|
Miscellaneous Sun Management
Center Procedures
|
This appendix documents the following procedures:
The Sun Management Center setup generates the security keys for Sun Management Center components using the following default settings:
- Valid Sun Management Center users are espublic and esmaster
- Sun Management Center superuser is esmaster
Note - The software uses an eight-character string as a seed to make the generated key unique. During setup, you have the option to use the default Sun Management Center seed or to use one that you create. The same seed must be used for all server and agent setups in a given server context. For more information on server context, see Chapter 14.
Sun Management Center setup does not create UNIX accounts for the special users espublic and esmaster. You should not need to log into the Sun Management Center console using these user IDs because they are reserved for internal communication between processes. However, some troubleshooting activities may require you to log in using one of these user IDs. If so, you have to create it and assign a password using the usual UNIX commands useradd and passwd.
The esmaster user ID bypasses normal permission checks, so use it with care. For normal operation, use an existing login account. Setup provides an opportunity to specify an existing user as a Sun Management Center administrator. This user ID is added to the esadm and esdomadm groups as well as the esusers file. For more information on security and the Sun Management Center superuser, see Chapter 14.
The security keys for the components need to be regenerated if one or more of the following is true:
- UDP ports of any of the Sun Management Center agents are changed.
- Host names or IP addresses of the Sun Management Center agent host change.
Note - Changing the host name or the IP address of the Sun Management Center server is not supported.
|
To Regenerate the Security Keys
|
Note - In these examples, shared_secret stands for a secret string of up to 8 characters that is common to all machines in a server context. It is required as an argument to the script base-usm-seed.sh. A default (maplesyr) is provided by the software, but you can specify your own password if desired. This secret string or password is used to generate keys for communication between processes.
-u public is needed to respond to external SNMP requests with public communities.
|
2. |
Depending on your installation, type one of the following. |
- If you installed only the agent layer, type:
# /opt/SUNWsymon/sbin/es_run base-usm-seed.sh -s shared_secret -c agent -u public
|
- If you installed only the server layer, type:
# /opt/SUNWsymon/sbin/es_run base-usm-seed.sh -s shared_secret -c topology -u public
# /opt/SUNWsymon/sbin/es_run base-usm-seed.sh -s shared_secret -c trap event
cfgserver servers
|
- If you installed both the agent and server layers on one host, type:
# /opt/SUNWsymon/sbin/es_run base-usm-seed.sh -s shared_secret -u public
|
|
3. |
Restart the Sun Management Center server. |
|
|
For more information, see the Sun Management Center 3.0 Software Installation Guide. |
A legacy SNMP agent is a SNMP agent that is not part of the Sun Management Center agent framework. In real world situations, you may need to configure one or more legacy agents as subagents of a Sun Management Center agent.
Any legacy SNMP agent can be configured as a subagent of a Sun Management Center Agent provided that:
- The legacy agent can run on a port other than 161.
- The legacy agent configuration supports running that agent as a non-daemon process.
- You have the legacy agent MIB definition file.
|
To Configure a Legacy SNMP Agent as a Subagent of a Sun Management Center Agent
|
|
2. |
If the file /var/opt/SUNWsymon/cfg/subagent-registry-d.x does not exist, copy it from the /opt/SUNWsymon/base/cfg directory:
# cp /opt/SUNWsymon/base/cfg/subagent-registry-d.x /var/opt/SUNWsymon/cfg/
|
|
|
3. |
In the file /var/opt/SUNWsymon/cfg/subagent-registry-d.x, find the block that is similar to the following: |
# sa2 = {
# type = legacy
# persist = false
# snmpPort = "20001"
# errorAction = restart
# startCommand = "/usr/lib/snmp/mibiisa -p %port"
# stopCommand = "kill -9 %pid"
# pollInterval = 60
# pollHoldoff = 60
# oidTrees = 1.3.6.1.2.1
# snmpVersion = SNMPv1
# securityLevel = noauth
# securityName = espublic
# }
|
|
4. |
Remove the comment symbol at the beginning of the line (#) so that the code now looks like the following.
