3par Serial Connection Settings

[Myz Headlee]

Ratherthan logging onto your 3PAR with local user accounts you can use AD to authenticate users and determine what rights they have within the system. We will look at 2 ways of getting LDAP authentication setup, first using the 3PAR SSMC and second using the CLI. In the CLI section I will provide a script you can just modify to get AD authentication setup nice and easily for you.

The commands you are going to run will fall under three sections; configuring the connection parameters, configuring the binding (authentication) parameters and finally configuring the account location parameters. I have made the text bold to show the commands you would need to customise for your environment, the other commands will remain standard.

Below I have laid out all the commands together in an example script. As always please use at your own risk and note the first line of code clears out your current authentication configuration. The parts in bold are what you will need to change, everything else should remain the same in a standard Windows environment. Make sure your kerberos-realm matches AD (its case sensitive)

Once you have ran the script you can check the results from the CLI by typing checkpassword and then entering your AD password. The system will then return the results of if the LDAP lookup was successful.

Good post, Richard. Just a heads up, the #3 point up top has a copy/paste typo, I think. The 3parRead group is getting authorized for super-map instead of browse-map. Your script has it right, just the step is off.

I am able to configure LDAP on 3par and checkpassword is coming normal while using SSH session,but when i am trying to login SSMC with same credentials, Its throwing an error stating that- Failed to authorize user anandanwar on any configured arrays.

The HPE3PARFCDriver and HPE3PARISCSIDriver drivers, which are based onthe Block Storage service (Cinder) plug-in architecture, run volume operationsby communicating with the HPE 3PAR storage system over HTTP, HTTPS, and SSHconnections. The HTTP and HTTPS communications use python-3parclient,which is part of the Python standard library.

Volume type support for both HPE 3PAR drivers includes the ability to set thefollowing capabilities in the OpenStack Block Storage APIcinder.api.contrib.types_extra_specs volume type extra specs extensionmodule:

To work with the default filter scheduler, the key values are case sensitiveand scoped with hpe3par:. For information about how to set the key-valuepairs and associate them with a volume type, run the following command:

The qos keys above no longer require to be scoped but must be created andassociated to a volume type. For information about how to set the key-valuepairs and associate them with a volume type, run the following commands:

Given a system connected to HPE 3PAR via FC and multipath setting isNOT used in cinder.conf. When the user tries to create a bootablevolume, it fails intermittently with the following error:Fibre Channel volume device not found

This happens when a zone is created using second or later target from3PAR backend. In this case, HPE 3PAR client code picks up first targetto form initiator target map. This can be illustrated with belowexample.

Note that additional issues specific to the kernel that you are using might also be present. If you are using the default UEK R5 please see Unbreakable Enterprise Kernel: Release Notes for Unbreakable Enterprise Kernel Release 5 (4.14.35-1818). If you are using an alternate UEK release or update, please refer to the appropriate release notes for this kernel version, available at Unbreakable Enterprise Kernel documentation.

When performing a graphical installation, where some installation options are already set by using a kickstart configuration file, it is still possible to modify these settings by clicking the various fields during the installation to edit the predefined content. These types of edits during the installation process requires a user to intentionally attempt to modify the setting, effectively enabling an interactive installation, where options that are set in the kickstart configuration are not secured by any policy.

Note that this type of change is not possible when performing a text installation. During a text installation, the user can only modify fields that have not already been defined in the kickstart configuration file. (Bug ID 28642357)

When installing on an iSCSI disk, you must add either ip=ibft or rd.iscsi.ibft=1 to the boot command line and then specify at least one MBR or GPT-formatted disk as an installation target. Otherwise, the installation fails with the error message No valid boot loader target device found. (Bug ID 22076589)

If you have not applied a Thin Persistence license to an HPE 3PAR storage array, installation fails to create a file system on a thin provisioned virtual volume (TPVV). This license is required to support the low-level SCSI UNMAP command for storage reclamation. If you do not have a suitable license, the workaround is to use a fully provisioned virtual volume (FPVV) instead of a TPVV. (Bug ID 22140852)

Installation fails if the target device is an Aura7 NVMe add-in card with two block devices. Although the card has two independent NVMe controllers and devices, they are assigned identical WWIDs. The multipath device mapper maps the two block devices to the same WWID, resulting in a bogus multipath configuration that prevents installation.

To work around the issue, disable multipath at boot for the installation by using the installer boot argument nompath. After the installation, blocklist the NVMe block devices for multipath configuration on the system by editing /etc/multipath.conf, or you can disable device mapper multipath altogether. See Oracle Linux 7: Administrator's Guide for more information about configuring multipath. (Bug ID 27638939)

Upgrade from Oracle Linux 7.5 can fail if the login session open files limit is set too low and the system that is being upgraded includes many packages from many channels or repositories. The issue can be triggered if the rpm-plugin-systemd-inhibit package is installed and the session is configured for a maximum open file limit below 4096. This issue typically results in yum failing to update and error messages similar to:

You may only install one of these packages on the same system at once. To avoid the conflict, exclude the PackageKit.i686 package in your yum configuration. For more information about how to exclude packages, see Oracle Linux: Unbreakable Linux Network User's Guide for Oracle Linux 6 and Oracle Linux 7.

This error appears on systems that are running a previous version of the kmod-oracleasm package due to a downgrade. When upgrading or reinstalling, the kmod-kvdo package installs the module into the weak-updates directory. This practice differs from the previous installation approach expected by kmod-oracleasm, which can result in a NULL symbolic link that is declared as a missing file. A standard installation or upgrade is unaffected by this issue. The issue only appears if the packages are downgraded and then upgraded again. (Bug ID 28864195).

ABRT packages and associated files, such as libreport, are included in the distribution to satisfy package dependencies and can be used to generate local bug reports but the features to automatically upload these reports are not supported. For technical assistance, contact Oracle Support by using the My Oracle Support portal or by telephone.

You cannot do snapshots of KVM guests if they use UEFI. In older versions of QEMU and libvirt, the tools might allow you to create the snapshot without an error or warning, but the snapshot could be corrupted. More recent versions of these tools prevent snapshot creation with an error similar to the following:

An Oracle Linux 7 KVM guest using the LSI MegaRAID SAS ISCSI controller is limited to 7 virtual disks. Although KVM guests can have up to 8 ISCSI virtual disks, the LSI MegaRAID SAS controller uses the first slot for the ISCSI Initiator, leaving just the 7 remaining slots for virtual disks.

The workaround for this issue is to use the megasas controller instead of the lsi controller when creating ISCSI virtual disks. For example, change -device lsi to -device megasas, as shown in highlighted text in the following example:

If /boot is hosted on a btrfs subvolume, GRUB 2 is unable to correctly process the initramfs and vmlinuz pathnames. This problem occurs when you update or install a new kernel and grubby attempts to update the GRUB 2 configuration. In the case where you are running a fresh installation of Oracle Linux 7.6 and you upgrade the RHCK or UEK kernel, the following error is displayed:

The workaround for this problem is to use grub2-mkconfig to regenerate the /etc/grub2/grub.cfg file, or /etc/grub2-efi.cfg file on a UEFI booted system, immediately after the kernel has been installed or upgraded, for example:

From the listing, select the kernel entry that you want to run as the default kernel and set this entry as the default using the following command, substituting menu entry title with the title of the kernel entry that you identified in the listing:

If RemoveIPC=yes is configured for systemd, interprocess communication (IPC) is terminated for a non-system user's processes when that user logs out. This setting, which is intended for use on laptop systems, can cause software problems on server systems. For example, if the user is a database software owner such as oracle for Oracle Database, this configuration can cause a database installation to fail or database services to crash.

The creation of Oracle Linux 7 containers fails when the root file system (/container) is hosted on an NFS share. This problem occurs because the iputils package in Oracle Linux 7 releases, (Updates 4 and 5) is built to use the Linux file extended attributes [xattr(7)] security capabilities(7). Because the NFS protocol does not support these file capabilities, the iputils package might not be installed into an NFS files system. For example, when attempting to create an Oracle Linux 7.4 container, the installation fails while installing the iputils package, producing the following error:

3a8082e126