Virtual Host Setup: Task 3. Add New Volume and Extend Existing File Systems

Document created by RSA Information Design and Development on Dec 29, 2016Last modified by RSA Information Design and Development on Aug 28, 2017
Version 2Show Document
  • View in full screen mode
  

After reviewing your initial datastore configuration, you may determine that you need to add a new volume. This topic uses a Virtual Packet/Log Decoder host as an example.

Complete these tasks in the following order.

  1. Add New Disk
  2. Create New Volumes on the New Disk
  3. Create LVM Physical Volume on New Partition
  4. Extend Volume Group with Physical Volume
  5. Expand the File System
  6. Start the Services
  7. Make Sure the Services Are Running
  8. Reconfigure LogDecoder Parameters

Add New Disk

This procedure shows you how to add a new 100GB disk on the same datastore.

Note: The procedure to add a disk on different datastore is similar to the procedure shown here.

  1. Shut down the machine, edit Virtual Machine Properties, click Hardware tab, and click Add.

  2. Select Hard Disk as the device type.

  3. Select Create a new virtual disk.

  4. Choose the size of the new disk and where you want to create it (on the same datastore or a different datastore).

    Caution: Allocate all the space for performance reasons.

  5. Approve the proposed Virtual Device Node.

    Note: The Virtual Device Node can vary, but it is pertinent to /dev/sdX mappings.

  6. Confirm the settings.

  7. Start virtual machine.
  8. SSH to the machine.
  9. Restart the machine and enter the following command.

    dmesg

    The following output is displayed showing the new disk.

    Note: 1.) You receive an unknown partition table error because the new disk has not been initialized. 2.) The sd 2:0:4:0 pertains to the SCSI:0:4 Virtual Device Node that appeared when you added the new device. 3.) The new disk device is sde (or /dev/sde).

  10. Enter the following command string to stop the service.

    root@LogDecoderGM ~] # stop nwlogcollector; stop nwlogdecoder.

    This procedure uses the Log Decoder as an example.

    If you wanted to stop services on a Concentrator, you would enter:

    stop nwconcentrator

    If you wanted to stop services on a Packet Decoder, you would enter:

    stop nwdecoder

Create Volumes on New Disk

  1. SSH to the LogDecoder host.
  2. Create a partition on the new disk and change its type to Linux LVM.

    [root@LogDecoderGM ~]# fdisk /=dev/sde

    The following information and prompt is displayed.

    Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel

    Building a new DOS disklabel with disk identifier 0xae709134.

    Changes will remain in memory only, until you decide to write them.

    After that, of course, the previous content won't be recoverable.

    Warning: invalid flag 0x0000 of partition table 4 will be cirrected by w(rite)

    WARNING: DOS-compatible mode is deprecated. It's strongly recommended to

             switch off the mode (command 'c') and change display units to

             sectors (command 'u').

    Command (m for help):

  3. Type n.

    The following prompt is displayed.

    Command action

    e  extended(m for help):

    p  primary partition (1-4)

  4. Type p.

    The following information is displayed.

    Disk /dev/sde: 107.4 GB, 107374182400 bytes

    255 heads, 63 sectors/track, 13054 cylinders

    Units = cylinders of 16065 * 512 bytes = 8225280 bytes

    Sector size (logical/physical): 512 bytes / 512 bytes

    I/O size (minimum/optimal): 512 bytes / 512 bytes

    Disk identifier: 0xae709134

                                
    Device Boot Start End Blocks Id System

     

    /dev/sde1           1 13054 104856223+           83 Linux  

    The default partition type is Linux (83). You need to change it to Linux LVM (8e).

  5. At the Command m for help: prompt type t.

    The following information and prompt is displayed.

    Selected partition 1

    Hex code (type L to list codes):

  6. Type 8e.

    The following information and prompt is displayed.

    Changed system type of partition 1 to 8e (Linux LVM).

    Command (m for help):

  7. Type p.

    The following information is displayed.

