Chapter 9 Administering Sun Cluster With the Graphical User Interfaces

This chapter provides descriptions of SunPlex Manager and Sun Management Center graphical user interface (GUI) tools, which you can use to administer some aspects of a cluster. It also contains procedures to configure and launch SunPlex Manager. The online help included with each GUI provides instructions for how to accomplish various administrative tasks using the GUI.

This is a list of the procedures in this chapter.

• How to Change the Port Number for SunPlex Manager

• How to Change the Server Address for SunPlex Manager

• How to Configure a New Security Certificate

• How to Launch SunPlex Manager

• How to Add RBAC Authorization to an Existing User Account

• How to Create a New User Account With RBAC Authorization

Sun Management Center Overview

The Sun Cluster module for Sun Management Center^TM (formerly Sun Enterprise SyMON^TM) GUI Console enables you to graphically display cluster resources, resource types, and resource groups. It also enables you to monitor configuration changes and check the status of cluster components. However, the Sun Cluster module for Sun Management Center currently cannot perform all Sun Cluster administrative tasks. You must use the command-line interface for other operations. See “Command Line Interface” in Chapter 1 for more information.

For information on installing and starting the Sun Cluster module for Sun Management Center, and for viewing the cluster-specific online help supplied with the Sun Cluster module, see the Sun Cluster 3.1 Software Installation Guide.

The Sun Cluster module of Sun Management Center is Simple Network Management Protocol (SNMP) compliant. Sun Cluster has created a Management Information Base (MIB) that can be used as the data definition by third-party management stations based on SNMP.

The Sun Cluster MIB file is located at /opt/SUNWsymon/modules/cfg/sun-cluster-mib.mib on any cluster node.

The Sun Cluster MIB file is an ASN.1 specification of the Sun Cluster data that is modeled. This is the same specification used by all Sun Management Center MIBs. To use the Sun Cluster MIB, refer to the instructions for using other Sun Management Center MIBs in the “SNMP MIBs for Sun Management Center Modules” in Sun Management Center 3.5 User's Guide.

SunPlex Manager Overview

SunPlex Manager is a GUI that enables you to graphically display cluster information, monitor configuration changes, and check the status of cluster components. It also allows you to perform some administrative tasks, including installing and configuring some data service applications. However, SunPlex Manager currently cannot perform all Sun Cluster administrative tasks. You must use the command-line interface for some operations. See for more information.

Information about installing and using SunPlex Manager can be found in the following locations.

• Installing and starting SunPlex Manager: See the Sun Cluster 3.1 Software Installation Guide.

• Configuring port numbers, server addresses, security certificates, and users: SeeConfiguring SunPlex Manager .

• Installing and administering aspects of your cluster using SunPlex Manager: See the online help supplied with SunPlex Manager.

Using SunPlex Manager Accessibility Features

SunPlex Manager supports third-party accessibility software when run through an accessible browser, such as Internet Explorer 5. This section describes some of these accessibility features.

• By default, the SunPlex Manager menu frame uses a JavaScript menu. Selecting an image or link in the menu frame expands or collapses any items in the menu tree. Selecting an item in the menu frame also updates any information that is displayed in the content frame, that is related to the selected item.

  In addition to the menu, SunPlex Manager also provides a basic text menu that is always expanded and may interact better with accessibility software. The first link in the standard menu is an invisible link to the text menu. Select this link to use the text menu. The menu may also be accessed directly by connecting to SunPlex Manager with the URL https://nodename:3000/cgi-bin/index.pl?menu=basic where nodename is replaced with the appropriate name of a node on which SunPlex Manager is installed. SunPlex Manager displays the text menu in the menu frame.

• SunPlex Manager uses combo box action menus to update and access a number of cluster components. When using keyboard control, select action menu items by opening the combo box pull-down menu before moving to the desired menu item. If you use the down arrow to move through the action menu items within the combo box, each menu item you move to is automatically selected and updated by using JavaScript. This could result in selecting the wrong menu item.

  The following example shows how to access a combo box pull-down menu and select an item from that menu. The example assumes you are using keyboard commands with the Internet Explorer 5 browser.

      1.  Tab to the desired combo box action menu.

      2.  Press Alt-Down Arrow to display the pull-down menu.

      3.  Press the down arrow key to move the cursor to the desired menu item.

      4.  Press Return to select the menu item.

• SunPlex Manager provides several graphical topological views through Java applets. This information is also available in tabular status tables, since the Java applets may not be accessible.

