This release note and the software that accompanies it are (c)Copyright 2014-2015 Avago Technologies or its suppliers, and may only be installed and used in accordance with the license that accompanies the software. All rights reserved. This Software is furnished under license and may only be used or copied in accordance with the terms of that license. No license, express or implied, by estoppel or otherwise, to any intellectual property rights is granted by this document. The Software is subject to change without notice, and should not be construed as a commitment by Avago Technologies or its suppliers to market, license, sell or support any product or technology. Unless otherwise provided for in the license under which this Software is provided, the Software is provided AS IS, with no warranties of any kind, express or implied. Except as expressly permitted by the Software license, None of its suppliers assumes any responsibility or liability for any errors or inaccuracies that may appear herein. Except as expressly permitted by the Software license, no part of the Software may be reproduced, stored in a retrieval system, transmitted in any form, or distributed by any means without the express written consent of Avago Technologies. ===================== Supported Controllers ===================== SAS 3516 Ventura based MegaRAID and iMR, SAS 3108 (Invader) based MegaRAID and iMR, SAS 3008 (Fury) based HBAs, Wellsburg & Lewisburg SATA chipset based Software RAID =================== Package Information =================== LSA version = 004.057.000.000 OS supported = RHEL 6.7/6.8/7.1/7.2/7.3, SLES 11 SP3/SP4, SLES 12/SP1/SP2, ESXi 6.5, ESXi 6.0 U1, U2, ESXi5.5 U3 . Browsers = IE9 or later, Firefox9 or later and Chrome16 or later This package can be installed on x64 systems. ========================= Pre-Requisites ========================= 1. Prior to the installation of LSA, we need to install OpenSLPv2.0.0 which is a Pre-Requisite. So please install it from the below location and install LSA http://openslp.org/download.html If OpenSLP is not installed, internally packaged OpenSLP binaries shall be installed in alternate location during LSA installation. User also has an option to continue with the LSA installation after proceeding with the installation of OpenSLP from the OS installation sources. 2. For VMware ESXi 5.x, and 6.x to work with LSA, depending on your VMware ESXi environment, ensure latest SMI-S Provider is being installed from 7.4 releases. To deploy the MegaRAID SMI-S provider on an ESXi machine by using the VIB file provided by Broadcom, copy the VIB file or the offline-bundle.zip file to the ESXi machine. Use the esxcli file to load the MegaRAID SMI-S provider, and run the following command: ESXi# esxcli software vib install -v --force NOTE : A reboot is required after installing the SMI-S provider on VMware ESXi environment. 3. Steps to configure the ESXi server a) Ensure that the third-party application services like "slpd and sfcbd-watchdog services are up and running on ESXi server".(/etc/init.d/slpd status & /etc/init.d/sfcbd-watchdog status). b) Ensure that firewall has been disabled on ESXi server. (Check Firewall status : "esxcli network firewall get" To Disable Firewall : "esxcli network firewall unload"). c) sfcb time-out socket error in CIMOM server results in AEN blocked by sfcb-cimom and may lead to duplicate entries in client with incorrect event description. To get rid of this, user is required to restart sfcb service in VMware ESXi. Command to restart : /etc/init.d/sfcbd-watchdog stop. /etc/init.d/sfcbd-watchdog start. The same has been raised against VMware. Refer to the link further details[https://www.vmdev.net/tracker/tracking/linkid/prpl1235/remcurreport/true/template/ViewIssue.vm?id=LSDM89&readonly=true] d) Multi-subnet Configuration : When gateway is part of multiple subnet and discovered Vmware is part of one of these subnets then it is the responsibility of the user to configure both LSA Gateway and VMware under same subnet (or) workaround this with adding irrelevant subnet IP address to LSA configuration file (conf\LSA.conf -> private_ip_range=*) to avoid registering the wrong IP to VMWare. e) CURL error in CIMOM server results in AEN blocked by CIMOM server to upper layer(CIMProvider-->LSA). This can happen if servers are in different subnet or if there is any