Protecting Red Hat OpenShift Containerized Environment with IBM Spectrum Protect Plus

Introduction

This IBM® Redpaper publication describes support for Red Hat OpenShift Container Platform application data protection with IBM Spectrum® Protect Plus. It explains backup and restore operations for persistent volume data by using the Container Storage Interface (CSI) plug-in.

Table of Contents

Chapter 1. Introducing containers
Chapter 2. IBM Spectrum Protect Plus architecture
Chapter 3. Installing IBM Spectrum Protect Plus as a containerized application
Chapter 4. Container Backup Support
Chapter 5. Implementing Container Backup Support
Chapter 6. Using Container Backup Support
Chapter 7. Red Hat OpenShift cluster disaster recovery solution

More Information at IBM Spectrum Protect Plus: Protecting Red Hat OpenShift Containerized Environments

End-Of-Life and Support Information

Searching End-Of-Life Information can be a hassle if you are looking for information for OS, Applications, Databases etc. It will be very helpful if everything can be found on a website.

Hooray! It exists! https://endoflife.date/

endoflife.date documents End-of-life dates, and support lifecycles of various products. This project collates this data and presents it in an easily accessible format, with URLs that are easy to guess and remember.

For example, I click on Red Hat Enterprise Linux and the table layout is clear and intuitive.

ReleaseReleasedActive SupportSecurity SupportLatest
9 (Upcoming ELS)7 months ago(17 May 2022)Ends in 4 years and 5 months(31 May 2027)Ends in 9 years(31 May 2032)9.1(15 Nov 2022)
8 (Upcoming ELS)3 years and 7 months ago(07 May 2019)Ends in 1 year and 5 months(31 May 2024)Ends in 6 years(31 May 2029)8.7(09 Nov 2022)
7 (Upcoming ELS)9 years ago(11 Dec 2013)Ended 2 years and 11 months ago(31 Dec 2019)Ends in 1 year and 6 months(30 Jun 2024)7.9(29 Sep 2020)
6 (ELS)12 years ago(09 Nov 2010)Ended 6 years ago(10 May 2016)Ended 2 years ago(30 Nov 2020)6.10
5 (ELS)15 years ago(15 Mar 2007)Ended 9 years ago(08 Jan 2013)Ended 5 years and 8 months ago(31 Mar 2017)5.11
417 years ago(15 Feb 2005)Ended 13 years ago(31 Mar 2009)Ended 10 years ago(29 Feb 2012)4.9
Taken from https://endoflife.date/

abrt-cli status’ timed out is always shown when logging on or changing users

When change or login to specific user, ‘abrt-cli status’ timed out is always shown

Last login: Mon Dec 19 23:32:58 +08 2022 on pts/21 
'abrt-cli status' timed out

To resolve the issue, you may want to check the status of the ‘abrtd’ service, the output will indicate a locked file

# systemctl status abrtd
● abrtd.service - ABRT Automated Bug Reporting Tool
   Loaded: loaded (/usr/lib/systemd/system/abrtd.service; disabled; vendor preset: enabled)
   Active: active (running) since Mon 2022-12-19 23:34:58 +08; 2s ago
 Main PID: 273413 (abrtd)
   CGroup: /system.slice/abrtd.service
           └─273413 /usr/sbin/abrtd -d -s

Dec 19 23:34:58 node1 systemd[1]: Started ABRT Automated Bug Reporting Tool.
Dec 19 23:34:58 node1 systemd[1]: Starting ABRT Automated Bug Reporting Tool...
Dec 19 23:34:58 node1 abrtd[273413]: Lock file '.lock' is locked by process 191242
Dec 19 23:34:59 node1 abrtd[273413]: Lock file '.lock' is locked by process 191242
Dec 19 23:34:59 node1 abrtd[273413]: Lock file '.lock' is locked by process 191242
Dec 19 23:35:00 node1 abrtd[273413]: Lock file '.lock' is locked by process 191242
Dec 19 23:35:00 node1 abrtd[273413]: Lock file '.lock' is locked by process 191242

Stop the abrt Service first.

# systemctl stop abrtd

Kill the Process holding the Lock File

# pkill -9 systemctl stop abrtd

Start the Service again

# systemctl start abrtd

The Lock File should go away.

