Increasing Check Point Management Server Log Volume Size - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Monday, September 19, 2016

Increasing Check Point Management Server Log Volume Size

Check Point Gaia LVM
Our Check Point Management Server has been migrated into Virtual Edition platform which is running on Citrix Xen server. Originally it is only 100GB hard drive set for testing.

After running stabilised for a couple of days, I decided to enlarge the log space since 50G logging is definitely not enough.

My old 2014 post "Resize Checkpoint Firewall's Disk/Partition Space (Gaia and Splat Platform)" has some details to enlarge Logical Volume size with existing free space which supposed to be used as snapshots. This post will focus how to add a new disk into your system and enlarge your log logical volume.

Related posts:



Here are all steps related to this task. Those steps also fit into Vmware environment.



300GB virtual disk has been added into our Management server virtual machine.

[Expert@CP-Management:0]# fdisk -l

Disk /dev/hda: 107.3 GB, 107374182400 bytes
255 heads, 63 sectors/track, 13054 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/hda1   *           1          38      305203+  83  Linux
/dev/hda2              39         299     2096482+  82  Linux swap / Solaris
/dev/hda3             300       13054   102454537+  8e  Linux LVM

Disk /dev/hdb: 322.1 GB, 322122547200 bytes
255 heads, 63 sectors/track, 39162 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Disk /dev/hdb doesn't contain a valid partition table

[Expert@CP-Management:0]# fdisk /dev/hdb
Device contains neither a valid DOS partition table, nor Sun, SGI or OSF disklabel
Building a new DOS disklabel. Changes will remain in memory only,
until you decide to write them. After that, of course, the previous
content won't be recoverable.


The number of cylinders for this disk is set to 39162.
There is nothing wrong with that, but this is larger than 1024,
and could in certain setups cause problems with:
1) software that runs at boot time (e.g., old versions of LILO)
2) booting and partitioning software from other OSs
   (e.g., DOS FDISK, OS/2 FDISK)
Warning: invalid flag 0x0000 of partition table 4 will be corrected by w(rite)

Command (m for help): n
Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-39162, default 1): 
Using default value 1
Last cylinder or +size or +sizeM or +sizeK (1-39162, default 39162): 
Using default value 39162

Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 83

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.
[Expert@CP-Management:0]# fdisk -l

Disk /dev/hda: 107.3 GB, 107374182400 bytes
255 heads, 63 sectors/track, 13054 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/hda1   *           1          38      305203+  83  Linux
/dev/hda2              39         299     2096482+  82  Linux swap / Solaris
/dev/hda3             300       13054   102454537+  8e  Linux LVM

Disk /dev/hdb: 322.1 GB, 322122547200 bytes
255 heads, 63 sectors/track, 39162 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/hdb1               1       39162   314568733+  83  Linux
[Expert@CP-Management:0]# pvcreate /dev/hdb1
  Physical volume "/dev/hdb1" successfully created
[Expert@CP-Management:0]# pvdisplay
  --- Physical volume ---
  PV Name               /dev/hda3
  VG Name               vg_splat
  PV Size               97.71 GB / not usable 21.26 MB
  Allocatable           yes 
  PE Size (KByte)       32768
  Total PE              3126
  Free PE               724
  Allocated PE          2402
  PV UUID               Stnt1u-kxSY-qv41-HawK-gvLi-Abyx-vgfcUP
   
  --- NEW Physical volume ---
  PV Name               /dev/hdb1
  VG Name               
  PV Size               300.00 GB
  Allocatable           NO
  PE Size (KByte)       0
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               Af23rd-Nq98-mNm7-uAes-I0I9-yxZV-ALq4Vg
   
[Expert@CP-Management:0]# vgcreate group_john1 /dev/hdb1
  Volume group "group_john1" successfully created

