Blog Entry
Search
Share This
Most Popular
Who's online
User login
ConsoleOne with data store on Linux
3587
There are several customers that have reported problems when trying to run ConsoleOne remotely against domain data that is stored on Linux.
The data/information in this blog can also be found as a TID. #3036467. I am posting on my blog and a few other places in order to get the word out. We want to share our ideas for a solution and see what other solutions are suggested.
Here is the problem:
How to avoid data corruption when running remote ConsoleOne against domain data store at Linux.
The resolution depends on the platform of the workstation that the ConsoleOne is running on and the type of connection that the workstation has with the Linux server.
If the Linux server is OES, you will need to turn on "CROSS PROTOCOL LOCKS" on the OES server. Enabling this lock will make OES recognize file lock issues through both SAMBA and NCP client connections. This lock can be enabled through ncpcon. In ncpcon, type "set CROSS_PROTOCOL_LOCKS=1" or add this line "CROSS_PROTOCOL_LOCKS 1" to the /etc/opt/novell/ncpserv.conf file. There is a limitation to this too. It only applies to Windows workstations. The Novell Client for Windows allows the ncp protocol to correctly enforce this. The Novell Client for Linux does not have this functionality yet.
If the Linux server is SLES, and the connection is SAMBA, meaning ConsoleOne is running on a Windows workstation, run the GroupWise 7.0.2 or newer code. This has been modified to enforce the advisory lock.
Note: Do not run Linux version of ConsoleOne on a remote Linux server or SLED until the Novell Client for Linux defect is fixed.
Note: Do not run Linux version of ConsoleOne on remote Linux workstation using NFS connection to the Linux server.
Our intention is for the next generation of GroupWise administration to use its own client/server technology to eliminate the problems above.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
We have also requested the additional documentation be made available and the readme updated.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Now that we have explained the problem and the work around, we are working on a few ideas on how to either prevent the problem or at least alert the administrator to the potential of a problem. Here are a few of the current proposals:
One suggestion: We should look into the possibility of detecting that the connection is over a mount and display some UI at run time. The UI would alert the Administrator to a possible problem.
Another related suggestion: The snapins could look for the uid.run file in the domain directory and assume it is a Linux machine if it exists. If it does we could throw up a warning telling them to make sure they have configured the cross protocol locks correctly.
This type of solution has a few disadvantages:
1) It will become a nuisance because it will come up every time.
2) In spite of our desire for customers to do otherwise, many people run their agents as a root user. Therefore, the uid.run file may not be present.
3) From what I understand, this issue only affects OES flavors of Linux using NSS volumes. The snapins would not only have to search for the uid.run file, but would also have to determine if the distribution was OES and the domain was on an NSS volume.
Another Proposal
An additional question has been submitted: Can the C1 GW snapins create files on the fly? My suggestion would be to have the snapins search for a file, if it does not exist, prompt the user for OS and whether the volume is NSS. From the answers given, show error message if necessary and then write a file so that the message will not be shown again for that specific domain.
There may be an OS call that could be made to interrogate the volume info rather than prompting the user to tell us whether or not it's NSS.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
That is the discussion so far. Anyone have any other suggestions or preferences?
Dean
Related Articles
User Comments
Console one on remote Linux
Submitted by adamwgray on 9 April 2009 - 10:35pm.
Dean:
You could ssh to the remote server and run it there. That will work on SLED, Linux, or Mac as the client and it connects to SLES or OES.
simply
ssh -Y user@server
cd /usr/ConsoleOne/bin
./ConsoleOne
Presto. You are running your console one without worry of corruption. Also, you can use vnc loaded on the server. Not great with the lack of encryption and all. I will only use the vnc route across a vpn or slow connection. For fast connection ssh forwarding is great.
-AG
- Login to post comments
Re: ConsoleOne on Remote Linux...
Submitted by dlythgoe on 13 April 2009 - 12:57pm.
Thanks Adam - this is a great suggestion! However, not exactly the problem. The problem is not just how to do it successfully, but is to help prevent inexperienced Linux users from doing something they did not intend.
Having many options certainly helps and we appreciate and welcome any/all comments. The more information on what can and should be done, will help avoid some of the pit falls.
Dean
- Login to post comments
What about without Samba ?
Submitted by iblackwood on 14 April 2009 - 12:34am.
Hi Dean,
Is Cross_protocol_locks required if Samba is not used ? Say only NCP and local (Linux C1 on GW Server) ?
On the subject of running C1 on the GW Linux server directly, this works fine until your GroupWise system goes beyond one box. Then you end up mounting remote file systems to manage it - which gives the same file locking challenges...
You might want to blog on the Linux C1's GW mount prefix to all - I see bulk confusion where people change paths in Linux C1 (linux path) and then have issues in Windows C1 (UNC path) accessing the same domains and POs. :-)
Cheers
Ian
- Login to post comments
Re: Samba
Submitted by dlythgoe on 15 April 2009 - 2:44pm.
