Solved: Cool thanks Mike, great

dilligaf · ‎06-23-2011

When i online a service group whose start program / monitor program / stop and clean are associated with shell scripts which in turn on and offline and monitor processes for me -> how does the command 'hagrp online' invoke a 'new terminal' to run under as your unix username.

My problem is that the 'new terminal' isn't running my .profile which has loads of env vars my processes need in order to run.

Under Solaris and x86 Xeon platforms my .profile does get sourced ok and everything is fine but under HP-UX nothing get's run. All bashes are the same across the platforms too - well in or arounds the same...

Does veritas use telnet/ssh?

mikebounds · ‎06-23-2011

As the use of "su -" has changed a few times I can't remember exact details, but I think sometime prior to 5.0 it used "su", then in 4.x or 5.0 it used "su -", in 5.1 it used "su" and in 5.1SP1 it remained as default of "su", but gave UseSUDash attribute.

Now, VCS for HP-ux tends not to come out the same time as other platforms as they release HP-ux SF and VCS version to coincide with HP-ux O/S releases as SF is bundled with O/S. Therefore, probably HP-ux is running "su" and Solaris is running "su -".

You can check this by:

 # cd /opt/VRTSvcs/bin/Application

# grep -i su online  (if not found, then maybe in something like Application.pm)

You will probably find for Solaris you have something like "$SU - $User ...", but HP-ux will not have dash.

You could edit the online script, but then officially you are not Supported, alternativey you could log a call to say the behaviour is different between platforms.

Bouncing VCS will not help as this is an issue with the inconsistent way Symantec code the Application agent - personally I think the agent should NEVER use "su -" and there should be an EnvFile attribute instead of an "UseSUDash" attribute - see post https://www-secure.symantec.com/connect/ideas/vcs-agents-should-use-su-user-instead-su-user

Mike

View solution in original post

mikebounds · ‎06-23-2011

Agents generally do not use ssh or telnet - they use "su" or "su -". This depends on the agent and the version. For instance the Application agent has changed whether it uses "su" or su -" at least twice in the last 10 years, but the latest agent in 5.1SP1, finally allows you to choose what the agent does via the "UseSUDash" attribute.

For agents which use "su", if there is an EnvFile, or similar, attribute, then you can use this to source your .profile, although I would recommend copying the .profile to a new file which is owned by root, so the UNIX user is not able to modify the environment file (which could potentially cause the corresponding VCS resource not to be able to failover).

Mike

dilligaf · ‎06-23-2011

Hi - thanks for the reply.

But i script the resources to be ran under the plain old user who is to admin the cluster:

$VRTS_BIN/hares -add $APPLICATION_NAME Application $SERVICE_GROUP_NAME
$VRTS_BIN/hares -modify $APPLICATION_NAME Critical 1
$VRTS_BIN/hares -modify $APPLICATION_NAME User $VCS_UNIX_USER
$VRTS_BIN/hares -modify $APPLICATION_NAME ResourceOwner $VCS_UNIX_USER
$VRTS_BIN/hares -local $APPLICATION_NAME StartProgram
$VRTS_BIN/hares -modify $APPLICATION_NAME StartProgram "$USERDIR/bin/StartMyProcess.sh $SCRIPT_NAME" -sys $VCS_HOSTNAME

mikebounds · ‎06-23-2011

If the profile is not been run, then the version of the Application agent you have runs:

 su $VCS_UNIX_USER -c StartProgram

and NOT:

 su -  $VCS_UNIX_USER -c StartProgram

To get round this, if you have 5.1, then you can install SP1 and then set "UseSUDash" to 1, so then it will use "su -" and thus run your profile, or you can add

 ". ~/.profile"

to the beginning of your StartProgram.

Mike

dilligaf · ‎06-23-2011

Hi guys thanks again.

I didn't know that about su and 5.1, i'm using 5.0 MP3 across x86/Solaris and HP-UX - and HP-UX is the only one with this issue so there must be a configuration problem on install on HP of the App agent and it uses su and it's .profile?

dilligaf · ‎06-23-2011

Hi Mike,

So basically should i get my vcs admins to bounce vcs and run it again with su - ??? Thanks

D

mikebounds · ‎06-23-2011

As the use of "su -" has changed a few times I can't remember exact details, but I think sometime prior to 5.0 it used "su", then in 4.x or 5.0 it used "su -", in 5.1 it used "su" and in 5.1SP1 it remained as default of "su", but gave UseSUDash attribute.

