IBM RELEASE 7.3 User Manual

7.33 Mb
Loading...

HPSS

Management

Guide

High Performance Storage System

Release 7.3

November 2009 (Revision 1.0)

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

1

© Copyright (C) 1992, 2009 International Business Machines Corporation, The Regents of the University of California, Los Alamos National Security, LLC, Lawrence Livermore National Security, LLC, Sandia Corporation, and UT-Battelle.

All rights reserved.

Portions of this work were produced by Lawrence Livermore National Security, LLC, Lawrence Livermore National Laboratory (LLNL) under Contract No. DE-AC52-07NA27344 with the U.S. Department of Energy (DOE); by the University of California, Lawrence Berkeley National Laboratory (LBNL) under Contract No. DE-AC02- 05CH11231 with DOE; by Los Alamos National Security, LLC, Los Alamos National Laboratory (LANL) under Contract No. DE-AC52-06NA25396 with DOE; by Sandia Corporation, Sandia National Laboratories (SNL) under Contract No. DE-AC04-94AL85000 with DOE; and by UT-Battelle, Oak Ridge National Laboratory (ORNL) under Contract No. DE-AC05-00OR22725 with DOE. The U.S. Government has certain reserved rights under its prime contracts with the Laboratories.

DISCLAIMER

Portions of this software were sponsored by an agency of the United States Government. Neither the United States, DOE, The Regents of the University of California, Los Alamos National Security, LLC, Lawrence Livermore National Security, LLC, Sandia Corporation, UT-Battelle, nor any of their employees, makes any warranty, express or implied, or assumes any liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights.

Printed in the United States of America.

HPSS Release 7.3

November 2009 (Revision 1.0)

High Performance Storage System is a trademark of International Business Machines Corporation. IBM is a registered trademark of International Business Machines Corporation.

IBM, DB2, DB2 Universal Database, AIX, RISC/6000, pSeries, and xSeries are trademarks or registered trademarks of International Business Machines Corporation.

UNIX is a registered trademark of the Open Group.

Linux is a registered trademark of Linus Torvalds in the United States and other countries. Kerberos is a trademark of the Massachusetts Institute of Technology.

Java is a registered trademark of Sun Microsystems, Incorporated in the United States and other countries. ACSLS is a trademark of Sun Microsystems, Incorporated.

Microsoft Windows is a registered trademark of Microsoft Corporation.

NFS, Network File System, and ACSLS are trademarks of Sun Microsystems, Inc. DST is a trademark of Ampex Systems Corporation.

Other brands and product names appearing herein may be trademarks or registered trademarks of third parties.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

2

Table of Contents

 

Chapter 1. HPSS 7.1 Configuration Overview.....................................................................................

15

1.1. Introduction...................................................................................................................................

15

1.2. Starting the SSM GUI for the First Time.......................................................................................

15

1.3. HPSS Configuration Roadmap (New HPSS Sites)........................................................................

15

1.4. Initial HPSS Startup Roadmap (All Sites).....................................................................................

16

1.5. Additional Configuration Roadmap (All Sites).............................................................................

17

1.6. Verification Checklists (All Sites).................................................................................................

17

1.6.1. Configuration Checklists.........................................................................................................................

17

1.6.2. Operational Checklists.............................................................................................................................

19

1.6.3. Performance Checklist.............................................................................................................................

20

Chapter 2. Security and System Access................................................................................................

21

2.1. Security Services...........................................................................................................................

21

2.1.1. Security Services Configuration..............................................................................................................

21

2.1.2. Security Mechanisms...............................................................................................................................

22

2.1.2.1. UNIX...............................................................................................................................................

22

2.1.2.2. Kerberos 5.......................................................................................................................................

22

2.1.2.3. LDAP..............................................................................................................................................

23

2.1.2.3.1. LDAP Administrative Tasks..................................................................................................

23

2.2. HPSS Server Security ACLs..........................................................................................................

25

2.3. SSM User Security........................................................................................................................

26

2.4. Location Policy..............................................................................................................................

26

2.4.1. Configuring/Updating a Location Policy.................................................................................................

27

2.4.2. Location Policy Configuration Window..................................................................................................

27

2.4.3. Deleting a Location Policy......................................................................................................................

28

2.5. Restricting user access to HPSS. ..................................................................................................

28

2.5.1. Restricted Users Window........................................................................................................................

29

Chapter 3. Using SSM............................................................................................................................

31

3.1. The SSM System Manager............................................................................................................

31

3.1.1. Starting the SSM System Manager..........................................................................................................

31

3.1.2. Tuning the System Manager RPC Thread Pool and Request Queue Sizes.............................................

31

3.1.3. Labeling the System Manager RPC Program Number ...........................................................................

32

3.2. Quick Startup of hpssgui...............................................................................................................

33

3.3. Configuration and Startup of hpssgui and hpssadm.......................................................................

34

3.3.1. Configuring the System Manager Authentication for SSM Clients.........................................................

35

3.3.2. Creating the SSM User Accounts............................................................................................................

35

3.3.2.1. The hpssuser Utility........................................................................................................................

35

3.3.2.2. SSM User Authorization.................................................................................................................

36

3.3.2.3. User Keytabs (For Use with hpssadm Only)...................................................................................

37

3.3.2.3.1. Keytabs for Kerberos Authentication: hpss_krb5_keytab......................................................

38

3.3.2.3.2. Keytabs for UNIX Authentication: hpss_unix_keytab...........................................................

38

3.3.3. SSM Configuration File...........................................................................................................................

39

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

3

3.3.3.1. login.conf........................................................................................................................................

41

3.3.3.2. krb5.conf (For Use with Kerberos Authentication Only)................................................................

41

3.3.4. SSM Help Files (Optional)......................................................................................................................

42

3.3.5. SSM Desktop Client Packaging...............................................................................................................

42

3.3.5.1. Automatic SSM Client Packaging and Installation.........................................................................

43

3.3.5.2. Manual SSM Client Packaging and Installation..............................................................................

43

3.3.6. Using SSM Through a Firewall...............................................................................................................

44

3.3.6.1. The Firewall Problem......................................................................................................................

44

3.3.6.2. Solutions for Operating Through a Firewall..................................................................................

45

3.3.6.3. Example: Using hpssgui Through a Firewall..................................................................................

45

3.4. Multiple SSM Sessions..................................................................................................................

47

3.5. SSM Window Conventions...........................................................................................................

47

3.6. Common Window Elements..........................................................................................................

50

3.7. Help Menu Overview....................................................................................................................

52

3.8. Monitor, Operations and Configure Menus Overview...................................................................

53

3.8.1. Monitor Menu..........................................................................................................................................

53

3.8.2. Operations Menu.....................................................................................................................................

54

3.8.3. Configure Menu.......................................................................................................................................

55

3.9. SSM Specific Windows.................................................................................................................

56

3.9.1. HPSS Login.............................................................................................................................................

56

3.9.2. About HPSS.............................................................................................................................................

58

3.9.3. HPSS Health and Status...........................................................................................................................

58

3.9.3.1. SM Server Connection Status Indicator .........................................................................................

59

3.9.3.2. HPSS Status....................................................................................................................................

60

3.9.3.3. HPSS Statistics................................................................................................................................

61

3.9.3.4. Menu Tree.......................................................................................................................................

62

3.9.3.5. File Menu........................................................................................................................................

62

3.9.3.6. View Menu......................................................................................................................................

62

3.9.4. SSM Information Windows.....................................................................................................................

63

3.9.4.1. System Manager Statistics Window................................................................................................

63

3.9.4.2. User Session Information Window.................................................................................................

67

3.10. SSM List Preferences..................................................................................................................

69

Chapter 4. Global & Subsystem Configuration...................................................................................

72

4.1. Global Configuration Window......................................................................................................

72

4.2. Storage Subsystems ......................................................................................................................

74

4.2.1. Subsystems List Window.........................................................................................................................

74

4.2.2. Creating a New Storage Subsystem.........................................................................................................

76

4.2.3. Storage Subsystem Configuration Window.............................................................................................

76

4.2.3.1. Create Storage Subsystem Metadata...............................................................................................

79

4.2.3.2. Create Storage Subsystem Configuration........................................................................................

79

4.2.3.3. Create Storage Subsystem Servers..................................................................................................

80

4.2.3.4. Assign a Gatekeeper if Required.....................................................................................................

80

4.2.3.5. Assign Storage Resources to the Storage Subsystem......................................................................

80

4.2.3.6. Create Storage Subsystem Fileset and Junction..............................................................................

80

4.2.3.7. Migration and Purge Policy Overrides............................................................................................

81

4.2.3.8. Storage Class Threshold Overrides.................................................................................................

81

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

4

4.2.4. Modifying a Storage Subsystem..............................................................................................................

81

4.2.5. Deleting a Storage Subsystem..................................................................................................................

81

Chapter 5. HPSS Servers.......................................................................................................................

83

5.1. Server List.....................................................................................................................................

83

5.1. Server Configuration.....................................................................................................................

87

5.1.1. Common Server Configuration................................................................................................................

89

5.1.1.1. Basic Controls.................................................................................................................................

89

5.1.1.1. Execution Controls..........................................................................................................................

90

5.1.1.2. Interface Controls............................................................................................................................

92

5.1.1.1. Security Controls.............................................................................................................................

92

5.1.1.1. Audit Policy....................................................................................................................................

94

5.1.1.1. Log Policy.......................................................................................................................................

95

5.1.1. Core Server Specific Configuration.........................................................................................................

96

5.1.1.1. Additional Core Server Configuration............................................................................................

97

5.1.2. Gatekeeper Specific Configuration..........................................................................................................

98

5.1.3. Location Server Additional Configuration..............................................................................................

99

5.1.4. Log Client Specific Configuration.........................................................................................................

100

5.1.1. Log Daemon Specific Configuration.....................................................................................................

101

5.1.2. Migration/Purge Server (MPS) Specific Configuration........................................................................

101

5.1.3. Mover Specific Configuration...............................................................................................................

102

5.1.3.1. Mover Specific Configuration Window........................................................................................

102

5.1.3.1. Additional Mover Configuration...................................................................................................

104

5.1.3.1.1. /etc/services, /etc/inetd.conf, and /etc/xinetd.d.....................................................................

104

5.1.3.1.2. The Mover Encryption Key Files.........................................................................................

105

5.1.3.1.3. /var/hpss/etc Files Required for Remote Mover...................................................................

106

5.1.3.1.1. System Configuration Parameters on IRIX, Solaris, and Linux...........................................

106

5.1.3.1.1. Setting Up Remote Movers with mkhpss.............................................................................

108

5.1.3.1.2. Mover Configuration to Support Local File Transfer..........................................................

108

5.1.1. Physical Volume Repository (PVR) Specific Configuration.................................................................

109

5.1.1.1. Operator PVR Specific Configuration Window............................................................................

110

5.1.1.1. 3494 PVR Specific Configuration................................................................................................

111

5.1.1.1.1. 3494 PVR Specific Configuration Window.........................................................................

111

5.1.1.1.1. 3494 PVR Additional Information.......................................................................................

112

5.1.1.2. AML PVR Specific Configuration................................................................................................

113

5.1.1.2.1. AML PVR Specific Configuration Window........................................................................

113

5.1.1.2.1. AML PVR Additional Information......................................................................................

115

5.1.1.1. LTO PVR Specific Configuration.................................................................................................

116

5.1.1.1.1. LTO PVR Specific Configuration Window.........................................................................

116

5.1.1.1.1. LTO PVR Additional Information.......................................................................................

118

5.1.1.2. SCSI PVR Specific Configuration Window.................................................................................

118

5.1.1.1. STK PVR Specific Configuration Window..................................................................................

120

5.1.1.1.1. STK PVR Additional Information........................................................................................

121

5.1.1. Deleting a Server Configuration............................................................................................................

123

5.1. Monitoring Server Information....................................................................................................

125

5.1.1. Basic Server Information.......................................................................................................................

125

5.1.1. Specific Server Information...................................................................................................................

127

5.1.1.1. Core Server Information Window.................................................................................................

127

5.1.1.1. Gatekeeper Information Window.................................................................................................

130

5.1.1.1. Location Server Information Window..........................................................................................

132

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

5

5.1.1.2. Migration/Purge Server Information Window..............................................................................

133

5.1.1.3. Mover Information Window.........................................................................................................

133

5.1.1.1. Physical Volume Library (PVL) Information Window.................................................................

134

5.1.1.2. Physical Volume Repository (PVR) Information Windows.........................................................

135

5.1.1.2.1. Operator PVR Information Window....................................................................................

135

5.1.1.2.1. 3494 PVR Information Window..........................................................................................

136

5.1.1.2.1. AML PVR Information Window..........................................................................................

138

5.1.1.2.1. LTO PVR Information Window...........................................................................................

139

5.1.1.2.1. SCSI PVR Information Window..........................................................................................

141

5.1.1.2.1. STK PVR Information Window...........................................................................................

143

5.1. Real-Time Monitoring (RTM).....................................................................................................

