Redhat

I always keep my eyes on what modules are undergoing FIPS validation. Here is an email sent to my teams… A shortcoming of open source has always been the lack of validated security modules. Red Hat has recognized this shortcoming and submitted their products and libraries for FIPS validation. As we move to more secure enterprise solutions it will be important to remain aware of these products as to lean on them in our products. Using validated products removes the need to take a hit during C&A or seek waivers. Just a friendly FYI from your IA Architect: ...

As many of you know, multipath was finally integrated into Redhat Linux with the 5 series. This is great when you have multipath enabled during an install as you will see /dev/mapper/mpath0, but what happens post install when you attach new LUN? Here is the howto for what happens behind the scenes during a RHEL install: After the filer has attached and presented the new LUN reboot the machine allowing for the HBA card to recognize them Post-reboot login and verify with the drivers are present with the correct capacity: dmesg | grep sd Next we need the WWID for the new path. For this example assume that sdh is one of our newly presented multipath drives: scsi_id -gus /block/sdh Copy this output down and have it ready to input into a config file. I recommend pipping or copying down the results withing GNOME/vim Edit the /etc/multipath.conf with your editor of choice and look for the blacklist exception list. You will see a WWID “923847089123908u2389” already listed. Copy that line and replace the “218934708912374” with the output of command #3 Reboot the box After the reboot login and cd /dev/mapper and verify that there is a newly listed mpath1. If this is not the case stop what you are doing and wash-rinse-repeat steps 1-6 If there is a mpath1 we need to create a new partition. Since Linux sees the device as a new block, use fdisk as you would with any other drive: fdisk /dev/mapper/mpath1 Since the drive is freshly paritioned you will need to reboot to allow the kernel to recognize the new parition table. Post reboot we can create a filesystem. I am going to assume you created one parition and are going to use ext3: mkfs.ext3 /dev/mapper/mpath1p1 Next edit your /etc/fstab and point the new drive to a path you want the new mapping mounted to: /dev/mapper/mpath1p1 /storage ext3 defaults 1 1 For the next portion I will operate under the assumption you are attaching more storage to your /opt directory for a new commercial install. As root drop to run level 2: init 2 This is the lowest run level where the / filesystem is mounted r/w and multipathd is running We will move /opt as it is current substatianted to /opt2: mv /opt /opt2 Create the mount for the SAN LUN: mkdir /opt Mount the LUN: mount /opt <–read from the /etc/fstab entry Now we sync the directories with rsync: rsync -avh /opt2/* /opt I recommend holding onto the /opt2 until everything is tested after a reboot Done!