incorrect/incomplete AEN subscriptions. To get rid of this, user is required to have both client and server in same subnet. Any incomplete AEN subscriptions needs to be removed via CIMClient (host-ind, part of ESXi installation) Steps to delete the incomplete subscriptions: 1) To view the existing subscriptions: host-ind -s 2) To delete : - Copy handler name from subscription list, example : handler: - To remove Subscription : 'host-ind -d -k "" Example : host-ind -d -k dhcp-x.y.z.k.dhcp.company.net_LSA_127.0.0.1 Either restart of sfcb service or reboot the server is recommended after any change in VMware server. f) To Manage VMware ESXi from RHEL 7.x user has to execute below commands before installation of LSA 1) service ebtables restart 2) service iptables stop Note: Refer User guide for more information on "How to configure firewall", if user does not wanted to disable the firewall. 4. Only Light Weight Monitor Installation: LSA supports SMTP authorization using Auth Login. In this case user should configure LightWeightMonitor with SMTP credentials in config-current.json file and encoded in base64. 5. Soft links in Linux 64 bit: For RHEL/SLES on 64 bit platform(s), it is necessary to create the below soft links if openslp is not installed in "/usr/lib64/" or "/user/lib/" directory, before installing LSIStorageAuthority (LSA) 64 bit package. "ln -sf /usr/local/lib/libslp.so.1.0.0 /opt/lsi/LSIStorageAuthority/bin/libslp.so.1" or "ln -sf /usr/local/lib64/libslp.so.1.0.0 /opt/lsi/LSIStorageAuthority/bin/libslp.so.1" This is not necessary if internally packaged OpenSLP binaries is installed in alternate location during LSA installation. ========================= Known Restrictions/Issues ========================= 1. LSA is limited to display the history of persistent events only for IR/IT Controller. 2. Clear Configuration/Any operation- User(s) may see a time-out error(404) with large configuration. This is due to an issue in underlying layer, and CLI can be used to overcome this. 3. Remote Discovery/Managed Server Page- a. VMWare health status will be displayed as "UNKNOWN". b. Health status is displayed with stale information. 4.In any case if the VMWare server/machine goes down, user(s) needs to stop/start the LSAService of Gateway from where the VMWare server needs/was discovered. 5.Localization-Events are always shown in "English". 6. It is possible to get a time-out from server. This time-out error is generated at the back-end if resource providing the content takes more time. eg: Fw flash may exceed the default timeout in server. To fix it, user will have to change the nginx fastcgi_read_timeout variable in server/conf/nginx.conf to "300"seconds. 7.Gateway server and the accessing server (other gateway,standalone,direct agent) should have LSA2.4 build. 8.Due to issues with VMware ESXi5.5/ESXi6.0//ESXi6.5 user cannot flash IT/IR firmware via LSA. Below case has been raised in VMware: Project: priv-lsi-dme_TR Case Number: 00035498 Summary: On ESXi6.0 OS,Failed to read header on stream error https://dcpn.force.com/apex/TechnicalRequestCaseRedesignPartner?Id=500i000000VYjxaAAD Below the workaround suggested by VMware for IT/IR firmware flash to work: a) Edit /etc/sfcb/sfcb.cfg b) Add httpMaxContentLength: 4194304 c) Restart service /etc/init.d/sfcbd-watchdog restart d) Now try to flash Firmware 9.With recent VMWare releases when the User is trying to update/flash the MegaRAID firmware through LSA, it might fail. The reason being as below 1. In-case of VMWare LSA will interact with SMI-S Provider for any of the operations. 2. Due to the recent changes in the VMWare Kernel API, underlying layers in VMWare has some issue. 3. This has been resolved in MR7.2 Native Driver code as part of PR:SCGCQ01113165 10.IR/IT Firmware Downgrade is not supported from One Phase to Another Phase due to the limitation in underlying layers. Downgrade is possible within same Phase of firmware. 11.When only IPv6 NIC is enabled (No IPv4), OpenSLP registration is failing for LSA with error code "-23" due to a bug in OpenSLP. Due to which LSA is not able to display the IPv6 address, instead of it will be showing the loop-back address (127.0.0.1). So please ensure we have at-least one IPv4 NIC is active so avoid the confusion related to the IP Address. 