This chapter covers the following media and drive management topics:
This section covers basic tasks associated with library maintenance and management:
You typically need to carry out the following tasks before and after routine library maintenance:
If you need to stop Oracle HSM operations on only one library or if you need to power down a library, start by taking the library offline as described below:
Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
Finish up active archiving and staging jobs and keep any new jobs from starting. See "Idle Archiving and Staging Processes" and "Stop Archiving and Staging Processes".
Take the library offline. Use the command samcmd off library-equipment-number, where library-equipment-number is the equipment ordinal number assigned to the library in the /etc/opt/SUNWsamfs/mcf file.
Placing a library in the off state stops I/O operations and removes the library from the control of the Oracle HSM software. Any drives that have not been powered off remain in the on state. In the example, we take library 800 offline and check the result using samcmd c:
root@mds1:~# samcmd off 800 root@mds1:~# samcmd c Device configuration samcmd 5.4 14:34:04 Mar 7 2014 samcmd on hsmfs1host Device configuration: ty eq state device_name fs family_set sn 800 off /dev/scsi/changer/c1t2d0 800 lib800 li 801 on /dev/rmt/0cbn 800 lib800 li 802 on /dev/rmt/1cbn 800 lib800 li 803 on /dev/rmt/2cbn 800 lib800 li 804 on /dev/rmt/3cbn 800 lib800 hy 900 on historian 900 root@mds1:~#
When you are ready, bring the library online.
Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
Bring the library online. Use the command samcmd on library-equipment-number, where library-equipment-number is the equipment ordinal number assigned to the library in the /etc/opt/SUNWsamfs/mcf file.
The library comes online. Oracle HSM software queries the device state and updates the catalog as needed. In the example, we bring library 800 online and check the result using samcmd c:
root@mds1:~# samcmd on 800 root@mds1:~# samcmd c Device configuration samcmd 5.4 15:04:14 Mar 7 2014 samcmd on hsmfs1host Device configuration: ty eq state device_name fs family_set sn 800 on /dev/scsi/changer/c1t2d0 800 lib800 li 801 on /dev/rmt/0cbn 800 lib800 li 802 on /dev/rmt/1cbn 800 lib800 li 803 on /dev/rmt/2cbn 800 lib800 li 804 on /dev/rmt/3cbn 800 lib800 hy 900 on historian 900 root@mds1:~#
Stop here.
Many automated libraries include a loading bay that lets you add or remove media cartridges without physically entering the library. Depending on the vendor, it may be called the mailbox, mailslot, media access port (MAP), or cartridge access port (CAP). With this type of library, you can use Oracle HSM commands to carry out the following tasks:
If your library does not include a mailbox, consult the library vendor's documentation and your local site policies for instructions on adding and removing library media. When the library reinitializes following the change and audits its contents, the Oracle HSM software will update its library and historian catalogs automatically.
If the library mailbox contains media cartridges when the Oracle HSM software starts, the software automatically loads them into the library. Once the software is running, you can import media from the mailbox at any time using the following procedure:
Place media cartridge(s) in the media access port according to the library vendor's instructions.
Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
Import the cartridge(s) into the automated library. Use the command samimport library-equipment-number, where library-equipment-number is the equipment ordinal number specified for the library in the /etc/opt/SUNWsamfs/mcf file.
The Oracle HSM software assigns the media to storage slots and catalogs their locations. In the example, we import media into library 800.
root@mds1:~# samimport 800
Stop here.
Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
If required, add an informational note to the catalog record for a cartridge before exporting it. Use the command chmed -I "note" identifier, where note is a string of up to 128 characters and identifier is either of the following:
mediatype.volume-serial-number, where mediatype is one of the two-character media type codes listed in Appendix A and volume-serial-number is the six-character, alphanumeric string that uniquely identifies the volume within the library.
library-equipment-number:slot, where library-equipment-number is the equipment ordinal number specified for the automated tape library in the /etc/opt/SUNWsamfs/mcf file and slot is the slot address where the cartridge resides within the library.
The note will be retained in the historian catalog after the volume has been exported. In the example, we add a note to the catalog entry for LTO (li) cartridge VOL054:
root@mds1:~# chmed -I "To vault 20150411" li.VOL054
To move a cartridge from a specified storage slot to the mailbox, use the command samexport library-equipment-number:slot, where library-equipment-number is the equipment ordinal number specified for the automated tape library in the /etc/opt/SUNWsamfs/mcf file and slot is the slot address where the cartridge resides within the library.
In the example, we export the magnetic tape cartridge located in slot 11 of library 800:
root@mds1:~# samexport 800:11
To move a specified cartridge to the mailbox, use the command samexport mediatype.volume-serial-number, where mediatype is one of the two-character media type codes listed Appendix A and volume-serial-number is the alphanumeric string that uniquely identifies the volume within the library.
The Oracle HSM software adds the cartridge to the catalog maintained by the Oracle HSM historian. In the example, we export the LTO (li) tape cartridge VOL109:
root@mds1:~# samexport li.VOL109
Remove media cartridge(s) from the mailbox according to the library vendor's instructions.
Stop here.
Oracle Hierarchical Storage Manager library catalogs are the software's internal representation of the automated library and its contents. If the automated library is direct-attached, the Oracle HSM software has full control over the library and its contents. The library catalog entries are, accordingly, a one-to-one representation of the slots in the physical library. If the automated library is network-attached, Oracle HSM accesses only the parts of the library that the library software makes available in the form of a virtual library or library partition. So the Oracle HSM library catalog entries reflect only the contents of a portion of the library.
This section explains the following tasks:
Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
To view the most commonly used library catalog information, use the command samcmd v library-equipment-number, where library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the automated tape library.
In the example, we display the catalog for library 800
root@mds1:~# samcmd v 800 Robot catalog samcmd 5.4 16:45:25 Mar 14 2014 samcmd on samqfshost count 32 Robot VSN catalog by slot : eq 800 slot access time count use flags ty vsn 0 2016/12/14 11:23 875 0% -il-o-b----- li VOL001 1 2016/12/13 17:54 866 0% -il-o-b----- li VOL002 2 2016/12/14 11:26 3 0% -il-o-b----- li VOL003 3 2016/12/14 10:33 3 0% -il-o-b----- li VOL004 4 2016/12/14 11:34 5 0% -il-o-b----- li VOL005 5 2016/12/14 11:32 2 0% -ilEo-b----f li VOL006 MEDIA ERROR 6 2016/12/13 18:07 2 0% -il-o-b----- li VOL007 7 2016/12/13 18:07 1 0% -il-o-b----- li VOL008 8 2016/12/13 18:07 1 0% -il-o-b----- li VOL009 ... 18 2016/12/13 18:16 1 0% -il-o-b----- li VOL019 19 none 50 0% -il-oCb----- li CLN020
To determine the status of a volume using the samcmd v display, examine the entry in the flags column and consult the list below:
A means that the slot needs an audit.
C means that the slot contains a cleaning cartridge.
E means that the volume is bad or the cleaning media has expired.
L means that the volume is a Linear Tape File System (LTFS) volume.
N means that the volume is foreign media (not in Oracle HSM format).
R means that the volume is read-only (a software flag).
U means that the volume is unavailable.
W means that the volume is physically write-protected.
X means that the slot is an export slot.
b means that the volume has a bar code.
c means that the volume is scheduled for recycling.
f means that the archiver found the volume full or corrupted.
d means that the volume has a duplicate volume serial number (VSN).
l means that the volume is labeled.
o means that the slot is occupied.
p means that the volume is a high priority volume.
- means that the corresponding flag is not set.
To identify the type of media used for a volume using the samcmd v display, consult the ty column and look up the code displayed in Appendix A or in the mcf man page.
To list all information in the catalog, use the command dump_cat catalog-path-name, where catalog-path-name is the path and file name of the catalog file, as specified in the /etc/opt/SUNWsamfs/mcf file.
In the example, we dump the catalog file catalog/800_cat.
root@mds1:~# dump_cat catalog/800_cat # audit_time Wed Dec 31 17:00:00 1969 # version 530 count 32 mediatype #Index VSN Barcode Type PTOC Access Capacity ... LVTime LVPos # 0 S00001 S00001L4 li 0x747 875 512000 ... 0 0x3 1 S00002 S00002L4 li 0x5db 866 512000 ... 0 0x3 13 S00014 S00014L4 li 0 4 512000 ... 0 0 17 S00018 S00018L4 li 0 1 512000 ... 0 0 18 S00003 S00003L4 li 0 3 512000 ... 0 0
Stop here.
To update the library catalog with the reported space remaining on a removable media volume, audit the library slot. Use the command auditslot.
Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
To audit a specified tape volume, skip to EOD (end of data), and update the space available, use the command auditslot -e library-equipment-number:slot, where library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the library and slot is the location of the cartridge within the library.
The auditslot command loads the cartridge that contains the volume, reads the label, and updates the library catalog entry for the slot. Note that you cannot interrupt skipping to EOD once you start it, and, under certain conditions, it can take hours to complete. In the example we audit slot 11 in tape library 800:
root@mds1:~# auditslot -e 800:11 root@mds1:~#
To audit a specified optical volume, use the command auditslot library-equipment-number:slot[:side], where library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the library, slot is the location of the cartridge within the library, and side (optional) is the specified side of a two-sided optical disk.
