Re: How to reconfigure iptables & NTP on Exadata storage cells ?
- From: Andy Colvin <acolvin@xxxxxxxxxxx>
- To: dedba@xxxxxxxxxx
- Date: Thu, 26 Jan 2012 08:07:23 -0600
Greetings!
For modifying the network configuration on Exadata, run the
/opt/oracle.cellos/ipconf utility. It's an interactive tool that will allow
you to modify any and all of the network settings, including NTP or DNS.
Before running ipconf, you will have to shut down all cell services (cellcli -e
alter cell shutdown services all). ipconf will complain that some interfaces
are unplugged, but you can ignore that. I've included the output from running
ipconf on one of our cells below.
As for the iptables settings, I don't believe Oracle supports making
modifications to these rules. They're configured out of the box based on the
version of the storage server software you're running. As far as I know, the
configuration cannot be easily modified. What issues are you running into with
the firewall?
[root@enkcel03 ~]# /opt/oracle.cellos/ipconf
Logging started to /var/log/cellos/ipconf.log
Error. All CELL services must be stopped prior to using ipconf
[root@enkcel03 ~]# cellcli -e alter cell shutdown services all
Stopping the RS, CELLSRV, and MS services...
The SHUTDOWN of services was successful.
[root@enkcel03 ~]# /opt/oracle.cellos/ipconf
Logging started to /var/log/cellos/ipconf.log
Interface ib0 is Linked. hca: mlx4_0
Interface ib1 is Linked. hca: mlx4_0
Interface eth0 is Linked. driver/mac: igb/00:21:28:8e:ab:d8
Interface eth1 is ... Unlinked. driver/mac: igb/00:21:28:8e:ab:d9
Interface eth2 is ... Unlinked. driver/mac: igb/00:21:28:8e:ab:da
Interface eth3 is ... Unlinked. driver/mac: igb/00:21:28:8e:ab:db
Network interfaces
Name State IP address Netmask Gateway Net type
Hostname
ib0 Linked
ib1 Linked
eth0 Linked
eth1 Unlinked
eth2 Unlinked
eth3 Unlinked
Warning. Some network interface(s) are disconnected. Check cables and swicthes
and retry
Do you want to retry (y/n) [y]: n
The current nameserver(s): 192.168.10.15
Do you want to change it (y/n) [n]:
The current timezone: America/Chicago
Do you want to change it (y/n) [n]:
The current NTP server(s): 192.168.10.15
Do you want to change it (y/n) [n]: n
Network interfaces
Name State IP address Netmask Gateway Net type
Hostname
eth0 Linked 192.168.8.205 255.255.252.0 192.168.10.1 Management
enkcel03.enkitec.com
eth1 Unlinked
eth2 Unlinked
eth3 Unlinked
bondib0 ib0,ib1 192.168.12.5 255.255.255.0 Private
enkcel03-priv.enkitec.com
Select interface name to configure or press Enter to continue:
Select canonical hostname from the list below
1: enkcel03.enkitec.com
2: enkcel03-priv.enkitec.com
Canonical fully qualified domain name [1]:
Select default gateway interface from the list below
1: eth0
Default gateway interface [1]:
Canonical hostname: enkcel03.enkitec.com
Nameservers: 192.168.10.15
Timezone: America/Chicago
NTP servers: 192.168.10.15
Default gateway device: eth0
Network interfaces
Name State IP address Netmask Gateway Net type
Hostname
eth0 Linked 192.168.8.205 255.255.252.0 192.168.10.1 Management
enkcel03.enkitec.com
eth1 Unlinked
eth2 Unlinked
eth3 Unlinked
bondib0 ib0,ib1 192.168.12.5 255.255.255.0 Private
enkcel03-priv.enkitec.com
Is this correct (y/n) [y]:
Do you want to configure basic ILOM settings (y/n) [y]: n
Info. Run /opt/oracle.cellos/validations/init.d/saveconfig
Andy Colvin
Principal Consultant
Enkitec
andy.colvin@xxxxxxxxxxx
http://blog.oracle-ninja.com
On Jan 26, 2012, at 4:30 AM, De DBA wrote:
> G'day.
>
> I'm preparing to apply the last patches to an Exadata Database Machine and
> keep running into network configuration issues. The last one is the NTP
> configuration on the storage cells. The Oracle engineer who configured it had
> unfortunately different ideas on what ip address to use than the network
> admins... I'm now trying to find out how to change this the Exadata way -
> perhaps I can just edit the ntp.conf file? Won't a central tool such as dcli
> be affected?
>
> A compounding factor is that in the storage cells there is an iptables
> firewall configured, which has to be modified as well. I've checked the
> normal configuration files for the OEL iptables (/etc/sysconfig/iptables),
> but it doesn't exist. Yet the firewall is loaded - twice! Iptables -L shows
> the entire list two times, one below the other. Makes me think that there is
> another mechanism calling iptables at boot, but what? How is it configured?
>
> Anyone has any leads or links to documentation? I've already got the
> fantastic book by Kerry Osborne, Randy Johnson and Tanel Poder, and the
> Exadata Machine Owner's Guide, but those don't get me much further on this
> either... :(
>
> Thanks,
> Tony
>
> --
> //www.freelists.org/webpage/oracle-l
>
>
--
//www.freelists.org/webpage/oracle-l
Other related posts:
