Home » HP Manuals » Servers » HP BL860c » Manual Viewer

HP BL860c HP Integrity Virtual Machines Release Notes - Page 37

Guest Administration

Add to My Manuals
Save this manual to your list of manuals

Page 37 highlights

6 Guest Administration This chapter contains information about managing Integrity VM guests. 6.1 Administrator Account Names This version of Integrity VM lifts the restriction that the virtual console administrator account names must be the same as the guest name. As a result, the virtual console administrator name can be any valid HP-UX login name. To continue accessing the virtual console, existing guest console accounts must be added to the authorization list for the associated guest with the usermod command. This allows multiple accounts to map to the guest, and requires the account names to be valid HP-UX login strings. Authorization of access to the virtual console is determined by the guest configuration file (set using the -u and -g options to the hpvmcreate, hpvmmodify, and hpvmclone commands). This controlled access allows you to temporarily block access by using the hpvmmodify command to change the virtual console administrator account name. 6.2 Guest User Accounts The configuration for captive hpvmconsole guest user accounts has changed in this release to support additional access controls and configurations. This change requires that the guest user accounts have the correct home directory. It is also necessary to list the console access account in the guest configuration file. For example, using a guest named compass1 (and therefore a user account named compass1), the home directory for user compass1 must be /var/opt/hpvm/guests/compass1. To ensure that the user continues to have administrative console access, use the following command: # hpvmmodify -P compass1 -u compass1:admin 6.3 Creating Virtual Machine Administrator and Operator Accounts In prior versions of Integrity VM, only admin console access is available, and only one such account per guest is allowed. The administrator account name must match the guest name. The new version of Integrity VM provides proper access controls and individual accountability for these accounts. A captive virtual console account is a special-purpose user account created on the VM Host for each guest administrator. These types of user accounts use /opt/hpvm/bin/hpvmconsole for a shell, and the desired guest's per-guest directory for a home directory. For virtual console access, the account also requires a password, and access to its associated guest. You create this account with the hpvmcreate, hpvmclone, or hpvmmodify command. You can establish group membership of the account using the -g option to those commands, or user membership, using the -u option to those commands. NOTE: Do not use the hpvmsys group for user accounts. This group is used for security isolation between components of Integrity VM. The HP-UX useradd command may not work as expected. To create user accounts for virtual console access, use the useradd command before you create the virtual machine. Alternatively, specify the user account directory completely in the /etc/passwd file, ensuring the entry is unique. In the following example, the useradd command is used to create three user accounts on the VM Host system (testme1, testme2, and testme3): # useradd -r no -g users -s /opt/hpvm/bin/hpvmconsole \ -c "Console access to guest 'testme'" \ 6.1 Administrator Account Names 37