[Expert@CP-Management:0]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg_splat-lv_current
                       20G  8.1G   11G  44% /
/dev/hda1             289M   37M  238M  14% /boot
tmpfs                 4.0G     0  4.0G   0% /dev/shm
/dev/mapper/vg_splat-lv_log
                       49G  5.9G   41G  13% /var/log
[Expert@CP-Management:0]# pvs
  PV         VG          Fmt  Attr PSize   PFree  
  /dev/hda3  vg_splat    lvm2 a-    97.69G  22.62G
  /dev/hdb1  group_john1 lvm2 a-   299.99G 299.99G
[Expert@CP-Management:0]# lvs
  LV         VG       Attr   LSize  Origin Snap%  Move Log Copy% 
  lv_Inia    vg_splat -wi-a-  5.06G                              
  lv_current vg_splat -wi-ao 20.00G                              
  lv_log     vg_splat -wi-ao 50.00G                              
[Expert@CP-Management:0]# lvcreate -L 299990 -n vol2 group_john1
  /dev/cdrom: open failed: Read-only file system
  Rounding up size to full physical extent 292.96 GB
  Logical volume "vol2" created
[Expert@CP-Management:0]# lvs
  LV         VG          Attr   LSize   Origin Snap%  Move Log Copy% 
  vol2       group_john1 -wi-a- 292.96G                              
  lv_Inia    vg_splat    -wi-a-   5.06G                              
  lv_current vg_splat    -wi-ao  20.00G                              
  lv_log     vg_splat    -wi-ao  50.00G                              
[Expert@CP-Management:0]# pvs
  PV         VG          Fmt  Attr PSize   PFree 
  /dev/hda3  vg_splat    lvm2 a-    97.69G 22.62G
  /dev/hdb1  group_john1 lvm2 a-   299.99G  7.03G
[Expert@CP-Management:0]# 



During above steps, I created a new virtual group group_john1 and a new logical volume vol2. Unfortunately, those steps are not needed.

On next section, I will show how to remove logical volume vol2 and virtual group one by one.

After deleted that new virtual group, I will extend existing logical volume to this new disk.

[Expert@CP-Management:0]# fdisk -l        

Disk /dev/hda: 107.3 GB, 107374182400 bytes
255 heads, 63 sectors/track, 13054 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/hda1   *           1          38      305203+  83  Linux
/dev/hda2              39         299     2096482+  82  Linux swap / Solaris
/dev/hda3             300       13054   102454537+  8e  Linux LVM

Disk /dev/hdb: 322.1 GB, 322122547200 bytes
255 heads, 63 sectors/track, 39162 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot      Start         End      Blocks   Id  System
/dev/hdb1               1       39162   314568733+  83  Linux
[Expert@CP-Management:0]# vgdisplay       
  --- Volume group ---
  VG Name               group_john1
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  2
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                1
  Open LV               0
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               299.99 GB
  PE Size               4.00 MB
  Total PE              76798
  Alloc PE / Size       74998 / 292.96 GB
  Free  PE / Size       1800 / 7.03 GB
  VG UUID               FS1Lp5-1x3e-TGHU-0j94-buty-YY2Z-7iRjmN
   
  --- Volume group ---
  VG Name               vg_splat
  System ID             
  Format                lvm2
  Metadata Areas        1
  Metadata Sequence No  9
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                2
  Open LV               2
  Max PV                0
  Cur PV                1
  Act PV                1
  VG Size               97.69 GB
  PE Size               32.00 MB
  Total PE              3126
  Alloc PE / Size       2240 / 70.00 GB
  Free  PE / Size       886 / 27.69 GB
  VG UUID               E3Rsl2-UJHA-dgCG-cZBS-YoGo-CzE0-EIvRXE
   

[Expert@CP-Management:0]# vgchange -a n group_john1
  0 logical volume(s) in volume group "group_john1" now active
[Expert@CP-Management:0]# vgremove group_john1     
  /dev/cdrom: open failed: Read-only file system
  Volume group "group_john1" still contains 1 logical volume(s)
[Expert@CP-Management:0]# lvs
  LV         VG          Attr   LSize   Origin Snap%  Move Log Copy% 
  vol2       group_john1 -wi--- 292.96G                              
  lv_current vg_splat    -wi-ao  20.00G                              
  lv_log     vg_splat    -wi-ao  50.00G                              
[Expert@CP-Management:0]# lvremove /dev/group_john1/vol2
  /dev/cdrom: open failed: Read-only file system
  Logical volume "vol2" successfully removed
[Expert@CP-Management:0]# vgremove group_john1
  /dev/cdrom: open failed: Read-only file system
  Volume group "group_john1" successfully removed
[Expert@CP-Management:0]# pvs       
  PV         VG       Fmt  Attr PSize   PFree  
  /dev/hda3  vg_splat lvm2 a-    97.69G  27.69G
  /dev/hdb1           lvm2 --   300.00G 300.00G
[Expert@CP-Management:0]# pvdisplay /dev/hdb1
  --- NEW Physical volume ---
  PV Name               /dev/hdb1
  VG Name               
  PV Size               300.00 GB
  Allocatable           NO
  PE Size (KByte)       0
  Total PE              0
  Free PE               0
  Allocated PE          0
  PV UUID               Af23rd-Nq98-mNm7-uAes-I0I9-yxZV-ALq4Vg
   