144

5.1.1. RTM Summary List...............................................................................................................................

145

5.1.2. RTM Detail............................................................................................................................................

146

5.2. Starting HPSS..............................................................................................................................

149

5.2.1. Starting HPSS Prerequisite Software.....................................................................................................

149

5.2.2. Starting HPSS Servers...........................................................................................................................

149

5.2.2.1. Starting the Startup Daemons .......................................................................................................

149

5.2.2.2. Starting SSM.................................................................................................................................

150

5.2.2.3. Starting Other HPSS Servers........................................................................................................

150

5.2.2.4. Automatic Server Restart..............................................................................................................

151

5.1. Stopping HPSS............................................................................................................................

151

5.1.1. Shutting Down an HPSS Server............................................................................................................

151

5.1.2. Shutting Down All HPSS Servers..........................................................................................................

152

5.1.3. Halting an HPSS Server.........................................................................................................................

152

5.1.4. Shutting Down the SSM Server.............................................................................................................

152

5.1.5. Shutting Down the Startup Daemon......................................................................................................

153

5.1.6. Stopping the Prerequisite Software........................................................................................................

153

5.2. Server Repair and Reinitialization...............................................................................................

153

5.2.1. Repairing an HPSS Server.....................................................................................................................

153

5.2.2. Reinitializing a Server...........................................................................................................................

154

5.1. Forcing an SSM Connection........................................................................................................

156

Chapter 6. Storage Configuration.......................................................................................................

157

6.1. Storage Classes ...........................................................................................................................

157

6.1.1. Configured Storage Classes Window....................................................................................................

157

6.1.2. Disk Storage Class Configuration..........................................................................................................

158

6.1.3. Tape Storage Class Configuration.........................................................................................................

162

6.1.4. Storage Class Subsystem Thresholds.....................................................................................................

166

6.1.4.1. Disk Storage Subsystem-Specific Thresholds...............................................................................

166

6.1.4.2. Tape Storage Subsystem-Specific Thresholds..............................................................................

168

6.1.5. Changing a Storage Class Definition.....................................................................................................

169

6.1.6. Deleting a Storage Class Definition.......................................................................................................

170

6.2. Storage Hierarchies .....................................................................................................................

170

6.2.1. Hierarchies Window..............................................................................................................................

170

6.2.2. Storage Hierarchy Configuration Window............................................................................................

172

6.2.3. Changing a Storage Hierarchy Definition..............................................................................................

173

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

6

6.2.4. Deleting a Storage Hierarchy Definition...............................................................................................

173

6.3. Classes of Service........................................................................................................................

 

174

6.3.1. Classes of Service Window...................................................................................................................

 

174

6.3.2. Class of Service Configuration Window...............................................................................................

175

6.3.3. Changing a Class of Service Definition.................................................................................................

178

6.3.4. Deleting a Class of Service Definition...................................................................................................

179

6.3.5. Changing a File's Class of Service.........................................................................................................

 

180

6.3.6. Canceling a Class of Service Change Request.......................................................................................

180

6.4. Migration Policies.......................................................................................................................

 

180

6.4.1. Migration Policies Window...................................................................................................................

 

180

6.4.2. Migration Policy Configuration.............................................................................................................

 

182

6.4.2.1. Disk Migration Policy Configuration............................................................................................

182

6.4.2.2. Tape Migration Policy Configuration...........................................................................................

185

6.4.2.3. Changing a Migration Policy........................................................................................................

 

188

6.4.2.4. Deleting a Migration Policy..........................................................................................................

 

188

6.5. Purge Policies..............................................................................................................................

 

189

6.5.1. Purge Policies Window..........................................................................................................................

 

189

6.5.2. Purge Policy Configuration...................................................................................................................

 

190

6.5.3. Changing a Purge Policy........................................................................................................................

 

192

6.5.4. Deleting a Purge Policy.........................................................................................................................

 

193

6.6. File Families ...............................................................................................................................

 

193

6.6.1. File Family Configuration......................................................................................................................

 

194

6.6.2. Changing a File Family..........................................................................................................................

 

194

6.6.3. Deleting a File Family...........................................................................................................................

 

194

Chapter 7. Device and Drive Management ........................................................................................

196

7.1. Configure a New Device & Drive................................................................................................

 

196

7.1.1. Devices and Drives Window.................................................................................................................

 

202

7.1.2. Enable Variable Block Sizes for Tape Devices.....................................................................................

207

7.1.3. Changing a Drive's Configuration..........................................................................................................

 

207

7.1.4. Deleting a Drive's Configuration...........................................................................................................

 

208

7.2. Monitoring Devices and Drives...................................................................................................

 

209

7.2.1. Mover Device Information Window......................................................................................................

 

209

7.2.2. PVL Drive Information Window...........................................................................................................

 

214

7.3. Drive Pools..................................................................................................................................

 

218

7.3.1. Tape Drive Configuration......................................................................................................................

 

219

7.3.2. Client Application Tape Read Requests................................................................................................

219

7.3.3. Drive Pool Considerations.....................................................................................................................

 

219

7.4. Changing Device and Drive State................................................................................................

 

220

7.4.1. Unlocking a Drive..................................................................................................................................

 

220

7.4.2. Locking a Drive.....................................................................................................................................

 

220

7.4.3. Repairing the State of a Device or Drive...............................................................................................

221

7.4.4. Resetting Drive Statistics.......................................................................................................................

 

221

Chapter 8. Volume and Storage Management...................................................................................

223

HPSS Management Guide

November 2009

 

Release 7.3 (Revision 1.0)

 

7

8.1. Adding Storage Space..................................................................................................................

 

223

8.1.1. Importing Volumes into HPSS .............................................................................................................

 

223

8.1.1.1. Import Tape Volumes Window.....................................................................................................

225

8.1.1.2. Selecting Import Type for Tape Cartridges..................................................................................

229

8.1.1.3. Import Disk Volumes Window.....................................................................................................

230

8.1.1.4. Selecting Import Type for Disk Volumes.....................................................................................

234

8.1.2. Creating Storage Resources...................................................................................................................

 

234

8.1.2.1. Create Tape Resources Window...................................................................................................

235

8.1.2.2. Create Disk Resources Window....................................................................................................

237

8.2. Removing Storage Space.............................................................................................................

 

240

8.2.1. Deleting Storage Resources...................................................................................................................

 

240

8.2.1.1. Rules for Deleting Resources........................................................................................................

 

241

8.2.1.2. Delete Resources Window............................................................................................................

 

241

8.2.2. Exporting Volumes from HPSS.............................................................................................................

 

243

8.2.2.1. Rules for Exporting Volumes........................................................................................................

 

244

8.2.2.2. Export Volumes Window..............................................................................................................

 

244

8.3. Monitoring Storage Space...........................................................................................................

 

247

8.3.1. Active Storage Classes Window............................................................................................................

 

248

8.3.2. MPS Disk Storage Class Information....................................................................................................

251

8.3.3. MPS Tape Storage Class Information...................................................................................................

256

8.4. Dealing with a Space Shortage....................................................................................................

 

258

8.4.1. Forcing Migration..................................................................................................................................

 

259

8.4.2. Forcing Purge.........................................................................................................................................

 

259

8.4.3. Repacking and Reclaiming Volumes.....................................................................................................

259

8.4.3.1. Repack Virtual Volumes Window................................................................................................

260

8.4.3.2. Reclaim Virtual Volumes Window...............................................................................................

262

8.5. Volume Management...................................................................................................................

 

263

8.5.1. Lookup Cartridges & Volumes Window...............................................................................................

263

8.5.2. PVL Volume Information Window.......................................................................................................

 

264

8.5.3. PVR Cartridge Information Window.....................................................................................................

265

8.5.4. Core Server Volume and Segment Windows........................................................................................

269

8.5.4.1. Core Server Disk Volume Information Window..........................................................................

269

8.5.4.2. Core Server Tape Volume Information Window..........................................................................

273

8.5.5. Changing Core Server Volume Condition.............................................................................................

278

8.5.6. Moving PVR Cartridges to Another PVR.............................................................................................

280

8.5.6.1. Move Cartridges Window.............................................................................................................

 

280

8.6. Monitoring and Managing Volume Mounts................................................................................

283

8.6.1. PVL Job Queue Window ......................................................................................................................

 

284

8.6.2. PVL Request Information Window.......................................................................................................

 

286

8.6.3. Canceling Queued PVL Requests .........................................................................................................

 

288

8.6.4. Tape Check-In Requests Window.........................................................................................................

 

288

8.6.5. Tape Mount Requests Window..............................................................................................................

 

289

8.6.6. Administrative Tape Dismounts............................................................................................................

 

291

8.7. New Storage Technology Insertion..............................................................................................

 

291

Chapter 9. Logging and Status...........................................................................................................

 

294

HPSS Management Guide

November 2009

 

Release 7.3 (Revision 1.0)

 

8

9.1. Logging Overview.......................................................................................................................

 

294

9.2. Log Policies.................................................................................................................................

 

295

9.2.1. Creating a Log Policy............................................................................................................................

 

295

9.2.2. Logging Policies Window......................................................................................................................

 

296

9.2.2.1. Logging Policy Configuration Window.......................................................................................

297

9.2.3. Changing a Log Policy...........................................................................................................................

 

298

9.2.4. Deleting a Log Policy............................................................................................................................

 

299

9.3. Managing the Central Log...........................................................................................................

 

299

9.3.1. Configuring Central Log Options..........................................................................................................

 

299

9.3.2. Viewing the Central Log (Delogging)...................................................................................................

300

9.4. Log Files Information..................................................................................................................

 

300

9.5. Managing Local Logging.............................................................................................................

 

301

9.5.1. Configuring Local Logging Options......................................................................................................

 

302

9.5.2. Viewing the Local Log..........................................................................................................................

 

302

9.6. Managing SSM Alarms and Events ............................................................................................

 

302

9.6.1. Alarms and Events Window..................................................................................................................

 

302

9.6.2. Alarm/Event Information.......................................................................................................................

 

303

9.6.3. Diagnosing HPSS Problems with Alarms and Events...........................................................................

305

9.6.4. Controlling SSM Log Message Handling.............................................................................................

305

9.6.4.1. Controlling the System Manager Log Message Cache.................................................................

305

9.6.4.2. Controlling Log Messages Displayed by hpssgui and hpssadm....................................................

306

Chapter 10. Filesets and Junctions......................................................................................................

 

308

10.1. Filesets & Junctions List............................................................................................................

 

308

10.2. Creating an HPSS Fileset...........................................................................................................

 

310

10.2.1. Create Fileset Window.........................................................................................................................

 

310

10.3. Managing Existing Filesets........................................................................................................

 

312

10.3.1. Core Server Fileset Information Window............................................................................................

312

10.4. Deleting Filesets........................................................................................................................

 

314

10.5. Creating a Junction....................................................................................................................

 

315

10.5.1. Create Junction Window......................................................................................................................

 

315

10.6. Deleting a Junction....................................................................................................................

 

316

Chapter 11. Files, Directories and Objects by SOID.........................................................................

317

11.1. Files & Directories Window......................................................................................................

 

317

11.1.1. File/Directory Information Window....................................................................................................

318

11.2. Objects by SOID Window.........................................................................................................

 

322

Chapter 12. Tape Aggregation............................................................................................................

 

323

12.1. Overview of Tape Aggregation..................................................................................................

 

323

12.2. Tape Aggregation Performance Considerations........................................................................

323

12.3. Configuring Tape Aggregation..................................................................................................

 

323

Chapter 13. User Accounts and Accounting.......................................................................................

325

HPSS Management Guide

November 2009

 

Release 7.3 (Revision 1.0)

 

9

13.1. Managing HPSS Users...............................................................................................................

325

13.1.1. Adding HPSS Users.............................................................................................................................

325

13.1.1.1. Add All User ID Types...............................................................................................................

325

13.1.1.2. Add a UNIX User ID..................................................................................................................

326

13.1.1.3. Add a Kerberos User ID.............................................................................................................

327

13.1.1.4. Add an LDAP User ID................................................................................................................

327

13.1.1.5. Add an FTP User ID...................................................................................................................

327

13.1.1.6. Add an SSM User ID..................................................................................................................

328

13.1.2. Deleting HPSS Users...........................................................................................................................

328

13.1.3. Listing HPSS Users.............................................................................................................................

329

13.1.4. Create an SSM Client Package............................................................................................................

329

13.2. Accounting................................................................................................................................

330

13.2.1. Accounting Policy Window.................................................................................................................

330

13.2.2. Accounting Reports and Status............................................................................................................

332

13.2.2.1. Generating an Accounting Report...............................................................................................

332

13.2.2.2. Accounting Status Window.........................................................................................................

332

13.2.2.3. Interpreting the Accounting Report.............................................................................................

333

13.2.3. Accounting Procedures........................................................................................................................

335

13.2.3.1. Site Defined Accounting Configuration Files and Procedures...................................................

336

13.2.3.1.1. Site Defined Account Maps...............................................................................................