In the example we audit side 1 of the volume in slot 21 of optical library 700:
root@mds1:~# auditslot 800:21:1 root@mds1:~#
Stop here.
A full audit loads each cartridge into a drive, reads the label, and updates the library catalog. Audit a library in the following situations:
after moving cartridges in the automated library without using Oracle HSM commands
when the library catalog may be unreliable (following a power outage, for example)
when you have added, removed, or moved cartridges in an automated library that has no mailbox.
To perform a full audit, use the command samcmd audit library-equipment-number, where library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the library.
Note that a full audit can take a long time, depending on the number of slots that contain media.
In the example we audit tape library 800:
root@mds1:~# audit 800 root@mds1:~#
When Oracle HSM has problems using a removable media cartridge, it sets an error flag on the corresponding catalog entry. The media may be worn, damaged, or, the case of cleaning media, expired. In such cases, the media should not be reused. But problems accessing media can also result from faults in the drive, in which case the media can be reused without difficulty. In the latter case, you need to clear the error flag for the cartridge.
Be sure that you know the nature of the problem before clearing error flags. Error flags are critical to Oracle HSM operations and to the security of your data. You do not want to clear this flag if a cartridge is actually faulty.
Once you are sure, you can clear the error and try to use the cartridge. Proceed as follows:
Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
Check the status of removable media volumes. Use the command samcmd r.
In the example, the samcmd r command shows that drive 801 has set the error flag on LTO (li) volume VOL004.
root@mds1:~# samcmd r Removable media status: all samcmd 5.4 17:40:11 Mar 13 2014 ty eq status act use state vsn li 801 -E-------r 0 0% notrdy VOL004 MEDIA ERROR MEDIA ERROR li 802 ---------p 0 0% notrdy empty li 803 ---------p 0 0% notrdy empty li 804 ---------p 0 0% notrdy empty root@mds1:~#
If the drive that set the error flag is suspect, unload the cartridge and clear the error flag. Use the command samcmd unload drive-number, where drive-number is the equipment-ordinal number specified for the drive in the /etc/opt/SUNWsamfs/mcf file.
In the example, we unload drive 801:
root@mds1:~# samcmd unload 801
To clear the media error flag for a specified volume serial number and media type, use the command chmed -E media-type.volume-serial-number, where mediatype is one of the two-character media type codes listed in Appendix A and volume-serial-number is the alphanumeric string that uniquely identifies the volume within the library.
In the example, we clear the error flag on LTO (li) volume VOL004:
root@mds1:~# chmed -E li.VOL004 3:0 li VOL004 Ail---b----- 2.3T 2.3T 0 0 800 4 0 // root@mds1:~#
To clear the media error flag for a cartridge that resides in a specified library slot, use the command chmed -E library-equipment-number:slot[:disk-side], where library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the automated tape library, slot is the slot address where the target volume resides within the library, and the optional disk-side value, either 1 or 2, specifies one of the sides of a two-sided magneto-optical disk.
In the example, we clear the error flag on the cartridge in slot 4 of library 800:
root@mds1:~# chmed -E 800:4 3:0 li VOL004 Ail---b----- 2.3T 2.3T 0 0 800 4 0 // root@mds1:~#
Update the library catalog to reflect the change. Use the command auditslot -e library-equipment-number:slot[:disk-side].
In the example, we update the catalog by auditing slot 4 of library 800:
root@mds1:~# auditslot -e 800:4 root@mds1:~#
Mount the cartridge in a different drive, and see if the error recurs. Use the command samcmd load media-type.volume-serial-number, where mediatype is one of the two-character media type codes listed in Appendix A and volume-serial-number is the alphanumeric string that uniquely identifies the volume within the library.
root@mds1:~# samcmd load li.VOL004 root@mds1:~#
Re-check the status of removable media volumes. Use the command samcmd r.
root@mds1:~# samcmd r Removable media status: all samcmd 5.4 17:42:10 Mar 13 2014 ty eq status act use state vsn li 801 ---------p 0 0% notrdy empty li 802 --l------r 0 0% ready VOL004 idle li 803 ---------p 0 0% notrdy empty li 804 ---------p 0 0% notrdy empty root@mds1:~#
If the error does not recur on the new drive, the cartridge is probably OK.
If the error recurs, consider retiring the removable media volume.
Stop here.
The Oracle Hierarchical Storage Manager historian is a pseudo-library that has a catalog but no equipment. The historian catalogs volumes that are no longer under direct Oracle HSM control. It thus maintains a record of any volumes that have been exported from a library and sent for offsite storage and volumes that are hand-loaded into standalone drives. Oracle HSM automatically updates the historian catalog when you export volumes from the library. But you can also use the historian for manual record keeping by adding and/or removing records and attaching notes. In general, you interact with the historian much as you would with a physical media library:
This section outlines the following tasks:
You view the historian catalog exactly as you would that of a physical library. Use the command samcmd v historian-equipment-number, where historian-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the historian.
In the example, we display the catalog for a historian that has the equipment ordinal number 900:
root@mds1:~# samcmd v 900 Robot catalog samcmd 5.4 16:45:25 Mar 14 2014 samcmd on samqfshost count 32 Robot VSN catalog by slot : eq 900 slot access time count use flags ty vsn 0 2016/12/14 11:23 875 0% -il-o-b----- li EXT001 1 2016/12/13 17:54 866 0% -il-o-b----- li EXT002 ... root@mds1:~#
To add an entry to the historian catalog, proceed as follows:
To add an entry to the historian catalog for a specified volume serial number, use the command samimport -v volume-serial-number -m mediatype historian-equipment-number, where:
volume-serial-number is the alphanumeric string that uniquely identifies the volume within the catalog.
mediatype is one of the two-character media type codes listed in Appendix A.
historian-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the historian.
In the example, we add a record for the LTO (li) volume EXT003 to the catalog for historian 900:
root@mds1:~# samimport -v EXT003 -m li 900 ... root@mds1:~#
To add an entry to the historian catalog for a specified barcode, use the command samimport -b barcode -m mediatype historian-equipment-number, where barcode is the barcode affixed to the corresponding physical cartridge.
In the example, we add a record for the LTO (li) volume with barcode EXT003L4 to the catalog for historian 900:
root@mds1:~# samimport -b EXT003L4 -m li 900 ... root@mds1:~#
Stop here.
To remove an entry from the historian catalog, use the command samexport historian-equipment-number:slot, where historian-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the historian and slot is the historian slot address for the record.
In the example, we remove the record for volume EXT002 in slot 1 of the catalog for historian 900:
root@mds1:~# samcmd v 900 Robot catalog samcmd 5.4 16:45:25 Mar 14 2014 samcmd on samqfshost count 32 Robot VSN catalog by slot : eq 900 slot access time count use flags ty vsn 0 2016/12/14 11:23 875 0% -il-o-b----- li EXT001 1 2016/12/13 17:54 866 0% -il-o-b----- li EXT002 2 2016/12/13 17:57 866 0% -il-o-b----- li EXT003 ... root@mds1:~# samexport 900:1 ... root@mds1:~#
You can update the information field in a historian catalog entry to note changes to the disposition or status of an exported volume. Use the command chmed -I "note" identifier, where note is a string of up to 128 characters and identifier is either of the following:
mediatype.volume-serial-number, where mediatype is one of the two-character media type codes listed in Appendix A and volume-serial-number is the alphanumeric string that uniquely identifies the volume within the library. Or use the command
library-equipment-number:slot, where library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the automated tape library and slot is the slot address where the cartridge resides within the library.
In the example, we note that LTO (li) cartridge VOL06E has been recalled from the vault, successfully validated, and returned to the vault:
root@mds1:~# chmed -I "validated and revaulted 20150310" li.VOL06A
If your automated library contains more than one drive, the order of the drives in the mcf file must be the same as the order in which the drives are seen by the library controller. This order can be different from the order in which devices are seen on the host and reported in the host's /var/adm/messages file. So whenever you configure an Oracle Hierarchical Storage Manager metadata server and datamover host, change libraries, or change the configuration of a library, you should check the drive order by carrying out the tasks listed below:
gathering drive information for the library and the Solaris host
mapping the drives in a direct-attached or ACSLS-attached library to Solaris device names (depending on the equipment that you are using).
Consult the library documentation. Note how drives and targets are identified. If there is a local operator panel, see how it can be used to determine drive order.
If the library has a local operator panel mounted on the library, use it to determine the order in which drives attach to the controller. Determine the SCSI target identifier or World Wide Name of each drive.
Log in to the Solaris host as root.
In the example, the host is named mds1:
root@mds1:~#
List the Solaris logical device names in /dev/rmt/, redirecting the output to a text file.
In the example, we redirect the listings for /dev/rmt/ to the file device-mappings.txt in the root user's home directory:
root@mds1:~# ls -l /dev/rmt/ > /root/device-mappings.txt
Now, map the drives to Solaris device names, using the procedure specific to your equipment: direct-attached tape library or ACSLS-attached library.
For each Solaris logical drive name listed in /dev/rmt/ and each drive that the library assigns to the Oracle HSM server host, carry out the following procedure:
If you are not already logged in to the Oracle HSM Solaris host, log in as root.
In the example, the host is named mds1:
root@mds1:~#
Stop all running archiving processes so that drives are not in use. See "Idle Archiving and Staging Processes" and "Stop Archiving and Staging Processes".