12.Data is not updated in LSA as soon as secured Foreign drives are unlocked, as FW is not giving the event to Cache module of LSA. Work Around:Stop and Start the LSA services. 13.Recommendation is to clear the browser history every time user upgrades/downgrades or installs the software. 14.LSA does not allow to select PD from non-spanned VD and from Spanned VD 15.Whenever auto rebuild is enabled multi click PD actions are not updated properly(intermittent) , user has to refresh the page manually. 16.VMware Platform only - when there is any continuous issue of slowness or sfcb not responding please try the below steps from VMware as a workaround To increase the memory limit for the HHRC: ..* Edit /etc/sfcb/sfcb.cfg ..* Into the file insert: provMemOveride: hhrc=100 ..* Reboot the system. ..* Verify that the change has been made properly: memstats -r group-stats -u mb -s name:min:max:memsize:memsizepeak | grep -E "hhrc|memSizePeak|--" 17. If user "Add the Virtual Drive(s)" from existing free space on drive group or "Delete virtual drive(s)" from existing drive group then LSA refresh the complete controller page to update configuration information. Due to page refresh mouse reference on page getting removed. So, page may not get scroll up/down if user scroll the page using mouse wheel. User has to click once anywhere on the page then only the page scroll works. Alternatively User can also use the scrollbar. 18. On fresh installation, LSA can process only the latest 30 events and perform the corresponding alert delivery methods. 19. On some SLES setups, due to delay in DHCP IP assignment, SLP service cannot be started due to which LSA discovery shall fail on remote machines. Users may have to restart LSA services on remote system using command '/etc/init.d/LsiSASH restart' to overcome this issue. For SLES 12, there is a known issue (refer https://bugzilla.suse.com/show_bug.cgi?id=951225 for more details). 20. VMWare Platform only - Sever may take few minute(s) to populate cache during first login. User will see delay in login response. 21. Default browser on CentOS/RHEL 7.4 crashes when upgrade/downgrade firmware using LSA To work around you can disable or configure selinux.Refer the link to disable selinux on rhel. "https://access.redhat.com/solutions/3176" 22.Launch Page is hidden by default. To view the launch page change the value of field "Check Flag" to 0 in the file "LaunchPageCheck" at location "C:\Program Files (x86)\LSI\LSIStorageAuthority\server\html\files". ======================= Contents of the package ======================= LSA_Linux.zip x86 -- Contains files for 32bit platforms x64 -- Contains files for 64bit platforms ========================= Installation Instructions ========================= See Detailed installation instructions below: 1.Log in to the system as root or as a user with root privileges. Depending on the operating system and security settings, it may be necessary to install LSA using root rights. This may require that, log in as root and run the installer, or open a command prompt as root and run the installer via the command line, 2.LSA supports both interactive and non-interactive modes of installation. a. Interactive mode installation steps: 1. Execute the command "./install.csh" from the installation disk. 2. License Agreement : enter y to continue, n to exit. 3. Type of installation: 1- for Gateway 2- for StandAlone 3- for DirectAgent 4- for Light Weight Monitor(LWM). 4. Enter Nginx Server port [1-65535] default port is 2463 5. Enter LSA port [1-65535] default port is 9000 b.Non-interactive or silent mode installation steps: 1. Execute command "./install.csh [-options] [nginx_port] [LSA_port]" from the installation disk. 2. The options are: -g for Gateway -s for StandAlone -d for DirectAgent -l for Light Weight Monitor(LWM) 3. nginx_port and LSA_port must be in range [1-65535] and must be different. if nginx_port and LSA_port is not specified in the command line the default values (Nginx default port 2463 and LSA default port 9000) will be used. c. Interactive upgrade instructions: 1. Execute the command "./install.csh" from the installation disk. 2. License Agreement : enter y to continue, n to exit. 3. Type of installation: 1- for Gateway 2- for StandAlone 3- for DirectAgent 4- for Light Weight Monitor(LWM). 