336

13.2.3.1.2. Site Defined Account Apportionment Table......................................................................

337

13.2.3.1.3. Maintaining Site Defined Accounting Files.......................................................................

337

13.2.3.2. Accounting Intervals and Charges..............................................................................................

338

Chapter 14. User Interfaces.................................................................................................................

339

14.1. Client API Configuration ..........................................................................................................

339

14.2. FTP/PFTP Daemon Configuration............................................................................................

341

14.3. HPSS VFS Interface Configuration ..........................................................................................

345

14.3.1. HPSS VFS Interface Overview............................................................................................................

345

14.3.2. Supported Linux Versions...................................................................................................................

346

14.3.3. Installation and Configuration of VFS.................................................................................................

346

14.3.3.1. Extracting from HPSS Source Tree............................................................................................

346

14.3.3.2. Compiling/Building.....................................................................................................................

347

14.3.3.3. Modifying the Kernel..................................................................................................................

347

14.3.3.4. Client API – Pre-Requisite..........................................................................................................

348

14.3.3.5. Other System Configuration Details...........................................................................................

350

14.4. Mounting VFS Filesystems.......................................................................................................

351

14.4.1. Mounting via the Command Line........................................................................................................

351

14.4.2. Mounting via the ‘/etc/fstab’ File.........................................................................................................

351

14.4.3. Mount Options.....................................................................................................................................

352

14.4.4. Un-mounting an HPSS Filesystem.......................................................................................................

354

14.4.5. Linux ‘proc’ Filesystem Statistics........................................................................................................

354

14.5. Additional VFS Notes...............................................................................................................

355

14.5.1. Building an RPM Package...................................................................................................................

355

Chapter 15. Backup and Recovery......................................................................................................

356

15.1. HPSS Metadata Backup and Recovery......................................................................................

356

15.1.1. HPSS Administrator Responsibilities for DB2....................................................................................

356

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

10

15.1.2. Overview of the DB2 Backup Process................................................................................................

357

15.1.2.1. Configuring DB2 for Online Backup..........................................................................................

358

15.1.3. Overview of the DB2 Recovery Process.............................................................................................

359

15.2. HPSS System Environmental Backup........................................................................................

359

15.2.1. HPSS Filesystem Backup....................................................................................................................

359

15.2.2. Operating System Backup....................................................................................................................

360

15.2.3. Kerberos Backup ................................................................................................................................

360

15.3. HPSS User Data Recovery.........................................................................................................

360

15.3.1. Recovering HPSS Files from Damaged HPSS Volumes.....................................................................

360

15.3.1.1. Recover Partially Damaged Disk or Tape Volume.....................................................................

362

15.3.1.1.1. With Secondary Copies......................................................................................................

362

15.3.1.1.2. Without Secondary Copies.................................................................................................

363

15.3.1.2. Cleanup Totally Damaged Disk or Tape.....................................................................................

364

15.4. DB2 Monitoring........................................................................................................................

365

15.5. DB2 Space Shortage..................................................................................................................

365

15.5.1. DMS Table Spaces..............................................................................................................................

366

15.5.2. SMS Table Spaces...............................................................................................................................

366

Chapter 16. Management Tools..........................................................................................................

368

16.1. Utility Overview........................................................................................................................

368

16.1.1. Fileset and Junction Management........................................................................................................

368

16.1.2. Tape Management...............................................................................................................................

368

16.1.3. System Info..........................................................................................................................................

368

16.1.4. System Management............................................................................................................................

369

16.1.5. User Interfaces.....................................................................................................................................

370

16.1.6. Testing/Debugging...............................................................................................................................

370

16.1.7. Unsupported Tools..............................................................................................................................

370

Appendix A. Glossary of Terms and Acronyms.................................................................................

373

Appendix B. References.......................................................................................................................

385

Appendix C. Developer Acknowledgments.........................................................................................

387

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

11

 

List of Tables

 

Table 1. SSM General Options..............................................................................................................

39

Table 2. HPSSGUI Specific Options.....................................................................................................

40

Table 3. HPSSADM Specific Options...................................................................................................

40

Table 4. Mover TCP Pathname Options.............................................................................................

103

Table 1. IRIX System Parameters.......................................................................................................

107

Table 2. Solaris System Parameters....................................................................................................

107

Table 3. Linux System Parameters......................................................................................................

108

Table 1. Auto Restart Count Values...................................................................................................

151

Table 1.

Server Reinitialization Behavior...........................................................................................

154

Table 2. Recommended Settings for Tape Devices............................................................................

201

Table 3. Tape Import Types.................................................................................................................

229

Table 4.

Disk Import Types.................................................................................................................

234

Table 5.

Banner Keywords..................................................................................................................

344

Table 5.

HPSS VFS Interface Mount Options....................................................................................

352

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

12

Preface

Who Should Read This Book

The HPSS Management Guide is intended as a resource for HPSS administrators. For those performing the initial configuration for a new HPSS system, Chapter 1 provides a configuration roadmap. For both new systems and those upgraded from a previous release, Chapter 1 provides a configuration, operational, and performance checklist which should be consulted before bringing the system into production. The remaining chapters contain the details for configuring, reconfiguring, monitoring, and managing an HPSS system.

Conventions Used in This Book

Example commands that should be typed at a command line will be proceeded by a percent sign (‘%’) and be presented in a boldface courier font:

% sample command

Any text preceded by a pound sign (‘#’) should be considered comment lines:

# This is a comment

Angle brackets (‘<>’) denote a required argument for a command:

% sample command <argument>

Square brackets (‘[]’) denote an optional argument for a command:

% sample command [optional argument]

Vertical bars (‘|’) denote different choices within an argument:

% sample command <argument1 | argument2>

A byte is an eight bit data octet. A kilobyte, KB, is 1024 bytes (210 bytes). A megabyte, MB, is 1048576 bytes (220 bytes). A gigabyte, GB, is 1073741824 bytes (230 bytes), a terabyte, TB, is 1099511627776 bytes (240 bytes), and a petabyte, PB, is 1125899906842624 bytes (250 bytes).

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

13

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

14

Chapter 1. HPSS 7.1 Configuration Overview

1.1. Introduction

This chapter defines the high-level steps necessary to configure, start, and verify correct operation of a new 7.1 HPSS system, whether that system is created from scratch or created by conversion from a 6.2 HPSS system.

To create or modify the HPSS configuration, we recommend that the administrator first be familiar with the information described in the HPSS Installation Guide, Chapter 2: HPSS Basics and Chapter 3: HPSS Planning.

Before performing the procedures described in this chapter, be certain that the appropriate system preparation steps have been performed. See the HPSS Installation Guide, Chapter 4: System Preparation for more information. For a system created from scratch, be certain that the HPSS installation and infrastructure configuration have been completed. See the HPSS Installation Guide, Chapter 5: HPSS Installation and Infrastructure Configuration for more information. To convert from a 6.2 system, see the HPSS Conversion Guide for HPSS release 7.1.

1.2. Starting the SSM GUI for the First Time

The HPSS system is ready to be configured using SSM once the HPSS software is installed on the node and the HPSS infrastructure components are configured. In order to start the SSM GUI you must first start all infrastructure components and the SSM System Manager as follows:

% /opt/hpss/bin/rc.hpss -m start

Next you will need to add an SSM Admin user. To do this you will need to invoke the hpssuser utility as follows:

% /opt/hpss/bin/hpssuser -add hpss -<unix|krb> -ssm

The above commands must be done as root!

Once the SSM Admin user has been created, you can invoke the SSM GUI as follows (for hpssgui.pl options, see the hpssgui man page):

% /opt/hpss/bin/hpssgui.pl

Note: This command may be done as an HPSS user.

When the SSM GUI is running you can begin to configure the rest of HPSS (servers, devices, etc) as described in the following sections. For more information on SSM, see Chapter 3: Using SSM on page 31.

1.3. HPSS Configuration Roadmap (New HPSS Sites)

The following steps summarize the configuration of an HPSS system when creating the 7.1system from scratch (not upgrading from a previous release). It is important that the steps be performed in the order

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

15

listed. Each step is required unless otherwise indicated. Each step is discussed in more detail in the referenced section.

1. Configure storage subsystems (Section 4.2.2: Creating a New Storage Subsystem on page 76)

Subsystems can be configured only partially at this time. The Gatekeeper, Default COS, and Allowed COS fields will be updated in a later step.

2.Configure HPSS storage policies

·Accounting Policy (Section 13.2.1: on page 330)

·Log Policies (Section 9.2: Log Policies on page 295)

·Location Policy (Section 2.4: Location Policy on page 26)

·Migration Policies (Section 6.4: Migration Policies on page 180)

·Purge Policies (Section 6.5: Purge Policies on page 189)

3.Configure HPSS storage characteristics

·Storage Classes (Section 6.1.1: Configured Storage Classes on page 157)

·Storage Hierarchies (Section 6.2: Storage Hierarchies on page 170)

·Classes of Service (Section 6.3: Classes of Service on page 174)

4.Configure HPSS servers (Section 5.1: Server Configuration on page 87)

5.Create global configuration (Section 4.1: Global Configuration Window on page 72)

6.Configure MVR devices and PVL drives (Section 7.1: Configure a New Device & Drive on page 196)

7.Configure file families, if used (Section 6.6: File Families on page 193)

8.Update storage subsystem configurations with Gatekeeper and COS information (Section 4.2.4:

Modifying a Storage Subsystem on page 81 and Section 4.2.3:Storage Subsystem Configuration Window on page 76)

9.Create the endpoint map (Section 5.1.3: Location Server Additional Configuration on page 99).

1.4.Initial HPSS Startup Roadmap (All Sites)

This section provides instructions for starting the HPSS servers and performing post-startup configuration. For sites which are converting from 6.2, only step 1 may be necessary. For sites configuring a new 7.1 system from scratch, all steps are necessary:

1.Start the HPSS servers (Section 5.2.2: Starting HPSS Servers on page 149)

2.Unlock the PVL drives (Section 7.4.2: Locking a Drive on page 220)

3.Create HPSS storage space:

A. Import volumes into HPSS (Section 8.1.1: Importing Volumes into HPSS on page 223)

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

16

B.Create storage resources (Section 8.1.2: Creating Storage Resources on page 234)

4.Create additional HPSS Users (Section 13.1.1: Adding HPSS Users on page 325)

5.Create Filesets and Junctions (Section 10.1: Filesets & Junctions List on page 308 and Section 10.5: Creating a Junction on page 315)

6.Create HPSS /log Directory

If log archiving is enabled, using an HPSS namespace tool such as scrub or ftp, create the /log directory in HPSS. This directory must be owned by hpsslog and have permissions rwxr-xr-x.

The /log directory can be created by the root user using ftp as follows:

% ftp <node> <HPSS Port> # login as root user ftp> mkdir /log

ftp> quote site chown hpsslog /log ftp> quote site chmod 755 /log

1.5. Additional Configuration Roadmap (All Sites)

This section provides a high level roadmap for additional HPSS configuration.

1.Configure HPSS User Interfaces (Chapter 14: User Interfaces on page 339)

2.Set up Backup for DB2 and Other Infrastructure (Chapter 15: Backup and Recovery on page 356)

3.Set up High Availability, if desired (HPSS Installation Guide, Chapter 3: HPSS Planning)

4.Optionally configure support for both authentication mechanisms (HPSS Installation Guide, Section 5.9: Supporting Both Unix and Kerberos Authentication for SSM)

1.6.Verification Checklists (All Sites)

This section provides a number of checklists regarding configuration, operational and performance issues.

1.6.1. Configuration Checklists

After HPSS is running, the administrator should use the following checklists to verify that HPSS was configured or converted correctly:

Global Configuration

Verify that a Default Class of Service has been selected.

Verify that a Root Core Server has been selected.

Storage Subsystem Configuration

Verify that a Default Class of Service has been selected if desired.

Verify that a Gatekeeper has been selected if gatekeeping or account validation is required.

Verify that the COS Name list has been filled in correctly.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

17

Verify that a Core Server and Migration Purge Server have been configured for each storage subsystem.

Verify that each storage subsystem is accessible by using lsjunctions and ensuring that there is at least one junction to the Root fileset of each subsystem. (The root fileset for a given subsystem can be found in the specific configuration for the subsystem’s Core Server)

Servers

Verify that all required HPSS servers are configured and running.

Verify that all servers are configured with the intended level of logging, whether using their server specific policies or the default policy. Also, verify that all Core Server and Mover log policies have the DEBUG flag turned on to aid in the diagnostics of any future problems.

Devices and Drives

Verify that all devices/drives are configured and each is assigned to an appropriate PVR/Mover.

For tape devices, verify that the “Locate Support” option is enabled if supported.

For tape devices, verify that the NO-DELAY” option is enabled if supported by the device.

For disk devices, verify that the “Bytes on Device” and “Starting Offset” values are correct.

Verify that all configured drives are unlocked.

Storage Classes

Verify that all storage classes are defined and each has sufficient free storage space.

