rhel-note

Legal and notice information© Copyright 2015- 2017 Hewlett Packard Enterprise Development LP Document H istory:Released DescriptionJune 2022 Final VersionTable of ContentsOverview (4)Update recommendation (4)Alignment (4)Summary of Changes (4)Important Notes (4)Release Summary (4)Prerequisites (5)Running SUM on Linux (5)Deployment Instructions (6)Component Release Notes (6)Content Notes (8)RHEL8.6 Supplement for Gen9 SPP Contents (8)OverviewA Service Pack for ProLiant (SPP) Supplement is a software bundle. It may include support for anew operating system update excluded in SPP but functions with the SPP components. TheSupplement will provide support for functionality that is required outside a normal SPP release cycle allowing HPE to deliver support, so customers do not have to wait on a complete SPP’s availability.Each SPP Supplement’s version number will match the version of its corresponding SPP.Supplement Release Notes will be available and will include information on the components in thebundle. If the Supplement’s contents include Linux components, the components will also beavailable on the Linux Software Delivery Repository (SDR).Once released, the functionality of the SPP Supplement contents is included in the next availableSPP.Hot Fixes associated with an SPP may work with an SPP Supplement. Please review the Hot Fix to verify if it has support for the operating system that is supported in the Supplement. For moreinformation on SPP Hot Fixes, please see the SPP Release Notes located on the SPP InformationLibrary page.This is the Red Hat Enterprise Linux (RHEL) 8.6 Supplement for Gen9.0 Post Production ServicePack for ProLiant 2022.03.0.For more information on which servers are supported with RHEL 8.6, please visit our OS SupportSite at: SPP OS Support Guide.RHEL8.6 Supplement for Gen9.0 SPP version 2022.03.0 Bundle containing software components Filename: supspp-2022.03.rhel8.6.en.tar.gzUpdate recommendationOptional - Users should update to this version if their system is affected by one of the documented fixes or if there is a desire to utilize any of the enhanced functionality provided by this version.AlignmentGen9 Service Pack for ProLiant 2022.03.0Summary of ChangesImportant NotesWhen the terms, Supplement, Service Pack for ProLiant or SPP are used throughout this document,they refer to all the deliverables in the Table in the Overview Section unless explicitly stated.Before deploying any components to a system, be sure that a recent backup of the system isavailable in the event the deployment procedure fails.Release SummaryThe summary of this Red Hat Enterprise Linux (RHEL) 8.6 Supplement for Service Pack for ProLiantrelease is:Added support for Red Hat Enterprise Linux 8.5This Supplement corresponds with SPP 2022.03.0. Drivers either found in SPP 2022.03.0 or deliveredwith the RHEL 8.4 distribution can be used.However, the drivers found in the initial release (SPP2022.03.0) may not contain all the HPE value added features that are available in the Supplement. These features will be added in a future SPP release.All components delivered in this Supplement to the Service Pack for ProLiant (SPP) are tested together and meet the dependencies of the other components in the Service Pack for ProLiant.Systems using software and firmware components delivered with the following products should be able to easily migrate to the components in this supplement:Service Pack for ProLiant 2022.03.02021.10.02021.05.02020.09.2Note: The users may see the “thawing” state in the systemd message console because the systemd doesn’t set the default value correctly, especially after a restart or reload services.PrerequisitesRunning SUM on LinuxBefore deploying software updates on a target system, be sure that a recent backup of the target system is available in the event the deployment procedure fails.To successfully deploy SUM on remote target systems based on a Linux operating system, the following must be available:•libcrypt.so•libcrypt.so.1•/usr/lib/libqlsdm.so•/usr/lib64/libqlsdm-x86_64.so•/lib/cim/libqlsdm.so•/usr/lib/libemsdm.so•/usr/lib64/libemsdm.so•/lib/cim/libemsdm.so•/usr/lib/bfahbaapi.so•/usr/lib64/bfahbaapi.so•/lib/cim/bfahbaapi.so•linux-vdso.so.1•/lib64/libcrypt.so.1•/lib64/libpthread.so.0•/lib64/libz.so.1•/lib64/libdl.so.2•/lib64/librt.so.1•/usr/lib64/libstdc++.so.6•/lib64/libm.so.6•/lib64/libgcc_s.so.1•/lib64/libc.so.6•/ lib64/ld-linux-x86-64.so.2Deployment InstructionsThe Supplement is designed for use after the operating system is installed. This enables the updating ofdrivers, and the installation of HPE utilities (such as Health and iLO drivers), and agents (Server, NIC,and Storage).Using the SPP Supplement and its corresponding SPP on a supported Linux operating system. Enablesthe choice of either standard Linux installation tools (YUM/Zypper) or HPE management tools(SUM/OneView) to do the following:•Use the software and firmware provided in the Supplement and the SPP.•Use the firmware provided in the SPP and get the software from the Software DeliveryRepository at https:///SDR.•Use the firmware and software utilities provided in the SPP and get the drivers from the operating system distro.When appropriate for any given deployment, components can be combined into a single ISO using SUMcustom baseline or applied as separate packages.To upload selected components to the iLO Repository and create an install set, select Save Components as an Install set on iLO Repository. SUM automatically creates a default name and description, but you can edit the name and description for the install set. You can use this install set to roll back the server components at a future time. The name and description are limited to 63 characters, and the only special charactersallowed are - and _.Component Release NotesDriver - Storage ControllerSoftware - System ManagementDriver - Storage Controller Top HPE ProLiant Smart Array Controller (64-bit) Driver for Red Hat Enterprise Linux 8 (64-bit)Version: 3.4.20-211(Recommended)Filename: kmod-hpsa-3.4.20-211.rhel8u4.x86_psig; kmod-hpsa-3.4.20-211.rhel8u4.x86_64.rpm; kmod-hpsa-3.4.20-211.rhel8u5.x86_psig; kmod-hpsa-3.4.20-211.rhel8u5.x86_64.rpmEnhancementsAdded RHEL8.5 supportSoftware - System Management Top HPE ProLiant Agentless Management Service for Red Hat Enterprise Linux 8 ServerVersion: 2.10.5(Optional)Filename: hp-ams-2.10.5-888.1.rhel8.x86_psig; hp-ams-2.10.5-888.1.rhel8.x86_64.rpmPrerequisiteso hp-ams supported on HPE ProLiant Gen8 and Gen9 Servers.o hp-ams provides information to the HPE iLO 4 service providing SNMP support.o SNMP PASS-THRU on the HPE iLO 4 MUST be disabled, and SNMP should be configured on the HPE iLO 4. The HPE iLO 4 may need to be reset after changing these settings.o Requirements:▪Minimum HPE iLO 4 Firmware Version = 1.05▪Minimum supported OS Versions = Red Hat Enterprise Linux 5.6, Red Hat Enterprise Linux 6.0,SuSE Linux Enterprise Server 10 SP4, SuSE Linux Enterprise Server 11 SP1FixesFixed the following items:o Addressed issue where the NIC port status or IML record when NIC port link status changes from "Unknown"to "OK". Updated the SNMP trap to make iLO/IML record the correct link port status.HPE SNMP Agents for Red Hat Enterprise Linux 8 ServerVersion: 10.9.4(Optional)Filename: hp-snmp-agents-10.94-689.8.rhel8.x86_psig; hp-snmp-agents-10.94-689.8.rhel8.x86_64.rpm PrerequisitesThe hp-health and hp-snmp-agents run as 32 bit applications in the x86_64 environment. The Linux kernel 32 bit compatibility must be enabled (usual default for Linux) and the 32 bit compatibility libraries must be present.To get the list of all dependency files for hp-snmp-agents type:rpm –qp –-requires hp-snmp-agents-<version>.rpmFixesFixed the following items:o The hp-snmp-agent may show "NAME="SLES"" as OS description for all the SLES15 and subversion.o The user may see the incorrect status for the connected NIC ports due to missing the ifconfig system command in SLES15 and subversion.o The user may see interface information is missing on the SMH page due to the hp-snmp-agent for SLES 15 missing the systemd rpm during the package build.HPE System Health Application and Command Line Utilities for Red Hat Enterprise Linux 8 ServerVersion: 10.9.3(Optional)Filename: hp-health-10.93-307.4.rhel8.x86_psig; hp-health-10.93-307.4.rhel8.x86_64.rpmPrerequisitesThe hp-health and hp-snmp-agents run as 32 bit applications in the x86_64 environment. The Linux kernel 32 bit compatibility must be enabled (usual default for Linux) and the 32 bit compatibility libraries must be present.To get the list of all dependency files for hp-health, type:rpm –qp –requires hp-health-< version >.rpmFixesFixed the following items:o The hpasmcli utility may show DIMM status as "N/A" due to the SMBIOS data entry not correctly initializing the DIMM information.HPE System Management Homepage Templates for LinuxVersion: 10.8.1(Optional)Filename: hp-smh-templates-10.8.1-1487.3.noarch.rpmPrerequisitesThe hp-smh-templates RPM install will fail, if all dependencies are not installed. The administrator can verify the list of dependencies required by running this command. If the repositories being used by yum or zypper, includes these dependencies, the installation tool will automatically retrieve them. However if they are not present, the user must manually install them prior to proceeding with the RPM install.To get the list of all dependency files for hp-smh-templates type:rpm –qp –-requires hp-smh-templates-<version>.rpmFixesInitial support for Red Hat Enterprise Linux 8 ServerContent NotesRHEL8.6 Supplement for Gen9 SPP ContentsThis table lists all of the software and firmware on this RHEL8.6 Supplement for Gen9 SPP. For more information on this deliverable go to /servers/spp/download.ProductCategory Component Title Version Release Date FilenameApplication - System Management Integrated Smart UpdateTools for Linux x64 2.9.1.021 October2021sut-2.9.1-22.linux.x86_64.rpmDriver - Storage Controller HPE ProLiant Smart ArrayController (64-bit) Driverfor Red Hat EnterpriseLinux 8 (64-bit)3.4.20-218 06 May 2022kmod-hpsa-3.4.20-218.rhel8u5.x86_64.rpmkmod-hpsa-3.4.20-218.rhel8u6.x86_64.rpmDriver - Storage Controller HPE Dynamic Smart ArrayB140i SATA RAIDController Driver for Red1.2.10-211 06 May 2022 kmod-hpdsa-1.2.10-211.rhel8u6.x86_64.rpmHat Enterprise Linux 8 (64-bit)kmod-hpdsa-1.2.10-211.rhel8u5.x86_64.rpmDriver - Storage Controller HPE ProLiant Smart ArrayController (64-bit) Driverfor Red Hat EnterpriseLinux 8 (64-bit)3.4.20-211 03 December2021kmod-hpsa-3.4.20-211.rhel8u5.x86_64.rpmkmod-hpsa-3.4.20-211.rhel8u4.x86_64.rpmSoftware - Driver Update HPE Dynamic Smart ArrayB140i SATA RAIDController Driver for RedHat Enterprise Linux 8(64-bit)1.2.10-211 07 May 2022Software - System Management HPE SNMP Agents for RedHat Enterprise Linux 8Server10.9.4 28 August2021hp-snmp-agents-10.94-689.8.rhel8.x86_64.rpmSoftware - System Management HPE System ManagementHomepage Templates forLinux10.8.1 15 February2019hp-smh-templates-10.8.1-1487.3.noarch.rpmSoftware - System Management HPE ProLiant AgentlessManagement Service forRed Hat Enterprise Linux8 Server2.10.503 January2022hp-ams-2.10.5-888.1.rhel8.x86_64.rpmSoftware - System Management HPE System HealthApplication and CommandLine Utilities for Red HatEnterprise Linux 8 Server10.9.3 10 April 2021 hp-health-10.93-307.4.rhel8.x86_64.rpmSoftware - Lights-Out Management HPE Lights-Out OnlineConfiguration Utility forLinux (AMD64/EM64T)5.7.0-0 03 January2022hponcfg-5.7.0-0.x86_64.rpmThere are 10 items in this table.© Copyright 2021 Hewlett Packard Enterprise Development LP。