4. Enter Nginx Server port [1-65535] default port is 2463 5. Enter LSA port [1-65535] default port is 9000 d. Silent upgrade instructions: 1. Execute "./install.csh [-option] [nginx_port] [LSA_port]" 2. The options are: -g for Gateway -s for StandAlone -d for DirectAgent -l for Light Weight Monitor(LWM) 3. nginx_port and LSA_port must be in range [1-65535] and must be different. if nginx_port and LSA_port is not specified in the command line the default values (Nginx default port 2463 and LSA default port 9000) will be used. 3. The installer provides the user with four types of set-up options. 1. Gateway - This will install all the features. 2. StandAlone - This will install components required for Local Server Management. 3. DirectAgent - This will install components required for Remote Server Management 4. Light Weight Monitor - This will install Light Weight Monitor program features. Refer "How to configure LightWeightMonitor Agent" for more details 4. When LWM is Installed, user cannot perform installation of LSA. Needs to do complete un-installation of LWM and then Install LSA. When LSA is Installed, user cannot perform installation of LWM. Needs to do complete un-installation of LSA and then Install LWM. 5. Extract the contents of the zip file and install the appropriate package on 32bit and 64bit operating systems. LSA_Linux.zip x86 -- Contains files for 32bit platforms x64 -- Contains files for 64bit platforms ============================== Upgrade/Downgrade Instructions ============================== 1. Downgrade is not supported. 2. User can upgrade to the same mode of installation to which he performed with earlier build. 3. During the upgrade user can move from one mode of installation to another mode of installation. 4. When LWM is Installed, user cannot perform upgrade from LWM to LSA. Needs to do complete un-installation of LWM and then Install LSA Note: If user has placed/copied any file(s) manually in the directory, those files needs to be manually removed before the un-installation. If the file(s) has not been removed, LSA Upgrade will not be clean. ================================ LDAP Authentication Instructions ================================ See Detailed LDAP Authentication instructions below: For LDAP authentication LSA Server has to know some information about the LDAP server settings. The following parameters need to be known by the LSA back-end apart from user name and password for LDAP authentication. The following parameters need to be configured in the LSA parameter file "LSA.conf" placed under directory. a.ldap_server (LDAP server host-name or IP): This is not an optional parameter. This parameter value is the one used to connect to the specific LDAP Server for the user authentication. User can provide either the IP Address (or) the Host-name of the LDAP Server based on the configuration. Validation Condition: i. More than one value will not be accepted. ii.NULL (or) Empty value will not be accepted. b.ldap_protocol_version (LDAP protocol version (default v3)): This is an Optional parameter. This parameter value is the one used to define the protocol needs to be used to create LDAP session. c.ldap_binding (LDAP authentication mode. Options are BASIC or SECURE): Default is "BASIC". When an LDAP session is created, that is, when an LDAP client connects to the server, the authentication state of the session is set to anonymous. The BIND operation establishes the authentication state for a session. BASIC: The simplest form of client authentication is to bind to the server using a cleartext password. SECURE: A more secure method is to use one of the SASL authentication mechanisms, such as DIGEST-MD5[4]. This is based on a secret known to both the client and the server, allowing for a simple challenge-response scheme. SASL is also capable of negotiating data encryption to protect subsequent operations d.ldap_port_number (LDAP server port - optional). This is an Optional parameter. Port number of the LDAP server. If no port is specified, the standard LDAP port (389) is used for BASIC and for Secure Port number "636" is used based on the Authentication mode. e.dn_details (DN name apart from username.): This is mandatory parameter."dn" is the distinguished name of the entry; it is neither an attribute nor a part of the entry. User needs to configure the DN details in LSA.conf in the following format. dn_details = {"DN":[{"key":"dc","values":["com"]},{"key":"dc","values":["ldapdomain"]},{"key":"ou","values":["DEV","TEST"]},{"key":"uid","values":["username","TEST"]}]} f.ldap_user_name (DN attribute referring the user's full name): This is an Optional parameter. This parameter value will be used to display the LDAP Logged-in user's full name. At present we may not be using this parameter. g.readOnly (DN attributes referring user access restriction. 