| System Management Services (SMS) 1.4.1 Installation Guide |    
|
| System Management Services (SMS) 1.4.1 Installation Guide |
|
| C H A P T E R 4 |
|
SMS 1.4.1 Additional Software Instructions |
This chapter contains additional instructions for System Management Services (SMS) 1.4.1 software under the Solaris operating environment. These instructions apply to the Sun Fire high-end server systems.
The SMS security model uses group membership to provide users with the authority to perform various system management tasks. The level and type of system management available depends on a user's group membership. For more information, refer to Chapter 2, "SMS Security" in the System Management Services (SMS) 1.4.1 Administrator Guide.
|
Note - Adding users using smsconfig must be performed on both the main and spare SCs once software installation and network configuration are completed. |
The SMS user group IDs are created during initial installation. The following table lists the user groups that are set up for you:
|
SMS provides the ability to add users to SMS groups and refine user access to directories on the Sun Fire high-end system. This functionality protects domain integrity and system security.
2. To correctly configure SMS groups and administrative privileges, you must use the following command for each user you wish to add.
username is the name of a user account on the system.
groupname is one of the following valid group designations: admn, rcfg, oper or svc.
domain_id is the ID for a domain. Valid domain_id s are A through R and are case insensitive.
For example, to add a user to the dmnaadmn group with access to domain a directories, type:
sc0: # /opt/SUNWSMS/bin/smsconfig -a -u fdjones -G admn a fdjones has been added to the dmnaadmn group All privileges to domain a have been applied. |
|
Note - Do not manually add or remove users from SMS groups in the /etc/group file. This can limit or deny access to users. |
3. To list SMS groups and administrative privileges, use the following command.
For example, to display all users with platform privileges, type:
4. To correctly configure SMS groups and administrative privileges, you must use the following command for each user you wish to remove.
For example, to remove fdjones from the dmnbadmn group, type:
sc0: # /opt/SUNWSMS/bin/smsconfig -r -u fdjones -G admn B fdjones has been removed from the dmnbadmn group. All access to domain B is now denied. |
username is the name of a valid user account on the system.
groupname is one of the following group designations: admn, rcfg, oper or svc.
domain_id is the ID for a domain. Valid domain_id s are A through R and are case insensitive.
|
Note - Do not manually add or remove users from SMS groups in the /etc/group file. This can limit or deny access to users. |
5. You have successfully configured your SMS user groups. Return to your installation instructions.
SMS patches are available at: http://sunsolve.sun.com
Follow these guidelines and notify the affected administrators:
The system should be stable.
No DR operations should be in progress.
No domain bringup or shutdown should be in progress.
No user initiated datasync or cmdsync operations should be in progress.
Complete any domain, board, or configuration changes before you begin patch installation.
Please read all patch instructions carefully before attempting this procedure. Instructions in the patch procedure could preempt these instructions.
This example assumes that, initially, the main SC is sc0 and the spare SC is sc1.
|
1. Log in to the main SC with platform administrator privileges.
3. Stop the SMS processes on both SC's simultaneously.
4. Install the patch on both SC's.
5. Start the SMS processes on the previous main SC
Wait for all processes to start before proceding to the next step. Use the showenvironment command to verify that all SMS processes have started.
6. Start the SMS processes on the spare SC
7. Enable failover on the main SC.
The main SC will reboot and become the former main SC.
|
At this point, the original spare SC is running as main and the original main is running as spare. If you wish, you can return them to their original roles as follows:
1. Log in to the new main SC with platform administrator privileges.
The new main SC reboots and becomes the spare SC. The original main becomes the main again.
3. Log in to the main SC with platform administrator privileges.
4. Reactivate failover on the main SC and verify that it is active:
sc0:sms-user:> /opt/SUNWSMS/bin/setfailover on sc0:sms-user:> /opt/SUNWSMS/bin/showfailover SC Failover Status: Activating ... sc0:sms-user:> /opt/SUNWSMS/bin/showfailover SC Failover Status: Active |
It can take a minute or two for failover to activate.
The additional software packages are in separate media. Install the software packages one at a time, from the appropriate media to the domain.
