Archive for July, 2012

thin provisioning aka virtual provisioning on EMC Symmetrix

July 28th, 2012 No comments

For basic information about thin provisioning, here's some excerpts from wikipedia/HDS site:

Thin provisioning is the act of using virtualization technology to give the appearance of more physical resource than is actually available. It relies on on-demand allocation of blocks of data versus the traditional method of allocating all the blocks up front. This methodology eliminates almost all whitespace which helps avoid the poor utilization rates, often as low as 10%, that occur in the traditional storage allocation method where large pools of storage capacity are allocated to individual servers but remain unused (not written to). This traditional model is often called "fat" or "thick" provisioning.

Thin provisioning simplifies application storage provisioning by allowing administrators to draw from a central virtual pool without immediately adding physical disks. When an application requires more storage capacity, the storage system automatically allocates the necessary physical storage. This just-in-time method of provisioning decouples the provisioning of storage to an application from the physical addition of capacity to the storage system.

The term thin provisioning is applied to disk later in this article, but could refer to an allocation scheme for any resource. For example, real memory in a computer is typically thin provisioned to running tasks with some form of address translation technology doing the virtualization. Each task believes that it has real memory allocated. The sum of the allocated virtual memory assigned to tasks is typically greater than the total of real memory.

The following article below shows the step how to create thin pool, add and remove components from the pool and how to delete thin pool:

And for more information about thin provisioning on EMC Symmetrix V-Max  with Veritas Storage Foundation, the following PDF file may help you.

EMC Symmetrix V-Max with Veritas Storage Foundation.pdf


1.symcfg -sid 1234 list -datadev #list all TDAT devices(thin data devices which consists thin pool, and thin pool provide the actual physical storage to thin devices)
2.symcfg -sid 1234 list -tdev #list all TDEV devices(thin devices)

3.The following article may be useful for you if you encountered problems when trying to perform storage reclamation(VxVM vxdg ERROR V-5-1-16063 Disk d1 is used by one or more subdisks which are pending to be reclaimed):



Categories: Hardware, SAN, Storage Tags: ,

oracle RMAN backups and hot backup mode

July 28th, 2012 No comments

In one sentence, to backup Oracle with OS(BCV for example), database should be put into hot backup mode. But RMAN backups can be performed while the database is online.

Also, oracle GoldenGate is used to replicate DB between heterogeneous systems, for example, oracle replicated to mysql/sql server etc.

oracle golden gate documentation

July 28th, 2012 No comments

Here's some excerpts from oracle document about oracle golden gate:

Robust Modular Architecture

The Oracle GoldenGate software architecture is comprised of three primary components:
Capture, Trail Files, and Delivery. This modular approach allows each component to perform
its tasks independently of the others, accelerating data replication and ensuring data integrity.
Figure 1: Oracle GoldenGate leverages a component-based architecture to optimize real-time
information access and availability.

  • Capture

Oracle GoldenGate’s Capture module resides on the source database and looks for new
transactional activity. The Capture module reads the result of insert, update, and delete
operations by directly accessing the database transaction (redo) logs, and then immediately
captures new and changed data for distribution.
The Capture module only moves committed transactions—filtering out intermediate activities
and rolled-back operations—which not only reduces infrastructure load but also eliminates
potential data inconsistencies. Further optimization is achieved through transaction grouping
and optional compression features.
Oracle GoldenGate 11g can also capture messages from JMS messaging systems to deliver to
heterogeneous databases in real time for scalable and reliable data distribution.

  • Trail Files

Oracle GoldenGate’s Trail Files contain the database operations for the changed data in a
transportable, platform-independent data format. Trail Files are a critical component within
Oracle GoldenGate’s optimized queuing mechanism. They reside on the source and/or target
server but exist outside of the database to ensure heterogeneity, improved reliability, and
minimal data loss. This architecture minimizes impact to the source system because no
additional tables or queries to the database are required to support the data capture process.
The Capture module reads once, and then immediately moves the captured data to the external
Trail File for delivery to the target(s).
In the event of an outage at the source and/or target, the Trail Files contain the most-recent
data up to the point of the outage, and the data is applied once the systems are online again.

  • Delivery

Oracle GoldenGate’s Delivery module takes the changed data from the latest Trail File and
applies it to the target database using native SQL for the appropriate relational database
management system. Delivery can be made to any open database connectivity–compliant
database. The Delivery module applies each transaction in the same order as it was committed
and within the same transactional context as at the source, enabling consistency and referential
integrity at the target. To enhance IT flexibility, captured data can also be delivered to a Java
Message Service destination or as a flat file using Oracle GoldenGate Application Adapters.