[Expert@CP-Management:0]# vgscan --mknodes
  Reading all physical volumes.  This may take a while...
  Found volume group "vg_splat" using metadata type lvm2
[Expert@CP-Management:0]# pvs
  PV         VG       Fmt  Attr PSize   PFree  
  /dev/hda3  vg_splat lvm2 a-    97.69G  27.69G
  /dev/hdb1           lvm2 --   300.00G 300.00G


[Expert@CP-Management:0]# vgextend vg_splat /dev/hdb1 
  /dev/cdrom: open failed: Read-only file system
  Attempt to close device '/dev/cdrom' which is not open.
  Volume group "vg_splat" successfully extended
[Expert@CP-Management:0]# pvs
  PV         VG       Fmt  Attr PSize   PFree  
  /dev/hda3  vg_splat lvm2 a-    97.69G  27.69G
  /dev/hdb1  vg_splat lvm2 a-   299.97G 299.97G
[Expert@CP-Management:0]# lvs
  LV         VG       Attr   LSize  Origin Snap%  Move Log Copy% 
  lv_current vg_splat -wi-ao 20.00G                              
  lv_log     vg_splat -wi-ao 50.00G                              
[Expert@CP-Management:0]# vgdisplay
  --- Volume group ---
  VG Name               vg_splat
  System ID             
  Format                lvm2
  Metadata Areas        2
  Metadata Sequence No  10
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                2
  Open LV               2
  Max PV                0
  Cur PV                2
  Act PV                2
  VG Size               397.66 GB
  PE Size               32.00 MB
  Total PE              12725
  Alloc PE / Size       2240 / 70.00 GB
  Free  PE / Size       10485 / 327.66 GB
  VG UUID               E3Rsl2-UJHA-dgCG-cZBS-YoGo-CzE0-EIvRXE
   


Following output is showing how to use lvm_manager to resize lv_current/lv_log. Download LVM manager from here. 

[Expert@CP-Management:0]# ls 
last_dump.log  lvm_manager.sh
[Expert@CP-Management:0]# lvm_manager

elect action:

1) View LVM storage overview
2) Resize lv_current/lv_log Logical Volume
3) Quit
Select action: 1



VM overview
============
                  Size(GB)   Used(GB)   Configurable    Description         
    lv_current    20         9          yes             Check Point OS and products
    lv_log        50         12         yes             Logs volume         
    upgrade       22         N/A        no              Reserved for version upgrade
    swap          2          N/A        no              Swap volume size    
    free          305        N/A        no              Unused space        
    -------       ----                                                      
    total         399        N/A        no              Total size          

press ENTER to continue.

==============================================================================================


elect action:

1) View LVM storage overview
2) Resize lv_current/lv_log Logical Volume
3) Quit
Select action: 2


elect Logical Volume for size modification:
1) lv_current
2) lv_log
3) Cancel
Select Logical Volume: 2


VM overview
============
                  Size(GB)   Used(GB)   Configurable    Description         
    lv_current    20         9          yes             Check Point OS and products
    lv_log        50         12         yes             Logs volume         
    upgrade       22         N/A        no              Reserved for version upgrade
    swap          2          N/A        no              Swap volume size    
    free          305        N/A        no              Unused space        
    -------       ----                                                      
    total         399        N/A        no              Total size          

Resizing lv_log Logical Volume
==============================
lv_log size can be between 13G to 355G.
Enter the new size(GB) or leave blank to cancel: 300

Note that all Check Point products will be shutdown during the resizing operation and the machine will be rebooted automatically at the end of the process.
This may take several minutes.
Are you sure you want to continue?(Y/N)[N]y

Stopping Check Point products. This may take several minutes ...

