Tag Archives: ACS

ACS 5.x Database Purge

3 Replies

I received an alert:

Purge is successful. The size of records present in view data base is 22.58 GB. The physical size of the view data base on the disk 96.1 GB. If you want to reduce the physical size of the view data base, run acsview-db-compress command from acs-config mode through command line.

Use the acsview-db-compress command to compress the view database file size. This command compresses the ACS View database by rebuilding each table in the database and release the unused space. As a result, the physical size of the database is reduced.

Ok so time to fix the database during a maintenance window.

acsadmin(config-acs)# acsview-db-compress
You chose to compress ACS View database. This operation will take more time if the size 
of the database is big. During this operation, ACS services will be stopped. Services will 
be started automatically when the compression is over. Do you want to continue (y/n)?  y

Please wait till ACS services come back after the view db is compressed. Refer ADE.log 
for more details about the view db compress.
admin#

How long to wait? Who knows – so I decided to jump in and run it to see how long….I pressed ‘y’ (as above) and waited. I could not find any command to show any status/progress indication – so I had to rely on nagios and the following command only.

 

admin# show application status acs

Application initializing...
Status is not yet available.
Please check again in a minute.

 

Yes ok – thanks Cisco!….. Anyway 3 hours 20 mins later:

 

admin# show application status acs

ACS role: PRIMARY

Process 'database'                  running
Process 'management'                running
Process 'runtime'                   running
Process 'adclient'                  running
Process 'view-database'             running
Process 'view-jobmanager'           running
Process 'view-alertmanager'         running
Process 'view-collector'            running
Process 'view-logprocessor'         running

 

…so cleaning up about 75GB of whitespace in the database took about 3 hours… so you can expect about 25GB an hour perhaps. Plan your outage window accordingly.

MDS 9100 SAN OS with TACACS using Cisco ACS 5.x

Leave a reply

I wanted the MDS switches to finally be added to TACACS so that the backup scripts can run with the TACACS login they have for the standard routers/switches. Here’s the code used (note that the fallback to local auth is also enabled if tacacs is unavailable):

tacacs+ enable
tacacs+ distribute
tacacs-server key whatevs-key
tacacs-server host 10.222.222.222
tacacs+ commit
aaa group server tacacs+ tacacs-group1
   server 10.222.222.222
aaa authentication login default group tacacs-group1 local
aaa accounting default group tacacs-group1 local

On Cisco ACS 5.x you need to add an option to the shell profile you use for TACACS. In my case I just added the attribute to the standard profile which gives ‘level 15’ privilege to passed authentications for other IOS devices.

Probably easier to show you in an image (below), but for MDS switches to work with ACS 5.x you need to add :

attribute  ->  shell:roles
requirement->  Optional
value      ->  network-admin

Image