For full documentation, you can refer to the following pdf file:

IT solutions I can think of now

July 26th, 2012 No comments

1.Configuration Management and Data Warehouse

     BMC ControlM, Symantec Altiris, Aperture, CMDB

     spacewalk, pulp, puppet. cfengine, chef

     Oracle Exalytics, SAP HANA
     vmware, citrix, openvz, xen, kvm, cdn(such as cloudflare), cloudstack, openstack, openshift, CloudFoundry, hadoop
     Oracle Exadata/Exalogic
3.HA & HP
    CDN: akamai, bluecoat, chinacache, level3, 365media, kontiki, cdnetworks
     Monitoring: ntop, nagios, opsview, HP OVO, Gomez, mrtg, catci, orca, scom, munin, collected<nagios-collected, collectd-unixsock, collectd-python>
                      Tivoli<websphere monitoring>, opnet<app perf test>, loadimpact
     F5 LTM, Netscaler, varnish, squid, Cisco<CSS, ACE, GSS>
     Cluster: VCS, IBM HACMP, haproxy, LifeKeeper, hp ServiceGuard/TruCluster, DRBD<Distributed Replicated Block Device>
     Webscreen, netscreen, truecrypt, NDS DRM, McAfee, forefront<windows>
     Java: IBM MQ, Azul, Jetty, tomcat, websphere, glassfish, weblogic, hudson/jenkins CI
     quova #ip geolocation
     openldap, SUN iPlanet DS
     NetApp, EMC, HP, Oracle, Qlogic, Emulex, IBM, Dell, SGI, HDS, Brocade, Emulex, SUN ZFS
Categories: IT Architecture Tags:

veritas vcs 5.1 on solaris 5.10 changes of restarting procedure

July 26th, 2012 No comments

For 5.1 VCS on solaris 10, start/stop of VCS are no longer controlled by /etc/rc*.d/S* scripts.
They are under SMF control. Plus, some of the /etc/default/gab,llt,vcs,vxfen etc.. there are lines which needs to be set to 1 if VCS is setup manually.
For example:


More interestingly with VCS one node cluster, the SMF resource for vcs is not system/vcs:default, It is system/vcs-onenode:default.

Categories: Clouding, HA, HA & HPC, IT Architecture Tags:

reset ldap proxyagent password before expiration on iplanet Directory Server

July 26th, 2012 No comments

proxyagent is the user that all hosts that bound to solaris iplanet Directory Server uses to authenticate queries against the server. If the password expires then all the clients ldap requests fail(and there's no way to set it not to expire).
The process to update the password is outlined below and only takes a few minutes to complete(applied to solaris iplanet Directory Server, but this may also help you if you use other DS like OpenLDAP etc):
1.Log on Sun Java Web Console for iplanet LDAP with system's root password.
2.Click on "Directory Service Control Center (DSCC)" under "Services" legend. Note that at some point you are prompted for a password, this is the LDAP Configuration password this time.
3.Choose the tab "Directory Servers"
4.Choose a master to work from (click on the server name)
5.Choose the tab "Entry Management"

In the DN list double click ou=profile
In the next DN list double click cn-proxyagent
In here reset the password using the same password as before (check password tool or /etc/ldap.conf on any LDAP client box)
Click ok

6.Completed, now retry LDAP access

Categories: IT Architecture, Linux, Systems Tags:

Resolved – VxVM vxconfigd ERROR V-5-1-0 Segmentation violation – core dumped

July 25th, 2012 2 comments

When I tried to import veritas disk group today using vxdg -C import doxerdg, there's error message shown as the following:

VxVM vxdg ERROR V-5-1-684 IPC failure: Configuration daemon is not accessible
return code of vxdg import command is 768

VxVM vxconfigd DEBUG V-5-1-0 IMPORT: Trying to import the disk group using configuration database copy from emc5_0490
VxVM vxconfigd ERROR V-5-1-0 Segmentation violation - core dumped