###################################################################### INTEGRATED DELL(TM) REMOTE ACCESS CONTROLLER 6 (iDRAC6) VERSION 3.00 ######################################################################This document contains updated information about the Integrated DellRemote Access Controller 6.For more information about iDRAC6, including installation andconfiguration information, see the "Integrated Dell Remote AccessController 6 (iDRAC6) Enterprise for Blade Servers Version 3.00User Guide" and the "Dell OpenManage(TM) Server AdministratorUser's Guide." These documents are located on the Dell Supportwebsite at "/manuals." On the "Manuals" page, click"Software" > "Systems Management". Click on the appropriate productlink on the right-side to access the documents.######################################################################TABLE OF CONTENTS######################################################################This file contains the following sections:* Criticality* Minimum Requirements* Release Highlights* Important Notes and Known Issues###################################################################### CRITICALITY######################################################################2 - Recommended###################################################################### MINIMUM REQUIREMENTS######################################################################====================================================================== SUPPORTED SYSTEMS====================================================================== iDRAC6 is supported on the following Dell PowerEdge(TM) systemsin the Dell PowerEdge M1000e system enclosure:* Dell PowerEdge M610* Dell PowerEdge M710* Dell PowerEdge M910* Dell PowerEdge M610x* Dell PowerEdge M710HD====================================================================== SUPPORTED MANAGED SERVER OPERATING SYSTEMS====================================================================== The iDRAC6 is supported by the following operating systems:* Microsoft(R) Windows Server(R) 2003 familyThe Windows Server 2003 family includes:- Windows Server 2003 (Standard, Enterprise, and DataCenterEditions) with SP2 (x86, x86_64)- Windows Server 2003 Web Edition with SP2 (x86, x86_64) on M910 only- Windows Server 2003 R2 (Standard, Enterprise, and DataCenterEditions) with SP2 (x86, x86_64)* Microsoft Windows Server 2008 SP2 (Standard, Enterprise,and DataCenter Editions) (x86, x86_64)- Windows Server 2008 SP2 Web Edition (x86, x86_64) on M910 only* Microsoft Windows Server 2008 EBS SP1 (Standard and Premium Editions)* Microsoft Windows Server 2008 R2 (Standard, Enterprise,and DataCenter Editions) (x86_64)- Windows Server 2008 R2 Web Edition (x86_64) on M910 only* SUSE(R) Linux Enterprise Server (SLES) 10 SP3 (x86_64)* SUSE Linux Enterprise Server (SLES) 11 (x86_64)* Red Hat(R) Enterprise Linux (RHEL) 4.8 (x86, x86_64)* Red Hat(R) Enterprise Linux (RHEL) 5.5 (x86, x86_64)* Hyper-V(TM) and Hyper-V R2* VMware(R) ESX 4.0 Update 1* ESXi(TM) 4.0 Update1 Flash* XenServer(TM) 6.0 HDDNote:Use the Dell-customized ESXi 4.0 Update 1 Embedded edition. Thisimage is available at and . The remotedeployment and local installation of ESXi through Virtual Media isnot supported for standard ESXi Embedded version 4.0, as theinstallation may fail with the error message, "Installation failedas more than one USB device found."====================================================================== SUPPORTED WEB BROWSERS====================================================================== * Microsoft Internet Explorer(R) 7.0 for Windows Server 2003 SP2,Windows Server 2008 SP2, Windows XP SP3, and Windows Vista(R) SP2* Microsoft Internet Explorer 8.0 for Windows Server 2003 SP2,Windows Server 2008 SP2, Windows Server 2008 R2, Windows XP SP3,Windows 7, and Windows Vista(R) SP2.Internet Explorer 8 requires Java(TM) Runtime Environment (JRE)version 1.6.14 or later* Microsoft Internet Explorer 8.0 (64-bit) for Windows 7 (x86_64)and Windows Server 2008 R2 (x86_64)* Mozilla(R) Firefox(R) 3.0 on Windows XP SP3, Windows Server 2003 SP2,Windows Server 2008 SP2, Windows Server 2008 R2, Windows Vista SP2,Windows 7, RHEL 4.8, RHEL 5.4, SLES 10 SP3, and SLES 11* Mozilla(R) Firefox(R) 3.6 on Windows Server 2008 SP2,Windows Server 2008 R2, Windows Vista SP2, Windows 7, RHEL 4.8,RHEL 5.4, and SLES 11* Mozilla(R) Firefox(R) 3.6 (64-bit) on RHEL 5.4 (x86_64) andSLES 11 (x86_64)====================================================================== FIRMWARE VERSIONS====================================================================== Recommended firmware versions for CMC and BIOS:* CMC Firmware: 3.0 (required for M610x and M710HD)* Dell PowerEdge M610 BIOS: 2.1.8 or later* Dell PowerEdge M710 BIOS: 2.1.8 or later* Dell PowerEdge M910 BIOS: 1.1.6 or later* Dell PowerEdge M610x BIOS: 2.1.8 or later* Dell PowerEdge M710HD BIOS: 1.0.x or later###################################################################### RELEASE HIGHLIGHTS (FIRMWARE VERSION 3.00)######################################################################* Support for M610x and M710HD systems* Remote Enablement enhancements* vFlash enhancements* New Web GUI visual design* Virtual Console preview* Regular maintenance###################################################################### IMPORTANT NOTES AND KNOWN ISSUES FOR iDRAC6 3.00######################################################################This section provides important notes and additional information aboutknown issues for the iDRAC6 Firmware version 3.00:* If you are upgrading from iDRAC versions 2.1 or 2.2, you must firstinstall iDRAC version 2.30 or 2.31 before installing the 3.00 version.* When connecting to the iDRAC Web interface with a certificate thebrowser does not trust, the browser's certificate error warning maydisplay a second time after you acknowledge the first warning. Thisis the expected behavior to ensure security.* To use Virtual Console with Java plug-in, the supported JRE versionis 1.6.0_20 or higher.* When the JRE is configured to verify the certificate againsta Certificate Revocation List (CRL) and/or online certificatevalidation the certificate validation may sometimes fail. Thisis because the Certificate Authority (CA) that issued the certificateis not accessible due to connectivity problems or is notresponding in a timely manner. In such cases, wait and retry ata later time.* Remote Services: When using TFTP to download an ISO image to thevFlash, if the image exceeds the partition size, no error messagewill be generated. However, subsequent operations on the ISO willfail.* On certain hardware configurations, based on the firmware release,firmware downgrades are not allowed.* For Remote Enablement auto-discovery, ensure that the user ID onthe provisioning server does not contain any spaces, as iDRAC6 userIDs may not contain spaces. If a user ID containing spaces isconfigured on the provisioning server, the auto-discovery processmay be successful, but the resulting iDRAC6 account will not be usable.* If you run Dell Update Packages (DUPs) when vFlash is in-use, thevFlash is disconnected and reconnected. If a write operation isin-progress, this action can corrupt the vFlash contents. If thisoccurs, the vFlash SD card will have to be re-initialized.* Reboot the managed system running on VMware ESX 3.x operatingsystem after an iDRAC6 update is completed. This ensures thatthe VMware ESX operating system re-enumerates the virtualdevices and enables virtual floppy and virtual CD-ROMfeatures of the iDRAC6. After the reboot, virtual devicesincluding virtual floppy, work as expected.* Updating iDRAC6 using the DOS Utility when DOS is booted using PXE. The iDRAC6 can be updated using the DOS utility when DOS is booted using PXE. However, the new firmware image has to be on a local media on the system for this to work properly. Local media can be a RAMDISK, HD, or a USB key on the server. When the image is stored on non-local devices like a network drive, PXE server drive, and so on, the iDRAC6update on multiple systems must be sequenced that is, it should bedone one system after the other. After the first system completes theupdate, the second system starts the update. After the second systemcompletes the update, the third system starts the update and so on.* On systems running Windows operating systems, theExplorer window(s) for any media does not close automatically if you remove the media. You must close the window(s) after you removethe media.On systems running Linux operating systems, the filebrowser window(s) for any media closes automatically if you removethe media.* iDRAC6 Linux DUPs do not support VMware ESX 4.0 operatingsystems. If the Linux DUP for iDRAC6 is run on VMwareESX 4.0, the DUP will fail.You can update iDRAC6 using one of the following methods:- CMC GUI-based update- iDRAC6 GUI-based update- Remote RACADM-based update* If you receive the message "A webpage is not responding onthe following website" in Internet Explorer 8.0, see:"/ie/archive/2009/05/04/ie8-in-windows-7-rc-reliability-and-telemetry.aspx""/?kbid=970858"* In Internet Explorer 7.0, if several tabs are open and you launchthe iDRAC6 Virtual Console, all the tabs are hidden whilethe Virtual Console is open. If the tab warning is turned off andyou close the Virtual Console, all the tabs and the browsercloses without warning.To prevent this, go to "Internet Properties" > "Tabs" >"Settings" and select the "Warn me when closing multiple tabs"option.* If a Virtual Media drive is disconnected using the "OS eject"option, then the drive may not be available until the operatingsystem re-enumerates the USB devices. For the operating systemto auto-detect the Virtual Media drive, the iDRAC6 Virtual Mediadevice can be reattached. To do this:1. Go to "System" > "Virtual Console/Media" >"Configuration".2. Set the "Attach Virtual Media" option to "Detach" and click "Apply".3. Set the "Attach Virtual Media" option to "Attach" and click "Apply". * The "racresetcfg" command in RACADM restores all properties totheir default values except "cfgDNSRacName" in the"cfgLanNetworking" group.* The iDRAC6 Linux DUP cannot be run on 64-bit RHEL 4 Update 7due to known issues in that operating system. See the Red HatKB article at "/faq/docs/DOC-3402" touse the DUP on RHEL 4 Update 7.* Smart Card login fails after a logout from the same browser window.Open a new browser window to login.* When using a configuration file with RACADM to configureiDRAC6, changing objects that affect the networkconnection stops the rest of the configuration filefrom taking effect.* To execute iDRAC DUPs in XenServer(TM) 5.6, you must installthe procmail package. You can install the procmail RPM in CentOS5.4 i386, which can be downloaded from any public site that hostsCentOS packages. However, it is recommend not to install *any*RPMs manually on XenServer, instead it is recommended that youdownload and install the OpenManage Supplemental Pack from. It contains the procmail package and is thesupported method for installing third party packages and applicationsin XenServer.* Using the iDRAC web console to shutdown the XenServer operatingsystem by selecting "Graceful Shutdown" does not shut down theserver. As best practice, it is recommended that you use theshutdown menu option in the XenServer console or in the XenCentermanagement GUI.* TFTP firmware update from local RACADM will not work after aracresetcfg or if IPv6 addresses are used. Use the firmwareRACADM for TFTP firmware update.* When using the virtual console on RHEL with Firefox, if thenetwork connection to the iDRAC is lost a blank message boxmay pop up. If the network connection is shortly restoredthe message box may eventually display the “Virtual Consoleis restarted” message and will then close. Normally themessage will immediately display in the message box but onrare occasions it may not display. The display of the messageis controlled by the JRE and if the blank message box isseen this is not an iDRAC firmware issue.* When connecting to the iDRAC GUI using browsers supportinglocalized languages, some popups may have generic messages thatare not localized in the title such as: "The page athttps://10.35.155.207 says:". This is a browser limitationand cannot be changed in the iDRAC.* When using the Virtual Console that uses the Java plug-in with attached Virtual Media, occasionally when disconnecting the Virtual Media the console also closes unexpectedly. When this happens, restartthe Virtual Console to regain access.* When the system is configured for extended schema and a device objectis created in the Active Directory(TM) child domain, iDRAC launch usingSingle Sign-On (SSO) fails for the user created in the child domain andthe root domain. To successfully perform SSO when the user object isdefined in the child domain, associate the user object in the childdomain with “Authenticated user” group.* During the SLES 11 installation through the "Dell Systems ManagementTools and Documentation" DVD, if the DVD is connected through VirtualMedia, the image installation may not proceed after the systemconfiguration step. It shows a warning dialog message similar tothe following:"Empty destination in URL: hd:///install/?device=/dev/sdc1".To continue the installation, delete the question mark ‘?’, refreshthe URL and the installation will proceed. This issue is not seen whenusing the managed system's local CD/DVD or using the operating system DVDdirectly instead of the "Dell Systems Management Tools andDocumentation" DVD.* When using the WSMan DCIM_RAIDService GetAvailableDisks method to retrieve specific RAID devices, the XML file passed to the command will contain a“RaidLevel” value for selection. No error checking is done on the RaidLevelValue. Therefore, if an incorrect or invalid value is specified, incorrectresults may be returned (for example, “abcd” becomes “0”; “64.999” becomes“64”). The RaidLevel specified must be an appropriate integer RAIDlevel value (“1”, “2”, “4”, “64”, “128”, “2048”, “8192”, “16384”, perDCIM_VirtualDiskView.mof).* When all the 16 iDRAC-supported user accounts are configured, attempts tomodify user privileges through the iDRAC GUI fails with the error message“Cannot delete or disable the user. At least one user must be enabled”.Temporarily disabling any one user account restores the ability to modify(all) user account settings. After completing the required accountprivilege changes, the disabled account may be re-enabled.Alternatively, RACADM may be used to modify account settings,irrespective of the number of user accounts that are configured.* At times, the Virtual Console feature of iDRAC becomes unavailable.When this happens issue a “racadm racreset” command to reaccess theVirtual Console.* On few Windows operating systems, under certain conditions, the iDRACivmcli.exe will fail. This is due to run-time components of Visual C++(R)Libraries (VC++ 2008 redistributable package) required to run applicationsthat are not available. To resolve this, download and install MicrosoftVisual C++ 2008 Redistributable Package (x86) from the following location:/downloads/details.aspx?familyid=9B2DA534-3E03-4391- 8A4D-074B9F2BC1BF&displaylang=en* When launching both the iDRAC GUI and the Virtual Console from CMC forthe same managed server, a cmc_root GUI session may not be closed properlyeven when properly logging out of the CMC launched iDRAC GUI window. Ifthis happens, it must be closed manually or the session will remain openuntil it reaches the session timeout. This reduces the available Web sessionsfor logging into the iDRAC until it times out. This session can be closedthrough the “racadm closessn” command or by navigating to the iDRAC SessionsGUI page at "System / Remote Access / iDRAC6" > "Network/Security" > "Sessions". * When using the iDRAC Virtual Console to connect to a managed server with arecent Linux distribution operating system installed, you may experiencemouse synchronization problems. This may be due to the Predictable PointerAcceleration feature of the GNOME desktop. For proper mouse synchronizationin the iDRAC Virtual Console, this feature must be disabled. To disablePredictable Pointer Acceleration, in the mouse section of the/etc/X11/xorg.conf file, add: Option "AccelerationScheme" "lightweight".If synchronization problems continue to be experienced, make the followingadditional changes: In the <user_home>/.gconf/desktop/gnome/peripherals/mouse/%gconf.xml file, change the values for "motion_threshold" and"motion_acceleration" to "-1".* To use Virtual Media with recent Windows releases on the management station,you should log into the management station with an Administrator's account.If you do not, the CD/DVD redirection may not work properly and may causecontinuous USB bus resets. If this happens, set the “Attach Virtual Media”option to “Detach” to stop the USB bus resets and allow CD/DVD redirectionto work properly when you log in again with an Administrator's account.* When you create a vFlash partition from an image file using the GUI orRACADM, if you do not have an open browser for the iDRAC GUI, you will notbe able to connect to the GUI until the create operation is completed. Ifyou need to connect to the iDRAC GUI, you must first have the browserconnected to the iDRAC URL to have access. This is important when a largepartition is being created from an image file since it may take a longtime to complete.* If the browser is enabled to use a proxy server, you will not be able toconnect to the iDRAC GUI. The browser must be set to not use a proxyserver for the iDRAC IP address.* The mention of WS-MAN support for digest authentication in chapter 16 ofthe User Guide is incorrect. iDRAC6 does not support digest authentication.###################################################################### Information in this document is subject to change without notice.(C) 2010 Dell Inc. All rights reserved.Reproduction of these materials in any manner whatsoever withoutthe written permission of Dell Inc. is strictly forbidden.Trademarks used in this text: "Dell", "OpenManage", and "PowerEdge"are trademarks of Dell Inc.; "Microsoft", "Windows", "InternetExplorer", "Windows Server", "Windows Vista", "ActiveX","Hyper-V Server", "Hyper-V", "Visual C++", and "Active Directory"are either trademarks or registered trademarks of Microsoft Corporationin the United States and/or other countries; "Intel" isa registered trademark of Intel Corporation in the United Statesand other countries; "SUSE" is a registered trademark of Novell Corporation; "Red Hat" and "Red Hat Enterprise Linux" are registered trademarks of Red Hat, Inc. in the United States and other countries; "VMware", "ESX Server", and "ESXi Server” are registered trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions; "XenServer" is a trademark of Citrix Systems, Inc. in the United States and/or other countries; "Java" is a trademarks of Sun Microsystems, Inc. in the United States and other countries; "Mozilla" and "Firefox" are either registered trademarks or trademarks of Mozilla Foundation.Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.July 2010。