Killing processes that access to the filesystem...

Unmounting logical volume ...

Checking the filesystem...
/dev/vg_splat/lv_log: 1315/13107200 files (11.4% non-contiguous), 3320980/13107200 blocks

Start resizing...
  Extending logical volume lv_log to 300.00 GB
  Logical volume lv_log successfully resized
Resizing the filesystem on /dev/mapper/vg_splat-lv_log to 78643200 (4k) blocks.
Begin pass 1 (max = 2000)
Extending the inode table     XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
The filesystem on /dev/mapper/vg_splat-lv_log is now 78643200 blocks long.


Mounting the filesystem...


******************************************************************

Operation ended successfully.

Logical Volume size changed from 50G to 300G.

Press ENTER for reboot.
Reboot ... 

Broadcast message from admin (pts/2) (Mon Sep 19 15:01:51 2016):

The system is going down for reboot NOW!
[Expert@CP-Management:0]# 

 lv_current/lv_log has been resized from 50G to 300G. There are 55G free space left which could be used to resize other logical volume or used to store system snapshots as show below.



Verify:

[Expert@CP-Management:0]# lvs
  LV         VG       Attr   LSize   Origin Snap%  Move Log Copy% 
  lv_current vg_splat -wi-ao  20.00G                              
  lv_log     vg_splat -wi-ao 300.00G    
                          
[Expert@CP-Management:0]# pvs
  PV         VG       Fmt  Attr PSize   PFree 
  /dev/hda3  vg_splat lvm2 a-    97.69G     0 
  /dev/hdb1  vg_splat lvm2 a-   299.97G 77.66G

[Expert@CP-Management:0]# pvdisplay
  --- Physical volume ---
  PV Name               /dev/hda3
  VG Name               vg_splat
  PV Size               97.71 GB / not usable 21.26 MB
  Allocatable           yes (but full)
  PE Size (KByte)       32768
  Total PE              3126
  Free PE               0
  Allocated PE          3126
  PV UUID               Stnt1u-kxSY-qv41-HawK-gvLi-Abyx-vgfcUP
   
  --- Physical volume ---
  PV Name               /dev/hdb1
  VG Name               vg_splat
  PV Size               300.00 GB / not usable 28.03 MB
  Allocatable           yes 
  PE Size (KByte)       32768
  Total PE              9599
  Free PE               2485
  Allocated PE          7114
  PV UUID               Af23rd-Nq98-mNm7-uAes-I0I9-yxZV-ALq4Vg
   
[Expert@CP-Management:0]# vgdisplay
  --- Volume group ---
  VG Name               vg_splat
  System ID             
  Format                lvm2
  Metadata Areas        2
  Metadata Sequence No  11
  VG Access             read/write
  VG Status             resizable
  MAX LV                0
  Cur LV                2
  Open LV               2
  Max PV                0
  Cur PV                2
  Act PV                2
  VG Size               397.66 GB
  PE Size               32.00 MB
  Total PE              12725
  Alloc PE / Size       10240 / 320.00 GB
  Free  PE / Size       2485 / 77.66 GB
  VG UUID               E3Rsl2-UJHA-dgCG-cZBS-YoGo-CzE0-EIvRXE
   
[Expert@CP-Management:0]# df -h
Filesystem            Size  Used Avail Use% Mounted on
/dev/mapper/vg_splat-lv_current
                       20G  7.9G   11G  43% /
/dev/hda1             289M   24M  251M   9% /boot
tmpfs                 4.0G     0  4.0G   0% /dev/shm
/dev/mapper/vg_splat-lv_log
                      291G   12G  265G   5% /var/log
[Expert@CP-Management:0]# 




Reference:

1. How to change the default storage path for FireWall Log files on Security Management Server
2. How to add log storage to a VMware Virtual Machine running Gaia OS
3. Increasing the Security Gateway Virtual Edition Disk Size
4. How to Manage and Use LVM (Logical Volume Management) in Ubuntu
5. Managing partition sizes via LVM manager on Gaia OS





1 comment:

  1. Great post!I agree with everything you said.Please visit once at http://www.qosnetworking.com/ 

    ReplyDelete