Then I used pstack to print the stack trace of the dumped file:

root # pstack /var/core/core_doxerorg_vxconfigd_0_0_1343173375_140
core 'core_doxerorg_vxconfigd_0_0_1343173375_14056' of 14056: vxconfigd
ff134658 strcmp (fefc04e8, 103fba8, 0, 0, 31313537, 31313737) + 238
001208bc da_find_diskid (103fba8, 0, 0, 0, 0, 0) + 13c
002427dc dm_get_da (58f068, 103f5f8, 0, 0, 68796573, 0) + 14c
0023f304 ssb_check_disks (58f068, 0, f37328, fffffffc, 4, 0) + 3f4
0018f8d8 dg_import_start (58f068, 9c2088, ffbfed3c, 4, 0, 0) + 25d8
00184ec0 dg_reimport (0, ffbfedf4, 0, 0, 0, 0) + 288
00189648 dg_recover_all (50000, 160d, 3ec1bc, 1, 8e67c8, 447ab4) + 2a8
001f2f5c mode_set (2, ffbff870, 0, 0, 0, 0) + b4c
001e0a80 setup_mode (2, 3e90d4, 4d5c3c, 0, 6c650000, 6c650000) + 18
001e09a0 startup (4d0da8, 0, 0, fffffffc, 0, 4d5bcc) + 3e0
001e0178 main (1, ffbffa7c, ffbffa84, 44f000, 0, 0) + 1a98
000936c8 _start (0, 0, 0, 0, 0, 0) + b8

Then I tried restart vxconfigd, but it failed as well:

root@doxer#/sbin/vxconfigd -k -x syslog

VxVM vxconfigd ERROR V-5-1-0 Segmentation violation - core dumped

After reading the man page of vxconfigd, I determined to use -r reset to reset all Veritas Volume Manager configuration information stored in the kernel as part of startup processing. But before doing this, we need umount all vxvm volumes as stated in the man page:

The reset fails if any volume devices are in use, or if an imported shared disk group exists.

After umount all vxvm partitions, then I ran the following command:

vxconfid -k -r reset

After this, the importing of DGs succeeded.

Categories: Hardware, SAN, Storage Tags: ,

resolved – aix create and remove swap space

July 14th, 2012 No comments

To add a paging space "paging0"

  • Create a new LV for paging space

mklv -t paging -y paging0 rootvg 10

  • Add the entry in /etc/swapspaces to activate the paging space during next reboot

chps -a y paging0

  • Activate the paging space

swapon /dev/paging0

To remove an active paging space "paging00"

  • Deactivate the paging space using swapoff commnad

swapoff /dev/paging00

  • remove the paging space using rmps command

rmps paging00

  • Remove the entry from /etc/swapspaces so that it is not activated during next reboot

chps -a n paging00

Categories: IT Architecture, Systems, Unix Tags:

resolved – passwd permission denied even for root on solaris

July 14th, 2012 No comments

When I tried resetting a local user's password on a solaris host, I met the following error message:

root@doxer # passwd <username>
New Password:
Re-enter new Password:
Permission denied

This was very weird as I was logged on as root when doing this operation:

root@doxer # id
uid=0(root) gid=1(other)

After some searching I found that this was caused by passwd by default will try to reset LDAP password if the host is using ldap for authentication. Here's excerpt from /etc/nsswitch.conf:

passwd: compat
passwd_compat: ldap

To resolve this, you need designate which authentication mechanism you want to use for resetting a password(here we should use files as this user was local one):

passwd -r files <username>


Here's more about NIS passwd map:<from book Managing NFS and NIS>

Earlier, we introduced the concept of replaced files and appended files. Now, we'll discuss how to work with these files. First, let's review: these are important concepts, so repetition is helpful. If a map replaces the local file, the file is ignored once NIS is running. Aside from making sure that misplaced optimism doesn't lead you to delete the files that were distributed with your system, there's nothing interesting that you can do with these replaced files. We won't have anything further to say about them.

Conversely, local files that are appended to by NIS maps are always consulted first, even if NIS is running. The password file is a good example of a file augmented by NIS. You may want to give some users access to one or two machines, and not include them in the NIS password map. The solution to this problem is to put these users into the local passwd file, but not into the master passwd file on the master server. The local password file is always read before getpwuid( ) goes to an NIS server. Password-file reading routines find locally defined users as well as those in the NIS map, and the search order of "local, then NIS" allows local password file entries to override values in the NIS map. Similarly, the local aliases file can be used to override entries in the NIS mail aliases map, setting up machine-specific expansion of one or more aliases.