Linux下安装Redmine前置条件需要安装ruby，rubygems，rake，rails和mysql数据库。

安装Redmine和Ruby、Rails对应的版本：Redmine version Supported Ruby versionscurrent trunk ruby 1.8.72, 1.9.2, 1.9.3, 2.0.01, jruby-1.7.2.4 2.5 ruby 1.8.72, 1.9.2, 1.9.3, 2.0.01, jruby-1.7.61.安装RVMRVM 是干什么的这里就不解释了，后面你将会慢慢搞明白。

$ curl -L https://get.rvm.io | bash -s stable提示需要key可以做如下操作#command curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -期间可能会问你sudo管理员密码，以及自动通过homebrew安装依赖包，等待一段时间后就可以成功安装好RVM。

然后，载入RVM 环境（新开Termal就不用这么做了，会自动重新载入的）$ source ~/.rvm/scripts/rvm管理员启动rvm#source /etc/profile.d/rvm.sh检查一下是否安装正确$ rvm -vrvm 1.22.17 (stable) by Wayne E. Seguin <wayneeseguin@>, Michal Papis<mpapis@>[https://r1.安装Ruby下载Ruby安装包并进行安装：1.wget ftp:///pub/ruby/2.0/ruby-2.0.0-p481.tar.gz2.tar zxf ruby-2.0.0-p481.tar.gz3.cd ruby-2.0.0-p4814../configure5.make6.make install7.复制代码验证Ruby是否安装成功：8.ruby -v复制代码输出ruby版本号代表安装成功。

RHEL运行系统配置及管理实验总结一、实验介绍本实验总结了在R HEL系统中进行运行系统配置及管理的相关实验。

通过这些实验，我们将深入了解R HE L系统中的各种配置和管理操作，并掌握相应的技能，以提高系统稳定性和性能。

二、实验内容1.安装R H E L系统在进行任何操作之前，首先需要安装R HEL系统。

选择适合的版本和安装方式，并按照提示进行安装。

安装完成后，系统将进入初始状态。

2.配置网络在R HE L系统中，网络配置是一个非常重要的部分。

我们需要通过合理的网络配置，确保系统能够正常访问外部网络，并能提供网络服务。

2.1配置I P地址使用`i fc on fi g`命令查看当前网络接口的信息，使用`i fc fg`配置文件来设置IP地址、子网掩码、网关等网络参数。

2.2配置D N S在`/e tc/r es ol v.co n f`文件中配置D NS服务器的I P地址，以便系统能够解析域名。

3.管理用户和权限R H EL系统中，用户和权限管理是非常重要的。

我们需要创建、修改和删除用户，设置用户的权限，并且合理地管理用户的访问权限。

3.1创建用户使用`u se ra dd`命令或`ad du se r`命令创建新用户。

设置用户名、密码和用户组等参数。

3.2修改用户使用`us er mo d`命令修改用户的属性，如修改用户的密码、用户组等。

3.3删除用户使用`u se rd el`命令删除指定的用户。

3.4设置用户权限使用`c hm od`命令设置文件或目录的权限，使用`ch ow n`命令修改文件或目录的所有者。

4.系统管理管理系统是维护系统安全和稳定性的重要工作。

我们需要进行系统更新、日志管理和进程管理等操作。

4.1系统更新使用`y um`命令更新软件包和系统补丁，确保系统处于最新状态。

4.2日志管理R H EL系统提供了强大的日志管理工具，如`rs ys lo g`和`j ou rn al ct l`等。

RHEL 6.0使用CentOS yum源1、删除RHEL原有的yumrpm -aq|grep yum|xargs rpm -e --nodeps #删除2、下载新的yum安装包 #这里我们使用CentOS的yum源wget /centos/6/os/x86_64/Packages/python-iniparse-0.3.1-2.1.el6.noarch.rpmwget /centos/6/os/x86_64/Packages/yum-metadata-parser-1.1.2-16.el6.x86_64.rpm wget /centos/6/os/x86_64/Packages/yum-3.2.29-22.el6.centos.noarch.rpmwget /centos/6/os/x86_64/Packages/yum-plugin-fastestmirror-1.1.30-10.el6.noarch.rpm3、安装yum软件包rpm -ivh python-iniparse-0.3.1-2.1.el6.noarch.rpmrpm -ivh yum-metadata-parser-1.1.2-16.el6.x86_64.rpmrpm -ivh yum-3.2.29-22.el6.centos.noarch.rpm yum-plugin-fastestmirror-1.1.30-10.el6.noarch.rpm(这里要注意的是：最后两个安装包要放在一起同时安装，否则会提示相互依赖，安装失败。

)4、更改yum源 #我们使用网易的CentOS镜像源cd /etc/yum.repos.d/wget /.help/CentOS6-Base-163.repovi CentOS6-Base-163.repo #编辑文件把文件里面的$releasever全部替换为版本号，即6 最后保存！或者直接把下面的内存拷贝到CentOS6-Base-163.repo文件中即可（已经修改好，不用下载直接新建CentOS6-Base-163.repo 也可以）# CentOS-Base.repo## The mirror system uses the connecting IP address of the client and the# update status of each mirror to pick mirrors that are updated to and# geographically close to the client.&nbsp; You should use this for CentOS updates# unless you are manually picking other mirrors.## If the mirrorlist= does not work for you, as a fall back you can try the# remarked out baseurl= line instead.##[base]name=CentOS-6 - Base - baseurl=/centos/6/os/$basearch/#mirrorlist=/?release=6&arch=$basearch&repo=osgpgcheck=1gpgkey=/centos/RPM-GPG-KEY-CentOS-6#released updates[updates]name=CentOS-6 - Updates - baseurl=/centos/6/updates/$basearch/#mirrorlist=/?release=6&arch=$basearch&repo=updatesgpgcheck=1gpgkey=/centos/RPM-GPG-KEY-CentOS-6#additional packages that may be useful[extras]name=CentOS-6 - Extras - baseurl=/centos/6/extras/$basearch/#mirrorlist=/?release=6&arch=$basearch&repo=extrasgpgcheck=1gpgkey=/centos/RPM-GPG-KEY-CentOS-6#additional packages that extend functionality of existing packages[centosplus]name=CentOS-6 - Plus - baseurl=/centos/6/centosplus/$basearch/#mirrorlist=/?release=6&arch=$basearch&repo=centosplusgpgcheck=1enabled=0gpgkey=/centos/RPM-GPG-KEY-CentOS-6#contrib - packages by Centos Users[contrib]name=CentOS-6 - Contrib - baseurl=/centos/6/contrib/$basearch/#mirrorlist=/?release=6&arch=$basearch&repo=contribgpgcheck=1enabled=0gpgkey=/centos/RPM-GPG-KEY-CentOS-65、收尾，测试YUM 是否可用yum clean all #清理yum缓存yum makecache #将服务器上的软件包信息缓存到本地,以提高搜索安装软件的速度yum install vim* #测试yum是否可用PS:本文章参考RHEL 6.0使用CentOS yum源/archives/162.htmlCentos6.0 使用网易源。

RHEL6、7防火墙操作网络安全技术是一门涉及计算机科学、网络技术、通信技术、密码技术、信息安全技术、应用数学、数论、信息论等多学科的综合性学科。

解决网络安全问题的重要手段就是防火墙技术。

下面是學習啦小編收集整理的RHEL6、7防火墙操作，希望對大家有幫助~~ RHEL6、7防火墙操作(1)RHEL6防火墙设置1、临时状态、永久查询2、重启、临时关闭、永久关闭(2)RHEL7防火墙设置1、临时状态、永久查询2、重启、临时关闭、永久关闭(1)RHEL6防火墙设置11、临时状态、永久查询临时状态查询：serviceiptablesstatusserviceip6tablesstatus永久状态查询：chkconfig--list|grepiptables22、重启、临时关闭、永久关闭临时关闭、启动：serviceiptablesstop/startserviceip6tablesstop/start永久关闭、启动：chkconfig--level2345iptablesoff/onchkconfig--level2345ip6tablesoff/on(2)RHEL7防火墙设置1、临时状态、永久查询临时状态查看：systemctlstatusfirewalld永久状态查看：systemctllist-unit-files|grepfirewalld22、重启、临时关闭、永久关闭临时重启：systemctlstopfirewalld永久关闭或开启：systemctldisablefirewalldRHEL6、7防火墙操作相关文章：1.linux防火墙怎么样设置2.linux怎么样查看防火墙有没开启3.RedhatLinux7怎么用命令关闭防火墙4.redhat防火墙如何设置5.linux防火墙设置规则怎么样6.linux防火墙如何配置7.在CentOS的防火墙上开启通行端口的方法8.linux怎么查看防火墙。

RedHatLINUX系统环境搭建手册版本历史目次1引言 (1)2操作系统安装 (1)2.1准备工作 (1)2.2安装R EDHAT7.2系统 (1)3操作系统设置 (16)3.1网络配置 ......................................................................................................... 错误！未定义书签。

3.2防火墙 (16)3.3S ELINUX (17)3.4FTP (17)3.5GDM (17)3.6附件安装SVN、服务端 ................................................................................ 错误！未定义书签。

创建仓库...................................................................................................................... 错误！未定义书签。

svn create 创建仓库 ........................................................................................... 错误！未定义书签。

修改配置文件.......................................................................................................... 错误！未定义书签。

增加用户passwd................................................................................................. 错误！未定义书签。

RHEL 7.4安装安装过程流水记录刚开始安装时用：SanDisk启动，这个应该是用传统USB模式出现如下错误，不知为何。

然后：使用启动，可以正常启动，但是在挂载点中需要多挂载一个/Boot/efi的挂载点，而使用efi挂载点的磁盘必须是gpt分区表，而我第二块硬盘不知道是啥分区表，此项验证不能过，无法进行安装；没有办法折腾了几次，然后又试着用第一次试过的启动一下次，这次居然没出错，不知为何：配置好挂载点后，可以进行安装；由于这次通过了验证，比较兴奋，没有选择安装大小，默认安装为最小安装，仅329个包。

安装过程仅10来分钟，然后又重新安装了一遍，选择了GUI的版本，然后勾先了Postgresql包，这样一共要1303个包，用了大概25分钟吧，i76670,16G内存，机械硬盘。

正确的方式：1.用PowerISO打开ISO文件制作启动U盘；2.如果在已经分过区的硬盘上安装（即：剩余的未分区空间），则必须用非UEFI模式启动，BIOS中的USB控制器中必须打开Legacy的支持，若想用UEFI最好是用一个空白的硬盘。

3.指定几个挂载点：/boot，RHEL7.4要500MB,别的可能少一些，swap内存交换空间，为内存的1到2倍即可，/根空间，根据使用情况5个G吧，可以再加个挂载点存其它文件。

RHEL更换为centros的yum以下所有操作参考此链接地址中的说法，顺利完成：/yjscloud/p/6654379.html1、首先查看redhat 7.0系统本身所安装的那些yum 软件包：[root@pan ~]# rpm -qa | grep yumyum-utils-1.1.31-24.el7.noarchyum-langpacks-0.4.2-3.el7.noarchyum-metadata-parser-1.1.4-10.el7.x86_64yum-rhn-plugin-2.0.1-4.el7.noarchPackageKit-yum-0.8.9-11.el7.x86_64yum-3.4.3-118.el7.noarch2、卸载这些软件包；[root@pan ~]# rpm -e yum-3.4.3-118.el7.noarch --nodeps[root@pan ~]# rpm -e yum-utils-1.1.31-24.el7.noarch --nodeps[root@pan ~]# rpm -e yum-rhn-plugin-2.0.1-4.el7.noarch --nodeps[root@pan ~]# rpm -e yum-metadata-parser-1.1.4-10.el7.x86_64 --nodeps[root@pan ~]# rpm -e yum-langpacks-0.4.2-3.el7.noarch --nodeps[root@pan ~]# rpm -e PackageKit-yum-0.8.9-11.el7.x86_64 --nodeps3、保证本机电脑能上网；[root@pan ~]# ping PING (163.177.151.110) 56(84) bytes of data.64 bytes from 163.177.151.110: icmp_seq=1 ttl=49 time=13.1 ms64 bytes from 163.177.151.110: icmp_seq=2 ttl=49 time=6.80 ms64 bytes from 163.177.151.110: icmp_seq=3 ttl=49 time=6.77 ms^C--- ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2007msrtt min/avg/max/mdev = 6.777/8.917/13.168/3.006 ms4、进入以下网站上面查看软件包的版本是否升级或者找到自己系统所对应的文件包版本更新；网易163网络源地址：/CentOS网络源地址：/centos/5、找到自己所需要的版本下载：wget /centos/7/os/x86_64/Packages/yum-3.4.3-150.el7.centos.noarch.rpmwget /centos/7/os/x86_64/Packages/yum-metadata-parser-1.1.4-10.el7.x86_64.rpmwget /centos/7/os/x86_64/Packages/yum-utils-1.1.31-40.el7.noarch.rpmwget /centos/7/os/x86_64/Packages/yum-updateonboot-1.1.31-40.el7.noarch.rpmwget /centos/7/os/x86_64/Packages/yum-plugin-fastestmirror-1.1.31-40.el7.noarch.rpm我到163的镜像网站上找了一下：/centos/7.4.1708/os/x86_64/Packages/yum-3.4.3-154.el7.centos.noarch.rpm/centos/7.4.1708/os/x86_64/Packages/yum-metadata-parser-1.1.4-10.el7.x86_64.rpm /centos/7.4.1708/os/x86_64/Packages/yum-utils-1.1.31-42.el7.noarch.rpm/centos/7.4.1708/os/x86_64/Packages/yum-updateonboot-1.1.31-42.el7.noarch.rpm /centos/7.4.1708/os/x86_64/Packages/yum-plugin-fastestmirror-1.1.31-42.el7.noarch.rpm 6、查看下载完成结果；[root@pan ~]# ls7、安装软件包：[root@pan ~]# rpm -ivh yum-*[root@localhostyum_setup]# rpm -ivh yum-*警告：yum-3.4.3-154.el7.centos.noarch.rpm: 头V3 RSA/SHA256 Signature, 密钥ID f4a80eb5: NOKEY准备中... ################################# [100%]正在升级/安装...1:yum-metadata-parser-1.1.4-10.el7 ################################# [ 20%]2:yum-plugin-fastestmirror-1.1.31-4################################# [ 40%]3:yum-3.4.3-154.el7.centos ################################# [ 60%]4:yum-updateonboot-1.1.31-42.el7 ################################# [ 80%]5:yum-utils-1.1.31-42.el7 ################################# [100%]8、是原作者安装的包依赖有问题，我从163的mirrors上下的7.4.1708版本目录里的的没事，安装正常。

