Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1908498.1
Update Date:2018-05-23
Keywords:
Solution Type  Technical Instruction Sure

Solution  1908498.1 :   Configuring Limited/Full Membership of Exalogic Guest vServers on the Default IPoIB Network  

Related Items 
    

  • Oracle Exalogic Elastic Cloud Software
    •  
  • Exalogic Elastic Cloud X5-2 Hardware
    •  
  • Exalogic Elastic Cloud X6-2 Hardware
    •  
Related Categories 
    

  • PLA-Support>Eng Systems>Exalogic/OVCA>Oracle Exalogic>MW: Exalogic Core
    •  






In this Document


Goal


 Overview


 Pre-requisites


Solution


 Backup the Switch


 Setup Procedure


 Running the Procedure


 Post Procedure




Applies to:  

Oracle Exalogic Elastic Cloud Software - Version 2.0.6.0.0 and later
Exalogic Elastic Cloud X5-2 Hardware - Version X5 to X5 [Release X5]
Exalogic Elastic Cloud X6-2 Hardware - Version X6 to X6 [Release X6]
Linux x86-64

Oracle Virtual Sever (x86-64)



The procedure in this document is applicable to v2.0.6 and v2.0.4 Exalogic Guest vServers, running on EECS v2.0.6.0.0 or higher in a virtualized configuration.





Goal


Overview


When vServers are provisioned on the IPoIB default network, they are created, by default, with full membership on the network. When such vServers are created in different accounts within a vDC, due to their full membership, vServers provisioned in Account A can be reached from those provisioned in Account B. Currently, there is no support for changing the membership on the default IPoIB network during the process of vServer creation.


A set of scripts is provided with this document to enable the toggling of vServer membership on the default IPoIB network from full to limited. These scripts can be used to toggle the membership of Exalogic Guest vServers on  the default partition if the vServers have an interface defined on that partition, and also provide support to verify whether the membership changes have been made successfully.


In one execution of the script, Guest vServers belonging to a single account can be modified. To change the membership of Guest vServers belonging to other accounts, the script needs to be executed once for each account.




Note


The scripts may be used for the following operations as well:


    

  • Changing the membership from limited to full
    • 

  • Changing the membership of a subset of vServers in a given account
    • 





 


Important: Guest vServers are rebooted as part of script execution for the membership changes to take effect. It is recommended that this procedure be performed during a maintenance window.


Pre-requisites


    

  • EECS version is a supported version, as listed in the “Applies To” section
    • 

  • Guest vServers to be modified are at v2.0.4 or v2.0.6 or higher (v2.0.1 vServers are not supported)
    • 

  • Root access to the Exalogic Control vServer (or ExalogicControlOVMM vServer in environments UPGRADED to 2.0.6)
    • 



 


Solution


Backup the Switch


Backup the IB Switch configuration using ExaBR ( i.e. Exalogic Elastic Cloud Backup and Recovery Guide Using ExaBR). Refer to the section "3.3.1 Backing Up InfiniBand Switches" in that document for backing up Infiniband switches


Setup Procedure


Perform the following steps to setup the environment prior to running the scripts provided with this document.


1. Java 1.7 is installed in the Exalogic Control vServer by default. Ensure that the version of java at /usr/bin/java is 1.7+ by executing the following command:


[root@elcontrol usr]# which java
/usr/bin/java 
[root@elcontrol]# /usr/bin/java -version
java version "1.7.0_45"
OpenJDK Runtime Environment (rhel-2.4.3.1.0.1.el5_10-x86_64 u45-b15)
OpenJDK 64-Bit Server VM (build 24.45-b08, mixed mode)


2. Set the JAVA_HOME environment variable to the directory containing the java bin directory. For instance, with the java executable at /usr/bin/java, set the environment variable to /usr as shown:


[root@celcontrol ~] # export JAVA_HOME=/usr


 


3. Download dcli.zip (attached to this document). Extract its content to a directory (e.g. /usr/bin). Make sure that you run "chmod +x <file> " over all the extracted files to grant execute permission to the scripts. Also, include that folder in the PATH environment variable.