There is no particular order in which the packages need to be installed. Following are additional packages that you may want to install:
Sun Remote Services (SRS)
Veritas Volume Manager (VM)
Load Sharing Facility (LSF) 3.2.3
Workshop 7
ClusterTools 3.1
C programming language and compiler
Fortran 77 programming language and compiler
Oracle database software
|
1. Log in to the SC as superuser.
2. Insert the appropriate installation CD into the CD-ROM drive on the SC.
3. Use the share(1M) command to share the CD across the network.
4. Log in to the domain as superuser.
5. Create and mount the /cdrom directory for the domain.
SC-I1: is the hostname specified for the SC I1 network in Step 5 of To Configure the Management Network (MAN) Using the smsconfig(1M) Command.
6. Add the additional software package.
install_disk_name is the name of the installation disk from which you are installing.
software_package_name is the name of the software package you are adding.
The pkgadd(1M) command might display several messages and ask several installation questions for each package, some relating to space, others asking whether it is OK to continue. After answering these questions, and when asked whether to proceed, answer yes.
8. Log out of the domain and log in to the SC as superuser.
9. Eject the installation CD from the CD-ROM drive on the SC.
To keep the most accurate time of day on Sun Fire high end systems running SMS 1.2 or later, configure both system controllers and each bootable domain in the platform as NTP clients of the same NTP servers.
|
Before proceding, make sure that the platform has the most up to date patches, and that the latest recommended patch cluster is installed on the domains and system controllers.
If the system controllers are running the Solaris 8 operating environment, make sure that the Kernel Update Patch level is at KU-24 or later. For the latest revision of the KU patches, check the SunSolveSM website (http://sunsolve.sun.com).
The default NTP configuration file is /etc/inet/ntp.conf. It must contain a minimum of three NTP time servers with independent time sources. (For a list of public NTP time servers, see http://www.ntp.org.)
1. Insert the names of three NTP servers into the NTP configuration file of each SC and bootable domain.
Insert the following lines, replacing ntp_server with the actual name of the NTP server:
The server name followed by the prefer argument will be the primary NTP server.
2. Add the name of the driftfile.
The driftfile records the frequency offset of the local clock oscillator. It is read at startup to set the initial frequency offset. Use the driftfile argument, followed by the name of the file:
3. Add instructions for generating statistics.
These instructions consist of one line for a statistics path followed by a line for each type of statistics that will be collected:
statsdir /var/ntp/ntpstats filegen peerstats file peerstats type day enable filegen loopstats file loopstats type day enable filegen clockstats file clockstats type day enable |
The first line indicates the path in which the statistics files will be saved. The following lines each indicate the type of statistic (peer statistics, loop filter statistics, and clock driver statistics).
For more information about the available options, consult the xntp(1M) manpage.
For diagnostic or service reasons you may be asked to stop and restart SMS. The following procedure describes how to do that manually.
|
1. Log in to the SC as a user with platform administrator privileges.
You must have platform administrator privileges to run setfailover.
3. Log out as a platform administrator.
4. Log in to the SC as a user with superuser privileges.
You must have superuser privileges to perform the following tasks.
5. Use the /etc/init.d/sms script to stop SMS.
6. Use the /etc/init.d/sms script to restart SMS.
|
Note - This procedure assumes that smsconfig -m has already been run. If smsconfig -m has not been run, you will receive the following error and SMS will exit. |
8. Log in to the SC as a user with platform administrator privileges.
11. Wait until showenvironment finishes displaying all board status.
At this point you can log out and begin using SMS programs.
|
1. Log in to the main SC as superuser.
2. Insert the Software Supplement for the Solaris 9 12/03 Operating Environment CD-ROM into the CD-ROM drive.
3. Use the share(1M) command to share the CD across the network.
4. Log in to the spare SC as superuser.
5. Create and mount the /cdrom directory for the spare SC.
SC-I1: is the hostname specified for the SC I1 network in Step 5 of To Configure the Management Network (MAN) Using the smsconfig(1M) Command.
6. Change to the Product installation directory:
| System Management Services (SMS) 1.4.1 Installation Guide | 817-5409-10 |
|
Copyright © 2004, Sun Microsystems, Inc. All rights reserved.
To Add Users to SMS Groups and Configure Directory Access