Dell ChassisManagement Controller (CMC) Version 1.00 for Dell PowerEdge VRTXRelease NotesRelease Type and DefinitionThe Dell Chassis Management Controller (CMC) for Dell PowerEdge VRTX is a SystemsManagement hardware and software solution for managing the Dell PowerEdge VRTX chassis. Version1.00Release DateJune, 2013Previous VersionNoneImportanceOPTIONAL: This is the first released version of CMC firmware for Dell PowerEdge VRTX chassis. Platform(s) AffectedDell Chassis Management Controller (CMC) for Dell PowerEdge VRTX is supported on the following system:∙PowerEdge VRTXWhat is Supported?License RequirementsThe CMC supports software licensing to use advanced systems management features. For more information about the license requirements, see the Dell Chassis Management Controller for Dell VRTX User's Guide.Supported Management Station Operating Systems and Web Browsers for CMC for Dell PowerEdge VRTX∙Microsoft Internet Explorer 9 on Windows 7 32-bit, Windows 7 64-bit, Windows Server 2008, Windows Server 2008 64-bit, and Windows Server 2008 R2 64-bit.∙Microsoft Internet Explorer 10 on Windows 7 32-bit, Windows 7 64-bit, Windows 8 32-bit, Windows 8 64-bit, Windows Server 2008, Windows Server 2008 64-bit, Windows Server 2008 R2 64-bit, and Windows 8 Server.∙Mozilla Firefox 20.0.1 on Windows 7 32-bit, Windows 7 64-bit, Windows 8 32-bit, Windows 8 64-bit, Macintosh OSX Lion, Windows Server 2008, Windows Server 2008 64-bit, Windows Server2008 R2 64-bit, and Windows 8 Server.∙Google Chrome 26.0.1410 on Windows 8 32-bit, Windows 8 64-bit.∙Native Mozilla Firefox on SLES 10 SP4, SLES 11 SP2, SLES 11 SP3, RHEL 5.8 32-bit, RHEL 5.8 64-bit,RHEL 6.3, RHEL 6.4.Supported Server Modules∙Supported platforms: M520 and M620∙iDRAC7 Version: 1.40.40 or later∙System CPLD Version: 1.0.6 or later∙PowerEdge M520 BIOS Version: 1.7.6 or later∙PowerEdge M620 BIOS Version: 1.7.6 or laterNote: Server modules with unsupported iDRAC7, BIOS, and CPLD versions may turn on in the VRTX chassis, but can cause some unexpected issues.What’s New?Initial ReleaseFixesNot applicableImportant Notes∙The shared hard disk drives (HDDs) and PCIe cards are managed by the CMC and are not visible to the operating system in the server modules, until the HDDs and PCIe cards are mapped byusing the CMC web interface. For instructions about mapping PCIe cards and managing thestorage subsystem, see the Chassis Management Controller for PowerEdge VRTX Version 1.0User's Guide available at /support/manuals.∙All the server modules must be turned off before updating the firmware for chassis infrastructure and SPERC. CMC firmware can be updated while the servers are on.∙Some advanced features require CMC enterprise license. For more information about the CMC licenses, see the Chassis Management Controller for PowerEdge VRTX Version 1.0 User's Guide available at /support/manuals.∙Before updating the storage component using the web interface, make sure that the browser’s Cookies are enabled.Known IssuesWhen multiple CMCs are grouped using the multi-chassis management feature in an Internet Explorer browser, if you pause the mouse over the chassis graphics, it may incorrectly show 25 HDDs in a 12-HDD chassis. Select the individual CMC in the group to view the correct chassis graphics, or use alternate browsers.LimitationsNoneInstallationPrerequisitesBefore setting up your CMC environment, download the latest version of CMC firmware for PowerEdge VRTX from the Dell Support Website at /support/. Also, make sure that you have the Dell Systems Management Tools and Documentation DVD that is included with your system.Installation Procedure1.Set up initial access to CMC.2.Access CMC through a network.3.Add and configure CMC users.4.Update CMC firmware.For more information, see the Chassis Management Controller for PowerEdge VRTX Version 1.0 User's Guide available at/support/Manuals/us/en/19/ProductSelector/Select/FamilySele ction?CategoryPath=all-products%2Fesuprt_electronics%2Fesuprt_software%2Fesuprt_remote_ent_sys_m gmt%2Fesuprt_rmte_ent_sys_chassis_mgmt_cntrllr&Family=Chassis%20Managem ent%20Controller&DisplayCrumbs=Product%2BType%40%2CSoftware%252c%2BM onitors%252c%2BElectronics%2B%2526%2BPeripherals%40%2CSoftware%40%2CR emote%2BEnterprise%2BSystem%2BManagement%40%2CChassis%2BManagement %2BController&rquery=na&sokey=solinkContacting DellNote: If you do not have an active Internet connection, you can find contact information on your purchase invoice, packing slip, bill, or Dell product catalog.Dell provides several online and telephone-based support and service options. Availability varies by country and product, and some services may not be available in your area. To contact Dell for sales, technical support, or customer service issues:1.Visit /support.2.Select your support category.3.Verify your country or region in the Choose a Country/Region drop-downmenu at the top of page.4.Select the appropriate service or support link based on your need.For information about documentation support:1.Go to /support/manuals2.In the Tell us about your Dell system section, under No, select Choose from alist of all Dell products and click Continue.3.In the Select your product type section, click Software, Monitors, Electronics &Peripherals.4.In the Choose your Dell Software, Monitors, Electronics & Peripherals section,click Software.5.In the Choose your Dell Software section, click the required link from thefollowing:–Client System Management–Enterprise System Management–Remote Enterprise System Management–Serviceability Tools6.To view the document, click the required product version.NOTE: You can also directly access the documents using the following links:o For Client System Management documents —/OMConnectionsCliento For Enterprise System Management documents —/openmanagemanualso For Remote Enterprise System Management documents —/esmmanualso For Serviceability Tools documents — /serviceabilitytools© 2013 Dell Inc. All rights reserved.Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. Trademarks used in this text: Dell(TM), the DELL logo, PowerEdge (TM), PowerVault (TM), Compellent (TM) and OpenManage (TM) are trademarks of Dell Inc. Intel (R)is a registered trademark of Intel Corporation in the U.S. and other countries. Microsoft (R), Windows (R), Windows Server (R), Internet Explorer (R), Hyper-V (R), Active Directory (R), ActiveX (R) and Windows Vista (R) are trademarks or registered trademarks of Microsoft Corporation in the United States and/or other countries. Red Hat Enterprise Linux (R) and Enterprise Linux (R) are registered trademarks of Red Hat, Inc. in the United States and/or other countries. The term Linux(R) is a registered trademark of Linus Torvalds, the original author of the Linux kernel. SUSE(TM) is a trademark of Novell Inc. in the United States and other countries. XenServer (R) is a registered trademark of Citrix Systems, Inc. in the United States and/or other countries. Mozilla (R) and Firefox(R) are registered trademarks of Mozilla Foundation. VMware (R) and ESX (TM) are registered trademarks or trademarks of VMware, Inc. in the United States and/or other jurisdictions. Java(TM) is a registered trademark of Oracle and/or its affiliates. Google (R) and Chrome (TM) is a trademark of Google Inc.Mac (R), Macintosh(R), and Mac OS (R), Safari(R), and OS X (R) are trademarks of Apple Inc., registered in the U.S. and other countries. Matrox (R) is a registered trademark of Matrox. Broadcom (TM) is a trademarkof Broadcom Corporation and/or its affiliates in the United States, certain other countries, and/or the EU. QLogic (R) is a registered trademark of QLogic Corporation. Other trademarks and trade names may be used in this publication to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.。

RHEL6服务器操作系统参数及安全配置Red Hat Enterprise Linux (RHEL) 6是一种企业级的操作系统，本文将介绍RHEL6服务器的操作系统参数和安全配置。

1.系统参数配置：a. 文件描述符限制：通过修改/etc/security/limits.conf文件，设置nofile的值来增加文件描述符的限制。

例如，添加以下行：b. 系统资源限制：通过修改/etc/sysctl.conf文件，设置系统资源限制的参数。

例如，增加以下参数来增大内存的共享限制：* kernel.shmmni = 4096c. 网络参数：通过/etc/sysctl.conf文件修改网络参数。

例如，禁用ICMP重定向和ARP代理：* net.ipv4.conf.all.accept_redirects = 0* net.ipv4.conf.all.send_redirects = 0* net.ipv4.conf.all.proxy_arp = 0d. 文件系统参数：通过/etc/fstab文件和tune2fs工具来设置文件系统参数。

例如，设置ext4文件系统在挂载时启用日志功能：* tune2fs -O journal_dev /dev/sda1* mount -o journal_data /dev/sda1 /mnt/data2.安全配置：a. 防火墙配置：使用iptables防火墙来配置和管理网络连接。

通过配置规则限制进出服务器的网络数据流量，可以提高服务器的安全性。

例如，只允许指定的IP地址访问SSH端口：* iptables -A INPUT -p tcp --dport 22 -s 192.168.1.1 -j ACCEPT* iptables -A INPUT -p tcp --dport 22 -j DROP* service iptables saveb. SELinux配置：RHEL6默认启用了Security-Enhanced Linux (SELinux)，通过配置SELinux策略可以提高服务器的安全性。

rhel运行系统配置及管理知识总结RHEL (Red Hat Enterprise Linux) 是一种基于Linux的操作系统，用于企业级服务器和桌面环境。

以下是一些关于RHEL运行系统配置和管理的知识总结：1. 安装和更新软件包：RHEL使用yum包管理器来安装和更新软件包。

可以使用命令"yum install <package-name>"安装软件包，使用命令"yum update"来更新已安装的软件包。

2. 系统配置文件：RHEL使用各种系统配置文件来进行系统设置。

其中一些常见的系统配置文件包括/etc/sysconfig/network，/etc/sysconfig/network-scripts/ifcfg-<interface-name>和/etc/hosts。