[root@elcontrol ~] # export PATH=$PATH:/usr/bin


 


4. Make sure that the IaaS API and CLI rpms (orcl-sysman-iaas-api*.rpm and orcl-sysman-iaas-cli*.rpm) are installed on the control vServer.


   Instructions on how to find and install these rpms can be found at http://docs.oracle.com/cd/E18476_01/doc.220/e25258/app_cliapi_in.htm.


   Alternatively, the RPMs can be downloaded from https://edelivery.oracle.com/ 


   Commands to check whether the rpms have been installed:


[root@elcontrol ~]# rpm -qa | grep orcl-sysman-iaas-api
orcl-sysman-iaas-api-12.1.4-2326


[root@elcontrol ~]# rpm -qa | grep orcl-sysman-iaas-cli
orcl-sysman-iaas-cli-12.1.4-2326


   Commands to install the rpms:


[root@elcontrol ~] # rpm -ivh orcl-sysman-iaas-api*.rpm


 [root@elcontrol ~] # rpm -ivh orcl-sysman-iaas-cli*.rpm


 


5. Set the IAAS_HOME environment variable as shown below:


[root@elcontrol ~] # export IAAS_HOME=/opt/oracle/iaas/cli


 


6. Mount the Exalogic Repository on the Exalogic Control vServer by running commands similar to the following:


[root@elcontrol ~]# mkdir /OVS-Repo
[root@elcontrol ~]# mount -t nfs xx.xx.xx.xx:/export/ExalogicRepo /OVS-Repo -o rw


    Configure NFS exceptions on ZFS side to allow read/write of the mount folder by the Exalogic Control vServer through the respective IP.



    To verify that read/write access to the repository mount, try to create a file under that mount.


[root@elcontrol] touch /OVS-Repo/test.txt 


 


7. Download the MembershipToggle11080830.zip file containing the scripts (attached to this document) and extract it to a directory (e.g. toggle-scripts) on the Exalogic Control vServer. Run "chmod +x *.sh" to grant execute permission to the scripts.


 


8. Set up passwordless ssh


    First, create a file (e.g. cnodes) containing the names of the compute nodes in the vDC, one compute node on each line. Then, run the following command to set up passwordless ssh of the Exalogic Control vServer with the compute nodes in the vDC.


[root@elcontrol ~] # ssh-keygen -t rsa; dcli -g cnodes -k


    Finally, for a quick sanity check of dcli functionality, verify that the uptime from all the compute nodes can be obtained in the vDC by running the following command:


[root@elcontrol ~] # dcli -g cnodes uptime


 


9. Run the akm-describe-accounts command to look up the account name and account ID of a particular account which owns the Guest vServers that need to be modified, by running the following sample command.


    Replace the https URL with the URL to the EM Ops Center Browser UI.


[root@elcontrol ~] # $IAAS_HOME/bin/akm-describe-accounts --base-url https://ec1:9443/emoc --user root   


     Sample Output:


...
ACC-8846eda9-48b5-453c-99cd-f09ce5c1ff49 CloudUser root
...   


The above command leverages the EMOC root user who has the right to manage all accounts. The sample output indicates that the account with name "CloudUser" has an account ID "ACC-8846eda9-48b5-453c-99cd-f09ce5c1ff49".


The account name is the same as that displayed for the account under vDC management in the EM Ops Center UI, which owns the Guest vServers. 


Make a note of the account name and account ID corresponding to the account which owns the Guest vServers that need to be modified.


 


10. Run the akm-create-access-key command to create an access key file by running the following sample command.


      Replace the https URL with the URL to the EM Ops Center Browser UI. For the account parameter, provide the account ID that was noted in the earlier step.