Configuring SunPlex Manager

SunPlex Manager is a GUI that you can use to administer and view the status of some aspects of quorum devices, IPMP groups, interconnect components, and global devices. You can use it in place of many of the Sun Cluster CLI commands.

The procedure for installing SunPlex Manager on your cluster is included in the Sun Cluster 3.1 Software Installation Guide. The SunPlex Manager online help contains instructions for completing various tasks using the GUI.

This section contains the following procedures for reconfiguring SunPlex Manager after initial installation.

• How to Change the Port Number for SunPlex Manager

• How to Change the Server Address for SunPlex Manager

• How to Configure a New Security Certificate

SunPlex Manager Character Set Support

The SunPlex Manager recognizes a limited character set to increase security. Characters that are not a part of the set are silently filtered out when HTML forms are submitted to the SunPlex Manager server. The following characters are accepted by the SunPlex Manager.

()+,-./0-9:=@A-Z^_a-z{|}~

This filter can potentially cause problems in two areas.

• Password entry for Sun One services. If the password contains unusual characters, these characters will be stripped out resulting in two problems. Either the resulting password will be under 8 characters and will fail, or the application will be configured with a different password than the user expects.

• Localization. Alternative character sets (for example: accented characters or Asian characters) will not work for input.

How to Change the Port Number for SunPlex Manager

If the default port number (3000) conflicts with another running process, change the port number of SunPlex Manager on each node of the cluster.

The port number must be identical on all nodes of the cluster.

1. Open the /opt/SUNWscvw/conf/httpd.conf configuration file using a text editor.

2. Change the Port number entry.

   The Port entry is located under Section 2, 'Main' server configuration.

3. Edit the VirtualHost entry to reflect the new port number.

   The <VirtualHost _default_:3000> entry is located in the section titled “SSL Virtual Host Context”.

4. Save the configuration file and exit the editor.

5. Restart SunPlex Manager.

   # /opt/SUNWscvw/bin/apachectl restart

6. Repeat this procedure on each node of the cluster.

How to Change the Server Address for SunPlex Manager

If you change the hostname of a cluster node, you must change the address from which SunPlex Manager runs. Because the default security certificate is generated based on the node's hostname at the time SunPlex Manager is installed, you must remove one of the SunPlex Manager installation packages and reinstall it. You must complete this procedure on any node that has had its host name changed.

1. Make the Sun Cluster 3.1 CD-ROM image available to the node.

2. Remove the SUNWscvw package.

   # pkgrm SUNWscvw

3. Re-install the SUNWscvw package.

   # cd <path to CD-ROM image>/SunCluster_3.1/Packages # pkgadd -d . SUNWscvw

How to Configure a New Security Certificate

You can generate your own security certificate to enable secure administration of your cluster, and then configure SunPlex Manager to use that certificate instead of the one generated by default. This procedure is an example of how to configure SunPlex Manager to use a security certificate generated by a particular security package. The actual tasks you must complete depend on the security package you use.

You must generate an unencrypted certificate to allow the server to start on its own during boot up. Once you have generated a new certificate for each node of your cluster, configure SunPlex Manager to use those certificates. Each node must have its own security certificate.

1. Copy the appropriate certificate to the node.

2. Open the /opt/SUNWscvw/conf/httpd.conf configuration file for editing.

3. Edit the following entry to enable SunPlex Manager to use the new certificate.

   SSLCertificateFile <path to certificate file>

4. If the server private key is not combined with the certificate, edit the SSLCertificateKeyFile entry.

   SSLCertificateKeyFile <path to server key>

5. Save the file and exit the editor.

6. Restart SunPlex Manager.

   # /opt/SUNWscvw/bin/apachectl restart

7. Repeat this procedure for each node in the cluster.

Example—Configuring SunPlex Manager to Use a New Security Certificate

The following example shows how to edit the SunPlex Manager configuration file to use a new security certificate.

[Copy the appropriate security certificates to each node.]
[Edit the configuration file.]
# vi /opt/SUNWscvw/conf/httpd.conf
[Edit the appropriate entries.]
SSLCertificateFile /opt/SUNWscvw/conf/ssl/phys-schost-1.crt
SSLCertificateKeyFile /opt/SUNWscvw/conf/ssl/phys-schost-1.key
[Save the file and exit the editor.]
[Restart SunPlex Manager.]
# /opt/SUNWscvw/bin/apachectl restart

Launching the SunPlex Manager Software

The SunPlex Manager graphical user interface (GUI) provides an easy way to administer some aspects of the Sun Cluster software. See the SunPlex Manager online help for more information.