Verify that each storage class that will be migrated and purged is configured with the appropriate migration and purge policy.

Verify that no storage class at the lowest level in a hierarchy is configured with a migration or purge policy.

To support repack and recover of tape volumes, verify that the stripe width of each tape storage class is less than half of the number of available drives of the appropriate drive type.

Storage Hierarchies

Verify that all storage hierarchies are defined.

Classes of Service (COS)

Verify that all classes of service are defined.

Verify that each COS is associated with the appropriate storage hierarchy.

Verify that the COS is configured to use the characteristics of the hierarchy and the underlying storage classes. In addition, verify that the classes of service have the correct Minimum File Size and Maximum File Size values. If these sizes overlap, the file placement may be indeterminate when the user creates a file using the size hints. For classes of services which are not to be used as part of standard file placement, set their Force Selection flag to ON so that they will only be

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

18

chosen if specified by their COS ID.

Verify that classes of service with multiple copies have the Retry Stage Failures from Secondary Copy flag enabled.

File Families, Filesets, and Junctions

Verify that file families and filesets are created according to the site’s requirements.

Verify that each fileset is associated with the appropriate file family and/or COS.

Verify that each fileset has an associated junction.

User Interfaces

Verify that the desired HPSS user interfaces (FTP, PFTP, Client API, etc.) are configured (Chapter 14 : User Interfaces on page 339).

1.6.2. Operational Checklists

The administrator should follow these checklists to ensure that HPSS is operating properly.

Configured user interfaces

Create files of various sizes on each defined COS.

Verify that the files are created in the expected storage class with acceptable transfer rates.

If necessary, redefine the associated storage class definition to enhance the throughput performance.

The characteristics fields (Transfer Rate, Latency, etc.) in the storage class and class of service definition should be updated to reflect actual performance results.

After the files are created on the correct storage class, verify that the files are created with correct file ownerships and permissions.

Verify that other file operations (delete, chmod, copy, etc.) work.

If accounting is configured, verify that the files are created with the correct accounting indices.

If file families, filesets and junctions are configured, verify that they work as intended.

Devices and Drives

Ensure that each drive mounts, reads, and writes.

Storage Management

Verify that migration and purge operations work as intended.

Start Migration and Purge operations manually to verify that files are migrated and purged correctly.

Verify that files can be accessed after being migrated/purged.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

19

Monitor free space from the top level storage class in each hierarchy to verify that the migration and purge policy are maintaining adequate free space.

1.6.3. Performance Checklist

Measure data transfer rates in each COS for:

Client writes to disk

Migration from disk to tape

Staging from tape to disk

Client reads from disk

Transfer rates should be close to the speed of the underlying hardware. The actual hardware speeds can be obtained from their specifications and by testing directly from the operating system (e.g., using dd to read and write to each device). Keep in mind that transfer performance can be limited by factors external to HPSS. For example, HPSS file read performance may be limited by the performance of the UNIX file system writing the file rather than limits inside HPSS.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

20

Chapter 2. Security and System Access

2.1. Security Services

As of release 6.2, HPSS no longer uses DCE security services. The new approach to security divides services into two APIs, known as mechanisms, each of which has multiple implementations. Configuration files control which implementation of each mechanism is used in the security realm (analogous to a DCE cell) for an HPSS system. Security mechanisms are implemented in shared object libraries and are described to HPSS by a configuration file. HPSS programs that need to use the mechanism dynamically link the library to the program when the program starts.

The first type of mechanism is the authentication mechanism. This API is used to acquire credentials and to verify the credentials of clients. Authentication verifies that a client really is who he claims to be.

The second type of mechanism is the authorization mechanism. Once a client's identity has been verified, this API is used to obtain the authorization details associated with the client such as uid, gid, group membership, etc., that are used to determine the privileges accorded to the client and the resources to which it has access.

2.1.1. Security Services Configuration

Ordinarily, the configuration files that control HPSS's access to security services are set up either by the installation tool, mkhpss, or by the metadata conversion tools. This section is provided purely for reference. Each of the files below is stored by default in /var/hpss/etc.

auth.conf, authz.conf

These files define which shared libraries provide implementations of the authentication and authorization mechanisms, respectively. They are plain text files that have the same format. Each line is either a comment beginning with # or consists of two fields separated by whitespace: the path to a shared library and the name of the function used to initialize the security interface.

site.conf

This file defines security realm options. This is a plain text file in which each line is a comment beginning with # or is made up of the following fields, separated by whitespace:

<siteName> <realmName> <realmID> <authzMech> <authzURL>

·<siteName> - the name of the local security site. This is usually just the realm name in lowercase.

·<realmName> - the name of the local security realm. If using Kerberos authentication, this is the name of the Kerberos realm. For UNIX authentication, it can be any non-empty string. By convention, it is usually the fully qualified hostname.

·<realmID> - the numeric identifier of the local security realm. If using Kerberos authentication and this is a preexisting site going through conversion, this value is the same as the DCE cross cell ID which is a unique number assigned to each site. A new site setting up a new HPSS system will need to contact an HPSS support representative to obtain a unique value.

·<authzMech> - the name of the authorization mechanism to be used by this HPSS system.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

21

This can be "unix" or "ldap".

·<authzURL> - a string used by the authorization mechanism to locate the security data for this realm. This should be "unix" for UNIX authorization, and for LDAP it should be an LDAP URL used to locate the entry for the security realm in an LDAP directory.

2.1.2.Security Mechanisms

HPSS 7.1 supports UNIX and Kerberos mechanisms for authentication. It supports LDAP and UNIX mechanisms for authorization.

2.1.2.1. UNIX

UNIX-based mechanisms are provided both for authentication and authorization. These can draw either from the actual UNIX user and group information on the current host or from a separately maintained set of files used only by HPSS. This behavior is controlled by the setting of the variable HPSS_UNIX_USE_SYSTEM_COMMANDS in /var/hpss/etc/env.conf. If this variable is set to any nonempty value other than FALSE, the actual UNIX user and group data will be used. Otherwise, local files created and maintained by the following HPSS utilities will be used. Consult the man pages for each utility for details of its use.

hpss_unix_keytab - used to define "keytab" files that can be used to acquire credentials recognized by the UNIX authentication mechanism.

hpss_unix_user - used to manage users in the HPSS password file (/var/hpss/etc/passwd).

hpss_unix_group - used to manage users in the HPSS groups file (/var/hpss/etc/group).

hpss_unix_passwd - used to change passwords of users in the HPSS password file.

hpss_unix_keygen - used to create a key file containing a hexadecimal key. The key is used during UNIX authentication to encrypt keytab passwords. The encryption provides an extra layer of protection against forged passwords.

Keep in mind that the user and group databases must be kept synchronized across all nodes in an HPSS system. If using the actual UNIX information, this can be accomplished using a service such as NIS. If using the HPSS local files, these must manually be kept in synchronization across HPSS nodes.

2.1.2.2. Kerberos 5

The capability to use MIT Kerberos authentication is provided in HPSS 7.1, however, IBM Service Agreements for HPSS do not provide support for problem isolation nor fixing defects (Level 2 and Level 3 support) in MIT Kerberos. Kerberos maintenance/support must be siteprovided.

Kerberos 5 is an option for the authentication mechanism. When this option is used, the local realm name is taken to be the name of a Kerberos realm. The Kerberos security services are used to obtain and verify credentials.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

22

2.1.2.3. LDAP

LDAP authorization is not supported by IBM Service Agreements. The following information is provided for sites planning to use LDAP authorization with HPSS 7.1 as a site supported feature.

An option for the authorization mechanism is to store HPSS security information in an LDAP directory. LDAP (Lightweight Directory Access Protocol) is a standard for providing directory services over a TCP/IP network. A server supporting the LDAP protocol provides a hierarchical view of a centralized repository of data and provides clients with sophisticated search options. The LDAP software supported by the HPSS LDAP authorization mechanism is IBM Tivoli Directory Server (Kerberos plug-in available for AIX only) and OpenLDAP (Kerberos plug-in available for AIX and Linux). One advantage of using the LDAP mechanism over the UNIX mechanism is that LDAP provides a central repository of information that is used by all HPSS nodes; it doesn't have to be manually kept in sync.

The rest of this section deals with how to accomplish various administrative tasks if the LDAP authorization mechanism is used.

2.1.2.3.1. LDAP Administrative Tasks

Working with Principals

Creating a principal

A principal is an entity with credentials, like a user or a server. The most straightforward way to create a new principal is to use the -add and -ldap options of the hpssuser utility. The utility will prompt for any needed information and will drive the hpss_ldap_admin utility to create a new principal entry in the LDAP server. To create a new principal directly with the hpss_ldap_admin utility, use the following command at the prompt:

princ create -uid <uid> -name <name> -gid <gid> -home <home> -shell <shell> [-uuid <uuid>]

If no UUID is supplied, one will be generated.

Deleting a principal

Likewise, use the -del and -ldap options of the hpssuser utility to delete the named principal from the LDAP server. To delete a named principal directly with the hpss_ldap_admin utility, use the following command at the prompt:

princ delete [-uid <uid>] [-name <name>] [-gid <gid>] [-uuid <uuid>]

You may supply any of the arguments listed. This command will delete any principal entries in the LDAP information that have the indicated attributes.

Working with Groups

Creating a group

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

23

To create a new group, use the following command at the hpss_ldap_admin prompt: group create -gid <gid> -name <name> [-uuid <uuid>]

If no UUID is supplied, one will be generated.

Deleting a group

To delete a group, use the following command at the hpss_ldap_admin prompt: group delete [-gid <gid>] [-name <name>] [-uuid <uuid>]

You may supply any of the arguments listed. This command will delete any group entries in the LDAP information that have the indicated attributes.

Adding a member to a group

To add a principal to a group, use the following command at the hpss_ldap_admin prompt: group add <principal> [-gid <gid>] [-name <name>] [-uuid <uuid>]

You may supply any of the arguments listed to select the group to which the named principal will be added.

Removing a member from a group

To remove a principal from a group, use the following command at the hpss_ldap_admin prompt:

group remove <principal> [-gid <gid>] [-name <name>] [-uuid <uuid>]

You may supply any of the arguments listed to select the group from which the named principal will be removed.

Working with Trusted Foreign Realms

Creating a trusted foreign realm

To add an entry for a trusted foreign realm, use the following hpss_ldap_admin command:

trealm create -id <realmID> -mech <mechanism> -name <realmName> -url <url>

The arguments are as follows

·-id - the numeric realm ID for the foreign realm

·-mech - a string identifying the authorization mechanism in use at the foreign realm, such as "unix" or "ldap"

·-name - the name of the foreign realm, e.g. "SOMEREALM.SOMEDOMAIN.COM"

·-url - the URL of the security mechanism of the foreign realm. This only matters if the foreign realm is using LDAP as its authorization mechanism. If so, this must be the LDAP URL of the main entry for the security realm in the foreign LDAP server. This should be

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

24

obtained from the foreign site's administrator. An example would be: "ldap://theirldapserver.foreign.com/cn=FOREIGNREALM.FOREIGN.COM"

Deleting a trusted foreign realm

To delete an entry for a trusted foreign realm, use the following hpss_ldap_admin command: trealm delete [-id <realmID>] [-name <realmName>]

Any of the arguments listed can be supplied to select the trusted realm entry that will be deleted.

2.2. HPSS Server Security ACLs

Beginning with release 6.2, HPSS uses a table of access control information stored in the DB2 configuration database to control access to HPSS servers. This is the AUTHZACL table. HPSS software uses the configured authentication mechanism (e.g. Kerberos) to determine a caller's identity via credentials provided by the caller, then uses the configured authorization mechanism to retrieve the details of the caller that determine the access granted. Once the identity and authorization information have been obtained, each HPSS server grants or denies the caller's request based on the access control list information stored in the database.

The default ACLs for each type of server are as follows: Core Server:

r—-c--- user ${HPSS_PRINCIPAL_FTPD} rw—c--- user ${HPSS_PRINCIPAL_DMG} rw-c-dt user ${HPSS_PRINCIPAL_MPS} r--c--- user ${HPSS_PRINCIPAL_NFSD} rw-c-d- user ${HPSS_PRINCIPAL_SSM} r--c--- user ${HPSS_PRINCIPAL_FS}

------t any_other

Gatekeeper:

rw----- user ${HPSS_PRINCIPAL_CORE} rw-c--- user ${HPSS_PRINCIPAL_SSM} r-----t any_other

Location Server:

r--c--t user ${HPSS_PRINCIPAL_SSM} r-----t any_other

Mover:

rw-c--t user ${HPSS_PRINCIPAL_SSM} r-----t any_other

PVL:

rw---dt user ${HPSS_PRINCIPAL_CORE}

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

25

rw---dt user ${HPSS_PRINCIPAL_PVR} rw-c-dt user ${HPSS_PRINCIPAL_SSM}

------t any_other

PVR:

rw---dt user ${HPSS_PRINCIPAL_PVL} rw-c--t user ${HPSS_PRINCIPAL_SSM}

------t any_other

SSM:

rwxcidt user ${HPSS_PRINCIPAL_ADM_USER}

------t any_other

All other types:

rw-c-dt user ${HPSS_PRINCIPAL_SSM}

------t any_other

In most cases, the ACLs created by default for new servers should be adequate. In normal operation, the only ACL that has to be altered is the one for the SSM client interface. This is handled automatically by the -ssm option of the hpssuser utility. If, for some reason, an ACL should need to be modified in some other way, the hpss_server_acl utility can be used. See the hpss_server_acl man page for more information.

