Trending Topics

VMware on AWS - How to restore NSX DFW firewall rules to previous state

Image
Customers who uses NSX day-in, day-out would like to have a point-in time restore functionality of DFW firewall rules. Many customer have a large footprints in VMC and make changes to DFW quite often. This feature was missing for long time and we could see its included in recent versions . Let's see how DFW configuration roll back works  NSX DFW configuration has versioning, and it is stored in the NSX Manager.  Every time when someone update DFW configuration, NSX creates one more version but keep storing the previous ones. You can rollback for previous config but reapplying it once again.  You can find the options under Networking & Security tab , > Security > Distributed Firewall . In the right side we see an Actions drop down. Choose View to get to the below screen.  Let’s go through the use case:  1. Original state- default config with no custom rules:  a. There are no saved configurations during last 30 days: In my existing test setup, with the current setting

Rescan dynamically the scsi bus (applicable to CX Clariion SAN infrastructure)

Rescan dynamically the scsi bus

I've been working for a while with a Dell - Clariion CX-300, and the best way to add new attached LUNs was always to reboot the server.
However, that procedure is not always the most acceptable if you're in a hurry or if just want to do some tests.
I found the procedure described above, in an outdated website, but worked very well in my case.

I also recommend to use rescan-scsi-bus.sh script with the options -lwc. Type rescan-scsi-bus.sh --help to see the description of each option.

/root/rescan-scsi-bus.sh
Host adapter 1 (qla2xxx) found.
Host adapter 2 (qla2xxx) found.
Scanning for device 1 0 0 0 ...
OLD: Host: scsi1 Channel: 00 Id: 00 Lun: 00
Vendor: DGC Model: LUNZ Rev: 0208
Type: Direct-Access ANSI SCSI revision: 04
Scanning for device 2 0 0 0 ...
OLD: Host: scsi2 Channel: 00 Id: 00 Lun: 00
Vendor: DGC Model: LUNZ Rev: 0208
Type: Direct-Access ANSI SCSI revision: 04
0 new device(s) found.
0 device(s) removed.



So I stoped powerpath and unload qla modules in order to restart the whole thing.
$ /etc/init.d/PowerPath stop
Stopping PowerPath: done
$ lsmod | grep qla
qla6312 119233 0
qla2xxx 165733 1 qla6312
scsi_transport_fc 12225 1 qla2xxx
scsi_mod 116941 5 sg,qla2xxx,scsi_transport_fc,megaraid_mbox,sd_mod
[root@pasargades /opt/Navisphere/bin]
$ modprobe -r qla6312 qla2xxx
[root@pasargades /opt/Navisphere/bin]
$ lsmod | grep qla



then reload the whole thing:

$ modprobe qla2xxx qla6312
[root@pasargades /opt/Navisphere/bin]
$ /etc/init.d/PowerPath start
Starting PowerPath: done



then it works, the kernel does see the new devices

$ cat /proc/scsi/scsi
Attached devices:
Host: scsi0 Channel: 00 Id: 06 Lun: 00
Vendor: PE/PV Model: 1x2 SCSI BP Rev: 1.0
Type: Processor ANSI SCSI revision: 02
Host: scsi0 Channel: 01 Id: 00 Lun: 00
Vendor: MegaRAID Model: LD 0 RAID1 69G Rev: 521S
Type: Direct-Access ANSI SCSI revision: 02
Host: scsi3 Channel: 00 Id: 00 Lun: 00
Vendor: DGC Model: RAID 5 Rev: 0208
Type: Direct-Access ANSI SCSI revision: 04
Host: scsi3 Channel: 00 Id: 00 Lun: 01
Vendor: DGC Model: RAID 5 Rev: 0208
Type: Direct-Access ANSI SCSI revision: 04
Host: scsi4 Channel: 00 Id: 00 Lun: 00
Vendor: DGC Model: RAID 5 Rev: 0208
Type: Direct-Access ANSI SCSI revision: 04
Host: scsi4 Channel: 00 Id: 00 Lun: 01
Vendor: DGC Model: RAID 5 Rev: 0208
Type: Direct-Access ANSI SCSI revision: 04
[root@pasargades /opt/Navisphere/bin]
$ fdisk -l

Disk /dev/sda: 73.2 GB, 73274490880 bytes
255 heads, 63 sectors/track, 8908 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sda1 1 4 32098+ de Dell Utility
/dev/sda2 * 5 583 4650817+ 83 Linux
/dev/sda3 584 1220 5116702+ 83 Linux
/dev/sda4 1221 8908 61753860 5 Extended
/dev/sda5 1221 3770 20482843+ 83 Linux
/dev/sda6 3771 5682 15358108+ 83 Linux
/dev/sda7 5683 6192 4096543+ 82 Linux swap

Disk /dev/sdb: 676.4 GB, 676457349120 bytes
255 heads, 63 sectors/track, 82241 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/sdb doesn't contain a valid partition table

Disk /dev/sdc: 1395.8 GB, 1395864371200 bytes
255 heads, 63 sectors/track, 169704 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/sdc doesn't contain a valid partition table

Disk /dev/sdd: 676.4 GB, 676457349120 bytes
255 heads, 63 sectors/track, 82241 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/sdd doesn't contain a valid partition table

Disk /dev/sde: 1395.8 GB, 1395864371200 bytes
255 heads, 63 sectors/track, 169704 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/sde doesn't contain a valid partition table

Disk /dev/emcpowera: 676.4 GB, 676457349120 bytes
255 heads, 63 sectors/track, 82241 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/emcpowera doesn't contain a valid partition table

Disk /dev/emcpowerb: 1395.8 GB, 1395864371200 bytes
255 heads, 63 sectors/track, 169704 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/emcpowerb doesn't contain a valid partition table




REmarque: We can see that fdisk sees double path 'raw' devices ( /dev/sdb and /dev/sdd ) to a same device, which finnaly is presented by powerpath as /dev/emcpowera . All disk system command (fdisk etc ...) should now use that device in order to benefit the use of powerpath (load balancing and failover on our double attached FC ).//

The 'rescan' script shows that now:

$ /root/rescan-scsi-bus.sh
Host adapter 3 (qla2xxx) found.
Host adapter 4 (qla2xxx) found.
Scanning for device 3 0 0 0 ...
OLD: Host: scsi3 Channel: 00 Id: 00 Lun: 00
Vendor: DGC Model: RAID 5 Rev: 0208
Type: Direct-Access ANSI SCSI revision: 04
Scanning for device 4 0 0 0 ...
OLD: Host: scsi4 Channel: 00 Id: 00 Lun: 00
Vendor: DGC Model: RAID 5 Rev: 0208
Type: Direct-Access ANSI SCSI revision: 04
0 new device(s) found.
0 device(s) removed.

Popular posts from this blog

What is a Sysvol?

HOW TO EDIT THE BCD REGISTRY FILE

AD LDS – Syncronizing AD LDS with Active Directory