sa2 = {
type = legacy
persist = false
snmpPort = "20001"
errorAction = restart
startCommand = "/usr/lib/snmp/mibiisa -p %port"
stopCommand = "kill -9 %pid"
pollInterval = 60
pollHoldoff = 60
managedTrees = "mib-2 sun"
# oidTrees = 1.3.6.1.2.1
snmpVersion = SNMPv1
securityLevel = noauth
securityName = espublic
}
|
|
|
5. |
Modify the lines as follows: |
- Change sa2 to the unique subagent name for the agent.
- type is legacy.
- persist is false if the subagent is stopped when the Sun Management Center agent exits. If this value is true, then the Sun Management Center agent does not stop the subagent when the Sun Management Center agent exits.
- snmpPort is the UDP port number on which you want to run the subagent.
- errorAction can be restart, ignore, or kill. If the restart option is used, then the Sun Management Center agent tries to restart if it encounters an error when communicating with the subagent. The other options result in the respective behaviors.
- startCommand is the mandatory command to start the subagent. This command should contain %port, which is replaced by the value given in snmpPort.
- stopCommand is the command to stop the process. %pid can be used to represent the process ID (PID) of the subagent process.
- pollInterval defines the time (in seconds) in which the Sun Management Center agent polls the subagent.
- pollHoldoff is the time (in seconds) after which the first poll is done on the subagent after the latter is started by the Sun Management Center agent.
- oidTrees gives the space-separated list of SNMP OIDs managed by the subagent.
- snmpVersion can take values SNMPv1 and SNMPv2.
- securityLevel can be priv, auth, or noauth.
- securityName is the SNMPv1 community name or SNMPv2 security name to use.
|
|
For more details, refer to the descriptions in the subagent-registry-d.x file. |
|
6. |
Stop, then restart the agent:
# /opt/SUNWsymon/sbin/es-stop -a
# /opt/SUNWsymon/sbin/es-start -a
|
|
The Sun Management Center agent has the ability to monitor itself and restrict its memory usage. To do this, there are some predefined limits that have been set for the memory usage of the agent process. These limits are highly dependent on:
- Number of modules loaded
- Type of modules loaded
- Type of the system being managed
On rare occasions, the default memory usage limit is exceeded during the agent startup and when the agent stops running. This is an indication that the default limits set for the agent memory size are not enough for your configuration.
To confirm that memory usage is the cause, look in the /var/opt/SUNWsymon/log/agent.log file for one of the following messages:
Excessive Virtual Memory Use
|
or
Excessive Physical Memory Use
|
If you see one of these messages during the agent startup, reconfigure the memory usage limits on the agent host using the following procedure.
|
To Increase Agent Memory Size
|
|
1. |
Become superuser on the agent host.
|
|
2. |
Copy the file agent-stats-d.def to /var/opt/SUNWsymon.
# cp /opt/SUNWsymon/modules/cfg/agent-stats-d.def /var/opt/
SUNWsymon/cfg/
|
|
|
3. |
Edit the file as shown in the following example:
# vi /var/opt/SUNWsymon/cfg/agent-stats-d.def
|
|
|
4. |
To increase the agent memory size, increase the alarmlimit:error-gt to the desired value in the following code segment. (The value is in Kbytes.)
procstats = {
size = {
statusActions(error-gt) = abort
statusService(abort) = _internal
statusCommand(abort) = abort "Excessive Virtual Memory Use"
alarmlimit:error-gt = 70000
alarmlimit:warning-gt = 60000
alarmlimit:info-gt =
}
.....
}
|
|
|
5. |
Save the file and restart the agent. |
This section describes how to configure Sun Management Center software when there is potential conflict for port addresses.
|
To Determine If a Port Is Used
|
|
Determine if a specific port number is used in your system by typing:
# /bin/netstat -an|grep port_number
|
|