How to Launch SunPlex Manager

Follow this procedure to start SunPlex Manager on your cluster.

1. Do you intend to access SunPlex Manager by using the cluster node root user name and password rather than set up a different user name and password?

   • If yes, go to Step 5.

   • If no, go to Step 3 to set up SunPlex Manager user accounts.

2. Become superuser on a cluster node.

3. Create a user account to access the cluster through SunPlex Manager.

   Follow the procedure in How to Create a New User Account With RBAC Authorization.

   You must set up at least one user account to access SunPlex Manager if you do not use the root system account. SunPlex Manager user accounts are used only by SunPlex Manager. They do not correspond to any Solaris system user accounts.

   1. ---

      Note –

      Users who do not have a user account set up on a particular node cannot access the cluster through SunPlex Manager from that node, nor can users manage that node through another cluster node to which the users do have access.

      ---

4. (Optional) Repeat Step 3 to set up additional user accounts.

5. From the administrative console or any other machine outside the cluster, launch a browser.

6. Disable the browser's Web proxy.

   SunPlex Manager functionality is incompatible with Web proxies.

7. Ensure that the browser's disk and memory cache sizes are set to greater than 0.

8. From the browser, connect to the SunPlex Manager port on one node of the cluster.

   The default port number is 3000.

   https://node:3000/

How to Launch SunPlex Manager from the Sun Management Center Web Console

1. Log in to the Sun Management Center Web Console.

   The default port number is 6789.

   https://node:6789/

   A SunPlex Manager icon will display for a SunPlex Manager user with solaris.cluster.admin authorization.

2. Click the SunPlex Manager icon to open a new browser window and connect to SunPlex Manager.

3. Click the Logout link to exit SunPlex Manager.

Adding Non-Root Users to SunPlex Manager

To enable a user other than root to log in to SunPlex Manager, you must either create a new user with the "solaris.cluster.admin" Role Based Access Control (RBAC) authorization, or add that authorization to an existing user. Once given authorization to access the full SunPlex Manager functionality, the user can log in with his regular system password.

Assigning the "solaris.cluster.admin" RBAC authorization to a non-root user allows that user to perform administrative actions usually performed only by root.

For more information, see "Role-Based Access Control" in the Solaris 8 System Administration Guide, Volume 2.

How to Add RBAC Authorization to an Existing User Account

Add RBAC authorization to an existing user account to enable the user to log in to SunPlex Manager by using a regular system password.

If you assign RBAC authorization to a non-root user account, that user account can perform a set of administrative actions usually performed only by root.

1. Become superuser on any node of the cluster.

2. Add the following entry to the /etc/user_attr file on all nodes of the cluster.

   # vi /etc/user_attr username::::type=normal;auths=solaris.cluster.admin

3. If you are logged in to SunPlex Manager as the root user, exit the browser entirely, then restart it.

4. Connect to one node of the cluster.

5. Enter the login (username) and password to access SunPlex Manager.

How to Create a New User Account With RBAC Authorization

To provide a new non-root user account root access to the entire cluster through SunPlex Manager, create the account on all nodes of the cluster.

If you assign RBAC authorization to a non-root user account, that user account can perform a set of administrative actions usually performed only by root.

1. Become superuser on any node of the cluster.

2. Create the new user account.

   # useradd -d dir -A solaris.cluster.admin login

   -d dir

   Specifies the home directory of the new user

   -A solaris.cluster.admin

   Assigns the solaris.cluster.admin authorization to the new user account

   login

   Name of the new user account (username)

   ---

   Note –

   The user name must be unique and must not already exist either on the local machine or in the network name service.

   ---

   See the useradd(1M) man page for more information about creating user accounts.

3. Set the password on each node of the cluster.

   # passwd login

   ---

   Note –

   The password for this account must be the same on all nodes of the cluster.

   ---

4. If you are logged in to SunPlex Manager as the root user, exit the browser entirely, then restart it.

5. Connect to one node of the cluster.

6. Enter the new login (username) and password to access SunPlex Manager.