# systemctl status abrtd
● abrtd.service - ABRT Automated Bug Reporting Tool
   Loaded: loaded (/usr/lib/systemd/system/abrtd.service; disabled; vendor preset: enabled)
   Active: active (running) since Mon 2022-12-19 23:48:02 +08; 4s ago
 Main PID: 334010 (abrtd)
   CGroup: /system.slice/abrtd.service
           └─334010 /usr/sbin/abrtd -d -s

Dec 19 23:48:02 hpc-gekko1 systemd[1]: Started ABRT Automated Bug Reporting Tool.
Dec 19 23:48:02 hpc-gekko1 systemd[1]: Starting ABRT Automated Bug Reporting Tool...
Dec 19 23:48:02 hpc-gekko1 abrtd[334010]: Init complete, entering main loop

Harnessing the Advantages of Edge AI

Article taken from HPCWire “Harnessing the Advantages of Edge AI”

You can enjoy a number of advantages when you deploy edge AI applications. It’s about empowering your users in the field to convert data to value in real-time.

  • Real-Time Insights – Equip your users with real-time information, from business intelligence to military strategy to updated patient health data.
  • Faster Decision Making – Your users can react much more quickly to real-time information and make quicker, more informed decisions.
  • Increased Automation – Train your machines or devices to perform autonomous tasks and maximize efficiency.
  • Enhanced Privacy – Keeping more data closer to the edge means having to send less of it to the cloud, thereby increasing opportunities for data breaches.

Do go to the article for full read. Harnessing the Advantages of Edge AI

Tuning Compute Performance – Nanyang Technological University Targets I/O Bottlenecks to Speed Up Research

A customer case study writeup on how the HPC Team at Nanyang Technological University used Altair Mistral to tune Compute Performance.

The High Performance Computing Centre (HPCC) at Nanyang Technological University Singapore supports the university’s large-scale and data-intensive computing needs, and resource requirements continue to grow. HPCC churned out nearly 19 million core CPU-hours and nearly 300,000 GPU-hours in 2021 to enable more than 160 NTU researchers. HPCC’s small, four-engineer team turned to Altair for cutting-edge tools to help support their growing user community and evaluate scaling up to a hybrid cloud environment. They needed job-level insights to understand runtime issues; metrics on I/O, CPU, and memory to identify bottlenecks; and the ability to detect problematic applications and rogue jobs with bad I/O patterns that could overload shared storage. The HPCC team deployed Altair Mistral™ to profile application I/O and determine the most efficient options to optimize HPC at NTU.

Tuning Compute Performance – Nanyang Technological University Targets I/O Bottlenecks to Speed Up Research

Application I/O Profiling on HPC Clusters with Altair Mistral and Altair PBS Professional

A Paper has been published by Altair and myself on the “Application I/O Profiling on HPC Clusters with Altair Mistral and Altair PBS Professional”. For more information, do take a look at

The High Performance Computing Centre (HPCC) at Nanyang Technological University (NTU) Singapore employs the latest techniques to ensure good system utilization and a high-performance user experience. The university has a large HPC cluster with the Altair® PBS Professional® workload manager, and the HPCC team installed Altair Mistral™ to monitor application I/O and storage performance. In this paper, we describe how they used Mistral to analyze an HPC application. After getting some insights into the application, they profiled it against HPCC’s three storage tiers and gained detailed insights into application I/O patterns and storage performance.

Application I/O Profiling on HPC Clusters with Altair Mistral and Altair PBS Professional

How to disable CBC Mode Ciphers in RHEL 8 or Rocky Linux 8

This writeup is reference from The Geek Diary

Edit /etc/sysconfig/sshd and uncomment CRYPTO_POLICY line:

CRYPTO_POLICY=

Edit /etc/ssh/sshd_config file. Add Ciphers, MACs and KexAlgorithms have been added

KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

After making changes to the configuration file, you may want to do a sanity check on the configuration file

# sshd -t

Restart sshd services

# systemctl restart sshd

To test if weak CBC Ciphers are enabled

$ ssh -vv -oCiphers=3des-cbc,aes128-cbc,aes192-cbc,aes256-cbc [youruserid@IP of your Server]

References: