================================= MACHINE SPECIFIC NOTES FOR Informix Dynamic Server 7.30.UC5 PRODUCT RELEASE DATE: 27 Aug 1998 ================================= PORT NUMBER: 042949, 042974 IRIS JOB NUMBER: 17340 Informix Dynamic Server Shared Memory Parameters and Kernel Parameters: ============================================================================== The following entries were put in /etc/system while doing the port. set enable_sm_wa = 1 set shmsys:shminfo_shmmax=268435456 set semsys:seminfo_semmap=64 set semsys:seminfo_semmni=4096 set semsys:seminfo_semmns=4096 set semsys:seminfo_semmnu=4096 set semsys:seminfo_semume=64 set semsys:seminfo_semmsl=100 set shmsys:shminfo_shmmin=100 set shmsys:shminfo_shmmni=100 set shmsys:shminfo_shmseg=100 LOCATION OF SHARED MEMORY: ========================= 0x0A000000L Machine Specific Notes: ======================= 1. The following protocol(s)/interface(s) are supported on this platform: TLI using TCP/IP TLI using IPX/SPX IPC using stream pipe IPC using shared memory To use TLI with TCP/IP, NETTYPE in the ONCONFIG file & the nettype field in the sqlhosts file entry must contain "ontlitcp". To use TLI with IPX/SPX, NETTYPE in the ONCONFIG file & the nettype field in the sqlhosts file entry must contain "ontlispx". In addition, the SunSoft product "PC Protocol Services with IPX/SPX for the Solaris 2.x Operating Environment" is required. To use IPC (interprocess communications) with stream pipe, NETTYPE in the ONCONFIG file & the nettype field in the sqlhosts file entry must contain "onipcstr". To use IPC (interprocess communications) with shared memory, NETTYPE in the ONCONFIG file and the nettype field in the sqlhosts file entry must contain "onipcshm". 2. TERMINFO is supported on this port. 3. The Affinity feature that allows the pinning of a CPU VP process to a processor in a multi-cpu configuration is supported on this port. This feature can be activated through the two onconfig parameters of AFF_SPROC and AFF_NPROCS. 4. Solaris 2.5.1 Patch Information: For users' information, the patches from SMCC Solaris 2.5.1 CD "sets" plus the following patches from Sun Service were installed in the machine where the products were built and tested. Patch ID Description ========= ============= 103630-09 SunOS 5.5.1: ip ifconfig arp udp icmp patch 103663-08 SunOS 5.5.1: libresolv, in.named, named-xfer, nslookup & ns 103558-11 SunOS 5.5.1: admintool/launcher fixes + swmtool fixes & y20 103582-15 SunOS 5.5.1: /kernel/drv/tcp and /usr/bin/netstat patch 103594-13 SunOS 5.5.1: /usr/lib/sendmail fixes 103600-18 SunOS 5.5.1: nfs, tlimod and rpcmod patch 103603-05 SunOS 5.5.1: ftp, in.ftpd, in.rexecd and in.rshd patch 103612-33 SunOS 5.5.1: libc, libnsl, libucb, nis_cachemgr and rpc.nis 103640-12 SunOS 5.5.1: kernel patch 103680-01 SunOS 5.5.1: nscd/nscd_nischeck rebuild for BIND 4.9.3 103686-02 SunOS 5.5.1: rpc.nisd_resolv patch 103690-05 SunOS 5.5.1: cron/crontab/at/atq/atrm patch 103696-03 SunOS 5.5.1: /sbin/su and /usr/bin/su patch 103743-01 SunOS 5.5.1: XFN source modifications for BIND 4.9.3 103817-01 SunOS 5.5.1: rdist suffers from buffer overflow 103866-03 SunOS 5.5.1: BCP (binary compatibility) patch 103934-06 SunOS 5.5.1: kernel/drv/isp patch 103959-05 SunOS 5.5.1: lp patch 104010-01 SunOS 5.5.1: VolMgt Patch 104212-09 SunOS 5.5.1: hme driver patch 104246-05 SunOS 5.5.1: fas driver patch 104266-01 SunOS 5.5.1: inetd patch 104317-01 SunOS 5.5.1: nfsd patch 104331-04 SunOS 5.5.1: rpcbind patch 104433-06 SunOS 5.5.1: pam security patch 104334-01 SunOS 5.5.1: lockd patch 104516-03 SunOS 5.5.1: aspppd patch 104613-01 SunOS 5.5.1: /usr/lib/newsyslog patch 104650-02 SunOS 5.5.1: /usr/bin/rlogin patch 104654-03 SunOS 5.5.1: automount/automountd patch 104692-01 SunOS 