Forum Discussion

IdaWong's avatar
IdaWong
Level 4
11 years ago

how to display vxfen keys on unix

hi,

for a VCS cluster which is configured with CPS I/O fencing, how can i display the vxfencing keys? i would like to verify that a disk is locked by vxfencing for a particular vcs node.

The Diskgroup resource is online btw, UseFence =SCSI3 and /var/VRTSvcs/log/vxfen/* doesn't particularly complain about anything.

thanks,

ida

  • Hi,

    missed to see that you are using CPS .. The concept is little different in CPS

    I would recommend to review the Symantec cluster server installation guide (page 126 onwards).

    https://sort.symantec.com/documents/doc_details/sfha/6.1/Solaris/ProductGuides/

    There are multiple keys/certificates (CA / CSR ) generated during the process. Page 281 talks about how to get they keys manually

     

    G

     

  • Hi ,

    vxfenadm command is used to display they keys ...

     refer to man page below

    http://sfdoccentral.symantec.com/sf/5.0/solaris/manpages/vcs/vxfenadm_1m.html

    -g switch is used to check the registration keys while -r switch is used to check reservation keys

    in recent versions, -g /-r switch is replaced with -s I believe. You can check for registration keys on coordinator disks while on data disks you will be able to find the reservation keys

    to check registration keys on coordinator disks

    #/sbin/vxfenadm -s all -f /etc/vxfentab

    similar way you can collate all the disk names (with full path like /dev/rdsk/cxtxdx  or /dev/vx/rdmp/<device>) & run the above command to check reservation keys

    Registration & reservation keys will be displayed like "AVCS-----" or "A------" where A,B etc corresponds to node, these A,B notations are mapped to /etc/llthosts file ... for e.g node 0 in /etc/llthosts will get A notation while node 1 in /etc/llthosts will get B ...

     

    G

  • Hi  Gaurav,

    Thank you for your answer, on a cluster using cps,

     

    #vxfenadm -s all -f /etc/vxfentab
    VXFEN vxfenadm ERROR V-11-2-1127 There are no disks in the file!
     
    Is there some way to find out? the key registrations?
  • Hi,

    missed to see that you are using CPS .. The concept is little different in CPS

    I would recommend to review the Symantec cluster server installation guide (page 126 onwards).

    https://sort.symantec.com/documents/doc_details/sfha/6.1/Solaris/ProductGuides/

    There are multiple keys/certificates (CA / CSR ) generated during the process. Page 281 talks about how to get they keys manually

     

    G

     

  • As I understand, you want to show registered on data (not coordinator) disk on a paticular VCS node so you can use:

    vxfenadm -s diskpath

     

    for a particular disk or

    vxfenadm -s all

     

    or put the disks you are interested in into a file and use

    vxfenadm -s -f disk_filename

     

    This is the same command Gaurav used in his comment, but as you have found out, you can't use vxfentab file as this would normally contain coordinator disks for disk based fencing, but you are using CPS.

    Just to be clear here, there are 2 parts to fencing:

    1. Race condition when a node is lost where VCS trys to get the majority of coordinator disks (which have registration keys on them) or coodinator servers
    2. SCSI reservation on data disks so that only one node can write to data disks

    Mike

  • You can use the below command to check the VxFen Keys

    vxfenadm -x -k A1 -f /tmp/disklist

    /core/etc/clear_scsi3_keys

     

    Thanks///