In a text editor, open the device mappings file that you created. Organize the file into a simple table, and save the changes.
You will need to refer to this information in subsequent steps. In the example, we have used the vi editor to delete the permissions, ownership, and date attributes from the /dev/rmt/ list, while adding headings and space for library device information:
root@mds1:~# vi /root/device-mappings.txt LIBRARY SOLARIS SOLARIS DEVICE LOGICAL PHYSICAL NUMBER DEVICE DEVICE ------- ------------- ----------------------------------------------------- /dev/rmt/0cbn -> ../../devices/pci@8.../st@w500104f00093c438,0:cbn /dev/rmt/1cbn -> ../../devices/pci@8.../st@w500104f0008120fe,0:cbn /dev/rmt/2cbn -> ../../devices/pci@8.../st@w500104f000c086e1,0:cbn /dev/rmt/3cbn -> ../../devices/pci@8.../st@w500104f000b6d98d,0:cbn :w
On the library, make sure that all drives are empty.
Load a tape into the first drive in the library that you have not yet mapped to a Solaris logical device name.
For the purposes of the examples below, we load an LTO4 tape into an HP Ultrium LTO4 tape drive.
If you are mapping the drives in a tape library, identify the Solaris /dev/rmt/ entry that corresponds to the drive that mounts the tape. Until you identify the drive, run the command mt -f /dev/rmt/number status where number identifies the drive in /dev/rmt/.
In the example, the drive at /dev/rmt/0 is empty, but the drive at /dev/rmt/1 holds the tape. So the drive that the library identifies as drive 1 corresponds to Solaris /dev/rmt/1:
root@mds1:~# mt -f /dev/rmt/0 status /dev/rmt/0: no tape loaded or drive offline root@mds1:~# mt -f /dev/rmt/1 status HP Ultrium LTO 4 tape drive: sense key(0x0)= No Additional Sense residual= 0 retries= 0 file no= 0 block no= 3
In the device-mappings file that you created in the previous procedure, locate the entry for the Solaris device that holds the tape, and enter the library's device identifier in the space provided. Then save the file.
In the example, we enter 1 in the LIBRARY DEVICE NUMBER field of the row for /dev/rmt/1:
root@mds1:~# vi /root/device-mappings.txt
LIBRARY SOLARIS SOLARIS
DEVICE LOGICAL PHYSICAL
NUMBER DEVICE DEVICE
------- ------------- -----------------------------------------------------
/dev/rmt/0cbn -> ../../devices/pci@8.../st@w500104f00093c438,0:cbn
1 /dev/rmt/1cbn -> ../../devices/pci@8.../st@w500104f0008120fe,0:cbn
/dev/rmt/2cbn -> ../../devices/pci@8.../st@w500104f000c086e1,0:cbn
/dev/rmt/3cbn -> ../../devices/pci@8.../st@w500104f000b6d98d,0:cbn
:w
Unload the tape.
Repeat this procedure until the device-mappings file holds entries that map all devices to Solaris logical device names. Then save the file and close the editor.
root@mds1:~# vi /root/device-mappings.txt LIBRARY SOLARIS SOLARIS DEVICE LOGICAL PHYSICAL NUMBER DEVICE DEVICE ------- ------------- ----------------------------------------------------- 2 /dev/rmt/0cbn -> ../../devices/pci@8.../st@w500104f00093c438,0:cbn 1 /dev/rmt/1cbn -> ../../devices/pci@8.../st@w500104f0008120fe,0:cbn 3 /dev/rmt/2cbn -> ../../devices/pci@8.../st@w500104f000c086e1,0:cbn 4 /dev/rmt/3cbn -> ../../devices/pci@8.../st@w500104f000b6d98d,0:cbn :wq root@mds1:~#
Stop here. Keep the mappings file for later use.
If you are not already logged in to the Oracle HSM Solaris host, log in as root.
In the example, the host is named mds1:
root@mds1:~#
Stop all running archiving processes, so that drives are not in use. See "Idle Archiving and Staging Processes" and "Stop Archiving and Staging Processes".
In a text editor, open the device mappings file that you created. Organize the file into a simple table.
You will need to refer to this information in subsequent steps. In the example, we are using the vi editor to delete the permissions, ownership, and date attributes from the /dev/rmt/ list, while adding headings and space for library device information:
root@mds1:~# vi /root/device-mappings.txt SOLARIS LOGICAL DEVICE DEVICE SERIAL NUMBER ACSLS DEVICE ADDRESS ---------------------- -------------------- -------------------------------- /dev/rmt/0 /dev/rmt/1 /dev/rmt/2 /dev/rmt/3
For each logical device name listed in /dev/rmt/, display the serial number using the command luxadm display /dev/rmt/number, where number identifies the drive in /dev/rmt/.
In the example, we obtain HU92K00200, the serial number of device /dev/rmt/0:
root@mds1:~# luxadm display /dev/rmt/0 DEVICE PROPERTIES for tape: /dev/rmt/0 Vendor: HP Product ID: Ultrium 4-SCSI Revision: G25W Serial Num: HU92K00200 ... Path status: Ready root@mds1:~#
Then, using a text editor, enter the serial number of each device in the corresponding row of your device-mappings.txt file.
In the example, we record the serial number for device /dev/rmt/0 in the device-mappings.txt file using the vi editor:
root@mds1:~# vi /root/device-mappings.txt
SOLARIS LOGICAL DEVICE DEVICE SERIAL NUMBER ACSLS DEVICE ADDRESS
---------------------- -------------------- --------------------------------
/dev/rmt/0 HU92K00200
/dev/rmt/1
/dev/rmt/2
/dev/rmt/3
For each device serial number mapped to /dev/rmt/, obtain the corresponding ACSLS drive address. Use the ACSLS command display drive * -f serial_num.
In the example, we obtain the ACSLS addresses of devices HU92K00200 (/dev/rmt/0), HU92K00208 (/dev/rmt/1), HU92K00339 (/dev/rmt/2), HU92K00289 (/dev/rmt/3):
ACSSA> display drive * -f serial_num 2014-03-29 10:49:12 Display Drive Acs Lsm Panel Drive Serial_num 0 2 10 16 331002031352 0 2 10 17 HU92K00200 0 2 10 18 HU92K00208 0 3 10 10 HU92K00339 0 3 10 11 HU92K00189 0 3 10 12 HU92K00289 root@mds1:~#
Using a text editor, enter the ACSLS address for each serial number in the corresponding row of the device-mappings.txt file. Save the file, and close the editor.
In the example, we record the information in the device-mappings.txt file using the vi editor:
root@mds1:~# vi /root/device-mappings.txt SOLARIS LOGICAL DEVICE DEVICE SERIAL NUMBER ACSLS DEVICE ADDRESS ---------------------- -------------------- --------------------------------- /dev/rmt/0 HU92K00200 (acs=0, lsm=2, panel=10, drive=17) /dev/rmt/1 HU92K00208 (acs=0, lsm=2, panel=10, drive=18) /dev/rmt/2 HU92K00339 (acs=0, lsm=2, panel=10, drive=10) /dev/rmt/3 HU92K00289 (acs=0, lsm=2, panel=10, drive=12) :wq root@mds1:~#
Stop here. Keep the mappings file for later use.
You can handle a variety of drive management tasks from the Oracle HSM interfaces, including the following:
When removable media are stored in automated libraries, file-system archiving and staging processes automatically load cartridges into drives as required. But you can also load cartridges on demand when managing removable media files, backing up the Oracle HSM configuration, or recovering a file system. This section covers the following tasks:
This section covers the following tasks:
Use the command samcmd load library-equipment-number:slot[:disk-side], where library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the automated tape library, slot is the slot address where the target volume resides within the library, and the optional disk-side value, either 1 or 2, specifies one of the sides of a two-sided magneto-optical disk.
The cartridge is loaded in the next available drive in the library. In the example, we load the magnetic tape cartridge located in slot 11 of library 800:
root@mds1:~# samcmd load 800:11
Use the command samcmd load mediatype.volume-serial-number, where mediatype is one of the two-character media type codes listed in Appendix A and volume-serial-number is the alphanumeric string that uniquely identifies the volume within the library.
The cartridge is loaded in the next available drive in the library. In the example, we load the LTO (li) tape cartridge VOL109:
root@mds1:~# samcmd load li.VOL109
Use the command samcmd unload drive-equipment-number, where drive-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the drive.
The cartridge is unloaded, even if the drive is unavail. In the example, we unload drive 801:
root@mds1:~# samcmd unload 801]
The Oracle HSM software treats standalone, removable-media drives as if they were small, single-slot libraries with their own catalogs.
To load a standalone drive, place the cartridge in the drive according to the manufacturer's instructions. The Oracle HSM system recognizes that the cartridge is loaded, reads the label, and updates the catalog for the drive.
To unload a standalone drive, proceed as follows:
Idle the drive. Use the command samcmd idle drive-equipment-number, where drive-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the drive.
When a drive is idled, the Oracle HSM software finishes any current archiving processes that use the drive but does not start any new ones.
root@mds1:~# samcmd idle 801
Wait until Oracle HSM finishes and turns the drive off.
You can check on the status of the drive using the command samcmd r.
Remove the cartridge according to the vendor's instructions.
Stop here.
If you are using a standalone drive or if you store required cartridges in a vault or some other location outside the library, the Oracle HSM software can send email to a specified address when it needs an operator to load a non-resident cartridge. To enable this feature, follow the procedure below:
Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
Copy the file load_notify.sh from the directory /opt/SUNWsamfs/examples/ to the directory /etc/opt/SUNWsamfs/scripts/.
Note that the command below is entered as a single line—the line break is escaped by the backslash character:
root@mds1:~# cp /opt/SUNWsamfs/examples/load_notify.sh \ /etc/opt/SUNWsamfs/scripts/ root@mds1:~#
Open the file /etc/opt/SUNWsamfs/defaults.conf in a text editor. Search for the directive exported_media. Uncomment the line or add it, if necessary, and set its value to exported_media=available.
In the example, we use the vi editor:
root@mds1:~# vi /etc/opt/SUNWsamfs/defaults.conf # These are the defaults. ... exported_media=available
In the file /etc/opt/SUNWsamfs/defaults.conf, search for the directive attended. Uncomment the line or add it, if necessary. Set its value to attended=yes. Save the file, and close the editor.
root@mds1:~# vi /etc/opt/SUNWsamfs/defaults.conf # These are the defaults. ... # These are the defaults. ... exported_media=available attended=yes :wq root@mds1:~#
Open the file /etc/opt/SUNWsamfs/scripts/load_notify.sh in a text editor. Locate the default recipient of the notification email, root.
root@mds1:~# vi /etc/opt/SUNWsamfs/scripts/load_notify.sh # Notify operator to load volume. ... # Change the email address on the following line to send email to # the appropriate recipient. /bin/ppriv -s I=basic -e /usr/bin/mailx -s "SAM-FS needs VSN $5" root <<EOF ...
In the file /etc/opt/SUNWsamfs/scripts/load_notify.sh, change the recipient of the notification email from the default, root, to the email address of the operator responsible for the non-resident volumes. Save the file, and close the editor.
In the example, we change the recipient to tapetech:
# Notify operator to load volume. ... /bin/ppriv -s I=basic -e /usr/bin/mailx -s "SAM-FS needs VSN $5" tapetech <<EOF ... :wq root@mds1:~#
Reinitialize the Oracle HSM software. Use the sam-fsd command.
The sam-fsd is an initialization command that reads Oracle HSM configuration files. It will stop if it encounters an error. In the example, no errors are found:
root@mds1:~# sam-fsd
...
Would start sam-archiverd()
Would start sam-stagealld()
Would start sam-stagerd()
Would start sam-amld()
root@mds:~#
Tell the Oracle HSM software to re-read the mcf file and reconfigure file systems and hardware accordingly. Use the command samd config:
root@mds1:~# samd config Configuring SAM-FS ... root@mds1:~#
Stop here.
Modern, Oracle StorageTek T10000D and Linear Tape Open (LTO) tape drives self-monitor and request cleaning when and as needed. The Oracle Hierarchical Storage Manager software honors these requests and automatically loads a cleaning cartridge when required. So in most cases, you need only insure that your library contains adequate cleaning cartridges and that Oracle HSM is able to locate them.
When drive-requested cleaning is not feasible, you can initiate cleaning manually. But be advised: most manufacturers emphatically discourage routine cleaning in the absence of a request from the drive. Cleaning cartridges are abrasive. Overuse can damage drives and media. So exercise caution, and follow the manufacturer's recommendations.
The remainder of this section provides instructions for the following tasks:
Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
If you plan to configure automatic cleaning (recommended) and if your library has more than two drives, make sure that you provide at least two cleaning cartridges for each file-system catalog that lists tapes in the library.
If a cleaning cartridge is unavailable when a drive requires cleaning, the Oracle HSM software sets the drive state to down until cleaning can be completed.
Place the cleaning cartridge(s) in the library mail slot (also known as the cartridge access port).
Import the cleaning cartridge(s) into the automated library. Use the command samimport library-equipment-number, where library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the library.
In the example, we place cleaning cartridges in the mail slot of library 800 and import them into the library:
root@mds1:~# samimport 800 ... root@mds1:~#
If the cleaning cartridge label reads CLEAN or starts with the letters CLN, stop here.
The Oracle HSM software recognizes the cleaning cartridge and moves it from the mailbox to a storage slot. Oracle HSM updates the library catalog, sets the cleaning media flag, and sets the access count to the maximum number of cleanings recommended for the media type (each time the cartridge is used to clean a drive, this count decrements).
If the cartridge is not labeled, flag it as cleaning media. Use the command chmed +C library-equipment-number:slot, where library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the library and slot is the location of the cleaning cartridge within the library.
In the example, we set the C (cleaning-media) flag on the cartridge in slot 31 of library 800.
root@mds1:~# chmed +C 800:31 ... root@mds1:~#
Set the access count to the maximum number of cleanings recommended for the media type. Use the command chmed -count cleanings library-equipment-number:slot, where:
cleanings is the maximum number of cleanings that the manufacturer recommends per cartridge.
library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the library.
slot is the location of the cleaning cartridge within the library.
Each time the cartridge is used to clean a drive, the cleaning count decrements. In the example, we set the count to a maximum of 50 cleanings, the maximum recommended for the LTO (type li) cleaning cartridges used in library 800:
root@mds1:~# chmed -count 50 800:31 ... root@mds1:~#
Next, enable automatic tape-drive cleaning (recommended) or stop here.
Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
If your library includes an Auto Clean feature that you wish to use, configure the feature according to the library manufacturer's recommendations. Stop here.
Now, when drives request cleaning, the library will automatically supply the required cleaning media.
If your library includes an Auto Clean feature that you do not wish to use, disable the feature according to the manufacturer's recommendations.
Open the file /etc/opt/SUNWsamfs/defaults.conf in a text editor, and enable Oracle HSM automatic cleaning. Add the line tapeclean = all autoclean on logsense on. Then save the file and close the editor.
In the example, we use the vi editor:
root@mds1:~# vi /etc/opt/SUNWsamfs/defaults.conf # These are the defaults. ... #sef = all on once ... tapeclean = all autoclean on logsense on :wq root@mds1:~#
Reinitialize the Oracle HSM software. Use the sam-fsd command.
The sam-fsd is an initialization command that reads Oracle HSM configuration files. It will stop if it encounters an error. In the example, no errors are found:
root@mds1:~# sam-fsd
...
Would start sam-archiverd()
Would start sam-stagealld()
Would start sam-stagerd()
Would start sam-amld()
root@mds:~#
Tell the Oracle HSM software to re-read the mcf file and reconfigure file systems and hardware accordingly. Use the command samd config:
root@mds1:~# samd config ... root@mds1:~#
Stop here.
Check the drive manufacturer's guidelines for manual cleaning before proceeding.
Exercise caution. Over-frequent cleaning is a common cause of drive damage. Many manufacturers now strongly discourage routine or scheduled cleanings. So make sure that you understand when your drives need to be cleaned.
Monitor the device logs for indications that drives need cleaning. There is one log in the directory /var/opt/SUNWsamfs/devlog/ for each drive-equipment-number, where drive-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the drive.
Monitor the system log file /var/adm/messages for device errors.
Clean the tape drive. Use the command cleandrive drive-equipment-number.
In the example, we clean drive 802:
root@mds1:~# cleandrive 802 ... root@mds1:~#
Stop here.
If you are archiving files to drives that have encryption capability, consider the following points when planning archiving operations:
Do not mix encryption-capable and non-encryption-capable drives in a library.
After a drive has encryption enabled, encryption cannot be disabled.
Do not mix encrypted and non-encrypted files on a tape volume.
An encryption-enabled drive cannot append encrypted files to a tape volume that contains non-encrypted data.
An encryption-enabled drive can read non-encrypted data.
For further information, consult the documentation for your drives and your encryption key-management system.
For information on encryption-capable cloud drives, see "Managing Cloud Storage".
In general, you handle drive problems according to the vendor's recommendations. But before you can start drive maintenance, troubleshooting, or repair, you may need to perform one or both of the following tasks:
Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
Finish up active archiving and staging jobs and keep any new jobs from starting. See "Idle Archiving and Staging Processes" and "Stop Archiving and Staging Processes".
Carry out the vendor-specified maintenance, diagnostic. or repair procedures.
For example, before attempting to remove a stuck cartridge, be sure to check the vendor's recommendations. Improperly removing a stuck cartridge can damage the cartridge and the drive.
When the drive is again operational, bring the library and drives online and restart archiving and staging processes. Use the procedure "Restart Archiving and Staging Processes".
Stop here.
If drive problems occur with media mounted in the drive, you may need to remove the media manually as part of the repair process. This can leave the catalog inconsistent. So follow the appropriate procedure below:
To return media to a Library does not perform an automatic audit when the library and drive are brought back online following repairs, proceed as follows:
Return the cartridge to its storage slot by hand.
In this case, the catalog has not been updated and continues to list the cartridge among the library contents. So you correct the discrepancy by putting the cartridge back in the same slot that it previously occupied.
Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
Update the Oracle HSM catalog to show that the slot is again occupied. Use the command chmed library-equipment-number:slot, where slot is the address of the slot within the library.
In the example, we update the status of slot 42 in library 800:
root@mds1:~# chmed +o 800:42 root@mds1:~#
Stop here.
If the library performs an automatic audit when the library and drive are brought back online following repairs, proceed as follows:
Place the cartridge in the library mail slot.
Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
Import the cartridge into the library. Use the command samimport library-equipment-number.
In this case, the audit has reconciled the catalog, which no longer lists the cartridge in the library. So importing the cartridge adds it to both the library and the Oracle HSM catalog. In the example, we have placed the cartridge in the mailslot of library 800 and imported it into the library.
root@mds1:~# samimport 800
Stop here.
This section covers the following topics:
Caution:
Labeling or relabeling a cartridge renders any data on the cartridge permanently inaccessible. Relabel a cartridge only if you are certain that you do not need the data that is stored on it.The labeling process writes identifying information on the recording media and initializes it for use (see ANSI X3.27-1987, File Structure and Labeling of Magnetic Tapes for Information Interchange, for full information).
When you need to label media, select the appropriate procedure below:
To automatically label write-enabled, unlabeled cartridges with a volume serial number (VSN) derived from the barcodes on the cartridges, proceed as follows.
Make sure that all barcodes are readable.
Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
Open the /etc/opt/SUNWsamfs/defaults.conf file in a text editor.
In the example, we use the vi editor to view the file:
root@mds1:~# vi /etc/opt/SUNWsamfs/defaults.conf # These are the defaults. ...
If you need to generate volume serial numbers (VSNs) from the first six characters in the corresponding barcodes, first see if Oracle HSM is set to the default value, barcodes. In the defaults.conf file, locate the line for the labels directive, if present. If the labels directive is set to barcodes, is commented out, or is not present in the file, then Oracle HSM is set to the default value, barcodes.
In the example, the defaults.conf file contains the line #labels = barcodes:
root@mds1:~# vi /etc/opt/SUNWsamfs/defaults.conf # These are the defaults. ... #labels = barcodes root@mds1:~#
If you need to generate volume serial numbers (VSNs) from the first six characters in the corresponding barcodes and if Oracle HSM is set to the default value, close the defaults.conf files without making any changes. Stop here.
When the labels directive is set to barcodes, the software automatically generates the required volume serial numbers (VSNs) from the first six characters in the corresponding barcodes. In the example, Oracle HSM is using the default setting. So we close the vi editor without saving the file:
root@mds1:~# vi /etc/opt/SUNWsamfs/defaults.conf
# These are the defaults.
...
#labels = barcodes
:q
root@mds1:~#
Otherwise, if you need to generate volume serial numbers (VSNs) from the first six characters in the corresponding barcodes, enter labels = barcodes, comment out the non-default directive, or simply delete the non-default directive. Then save the file, and close the editor.
In the example, the directive has been set to the non-default value barcodes_low. So we comment out the non-default line. We insert the line labels = barcodes. We save the modified file, and close the editor:
root@mds1:~# vi /etc/opt/SUNWsamfs/defaults.conf # These are the defaults. ... #labels = barcodes_low labels = barcodes :q root@mds1:~#
If you need to generate the volume serial number (VSN) from the last six characters in the cartridge's barcode, set the value of the labels parameter to barcodes_low. Save the file, and close the editor.
In the example, we insert the line labels = barcodes_low, save the file, and close the editor:
root@mds1:~# vi /etc/opt/SUNWsamfs/defaults.conf # These are the defaults. ... labels = barcodes_low :wq root@mds1:~#
If you edited the defaults.conf file, run the sam-fsd command.
The sam-fsd is an initialization command that reads Oracle HSM configuration files. It will stop if it encounters an error. In the example, no errors are found:
root@mds1:~# sam-fsd
...
Would start sam-archiverd()
Would start sam-stagealld()
Would start sam-stagerd()
Would start sam-amld()
root@mds:~#
If you edited the defaults.conf file, tell the Oracle HSM software to re-read the mcf file and reconfigure itself accordingly. Use the command samd config.
[metadata-server]root@mds1:~# samd config
Stop here.
Caution:
Labeling or relabeling a cartridge renders any data on the cartridge permanently inaccessible. Relabel a cartridge only if you are certain that you do not need the data that is stored on it.Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
To label a new tape that is already loaded into a drive, use the command tplabel -new volume-serial-number drive-equipment-number, where:
volume-serial-number is the required volume serial number.
drive-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the drive.
In the example, we assign the volume serial number VOL600 to the new tape cartridge in drive 803:
root@mds1:~# tplabel -new -vsn VOL600 803 root@mds1:~#
To label a new tape that resides in an automated media library, use the command tplabel -new volume-serial-number library-equipment-number:slot, where:
volume-serial-number is the required volume serial number.
library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the drive.
slot is the location of the cartridge within the library.
In the example, we assign the volume serial number VOL601 to the new tape cartridge in slot 19 of library 800:
root@mds1:~# tplabel -new -vsn VOL601 800:19 root@mds1:~#
To relabel a tape that is loaded into a drive, use the command tplabel -old old-volume-serial-number -new new-volume-serial-number drive-equipment-number, where:
volume-serial-number is the required volume serial number.
drive-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the drive.
In the example, we reinitialize the tape cartridge in drive 804, replacing the old volume serial number AZ0001 with the new volume serial number VOL120:
root@mds1:~# tplabel -old AZ0001 -vsn VOL120 804 root@mds1:~#
To relabel a tape that resides in a tape library, use the command tplabel -old old-volume-serial-number -new new-volume-serial-number library-equipment-number:slot, where:
volume-serial-number is the required volume serial number.
library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the drive.
slot is the location of the cartridge within the library.
You can reuse the existing volume serial number, if required. In the example, we reinitialize the tape cartridge in slot 23 of library 800 by relabeling it with its existing volume serial number VOL121:
root@mds1:~# tplabel -old VOL601 -vsn VOL601 800:23 root@mds1:~#
Stop here.
Log in to the file system host as root.
In the example, the host is named mds1:
root@mds1:~#
To label a new optical cartridge that is loaded into a drive, use the command odlabel -new volume-serial-number drive-equipment-number[:side], where:
volume-serial-number is the required volume serial number.
drive-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the drive.
side (optional) is the specified side of a two-sided disk.
In the example, we assign the volume serial number OD1700 to the new, single-sided optical cartridge in drive 701:
root@mds1:~# odlabel -new -vsn OD1700 701 root@mds1:~#
To label a new optical cartridge that resides in an automated media library, use the command odlabel -new volume-serial-number library-equipment-number:slot[:side], where:
volume-serial-number is the required volume serial number.
library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the drive.
slot is the location of the cartridge within the library, and side (optional) is the specified side of a two-sided disk.
In the example, we assign the volume serial number OD1701 to side 2 of the new, two-sided optical cartridge in slot 42 of library 700:
root@mds1:~# odlabel -new -vsn OD1701 700:42:2 root@mds1:~#
To relabel an optical cartridge that is loaded into a drive, use the command odlabel -old old-volume-serial-number -new new-volume-serial-number drive-equipment-number[:side], where:
volume-serial-number is the required volume serial number.
drive-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the drive.
side (optional) is the specified side of a two-sided disk.
In the example, we reinitialize the optical cartridge in drive 702, replacing the old volume serial number OD1120 with the new volume serial number OD1120 to:
root@mds1:~# odlabel -old OD0001 -vsn OD1120 702 root@mds1:~#
To relabel an existing optical cartridge that resides in an automated media library, use the command odlabel -old volume-serial-number library-equipment-number:slot[:side], where:
volume-serial-number is the required volume serial number.
library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the library.
side (optional) is the specified side of a two-sided disk.
You can reuse the existing volume serial number if required. In the example, we reinitialize the optical cartridge in slot 23 of library 700 by relabeling it with its existing volume serial number, OD1121:
root@mds1:~# odlabel -old OD1121 -vsn OD1121 800:23 root@mds1:~#
Stop here.
The Oracle Hierarchical Storage Manager software provides both on-demand and automated tools for maintaining the integrity of data files stored on removable, tape media. This section addresses the following topics:
This section covers the following tasks:
To display the Data Integrity Validation (DIV) setting, use the command samcmd L and pipe the output to the Solaris grep command and the regular expression div.
In the example, DIV is OFF:
root@mds1:~# samcmd L | grep div div OFF root@mds1:~#
To monitor the verification status of archive files during archiving, use the samu interface. Use the command samu -d a.
root@mds1:~# samu -d a Archiver status samu 5.4 22:22:31 Mar 4 2014 sam-archiverd: Archiving files sam-arfind: hsmfs1 mounted at /hsm/hsmfs1 Files waiting to start 12,576 schedule 26,695 archiving 13,120 ... sam-arcopy: qfs.arset1.2.344 ti.TKC960 Verifying archive file at position 1175
To monitor the verification status of devices during archiving, use the samu interface. Use the command samu -d s:
root@mds1:~# samu -d s Device status samu 5.4 22:27:53 Mar 4 2014 ty eq state device_name fs status sn 800 on /dev/scsi/changer/c1t2d0 800 n--------r ti 801 on /dev/rmt/0cbn 800 ---------p ... hy 805 on historian 805 ---------- ti 91 on /dev/rmt/4cbn 90 -l----oVr Verify averaging 240.9 MB/s
When you need to verify the data integrity of particular tape volumes, use the Oracle HSM tpverify command. The tpverify command supports Oracle T10000C/D, LTO, and other commonly used media. T10000C/D media are verified using Oracle Data Integrity Validation. Other formats are checked using the widely supported SCSI verify(6) command.
The following sections outline some of the ways in which tpverify can be used. See the tpverify man page for full details:
verifying the data on a tape that you have specified by library location
verifying the data on a tape that you have specified by media type and VSN
verifying ECC and DIV checksums for all blocks on a T10000C/D tape
rebuilding the Media Information Region (MIR) of a T10000C/D tape
displaying the DIV status and verification progress for a tape.
Use the command tpverify library-equipment-number:slot, where library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the automated tape library and slot is the slot address where the target volume resides within the library.
The tpverify command locates the last tape position that was verified by checking the library media catalog. It then loads the tape into the first available drive and starts validating from the point where it last stopped, using the default method—the tpverify Standard method for T10000C/D media or SCSI verify(6) for other media. The Standard method is optimized for speed and verifies the edges, beginning, end, and first 1,000 blocks of Oracle HSM media.
In the example, we validate the T10000D tape stored in slot 9 on library 800 using the Standard method:
root@mds1:~# tpverify 800:9
Use the command tpverify mediatype.volume-serial-number, where mediatype is one of the two-character media type codes listed in Appendix A and volume-serial-number is the alphanumeric string that uniquely identifies the volume within the library.
The tpverify command locates the last tape position that was verified by checking the library media catalog. It then loads the tape into the first available drive and starts validating from the point where it last stopped, using the default method—the tpverify Standard method for T10000C/D media or SCSI verify(6) for other media.
In the example, we validate LTO (li) volume VOL006 using the SCSI verify(6) command:
root@mds1:~# tpverify li.VOL006
Use the command tpverify library-equipment-number:slot device-equipment-number, where:
library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the automated tape library.
slot is the slot address where the target volume resides within the library.
device-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the drive.
In the example, we validate the T10000D tape stored in slot 17 on library 800 using drive 803:
root@mds1:~# tpverify 800:17 803
Use the command tpverify -a library-equipment-number:slot or tpverify -a mediatype.volume-serial-number, where:
library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the automated tape library.
slot is the slot address where the target volume resides within the library.
mediatype is one of the two-character media type codes listed in Appendix A.
volume-serial-number is the alphanumeric string that uniquely identifies the volume within the library.
The -a option overrides the default behavior and starts verifying from the beginning of the media, ignoring the position recorded in the media catalog.
In the example, we validate LTO (li) volume VOL016 from the beginning of the tape:
root@mds1:~# tpverify -a li.VOL016
Use the command tpverify -C library-equipment-number:slot or tpverify -C mediatype.volume-serial-number where:
library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the automated tape library.
slot is the slot address where the target volume resides within the library.
mediatype is one of the two-character media type codes listed in Appendix A.
volume-serial-number is the alphanumeric string that uniquely identifies the volume within the library.
The tpverify command locates the last tape position that was verified by checking the library media catalog. It then starts validating from the point where it last stopped, using the Complete method specified by the -C option. The Complete method is more thorough than the standard method but can also be significantly slower. It checks Error Correction Codes (ECC) on all blocks on the media.
In the example, we validate T10000D (ti) volume VOL516 using the Complete method:
root@mds1:~# tpverify -C ti.VOL516
Use the command tpverify -P library-equipment-number:slot or tpverify -P mediatype.volume-serial-number, where:
library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the automated tape library.
slot is the slot address where the target volume resides within the library.
mediatype is one of the two-character media type codes listed in Appendix A.
volume-serial-number is the alphanumeric string that uniquely identifies the volume within the library.
The tpverify command locates the last tape position that was verified by checking the library media catalog. It then starts validating from the point where it last stopped, using the Complete Plus method specified by the -P option. The Complete Plus method is very thorough but also even slower than the other methods. It checks Error Correction Codes (ECC) and Data Integrity Validation checksums on all blocks on the media.
In the example, we validate T10000D (ti) volume VOL521 using the Complete Plus method:
root@mds1:~# tpverify -P ti.VOL521
Use the command tpverify -M library-equipment-number:slot or tpverify -M mediatype.volume-serial-number, where:
library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the automated tape library.
slot is the slot address where the target volume resides within the library.
mediatype is one of the two-character media type codes listed in Appendix A.
volume-serial-number is the alphanumeric string that uniquely identifies the volume within the library.
The tpverify command rebuilds a missing or damaged media information region (MIR) on an Oracle StorageTek tape cartridge, even if the tape is marked bad in the media catalog. Rebuilding is automatically specified when MIR damage is detected.
In the example, we validate T10000D (ti) volume VOL523 using the MIR Rebuild method:
root@mds1:~# tpverify -M ti.VOL523
Use the command tpverify -c library-equipment-number:slot or tpverify -c mediatype.volume-serial-number, where:
library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the automated tape library.
slot is the slot address where the target volume resides within the library.
mediatype is one of the two-character media type codes listed in Appendix A.
volume-serial-number is the alphanumeric string that uniquely identifies the volume within the library.
The tpverify -c command cancels the current verification operation and records the last verified position on the tape in the media catalog. So you can stop a verification job to free a drive or volume for archiving or staging and then resume verification at the same point later.
In the example, we cancel verification of T10000D (ti) volume VOL533:
root@mds1:~# tpverify -c ti.VOL523
Use the command itemize -2 library-equipment-number, where library-equipment-number is the equipment ordinal number that the /etc/opt/SUNWsamfs/mcf file assigns to the automated tape library.
The itemize -2 command catalogs the media in the specified library and lists the DIV status and verification progress for each volume.
In the example, we display verification status for volumes in the library with equipment ordinal number 800. The lvtime (time last verified) fields display the time when tpverify last completed a full verification of the tape. A status field value of div indicates that the tape is DIV-capable while a value of none indicates that it is not. The lvpos (last verified position) fields show where tpverify was last canceled and where it will start when run again.
root@mds1:~# itemize -2 800 Robot VSN catalog: eq: 800 count: 60 slot access_time count use ty vsn lvtime status lvpos 0 Apr 2 16:34 6 0% ti VOL519 Apr 2 09:23 div 0 1 Apr 2 16:17 28 29% ti VOL510 Apr 2 16:17 div 0x9bb9 2 none 0 0% ti VOL511 none none 0 ... root@mds1:~#
Periodic Media Validation is the automated form of the tpverify command. This section provides instructions for maintenance tasks that may occasionally be necessary. These tasks include:
For instructions on configuring Periodic Media Verification, see the Oracle Hierarchical Storage Manager and StorageTek QFS Installation and Configuration Guide in the Customer Documentation Library (http://docs.oracle.com/en/storage/#sw).
verifyd.cmd Configuration FileTo view the verifyd.cmd file at any time or to validate the file following editing, use the command tpverify -x.
The tpverify -x command checks the /etc/opt/SUNWsamfs/verifyd.cmd file and either calls out errors or displays the contents of the file.
root@mds1:~# tpverify -x Reading '/etc/opt/SUNWsamfs/verifyd.cmd'. PMV: off Run-time: Start Time: 2200 End Time: 0500 PMV Scan: all PMV Method: Standard STA Scan: off Action: none PMV VSNs: all PMV Policy: Last Verified Age: 6m root@mds1:~#
verifyd.cmd Configuration FileTo reload the verifyd.cmd file without stopping the verification process, use the command tpverify -r.
root@mds1:~# tpverify -r root@mds1:~#
To list all defects that have been identified by Periodic Media Verification and stored in the tape defects database, use the command tpverify -l.
In the example, there are no defects in the database:
root@mds1:~# tpverify -l No defects found. root@mds1:~#
To list all defects that have been identified on a particular volume, use the command tpverify -l mediatype.volume-serial-number, where:
mediatype (optional) is one of the two-character media type codes listed in Appendix A.
volume-serial-number is the alphanumeric string that uniquely identifies the volume within the library.
In the example, there are no defects listed in the database for the LTO (ti) volume VOL514:
root@mds1:~# tpverify -l ti.VOL514 No defects found. root@mds1:~#
To delete all defects that have been identified by Periodic Media Verification from the tape defects database, use the command tpverify -d.
To delete all defects listed for a particular volume, use the command tpverify -d mediatype.volume-serial-number where:
mediatype (optional) is one of the two-character media type codes listed in Appendix A.
volume-serial-number is the alphanumeric string that uniquely identifies the volume within the library.
root@mds1:~# tpverify -d root@mds1:~# tpverify -d ti.VOL514 root@mds1:~#
To properly maintain cloud storage libraries, carry out the following tasks:
Periodically change the account passwords for all associated cloud storage accounts.
Maintain local encryption keystore files as necessary.
To maintain the security of cloud storage accounts and your access to data in the Oracle Storage Cloud, you must periodically change account passwords. When you do, you must also update the encrypted password files that give Oracle HSM software access to the cloud resources.
Whenever you are notified of the need to change the password for an account, proceed as follows:
Log in to the file system metadata server host as root.
In the example, the host name is mds1:
root@mds1:~#
Idle all archiving processes. Use the command samcmd aridle.
This command will allow current archiving and staging to complete, but will not start any new jobs:
root@mds1:~# samcmd aridle
root@mds:~#
Idle all staging processes. Use the command samcmd stidle.
This command will allow current archiving and staging to complete, but will not start any new jobs:
root@mds1:~# samcmd stidle
root@mds:~#
Wait for active archiving jobs to complete. Check on the status of the archiving processes using the command samcmd a.
When archiving processes are Waiting for :arrun, the archiving process is idle:
root@mds1:~# samcmd a
Archiver status samcmd 5.4 10:20:34 May 20 2014
samcmd on samfs-mds
sam-archiverd: Waiting for :arrun
sam-arfind: ...
Waiting for :arrun
Wait for active staging jobs to complete. Check on the status of the staging processes using the command samcmd u.
When staging processes are Waiting for :strun, the staging process is idle:
root@mds1:~# samcmd u
Staging queue samcmd 5.4 10:20:34 May 20 2014
samcmd on solaris.demo.lan
Staging queue by media type: all
sam-stagerd: Waiting for :strun
root@mds1:~#
Stop the Oracle HSM services. Use the command samd stop.
root@mds1:~# samd stop root@mds1:~#
Open a browser window, and log in to the Oracle Cloud Profile page for the cloud storage account.
From the Oracle Cloud Profile page, change the account password. Follow the instructions under "Managing Your Password" in Getting Started with Oracle Cloud.
Close the browser.
On the metadata server, update the password file for the cloud storage account. Use the command sam-cloudd -p path/filename, where:
path is the absolute path to the directory where you store the password.
filename is the name of the file that holds the password.
The command prompts you for a password.
In the example, we update the file /etc/opt/SUNWsamfs/ocld1auth:
root@mds1:~# sam-cloudd -p /etc/opt/SUNWsamfs/ocld1auth
Password:
At the prompt, enter the new password for the cloud storage account. When you are warned that the specified file already exists, confirm that the file can be overwritten.
The sam-cloudd -p path/filename command encrypts the password and stores the result in the specified file. In the example, the character string NeWp^sSwRd represents the new Oracle Storage Cloud account password:
root@mds1:~# sam-cloudd -p /etc/opt/SUNWsamfs/ocld1auth
Password: NeWp^sSwRd
root@mds1:~#
Once you have updated the password file, restart the Oracle HSM services. Use the command samd start.
root@mds1:~# samd start Configuring Oracle HSM Starting Oracle HSM sam-amld daemon root@mds1:~#
Stop here.
The new password has been encrypted and stored.
If you manage cloud library encryption keys using local keystore files, you may need to carry out the following maintenance tasks from time to time:
adding new keys to a keystore file
configuring a cloud library to use a new encryption key (rotating keys)
retiring encryption keys.
If you need to add one or more keys to an existing keystore file, proceed as follows:
If you have not already done so, log in to the Oracle HSM metadata server as root.
root@mds:~#
Before proceeding, back up the keystore file. Create one or more additional copies. To create a time-stamped backup file, use the command cp keystore_file keystore_file.`date +%F.%T`, where keystore_file is the fully qualified path and file name of the keystore file.
root@mds1:~# cp /root/cl800.ksf /root/cl800.ksf.`date +%F.%T`
root@mds1:~#
Decrypt the keystore file. Use the command decrypt -a aes -i inputfile -o outputfile, where both inputfile and outputfile are the fully qualified path and file name of the keystore file. When prompted, enter the password for the keystore file.
In the example, the keystore file is /root/cl800.ksf, where cl800 is the family set name of corresponding cloud library. The string P^ssw0rd represents the corresponding password:
root@mds1:~# decrypt -a aes -i /root/cl800.ksf -o /root/cl800.ksf Enter passphrase: P^ssw0rd root@mds1:~#
Using a text editor, open the keystore file for the cloud library, and scroll to the bottom of the file.
In the example, the keystore file contains two, three-line entries for two keys, labeled Key1 and Key2:
root@mds1:~# vi /root/cl800.ksf
# keystore file for Oracle HSM cloud library cl800
key-label = Key1
key-value = 4e6e2666f053e84ce8f1b67308c77d2d884e2c182bdaf965040c590f41ba25e3
key-hash = 1384cec4e2e81eb80bed983a484b57dcaeaccea0d98ef8d068f00fb29f522186
key-label = Key2
key-value = 240dd62a6af501fafdd693fd05b0ac5779e7f743ca09d116408c1b5ff53a1c07
key-hash = 073ffe4c4184977939195a68c8ba1c1febb4a28abda0cce121a2b9cf50435297
Using the text editor, add a line to the keystore file of the form key-label = string, where string is the alias that will indirectly identify the new key.
In the example, the new key label is Key3.
root@mds1:~# vi /root/cl800.ksf
# keystore file for Oracle HSM cloud library cl800
key-label = Key1
key-value = 4e6e2666f053e84ce8f1b67308c77d2d884e2c182bdaf965040c590f41ba25e3
key-hash = 1384cec4e2e81eb80bed983a484b57dcaeaccea0d98ef8d068f00fb29f522186
key-label = Key2
key-value = 240dd62a6af501fafdd693fd05b0ac5779e7f743ca09d116408c1b5ff53a1c07
key-hash = 073ffe4c4184977939195a68c8ba1c1febb4a28abda0cce121a2b9cf50435297
key-label = Key3
In another terminal window, create the new Advanced Encryption Standard (AES) encryption key. Use the command dd if=/dev/urandom bs=32 count=1 2>/dev/null | od -t x1 -An | tr -d '\n \t' ; echo, where:
dd is the Solaris utility that copies an input source to an output destination.
if=/dev/urandom makes the Solaris pseudorandom number generator the input source for dd.
bs=32 sets the input and output block size for dd to the maximum AES key size, 32 bytes.
count=1 tells dd to copy one 32-byte block.
2>/dev/null redirects any errors that dd generates from stderr to /dev/null.
| od pipes the output of the dd utility to od, the Solaris octal dump utility.
-t x1 specifies the type of output that od is to generate: a one byte, hexadecimal number.
-An tells od to omit an input offset address from the output.
| tr pipes the output of the dd utility to the Solaris character translation utility.
-d'\n \t' tells tr to delete all tab and newline characters from the input.
echo writes the result of the preceding command string to standard output.
In the example, the output is the new AES key ee77524f...72eec75c:
root@mds1:~# dd if=/dev/urandom bs=32 count=1 2>/dev/null | od -t x1 -An | tr -d '\n \t' ; echo
ee77524fb9ace964c7a31d68bccbec2e4dbe7c63c3197af922bd4c7d72eec75c
root@mds1:~#
Using the text editor, add a line to the keystore file of the form key-value = AES_key, where AES_key is the new key that you just generated.
In the example, the key-value is ee77524f...72eec75c:
root@mds1:~# vi /root/cl800.ksf
# keystore file for Oracle HSM cloud library cl800
key-label = Key1
key-value = 4e6e2666f053e84ce8f1b67308c77d2d884e2c182bdaf965040c590f41ba25e3
key-hash = 1384cec4e2e81eb80bed983a484b57dcaeaccea0d98ef8d068f00fb29f522186
key-label = Key2
key-value = 240dd62a6af501fafdd693fd05b0ac5779e7f743ca09d116408c1b5ff53a1c07
key-hash = 073ffe4c4184977939195a68c8ba1c1febb4a28abda0cce121a2b9cf50435297
key-label = Key3
key-value = ee77524fb9ace964c7a31d68bccbec2e4dbe7c63c3197af922bd4c7d72eec75c
In another terminal window, create a SHA-256 hash of the key label and the AES key value. Use the command print -n "KeylabelKeyvalue" | digest -a sha256, where Keylabel is the value of the key-label parameter and Keyvalue is the value of the key-value parameter.
In the example, the SHA-256 hash of Key3 and ee77524f...72eec75c is b2c73aae...26834c20:
root@mds1:~# print -n "Key3ee77524f...72eec75c" | digest -a sha256
b2c73aae8317d8b43c4e7ca3c13e6edc992555e90daa0c230444223f26834c20
root@mds1:~#
Using the text editor, add a line to the keystore file of the form key-hash = hash, where hash is the hash value that you just calculated.
In the example, the key-hash is b2c73aae...26834c20:
root@mds1:~# vi /root/cl800.ksf
# keystore file for Oracle HSM cloud library cl800
...
key-hash = 073ffe4c4184977939195a68c8ba1c1febb4a28abda0cce121a2b9cf50435297
key-label = Key3
key-value = ee77524fb9ace964c7a31d68bccbec2e4dbe7c63c3197af922bd4c7d72eec75c
key-hash = b2c73aae8317d8b43c4e7ca3c13e6edc992555e90daa0c230444223f26834c20
Save the keystore file.
root@mds1:~# vi /root/cl800.ksf
# keystore file for Oracle HSM cloud library cl800
...
key-hash = 073ffe4c4184977939195a68c8ba1c1febb4a28abda0cce121a2b9cf50435297
key-label = Key3
key-value = ee77524fb9ace964c7a31d68bccbec2e4dbe7c63c3197af922bd4c7d72eec75c
key-hash = b2c73aae8317d8b43c4e7ca3c13e6edc992555e90daa0c230444223f26834c20
:w
For each additional key that you intend to use when encrypting volumes in this cloud library, repeat steps 5 through 10.
When you have created keystore records for all required keys, close the editor.