Categories: IT Architecture, Linux, Systems Tags:

resolved – df Input/output error from veritas vxfs

July 10th, 2012 No comments

If you got error like the following when do a df list which has veritas vxfs as underlying FS:

df: `/BCV/testdg': Input/output error
df: `/BCV/testdg/ora': Input/output error
df: `/BCV/testdg/ora/archivelog01': Input/output error
df: `/BCV/testdg/ora/gg': Input/output error

And when use vxdg list, you found the dgs are in disabled status:

testarc_PRD disabled 1275297639.26.doxer
testdb_PRD disabled 1275297624.24.doxer

Don't panic, to resolve this, you need do the following:

1) Force umount of the failed fs's
2) deporting and importing failed disk groups.
3) Fixing plexes which were in the DISABLED FAILED state.
4) Fsck.vxfs of failed fs's
5) Remounting of the needable fs's

Categories: Hardware, SAN, Storage Tags:

Bash Shell Parameter Expansion examples

July 7th, 2012 No comments

Here's an example/tutorial about bash Shell Parameter Expansion:

my_god="God exists";
my_null_message="yes, it's null";
#If parameter is unset or null, the expansion of word is substituted. Otherwise, the value of parameter is substituted.
echo ${my_null:-hello_world};
#If parameter is unset or null, the expansion of word is assigned to parameter. The value of parameter is then substituted. Positional parameters and special parameters may not be assigned to in this way.
echo ${my_null_2:=hello_world_2};

#If parameter is null or unset, the expansion of word (or a message to that effect if word is not present) is written to the standard error and the shell, if it is not interactive, exits. Otherwise, the value of parameter is substituted.
#echo ${my_null:?"yes, it's null"};
#If parameter is null or unset, nothing is substituted, otherwise the expansion of word is substituted.
echo -n ${my_null:+nothing_substituted};

#Expands to up to length characters of parameter starting at the character specified by offset. If length is omitted, expands to the substring of parameter starting at the character specified by offset. length and offset are arithmetic expressions (see Shell Arithmetic). This is referred to as Substring Expansion. length must evaluate to a number greater than or equal to zero. If offset evaluates to a number less than zero, the value is used as an offset from the end of the value of parameter. If parameter is ‘@’, the result is length positional parameters beginning at offset. If parameter is an indexed array name subscripted by ‘@’ or ‘*’, the result is the length members of the array beginning with ${parameter[offset]}. A negative offset is taken relative to one greater than the maximum index of the specified array. Substring expansion applied to an associative array produces undefined results.
#Note that a negative offset must be separated from the colon by at least one space to avoid being confused with the ‘:-’ expansion. Substring indexing is zero-based unless the positional parameters are used, in which case the indexing starts at 1 by default. If offset is 0, and the positional parameters are used, $@ is prefixed to the list.
echo ${my_god:4};
echo ${my_god:0:3};

#The length in characters of the expanded value of parameter is substituted. If parameter is ‘*’ or ‘@’, the value substituted is the number of positional parameters. If parameter is an array name subscripted by ‘*’ or ‘@’, the value substituted is the number of elements in the array.
echo "God exists has ${#my_god} characters";

#The word is expanded to produce a pattern just as in filename expansion (see Filename Expansion). If the pattern matches the beginning of the expanded value of parameter, then the result of the expansion is the expanded value of parameter with the shortest matching pattern (the ‘#’ case) or the longest matching pattern (the ‘##’ case) deleted. If parameter is ‘@’ or ‘*’, the pattern removal operation is applied to each positional parameter in turn, and the expansion is the resultant list. If parameter is an array variable subscripted with ‘@’ or ‘*’, the pattern removal operation is applied to each member of the array in turn, and the expansion is the resultant list.
echo ${my_god#God};

#The word is expanded to produce a pattern just as in filename expansion. If the pattern matches a trailing portion of the expanded value of parameter, then the result of the expansion is the value of parameter with the shortest matching pattern (the ‘%’ case) or the longest matching pattern (the ‘%%’ case) deleted. If parameter is ‘@’ or ‘*’, the pattern removal operation is applied to each positional parameter in turn, and the expansion is the resultant list. If parameter is an array variable subscripted with ‘@’ or ‘*’, the pattern removal operation is applied to each member of the array in turn, and the expansion is the resultant list.
echo ${my_god%exists};