5.5.1: usr/sbin/in.talkd patch 104708-09 SunOS 5.5.1: ssd, pln, soc, ssaadm and ssafirmware patch 104735-02 SunOS 5.5.1: platform/sun4m/kernel/drv/sx patch 104736-03 SunOS 5.5.1: usr/bin/csh patch 104776-01 SunOS 5.5.1: libvolmgt patch 104795-02 SunOS 5.5.1: eeprom patch104935-01 SunOS 5.5.1: usr/sbin/in.rlogind patch 104956-04 SunOS 5.5.1: usr/sbin/in.rarpd patch 104958-01 SunOS 5.5.1: usr/sbin/in.rdisc patch 104960-01 SunOS 5.5.1: usr/sbin/snoop patch 104968-01 SunOS 5.5.1: chkey and newkey patch 105004-06 SunOS 5.5.1: pci_pci, ebus, pci and rootnex driver patch 105050-01 SunOS 5.5.1: usr/bin/ps and usr/ucb/ps patch 105092-01 SunOS 5.5.1: usr/sbin/sysdef patch 105299-01 SunOS 5.5.1: kernel/misc/nfssrv patch 103566-24 OpenWindows 3.5.1: Xsun patch 103879-04 OpenWindows 3.5.1: KCMS tools have security vulnerability 103900-01 OpenWindows 3.5.1: XView Binary Compatibility Patch 103901-08 OpenWindows 3.5.1: Xview Patch 104338-02 OpenWindows 3.5.1: libXt patch 104533-03 OpenWindows 3.5.1: OLIT Jumbo Patch 104976-03 OpenWindows 3.5.1: Calendar Manager patch 105251-01 OpenWindows 3.5.1: libXt Binary Compatibility Patch 103461-18 Motif 1.2.3 Runtime library patch 104893-01 SunOS 5.5.1: kernel/sys/c2audit patch 5. The OnPerf performance monitoring capability is supported. 6. The DB/Cockpit DBA monitoring tool is available on this platform. 7. Kernel AIO is a standard feature of Solaris 2.5.1, and is supported by this release. 8. The onpload and ipload tools are supported. They require a minimum of 35M of memory and 70M of swap space in order to run. User-defined conversion routines must be provided in a dynamic, shared library called ipldd07a.so. This library must be located in /usr/lib (or must have a link provided in /usr/lib). Onpload will use shared memory during its execution. It will allocate memory beyond the address for the server, leaving room for server shared memory expansion. If ipload can't find the location of the X and Motif shared libraries installed, the environmental variable LD_LIBRARY_PATH may need to be set to include these locations. For Solaris 2.5.1, it should be set to /usr/dt/lib. 9. OnSNMP is supported. For Solaris, OnSNMP is based on SNMP Research's EMANATE product, release 12.3. The distribution includes the following: bin/onsnmp The OnSNMP subagent itself, packaged as a separate process (referred to as a "loosely coupled dynamic" subagent by SNMP Research). bin/onsrvapd The daemon which spawns off a subagent for each server it discovers. snmp/*V1.mib SNMP V1 compliant MIB files defining the instrumentation provided with OnSNMP. snmp/*V2.mib SNMP V2 compliant MIB files defining the instrumentation provided with OnSNMP. bin/snmpdm The SNMP Research's EMANATE master agent. Refer to the documentation notes that accompany the onsnmp product for more details. snmp/snmpr/acl.pty snmp/snmpr/agt.pty snmp/snmpr/context.pty snmp/snmpr/view.pty snmp/snmpr/snmpd.cnf Configuration files that are used by the EMANATE master agent. 10. Configuring the operating system audit subsystem The objective of this section is to specify how to configure the OS audit subsystem to be able to record Informix Dynamic Server/Secure audit records in the OS audit log. The following steps need to be performed in order to use the Informix Dynamic Server/Secure OS auditing feature. 1. A new audit class "ix" must be introduced to the OS audit subsystem as the class for INFORMIX-Online DBMS generated audit events. 2. A new event "AUE_INFORMIX" must be introduced to the audit subsystem. This will be an event type belonging to the "ix" audit class, and will be used by the Informix Dynamic Server/Secure DBMS. 3. The OS audit subsystem must be configured to audit events of the event class designated by "ix". 4. The OS audit subsystem must be operational, and auditing enabled. Starting the audit system ========================= Once you have completed the configuration steps above, enable auditing with the new configuration. See the Operating system documentation on how to accomplish this. The OS auditing must be enabled for all users that might use the Dynamic Server/Secure product, and for the Event type AUE_INFORMIX, of the event class "ix". Please see the man pages for audit, auditreduce, auditconfig and other related commands for details on configuring auditing on the system. The class type "ix" must be introduced by inserting a line defining the class in /etc/security/audit_class. The event type AUE_INFORMIX must be introduced to the OS with class "ix", by inserting a line defining this event in the file /etc/security/audit_event. NOTE: The entry should be added to the section for Non-KERNEL events, and the number must be a valid number > 32767. Please pay careful attention to the format, even of the comments, because they are parsed by the auditreduce and perhaps other audit library functions at runtime. SETTING UP THE SYSTEM AUDIT MASK ================================ To receive Informix Dynamic Server/Secure audit data, the operating system audit subsystem must be configured to accept events of the type AUE_INFORMIX, and of class "ix" Line extracted from /etc/security/audit_class =================================================== 0x00008000:ix:Informix Dynamic Server Class Line extracted from /etc/security/audit_event =================================================== 32768:AUE_INFORMIX:Informix Dynamic Server Event:ix *** Note *** if auditing is disabled at OS level, no error will be generated by Informix Dynamic Server/Secure audit subsystem, as the system call au_write() does not return any error when auditing is disabled. Lines extracted from /etc/security/audit_control =================================================== dir:/var/audit flags:ix Important files in configuring OS audit subsystem. ================================================= /etc/security/audit_control /etc/security/audit_event /etc/security/audit_class HOW TO DO IT ============ To select which Informix Dynamic Server/Secure events are to be audited, specify audit masks using the "onaudit" utility. Refer to the Informix Dynamic Server/Secure Trusted Facility Manual (TFM) for further details. To extract audit records from operating system audit trail use "onshowaudit -O" to extract Informix Dynamic Server/Secure records. Refer to the Informix Dynamic Server/Secure TFM for further details. 11. The no aging feature that disables priority aging of CPU virtual processors by the operating system is supported on this port. This feature can be activated through the onconfig parameter NOAGE. 12. The point-in-time (PIT) feature of ON-Bar is affected by a problem in Solaris. In the Solaris, the daylight saving time (DST) is not implemented properly. Sun has been contacted to resolve the problem. The workarounds are noted below. 1. Use adjusted time on the command line. For example to restore on September 25 at 14:00 DST in the US/Pacific timezone, use the command: onbar -r -t "1996-09-25 13:00:00" 2. Set the time zone (TZ) environment variable for both the ON-Bar and the machine where the server runs accordingly. For example, for US/Pacifice time zone, TZ must be set to PST8 rather than PST8DST7. This precludes the introduction of Daylight Savings Time, thus avoiding the Solaris bug. 13. Some of the functions called by ON-Bar are in a shared library supplied by third party storgae management vendors. For ON-Bar to access the functions, the library has to be installed in one of the three ways noted below. 1. Rename the library to /usr/lib/ibsad001.so. 2. Create /usr/lib/ibsad001.so as a symbolic link to the library. 3. Set the BAR_BSALIB_PATH paramter in $INFORMIXDIR/etc/$ONCONFIG to the full pathname of the library. 14. The following problem with auditing in Solaris 2.4 has been reported to Sun Service. The Sun patch # 102218-3 fixes this problem. For customers who do not want to immediately install the patch, several workarounds are also noted below. Sun Service Order/ Problem # Description ================= ====================================================== 1956255 The Solaris audit utility "praudit", when executed with no options or the options "-l" or "-s", produces a segmentation violation when the OS audit system has been configured with user-defined audit events such as "AUE_INFORMIX". However, "onshowaudit" can be used to extract Informix audit records from the OS audit trail, even without installing the patch. One workaround that can be used to read other kinds of events from the OS audit trail is to remove the audit class "ix" from the file /etc/security/audit_class and the audit event "AUE_INFORMIX" from the file /etc/security/audit_event, and then reconfigure the OS audit system with audit_startup. "praudit" can then be used to read the audit trail. However, the Informix Dynamic Server/Secure DBMS cannot be used to generate audit records to the OS audit trail when OS auditing is configured this way. A similar problem occurs with the Solaris audit utility "auditreduce". When executed with the "-c" option, it only issues a warning. In summary, if the patch is installed, the problem is completely fixed, and both INFORMIX audit utilities, and SUN audit utilities are usable. If the patch is not installed and the OS audit subsystem is configured with the INFORMIX audit class and event type, then OS audit utilities, as described above, cannot be used to read the OS audit trail. However, the the INFORMIX utility onshowaudit can still be used to read the INFORMIX audit records from the OS audit trail. 15. The following problems have been reported to Sun Service. However, resolutions or patches are not available as of the date of this Informix product release. Sun Service Order/ Problem # Description ================= ====================================================== 3281992 PC Protocol Services 1.1 with IPX/SPX for the Solaris 2.5.1 Operating Environment handles limited concurrent connection requests. Informix Bug #89042 Symptom: Informix database servers using nettype tlispx fail to handle concurrent user connections in burst mode. The online log may have "-25573: oserr = 7: errstr = : Network driver cannot accept a connection on the port. System error = 7" message. Clients will then fail with "-908 Attempt to connect to remote system failed." message. Workaround: Currently there is no workaround and it results in TLISPX listener hang in getmsg() system call. 16. Set value of kernel parameter SEMMSL to at least 100. The maximum number of semaphores per set is typically given by the SEMMSL operating system configuration parameter. Look into section on "Configuring Semaphore Parameters" in Informix Dynamic Server Migration guide for details. 17. Set value of kernel parameter SEMMNU to at least the maximum number of open ipcshm connection, plus the number of semaphore undo structures required by other processes in the system. (eg. in /etc/system file: set semsys:seminfo_semmnu=4096) 18. Maximum size of a shared memory segment allocated by Online Dynamic Server is 2 GB on Solaris 2.4. This may be limited by actual memory available and/or kernel configuration. Maximum size of a shared memory segment allocated by Online Dynamic Server is 3.75 GB on Solaris 2.5.1. This may be limited by actual memory available and/or kernel configuration. 