In the example, the finished keystore file holds entries for three AES keys:
root@mds1:~# vi /root/cl800.ksf
# keystore file for Oracle HSM cloud library cl800
key-label = Key1
key-value = 4e6e2666f053e84ce8f1b67308c77d2d884e2c182bdaf965040c590f41ba25e3
key-hash = 1384cec4e2e81eb80bed983a484b57dcaeaccea0d98ef8d068f00fb29f522186
key-label = Key2
key-value = 240dd62a6af501fafdd693fd05b0ac5779e7f743ca09d116408c1b5ff53a1c07
key-hash = 073ffe4c4184977939195a68c8ba1c1febb4a28abda0cce121a2b9cf50435297
key-label = Key3
key-value = ee77524fb9ace964c7a31d68bccbec2e4dbe7c63c3197af922bd4c7d72eec75c
key-hash = b2c73aae8317d8b43c4e7ca3c13e6edc992555e90daa0c230444223f26834c20
:q
root@mds1:~#
Encrypt the keystore file. Use the command encrypt -a aes -i inputfile -o outputfile, and enter the password for this keystore file when prompted for a Passphrase.
The command parameters have the following functions:
-a aes specifies Advanced Encryption Standard.
-i inputfile specifies the absolute path and file name of the keystore file.
-o outputfile also specifies the absolute path and file name of the keystore file.
In the example, the string P^ssw0rd represents the password:
root@mds1:~# encrypt -a aes -i /root/cl800.ksf -o /root/cl800.ksf Enter passphrase: P^ssw0rd Re-enter passphrase: P^ssw0rd root@mds1:~#
Make sure that the keystore file permissions allow the owner read and write access and deny others. Use the command chmod 0600 keystore_file, where keystore_file is the fully qualified path and file name of the keystore file.
root@mds1:~# chmod 0600 /root/cl800.ksf
root@mds1:~#
Stop here.
If required, you can now configure the cloud library to use a newly added key for encryption and decryption.
You can change the key that a cloud library is currently using when encrypting volumes, either to rotate through a set of encryption keys or for some other reason. To do so, proceed as follows:
If you need to rotate through a set of keys, make sure that the keystore file contains the required number of keys. Then settle on a rotation order.
If you need to add encryption keys, do so now.
If you are adding keys to facilitate key rotation, you may want to choose key labels that reflect the desired rotation order. For example: Key1, Key2, Key3, etc.
If you have not already done so, log in to the Oracle HSM metadata server as root.
root@mds:~#
Using a text editor, open the file /etc/opt/SUNWsamfs/param-file-name, where param-file-name is the family set name for the cloud library and, thus, the name of the corresponding parameters file. Scroll down to the keylabel_name parameter.
In the example, the cloud library's family set name is cl800, so we open the parameters file /etc/opt/SUNWsamfs/cl800 and scroll down to the line keylabel_name = Key1:
root@mds1:~# vi /etc/opt/SUNWsamfs/cl800
...
keystore_type = file
keystore_name = /root/cl800.ksf
keystore_password_file = /root/cl800.ksf.pwd
keylabel_type = static
keylabel_name = Key1
In the parameters file, edit the line keylabel_name = label_of_current_key so that it reads keylabel_name = label_of_next_key, where:
label_of_current_key is the label of the key currently in use.
label_of_next_key is the label of the next key in your chosen rotation scheme.
The keystore file named in the keystore_name parameter is /root/cl800.ksf. This keystore file contains three keys with three key labels: Key1 (the label of the key that is currently in use), Key2, and Key3. So, in the parameters file, we change the line keylabel_name = Key1 to read keylabel_name = Key2, the next key in our chosen rotation order:
root@mds1:~# vi /etc/opt/SUNWsamfs/cl800
...
keylabel_type = static
keylabel_name = Key2
Save the parameters file, and close the editor.
root@mds1:~# vi /etc/opt/SUNWsamfs/cl800
...
keylabel_type = static
keylabel_name = Key2
:wq
root@mds1:~#
Stop here. The cloud library will use the specified key label to encrypt or decrypt files in the future.
When all archive copies that have been encrypted with a given key have been unarchived, you may retire the key. But you must be careful! Once you retire a cloud library encryption key, you cannot decrypt any encrypted files that remain in the cloud library.
Carefully identify the archive copies that you need to remove from the archive.
If you have not already done so, log in to the Oracle HSM metadata server as root.
root@mds:~#
Delete all archived file copies that have been encrypted with the key and key label that you intend to retire. Use the unarchive command with the options and parameters that will delete all required files.
Before proceeding further, back up the keystore file. Create one or more additional copies. To create a time-stamped backup file, use the command cp keystore_file keystore_file.`date +%F.%T`, where keystore_file is the fully qualified path and file name of the keystore file.
root@mds1:~# cp /root/cl800.ksf /root/cl800.ksf.`date +%F.%T`
root@mds1:~#
Decrypt the keystore file. Use the command decrypt -a aes -i inputfile -o outputfile, where both inputfile and outputfile are the fully qualified path and file name of the keystore file. When prompted, enter the password for the keystore file.
In the example, the keystore file is /root/cl800.ksf, where cl800 is the family set name of corresponding cloud library. The string P^ssw0rd represents the corresponding password:
root@mds1:~# decrypt -a aes -i /root/cl800.ksf -o /root/cl800.ksf Enter passphrase: P^ssw0rd root@mds1:~#
Using a text editor, open the keystore file for the cloud library, and scroll to the entry for the key that you want to retire.
In the example, the keystore file contains three, three-line entries for three keys, labeled Key1, Key2, and Key3. We need to retire Key1:
root@mds1:~# vi /root/cl800.ksf
# keystore file for Oracle HSM cloud library cl800
key-label = Key1
key-value = 4e6e2666f053e84ce8f1b67308c77d2d884e2c182bdaf965040c590f41ba25e3
key-hash = 1384cec4e2e81eb80bed983a484b57dcaeaccea0d98ef8d068f00fb29f522186
key-label = Key2
key-value = 240dd62a6af501fafdd693fd05b0ac5779e7f743ca09d116408c1b5ff53a1c07
key-hash = 073ffe4c4184977939195a68c8ba1c1febb4a28abda0cce121a2b9cf50435297
key-label = Key3
key-value = ee77524fb9ace964c7a31d68bccbec2e4dbe7c63c3197af922bd4c7d72eec75c
key-hash = b2c73aae8317d8b43c4e7ca3c13e6edc992555e90daa0c230444223f26834c20
Comment out the entry for the retired key. Enter a number sign (#) at the beginning of the line key-label = retired, where retired is the key label that you want to retire, and at the beginnings of the immediately following key-value and key-hash lines.
You can delete the lines instead of commenting them out. But commenting the lines out lets you recover if you later need to restore archive file copies that were encrypted with the retired key.
In the example, we need to retire Key1. So we comment out the lines key-label = Key1, key-value = 4e6e266...41ba25e3, and key-hash = 1384cec4...9f522186:
root@mds1:~# vi /root/cl800.ksf # keystore file for Oracle HSM cloud library cl800 #key-label = Key1 #key-value = 4e6e2666f053e84ce8f1b67308c77d2d884e2c182bdaf965040c590f41ba25e3 #key-hash = 1384cec4e2e81eb80bed983a484b57dcaeaccea0d98ef8d068f00fb29f522186 key-label = Key2 key-value = 240dd62a6af501fafdd693fd05b0ac5779e7f743ca09d116408c1b5ff53a1c07 key-hash = 073ffe4c4184977939195a68c8ba1c1febb4a28abda0cce121a2b9cf50435297 key-label = Key3 key-value = ee77524fb9ace964c7a31d68bccbec2e4dbe7c63c3197af922bd4c7d72eec75c key-hash = b2c73aae8317d8b43c4e7ca3c13e6edc992555e90daa0c230444223f26834c20
Save the edited keystore file, and close the editor.
root@mds1:~# vi /root/cl800.ksf
# keystore file for Oracle HSM cloud library cl800
#key-label = Key1
#key-value = 4e6e2666f053e84ce8f1b67308c77d2d884e2c182bdaf965040c590f41ba25e3
#key-hash = 1384cec4e2e81eb80bed983a484b57dcaeaccea0d98ef8d068f00fb29f522186
key-label = Key2
key-value = 240dd62a6af501fafdd693fd05b0ac5779e7f743ca09d116408c1b5ff53a1c07
key-hash = 073ffe4c4184977939195a68c8ba1c1febb4a28abda0cce121a2b9cf50435297
key-label = Key3
key-value = ee77524fb9ace964c7a31d68bccbec2e4dbe7c63c3197af922bd4c7d72eec75c
key-hash = b2c73aae8317d8b43c4e7ca3c13e6edc992555e90daa0c230444223f26834c20
:wq
root@mds1:~#
Encrypt the keystore file. Use the command encrypt -a aes -i inputfile -o outputfile, and enter the password for this keystore file when prompted for a Passphrase.
The command parameters have the following functions:
-a aes specifies Advanced Encryption Standard.
-i inputfile specifies the absolute path and file name of the keystore file.
-o outputfile also specifies the absolute path and file name of the keystore file.
In the example, the string P^ssw0rd represents the password:
root@mds1:~# encrypt -a aes -i /root/cl800.ksf -o /root/cl800.ksf Enter passphrase: P^ssw0rd Re-enter passphrase: P^ssw0rd root@mds1:~#
Make sure that the keystore file permissions allow the owner read and write access and deny others. Use the command chmod 0600 keystore_file, where keystore_file is the fully qualified path and file name of the keystore file.
root@mds1:~# chmod 0600 /root/cl800.ksf
root@mds1:~#
Stop here.
The key and its associated key label and key hash have been retired. The cloud library will not use this key to encrypt or decrypt files in the future.