1=READ-ONLY, 0=FULL-ACCESS): This is an Optional parameter. Default will be "readOnly". This parameter value will be used to determine the LDAP user access privileges. h. Once the LSA conf file is updated the Nginx and LSA service need to be restarted for the new LSA conf changes to take affect =========================== Un-installation Instructions =========================== The product can be uninstalled using the script uninstaller.sh. run the script /opt/lsi/LSIStorageAuhority/uninstaller.sh to un-install LSA. user may also un-install LSA suing the rpm commands. Run the command "rpm -e " to uninstall the RPM's from the target system. Example: rpm -e LSIStorageAuhority-1.00x.xxx-xxx ============================ LSA & Nginx Service Status: 1: To Start LSA and Nginx, run "/etc/init.d/LsiSASH start". 2: To Stop LSA and Nginx, run "/etc/init.d/LsiSASH stop". 3: To ReStart LSA and Nginx run "/etc/init.d/LsiSASH restart". 4: To check status of LSA and Nginx, run "/etc/init.d/LsiSASH status". =========================== ========================================= How to configure LightWeightMonitor Agent ========================================= Except config-current.JSON none of the file shouldn't be edit by user from LightWeightMonitor package. The configuration for LightWeightMonitor can be done on config-current.JSON, which is packaged with write permission. Basic understanding about config file: -------------------------------------- 1. Different alert actions: i) email ii) systemlog 2. Different severity level i) INFO - Informational message where no user action is necessary ii) WARNING - when a component is close to failure point iii) CRITICAL - when a component fails iv) FATAL - when a component fails and data loss occurs 3. Global rule (default alert actions for different severity of an event1) i) INFO event - systemlog ii) WARNING - systemlog iii) CRITICAL - systemlog iv) FATAL - systemlog and email 4. global (apply global rule for that particular severity event) Start Configuration: -------------------- 1. After installing the LightWeightMonitor in Linux platform, this will be installed in below mentioned path. cd /opt/lsi/LSIStorageAuthority/ 2. Go to the path to monitor under /opt/lsi/LSIStorageAuthority/conf cd /opt/lsi/LSIStorageAuthority/conf/monitor 3.Make the required changes in below file under monitor vi config-current.JSON (or) gedit config-current.JSON 4. Changes to be made in "config-current.JSON" file: I) E-mail Configuration: default: "email": { "isActive": true, "type": "EMAIL", "sender": "lsa-monitor@server.com", "server": "127.0.0.1", "to": [ "root@localhost" ], "authentication": { "type": "NONE" } } updated: "email": { "isActive": true, "type": "EMAIL", "sender": "lsa-monitor@server.com", "server": "135.24.227.243", "to": [ "root@localhost" ], "authentication": { "type": "NONE" } } II) Change alert actions for specific Severity default: { "warning": [ "systemmessage" ] }, example change to: { "warning": [ "systemmessage", "email" ] }, III) Change alert actions for specific Event default: "events": [] example change to: "events": [ { "typeId": 4, "severity": "INFO", "actions": [ "email" ] } ] IV) Change severity for specific Event default: "events": [] example change to: "events": [ { "typeId": 4, "severity": "CRITICAL", "actions": [ "global" ] } ] V) Auth Login Support default: "email": { "isActive": true, "type": "EMAIL", "sender": "lsa-monitor@server.com", "server": "127.0.0.1", "to": [ "root@localhost" ], "authentication": { "type": "NONE" } } example change to: "email": { "isActive": true, "type": "EMAIL", "sender": "lsa-monitor@server.com", "server": "127.0.0.1", "to": [ "root@localhost" ], // if your SMTP server supports authlogin authorization protocol then add authentication information "username": "lsi", // where lsi is SMTP server's Username "password": "xxxx", // where xxxx is Base64 converted, SMTP configuration's password "authentication": { "type": "AUTH-LOGIN" } } 5.Restart the LightWeightMonitor services to get changes effect. /etc/init.d/LsiSASH restart