Section	Page
Release Notes	1
Table of Contents	3
About This Document	9
1 Intended Audience	9
2 New and Changed Information in This Edition	9
3 Typographic Conventions	9
4 Document Organization	9
5 Related Information	10
6 Publishing History	10
7 HP Encourages Your Comments	10
1 Introduction	13
1.1 New Features and Enhancements in This Version of Integrity VM	13
1.2 Using Linux Guests	14
1.3 Dynamic Memory	14
1.4 Creating Virtual Machine Administrator and Operator Accounts	14
1.5 Using P2V Workload Migration	14
1.6 Integrity VM Command Changes	14
1.7 Guest Management Software	16
2 Installation Notes	17
2.1 Installing Integrity VM	17
2.1.1 Integrity VM Includes the Foundation Operating Environment	17
2.1.2 Upgrade HP WBEM Services	17
2.1.3 Installing the hpvmmigrate Command	17
2.1.4 Installing VM Provider	17
2.1.5 Ugrade the VM Host to 0609 or Later	18
2.1.6 HP-UX Patches Required in the VM Host	18
2.1.7 Patches Required in the HP-UX Guest	19
2.1.8 Patches Required for Ignite/UX Servers	20
2.1.9 Patches Required for Windows Guests	20
2.2 Upgrading from Earlier Versions of Integrity VM	21
2.3 Installing the HP Integrity Virtual Machines Product Over the Evaluation Software	22
2.4 Do Not Install Applications on the VM Host System	22
2.5 Do Not Install Integrity VM on a Virtual Partition	23
2.6 Do Not Install Windows as Alternate Boot on a VM Host System	23
3 Creating Virtual Machines	25
3.1 Default Guest Settings for HP-UX, Windows, and Linux	25
3.2 Autoboot Causes Virtual Machines to Start	25
3.3 Reserving Swap Space for Guests	25
3.4 Do Not Create Golden Images of the VM Host for Guest Installation	26
4 Installing Guests	27
4.1 Windows Guests	27
4.1.1 Removing Media During Installation Hangs Guest	27
4.1.2 HP Insight Manager Automatic Server Recovery Does Not Work	27
4.1.3 Running Windows Guests on a Dual Core Intel Itanium2 Processor (Montecito) System	27
4.1.4 Installing Windows with Virtual NullDVD is Not Recommended	27
4.1.5 Enabling MP Services on Windows Guest Logs telnetd Errors	28
4.1.6 Using Windows Firewall Requires ICMP to Allow Echo	28
4.1.7 Poor Console Screen Formatting	28
4.1.8 The hpvmstop Command Does Not Shut Down Windows Guests Gracefully	28
4.1.9 Do Not Delete EFI Shell Boot Option	28
4.2 HP-UX Guests	28
4.2.1 HP-UX 11.31 Guests May Fail to Configure More than Two MPT Interfaces	29
4.2.2 Patches for HP-UX 11.31 Guests	29
4.2.3 Do Not Run Live Kernel Debuggers Inside a Guest	29
4.2.4 Do Not Use the iomap(7) Command on HP-UX Guests	29
4.2.5 iCAP Commands Fail on HP-UX Guests	29
4.3 Linux Guests	29
4.3.1 Linux Guest Installation Errors	30
4.3.2 Linux Guests with FC Tapes Display Errors	30
4.3.3 Disable IPv6 on Linux Guests	30
4.3.4 Preparing Linux Guests for VM Manager	30
4.3.5 IPv6 Dynamic Address Resolution is Broken in Linux	31
4.3.6 Infrequent Ooops: timer ticks before it is due Errors	31
4.3.7 Infrequent e1000: eth1: e1000_clean_tx_irq: Detected Tx Unit Hang Errors	31
4.3.8 Inconsistent “Bogomips” Values between Virtual CPU0 and Other Virtual CPUs	31
4.3.9 Incorrect Display of Special Characters when Displayed Using HP-UX Terminal	31
4.3.10 Occasional Floating-Point Assist Fault Messages.	31
5 Using Integrity VM Commands	33
5.1 Using hpvmmodify -N -s Options Together Causes Guest to Be Inaccessable	33
5.2 The hpvmmodify Command Reevaluates Guest Configurations	33
5.3 The hpvmdevmgmt Command Truncates File Sizes	33
5.4 Setting Devices to Sharable Can Lead to Device Conflicts	33
5.5 Errors on Displaying Guest or Vswitch Information While that Information is Being Modified	33
5.6 Do Not Attempt to Remove Busy Virtual Devices	33
5.7 Missing uuid or .vmid Files	34
5.8 Maintain Minimum Entitlement	34
5.9 Guest Memory Must Be a Multiple of 64 MB	34
5.10 Actual Running Entitlement May Differ from Configured Entitlement	34
5.11 Duplicate Messages when Modifying Running Guests	34
5.12 Manpages Display on Linux Guests	34
6 Guest Administration	37
6.1 Administrator Account Names	37
6.2 Guest User Accounts	37
6.3 Creating Virtual Machine Administrator and Operator Accounts	37
6.4 Modifying Guests	38
6.5 Do Not Add User Accounts to the hpvmsys Group	38
6.6 Do Not Enter Ctrl/B after Starting Guest with Virtual Console	38
6.7 Restoring the NVRAM for Windows Guests	39
6.8 How to Stop Guests	39
6.9 The hpvmconsole pc –cycle Command Occasionally Doesn’t Complete	39
6.10 How to Recover from a Guest Hang	39
6.11 Using HP Serviceguard to Manage Guests	39
6.11.1 Required HP Serviceguard Patches	40
6.11.2 Reenter Command to Start Packages	40
6.11.3 Do not Use Integrity VM Commands to Manage Distributed Guests	40
6.11.4 Different Cluster Nodes Report Virtual Machine Status Differently	40
6.11.5 Syslog Entries for cmcld Can Be Ignored	40
6.11.6 Using Virtual Machines Manager (VM Manager) to Manage Distributed Guests	40
6.11.7 Polling Interval for Virtual Machine Serviceguard Nodes	40
6.12 Managing Guests using gWLM	41
7 Networking Information	43
7.1 Vswitches Are Always in SHARED Mode	43
7.2 Do Not Use the HP A5506B PCI 10/100Base-TX 4 Port Interface for Virtual Networking	43
7.3 MAC Address Validation Can Be Enhanced	43
7.4 Auto Port Aggregation (APA) is Supported on the VM Host, Not on the Guest	43
7.5 Do Not Run Applications that Set Network Devices into Promiscuous Mode	43
7.6 Do not Turn on Checksum Offloading (CKO) on the Physical Network Interface Backing the Vswitch	43
7.7 Do Not Turn on TSO on the VM Host and on HP-UX Guests	44
7.8 Do Not Configure VLAN Vswitches on HP-UX VLANs	44
7.9 For VLANs Between VM Host and Guests, Turn Off CKO	44
7.10 Restarting Vswitches	44
8 Storage Information	47
8.1 DMP Files Not Supported as Backing Stores	47
8.2 Using Database Management Products on Virtual Machines	47
8.3 Integrity VM Does Not Honor File Permissions on Backing Stores	47
8.4 Using USB CD/DVD Devices	47
8.5 The hpvmmodify Command Fails to Change a DVD	47
8.6 Virtual FileDVD Reverts to Original Resource Statement	47
8.7 Physical Device null Assigned to Nonexistent Path	47
8.8 Using sam on Guest Cannot Initialize Disk	48
8.9 Extending a Logical Volume Backing Store Corrupts the Guest	48
8.10 Management Limitations of Virtual SCSI Devices	48
8.11 Installing Integrity VM Clears SecurePath 3.0F SP1 Settings	48
9 Migrating Virtual Machines	49
9.1 Do Not Migrate Distributed Guests	49
9.2 Collect CapAd Data before Migrating	49
10 Error Logging	51
10.1 Guest Log Can Grow Unbounded	51
10.2 Log Messages Written to Old Log File	51
10.3 Saved MCA or INIT Register State Can Be Inaccurate	51
10.4 Modifying the Size of the Monitor Log File	51

