Re: How to reconfigure iptables & NTP on Exadata storage cells ?

From: Andy Colvin <acolvin_at_enkitec.com>
Date: Thu, 26 Jan 2012 08:07:23 -0600
Message-Id: <D00A15B7-24DC-43BB-AE8E-FAA3A686E437_at_enkitec.com>

Greetings!
For modifying the network configuration on Exadata, run the /opt/oracle.cellos/ipconf utility. It's an interactive tool that will allow you to modify any and all of the network settings, including NTP or DNS. Before running ipconf, you will have to shut down all cell services (cellcli -e alter cell shutdown services all). ipconf will complain that some interfaces are unplugged, but you can ignore that. I've included the output from running ipconf on one of our cells below.

As for the iptables settings, I don't believe Oracle supports making modifications to these rules. They're configured out of the box based on the version of the storage server software you're running. As far as I know, the configuration cannot be easily modified. What issues are you running into with the firewall?

[root_at_enkcel03 ~]# /opt/oracle.cellos/ipconf Logging started to /var/log/cellos/ipconf.log Error. All CELL services must be stopped prior to using ipconf [root_at_enkcel03 ~]# cellcli -e alter cell shutdown services all

Stopping the RS, CELLSRV, and MS services... The SHUTDOWN of services was successful. [root_at_enkcel03 ~]# /opt/oracle.cellos/ipconf Logging started to /var/log/cellos/ipconf.log Interface ib0 is Linked. hca: mlx4_0
Interface ib1 is Linked. hca: mlx4_0

Interface eth0 is Linked.  driver/mac: igb/00:21:28:8e:ab:d8
Interface eth1 is ... Unlinked.  driver/mac: igb/00:21:28:8e:ab:d9
Interface eth2 is ... Unlinked.  driver/mac: igb/00:21:28:8e:ab:da
Interface eth3 is ... Unlinked.  driver/mac: igb/00:21:28:8e:ab:db

Network interfaces
Name     State      IP address      Netmask         Gateway         Net type     Hostname       
ib0      Linked                                                                                 
ib1      Linked                                                                                 
eth0     Linked                                                                                 
eth1     Unlinked                                                                               
eth2     Unlinked                                                                               
eth3     Unlinked                                                                               

Warning. Some network interface(s) are disconnected. Check cables and swicthes and retry Do you want to retry (y/n) [y]: n

The current nameserver(s): 192.168.10.15 Do you want to change it (y/n) [n]:
The current timezone: America/Chicago
Do you want to change it (y/n) [n]:
The current NTP server(s): 192.168.10.15 Do you want to change it (y/n) [n]: n

Network interfaces

Name     State      IP address      Netmask         Gateway         Net type     Hostname       
eth0     Linked     192.168.8.205   255.255.252.0   192.168.10.1    Management   enkcel03.enkitec.com
eth1     Unlinked                                                                               
eth2     Unlinked                                                                               
eth3     Unlinked                                                                               
bondib0  ib0,ib1    192.168.12.5    255.255.255.0                   Private      enkcel03-priv.enkitec.com

Select interface name to configure or press Enter to continue:

Select canonical hostname from the list below 1: enkcel03.enkitec.com
2: enkcel03-priv.enkitec.com
Canonical fully qualified domain name [1]:

Select default gateway interface from the list below 1: eth0
Default gateway interface [1]:

Canonical hostname: enkcel03.enkitec.com Nameservers: 192.168.10.15
Timezone: America/Chicago
NTP servers: 192.168.10.15
Default gateway device: eth0
Network interfaces

Name     State      IP address      Netmask         Gateway         Net type     Hostname       
eth0     Linked     192.168.8.205   255.255.252.0   192.168.10.1    Management   enkcel03.enkitec.com
eth1     Unlinked                                                                               
eth2     Unlinked                                                                               
eth3     Unlinked                                                                               
bondib0  ib0,ib1    192.168.12.5    255.255.255.0                   Private      enkcel03-priv.enkitec.com

Is this correct (y/n) [y]:

Do you want to configure basic ILOM settings (y/n) [y]: n Info. Run /opt/oracle.cellos/validations/init.d/saveconfig

Andy Colvin

Principal Consultant
Enkitec
andy.colvin_at_enkitec.com
http://blog.oracle-ninja.com

On Jan 26, 2012, at 4:30 AM, De DBA wrote:

> G'day.
>
> I'm preparing to apply the last patches to an Exadata Database Machine and keep running into network configuration issues. The last one is the NTP configuration on the storage cells. The Oracle engineer who configured it had unfortunately different ideas on what ip address to use than the network admins... I'm now trying to find out how to change this the Exadata way - perhaps I can just edit the ntp.conf file? Won't a central tool such as dcli be affected?
>
> A compounding factor is that in the storage cells there is an iptables firewall configured, which has to be modified as well. I've checked the normal configuration files for the OEL iptables (/etc/sysconfig/iptables), but it doesn't exist. Yet the firewall is loaded - twice! Iptables -L shows the entire list two times, one below the other. Makes me think that there is another mechanism calling iptables at boot, but what? How is it configured?
>
> Anyone has any leads or links to documentation? I've already got the fantastic book by Kerry Osborne, Randy Johnson and Tanel Poder, and the Exadata Machine Owner's Guide, but those don't get me much further on this either... :(
>
> Thanks,
> Tony
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Jan 26 2012 - 08:07:23 CST