Response provided by Patti Brooks....GroupWise Engineering QA
CROSS_PROTOCOL_LOCKS only affects OES NCP (not SAMBA).
Running a Linux ConsoleOne on the local Linux box (or via ssh) is fine, but you should not run a Linux ConsoleOne against a remote Linux store.
Corrections to the TID:
- The uid.run file is created, even if the agents are being run as root.
- Should remove SAMBA from: "Enabling this lock will make OES recognize file lock issues through both SAMBA and NCP client connections."
Dean
- Login to post comments
Solution???
Submitted by dlythgoe on 15 April 2009 - 2:45pm.
Engineering is now suggesting the following solution:
A proposal for 8.0.1
When the Linux agents are launched, they will auto-detect if the CROSS_PROTOCOL_LOCKS is set. If it is not set, then the setting will be made on the server and added to the ncpserv.conf file and then eDir is restarted so that the setting takes effect.
Then a ncpChecked file is written to the domain or post office directory so that the check isn't made again. In ConsoleOne, if a uid.run file is present, but the ncpChecked file is not, then a warning will display.
Thoughts??
Dean
- Login to post comments
GroupWise Administration
Submitted by bbecken on 28 April 2009 - 7:15am.
Dean Said:
"Our intention is for the next generation of GroupWise administration to use its own client/server technology to eliminate the problems above."
What generation/version/codename of GroupWise are you referring too?
Right now we are able to limit our Support Personnal's access to certain Domains/Post Offices. I hope the new version incoprorates options to limit/lock Support people out of "Domain Settings" so that cannot override Domain settings. I'd also like to see a GroupWise "Changelog" so that when a Support person changes a settings, I can see Who made the change.
- Login to post comments
Re: GroupWise Administration
Submitted by dlythgoe on 29 April 2009 - 7:14am.
There is some outstanding prioritization work that is still being done. We have targeted both the Windermere and/or Monterrey release for this functionality. The functionality is basically allowing access to domain databases over TCP/IP and not a mapped drive. It does not refer to being able to control 'actual' access to a domain or from performing certain actions. In fact, some of the design we have been talking about has to do with 'Roles' and allowing certain administrative tasks to be completed by people other than administrators.
Hope that explains the functionality intent we are designing.
Dean
- Login to post comments
GroupWise 8.0.0hp2
Submitted by bbecken on 28 April 2009 - 7:19am.
Since HP2 is suppose to be released in May/June is there a changelog of what is being fixed and not being fixed?
- Login to post comments
Re: GroupWise 8.0 HP2
Submitted by dlythgoe on 29 April 2009 - 7:17am.
When we release the Hot Patch, we will also post a change log/readme where all of the fixes and changes made to the hot patch will be listed. That has become our standard practice for Hot Patches. Not so much for Support Packs or major releases just because of the volume of changes involved. However, we will still provide documentation on the newest features, largest changes and significant changes in functionality.
Dean
- Login to post comments
I like this idea
Submitted by DGerisch on 23 June 2009 - 9:29pm.
It has the advantage that the problem is solved for every admin in the system as soon as the newest code is used.
- Login to post comments
Yet more evidence of Novell's lack of direction
Submitted by paulgear on 12 July 2009 - 6:34pm.
I can't believe it has taken Novell this long and there's still no web-based administration interface for GroupWise. One of the proverbial jokes amongst Novell sysadmins is that every new product requires a new interface, and you still have to keep the old one around for all the things that weren't migrated to it. Here's just a short list of the crazy things a Novell site will probably need to administer their site:
NetWare: nwconfig, NRM
SLES: yast2
eDirectory: ConsoleOne AND iManager (you can't afford to be missing either one)
NSS: nssmu and MAYBE iManager if it works
ndps: ConsoleOne AND the old nwadmin
iPrint: iManager
NCS: NRM AND ConsoleOne
GroupWise: ConsoleOne
ZCM: its own web interface
IDM: IDM admin console based on Eclipse
When are we going to see a concerted effort at administrative consolidation? Pick an interface (a browser-based one if you know what's good for you) make it as reliable and functional as possible, and make ALL of your products use it. Those of us out here on the front lines trying to support Novell products are sick of being the laughingstock.
- Login to post comments
Re: Administration direction...
Submitted by dlythgoe on 15 July 2009 - 2:45pm.
Paul,
You are right. This is certainly an area that needs more focus and direction. Your comments and input have been passed onto the Product Management leadership team. Many may argue that the 'variety' appeals to them because each tool/product has unique requirements. The counter argument is that consistency goes a long way towards understanding and direction. I happen to be in the latter camp.
The debate seems to be 'which' one? In a previous blog post we suggested going to iManager and this option to standardize on this particular technology was met with a very mixed support. That said - I believe it is essential we choose one, stick with it, improve it and make it work.
Dean
- Login to post comments
12