2.3. SSM User Security

SSM supports two types of users, administrators and operators:

admin. This security level is normally assigned to an HPSS administrator. Administrators may open all SSM windows and perform all control functions provided by SSM.

operator. This security level is normally assigned to an HPSS operator. Operators may open most SSM windows and can perform all SSM control functions except for HPSS configuration.

Security is applied both at the window level and the field level. A user must have permission to open a window to do anything with it at all. If the user does succeed in opening a window, all items on that window may be viewed. Field level security then determines whether the user can modify fields, push buttons, or otherwise modify the window.

The security level of an SSM user is determined by his entry in the access control information table in the HPSS configuration database. The initial security level for a user is assigned when the SSM user is created by hpssuser. Security levels may be viewed and modified with the hpss_server_acl utility. See also Section 3.3.2.2: SSM User Authorization on page 36.

2.4. Location Policy

All Location servers in an HPSS installation share a Location Policy. The Location Policy is used by the Location Servers to determine how and how often information should be updated. In general, most of the default values for the policy can be used without change.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

26

2.4.1. Configuring/Updating a Location Policy

The Location Policy can be created and updated using the Location Policy window. If the Location Policy does not exist, the fields will be displayed with default values for a new policy. Otherwise, the configured policy will be displayed.

Once a Location Policy is created or updated, it will not be in effect until all local Location Servers are restarted or reinitialized. The Reinitialize button on the Servers window can be used to reinitialize a running Location Server.

2.4.2. Location Policy Configuration Window

This window allows you to manage the location policy, which is used by HPSS Location Servers. Only one location policy is permitted per HPSS installation.

Once a location policy is created or updated, it will not take effect until all local Location Servers are started or reinitialized. The Reinitialize button on the Servers list window (Section 5.1: Server List on

page 83) can be used to reinitialize a running Location Server.

Field Descriptions

Location Map Update Interval. Interval in seconds that the Location Server rereads the location map.

Advice - If this value is set too low, a load will be put on the database while reading configuration metadata. If set too high, new servers will not be registered in a timely manner. Set this value higher if timeouts are occurring during Location Server communications.

If you have multiple Location Servers, you should consider increasing the update interval since each Location Server obtains information independently and will increase the overall system load.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

27

Maximum Request Threads. The maximum number of concurrent client requests allowed.

Advice - If the Location Server is reporting heavy loads, increase this number. If this number is above 300, consider replicating the Location Server on a different machine. Note if this value is changed, the general configuration thread value (Thread Pool Size) should be adjusted so that its value is always larger than the Maximum Request Threads. See Section 5.1.1.2: Interface Controls on page 92.

Maximum Request Threads should not normally exceed (Maximum Location Map Threads + 400). This is not enforced. If you need more threads than this to handle the load, consider configuring an additional Location Server.

Maximum Location Map Threads. The maximum number of threads allocated to contact other Location Servers concurrently.

Advice - The actual number of Location Map threads used is Maximum Location Map Threads or the number of other HPSS installations to contact, whichever is smaller. This value does not need to be changed unless the system is experiencing timeout problems contacting other Location Servers.

Location Map Timeout. The maximum amount of time in seconds to wait for a Location Server to return a location map.

Advice - This value should be changed only if the system is experiencing very long delays while contacting another Location Server.

Local HPSS Site Identification:

HPSS ID. The UUID for this HPSS installation.

Local Site Name. The descriptive name of the HPSS installation.

Advice - Pick a name to uniquely describe the HPSS system.

Local Realm Name. The name where the realm containing Location Server path information should be stored.

Advice - All clients will need to know this group name since it is used by them when initializing to contact the Location Server. If the default is not used, ensure that the associated environment variable for this field is changed accordingly for all HPSS interfaces.

2.4.3. Deleting a Location Policy

The Location Policy can be deleted using the Location Policy window. Since only one Location Policy may be defined in a system, and it must exist for the system to run, it is better to simply update the policy rather than delete and recreate it. See Section 2.4.2: Location Policy Configuration Window on page 27 for more details.

2.5. Restricting user access to HPSS.

System administrators may deny access to HPSS to specific users by including that user in a configuration file that is read by the HPSS Core Server. This file is read by the Core Server at start up time and also read again when the SSM Administrator presses the Reload List button on the Restricted Users window or whenever the Core Server receives a REINIT request. Any user in this file is denied the usage of the HPSS system completely. To set up this file, you must do the following:

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

28

1.Add the HPSS_RESTRICTED_USER_FILE environment variable to /var/hpss/etc/env.conf. Set the value of this variable to the name of the file that will contain the list of restricted users.

For example: HPSS_RESTRICTED_USER_FILE=/var/hpss/etc/restricted_users

2.Edit the file and add the name of the user to the file. The name should be in the form: name@realm

The realm is not required if the user is local to the HPSS realm. For example: dsmith@lanl.gov

3.You may put comment lines in the file by beginning the line with a “#”.

4.In order for the file to become effective, restart the Core Server, press the Reload List button on the Restricted Users SSM window or REINIT the Core Server.

NOTE: The file should be configured on the system where the root Core Server is running; this is the Core Server associated with the Root Name Server. Additionally, if running with multiple storage subsystems on different machines, be sure to configure the HPSS_RESTRICTED_USER_FILE on each machine where a Core Server runs.

2.5.1. Restricted Users Window

This window lists all the root Core Server users restricted from HPSS access. To open the window, from the HPSS Health and Status window select the Configure menu, and from there select the Restricted Users menu item.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

29

Field Descriptions

Restricted Users list

This is the main portion of the window which displays various information about each restricted user. User Name. The name of the user that is restricted from HPSS access.

Realm Name. The name of the HPSS realm that encompasses the restricted user. User ID. The identifier number of the restricted user.

Realm ID. The identifier number which identifies the realm which encompasses the restricted user.

Buttons

Reload List. Issues a request to each Core Server to re-read the restricted user configuration file.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

30

Chapter 3. Using SSM

3.1. The SSM System Manager

3.1.1. Starting the SSM System Manager

Before starting the SSM System Manager (SM), review the SM key environment variables described in the HPSS Installation Guide, Section 3.7.10: Storage System Management. If the default values are not desired, override them using the hpss_set_env utility. See the hpss_set_env man page for more information.

To start the SM, invoke the rc.hpss script as follows:

%su -

%/opt/hpss/bin/rc.hpss -m start

3.1.2. Tuning the System Manager RPC Thread Pool and Request Queue Sizes

Tuning the System Manager RPC Thread Pool and Request Queue sizes can improve the performance of both the System Manager and its clients (hpssgui and hpssadm). It is not necessary, however, to do the tuning when bringing up SSM for the first time. In fact, it can be helpful to postpone the tuning until after the site has a chance to learn its own SSM usage patterns.

The System Manager client interface RPC thread pool size is defined in the Thread Pool Size field on the Interface Controls tab of the System Manager's Core Server Configuration window (Section 5.1.1.2: Interface Controls on page 92). This is the maximum number of RPCs that can be active at any one time for the client interface (i.e. all the hpssgui and hpssadm clients). For the server RPC interface (connections to the SSM System Manager from other HPSS servers), this value is determined by the HPSS_SM_SRV_TPOOL_SIZE environment variable.

The System Manager client interface RPC request queue size is defined in the Request Queue Size field on the Interface Controls tab of the System Manager's Core Server Configuration window (Section 5.1.1.2: Interface Controls on page 92). This is the maximum number of RPC requests from hpssgui and hpssadm clients which can be queued and waiting to become active. For the server RPC interface this value is determined by the HPSS_SM_SRV_QUEUE_SIZE environment variable.

Ideally, if the site runs many clients, the client interface RPC thread pool size should be as large as possible; the default is 100. Testing this value at 300 showed the System Manager memory size more than doubled on AIX from around 32MB to over 70MB. The larger RPC thread pool size makes the System Manager much more responsive to the many clients but also requires it to use more memory.

Experimentation shows that leaving the client interface RPC thread pool size at 100 and leaving the client interface RPC request queue size at its default (600) works pretty well for up to about 40 clients. During further experimentation, setting the client interface RPC request queue size to 1000 resulted in very little effect on memory usage; with 40 clients connected, the client interface RPC request queue used never went above about 500, but the client interface RPC thread pool was constantly filled.

Avoid allowing the client interface RPC thread pool to become full. When this happens, new RPCs will be put into the client interface RPC request queue to wait for a free thread from the thread pool. This makes the client response appear slow, because each RPC request is having to wait its turn in the queue.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

31

To help mitigate this, when the thread pool is full, the System Manager notifies all the threads in the thread pool that are waiting on list updates to return to the client as if they just timed out as normal. This could be as many as 15 threads per client that are awakened and told to return, which makes those threads free to do other work.

If the client interface RPC thread pool is still full (as it could be if, for example, there were 15 threads in the client interface RPC request queue that took over the 15 that were just released), then the System Manager sets the wait time for the new RPCs to 1 second rather than whatever the client requested. This way the RPC won't try to hang around too long.

Realize that once the System Manager gets in this mode (constantly having a full client interface RPC thread pool and having to cut short the thread wait times), the System Manager starts working hard and the CPU usage will start to increase. If you close some windows and/or some clients things should start to stabilize again.

You can see whether the System Manager client interface RPC thread pool has ever been full by looking at the Maximum Active/Queued RPCs field in the Client column of the RPC Interface Information group in the System Manager Statistics window (Section 3.9.4.1: System Manager Statistics Window on page 63). If this number is greater than or equal to the corresponding client interface's Thread Pool Size (default 100), then the thread pool was full at some time during the System Manager execution (although it may not be full currently).

To tell whether the thread pool is currently full, look at the number of Queued RPCs. If Queued RPCs is 0 then the thread pool is not full at the moment.

If Active RPCs is equal to Thread Pool Size then the thread pool for the interface is currently full. Active RPCs should never be greater than Thread Pool Size. When it reaches Thread Pool Size then the new RPCs will be queued and Queued RPCs become greater than 0.

When the thread pool gets full, the System Manager tries harder to clear them out before accepting new ones, so one hopes that if the thread pool fills up, it doesn't stay full for long.

If the site runs with low refresh rates and more than 40 clients, the recommendation is to set the client interface RPC thread pool size to 150 or 200 and the client interface RPC request queue size to 1000 in the System Manager Server Configuration window (Section 5.1.1.2: Interface Controls on page 92). Otherwise, the default values should work well.

3.1.3. Labeling the System Manager RPC Program Number

Labeling the System Manager RPC program number is not required but can be a useful debugging aid.

The SSM System Manager registers with the RPC portmapper at initialization. As part of this registration, it tells the portmapper its RPC program number. Each HPSS server configuration contains the server's RPC program number. To find the System Manager's program number, open the Servers window, select the SSM System Manager, and click the Configure button to open the SSM System Manager Configuration window. The System Manager's RPC program number is in the Program Number field on the Execution Controls tab of this window.

The rpcinfo utility with the -p option will list all registered programs, their RPC program numbers, and the port on which they are currently listening for RPCs. When diagnosing SSM problems, it can be useful to run the rpcinfo program and search for the System Manager RPC program number in the output, to see whether the System Manager has successfully initialized its rpc interface and to see which

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

32

port hpssgui and hpssadm clients must access to reach the System Manager.

This task can be made a bit easier if the System Manager RPC program number is labeled in the portmapper. To do this, add a line for the System Manager in the /etc/rpc file specifying the program number and a convenient rpc service name such as “hpss_ssm” (note that names may not contain embedded spaces). Then this service name will show up in the rpcinfo output.

The format of the /etc/rpc file differs slightly across platforms. See the platform specific man pages for the rpc file for details. The rpcinfo utility is typically found in either /usr/bin (AIX) or /usr/sbin (Linux).

3.2. Quick Startup of hpssgui

We recommend that hpssgui sessions be invoked from the user's desktop computer instead of on the HPSS server machine. hpssgui is an application designed to run in the Java environment on the user's desktop computer and to communicate with the remote SSM System Manager. If hpssgui is executed on the remote System Manager host, it must run through an X windows session and it may run very slowly in that environment. This is a limitation of Java and networks.

We recognize the value of using the remote X functionality as a quick way to get SSM running, but once your system is up, it is highly recommended that you configure local desktop SSM hpssgui clients for all HPSS administrators and operators. Local desktop hpssgui configuration is detailed in Section 3.3:

Configuration and Startup of hpssgui and hpssadm below.

Following are steps for quickly configuring and starting an SSM GUI client:

1.Use the hpssuser utility to create an SSM user with admin authority. See Section 3.3.2.1: The hpssuser Utility on page 35 and the hpssuser man page for more information.

2.On Linux systems, set the JAVA_BIN environment variable to point to the Java runtime binary directory. Set the variable in the environment override file, usually /var/hpss/etc/env.conf. It is usually set to something like /usr/java5/bin. The default setting of $JAVA_BIN is /usr/java5/bin which is the usual location of the java binary directory.

3.The mkhpss utility generates the ssm.conf SSM configuration text file when configuring the SM. See the HPSS Installation Guide, Section 5.3: Install HPSS/DB2 and Configure HPSS Infrastructure for more details. Verify the existence of the $HPSS_PATH_SSM/ssm.conf file.

4.Start the hpssgui script:

% /opt/hpss/bin/hpssgui.pl

·Note that the -m option can be used to specify the desired SSM configuration file to be used. When this option is not specified, hpssgui.pl looks for the ssm.conf configuration file in the current directory, then in the directory defined by the HPSS_PATH_SSM environment variable (usually /var/hpss/ssm). If the script doesn't find a configuration file in either directory, it will use default values to start the client.

·Note that the -d (debug) and -S (log file name) options can be used to capture all levels of hpssgui logging in a text file. Bear in mind, however, that this can generate significant amounts of log data. (See the hpssgui man page.)

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

33

·When you have decided on the hpssgui command line that is best for your installation, it will probably be useful to put the command in a shell script for the convenience of all SSM Administrators and Operators. For example, create a file called “gui” and put the following in it:

/opt/hpss/bin/hpssgui.pl \

-m /my_directory/my_ssm.conf \ -d \

-S /tmp/hpssguiSessionLog.$(whoami)

Please refer to the hpssgui man page for an extensive list of command line options. For example, some sites prefer to set the date format to a USA military format using the -D “kk:mm:ss dd-MMM-yyyy” option. Additionally, Section 3.3.3: SSM Configuration File below provides a table of variables you can set in the SSM configuration file instead of using command line options; this section also covers all the various files that the hpssgui script uses.

3.3. Configuration and Startup of hpssgui and hpssadm

This section describes in detail the procedures for configuring SSM and creating an SSM user account with the proper permissions to start up an hpssgui or hpssadm session. It also explains how to install the SSM client on the user's desktop (the recommended configuration for hpssgui) and how to deal with special situations such as firewalls.

In the discussion that follows, authentication ensures that a user is who they claim to be relative to the system. Authorization defines the user's rights and permissions within the system.

Like other components of HPSS, SSM authenticates its users by using either Kerberos or UNIX. Users of the hpssgui and hpssadm utilities are authenticated to SSM by either a Kerberos principal and a password or by a UNIX username and a password. The System Manager must be configured to use the appropriate authentication and a Kerberos principal or UNIX user account must be created for each SSM user.

Unlike other components of HPSS, SSM does not use LDAP or UNIX to authorize its users. SSM users are authenticated based on their entries in the HPSS DB2 AUTHZACL table. Through this table, SSM supports two levels of SSM client authorization:

admin

This security level is normally assigned to an HPSS administrator. The admin

 

user can view all SSM windows and perform all control functions provided by

 

SSM.

operator

This security level is normally assigned to an HPSS operator. The operator user

 

can view most SSM windows and perform all SSM control functions except for

 

changing the HPSS configuration.

Configuration of an SSM user requires that:

1.The System Manager is configured to accept the desired authentication mechanism.

2.The proper user accounts are created:

UNIX or Kerberos accounts are created for the user authentication.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

34

The proper authorization entries for the user are created in the AUTHZACL table.

3.The proper SSM configuration files are created and installed.

See Section 3.3.1: Configuring the System Manager Authentication for SSM Clients, Section 3.3.2: Creating the SSM User Accounts, and Section 3.3.3: SSM Configuration File for the procedures for these tasks.

See Section 3.3.4: SSM Help Files (Optiona on page 42, for instructions on installing the SSM help package.

See Section 3.3.5: SSM Desktop Client Packaging on page 42, for instructions for installing hpssgui or hpssadm on the user's desktop.

See Section 3.3.6: Using SSM Through a Firewall on page 44 for advice about using hpssgui or hpssadm through a network firewall.

3.3.1. Configuring the System Manager Authentication for SSM Clients

The System Manager is configured initially by mkhpss for new HPSS systems or by the conversion utilities for upgraded HPSS systems to use the proper authentication mechanism.

If it is necessary later to modify the authentication mechanism for hpssgui or hpssadm users, or to add an additional mechanism, bring up the Servers window, select the System Manager, and press the Configure button. On the System Manager Configuration window, select the Interface Controls tab. For the SSM Client Interface, make certain the checkbox for the desired Authentication Mechanism, KRB5 or UNIX, is selected. Both mechanisms may be enabled if desired.

Next, select the Security Controls tab. If Kerberos authentication is desired, make certain one of the Authentication Service Configurations is set to use a Mechanism of KRB5, an Authenticator Type of Keytab, and a valid keytab file name for Authenticator (default is /var/hpss/etc/hpss.keytab). If UNIX authentication is desired, make certain one of the Authentication Service Configurations is set to use a Mechanism of UNIX, an Authenticator Type of None, and no Authenticator.

To remove an authentication mechanism from the System Manager, so that no SSM user may be authenticated using that mechanism, reverse the above process. Unselect the mechanism to be removed from the SSM Client Interface on the Interface Controls tab. On the Security Controls tab, change the Mechanism and Authenticator Type fields of the mechanism to be removed to Not Configured, and change its Authenticator to blank.

See Section 5.1.1.2: Interface Controls on page 92, and Section 5.1.1.1: Security Controls on page 92, for more information.

3.3.2. Creating the SSM User Accounts

3.3.2.1. The hpssuser Utility

The hpssuser utility is the preferred method for creating, modifying or deleting SSM users. It creates the necessary UNIX or Kerberos accounts. It creates an entry in the AUTHZACL table for the user with the proper authorization.

The following is an example of using the hpssuser utility to provide administrative access to SSM to user 'john'. In this example, the user already has either a UNIX or Kerberos account.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

35

% /opt/hpss/bin/hpssuser -add john -ssm [ adding ssm user ]

1) admin

2) operator

Choose SSM security level

(type a number or RETURN to cancel): > 1

[ ssm user added : admin ]

After SSM users are added, removed, or modified, the System Manager will automatically discover the change when the user attempts to login. See the hpssuser man page for details.

Removing an SSM user or modifying an SSM user's security level won't take effect until that user attempts to start a new session. This means that if an SSM user is removed, any existing SSM sessions for that user will continue to work; access won't be denied until the SSM user attempts to start a new SSM session. Likewise, if the SSM user's security level is changed, any existing sessions for that user will continue to work at the old security level; the new security level access won't be recognized until the SSM user starts a new SSM session).

3.3.2.2. SSM User Authorization

SSM user authorization is set properly by the hpssuser utility with no further modification required. This section explains how the authorization levels are stored internally and how they may be viewed for debugging or modified.

The SSM admin and operator security authorization levels are defined in the AUTHZACL table in the HPSS DB2 database. Each SSM user must have an entry in this table. The permissions supported in the table are:

r – read

w – write

x – execute

c – control

i – insert

d – delete

t – test

SSM administrators must be granted all permissions: rwxcidt. SSM operators must be granted

r—c—t permissions. All other permission combinations are not recognized by the SSM server and will be treated as no permissions at all.

The AUTHZACL table may be viewed or updated with the hpss_server_acl utility. The hpssuser utility program creates and deletes SSM user entries in the AUTHZACL table using the hpss_server_acl utility. Normally, there is no need to invoke the hpss_server_acl utility directly because it is invoked by the hpssuser utility. However, it is a useful tool for examining and modifying the authorization table.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

36

Access to the hpss_server_acl program, hpssuser program, to the HPSS DB2 database, and to all HPSS utility programs should be closely guarded. If an operator had permission to run these tools, he could modify the type of authority granted to anyone by SSM. Note that access to the database by many of these tools is controlled by the permissions on the /var/hpss/etc/mm.keytab file.

Here is an example of using the hpss_server_acl utility to set up a client's permissions to be used when communicating with the SSM server. Note that the default command should be used only when creating the acl for the first time, as it removes any previous entries for that server and resets all the server's entries to the default values:

% /opt/hpss/bin/hpss_server_acl

hsa> acl -t SSM -T ssmclient

 

hsa>

show

# Note: ONLY

if creating acl for the first time

hsa>

default

hsa> add user <username> <permissions> hsa> show

hsa> quit

If the acl already exists, this command sequence gives user 'bill' operator access:

% /opt/hpss/bin/hpss_server_acl hsa> acl -t SSM -T ssmclient hsa> show

hsa> add user bill r--c--t hsa> show

hsa> quit

Removing an SSM user or modifying an SSM user's security level won't take effect until that user attempts to start a new session. This means that if an SSM user is removed, any existing SSM sessions for that user will continue to work; access won't be denied until the SSM user attempts to start a new SSM session. Likewise, if the SSM user's security level is changed, any existing sessions for that user will continue to work at the old security level; the new security level access won't be recognized until the SSM user starts a new SSM session).

3.3.2.3. User Keytabs (For Use with hpssadm Only)

A keytab is a file containing a user name and an encrypted password. The keytab file can be used by a utility program to perform authentication without human interaction or the need to store a password in plain text. Only the hpssadm utility supports access to SSM with a keytab. Each user who will run the hpssadm utility will need access to a keytab. It is recommended that one keytab file per user be created rather than one keytab containing multiple users.

Each keytab file should be readable only by the user for whom it was created. Each host from which the hpssadm utility is executed must be secure enough to ensure that the user's keytab file cannot be compromised. An illicit process which gained access to a Kerberos keytab file could gain the user's credentials anywhere in the Kerberos realm; one which gained access to a UNIX keytab file could gain the user's credentials at least on the System Manager host.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

37

Keytabs are created for the user by the hpssuser utility when the krb5keytab or unixkeytab authentication type is specified. Keytabs may also be created manually with the hpss_krb5_keytab or hpss_unix_keytab utility, as described below.

3.3.2.3.1. Keytabs for Kerberos Authentication: hpss_krb5_keytab

The hpss_krb5_keytab utility may be used to generate a keytab with Kerberos authentication in the form usable by the hpssadm program. See the hpss_krb5_keytab man page for details.

The Kerberos keytab is interpreted by the KDC of the Kerberos realm specified by the hpssadm utility (see the -k and -u options on the hpssadm man page). This must be the same Kerberos realm as that used by the System Manager. This means the hpss_krb5_keytab utility must be executed on a host in the same realm as the System Manager.

This example for a user named “joe” on host "pegasus" creates a Kerberos keytab file named “keytab.joe.pegasus”:

% /opt/hpss/bin/hpss_krb5_keytab HPSS_ROOT is not set; using /opt/hpss KRB5_INSTALL_PATH is not set; using /krb5 password:

Your keytab is stored at /tmp/keytab.joe.pegasus

Note that under AIX, hpss_krb5_keytab will not write to an NFS-mounted filesystem. That's why the utility insists on writing the keytab file in /tmp. Once the keytab is generated, it can be copied and used elsewhere, but care should be taken to keep it secure.

3.3.2.3.2. Keytabs for UNIX Authentication: hpss_unix_keytab

The hpss_unix_keytab utility may be used to generate a keytab with UNIX authentication in the form usable by the hpssadm program. See the hpss_unix_keytab man page for details.

The UNIX keytab is interpreted on the host on which the System Manager runs, not the host on which the hpssadm client utility runs. The encrypted password in the keytab must match the encrypted password in the password file on the System Manager host. Therefore, the hpss_unix_keytab utility must be executed on the host on which the System Manager runs.

The hpss_unix_keytab utility must be able to read the user's encrypted password from the password file. If system password files are being used, this means the utility must be executed as root.

This example for a user named “joe” creates a UNIX keytab file named “joe.keytab.unix”:

% /opt/hpss/bin/hpss_unix_keytab -f joe.keytab.unix add joe

This command copies the encrypted password from the password file into the keytab.

Do not use the -r option of the hpss_unix_keytab utility; this places a random password into the keytab file. Do not use the -p option to specify the password; this encrypts the password specified on the command line using a different salt than what was used in the password file, so that the result will not match.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

38

3.3.3. SSM Configuration File

The hpssgui and hpssadm scripts use the SSM configuration file, ssm.conf for configuration.

The mkhpss utility will create the SSM configuration file for the security mechanism supported by SSM. The mkhpss utility will store the generated ssm.conf at $HPSS_PATH_SSM; the default location is /var/ hpss/ssm. The configuration file will contain host and site specific variables that the hpssgui and hpssadm script will read. The variables contain information about:

SSM hostname

SSM RPC number

SSM RPC protection level

SSM security mechanism

SSM UNIX Realm

[only if using UNIX authentication]

If any of these configuration parameters are modified, the ssm.conf file must be updated and redistributed from the server machine to all of the SSM client machines.