19. ISM Compatibility Guide November 1997 Solaris Hardware Compatibility Tape Devices Type/Model Capacity (GB) Firmware QIC (1/4") ---------- Seagate Tape: Anaconda 1.3 rev. 3.0 ST1350 1.3 rev. 3.0 Tallgrass FS2000 1.2 FS4100 2.0 S3000 1.3 Tandberg: 4220 2.0 MLR-1 13 4mm ADIC: DAT 2000a 2 rev. 6.09 DAT 8000a 4-8 rev. 7.09 DAT8008 4-8 DAT8024 12-24 Andataco: ENC-4200S 2-4 rev. T503 ENC-4400S 4-8 rev. 9401 Box Hill: DTH4 4-8 Compaq: 2/8 GB DAT 2-4 rev. 1211 4/16 GB DAT 4-8 rev. 4ao, 0316 DEC StorageWorks: 4mm DAT Drive 2-4 rev. 4BE0 TLZ07 4-8 rev. 491A, 553A Exabyte: 4200 2 rev. 148 4200c 2-4 rev. 132 Hewlett-Packard: 35470A (JetStore 2000) 2 rev. 6.09 35480A (JetStore 5000) 2-4 rev. 7.09 C1520A/E, C1525A, C2224B/C 2 rev. 6.09 C1521A/E, C1526A, C2225A/B 2-4 rev. 7.09 C1528A, C1529A(SureStore DAT8i 8e) 4-8 rev. 9401 C1533A (SureStore 6000) 4-8 rev. 9401 C1520G/H, C1525G/H, C1534 2 rev. T503 (SureStore 2000,2000i,2000e) C1521, C1526G/H, C1536 2-4 rev. T503 (SureStore 5000, 5000i, 5000e ) C1537A 12-24 C1538 2-4 C1539 4-8 Seagate Tape: Python 43x0 2 rev. 2.26, 2.50 n n Python 43x2 2-4 rev. 3.58, 3.59-1 n n Python 43x4 2-4 rev. 3.58 n n Python 43x6 4-8 rev. 4.98 n CTD-4000 2-4 CTD-8000 4-8 Scorpion 2 (STD22000N, STD62000N) 2 Scorpion 4 (STD24000N, STD64000N ) 2-4 Scorpion 8 (STD28000N, STD68000N) 4-8 Sony: SDT2000, SDT4000 2-4 SDT5000 4-8 rev. 3.26 SDT5200 4 rev. 3.02 SDT7000 4-8 rev. 0148 SDT9000 12-24 Storage Dimensions: DDS-2 Tape Backup 4-8 rev. 9401 Sun: 5.0GB 5 rev. 4ASB 4-8 GB 4mm DDS-2 4 - 8 12-24 GB 4mm DDS-3 12 - 24 WangDAT: 3100 2 rev. 1.1 3200 2-4 rev. 1.1 3400DX 4-8 rev. 1.10 Tape Devices Type/Model Capacity (GB) Firmware 8mm ---------------- Andataco: ENC-8505XLS 7-14 rev. 06S1 Box Hill: CT5 5-10 CT7 7-14 DEC StorageWorks: EXB8505 5 Exabyte: 8200 2 rev. 2.52 8500 5 rev. 0415, 047Z 8500c 5-10 8505 5 rev. 05B0, 06M0 8505XL 7-14 rev. 06S1 8900 Mammoth 20-40 rev. 21C Hitachi: MT8M1 30-60 ? IBM: 8mm 8505 5 rev. 6S0A 8900 Mammoth 20-40 Sony AIT SDX-300, SDX-300C 25-50 rev. 0300 Storage Dimensions: 8mm Tape Backup 5 rev. 06M0 Sun: 2.3GB 2.3 rev. 2.63 5.0GB 5 rev. 0458 10.0GB 5-10 rev. 06M0 Tape Devices Type/Model Capacity (GB) Firmware 3480/3490 ---------------- IBM: 3480 .2 3490E .8-1.6 Philips/LMS: TD3610 .8-1.6 StorageTek: 4480 .8-1.6 rev i4.23 4890 Twinpeaks .8-1.6 9490 Timberline .8-1.6 Sun: 1/2" Tape rev. 6.77 n Tape Devices Type/Model Capacity (GB) Firmware 35x0 Magstar ---------------- IBM: 3570 Magstar 5-10 rev. 3245 Tape Devices Type/Model Capacity (GB) Firmware DLT ---------------- ADIC: DS9200 10-20 rev. 9105, 9410 DS9300D 15-30 rev. 8203 DS9400D 20-40 rev. C504 DS9000 35-70 Andataco: ENC-6001-30S 15-30 rev. 8203 ENC-6001-40S 20-40 rev. C504 Box Hill: DLT3 15-30 DLT4 20-40 Compaq: 10/20 GB DLT Tape Drive 10-20 rev. 9410 15/30 GB DLT Tape Drive 15-30 rev. 8203, A001 Conner (Cipher): MS20DLT T860DLT .86 rev. 10 DEC StorageWorks: TZ87N 10-20 rev. 9514 TZ88 20-40 rev. CA19 TZ89 35-70 Hewlett-Packard: 30e 15-30 rev. 8203 40e 20-40 rev. C504, CC37 Quantum: DLT2000 10-20 rev. 9105, 9410 DLT2000XT 15-30 rev. 8203 DLT4000 20-40 rev. C504, CC37 DLT7000 35-70 Storage Dimensions: DLT4000 20-40 rev. CA19 Optical Drives Type/Model Capacity (GB) Firmware Optical ---------- Hewlett-Packard: Corsair I (C1716C) .6 Corsair II (C1716T)* 1.3* Corsair III* 2.6* IBM: Multifunction (M-O Mode Only) 1.3* Maxoptics: T4* 2.6* rev. B000 Sony: SMO-541* 2.6* rev. 1.09 *Without a third party optical disk driver on Solaris, only 512 byte sector size is supported (Requires 3rd party Optical Driver (Opdisk) for use on 1.3 or 2.6 GB media [1024 bytes/sector] on Solaris). AIX does not support 1024 bytes/sector media, the capacities for AIX are 1.2 GB and 2.4 GB (512bytes/sector).