可以使用文本编辑器（如vi或nano）来编辑这些配置文件。

3. 网络配置：RHEL使用NetworkManager来管理网络连接。

可以使用nmtui命令行工具或在图形界面中使用NetworkManager Applet来配置网络连接。

4. 用户和组管理：可以使用useradd和groupadd命令来创建用户和组。

可以使用usermod命令来修改用户属性，如更改用户密码、更改用户的默认shell等。

5. 进程管理：可以使用ps命令来查看运行在系统上的进程列表。

可以使用kill命令来终止运行中的进程。

6. 文件和目录权限：RHEL使用chmod命令来更改文件和目录的权限。

通过使用chown和chgrp命令，可以更改文件和目录的所有者和所属组。

7. 磁盘管理：可以使用fdisk命令来管理磁盘分区。

可以使用mkfs命令来创建文件系统。

还可以使用mount和umount命令来挂载和卸载文件系统。

8. 系统日志：RHEL使用rsyslog守护程序来管理系统日志。

可以使用命令journalctl查看系统日志。

Red Hat Enterprise Linux (RHEL) 8.x DriverUser ManualRHEL 8.xDoc #: MLNX-15-52996 Mellanox Technologies 2Mellanox Technologies350 Oakmead Parkway Suite 100Sunnyvale, CA 94085U.S.A.Tel: (408) 970-3400Fax: (408) 970-3403© Copyright 2020. Mellanox Technologies Ltd. All Rights Reserved.Mellanox®, Mellanox logo, ASAP2 - Accelerated Switch and Packet Processing®, BlueField®, BlueOS®, CloudX logo, Connect-IB®, ConnectX®, CORE-Direct®, GPUDirect®, HPC-X®, LinkX®, Mellanox CloudX®, Mellanox HostDirect®, Mellanox Multi-Host®, Mellanox NEO®, Mellanox NVMEDirect®, Mellanox OpenCloud®, Mellanox OpenHPC®, Mellanox PeerDirect®,Mellanox ScalableHPC®, Mellanox Socket Direct®, PeerDirect ASYNC®, SocketXtreme®, StoreX®, UCX®, UCX UnifiedCommunication X®, UFM®, Unbreakable-Link®, and Virtual Protocol Interconnect® are registered trademarks of MellanoxTechnologies, Ltd.For the complete and most updated list of Mellanox trademarks, visit /page/trademarks.All other trademarks are property of their respective owners.NOTE:THIS HARDWARE, SOFTWARE OR TEST SUITE PRODUCT PRODUCT(S) AND ITS RELATEDDOCUMENTATION ARE PROVIDED BY MELLANOX TECHNOLOGIES AS-IS WITH ALL FAULTS OF ANYKIND AND SOLELY FOR THE PURPOSE OF AIDING THE CUSTOMER IN TESTING APPLICATIONS THATUSE THE PRODUCTS IN DESIGNATED SOLUTIONS. THE CUSTOMER'S MANUFACTURING TESTENVIRONMENT HAS NOT MET THE STANDARDS SET BY MELLANOX TECHNOLOGIES TO FULLYQUALIFY THE PRODUCT(S) AND/OR THE SYSTEM USING IT. THEREFORE, MELLANOX TECHNOLOGIESCANNOT AND DOES NOT GUARANTEE OR WARRANT THAT THE PRODUCTS WILL OPERATE WITH THEHIGHEST QUALITY. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THEIMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE ANDNONINFRINGEMENT ARE DISCLAIMED. IN NO EVENT SHALL MELLANOX BE LIABLE TO CUSTOMER ORANY THIRD PARTIES FOR ANY DIRECT, INDIRECT, SPECIAL, EXEMPLARY, OR CONSEQUENTIALDAMAGES OF ANY KIND (INCLUDING, BUT NOT LIMITED TO, PAYMENT FOR PROCUREMENT OFSUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY FROM THE USE OFTHEPRODUCT(S) AND RELATED DOCUMENTATION EVEN IF ADVISED OF THE POSSIBILITY OF SUCHDAMAGE.Table of Contents1Firmware Burning (4)2Port Type Management (5)3Modules Loading and Unloading (6)4Important Packages and Their Installation (7)5SR-IOV Configuration (8)5.1Setting up SR-IOV (8)6Default RoCE Mode Setting (10)7PXE over InfiniBand Installation (11)3 Mellanox Technologies RHEL 8.x1 Firmware Burning1.Check the device’s PCI address.lspci | grep MellanoxExample:00:06.0 Infiniband controller: Mellanox Technologies MT27520 Family[ConnectX-3 Pro]2.Identify the adapter card's PSID.# mstflint -d 81:00.0 qImage type: FS2FW Version: 2.42.5000FW Release Date: 26.7.2017Rom Info: type=PXE version=3.4.752 devid=4103Device ID: 4103Description: Node Port1 Port2Sys imageGUIDs: e41d2d0300b3f590 e41d2d0300b3f591 e41d2d0300b3f592e41d2d0300b3f593MACs: e41d2db3f591 e41d2db3f592VSD:PSID: MT_10901110193.Download the firmware BIN file from the Mellanox website that matches your card'sPSID. To download the firmware, go to (Firmware Downloads).4.Burn the firmware.# mstflint -d <lspci-device-id> -i <image-file> b5.Reboot your machine after the firmware burning is completed.RHEL 8.x Mellanox Technologies 42 Port Type ManagementConnectX®-3 onwards adapter cards’ ports can be individually configured to work asInfiniBand or Ethernet ports. By default, ConnectX® family adapter cards VPI ports areinitialized as InfiniBand ports. If you wish to change the port type use the mstconfig afterthe driver is loaded.1.Install mstflint tools.yum install mstflint2.Check the device’s PCI address.lspci | grep MellanoxExample:00:06.0 Infiniband controller: Mellanox Technologies MT27520 Family[ConnectX-3 Pro]e mstconfig to change the link type as desired IB – for InfiniBand, ETH – for Ethernet.mstconfig –d <device pci> s LINK_TYPE_P1/2=<ETH|IB|VPI>Example:# mstconfig -d 00:06.0 s LINK_TYPE_P1=ETHDevice #1:----------Device type: ConnectX3ProPCI device: 00:06.0Configurations: Current NewLINK_TYPE_P1 IB(1) ETH(2)Apply new Configuration? ? (y/n) [n] : yApplying... Done!-I- Please reboot machine to load new configurations.4.Reboot your machine.5 Mellanox Technologies RHEL 8.x3 Modules Loading and UnloadingMellanox modules for ConnectX®-2/ConnectX®-3/ConnectX®-3 Pro are:•mlx4_en, mlx4_core, mlx4_ibMellanox modules for ConnectX®-4 onwards are:•mlx5_core, mlx5_ibIn order to unload the driver, you need to first unload mlx*_en/ mlx*_ib and then themlx*_core module.➢To load and unload the modules, use the commands below:•Loading the driver: modprobe <module name># modprobe mlx5_ib•Unloading the driver: modprobe –r <module name># modprobe –r mlx5_ibRHEL 8.x Mellanox Technologies 64 Important Packages and Their Installationrdma-corerdma-core RDMA core userspace libraries and daemonsopensm: InfiniBand Subnet Manageropensm-libs Libraries used by OpenSM and included utilitiesopensm OpenIB InfiniBand Subnet Manager and management utilitiesinfiniband-diags: OpenFabrics Alliance InfiniBand Diagnostic Tools and libibmad Low layerInfiniBand diagnostic and management programsinfiniband-diags OpenFabrics Alliance InfiniBand Diagnostic Toolsperftest: IB Performance testsperftest IB Performance Testsmstflint: Mellanox Firmware Burning and Diagnostics Toolsmstflint Mellanox firmware burning tool➢To install the packages above run:# sudo yum install rdma-core libibverbs libibverbs-utils librdmacm libibumadopensm infiniband-diags srptools perftest mstflint librdmacm-utils -y7 Mellanox Technologies RHEL 8.xRHEL 8.x Mellanox Technologies 85 SR-IOV Configuration 5.1 Setting up SR-IOV1. Install the mstflint tools.# yum install mstflint2. Check the device ’s PCI.# lspci | grep MellanoxExample:00:06.0 Infiniband controller: Mellanox Technologies MT27520 Family[ConnectX-3 Pro]3. Check if SR-IOV is enabled in the firmware.mstconfig -d <device pci> qExample: # mstconfig -d 00:06.0 qDevice #1: ----------Device type: ConnectX3ProPCI device: 00:06.0Configurations: CurrentSRIOV_EN True(1)NUM_OF_VFS 8LINK_TYPE_P1 ETH(2) LINK_TYPE_P2 IB(1)LOG_BAR_SIZE 3BOOT_PKEY_P1 0BOOT_PKEY_P2 0 BOOT_OPTION_ROM_EN_P1 True(1)BOOT_VLAN_EN_P1 False(0)BOOT_RETRY_CNT_P1 0LEGACY_BOOT_PROTOCOL_P1 PXE(1)BOOT_VLAN_P1 1BOOT_OPTION_ROM_EN_P2 True(1)BOOT_VLAN_EN_P2 False(0)BOOT_RETRY_CNT_P2 0LEGACY_BOOT_PROTOCOL_P2 PXE(1)BOOT_VLAN_P2 1IP_VER_P1 IPv4(0)IP_VER_P2 IPv4(04. Enable SR-IOV:mstconfig –d <device pci> s SRIOV_EN=<False|True>5. Configure the needed number of VFsmstconfig –d <device pci> s NUM_OF_VFS=<NUM>NOTE: This file will be generated only if IOMMU is set in the grub.conf file (byadding “intel_iommu=on” to /boot/grub/grub.conf file).6. [mlx4 devices only] Create/Edit the file /etc/modprobe.d/mlx4.conf:options mlx4_core num_vfs=[needed num of VFs] port_type_array=[1/2 forIB/ETH],[ 1/2 for IB/ETH]Example:options mlx4_core num_vfs=8 port_type_array=1,17.[mlx5 devices only] Write to the sysfs file the number of needed VFs.echo [num_vfs] > sys/class/net/ib2/device/sriov_numvfsExample:# echo 8 > /sys/class/net/ib2/device/sriov_numvfs8.Reboot the driver.9.Load the driver and verify that the VFs were created.# lspci | grep mellanoxExample:00:06.0 Network controller: Mellanox Technologies MT27520 Family[ConnectX-3 Pro]00:06.1 Network controller: Mellanox Technologies MT27500/MT27520 Family[ConnectX-3/ConnectX-3 Pro Virtual Function]00:06.2 Network controller: Mellanox Technologies MT27500/MT27520 Family[ConnectX-3/ConnectX-3 Pro Virtual Function]00:06.3 Network controller: Mellanox Technologies MT27500/MT27520 Family[ConnectX-3/ConnectX-3 Pro Virtual Function]00:06.4 Network controller: Mellanox Technologies MT27500/MT27520 Family[ConnectX-3/ConnectX-3 Pro Virtual Function]00:06.5 Network controller: Mellanox Technologies MT27500/MT27520 Family[ConnectX-3/ConnectX-3 Pro Virtual Function]00:06.6 Network controller: Mellanox Technologies MT27500/MT27520 Family[ConnectX-3/ConnectX-3 Pro Virtual Function]00:06.7 Network controller: Mellanox Technologies MT27500/MT27520 Family[ConnectX-3/ConnectX-3 Pro Virtual Function]00:06.0 Network controller: Mellanox Technologies MT27500/MT27520 Family[ConnectX-3/ConnectX-3 Pro Virtual Function]For further information, refer to section Setting Up SR-IOV MLNX_OFED User Manual.9 Mellanox Technologies RHEL 8.x6 Default RoCE Mode Setting1.Mount the configfs file.# mount -t configfs none /sys/kernel/config2.Create a directory for the mlx4/mlx5 device.# mkdir -p /sys/kernel/config/rdma_cm/mlx4_0/3.Validate what is the used RoCE mode in the default_roce_mode configfs file.# cat /sys/kernel/config/rdma_cm/mlx4_0/ports/1/default_roce_modeIB/RoCE v14.Change the default RoCE mode,•For RoCE v1: IB/RoCE v1•For RoCE v2: RoCE v2# echo "RoCE v2" >/sys/kernel/config/rdma_cm/mlx4_0/ports/1/default_roce_mode# cat /sys/kernel/config/rdma_cm/mlx4_0/ports/1/default_roce_modeRoCE v2# echo "IB/RoCE v1" >/sys/kernel/config/rdma_cm/mlx4_0/ports/1/default_roce_mode# cat /sys/kernel/config/rdma_cm/mlx4_0/ports/1/default_roce_modeIB/RoCE v1RHEL 8.x Mellanox Technologies 107 PXE over InfiniBand InstallationPXE over InfiniBand infrastructure has additional parameter in the Boot Loader file forloading the necessary modules and interfaces and for allowing sufficient time to get the link.To install RHEL from PXE using the IPoIB interfaces, add the following parameters to theBoot Loader file, located in the var/lib/tftpboot/pxelinux.cfg directory, at thePXE server:bootdev=ib0 ksdevice=ib0 net.ifnames=0 biosdevname=0 rd.neednet=1rd.bootif=0 rd.driver.pre=mlx5_ib,mlx4_ib,ib_ipoib ip=ib0:dhcp.dhcp.retry=10 .timeout.iflink=60 .timeout.ifup=80.timeout.carrier=80Example:default RH7.5prompt 1timeout 600label RH7.5kernelappend bootdev=ib0 ksdevice=ib0 net.ifnames=0 biosdevname=0 rd.neednet=1rd.bootif=0 rd.driver.pre=mlx5_ib,mlx4_ib,ib_ipoib ip=ib0:dhcp.dhcp.retry=10 .timeout.iflink=60 .timeout.ifup=80.timeout.carrier=8011 Mellanox Technologies RHEL 8.x。