Users can also use their SSM configuration file to manage SSM client parameters instead of using the command line options. The hpssgui and hpssadm scripts can be directed to use an alternate SSM configuration file with the -m option. The default SSM configuration file contains comments describing each of the available parameters that may be set along with any associated environment variable and command line option. The following table documents these variables and the corresponding command line options:

Table 1. SSM General Options

File Option

Command Line

Functionality

 

Option

 

 

 

 

HPSS_SSM_ALARM_RATE

-A

Alarm refresh rate

 

 

 

LOGIN_CONFIG

-C

Full path to login.conf file

 

 

 

HPSS_SSM_DATE_FORMAT

-D

Date format pattern

 

 

 

HPSS_SSM_ALARMS_GET

-G

Number of alarms requested per poll

 

 

 

HPSS_SSM_LIST_RATE

-L

How long hpssgui/hpssadm waits

 

 

between polling for lists

 

 

 

HPSS_SSM_ALARMS_DISPLAY

-N

Max number of alarms displayed by

 

 

hpssgui

HPSS_SSM_CLASSPATH

-P

Full path to hpss.jar file

 

 

 

LOG_FILE

-S

Full path for session log file

 

 

 

HPSS_SSM_WAIT_TIME

-W

How long SM waits before returning if

 

 

object is unchanged

HPSS_SSM_CNTRY_CODE

-c

Country code, internationalization

 

 

 

HPSS_SSM_DEBUG

-d

Debug flag

 

 

 

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

39

File Option

Command Line

Functionality

 

Option

 

 

 

 

HPSS_SSM_SM_HOST_NAME

-h

System manager hostname

 

 

 

HPSS_SSM_USER_PREF_PATH

-i

Path to ssm preferences

 

 

 

JAVA_BIN

-j

Path to java bin directory

 

 

 

KRB5_CONFIG

-k

Full path to krb5.conf file

 

 

 

HPSS_SSM_LANG_CODE

-l

Language code, internationalization

 

 

 

SSM_CONFIG

-m

Full path to SSM configuration file

 

 

 

HPSS_SSM_SM_PORT_NUM

-n

port number

 

 

OR

 

 

RPC number:program number

 

 

 

HPSS_SSM_CLIENT_IP

-p

Client IP address

 

 

 

HPSS_SSM_RPC_PROT_LEVEL

-r

RPC protection level

 

 

 

HPSS_SSM_SEC_MECH

-s

Security mechanism

 

 

 

HPSS_SSM_UNIX_REALM

-u

UNIX Realm

 

 

 

Table 2. HPSSGUI Specific Options

File Option

Command Line

Functionality

 

Option

 

 

 

 

HPSSGUI_LOOK_AND_FEEL

-F

Look and feel

 

 

 

HPSSGUI_MO_RATE

-M

How long hpssgui waits between polling

 

 

for managed objects

 

 

 

HPSSGUI_METAL_THEME

-T

Theme file, for look and feel

 

 

 

HPSSGUI_METAL_BG

-b

Background color

 

 

 

HPSS_SSM_HELP_FILES_PATH

-f

Path to help files

 

 

 

HPSS_SSM_HELP_URL_TYPE

-g

Help path URL type

 

 

 

Table 3. HPSSADM Specific Options

File Option

Command Line

Functionality

 

Option

 

 

 

 

HPSSADM_USER_NAME

-U

User name for hpssadm

 

 

 

HPSSADM_AUTHENTICATOR

-a

Authenticator (keytab path name)

 

 

 

HPSSADM_BATCH_MODE

-b

Batch mode flag

 

 

 

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

40

File Option

Command Line

Functionality

 

Option

 

 

 

 

HPSS_AUTHEN_TYPE

-t

Authenticator type

 

 

 

Information on tuning client polling rates for optimal performance is available in the hpssadm and hpssgui man pages.

Options are specified, in precedence order, by 1) the command line, 2) the user's environment (see the man pages for environment variable names), 3) the SSM configuration file, or 4) internal default values.

3.3.3.1. login.conf

The login.conf file is a login configuration file that specifies the security authentication required for the hpssgui and hpssadm programs. A copy of the login.conf file is included in the hpss.jar file and should require no site customization. However, a template for the file is provided in /opt/hpss/config/templates/ login.conf.template should the site need to customize the security mecahnisms.

Please see the /opt/hpss/config/templates/login.conf.template file for details.

3.3.3.2. krb5.conf (For Use with Kerberos Authentication Only)

The krb5.conf file is the Kerberos configuration file which allows the client to authenticate to the Kerberos realm. This file is only required if Kerberos authentication is used. The Kerberos installation process generates a default Kerberos configuration file in /etc/krb5.conf.

The following is an example of this file. Realm names, host names, etc. must be customized to operate properly in the user's site environment.

krb5.conf:

[logging]

default = FILE:/var/hpss/log/krb5libs.log kdc = FILE:/var/hpss/log/krb5kdc.log

admin_server = FILE:/var/hpss/log/kadmind.log

[libdefaults] ticket_lifetime = 24000 default_realm = EXAMPLE.COM

default_keytab_name = /etc/v5srvtab default_tkt_enctypes = des-cbc-crc default_tgs_enctypes = des-cbc-crc

[realms] EXAMPLE.COM = {

kdc = example.com:88 admin_server = example.com:749

}

[domain_realm]

example.com = EXAMPLE.COM

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

41

Note that having encryption types other than "des-cbc-crc" first on the "default_tkt_enctypes" and "default_tgs_enctypes" lines can cause authentication failures. Specifically, keytab files generated by the HPSS utility programs will use the first encryption type and only "des-cbc-crc" is known to work in all cases. Other encryption types are known to fail for some OSs and Java implementations. Also, when kinit is used with a keytab file, it only checks the first encryption type listed on the default lines in krb5.conf. If the keytab was generated with a different encryption type, the authentication will fail.

3.3.4. SSM Help Files (Optional)

The SSM Help Files are an HTML version of the HPSS Management Guide. Individual sections of this guide are available from the Help menus on the SSM windows.

To access help windows from the hpssgui, the Help Files must be accessible from each client machine. We recommend storing these files in a file system shared by the clients so that they don't need to be installed on every SSM client machine. By default, the hpssgui script looks for the help files in $HPSS_HELP_FILES_PATH. The default location is /var/hpss/doc and can be overridden by using the - f option.

Help files are distributed with HPSS or can be downloaded from the HPSS web site. They should be installed in the $HPSS_HELP_FILES_PATH location and/or the path specified by the -f option. Refer to the HPSS Installation Guide, Section 5.5 HPSS Documentation & Manual Page Setup for instructions on how to install the help files. See the hpssgui man page for more details.

3.3.5. SSM Desktop Client Packaging

A full installation of HPSS is not needed on machines used only for executing hpssgui or hpssadm. These machines, referred to here as "SSM client machines", only require the proper version of Java plus a subset of HPSS components.

It is strongly recommended that a desktop configuration be created and installed for each hpssgui user. The hpssgui program may run very slowly if it is executed on the System Manager machine and displayed back to the user's desktop via remote X.

There is no advantage to executing the hpssadm program on the desktop machine. It will perform just as well when executed remotely as on the desktop. In fact, it is recommended that hpssadm be executed on the System Manager machine rather than on the user's desktop since this simplifies the dissemination and protection of the user keytabs. Instructions are included here, however, for packaging the hpssadm for sites who have a need to execute it on the desktop.

If the SSM code on the System Manager machine is recompiled , or the System Manager is reconfigured, the client package will no longer work as then it is possible for the hpss.jar file to be out of sync with the System Manager code. Since each client will have its own copy of the hpss.jar file the hpss.jar file should be redistributed to each client. This can be done by redistributing the entire SSM client package or by just redistributing the hpss.jar file.

Section 3.3.5.1: Automatic SSM Client Packaging and Installation, describes how to use the hpssuser utility to package these components. Section 3.3.5.2: Manual SSM Client Packaging and Installation, describes how to select and package the components manually.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

42

3.3.5.1. Automatic SSM Client Packaging and Installation

The hpssuser utility provides a mechanism for packaging all the necessary client files required to execute the hpssgui program on the user's desktop host. Refer to the hpssuser man page for more information on generating an SSM Client Package. These files may also be copied manually; see Section 3.3.5.2: Manual SSM Client Packaging and Installation, for a list of the required files.

This example creates an SSM Client Package named “ssmclient.tar”:

%/opt/hpss/bin/hpssuser -ssmclientpkg ssmclient.tar [ packaging ssm client ]

[ creating ssmclient.tar ] hpssgui.pl

hpssgui.vbs

hpss.jar

krb5.conf

ssm.conf

[ packaged ssm client in ssmclient.tar ]

Once the SSM Client Package has been generated simply FTP the tar file over to the client node and then extract the member files to the desired location.

3.3.5.2. Manual SSM Client Packaging and Installation

This section describes the manual installation of the necessary client files required to execute the hpssgui or hpssadm program on the user's desktop host. The hpssuser utility also provides a mechanism for packaging these files automatically; see Section 3.3.5.1: Automatic SSM Client Packaging and Installation.

The desktop machine requires the proper version of Java and the following HPSS files, which should be copied from the host on which the SSM System Manager executes:

scripts: hpssgui.pl, hpssgui.vbs, hpssadm.pl, or hpssadm.vbs

hpss.jar

ssm.conf

krb5.conf

[if using Kerberos authentication]

user keytab

[if using hpssadm]

help files

[optional]

These are the default locations of these files on the SSM System Manager host, from which they may be copied:

startup scripts

/opt/hpss/bin

hpss.jar

/opt/hpss/bin

ssm.conf

/var/hpss/ssm

krb5.conf

/etc/krb5.conf

keytab file

/var/hpss/ssm/keytab.USERNAME

help files

/var/hpss/doc

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

43

These files may be installed in any location on the SSM client machines. The user must have at least read access to the files.

The SSM startup scripts hpssgui.pl, hpssgui.vbs, hpssadm.pl, and hpssadm.vbs provide the user with a command line mechanism for starting the SSM client. The hpssgui.pl script is a Perl script for starting the SSM Graphical User Interface and the hpssadm.pl script is a Perl script for starting the SSM Command Line User Interface. These scripts work on AIX, Linux, or Windows platforms so long as Perl is installed on the host. The hpssgui.vbs script is a Visual Basic script for starting the Graphical User Interface and the hpssadm.vbs script is a Visual Basic Script for starting the SSM Command Line User Interface. These scripts work only on Windows platforms.

These scripts depend on the ability to read the other files in the package. See the hpssgui and hpssadm man pages for details.

The hpss.jar file contains the hpssadm and hpssgui program files. This is stored on the server machine under $HPSS_PATH_BIN; the default location is /opt/hpss/bin. If the SSM source code on the server machine is recompiled, the hpss.jar file must be redistributed to all of the SSM client machines.

The keytab is used only by the hpssadm program. See Section 3.3.2.3: User Keytabs (For Use with hpssadm Only) on page 37, for details.

See Section 3.3.4: SSM Help Files (Optiona on page 42, for a description of the Help Files.

A writable directory is required for hpssgui or hpssadm session logs, if these are desired. The session log is an ASCII file that stores messages generated by the hpssadm or hpssgui programs. By default, the hpssgui/hpssadm scripts do not create session logs, but it is strongly encouraged that this capability be enabled by using the -S <location> option when running the script. The recommended location is /tmp on UNIX-like systems or c:\tmp on Windows systems. See the hpssgui and hpssadm man pages for more information on creating a session log. Having the session log available helps when debugging problems with the SSM client applications. It is the first thing that the SSM developers will ask for when someone is having problems with the hpssgui and/or hpssadm.

3.3.6. Using SSM Through a Firewall

3.3.6.1. The Firewall Problem

hpssgui and hpssadm require the use of several network ports which may be blocked if the client and System Manager are on opposite sides of a network firewall. Up to three ports may be affected:

hpssgui and hpssadm must be able to access the port upon which the System Manager listens for requests.

If the System Manager follows the default behavior of letting the portmapper select this port, then hpssgui and hpssadm also need access to port 111 in order to ask the portmapper where the System Manager is listening.

If Kerberos authentication is used, then hpssgui and hpssadm additionally need access to port 88 to communicate with the KDC.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

44

3.3.6.2. Solutions for Operating Through a Firewall

SSM can operate through a firewall in three different ways:

The hpssgui and hpssadm can use ports exempted by the network administrator as firewall exceptions. See the -n option described in the hpssgui and hpssadm man pages.

The hpssgui and hpssadm can contact the System Manager across a Virtual Private Network connection (VPN). See the -p and -h options described in the hpssgui and hpssadm man pages.

The hpssgui and hpssadm can contact the System Manager across an ssh tunnel. See the instructions for tunneling in the hpssgui man page.

The firewall exception is the simplest of these. However, security organizations are not always willing to grant exceptions.

The vpn option is usually simple and transparent regardless of how many ports are needed, but requires the site to support vpn. The site must also allow the vpn users access to the ports listed in Section 3.3.6.1 The Firewall Problem on page 44; not all sites do.

The ssh tunneling option has the advantage that it can be used almost anywhere at no cost. It has the disadvantage that the tunnel essentially creates its own firewall exception. Some security organizations would rather know about any applications coming through the firewall and what ports they are using rather than have users create exceptions themselves without the awareness of security personnel. A second disadvantage of tunneling is that if a particular client machine is compromised, any tunnels open on that client could also be compromised. The client machine may become a point of vulnerability and access to the other machines behind the firewall. A third disadvantage is that tunneling can be complex to set up, requiring slight or significant variations at every site.

The firewall and tunneling options both benefit from reducing the number of ports required:

The need for port 111 can be eliminated by making the System Manager listen on a fixed port. To do this, set the HPSS_SSM_SERVER_LISTEN_PORT environment variable to the desired port and restart the System Manager. Then use the -n option with the hpssgui and hpssadm startup scripts to specify this port.

The need for port 88 can be eliminated only by avoiding Kerberos and using UNIX authentication.

There is no way to eliminate the need for the port on which the System Manager listens.

3.3.6.3. Example: Using hpssgui Through a Firewall

Here is an example of how a particular site set up their hpssgui SSM client sessions using krb5 authentication outside a firewall. Many of the items are site specific so modifications will need to be made to suit each site's specific needs. Where this procedure would differ for a site using Unix authentication, the Unix instructions are also included.

At this site, vpn users were not allowed access to all the ports listed in Section 3.3.6.1 The Firewall Problem on page 44 so they had to use a combination of vpn and ssh tunneling.

Create a directory on the client machine to hold the SSM client files. It is recommended that a separate directory be created for each server hostname that the client will contact.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

45

Verify that the proper version of Java is installed. Add the Java bin directory to the user's $PATH, or use the -j switch in the hpssgui script, or set JAVA_BIN in the user's ssm.conf file. Java can be downloaded from http://www.java.com.

Obtain files from the server machine:

Obtain the preferred hpssgui script for the client system from /opt/hpss/bin on the server machine and place it in the directory created on the client machine (see Section 3.3.5: SSM Desktop Client Packaging on page 42). There are several script options. Only one version of the script is needed:

hpssgui.pl which is written in Perl and can be used on any system that has Perl installed. This is true for any major UNIX operating systems as well as MacOS. For Windows users, Perl must be installed to use this version of the script. Users can easily obtain this from the web. A good Perl distribution for Windows is available at http:/www.activestate.com.

hpssgui.vbs is a Visual Basic Script version for Windows users. This version requires no prerequisite software.

Obtain the ssm.conf file from /var/hpss/ssm on the server machine and place it in the directory where the hpssgui script resides. Alternately, specify the file to the hpssgui script with the -m option, if desired.

Obtain the hpss.jar file from /opt/hpss/bin on the server machine and place it in the directory where the hpssgui script resides. If FTP is used to copy the file, make sure the copy is done in binary mode. If the file is installed in a different directory, specify it to the hpssgui script with the -P option, or by using configuration file settings or the appropriate environment variable (see the hpssgui man page).

If Kerberos authentication is used, be sure to get the krb5.conf file that resides on the SSM server. This file should be located at /etc/krb5.conf. Place this file on the client machine in the directory where the hpssgui script resides. Alternately, specify this file to the hpssgui script with the -k option. Verify that UDP port 88 on the SSM Server machine is accessible; if not, then hpssgui will fail.

To get access to ports inside the firewall, we can use a vpn connection or one or more ssh tunnels.

Using a vpn connection will make it appear that we are inside the firewall. In this case, no tunnels are needed. If the firewall does not permit ssh connections, ssh tunnels cannot be used. Set up the vpn connection on the client machine.

If using one or more ssh tunnels is preferred, on the SSM server machine, set the HPSS_SSM_SERVER_LISTEN_PORT environment variable to a specific port (e.g. 49999). Restart the System Manager so that it will recognize this variable.

On the client machine, set up an ssh tunnel where 49999 corresponds to the HPSS_SSM_SERVER_LISTEN_PORT, the user name is joe and the SSM Server machine is "example.com".

% ssh -N -f -L 49999:localhost:49999 joe@example.com

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

46

If access through the firewall is needed for other ports (eg., the Kerberos kdc), set up a separate tunnel for each port the firewall does not allow through.

On the client machine, run the GUI:

For Kerberos authentication:

%hpssgui.pl -S hpssgui.sessionlog -k krb5.conf -n 49999 -h localhost

For UNIX authentication:

%hpssgui.pl -S hpssgui.sessionlog -s unix -u example.com -n 49999 -h localhost

The HPSS Login window should open on the client machine for the user to log in. If it doesn't, then retry the last step, running the GUI, using the -d option for debug output and the -S option to log output to a session log file. This file will provide some information about what is going wrong.

3.4. Multiple SSM Sessions

Multiple concurrent sessions of the graphical user interface and/or command line utility can be executed by the same user with no special modifications. Each session should specify a unique session log file.

3.5. SSM Window Conventions

This section lists conventions used by SSM and Java, on which SSM is based. The following list does not cover all features of all windows; it only describes the most important points.

Lists may be sorted by any column. Click on the column header of the desired column to sort the list by the items in that column. The column header will become highlighted and will display an up or down arrow to indicate the direction of the sort. Click the column header a second time to change the direction of the sort.

List tables have a field that shows the number of displayed and total items in the list in the format X/Y where X is the number of items displayed and Y is the total number of items in the list. The field is left justified under the table. The X and Y values will differ if preferences are set to filter some items out of the list.

The button panel to the right of the list can be hidden or displayed by clicking the tall, thin button between the list and button panel labeled '||'. If the button is pressed when the panel is displayed, the button panel will hide, allowing more space for the list. The button panel may be re-displayed by pressing the '||' button again.

Colors and fonts are used consistently from window to window. They may differ from platform to platform because the default Java Look and Feel settings vary between platforms.

The hpssgui script accepts the following flag parameters in order to control the graphical user interface's look and feel:

·-F "Look and Feel"

Valid values: windows, mac, motif, metal, gtk. Select the Look and Feel that is

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

47

applicable to the platform on which the graphical user interface is running. Custom Look and Feels are also available at http://www.javootoo.com

·-b "background color"

The only Look and Feel that supports color settings and themes is the metal Look and Feel. The color may be set by using the color name or hexadecimal Red/Green/Blue value. Here are some examples:

Name

Hexadecimal value

red

0xff0000

green

0x00ff00

blue

0x0000ff

cyan

0x00ffff

yellow

0xffff00

magenta

0xff00ff

·-T "theme file"

The theme setting is only applicable when used with the metal Look and Feel. There are eight color parameters that can be used to customize the look of HPSS windows: three primary colors, three secondary colors, black and white. The color settings may be stored in a theme file using the following syntax:

hpss.ssm.ssmuser.hpssgui.CustomMetalTheme.primary1=COLOR

hpss.ssm.ssmuser.hpssgui.CustomMetalTheme.primary2=COLOR

hpss.ssm.ssmuser.hpssgui.CustomMetalTheme.primary3=COLOR

hpss.ssm.ssmuser.hpssgui.CustomMetalTheme.secondary1=COLOR

hpss.ssm.ssmuser.hpssgui.CustomMetalTheme.secondary2=COLOR

hpss.ssm.ssmuser.hpssgui.CustomMetalTheme.secondary3=COLOR

hpss.ssm.ssmuser.hpssgui.CustomMetalTheme.black=COLOR

hpss.ssm.ssmuser.hpssgui.CustomMetalTheme.white=COLOR

COLOR should be specified using the color name or Red/Green/Blue hexadecimal value (see the example under the -b flag above).

If the theme file location is not specified on the command line, the default value used is ${HOME}/hpss-ssm-prefs/DefaultTheme.

Buttons may be “disabled” when the current state of the window does not allow an operation to be performed. In this state, a button is visible but its label text is grayed out and clicking it has no effect. The disabled state occurs when the operation is not supported for the selected item or the SSM user does not have sufficient authority to perform the operation

A “text” field is any field which displays alphanumeric text or numeric data. This does not

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

48

include “static” text painted on the window background or labels on things like buttons. Text fields may appear as single or multiple lines and they may be “enterable” (the displayed data can be altered) or “non-enterable” (the displayed data cannot be changed directly).

Non-enterable text fields have gray backgrounds. A particular field may be enterable under one circumstance but non-enterable under another; for example, a server configuration window's Server ID field is enterable during server creation but may not be changed when modifying a preexisting configuration record. Additionally, a field is non-enterable when the user does not have sufficient authority to modify the field.

Enterable text fields have white backgrounds. In most cases, when data in the current field is modified and the field loses focus (the cursor leaves the field), a floppy disk icon will be displayed next to the field to give a visual cue that the field has been changed and that the changes have not been saved. When all changes are made, the user can submit the modifications by pressing one of the window’s operation buttons.

Some enterable text fields are wider than they appear. As typing proceeds and the cursor reaches the right-most edge of the field, the text automatically scrolls to the left and allows further data entry until the actual size of the field has been reached. Scroll back and forth within the field using the left and right cursor keys to view the contents.

Some text fields which accept integer values can also accept numeric abbreviations such as “KB”, “MB”, “GB”, “TB”, or “XB” to specify kilobytes, megabytes, gigabytes, terabytes, or exabytes, respectively. Character case is ignored. For example, entering "1024" will yield the same results as entering "1kb". The entered value must fall with the acceptable numeric ranges for the specified field.

Some text fields which accept integer values can accept the values in decimal, octal, or hexadecimal form. For these fields, values which begin with an 'x' or '0x' will be interpreted as hexadecimal and values which begin with a zero '0' (but not '0x') will be interpreted as octal. All other values will be interpreted as decimal.

A combo box is a non-enterable text field inside a button-like box with a small arrow on the right side. Clicking on the box will pop up a list of items. Selecting a list item will replace the displayed contents of the combo box's text field. Alternately, the list can be dismissed by clicking the mouse anywhere outside of the popup list and the displayed contents will remain unchanged.

A checkbox is a field containing a box graphic followed by a label. The box may be hollow, ¨, indicating that the item is not selected. It may be filled in, ■, or contain a check mark, þ, indicating that the item is selected. Clicking on an enterable check box toggles the state of the selected item. When the state of a check box cannot be modified, it will appear gray in color.

A radio button is a field containing a circle followed by a label. The circle may be hollow, ¡,

indicating that the item is not selected or may have a solid interior, =, indicating that the item is selected. Radio buttons are displayed in groups of two or more items. Only one item within the group can be selected; selecting one button in a group will cause all other buttons in the group to become unselected. When the state of the radio buttons cannot be modified, they will appear gray in color.

An enterable field containing a cursor is said to have “input focus”. If an enterable text field has input focus, typing on the keyboard will enter characters into the field.

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

49

Select/cut/copy/paste operations can be performed on enterable text fields; on non-enterable fields, only select and copy operations can be performed.

In some cases, modifying a field value or pressing a button causes the action to be performed immediately. A confirmation window will pop up to inform the user that all changes made to the data window will be processed if the user wishes to continue. If the user selects ‘No’ on the confirmation window, the request will not be processed and any field modifications to the window will continue to be displayed. Some examples are changes to the Administrative State field, pressing the Gatekeeper's Read Site Policy button, and selecting an entry from the MPS Storage Class Information Control combo box.

3.6. Common Window Elements

Certain SSM buttons and toggle boxes have the same behavior on all SSM windows. Descriptions for these common elements are given below and are not repeated for each window:

Time Created by System Manager field - The last time the System Manager created the structure for this window.

Time Updated by System Manager field - The last time the System Manager updated the data for this window.

Time Received by Client field - The last time the SSM client received an update for this window from the System Manager.

Dismiss button - Closes the current SSM window.

Add button – The Add button is displayed on configuration windows when a new configuration record is being created. After the configuration fields are appropriately completed, click the Add button to save the data and create the new record. When the Add operation is not permitted, the Add button will not be displayed or will appear gray in color.

Update button – The Update button is displayed on configuration windows when an existing record is being modified. After the configuration's fields have been modified, click the Update button to save the modifications. When the update operation is not permitted, the Update button will not be displayed or will appear gray in color.

Delete button – The Delete button is displayed on configuration windows of existing records. Click the Delete button only when the current record is no longer needed and any dependent records have also been deleted. When the Delete operation is not permitted, the Delete button will not be displayed or will appear gray in color.

Start Over button - Resets the current values in a configuration window to the values used when the window was first opened.

Start New button - Replace the contents of the current configuration window with a new configuration of the same type as the one being viewed. The new configuration’s initial values will contain defaults.

Clone (partial) button - Replace the contents of the current window with a new configuration using some of the current configuration’s field values.

Clone (full) button - Replace the contents of the current window with a new configuration using

HPSS Management Guide

November 2009

Release 7.3 (Revision 1.0)

50

+ 338 hidden pages