RHEL5.2 - Can't register naviagent with EMC SAN properly

bhoros · 09-02-2008, 05:13 PM

I have 2 RHEL 5.2 Servers:
Power Path Insalled and Working
Switches Zoned and working
Naviagent install and running.

The Linux hosts and SAN are in same datacenter just different Subnets. I can not get the host to be managed by the CX3-40.

I updated the agentID.txt /etc/hosts so the HostIDfile.txt is gedtting the proper IP's

I updated the agent.config file with
user system@<sp IP's>

restarted agents even server.

I still can not get the host to be "managed" been on the phone with support and have not gotten very far.

Any tips pointers - something I missed. Sorry if this is not in the right section

MensaWater · 09-03-2008, 02:51 PM

Did you open up firewall (iptables) to allow traffic? I ran into problem until I added to iptables.

You can just run "service iptables stop" and test. If it works you know it is iptables and can add rules. If it doesn't then you know iptables wasn't "THE" problem (though it may still be "A" problem).

If they're on different subnets is there a physical firewall device or firewall config on switch/router that needs to be modified?

Are you running SELinux enabled? If so have you looked at impact it may have?

The notes I wrote for myself on updating iptables rules:

Quote:

Clariion Iptables Config - This allows the IPs of CX3-20c to talk to the host
on port 6389 udp and tcp (Port 6389 name is clariion-evr01)

To add permission to iptables on my RHEL hosts:

Verify iptables is running with iptables -L and that its last entry is to block icmp. (If not running iptables -L will only show about 3 lines.)

Then run:
1) iptables -D RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
### Deletes the icmp rule

2) iptables -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport
clariion-evr01 -j ACCEPT --src 10.0.x.1
### Opens clariion-evr01 TCP port for 10.0.x.1 (SPA on CX3-20c).

3) iptables -A RH-Firewall-1-INPUT -m state --state NEW -p udp --dport
clariion-evr01 -j ACCEPT --src 10.0.x.1
### Opens clariion-evr01 UDP port for 10.0.x.1 (SPA on CX3-20c).

4) iptables -A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport
clariion-evr01 -j ACCEPT --src 10.0.x.2
### Opens clariion-evr01 TCP port for 10.0.x.2 (SPB on CX3-20c).

5) iptables -A RH-Firewall-1-INPUT -m state --state NEW -p udp --dport
clariion-evr01 -j ACCEPT --src 10.0.x.2
### Opens clariion-evr01 UDP port for 10.0.x.2 (SPB on CX3-20c).

3) iptables -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
### Readds the icmp rule as last rule.

4) iptables-save >/etc/sysconfig/iptables
### Saves to file read on iptables start.
Step 4 is necessary so after a reboot or bounce of iptables it will re-
establish the rules

Steps assume 6389 for clariion-evr01 tcp and udp are in /etc/services already.
Entries in /etc/services were:
clariion-evr01 6389/tcp # clariion-evr01
clariion-evr01 6389/udp # clariion-evr01
Or you could just use 6389 instead of name in the rules you're adding.

Of course you'd substitute the actual IP addresses of your CX3-40's SPA and SPB for the 10.0.x.1 and 10.0.x.2 in the foregoing.

bhoros · 09-03-2008, 08:55 PM

SELinux Disabled - will double check tomorrow

Here is iptables results

]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
the

keith.evans · 04-19-2012, 11:58 AM

This post was very helpful and helped me resolved my outstanding issues.

MensaWater · 04-19-2012, 12:53 PM

It's funny how posts I've completely forgotten about still get responses after all this time. Glad it helped you. Funny thing is it appears the OP never responded whether it helped. I often wonder if folks like that got kidnapped after posting.