QuickSpecs HPE Smart Array P841 Controller OverviewHPE Smart Array P841 ControllerThe HPE Smart Array P841 Controller is a full height, PCIe3 x8, 12Gb/s Serial Attached SCSI (SAS) RAID controller that provides enterprise-class storage performance, increased external scalability, and data protection for select HPE ProLiant Gen9 rack and tower servers. It features sixteen external physical links and delivers increased server uptime by providing advanced storage functionality, including online RAID level migration (between any RAID levels) with 4GB flash back write cache (FBWC), global online spare, and pre-failure warning. This controller includes transportable FBWC allowing the data in the cache to be migrated to a new controller.The Gen9 family of controllers supports the HPE Smart Storage Battery. With HPE Smart Storage Battery, multiple Smart Array controllers are supported without needing additional backup power sources for each controller, resulting in simple upgrade process.What's New•Supports HPE D6020 Disk EnclosuresModelsHPE Smart Array P841HP Smart Array P841/4GB FBWC 12Gb 4-ports Ext SAS Controller726903-B21 ControllerNOTE:HPE Smart Array P841/4GB FBWC controller option kit does not include the HPE Smart Storage Battery the backup power source necessary to protect the data on the Flash-backed Write Cache. HPE Smart Storage Battery is an item that has to be purchased separately if this is the first P-series Smart Array controller on your Gen9 server.Key Features•Storage interface (SAS/SATA)o16 physical links across 4 x4 external portso12Gb/s SAS, 6Gb/s SATA technologyo Mix-and-match SAS and SATA drives to the same controllero Support for SAS tape drives, SAS tape autoloaders and SAS tape libraries• 4 GiBytes Flash-Backed Write Cache (FBWC)•PCI Express Gen3 x8 link•RAID 0, 1, 10, 5, 50, 6, 60, 10 ADM (Advanced Data Mirroring)•RAID or HBA mode•Legacy and UEFI boot operation•Up to 200 physical drives•Up to 64 logical drives•Up to 8 daisy chained HPE D3600 Disk Enclosure and HPE D3700 Disk Enclosure in dualdomain configuration•HPE SmartCache (license included)•HPE Secure Encryption (optional license)•HPE SSD Smart Path•VMware Virtual SAN certified•Rapid Parity Initialization (RPI)•Rapid rebuild•Drive Erase•Performance Optimization-Degraded Reads and Read Coalescing•Power Efficiency•Seamless upgrades to and from other HPE Smart Array controllers•Recovery ROM to protect against controller ROM corruption•Full-height, half-length standard PCI Express plug-in cardo Dimension (excluding bracket): 7.5 in x 9.5 in x 2.25 in (19.05 cm x 24.13 cm x 5.72 cm) Ports•External: 16 SAS/SATA physical links across 4 x4 portPerformance•12Gb/s SAS (1200 MB/s theoretical bandwidth per physical lane)•6Gb/s SATA (600 MB/s theoretical bandwidth per physical lane)•PCI Express Gen3 x8 link width• 4 GiBytes 72-bit wide DDR3-1866 Flash Back Write Cache provides up to 14.9GB/s maximumcache bandwidth•Read ahead caching•Write-back cachingOnline Management Features •Online array expansion•Online capacity expansion•Online logical drive extension•Online RAID level migration•Online stripe size migration•Online mirror split, recombine, and rollback•Online active drive replacement•Online drive firmware upgrade•Online and high performance offline Rapid Parity Initialization (RPI) •Unlimited global online spares assignment•User selectable expand and rebuild priority•User selectable RAID level and stripe size•User selectable read and write cache sizes•Supports Predictive Spare ActivationFault Prevention The following features offer detection of possible failures before they occur, allowing preventive action to be taken:•S.M.A.R.T.: Self Monitoring Analysis and Reporting Technology first developed at HPE detectspossible hard disk failure before it occurs, allowing replacement of the component beforefailure occurs.•Drive Parameter Tracking monitors drive operational parameters, predicting failure andnotifying the administrator.•Dynamic Sector Repairing continually performs background surface scans on the hard diskdrives during inactive periods and automatically remaps bad sectors, ensuring data integrity.•Smart Array Cache Tracking monitors integrity of controller cache, allowing pre-failurepreventative maintenance.Fault Recovery Minimizes downtime, reconstructs data, and facilitates a quick recovery from drive failure•Recovery ROM: This feature provides unique redundancy that protects from a ROM imagecorruption. A new version of firmware can be flashed to the ROM while the controller maintainsthe last known working version of firmware. If the firmware becomes corrupt, the controller willrevert back to the previous version of firmware and continue operating. This reduces the riskof flashing firmware to the controller.•On-Line Spares: There is no limit to the number of spare drives that can be installed prior todrive failure. If a failure occurs, recovery begins with an On-Line Spare and data isreconstructed automatically.•DRAM ECC corrects against single bit data and address corruption.HPE SmartCache The HPE SmartCache feature is a controller-based read and write caching solution in a DASenvironment that caches the most frequently accessed data ("hot" data) onto lower latency SSDs todynamically accelerate application workloads. The HPE SmartCache architecture is flexible andsupports any HPE ProLiant Gen9 supported HDD for bulk storage and any HPE ProLiant Gen9supported SSD as an accelerator. HPE SmartCache is deployed and managed using the HPE SmartStorage Administrator (HPE SSA). HPE SmartCache license comes standard with the P841 controller.For more information please visit: /servers/smartcache.HPE Secure Encryption HPE Secure Encryption is a Smart Array controller-based data encryption solution for ProLiant Gen9 servers that protects sensitive, mission critical data. This is an enterprise-class encryption solution fordata at rest on any bulk storage attached to the HPE Smart Array controllers including data on thecache memory of the controller. HPE Secure Encryption is an optional license per server requiringencryption enablement (see Related Options for more information on the license).The solution is available for both local and remote key management mode deployments. Local KeyManagement Mode is focused on single server deployment where there is one Master key percontroller that is managed by the user. Remote Key Management Mode is for enterprise widedeployments from just a few servers to thousands of servers.For more information on please visit: /servers/secureencryptionHPE SSD Smart Path The HPE SSD Smart Path feature included in the Smart Array software stack improves Solid State Disk (SSD) read performance. With up to 4x better SSD read performance, HPE SSD Smart Path choosesthe optimum path to the SSD and accelerates reads for all RAID levels and RAID 0 writes. HPE SSDSmart Path requires updated firmware, drivers, and configuration utility available at:/servers/ssa. HPE SSD Smart Path is ideal for read intensive workloads and isincluded as a base feature on HPE Smart Array P-series controllers.Warranty The warranty for this device is 3 years parts only.Pre-Failure Warranty: Drives attached to the Smart Array Controller and monitored under InsightManager are supported by a Pre-Failure (replacement) Warranty. For complete details, consult the HPESupport Center or refer to your HPE Server Documentation.Warranty Upgrade Options•Response - Upgrade on-site response from next business day to same day 4 hours•Coverage - Extend hours of coverage from 9 hours x 5 days to 24 hours x 7 days•Duration - Select duration of coverage for a period of 1, 3, or 5 years•Warranty upgrade options can come in the form of Care Packs, which are sold at the HPESystem level to which this product attaches.CompatibilityServer Support HPE ProLiant DL20 Gen9HPE ProLiant DL80 Gen9HPE ProLiant DL180 Gen9HPE ProLiant DL360 Gen9HPE ProLiant DL380 Gen9HPE ProLiant DL560 Gen9 HPE ProLiant ML110 Gen9 HPE ProLiant ML150 Gen9 HPE ProLiant ML350 Gen9 Apollo 4200Apollo 4500Disk Enclosure Support HPE D2600 Disk EnclosureHPE D2700 Disk EnclosureHPE D3600 Disk EnclosureHPE D3700 Disk Enclosure HPE D6000 Disk Enclosure HPE D6020 Disk EnclosureOperating Systems Microsoft Windows ServerMicrosoft Windows Hyper-V ServerVMware vSphere ESXiRed Hat Enterprise Linux (RHEL)SUSE Linux Enterprise Server (SLES)Oracle SolarisOracle LinuxCanonical UbuntuCentOSWind RiverCitrix XenServerNOTE: For a complete and up-to-date list of certified and supported OS versions for HPE SmartArray controllers, please refer to the HPE Smart Array Operating System Support Matrix at:/h20195/v2/GetPDF.aspx/4AA6-6550ENW.pdfNOTE: For more information on HPE's Certified and Supported ProLiant Servers for OS andVirtualization Software, please visit our Support Matrix at: /info/ossupportStorage Management Software Suite HPE Smart Storage Administrator (HPE SSA)Comprehensive management for HPE Smart Storage products with advanced scripting and diagnostic features and simplified and intuitive interface and functionality. For more information please visit: /servers/ssaHPE Systems Insight ManagerPowerful server and server options/storage manager tool with configuration/diagnostic utilities HPE Storage Management UtilityOffers the simplest method for configuring the storage system via Initial System Configuration WizardService and SupportService and Support NOTE: HPE Smart Array controllers are supported as a part of the HPE Server Infrastructure. No separate care packs are needed to be purchased.HPE Technology Services for Industry Standard ServersHPE Technology Services delivers confidence, reduces risk and helps customers realize agility andstability. Connect to HPE to help prevent problems and solve issues faster. Our support technology letsyou to tap into the knowledge of millions of devices and thousands of experts to stay informed and incontrol, anywhere, any time.Protect your business beyond warranty with HPE Care Pack ServicesHPE Care Pack Services enable you to order the right service level, length of coverage and responsetime as you purchase your new server, giving you full entitlement for the term you select.Get connected to HPE to improve your support experience Connecting products to Hewlett Packard Enterprise will help prevent problems with 24x7monitoring, prefailure alerts, automatic call logging, and parts dispatch. With Connected products, you can have a dashboard to manage your IT anywhere, anytime, from any device.HPE Support Center Personalized online support portal with access to information, tools and experts to support Hewlett Packard Enterprise business products. Submit support cases online, chat with HPE experts, accesssupport resources or collaborate with peers. Learn more /go/hpscThe HPE Support Center Mobile App allows you to resolve issues yourself or quickly connect to anagent for live support. Now, you can get access to personalized IT support anywhere, anytime.HPE Insight Remote Support and HPE Support Center are available at no additional cost with a HPEwarranty, HPE Care Pack or Hewlett Packard Enterprise contractual support agreement.NOTE: The HPE Support Center Mobile App is subject to local availabilityParts and materials Hewlett Packard Enterprise will provide HPE-supported replacement parts and materials necessary to maintain the covered hardware product in operating condition, including parts and materials foravailable and recommended engineering improvements.Parts and components that have reached their maximum supported lifetime and/or the maximumusage limitations as set forth in the manufacturer's operating manual, product QuickSpecs, or thetechnical product data sheet will not be provided, repaired, or replaced as part of these services.The defective media retention service feature option applies only to Disk or eligible SSD/Flash Drivesreplaced by HPE due to malfunction.For more information To learn more on services for HPE ProLiant servers, please contact your Hewlett Packard Enterprise sales representative or Hewlett Packard Enterprise Authorized ServiceOne Channel Partner. Or visit:/services/proliantRelated OptionsHPE Secure Encryption HP Secure Encryption per Svr EntitlementNOTE: HPE Secure Encryption licensing is based on the number of serversrequiring encryption for direct attached storage.For more information visit: /go/hpsecureencryptionC9A82AAEHPE Smart Storage Battery HP 96W Smart Storage Battery with 145mm Cable for DL/ML/SL ServersNOTE:HPE 96W Smart Storage Battery provides backup power for up to 16 HPESmart Array controllers or other devices.727258-B21HPE External Cable Options Cable options to be used with HP D3600 and D3700 Disk EnclosuresHP External 0.5m (1ft) Mini-SAS HD 4x to Mini-SAS HD 4x Cable691968-B21 HP External 1.0m (3ft) Mini-SAS HD 4x to Mini-SAS HD 4x Cable716195-B21 HP External 2.0m (6ft) Mini-SAS HD 4x to Mini-SAS HD 4x Cable716197-B21 HP External 4.0m (13ft) Mini-SAS HD 4x to Mini-SAS HD 4x Cable716199-B21 Cable options to be used with D6000 and D6020 Disk EnclosuresHP 0.5m External Mini SAS High Density to Mini SAS Cable691971-B21 HP 1.0m External Mini SAS High Density to Mini SAS Cable716189-B21 HP 2.0m External Mini SAS High Density to Mini SAS Cable716191-B21 HP 4.0m External Mini SAS High Density to Mini SAS Cable716193-B21 HP 6.0m External Mini SAS High Density to Mini SAS Cable733045-B21Summary of ChangesDate Version History ActionDescription of Change19-Aug-2016From Version 1 to 2AddedAdded support for D6020.Changed Overview, Standard Features, Compatibility, and Relatedoptions were revised.Sign up for updates© Copyright 2016 Hewlett Packard Enterprise Development LP. The information contained herein issubject to change without notice. The only warranties for Hewlett Packard Enterprise products andservices are set forth in the express warranty statements accompanying such products and services.Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterpriseshall not be liable for technical or editorial errors or omissions contained herein.Microsoft and Windows are registered trademarks or trademarks of Microsoft Corporation in the U.S.and/or other countries.c04545470 - 15200 - Worldwide - V2 - 19-August-2016。

rhel的富规则RHEL的富规则RHEL（Red Hat Enterprise Linux）是一种广泛使用的企业级Linux操作系统。

富规则（Rich Rules）是RHEL中的一项重要功能，用于管理和控制系统的安全策略。

本文将介绍RHEL的富规则功能，并探讨其在系统安全中的应用。

一、什么是富规则富规则是一种高级的安全规则定义语言，用于定义系统中的安全策略。

与传统的基于端口和IP地址的规则相比，富规则提供了更灵活、更精细的控制方式。

富规则可以基于多种因素进行匹配，如源IP地址、目标IP地址、服务端口、数据包内容等，从而实现更精确的安全控制。

二、富规则的语法富规则的语法相对复杂，但也非常强大。

下面是一个示例富规则的语法：```rule family="ipv4" source address="192.168.1.0/24" destination address="10.0.0.0/24" protocol value="tcp" destination port="22" log prefix="SSH Access" limitvalue="1/m" accept```上述规则表示允许源IP地址为192.168.1.0/24的主机通过TCP协议访问目标IP地址为10.0.0.0/24的主机的22号端口，并将访问日志以"SSH Access"为前缀记录到系统日志中，限制每分钟只记录一次。

