Managing the Device Database

Integrity VM cannot detect all potential backing store conflicts, and does not always prevent misconfigured guests from booting. Conflicts can arise from the following:

Specifying the same backing store for more than one virtual device.
If you add disk:scsi::disk:/dev/rdisk/disk2 for guest A, do not add the same device to another guest or to the list of VM Host restricted devices.
Specifying multiple backing store parameters that lead to the same physical storage.
If the VM Host has multiple paths to a storage device, like /dev/rdisk/disk0 and /dev/rdisk/disk4, only one path should be specified for a disk:scsi or dvd:scsi in guest A. The other path should not be used as a backing store by guest A or by any other guest or the VM Host.
Overlapping physical storage allocated for different backing store types.
If a guest uses a logical volume (for example, rlvol1) as a backing store device, the disks used by the volume group on which the logical volume is made (for example, /dev/vg01) cannot be used as backing stores.

You can use the ioscan and sam commands to detect these conflicts. If you force guests configured with these conflicts to start, data corruption might occur.

The Device Database File

Integrity VM device management stored Integrity VM device mapping information in the device database file (/var/opt/hpvm/common/hpvm_mgmtdb). This file is divided into three sections:

The header, which states that the file cannot be hand edited.
The restricted device section, which contains a list of host devices that guests are not allowed to access.
The guest devices section, which contains devices, both storage and network, that guests are configured to use.

Do not edit the hpvm_mgmtdb file directly unless you are specifically advised to do so. Always use a supported Integrity VM commands (such as hpvmmodify or hpvmdevmgmt) to modify virtual devices.

Using the hpvmdevmgmt Command

To list and modify the devices used by the VM Host and the virtual machines, use the hpvmdevmgmt command.

Table 9-6 describes the options to the hpvmdevmgmt command.

Table 9-6 Options to the hpvmdevmgmt Command

Option Description

-l {server|rdev|gdev}:entry_name:attr:attr_name=attr_value

Lists an entry. To list all entries, enter the following command:

# hpvmdevmgmt -l all

-v Displays the version number of the hpvmdevmgmt output format. The version number is followed by the display specified by other options.

-V Increases the amount of information displayed (verbose mode).

-S size filename Creates a file for use as a virtual device. The size argument must end in either M for megabyte or G for gigabyte.

-I Creates passthrough device files (for example, /dev/rscsi). Passthrough devices are used by attached devices, such as tape devices, media changers, and CD/DVD burners.

-m {server|rdev|gdev}:entry_name[:attr:attr_name=attr_value] Modifies an existing attribute or adds the attribute if it does not already exist.

-a {server|rdev|gdev}:entry_name[:attr:attr_name=attr_value] Adds an entry.

-d {server|rdev|gdev}:entry_name[:param:arg] Deletes an entry.

-n gdev:oldentry_name:newentry_name0[,newentry_name1] Replaces a device.

For example, to to display a list of the restricted devices, enter the following command:

# hpvmdevmgmt -l rdev
/dev/rdisk/disk4:CONFIG=rdev,EXIST=YES,DEVTYPE=DISK,
SHARE=NO::6005-08b4-0001-15d0-0001-2000-003a-0000

To make a device shareable among guests, enter the following command:

# hpvmdevmgmt -m gdev:/data/file.iso:attr:SHARE=YES

Sharing Devices

With Integrity VM, you can allow devices to be specified as either shared or not shared. By default, vswitches are configured to be shared. Storage devices are configured to not be shared. As administrator, you can configure a storage device to be shared by multiple guests.

The SHARE attribute is checked only when booting a guest. If one guest is running with a nonshared device and another guest attempts to boot using that same device, the latter guest is blocked. If multiple guests need to share devices, then the SHARE attribute for those devices must be changed to SHARE=YES using the modify option (-m) with the hpvmdevmgmt command.

For example, to make the HP-UX iso.* images shareable so that two virtual machines (compass1 and compass2) can use them to install at the same time, enter the following commands:

# hpvmdevmgmt -m gdev:/var/opt/hpvm/ISO-images/hpux/:attr:SHARE=YES
# hpvmmodify -P compass1 -a dvd:scsi::null:/var/opt/hpvm/ISO-images/hpux/
# hpvmmodify -P compass2 -a dvd:scsi::null:/var/opt/hpvm/ISO-images/hpux/

Only read-only devices can be shared among guests. Virtual DVDs and virtual network devices can be shared. DVDs are not shareable unless you specify otherwise. Sharing of virtual devices or hardware backing stores must be carefully planned in order to prevent data corruption.

To restrict the vswitch named myswitch so that it is no longer shareable, enter the following command:

# hpvmdevmgmt -m gdev:myswitch:attr:SHARE=NO

This command restricts the vswitch called myswitch to use by one guest only.

Replacing Devices

If a backing storage device malfunctions, replace it by using the hpvmdevmgmt -n option. The -n option works for only guest devices. It replaces the existing device entry with the new device entry while keeping all the current guest dependents. Thus, each guest dependent is modified to replace the old device with the new one. If the device being replaced is a pNIC, use the hpvmnet command to halt and remove the current vswitches using that pNIC and recreate the same named vswitches using the new pNIC. This method allows guests to use the new pNIC through the old vswitch names without modifying the guests.

Deleting Devices

A device entry can be deleted only if it has no dependents. If a device has dependents, those dependents must be removed before you delete the device. The hpvmmodify command that removes a device removes that guest as a dependent on that device.

If the guest cannot be modified, you can use the hpvmdevmgmt -d command to delete a dependent from a device. However, this command does not modify the guest that is dependent on the device. Use this method only if you can use the hpvmmodify command on the guests that are dependent on the device. The following example shows how to remove a guest as a dependent:

# hpvmdevmgmt -d gdev:entry_name:depend:depend_name

Restricting VM Host Devices

You must set up restricted devices to ensure that no guest uses devices that are reserved for use by the VM Host, including the storage devices that the VM Host uses to boot and run. This can also include a network LAN device to which the host requires exclusive access.

If a volume manager is used for host-specific file systems, then the restricted devices should include both the volume devices and the underlying special device files to protect both from guest access. For more information, see Chapter 7.

You can also allow guests to access certain files while restricting them from accessing the device files that contain those files. You can add or delete restricted device entries to the Integrity VM device database.

For example, to add /dev/rdisk/disk0 as a restricted device, enter the following command:

# hpvmdevmgmt -a rdev:/dev/rdisk/disk0

To delete the restricted device /dev/rdisk/disk0, enter the following command:

# hpvmdevmgmt -d rdev:/dev/rdisk/disk0

To add network lan0 as a restricted device, enter the following command:

# hpvmdevmgmt -a rdev:lan0

If a guest's configuration file contains restricted devices, the guest does not start.

Managing the Device Database

Technical documentation

» Table of Contents