Match case Limit results 1 per page

6 Guest Administration

This chapter contains information about managing Integrity VM guests.

6.1 Administrator Account Names

This version of Integrity VM lifts the restriction that the virtual console administrator account

names must be the same as the guest name. As a result, the virtual console administrator name

can be any valid HP-UX login name. To continue accessing the virtual console, existing guest

console accounts must be added to the authorization list for the associated guest with the

usermod

command. This allows multiple accounts to map to the guest, and requires the account names

to be valid HP-UX login strings.

Authorization of access to the virtual console is determined by the guest configuration file (set

using the

—

and

—

options to the

hpvmcreate

hpvmmodify

, and

hpvmclone

commands).

This controlled access allows you to temporarily block access by using the

hpvmmodify

command

to change the virtual console administrator account name.

6.2 Guest User Accounts

The configuration for captive

hpvmconsole

guest user accounts has changed in this release to

support additional access controls and configurations. This change requires that the guest user

accounts have the correct home directory. It is also necessary to list the console access account

in the guest configuration file.

For example, using a guest named

compass1

(and therefore a user account named

compass1

the home directory for user

compass1

must be

/var/opt/hpvm/guests/compass1

. To

ensure that the user continues to have administrative console access, use the following command:

hpvmmodify -P compass1 -u compass1:admin

6.3 Creating Virtual Machine Administrator and Operator Accounts

In prior versions of Integrity VM, only

admin

console access is available, and only one such

account per guest is allowed. The administrator account name must match the guest name. The

new version of Integrity VM provides proper access controls and individual accountability for

these accounts.

A captive virtual console account is a special-purpose user account created on the VM Host for

each guest administrator. These types of user accounts use

/opt/hpvm/bin/hpvmconsole

for a shell, and the desired guest's per-guest directory for a home directory. For virtual console

access, the account also requires a password, and access to its associated guest. You create this

account with the

hpvmcreate

hpvmclone

, or

hpvmmodify

command. You can establish group

membership of the account using the

-g

option to those commands, or user membership, using

the

-u

option to those commands.

NOTE:

Do not use the

hpvmsys

group for user accounts. This group is used for security isolation

between components of Integrity VM.

The HP-UX

useradd

command may not work as expected. To create user accounts for virtual

console access, use the

useradd

command before you create the virtual machine. Alternatively,

specify the user account directory completely in the

/etc/passwd

file, ensuring the entry is

unique.

In the following example, the

useradd

command is used to create three user accounts on the

VM Host system (

testme1

testme2

, and

testme3

useradd -r no -g users -s /opt/hpvm/bin/hpvmconsole \

-c "Console access to guest 'testme'" \

6.1 Administrator Account Names