    Disk /dev/sde: 107.4 GB, 107374182400 bytes

    255 heads, 63 sectors/track, 13054 cylinders

    Units = cylinders of 16065 * 512 bytes = 8225280 bytes

    Sector size (logical/physical): 512 bytes / 512 bytes

    I/O size (minimum/optimal): 512 bytes / 512 bytes

    Disk identifier: 0xae709134

                                
    Device Boot Start End Blocks Id System

     

    /dev/sde1           113054 104856223+           83Linux  

    Command (m for help):

  8. At Command (m for help): prompt type w.

    The new partition table is written to the disk and fdisk quits to root shell.

    The partition table has been altered!

    Calling ioctl() to re-read partition table.

    Syncing disks.

    [root@LogDecoderGM ~]#

    The new /dev/sde1 partition is created on the new disk.

  9. Complete one of the following steps to verify that the new partition exists.

    • Type dmesg | tail.

      The following information is displayed.

      lo: Disabled Privacy Extensions
      e1000: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
      e1000: eth1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
      eth0: no IPv6 routers present
      eth1: no IPv6 routers present
      coretemp coretemp.0: partition-name is assumed as 100 C!
      coretemp coretemp.1: partition-name is assumed as 100 C!
      sd 2:0:4:0: [sde] Cache data unavailable
      sd 2:0:4:0: [sde] Assuming drive cache: write through sde: sde1 [root@LogDecoderGM ~]#

    • Type fdisk /dev/sde.

      The following information and prompt is displayed.

      WARNING: DOS-compatible mode is deprecated. Tr's strongly recommended to
      switch off the mode (command 'c') and change display units to
      sectors (command 'u').

      Command (m for help):

    • Type p.

      The following information is displayed.
      Disk /dev/sde: 107.4 GB, 107374182400 bytes
      255 heads, 63 sectors/track, 13054 cylinders
      Units = cylinders of 16065 * 512 bytes = 8225280 bytes
      Sector size (logical/physical): 512 bytes / 512 bytes
      I/O size (minimum/optimal): 512 bytes / 512 bytes
      Disk identifier: 0xae709134

    •                             
      Device Boot Start End Blocks Id System

       

      /dev/sde1           113054 104856223+           83Linux  
  10. Create LVM Physical Volume on New Partition
  11. SSH to the LogDecoder host.
  12. Enter the following command string to create a Logical Volume Manager (LVM) physical volume on the new partition.

    [root@LogDecoderGM ~]# pvcreate /dev/sdel

    The following information is displayed.

    Physical volume "dev/sdel" successfully created

Extend Volume Group with Physical Volume

  1. SSH to the LogDecoder host.
  2. Enter the following command string to create a Logical Volume Manager (LVM) physical volume on the new partition.

    [root@LogDecoderGM ~]# pvs

    The following information is displayed.

                                                           
    PV   VG Fmt Attr PSize PFree  
    /dev/sdb1           VolGroup001vm2 a--           32.00g0  
    /dev/sdc1           VolGroup011vm2 a--           104.00g0  
    /dev/sdd1           VolGroup011vm2 a--           168.00g0  
    /dev/sde1     1vm2 a-- 100.00g

    100.00g

     

    VolGroup01 consists of /dev/sdc1 and /dev/sdd1 physical volumes (PV), and LVM system. Note that the new /dev/sde1 volume has 100GB of free space.

  3. To add the physical volume to VolGroup01.

    1. Enter vgextend VolGroup01 /dev/sde1.

      The following information is displayed.

      Volume group "VolGroup01" successfully extended

    2. Enter pvs.
      The following information is displayed.
      PVVGFmtAttrPSizePFree 
      /dev/sdb1           VolGroup001vm2a--           32.00g0 
      /dev/sdc1           VolGroup011vm2a--           104.00g0 
      /dev/sdd1           VolGroup011vm2a--           168.00g0 
      /dev/sde1VolGroup011vm2a--           100.00g100.00g 

      The volume was added to VolGroup01, but it has not been extended yet (you still have 100GB of free space). There are several Logical Volumes in VolGroup01, in this example involves the PacketDB.