#The pattern is expanded to produce a pattern just as in filename expansion. Parameter is expanded and the longest match of pattern against its value is replaced with string. If pattern begins with ‘/’, all matches of pattern are replaced with string. Normally only the first match is replaced. If pattern begins with ‘#’, it must match at the beginning of the expanded value of parameter. If pattern begins with ‘%’, it must match at the end of the expanded value of parameter. If string is null, matches of pattern are deleted and the / following pattern may be omitted. If parameter is ‘@’ or ‘*’, the substitution operation is applied to each positional parameter in turn, and the expansion is the resultant list. If parameter is an array variable subscripted with ‘@’ or ‘*’, the substitution operation is applied to each member of the array in turn, and the expansion is the resultant list.
echo ${my_god/exists/does not exist};

Categories: IT Architecture, Programming, SHELL Tags:


July 5th, 2012 No comments

SIM - Systems Insight Manager(and SIM agent), port 50000 and https.

PSP - Proliant suppot package, conf files at /etc/hp-snmp-agents.conf and /etc/snmp/snmpd.conf. It talks to SIM server.

Categories: Hardware, Servers Tags:

ldap password never expires – objectClass organizationalPerson and inetOrgPerson

July 4th, 2012 No comments

Let's assume that your application software like IBM websphere was using ldap for authentication, and you don't want the user "wasadm" in a position that it's password expires someday as a result of conforming to PAM policy. To do this, you should consider using ldap objectClass organizationalPerson and inetOrgPerson(this is sub of organizationalPerson) instead of posixAccount and shadowAccount.

If you're using ldap tool JXplorer to communicate with ldap server, you'll find there're ldap Attributes such as userPassword, shadowLastChange etc when you are using objectClass posixAccount and shadowAccount for the entry. But after you removed objectClass posixAccount and shadowAccount, and add organizationalPerson and inetOrgPerson for the entry, you'll find these Attributes evaporate which implicate the password will no longer needed for this entry. After this, our goal of setting account never expire has been achived.

Here's two snapshots:


using objectClass posixAccount shadowAccount


using objectClass organizationalPerson and inetOrgPerson


  1.  Here's a resource where you can check hierarchy of ldap Attributes, objectClass and their description.
  2. For full LDAP info, I would recommend you read the following online book:
  3. Here's a good document about ldap with details on integration ldap with sendmail/squid etc. download ldap
Categories: IT Architecture Tags:

Resolved – bash /usr/bin/find Arg list too long

July 3rd, 2012 No comments

Have you ever met error like the following?

root@doxer# find /PRD/*/connectors/A01/QP*/*/logFiles/* -prune -name "*.log" -mtime +7 -type f |wc -l

bash: /usr/bin/find: Arg list too long


The cause of issue is kernel limitation for argument count which can be passed to find (as well as ls, and other utils). ARG_MAX defines

the maximum length of arguments for a new process. You can get the number of it using command:

root@doxer# getconf ARG_MAX

To quickly fix this, you can move your actions into the directory(replace * with subdir_NAME):

cd /PRD/subdir_NAME/connectors/A01/QP*/*/logFiles/;find . -prune -name "*.log" -mtime +7 -type f |wc -l



  1. you can get all configuration values with getconf -a.
  2. For more solutions about the error "bash: /usr/bin/find: Arg list too long", you can refer to
Categories: IT Architecture, Kernel, Linux, Systems Tags:

trap bash shell script explanation and example

July 2nd, 2012 No comments

If you want to give some information on standard output when the user press ctrl+c on the bash script, or you want to print something when the script completes, then you should consider using trap to implement this.

Here's an example which will print something to end user when the user print ctrl+c(SIGINT is equal to number 2):

trap "echo 'you typed ctrl+c'" 2
sleep 5
And if you want print something when the script ends, you can use the following as an example:

trap "echo 'script ends'" 0
sleep 5


apache rewrite with and without ending slash

July 1st, 2012 No comments

Due to implementing one of redirects noticed about existing a lot of duplication entries on redirect config files, only different on which is one of them is followed by ‘/’ and other not.
Apache mod_rewrite use the regular expressions, and it can be filled more accurately.

To prevent duplication entries if you asked redirect with ‘/’ and without it may be used quantifier ‘?’ which mean existing 0 or 1 character after which it followed.

You can find a bit more information about mod_rewrite and regular expressions following to link:
For example, to rewrite and to, you can just do the following:

RewriteRule ^/test/?$ [L,R=301,NC]

instead of the following:

RewriteRule ^/test$ [L,R=301,NC]
RewriteRule ^/test/$ [L,R=301,NC]

Categories: IT Architecture Tags: