Changing the Login banner on a Celerra / VNX File control station

If you have a security requirement to change the login screen on operating systems that are accessible via a terminal session, it’s a farily easy change on a Celerra or VNX File control station due to the DART OS being based on Linux.  Simply log in as root and edit the /etc/issue file with vi.  It contains the login banner that you see immediately after logging in to a control station.

This is what the default /etc/issue file contains on a VNX control station, and what you’ll see by default when you log in:

A customized version of the Linux operating system is used on the
EMC(R) VNX(TM) Control Station.  The operating system is
copyrighted and licensed pursuant to the GNU General Public License
(“GPL”), a copy of which can be found in the accompanying
documentation.  Please read the GPL carefully, because by using the
Linux operating system on the EMC VNX you agree to the terms
and conditions listed therein.
 
EXCEPT FOR ANY WARRANTIES WHICH MAY BE PROVIDED UNDER THE TERMS AND
CONDITIONS OF THE APPLICABLE WRITTEN AGREEMENTS BETWEEN YOU AND EMC,
THE SOFTWARE PROGRAMS ARE PROVIDED AND LICENSED “AS IS” WITHOUT
WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT
NOT LIMITED TO, THE IMPLIED MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE.  In no event will EMC Corporation be liable to
you or any other person or entity for (a) incidental, indirect,
special, exemplary or consequential damages or (b) any damages
whatsoever resulting from the loss of use, data or profits,
arising out of or in connection with the agreements between you
and EMC, the GPL, or your use of this software, even if advised
of the possibility of such damages.
 
EMC, VNX, Celerra, and CLARiiON are registered trademarks or trademarks of
EMC Corporation in the United States and/or other countries. All
other trademarks used herein are the property of their respective
owners.
 
EMC VNX Control Station Linux release 3.0 (NAS 7.1.71)
 

I don’t work for IBM, but below is an example of what you could change the /etc/issue file to.  I included the hostname of the control station, our company logo, and a legal warning regarding unathorized logins and system monitoring.  Because the standard login banner from EMC includes the DART OS Version on the last line, I suspect that the /etc/issue file is updated along with any OS upgrades or patches, although I can’t confirm that right now.  I’m keeping a backup copy in the same directory to easily change it back after a DART upgrade.

You can also edit the /etc/motd file, which displays immediately after a successful login.  By default the file contains the message “EMC Celerra Control Station Linux” or “EMC VNX Control Station Linux”, along with what I assume to be the date of the original OS installation.

[sourcecode language=”css”]
—————————————————————
EMC VNX Control Station <Host_Name>
—————————————————————
IIIIIIIIIIIIIIIIIII  BBBBBBBBBBBBBBBBB    MMMMMMM     MMMMMMM
IIIIIIIIIIIIIIIIIII  BBBBBBBBBBBBBBBBBB   MMMMMMMM   MMMMMMMM
IIII         BBBB           BBBB  MMMM MMMM MMMM MMMM
IIII          BBBB           BBBB  MMMM MMMM MMMM MMMM
IIII          BBBBBBBBBBBBBBBBB    MMMM  MMMMMMM  MMMM
IIII          BBBBBBBBBBBBBBBBB    MMMM   MMMMM   MMMM
IIII          BBBB           BBBB  MMMM    MMM    MMMM
IIII          BBBB           BBBB  MMMM     M     MMMM
IIIIIIIIIIIIIIIIIII  BBBBBBBBBBBBBBBBBB   MMMM           MMMM
IIIIIIIIIIIIIIIIIII  BBBBBBBBBBBBBBBBB    MMMM           MMMM
—————————————————————
Warning: This system is restricted to IBM authorized users for
business purposes only. Unauthorized access or use is
a violation of of company policy and the law.
—————————————————————
This system may be monitored for administrative and security
reasons. By logging in, you agree that you have read and
understand this notice.
—————————————————————
nasadmin@<Host_Name>’s password:
[/sourcecode]

Advertisements

Alerting on VNX File SP Failover

You may see a Celerra alert description that states “Disk dx has been trespassed” or “Storage Processor is ready to restore”.  This would mean that one or more Celerra LUNs aren’t being accessed through the default SP.  It can happen during a DART upgrade, some other maintenance activity, or simply a temporary loss of connectivity to the default SP for the LUN.  I wanted to set up an email alert to let the storage team know when an SP failover occurs, so I wrote a script to send an alert email when a failover is detected.  It can be run directly on the data mover and scheduled as frequently as you like via cron.

Here’s the script:

#!/bin/bash

TODAY=$(date) 
HOST=$(hostname) 

STATUS=`cat /scripts/health/arrayFOstatus.txt`

# Checks and displays status of NAS storage, will show SP/disk Failover info. 
# We will use this info to include in the alert email if needed. 

/nas/bin/nas_storage -check -all > /scripts/health/backendcheck.txt 

#  [nasadmin@celerra]$ nas_storage -check -all     
#  Discovering storage (may take several minutes) 
#  Error 5017: storage health check failed #  CK900052700319 SPA is failed over #  CK900052700319 d6 is failed over

# Shows detailed info, I'm only pulling out failover info. 

/nas/bin/nas_storage -info -all | grep failed_over > /scripts/health/failovercheck.txt 

# The command above results in this output: 
#   failed_over = <True/False> 
#   failed_over = <True/False> 
#   failed_over = <True/False> 

# The first entry is the value for the array, second is SPA, third is SPB. 

# The next line pulls the True/False value for the entire array (the third value on the first line of output) 

echo `cat /scripts/health/failovercheck.txt | awk '{if (NR<2) print $3}'` > /scripts/health/arrayFOstatus.txt

# Now we check the value in the 'arrayFOstatus.txt' file, if it's 'True', we send an email notification that there is an SP failed over. 

# In addition to sending an email, you could also run the 'nas_storage -failback id=1' command to automatically fail it back.

if [ "$STATUS" == "False" ]; then  
   echo "Value is False" 
fi

if [ "$STATUS" == "True" ]; then  
   mail -s "SP Failover on $HOST" username@domain.com < /scripts/health/backendcheck.txt  

   #nas_storage -failback id=1 #Optionally fail it back, our team decided to alert only and fail back manually.

   echo "Value is True" 
fi

If a failover is detected, you can manually fail it back with the following commands:

Determine/Confirm the ID number:

[nasadmin@celerra]$ nas_storage -list
 id   acl    name                     serial_number
 1    0      CK900052700319 CK900052700319

Fail it back (will fail back Celerra/VNX File LUNs only):

[nasadmin@celerra]$ nas_storage -failback id=1
id  = 1  
serial_number   = CCK900052700319  
name  = CCK900052700319  
acl  = 0  
done