Now, VCS for HP-ux tends not to come out the same time as other platforms as they release HP-ux SF and VCS version to coincide with HP-ux O/S releases as SF is bundled with O/S. Therefore, probably HP-ux is running "su" and Solaris is running "su -".

You can check this by:

 # cd /opt/VRTSvcs/bin/Application

# grep -i su online  (if not found, then maybe in something like Application.pm)

You will probably find for Solaris you have something like "$SU - $User ...", but HP-ux will not have dash.

You could edit the online script, but then officially you are not Supported, alternativey you could log a call to say the behaviour is different between platforms.

Bouncing VCS will not help as this is an issue with the inconsistent way Symantec code the Application agent - personally I think the agent should NEVER use "su -" and there should be an EnvFile attribute instead of an "UseSUDash" attribute - see post https://www-secure.symantec.com/connect/ideas/vcs-agents-should-use-su-user-instead-su-user

Mike

dilligaf · ‎06-23-2011

Cool thanks Mike, great info.

For a rounding on this i put a sleep in my scripts to see the process trees from Sun and HP to see the su and associated switches, hope the formatting is readable:

HP
/opt/VRTSvcs/bin/Application/ApplicationAgent -type Application
root 4938 2458 1 14:21:55 ? 00:00:00 /opt/VRTSperl/bin/perl -I../../lib /opt/VRTSvcs/bin/Application/online My_RESGRP User 1 my_usrnme StartProgram 1 /tmp/my_usrnme/p...
root 4939 4938 0 14:21:56 ? 00:00:00 sh -c /usr/bin/su - my_usrnme -c "/tmp/my_usrnme/prod/bin/MY_SCRIPT.sh my_exe"
my_usrnme 4941 4939 0 14:21:56 ? 00:00:00 /usr/bin/sh /tmp/my_usrnme/prod/bin/MY_SCRIPT.sh my_exe

Solaris
18529 /opt/VRTSvcs/bin/Application/ApplicationAgent -type Application
20039 /opt/VRTSperl/bin/perl -I /opt/VRTSvcs/bin/Application/../../lib -S /opt/VRTSvc
20042 sh -c /usr/bin/su - my_usrnme -c "/tmp/my_usrnme/prod/bin/MY_SCRIPT.sh MY_SC...
20043 /bin/sh /tmp/my_usrnme/prod/bin/MY_SCRIPT.sh my_exe
20060 sleep 300

mikebounds · ‎06-23-2011

I'm a little confused here as this shows HP-ux is running "su -", but you said profile was not been sourced.

So if you run as root, what VCS is showing it is running above for HP-ux:

sh -c /usr/bin/su - my_usrnme -c "/tmp/my_usrnme/prod/bin/MY_SCRIPT.sh my_exe

Then .profile should be sourced - is this not the case?

Mike

dilligaf · ‎06-27-2011

yes it's not the case!

Seems like a bug on su - on HP-UX!

Here's my explanation on how i closed the ticket in my job:

"....

This was proven by manually recreating this with a simple sh script and issuing it to be run from the command line -

Simple shell script:
#!/bin/sh
echo 'echoing out env var:' $ENV_VAR (some exported env var exported from .profile)

Save the above lines into ~/test.sh

Run the following line from Xeon/Sun and HP:
sh -c '/bin/su - myUsrName -c ~/test.sh'

..."

Simply: su-, doesn't work like it does on x86 Xeon and Sun Solaris - go figure?

So in Sun/x86 i see the env var that's specified in the user's .profile and echoed to the terminal, but not so on HP - no sourcing of .profile, no echos!

Crazy enough - cheers for the help though, led me to the answer, cheers

g_lee · ‎06-28-2011

dilligaf,

As Mike pointed you in the right direction (re: differences between HP-UX vs Sun su - see https://www-secure.symantec.com/connect/forums/what-terminalsshtelnet-does-hagrp-invoke-if-any#comment-5727261 ), it would make more sense to mark his post as solution, since he has provided you with the answer.

VOX

What terminal/ssh/telnet does HAGRP invoke... if any