Jason Tan's questions

What I am trying to is add an NFS v4 ACL that allows a directories, child and grandchild, great grandchild etc directories and files to inherit a delete ('D') flag under linux. The underlying file system on the server is xfs and .

I'm not particularly familiar with either.

The server is Centos 6.3, the client is Centos 6.4.

By my reading of the man page the 'i' flag means set this acl on child files/dirs, but dont apply it to the current dir. I am not setting the 'i' flag on the parent ( /var/www/tauweb ), but it seems to be getting set on the any child dirs that are created.

What happens when I write the following ACEs using nfs4_getfacl on the dir /vaw/www/tauweb :

A::OWNER@:rwaDxtTcCy
A::GROUP@:rwaDxtcy
A::EVERYONE@:rxtcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:GROUP@:rxtcy
A:dg:[email protected]:rwaDxtcy
A:fdi:EVERYONE@:rxtcy

is that the system actually writes this:

[root@tau www]# nfs4_getfacl tauweb/
A::OWNER@:rwaDxtTcCy
A::GROUP@:rwaDxtcy
A:g:[email protected]:rwaDxtcy
A::EVERYONE@:rxtcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:GROUP@:rxtcy
A:fdig:[email protected]:rwaDxtcy
A:fdi:EVERYONE@:rxtcy

Note the 'i' in the second to last user tau entry. That was not set when I edited the ACEs but was present immediately - the system seems to add it.

Now reading all the docoo I can find indicates the "dg" after the first colon in the top set of ACEs should cause the ACL tobe inherited to child dirs (as I understand it the 'g' indicates that the principal is a group, not a user).

Now the "i" flag apparently means, cause this ACE to be inherited but do not consider it in actual perm checks.

Then when a child dir /var/www/tauweb/d2 is created it gets these:

[kkassahn@tau tauweb]$ nfs4_getfacl d2/
A::OWNER@:rwaDxtTcCy
A::GROUP@:rxtcy
A:g:[email protected]:rxtcy
A::EVERYONE@:rxtcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:GROUP@:rxtcy
A:fdig:[email protected]:rwaDxtcy
A:fdi:EVERYONE@:rxtcy

And the grandchild /var/www/tauweb/d2/d3 gets these:

[kkassahn@tau tauweb]$ nfs4_getfacl d2/d3/
A::OWNER@:rwaDxtTcCy
A::GROUP@:rxtcy
A:g:[email protected]:rxtcy
A::EVERYONE@:rxtcy
A:fdi:OWNER@:rwaDxtTcCy
A:fdi:GROUP@:rxtcy
A:fdig:[email protected]:rwaDxtcy
A:fdi:EVERYONE@:rxtcy

Now d2 is deletable - because it's parent /var/www/tauweb has the

A:g:[email protected]:rwaDxtcy ACE. But that ACE on does not get inherited.

Only A:g:[email protected]:rxtcy gets applied to d2 and d3, although the inherit but don't consult
A:fdig:[email protected]:rwaDxtcy gets inherited by children, grand children etc.

Any help or suggestions greatly appreciated, thanks.

Can anyone tell me what this means in ESXi 5.1?:

SATP VMW_SATP_LOCAL does not support device configuration

I've googled it and I get a lot of results, but as yet all the pages that contain the string are discussing other matters.

The storage array is a HDS HUS-VM and the hosts are HP b460c G8 blades with flex fabric and flex fabric VCs which I am in the process of commissioning and would like to get it started on the right foot - i.e. error and warning free!

naa.600508b1001c56ee3d70da65f071da23
   Device Display Name: HP Serial Attached SCSI Disk (naa.600508b1001c56ee3d70da65f071da23)
   Storage Array Type: VMW_SATP_LOCAL
   Storage Array Type Device Config: SATP VMW_SATP_LOCAL does not support device configuration.
   Path Selection Policy: VMW_PSP_FIXED
   Path Selection Policy Device Config: {preferred=vmhba0:C0:T0:L1;current=vmhba0:C0:T0:L1}
   Path Selection Policy Device Custom Config: 
   Working Paths: vmhba0:C0:T0:L1
   Is Local SAS Device: true
   Is Boot USB Device: false

This is the same LUN:

~ # esxcli storage core  device list -d naa.60060e80132757005020275700000016
naa.60060e80132757005020275700000016
   Display Name: HITACHI Fibre Channel Disk (naa.60060e80132757005020275700000016)
   Has Settable Display Name: true
   Size: 204800
   Device Type: Direct-Access 
   Multipath Plugin: NMP
   Devfs Path: /vmfs/devices/disks/naa.60060e80132757005020275700000016
   Vendor: HITACHI 
   Model: OPEN-V          
   Revision: 5001
   SCSI Level: 2
   Is Pseudo: false
   Status: degraded
   Is RDM Capable: true
   Is Local: false
   Is Removable: false
   Is SSD: false
   Is Offline: false
   Is Perennially Reserved: false
   Queue Full Sample Size: 0
   Queue Full Threshold: 0
   Thin Provisioning Status: unknown
   Attached Filters: VAAI_FILTER
   VAAI Status: supported
   Other UIDs: vml.020001000060060e801327570050202757000000164f50454e2d56
   Is Local SAS Device: false
   Is Boot USB Device: false
~ # 

As requested a description of our cabling:

HUS-VM with 16 ports CL1A CL3A CL5A CL7A CL1B CL3B CL5B CL7B CL2A CL4A CL6A CL8A CL2B CL4B CL6B CL8B.

There are two SAN fabrics, A and B. Ports with the suffix A are on SAN A, ports with the suffix B are on SANB. I.e.

The Flex Fabric module in interconnect bay 1 (left hand side as you face the rear) is patched into n FC switch on SAN A, via local ports X1,X2,X3.

The Flex Fabric module in interconnect bay 2 (right hand side as you face the rear) is patched into n FC switch on SAN B, via local ports X1,X2,X3.

The ESXi blade has two FCOE (FlexFabric) ports Port 1 is on mapped to port 2 on the FF module in interconnect bay 1 (SAN A). Port 2 is on mapped to port 2 on the FF module in interconnect bay 2 (SAN B).

There is a zone configured with port 1A and Port 1 on the blade. There is a zone configured with port 2A and Port 2 on the blade.

Can any one tell me of an ESXi line command that can be used to list the different virtual hardware components assigned to VMWare guests running on ESXi, with vcenter?

E.g. I want to find out how many of our guests are running with the e1000 network adaptor or how many have 2 sockets and 2 cores.

I'd like to do this in ESXi/vSphere not in the guest OS.

Can anyone tell me if there is a safe (i.e. data won't be corrupted) a VMFS 5 filesystem under linux, where the VMFS 5 filesystem is already mounted by several ESXi hosts in a vSphere cluster?

Thanks and regards Jason

I have an NFS problem on a Redhat Ent Linux 5 host, in that I want to mount some NFS shares on /opt/backup and /opt/stage.

There are also some other dirs and files in /opt e.g. /opt/myapp, /opt/otherapp, /opt/test, etc which we want to access while the NFS shares are mounted.

Currently the NFS shares mounted on boot from /etc/fstab and all works well.

However we want to mount /opt/backup and /opt/stage on demand via autofs/automounter instead of on boot from /etc/fstab.

I have this configured such that the NFS shares mount OK with autofs/automounter but when the automounter mount the NFS shares on the mount points I can not see the other files in /opt.

Is it possible to use the automounter to mount the NFS shares on /opt/backup and /opt/stage and still be able to access the other files in /opt, ie. /opt/myapp, /opt/otherapp, /opt/test etc?

If so how?

I have run a demo session which has been pasted it in below with some comments to try and help explain the problem.

Thanks.

Here's the demo:

# /opt has the two mount point dirs "backup" and "stage" as well as the dirs "lost+found" # "myapp" "otherapp" and the file "test"

[root@jttest6 etc]# ls /opt
backup  lost+found  myapp  otherapp  stage  test

# We list the NFS mountpoints - there are no files, the NFS shares are not # mounted (Autofsd is not running at this point)

[root@jttest6 etc]# ls /opt/backup
[root@jttest6 etc]# ls /opt/stage

# This is what is in /etc/auto.master

[root@jttest6 etc]# grep -v ^# /etc/auto.master
/misc   /etc/auto.misc

/opt            /etc/auto.opt
/net    -hosts
+auto.master

# This is what is in /etc/auto.opt

[root@jttest6 etc]# cat /etc/auto.opt
backup          -rw,soft,intr,rsize=8192,wsize=8192     nfs.icesa.catholic.edu.au:/opt/backup
stage           -

rw,soft,intr,rsize=8192,wsize=8192 nfs.icesa.catholic.edu.au:/opt/stage

# we start autofs

[root@jttest6 etc]# service autofs start
Starting automount:  

                                  [  OK  ]

# we list the NFS mountpoints (I pipe into head because the listings are long - this # is sufficient to show that something is now mounted there)

[root@jttest6 etc]# ls /opt/backup|head -2
ACL
brocade-backups
[root@jttest6 etc]# ls /opt/stage|head -2
ADF
ApplicationServer101202

# However we have now lost access to the dirs "lost+found" "myapp" "otherapp" and the file "test"

[root@jttest6 etc]# ls /opt
backup  stage

Can any one tell me how I an add a number of Subject Alternate Names to an existing CSR?

I'm not talking about generating a CSR with SANs or adding SANs at signing time - I know how to do both of these things.

Background: The problem we have is that HP blade chassis, allow you to generate CSRs, but they only allow a single SAN. We can't use a CSR generated elsewhere as we could not use the resultant cert as there is no way (that I can find) to upload the key to the blade chassis.

Our CA's standard process does not allow for adding SANs are signing time. They are willing to experiment, however I am trying to find a solution at our end as this will mean we won't have to rely on them having a non standard process for us - in my experience if they need to use a non standard process life will eventually get difficult. E.g. when a staff member who knows the non standard process is not present due to leave etc.

Current method is to connect to the bladechassis onboard admin via the web gui and generate the CSR with a single CN.

The web gui only allows for a single SAN in the CSR.

Then we self sign it with the following stanza in the openssl config:

[ v3_ca ]
subjectAltName = "DNS:bladesystem8,DNS:bladesystem8.services.adelaide.edu.au,DNS:bladesystem8-backup,DNS:bladesystem8-backup.services.adelaide.edu.au"

The resultant cert has the extra SANs.

Can any one tell me how to get the PID of a command executed in bash.

E.g. I have a bash script that runs imapsync.

When the script is killed the imapsync process does not always get killed, so I'd like to be able to identify the PID of imapsync programatically from my script, so that I can kill the imapsync process myself in a signal handler.

So how do I programatically get the PID of a child process from a parent bash script?