[root@elcontrol ~] #  $IAAS_HOME/bin/akm-create-access-key --base-url https://ec1:9443/emoc --user root --account ACC-8846eda9-48b5-453c-99cd-f09ce5c1ff49 --access-key-file ak-root-CloudUser.file


The above command creates a file called "ak-root-CloudUser.file". The access key file contains the private key of the specified account. The credentials in the access key file will be used by IaaS API calls in the scripts to access the account and operate on the Guest vServers owned by that account.


 


Running the Procedure


Toggling the membership of a list of Guest vServers in the IPoIB default partition from full to limited involves changing their configured partition keys from 0xffff to 0x7fff. Change directory to that containing the downloaded scripts (toggle_scripts) and perform the following steps:


1. Compose a file (e.g. vms) containing the domain names of the Guest vServers that need to be modified, one Guest vServer on each line.


The domain name of a Guest vServer can be obtained from the vServer summary in the EM Ops Center UI. The following are the contents of a sample vms file.


0004fb0000060000419eced61b85a766
 0004fb00000600009f174b5946f4b910
 0004fb0000060000daf9be92368edde7
 0004fb0000060000f10200e7bf90073f
 0004fb0000060000fb21d156360a18d1


 


2. Exalogic Guest vServers entered in the above file will be rebooted as part of the execution of the UpdateVServers.sh script. Ensure that all application processes running within those vServers are stopped before proceeding.


 


3. Execute the following command:


[root@elcontrol toggle_scripts] #./UpdateVServers.sh -n <vm_domain_file> -c <cnode_file> -url <emoc_url> -r <repo_loc> -ak <ak_file> -a <account_name> -k <Pkey_to_toggle> -t <Timeout> -log <log_file>


where:


<vm_domain_file> is the file created (e.g. vms) containing a list of vServer domain names


<cnode_file> is the file containing a list of compute nodes in the vDC


<emoc_url> is the URL to the EM Ops Center UI


<repo_loc> is the location of the Exalogic Repo (typically at /OVS/Repositories/<Repo-Name> )


<ak_file> is the access key file (created in step 9 of Setup Procedure)


<account_name> is the account name (the account name displayed for the account ID in step 8 of Setup Procedure)


<Pkey_to_toggle> is the existing partition key that needs to be changed/toggled


<Timeout> is the time out for the operation (default value is 600 seconds)


<log_file> is the name of the file containing the log messages for the operation


 


The following shows a sample command for the operation:


[root@elcontrol toggle_scripts] # ./UpdateVServers.sh -n vms -c cnodes -url https://ec1:9443/emoc -r /OVS/Repositories/0004fb0000030000bcf62ab9af1e1e53 -ak ak-root-CloudUser.file -a CloudUser -k 0xffff -t 600 -log UpdateVServers.log


The console output will indicate SUCCESS for each Guest vServer that has been successfully modified by the procedure. ERROR is displayed for the Servers that fail. In the event of failure to modify the vServers, view the contents of the log file for details of the error.


 


4. To verify that the memberships of the Guest vServers have been successfully  toggled (to limited) in the default partition execute the following command:


[root@elcontrol toggle_scripts] #./CheckVServers.sh -n <vm_domain_file> -c <cnode_file> -url <emoc_url> -r <repo_loc> -a <account_name> -k <Pkey_to_toggle> -log <log_file>


 


Note:

The CheckVServers.sh script requires that all vServers rebooted by the script to be completely up and running. Wait for all the rebooted vServers to come up before running this command.


 


A sample command is shown below:


[root@elcontrol toggle_scripts] #./CheckVServers.sh -n vms -c cnodes -url https://ec1:9443/emoc -r /OVS/Repositories/0004fb0000030000bcf62ab9af1e1e53 -a CloudUser -k 0xffff -log CheckVServers.log


The console output will indicate SUCCESS for each Guest vServer that is NOT configured with <Pkey_to_toggle> in the IPoIB default partition. ERROR is displayed in the output in the event of failure to obtain the pkey information.


 


Post Procedure


Remove the  access key file that was created as part of this procedure. 



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback