to the created bridge. The physical network interface "eth1" is used for the bridge to the virtual network interfaces.

The interfaces "tap0" and "tap1" are ready to be used in CHARON configurations - they do not need to be additionally dedicated to CHARON.

Enter "6" to quit "ncu" utility.

Back to Table of Contents

Removal of a virtual network

Login a root. Start "ncu" utility:

# ncu

CHARON Network Configuration Utility, STROMASYS (c) 2015 Version 1.5

Interfaces   Dedicated to    State
----------   ------------    ------------
eth0         host            connected to host
eth1         bridge          connected to bridge
lo           host            unmanaged from host
tap0         bridge          connected to bridge
tap1         bridge          connected to bridge

==================================================================
bridge name     bridge id           STP enabled        interfaces
br0_eth1        8000.525400698995a  no                 tap0
                                                       tap1

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Print status
6 - Exit
:> 4

Enter "4", after that specify the interface that is a bridge to the Linux virtual network on this host ("eth1" in our example) and press Enter:

Specify the phys interface used for BRIDGE:eth1
Cleanup bridge br0_eth1 with ip over eth1...
Removing the bridge: ..1..2 delif eth1
delif tap0
delif tap1
..5..6..7..8 done!

select action:
1 - Dedicate to CHARON
2 - Release to host
3 - Create Bridge with TAPs
4 - Remove Bridge
5 - Print status
6 - Exit
:> 6

Enter "6" to quit "ncu" utility.

Back to Table of Contents