三、富规则的应用场景1. 防火墙规则控制：富规则可用于定义防火墙的访问控制策略。

通过设置适当的富规则，可以限制特定IP地址、特定端口或特定协议的访问，从而提高系统的安全性。

2. 安全审计与监控：富规则提供了丰富的日志记录功能，可以对系统中的关键事件进行监控和审计。

###################################################################### DELL(TM) UPDATE PACKAGES README FOR LINUX###################################################################### Version 6.4Release Date: December 2010This Readme contains updated information for your "Dell UpdatePackages for Linux Operating Systems User's Guide" and any othertechnical documentation included with the Dell Update Packagesfor Linux.Dell Update Packages offer ease and flexibility for updating thesystem software on Dell PowerEdge(TM) systems. Update Packages areavailable for the following software components:* System BIOS* System firmware, also known as the Embedded Systems Management(ESM) firmware* Dell Embedded Open Manage Server Administrator for ESXi Serverversion 4.0* Dell Remote Access Controller (DRAC) firmware, which also includesEmbedded Remote Access (ERA) firmware* PowerEdge Expandable RAID Controller (PERC) firmware* Software RAID Controller firmware* Baseboard Management Controller (BMC) firmware* SCSI Backplane (BP) firmware* SAS BP firmware* SAS Expander firmware* SSD firmware* SED firmware* PowerVault 100T firmware* PowerVault 110T firmware* PowerVault MD1000 firmware* PowerVault MD1120 firmware* PowerVault MD1200 firmware* PowerVault MD1220 firmware* PowerVault RD1000 firmware* Power Supply firmware* Broadcom Network Adapter Firmware###################################################################### CONTENTS###################################################################### * CRITICALITY* MINIMUM REQUIREMENTS* UPDATE PACKAGES: SUPPORTED COMPONENTS* KNOWN ISSUES###################################################################### CRITICALITY###################################################################### 2 - RecommendedIt is recommended that you apply this update during your nextscheduled update cycle. The update contains feature enhancements orchanges that will keep your system software current and compatiblewith other system modules (firmware, BIOS, drivers, and software).###################################################################### MINIMUM REQUIREMENTS###################################################################### The Update Packages support Dell systems running the following Linuxoperating systems:* Red Hat(R) Enterprise Linux(R) (RHEL) WS, ES, and AS (version 4.8)(both x86_32 and x86_64)* Red Hat Enterprise Linux 5 server Update 5 (both x86_32 and x86_64)* SUSE(R) Linux Enterprise Server 10 SP3 (x86_64)* SUSE Linux Enterprise Server 11 SP1 (x86_64)* VMware(R) ESX Server(TM) version 4.0 Update 2,* VMware ESX Server version 4.1* VMware ESX Server version 4.1 HDD* VMware ESX Server version 4.1 Update Flash* Citrix(R) Xen Server(TM) 5.6NOTE: For the latest information about the various systems andoperating systems that Dell Update Packages are supported on,see the "Dell Systems Software Support Matrix". This guide isavailable on the Dell Support website at"/manuals".Update Packages may also be applied in a pre-operating systemenvironment that uses the Embedded Linux (ELI) environment throughthe Dell OpenManage(TM) Deployment Toolkit (DTK).###################################################################### UPDATE PACKAGES: SUPPORTED COMPONENTS###################################################################### Update Packages currently do not support all system component types.Dell will continue to make Update Packages available on additionaldevices in future.This release of Update Packages supports updates to the deviceslisted in the following table.Component Type Supported Components----------------------------------------------------------------------BIOS----------------------------------------------------------------------ESM firmware ESM3, ESM4----------------------------------------------------------------------DRAC firmware ERA, ERA/O, DRAC 4, DRAC 5, iDRAC6----------------------------------------------------------------------RAID firmware PERC 4/Di, PERC 4e/Di, PERC 4e/DC,PERC 4e/Si, PERC 4/DC, PERC 4/SC, PERC H200,PERC H700,PERC H800 Adapter,PERC S300 Adapter,PERC 5/E, PERC 5/i, SAS 5/i,SAS 5/iR Adapter, SAS 5/E, SAS 5/iR,SAS 6/iR, SAS 6/iR Adapter, PERC 6/E,PERC 6/i, PERC 6/i Adapter, CERC6/i----------------------------------------------------------------------BMC firmware BMC----------------------------------------------------------------------SCSI BP firmware BP----------------------------------------------------------------------SAS BP BP----------------------------------------------------------------------Storage enclosure PowerVault MD1000,PowerVault MD1120, PowerVault MD1200,PowerVault MD1220----------------------------------------------------------------------Tape drives firmware PowerVault PV100T DDS4,PowerVault PV110T DAT72,PowerVault PV110T LTO1,PowerVault PV110T LTO2,PowerVault PV110T LTO2-L,PowerVault PV110T LTO3,PowerVault PV110T LTO3-HH,PowerVault PV110T LTO4,PowerVault PV110T SDLT320,PowerVault PV110T DLT VS80,PowerVault PV110T DLT VS160,PowerVault PV110T SDLT----------------------------------------------------------------------Removable disk drive PowerVault RD1000backup firmware###################################################################### KNOWN ISSUES###################################################################### ---------------------------------------------------------------------For all Dell Update Packages----------------------------------------------------------------------* Do not run other applications while executing Dell Update Packages.* For firmware Dell Update Packages, an update package will notinventory the device if only a native non-Dell driver is installed.Therefore, firmware update packages cannot upgrade a device with anative driver.* If the following error is displayed,"Error while loading shared libraries: libstdc++.so.5:cannot open shared object file: No such file or directory",install the compatibility libraries from your Linux distribution.To install the compatibility libraries, use the following command:"rpm -ivh compat-libstdc++-33-3.2.3-47.3.i386.rpm"SLES 10 and SLES 11 (all service packs) uses"libstdc++-33-32bit-3.3.3-11.9.x86_64.rpm"* If Update Packages stop abruptly due to a power outage orabnormal termination, perform the following steps:1. Remove the lock file.2. Type the following command to do so: "rm -f /var/lock/.spsetup"3. Run the Update Package again.* If you see the message, "This Update Package is not compatiblewith any of the devices detected on your system", for a supporteddevice, ensure that you have the latest Dell drivers foryour system from the Dell Support website at "."* Some distributions of Linux may automatically mount a USB flashdrive with the "-noexec" option. This prevents the execution of anyfile on that drive, including Dell Update Packages. If you areattempting to run a Dell Update Package from a USB flash driveunder Linux, and are experiencing problems, remount the drivewithout the "-noexec" option, or copy the Dell Update Package to adrive mounted without the "-noexec" option.* Dell Update Packages do not require new refreshes of existing DUPsto be reinstalled since the firmware or driver payload does notchange when the DUP is refreshed. A new DUP is available if changeshave been made to the firmware or driver payload.* If the console terminal displays USB connection status messages,ignore them as they do not affect the system.* On all versions of ESX the following the USB Connection message witherrors, these messages can also be ignored. The following shows atypical message:Vendor: iDRAC Model: MAS022 Rev: 1.00Type: Direct-Access ANSI SCSI revision: 02VMWARE SCSI Id: Supported VPD pages for sdc : 0x1fVMWARE SCSI Id: Could not get disk id for sdcVMWARE: Unique Device attached as scsi disk sdc at scsi3, channel 0,id 0, lun 0Attached scsi removable disk sdc at scsi3, channel 0, id 0, lun 0SCSI device sdc: 327680 512-byte hdwr sectors (168 MB)sdc: Write Protect is onSCSI disk error : host 3 channel 0 id 0 lun 0 return code = 8000002Current sd08:21: sense key Data ProtectAdditional sense indicates Write protectedI/O error: dev 08:21, sector 1SCSI disk error : host 3 channel 0 id 0 lun 0 return code = 8000002Current sd08:21: sense key Data ProtectAdditional sense indicates Write protectedI/O error: dev 08:21, sector 1* DUP require the linux executable lockfile, however, on XEN Server5.6 lockfile is not installed by Default. You mustinstall procmail yourself. You can download from/pub/Distros/xenserver/5.6/om_dev/rpms-prereqs/procmail-3.22-17.1.el5.centos.i386.rpm or simply copy/pub/Distros/xenserver/5.6/om_dev/rpms-prereqs/lockfile to /usr/bin.* DUPs are designed to run only on a 32-bit environment. To run DUPson a pure 64-bit environment, use the Dell YUM repository.* If you attach VMedia on a system with the iDRAC Firmware version 1.5,some DUPs may fail to work. To resolve this issue, run the followingcommand:racadm config -g cfgRacVirtual -o cfgLCDriveEnable 1where cfgLCDriveEnable is an option implemented in iDRAC 1.5 with adefault of 0 (disabled)NOTE: This command enables LCDrive from the iDRAC console or the OS. If the LCDrive is not enabled, DUPs may not work.After the DUP update is complete, to ensure the LCDrive isinvisible, run the following command:racadm config -g cfgRacVirtual -o cfgLCDriveEnable 0* When you run USC-related DUPs with Citrix(R) Xenserver(TM) 5.6.0-x, you need to set the virtual media in iDRAC to Detach. If you set thevirtual media to Attach, the following error message is displayed:"Inventory Failure: Secure Copy Failure - The Secure copy functionhas failed"For BIOS updates, the following message is displayed:"doDepCheck failed"For other USC access related DUPs (PSU, NIC, SAS, PERC, BackPlane),the update is successful but the following error message may bedisplayed:"… mount: block device /dev/secmasupd-SECUPD is write-protected …/bin/cp: cannot create regular file …"* When you try to execute DUPs on a 64-bit RHEL operating system, itfails to execute since DUP is a 32-bit application. To work aroundthis issue, manually install the following RPMs:procmailglibc.i686compat-libstdc++.i686libstdc++.i686zlib.i686libxml2.i686----------------------------------------------------------------------Unified Server Configurator (USC) Dell Update Packages (DUPs)----------------------------------------------------------------------* Lifecycle controller updates require system services to be enabled.* For the first time, before you attempt to run Driver PackageDiagnostics DUPs, execute the USC DUP.* Before running DUPs, ensure that there are noexternal devices mounted to /media or /tmp.* If the operating system is installed from "Operating SystemDeployment", select "Reboot and Exit" in the USC environment beforebooting to the operating system. This closes the USC session whichis held for 18 hours. If you do not want to enter the USC andselect "Reboot and Exit", but want to execute the DUPs within 18hours, unplug the power supply of the system, wait for 10 seconds,and then power on the system.* Due to the USB arbitration services of VMWare ESX 4.1, the USBdevices appear invisible to the Hypervisor. So, when DUPs or theInventory Collector runs on the Managed Node, the partitions exposedas USB devices are not shown, and it reaches the timeout after 15 to20 minutes. This timeout occurs in the following cases:* If you run DUPs or Inventory Collector on VMware ESX 4.1, thepartitions exposed as USB devices are not visible due to the USBarbitration service of VMware ESX 4.1 and timeout occurs. Thetimeout occurs in the following instances:• When you start “DSM SA Shared Service” on the VMware ESX 4.1 managed node, it runs Inventory Collector. To work around this issue,uninstall Server Administrator or wait until the Inventory Collectorcompletesexecution before attempting to stop the “DSM SA Shared Service”. • When you manually try to run DUPs or the Inventory Collector on theVMware ESX 4.1 managed node while USB arbitration service is running. To fix the issue, stop the USB arbitration service and run the DUPsor the Inventory Collector.To stop the USB arbitration service:1. Use the “ps aux|grep” usb to check if the USB arbitrationservice is running.2. Use the “chkconfig usbarbitrator off” command to prevent the USBarbitration service from starting during boot.3. After you stop the usbarbitrator, reboot the server to allow theDUPs and/or the Inventory collector to run.Note: If you require the usbarbitrator, enable it manually. To enablethe usbarbitrator, run the command - chkconfig usbarbitrator on.----------------------------------------------------------------------BIOS----------------------------------------------------------------------* A BIOS update requires enough free physical memory to load theentire BIOS image into physical memory. If there is insufficientfree physical memory available on the system to load the BIOS image,the Dell Update Package for BIOS may fail. In this instance,you may attempt running the Dell Update Package immediately afterreboot or after adding more memory. If this does not resolve theissue, update the BIOS using the diskette method.* If the above memory limitation occurs on VMWare ESX Server, theproblem is because the console operating system available memory isonly 272 MB by default. Increase the console operating system memoryto 800 MB temporarily and perform the firmware update. During ESXServer boot up, perform the following steps to increase theavailable memory:1. While booting, press "e" on the VMware ESX line (Grub optiondisplay screen).2. Press "e" again on the 'uppermem=' line and edit uppermem=819200.3. Press "Enter".4. Press "e" on the kernel line (below the uppermem line).Edit the kernel line with mem=800M and press “Enter”.5. Press "b" to boot with these options.6. Perform the firmware update.* BIOS update may issue the following kernel messages on the consoleand in "/var/log/messages":dcd***: disagrees about the version of symbol struct_moduledcd***: Unknown symbol get_user_sizedcd***: Unknown symbol put_user_sizeIgnore these messages because they do not refer to errors in BIOSupdate.----------------------------------------------------------------------ESM Firmware, BMC Firmware, BP Firmware, and DRAC 5 Firmware----------------------------------------------------------------------* Dell Update Packages for BMC, BP, ESM, and DRAC 5 require theOpenIPMI driver to be loaded on your system. The current driverscan be downloaded from the Dell Support website at"."Linux OpenIPMIOperating driverSystem version RPM files-------- -------- ---------Red Hat 33.13 "dkms-2.0.13-1.noarch.rpm"Enterprise "openipmi-33.13.RHEL4-1dkms.noarch.rpm"Linux 4SUSE Linux 36.8 "dkms-2.0.13-1.noarch.rpm"Enterprise "openipmi-36.8.SLES9-1dkms.noarch.rpm"Server 9NOTE: For SUSE Linux Enterprise Server version 10 and version 11,use the OpenIPMI driver provided with the operating system to runfor Dell Update Packages.----------------------------------------------------------------------Dell Embedded Open Manage Server Administrator----------------------------------------------------------------------The Dell Update Package for Dell Embedded OpenManage Server Administrator can only be applied in a pre-operating system environment that uses ELI through the Dell OpenManage(TM) Deployment Toolkit (DTK).----------------------------------------------------------------------DRAC 5 firmware----------------------------------------------------------------------* Before updating the DRAC firmware, ensure that the followingconditions are met:- USB is enabled- IPMI is working properly- DRAC Virtual Flash is not in use either by the operating systemor by any other application* The Linux DUP in this release may not work on RHEL 5. It works onearlier versions of RHEL. In cases where it does not work, use theweb pack to perform this update.----------------------------------------------------------------------Power Supply Unit firmware----------------------------------------------------------------------* Power Supply Unit firmware updates can be performed only on LifeCycle Controller enabled systems.----------------------------------------------------------------------All PERC firmware and all SAS firmware----------------------------------------------------------------------* Do not run storage controller update packages if the controller isin use by other applications.The firmware upgrade may fail if any of the RAID controllers in the system are performing an I/O background task (consistencycheck, background initialization, rebuild, or reconstruction).Allow the background task to complete before attempting to upgrade the firmware. "Patrol Read" tasks will not affect a firmwareupgrade.* Linux systems running one or more applications that interact with SCSI devices in certain ways are known to cause a kernel panicsituation. Therefore, it is recommended that you stop DellOpenManage Server Administrator and Dell OpenManage ServerAdministrator Storage Management Service before runningstorage controller firmware update packages.To stop the Dell OpenManage Server Administrator service,run "omconfig system webserver action=stop"To start the Server Administrator service,run "omconfig system webserver action=start"To stop the Server Administrator Storage Management Service,run "/etc/init.d/dataeng stop"To start the Server Administrator Storage Management Service,run "/etc/init.d/dataeng start"----------------------------------------------------------------------PERC 4 firmware----------------------------------------------------------------------* Firmware updates require a reboot to take effect.* PERC 4 update packages may fail if the system has an older version of the Megaraid controller driver installed. To correct the problem, update the Megaraid controller driver to version 2.20.4.5 or later.* The firmware update fails on ESX server. Use DTK to perform the upgrade.----------------------------------------------------------------------PowerVault MD1000 firmware----------------------------------------------------------------------* The PowerVault update procedure requires the RAID controller to be in a known good state. If a problem occurs with the RAIDcontroller during the update procedure, and the Update Packagescannot communicate with the PowerVault system, inventory itsfirmware version, or perform the update. (138462)----------------------------------------------------------------------PowerVault MD1000 firmware----------------------------------------------------------------------* Stop all input/output to the PowerVault MD1000 before runningthe PowerVault MD1000 firmware update package.* WARNING: THE SERVER MUST BE REBOOTED AFTER UPDATING THE FIRMWARE ON MD1000 ENCLOSURES IN ORDER TO MAINTAIN ENCLOSURE MANAGEMENT. ACCESS TO THE ENCLOSURES WILL BE LOST IF THE SERVER IS NOT REBOOTED.* When prompted for reboot after the update, select "Yes".----------------------------------------------------------------------PowerVault PV100T DDS4 firmware and all PowerVault PV110T firmware(PV110T DDS4, PV110T DAT72, PV110T LTO1, PV110T LTO2, PV110T LTO2-L,PV110T LTO3-HH, PV110T LTO4, PV110T SDLT320, PV110T LTO3,PV110T DLT VS80, PV110T DLT VS160, and PV110T SDLT)----------------------------------------------------------------------* Before executing the firmware update, stop all tape backupactivity and place all scheduled jobs on hold.* After the firmware update is completed, restart your system forthe updates to take effect.* Note: Tape automation devices are not supported by Dell UpdatePackages. Disconnect or power off such devices beforeexecuting Dell Update Packages.The tape automation devices are as follows:1. PowerVault PV120T2. PowerVault PV122T3. PowerVault PV124T4. PowerVault PV128T5. PowerVault PV130T6. PowerVault PV132T7. PowerVault PV136T8. PowerVault PV160T9. PowerVault ML6000----------------------------------------------------------------------NIC firmware----------------------------------------------------------------------Broadcom NIC firmware updates are not supported on 8th generationsystems but are supported on newer systems provided the hardware ispresent.----------------------------------------------------------------------Dell Embedded Open Manage Server Administrator (Open Manage VIB)----------------------------------------------------------------------DUP will support updating the OMSA for ESXi 4.0 U1.Note: You cannot perform the DUP Update of OMSA for ESXi 4.1 due toVMware code changes in the update mechanism.###################################################################### Information in this document is subject to change without notice.(C) 2010 Dell Inc. All rights reserved.Reproduction of these materials in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden.Trademarks used in this text: “Dell”, "PowerVault", "PowerEdge" and “OpenManage” are trademarks of Dell Inc.; “Intel” is a registered trademark of Intel Corporation; “Red Hat” and “Red Hat Enterprise Linux” are registered trademarks of Red Hat, Inc.; “SUSE” is a registered trademark of Novell, Inc. in the United States and other countries; “VMware” is a registered trademark and “ESX Server” is a trademark of VMware, Inc.; “Citrix” and “XenServer” are either trademarks or registered trademarks of Citrix Systems, Inc. in the United States and/or other countries.Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.The software contained in a Dell Update Package for Linux is an aggregate of third party programs as well as Dell programs. Use ofthe software is subject to designated license terms. All Softwarethat is designated as "under the terms of the GNU GPL" may be copied, distributed and/or modified in accordance with the terms and conditions of the GNU General Public License, Version 2, June 1991.All software that is designated as "under the terms of the GNU LGPL" (or "Lesser GPL") may be copied, distributed and/or modified in accordance with the terms and conditions of the GNU Lesser General Public License, Version 2.1, February 1999. Under these GNU licenses, you are also entitled to obtain the corresponding source files by contacting Dell at 1-800-WWW-DELL. Please refer to the Open Manage Open Source DVD. There may be a nominal fee charged to you for the physical act of transferring a copy.December 2010。

