Scribd
Upload
884 views3 pages

Dell EMC Unity - Gaining Root Access To The Unity System For Advanced Support and Troubleshooting (Dell EMC Correctable) - Dell US

Uploaded by

604597
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
884 views3 pages

Dell EMC Unity - Gaining Root Access To The Unity System For Advanced Support and Troubleshooting (Dell EMC Correctable) - Dell US

Uploaded by

604597
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 3

Article Number: 000020968 📠 Print

Dell EMC Unity: Gaining Root access to the Unity System for
advanced support and troubleshooting (Dell EMC Correctable).
Audience Level: Internal

Article Content

Instructions

WARNING:
Root access is meant for Engineering and Global Teams/Recovery Teams only. Regional Teams may only use root in limited
circumstances. The individual procedures which allow for Regional Team execution will be clearly marked as such.

WARNING:
Running certain commands while in root can have CATASTROPHIC CONSEQUENCES, including DATA LOSS. Second set of eyes rules
apply when working in a root shell.

Unity systems, similar to the VNXe family, are restricted in the manner in which root access to the Linux shell is provided. Unlike a
regular Linux operating system, where the root user explicitly logs into the command shell with credentials, the Unity system requires a
special support-only root injection method for gaining access to root.

Caution:
The following procedure should not be sent to customers. Though there are multiple ways to inject root access to the system, the
Challenge String method is generally considered the preferred approach for use by Support personnel, and is presented below.

Please refer to KB 000516953 for svc_service_shell best practices.

Note: For those situations where The Hub may be down or you cannot access the server, there is an alternative way to inject Root--see
the Notes section of this article

Injecting Root Access to the Unity System:


1. Using a browser such as Firefox (You cannot scrape the Key response with Internet Explorer) Internally, access the Service Hub
Website and navigate to the Service Key Generator section.

Note: This site is where the Unity system Challenge phrase or Serial Number is passed, and where the response Key is provided that
allows the support technician to inject service root access to the Unity system. Due to recent unexpected Hub site changes, please try
the first link below first:
https://hubv1.corp.emc.com/services/service_key_generator
https://thehub.corp.emc.com/LandingPage.aspx

Note: When you first launch the new Hub website, you may find that there is nothing displayed regarding the Service Key Generator. If
this is the case, you will need to build your own' My Desktop' preferences. To add the Service Key Generator, find the Library icon on the
lower right-hand side of the screen, then scroll down to find, and add, the Service Key Generator.

2. Under the "Product Release" dropdown, select the appropriate Unity OE release, such as "TB GA" for 4.0.0.7329527, "SP1" for 4.0.1
(includes 4.0.2), "Falcon" for 4.1.0, "Merlin" for 4.2.0, "Merlin SP1" for 4.2.1, etc.

3. Under the "Key Type", change the default radial button to "Challenge String".

4. Login to the Unity system via SSH (use the service user account credentials) and issue the command: svc_inject -k
This will generate a Challenge String in the format xxxxx-xxxxx-xxxxx-xxxxx-xxxxx-xxxxx
Example:
service@(none) spa:~> svc_inject -k
Current Challenge: F7D6F-DEFF4-DB3A5-DA0D8-B1502-BBxxx

5. Copy this String and paste it in the hub field "Challenge String".

6. Under the "Comment" field, enter any alpha-numeric number (required field).

7. Click on the "Generate" button to generate the Key response phrase. Copy this phrase to your clipboard.

8. Back in the Unity system, type the following command: svc_inject -k <key from the hub portal>
Example:
service@(none) spa:~> svc_inject -k 152BB-78CB4-46357-BBC2B-7ED17-A533F-47160-DDB34-01
Current Challenge: F7D6F-DEFF4-DB3A5-DA0D8-B1502-BBxxx
INFO: Response successfully validated!
INFO: Enabling tool ...
INFO: Successfully enabled svc_service_shell

9. Start the Root shell session on the system using the appropriate Service Script:
Note: You will need to run the svc_service_shell script each time you initiate a separate SSH connection to the system. You only root
inject the service shell on the Primary SP. You do not typically need to inject root on the peer SP. When you inject root access to the
Primary SP, then ssh to the peer, you still retain root access to the entire system.
Example:
spa:~> svc_service_shell
INFO: Successfully enabled svc_service_shell
The svc_service_shell service tool will expire in:
2 day(s), 4 hour(s), 58 minute(s) and 40 second(s).
--- Start of service shell session ---
*** WARNING *** Unity service shell activated! *** WARNING ***

This warning "*** WARNING *** Unity service shell activated! *** WARNING ***" will appear after each command, to disable it run
(KB490786):
spa:~> set_banner

10. After completing your Support activity, invalidate the Root injection session to prevent unauthorized users from having Root access:
spa:~> svc_inject -t -e svc_service_shell
INFO [spa]: Checking for svc_service_shell-service-tool ...
INFO [spa]: Disabling the tool ...
INFO [spa]: Verifying peer connectivity ...
INFO [spa]: disabling on the peer
INFO [spb]: Checking for svc_service_shell-service-tool ...
INFO [spb]: Disabling the tool ...
INFO [spb]: Disable operations were successful on this SP.
INFO [spa]: Disable operations were successful on this SP.

Note: There is an issue with disabling root access in Unity OE 4.2.x (Merlin). Please see KB 000502775 for further information.
Additional Information

Refer to KB 000335054 for "Enabling root access on VNXe and Unisphere remote/central." The overall methodology is the same.

Partner Notes

Internal Notes

Alternate option if the hub is down

If The Hub is inaccessible/offline, obtain the latest signature file for the Unity Code that is on the array and inject from the following
site:
http://10.244.66.67/tools/service_shell/
http://surge.isus.emc.com/tools/service_shell/

1. Upload the .sig file to the /cores/service directory, chmod +x to make executable, and then inject to the system:

spa:~> svc_inject -t -i svc_service_shell-service-tool.0.1.303.0.UNITY.tgz.bin.gpg.sig


INFO: Performing dual-SP tool injection.
INFO: Verifying peer connectivity ...output abridged....

2. Access root using svc_service_shell.

3. Disable the root svc tool after completing your Support session:
spa:~> svc_inject -t -e svc_service_shell

**Remember to delete the .sig file from /cores/service after you are done. **

Article Properties

Affected Product
Unity All Flash

Product
Dell EMC Unity 300, Dell EMC Unity 300F, Dell EMC Unity 400, Dell EMC Unity 400F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC
Unity 600, Dell EMC Unity 600F, Unity All Flash, Dell EMC Unity Family, Unity Hybrid flash, UnityVSA

Last Published Date


20 Nov 2020

Publish Status

Online

Version
2

Article Type
How To

You might also like