  4. To extend the PacketDB logical volume so that it uses all of the 100GB of free space.
    1. Enter lvs VolGroup01.
      The following information is displayed

    2. LVVGAttrLSizePool
      decoroot           VolGroup01-wi-ao---           20.00g 
      index           VolGroup01

      -wi-ao---

                10.00g 
      logcoll           VolGroup01

      -wi-ao---

      64.00g 
      metadb           VolGroup01-wi-ao---           44.00g 
      packetdbVolGroup01-wi-ao---           104.00g 
      SessiondbVolGroup01-wi-ao---30.00g 
    1. Enter lvextend -L+100G /dev/VolGroup01/packetdb.
      The following information is displayed.
      Extending logical volume packetdb to 204.00 GiB
      Insufficient free space: 25600 extents needed, but only 25599 available

    2. Enter lvextend -L+99G /dev/VolGroup01/packetdb.
      The following information is displayed.
      Extending logical volume packetdb to 203.00 GiB
      Logical volume packetdb successfully resized
    3. Enter lvs VolGroup01.
      The following information is displayed.
    LVVGAttrLSizePool
    decoroot           VolGroup01-wi-ao---           20.00g 
    index           VolGroup01

    -wi-ao---

              10.00g 
    logcoll           VolGroup01

    -wi-ao---

    64.00g 
    metadb           VolGroup01-wi-ao---           44.00g 
    packetdbVolGroup01-wi-ao---           203.00g 
    SessiondbVolGroup01-wi-ao---30.00g 

The packetdb Logical Volume has been expanded to 203GB, but the /var/netwitness/logdecoder/packetdb filesystem still has 104GB.

Expand the File System

  1. SSH to the LogDecoder host.
  2. Enter the following command string to create a Logical Volume Manager (LVM) physical volume on the new partition.
    [root@LogDecoderGM ~]# xfs_growfs /var/netwitness/logdecoder/packetdb
    The following information is displayed.
    meta-data=/dev/mapper/VolGroup01-packetdb isize=256    agcount=4, agsize=6815488 blks
     =sectsz=512attr=2, projid32bit=0 
    data=                     bsize=4096blocks=27261952, imaxpct=25 
     =sunit=0swidth=0 blks 
    naming=version 2bsize=4096ascii-ci=0 
    log=internal          bsize=4096blocks=13311, version=2 
     =sectsz=512sunit=0blks, lazy-count=1 
    lrealtime=noneextsz=4096blocks=0, rtextents=0 

    data blocks changed from 27261952 to 53214208

  3. Enter df -k /var/netwitness/loggdecoder/packetdb.
    The following information is displayed.
    Filesystem         1K-blocks     Used Available Use % Mounted on
    /dev/mapper/VolGroup01-packetdb
     212803588 36416 2127671721%/var/netwitness/logdecoder/packetdb 

Start Services

Enter the following command string to start the services on the LogDecoder host.

[root@LogDecoderGM ~]# start nwlogcollector: start nwlogdecoder

The following information is displayed.

nwlogcollector start/running, process 4069
nwlogdecoder start/running, process 4069

Makes Sure That the Services Are Running

  1. Log on Security Analytics.
  2. Click Administration > Services.
  3. Make sure that the log Collector and Log Decoder services are running.

Reconfigure LogDecoder Parameters

  1. Log on Security Analytics.
  2. Click Administration > Services.
  3. Select the LogDecoder service.
  4. Under actions, select Explore.
  5. Click database > config > packet.dir.

  6. Right-click database, click Properties, select the reconfig command, specify update=1 in Parameters, and click Send.
    The packetdbparameter value changed from 98.74 GB to 192.79 GB.
  7. Right-click index, click Properties, select the reconfig command, specify update=1 in Parameters, and click Send.
  8. Close the Properties dialog to return to the Explore view. The packet.dir parameter value is now 192.79 GB (95% of 203 GB).
You are here
Table of Contents > Install SA Virtual Host in Virtual Environment > Step 3. Configure Datbases to Accomodate Security Analytics > Task 3. Add New Volume and Extend Existing File Systems

Attachments

    Outcomes