Secure Boot for Linux on HPE ServersEnhanced security for your Linux environmentContentsWhat is Secure Boot? (2)Chain of trust (2)HPE Server support for Secure Boot (3)Limitations of Secure Boot (3)Secure Boot on HPE Servers (3)Enabling/Disabling Secure Boot (3)Signing a kernel module and loading the associated key in the MOK (4)Building and Booting a Custom Kernel (6)Resources (8)Technical white paperSecure Boot for high performance computing software, as defined inthe UEFI specification, provides an industry standard defense against potential malware attacks. Without Secure Boot, malware can attack systems during pre-boot by targeting the system-embedded firmware during the interval between BIOS initiation and operating system load. Malware inserted at this point compromises the security of the operating system, no matter how secure. Secure Boot protects the system by preventing the insertion of malware during the pre-boot process.This technical white paper introduces Secure Boot technology and explains what it is, how it works and how to use it on UEFI-basedHPE servers running Linux®.What is Secure Boot?Secure Boot, a high performance computing software solution, is a method to restrict which binaries can be executed to boot the system. With Secure Boot, the system BIOS will only allow the execution of boot loaders that carry the cryptographic signature of trusted entities. In other words, anything run in the BIOS must be “signed” with a key that the system knows is trustworthy. With each reboot of the server, every executed component is verified. This prevents malware from hiding embedded code in the boot chain.Secure Boot is:•Intended to prevent boot-sector malware or kernel code injection.•Hardware-based code signing.•Extension of the UEFI BIOS architecture.•Optional with the ability to enable or disable it through the BIOS.For a more detailed description of what Secure Boot is and how it works, see the Resources section.Chain of trustSLES, RHEL 7.0, and greater distributions support a chain of trust which goes down to the kernel module level. Loadable kernel modules must be signed with a trusted key or they cannot be loaded into the kernel.The following trusted keys are stored in UEFI NVRAM variables:•Database (DB)—Signature database that contains well know keys. Only binaries that can be verified against the DB are executed by the BIOS.•Forbidden Signature Database (DBX)—Keys that are blacklisted. Attempting to load an object with a key that matches an entry in the DBX will be denied.•Machine Owner Key (MOK)—User added keys for kernel modules they want to install.•Platform Key (PK)—The key installed by the hardware vendor.•Key Exchange Key (KEK)—The key required to update the signature database.The user must have physical access to the system console to add/modify keys or enable/disable Secure Boot through the UEFI configuration menu.The default boot loader on most UEFI enabled servers running Linux is grub2 or elilo. With Secure Boot enabled, an additional “shim” boot loader is needed. When booting in Secure Boot mode, the shim loader is called first since it contains a trusted signature. The shim will then load grub2 or elilo which loads the OS kernel which is also signed.HPE Server support for Secure BootHPE Gen9 servers and greater with UEFI enabled will support Secure Boot. To determine whether Secure Boot is supported on a specific platform and enabled or disabled by default, please check the system specifications.Some Linux distributions extend the chain of trust to the kernel module. Consult the distribution’s documentation for what level of Secure Boot support is provided.Limitations of Secure BootWith Secure Boot enabled, some actions on a Linux system are either limited or restricted.•Hybrid ISO images are not recognized as bootable on UEFI systems. Thus, UEFI booting from USB devices is not supported.•Boot loader, kernel, and kernel modules must be signed.•kexec and kdump are disabled.•Hibernation (suspend on disk) is disabled.•Read and Write access to /dev/kmem and /dev/mem is not possible, not even as root user.•Access to I/O port is not possible, even as root user. All X11 graphical drivers must use a kernel driver.•PCI BAR access through sysfs is not possible.•custom_method in ACPI is not available.•acpi_rsdp parameter does not have any effect on the kernel.Secure Boot on HPE ServersTo determine if Secure Boot is enabled, run the following command in Linux:mokutil --sb-stateEnabling/Disabling Secure BootTo enable or disable Secure Boot do the following:1.During system boot, press F9 to run the System Utilities.2.Select “System Configuration”.3.Select “BIOS/Platform Configuration (RBSU)”.4.Select “Server Security”.5.Select “Secure Boot Configuration”.6.Select “Enable Secure Boot” to toggle the state on or off (see Figure 1).7.Exit the all RBSU menu screens using the Esc key.For more information, see the HPE UEFI System Utilities User Guide.Figure 1. Enabling Secure Boot through the HPE Server BIOSNote for SLES installationsIf you want to use Secure Boot with SLES, it is advisable to make sure that Secure Boot is enabled prior to installing the operating system. If it is not enabled prior to the installation of SLES, the system may not include all the components needed for Secure Boot. RHEL installations do not have these limitations.Signing a kernel module and loading the associated key in the MOKA Machine Owner Key (MOK) is a type of user generated key that is used to “sign”, or authenticate as trustworthy, an Extensible Firmware Interface (EFI) binary. MOK gives you ownership of the boot process by allowing you to run locally-compiled kernels or boot loaders not delivered with the Linux distribution. This means that you can install custom kernel or kernel modules that are compatible with UEFI Secure Boot. For more information, see the Administration Guide for your Linux distribution.To authenticate a kernel module and load the associated key in the MOK, complete the following steps:1.Generate a certificate/key pair with the following command:# openssl req –new –x509 –newkey rsa:2048 –sha256 –keyout key.asc –out cert.der –outform der –nodes –days 4745 –subj “/CN=$USER/”2.If necessary, sign the kernel module with a private key:# /usr/src/linux/scripts/sign-file sha256 key.asc cert.der e1000e.ko3.Move cert.der to the EFI partition4.To load the public certificate into the MOK, run the following as the root user on the operating system:# mokutil --import cert.derNoteSome certificates require a password to allow them to be loaded, if so:Input password:Input password again:5.Select “y” and the process is complete with the certificate loaded.Figure 2. Loading a public certificate into the MOKBuilding and Booting a Custom KernelTo boot a custom compiled kernel with Secure Boot enabled, it must be signed with a certificate known to the BIOS. The following SLES example illustrates how this is done.1.Enable Secure Boot on the system (see earlier section).2.Go to the kernel source directory:$ cd /usr/src/linux3.Get a copy of the current configuration file:$ RELEASE=`uname -r`$ cp /boot/config-${RELEASE} .config4.Add automatic module signing to the configuration file:Reference: /wiki/Signed_kernel_module_supportEither edit the .config file manually and add the following: CONFIG_MODULE_SIG_ALL=yOr use “make menuconfig” and check the “Automatically sign all modules”:--- Enable loadable module support[*] Forced module loading[*] Module unloading[*] Forced module unloading[*] Module versioning support[*] Source checksum for all modules[*] Module signature support[ ] Check module signatures by default[ ] Require modules to be validly signed[*] Automatically sign all modules[*] Support for blacklisting module signature certificates[*] Allow modules signed with certs stored in UEFI5.Create your own personal key:Reference: /openSUSE:UEFI see “Booting a Custom Kernel”$ cd /usr/src/linuxNoteYou only need to create and register a key once. Multiple kernels can be signed with the same key.6.Create a custom X.509 key and certificate used for signing:$ openssl req -new -x509 -newkey rsa:2048 -sha256 -keyout key.asc -out cert.der -outform der -nodes -days 4745 -subj “/CN=$USER/"7.Package the key and certificate as PKCS#12 structure:$ openssl pkcs12 -export -inkey key.asc -in cert.pem -name kernel_cert -out cert.p128.Generate the NSS database for use by pesign:$ certutil -d . -N9.Import the key and certificate contained in PKCS#12 into the NSS database:$ pk12util -d . -i cert.p1210.To allow unsupported modules to load, edit the /etc/modprobe.d/unsupported-modules file and add “allow_unsupported_modules 1”:$ vi /etc/modprobe.d/unsupported-modules11.It is advisable to modify the “Makefile” and add something to “EXTRAVERSION =” so your new kernel is installed beside the existingkernel instead of overwriting it.$ vi Makefile12.Build the kernel/modules and install them:$ make$ make modules_install$ make install13.Get the version of your new kernel:$ RELEASE=`cd /usr/src/linux ; make kernelrelease` ; echo $RELEASE14.Create initramfs for the new kernel:$ /sbin/mkinitrd -k /boot/vmlinuz-${RELEASE} -i initrd-${RELEASE}15.Setup bootloader configuration file:$ /sbin/update-bootloader --name ${RELEASE} --image /boot/vmlinuz-${RELEASE} --initrd/boot/initrd-${RELEASE} --add --force16.Manually sign the kernel:$ pesign -n . -c kernel_cert -i arch/x86/boot/bzImage -o vmlinuz.signed –s$ mv vmlinuz.signed /boot/vmlinuz-${RELEASE}17.List the signatures for the kernel image:$ pesign -n . -S -i /boot/vmlinuz-${RELEASE}18.Convert the certificate to DER format for import into the UEFI BIOS or MOK:$ openssl x509 -in cert.pem -outform der -out cert.der19.Copy the certificate to the EFI partition so you can import it:$ cp cert.der /boot/efi/cert.derNoteThe SLES “mokutil” utility can also be used to queue up the inclusion of a new key. It will cause “MokManager.efi” to be run automatically.20.Reboot the system to the UEFI shell.Sign up for updates© Copyright 2014, 2017–2018 Hewlett Packard Enterprise Development LP. The information contained herein is subject tochange without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.Red Hat is a registered trademark of Red Hat, Inc. in the United States and other countries. Linux is the registered trademark of21. Add the new key to MOK database:a. Run the “MokManager.efi” utility;b. Scroll down to “Enroll key from disk” and hit RETURN;c. Navigate to the “cert.der” file you copied to disk earlier, select it and hit RETURN;d. Follow the directions to enroll the key; ande. Choose “Continue boot” to exit.22. Run “grub.efi” and boot your new kernel as normal.Resources• Using MOK and UEFI Secure Boot with SUSE Linux• UEFI home page where you can find the current UEFI specifications• Blog posts by Olaf Kirch and Vojtěch Pavlík (the chapter above is heavily based on these posts): – /blogs/uefi-secure-boot-plan/– /blogs/uefi-secure-boot-overview/– /blogs/uefi-secure-boot-details/• UEFI with openSUSE• SUSE Linux Enterprise Server 11 SP4 Administrator Guide• UEFI Secure Boot with Red Hat®• Fedora UEFI Secure Boot GuideLearn more at HPE Secure Compute Lifecycle。

Linux服务器上部署搭建Jupyternotebook【详细教程】Linux 服务器上部署搭建 Jupyter notebook【详细教程】1. 需要是Linux服务器2. 已经在服务器上安装好anaconda3,若还未安装好，可参考该博客3. 请按照顺序依次执⾏下⾯的指令安装1. 执⾏如下命令，安装jupyter notebookconda install jupyter基本上anaconda3安装成功的话，是默认jupyter已经安装过的，这⾥是重复确认⼀下。

配置1. ⽣成jupyter配置⽂件jupyter notebook -generate-config该命令执⾏后会⽣成⼀个./jupyter/jupyter_notebook_config.py的⽂件，你需要打开该⽂件，该⽂件的位置基本就是在本⽬录，较为容易找到。

2. 修改Jupyter_notebook_config.py该配置⽂件c.NotebookApp.ip = '' # 设置访问IPc.NotebookApp.open_browser = False # 默认不⾃动打开浏览器c.NotebookApp.password = '' # 输⼊刚刚⽣成的密钥c.NotebookApp.port = 8888 # 设置端⼝，其他端⼝应该也是可以的c.NotebookApp.notebook_dir = '' # 设置Jupyternotebook 打开的根⽬录1. 上述代码c.NotebookApp.ip = ''的设置，需要你在你的linux服务器上运⾏ifconfig命令，可以看到⼀个或多个ip地址，选择⼀个填⼊即可，这⾥以我的为例；2. 上述代码c.NotebookApp.password = ''的设置，需要你在服务器上依次执⾏如下命令：pythonfrom notebook.auth import passwdpasswd()⼤概如图：然后运⾏完passwd()之后会得到⼀串密码，你需要将这串密码保存下来，放⼊c.NotebookApp.password = ''⾥⾯。