C H A P T E R  4

Common ALOM Tasks

Once you have logged in to ALOM as admin and specified the admin password, you might want to perform some common administrative tasks:


Connecting to ALOM

You will be connecting to ALOM through either the serial management port (SERIAL MGT) or the network management, or Ethernet, port (NET MGT). See Choosing ALOM Communication Ports for more information. Refer to your server's installation guide or administration guide for more information about these ports and how to connect devices to them.

There are several ways to connect to ALOM:


Logging in to Your ALOM Account

When you connect to ALOM through the serial management port for the first time, you are automatically connected as the admin account. This account has full (cuar) permissions. Before you can continue using ALOM, you must specify a password for this account. After you specify the password, you can continue using ALOM. The next time you log in, you must specify the password. When you are logged in as admin, you can add new users and specify passwords and permissions for them.

On servers that support DHCP enabled-by-default (Sun Fire V215, V245, and V445 servers), you can connect to the network management port prior to connecting to the serial management port. In this case, there is an extra layer of security to ensure the SC is secure-by-default. You only are allowed to connect with a Secure Shell (ssh) session, and you must provide a system-specific predetermined password. This is described in Default DHCP Connection (Sun Fire V215, V245, and V445 Servers). Once the default password is provided and you are allowed to continue, you then must specify a new password for the admin account.

See Permission Levels, useradd, userpassword, and userperm for more information about this process.


procedure icon  To Log in to ALOM

All users (admin and other users) employ the following procedure to log in to ALOM.

1. Connect to ALOM.

See Connecting to ALOM.

2. When the connection is established, type #. (pound-period) to escape from the system console.

3. Type your ALOM login name and password.

Your password is not echoed to the screen; instead, the host server displays an asterisk (*) for each character that you type. After you successfully log in, ALOM displays its command prompt:


sc> 

You can now use ALOM commands or switch to the system console. See Overview of the ALOM Command Shell and Serial Management Port.

The ALOM event log records login information. If more than five login failures occur within five minutes, ALOM generates a critical event. See showlogs.

Related Information


Adding ALOM User Accounts

There are two ways to add ALOM user accounts:

You can add a maximum of 15 unique user accounts to ALOM.


procedure icon  To Add an ALOM User Account From the sc> Prompt

1. At the sc> prompt, type the useradd command, followed by the user name you want to assign to that user.

For example:


sc> useradd joeuser 

See useradd.

2. To assign a password to the account, type the userpassword command, followed by the user name you assigned to the account.

For more on the userpassword command, see userpassword. ALOM prompts you to specify the password, and to verify the password. Note that ALOM does not echo the password to the screen. For example:


sc> userpassword joeuser 
New password: 
Re-enter new password: 



Note - User passwords have certain restrictions. Make sure that the password you assign observes these restrictions. See Password Restrictions.



3. To assign permissions to the account, type the userperm command, followed by the user name you assigned to the account and the permission levels you want that user to have.

For example:


sc> userperm joeuser cr

You can also view the permission and password status for a single ALOM user, or view information for all ALOM user accounts.

For example:


sc> usershow joeuser
Username                 Permissions                Password? 
joeuser                  --cr                       Assigned

See usershow.

For example:


sc> usershow
Username                 Permissions                Password? 
admin                    cuar                       Assigned 
wwilson                  --cr                       none
joeuser                  --cr                       Assigned


procedure icon  To Add an ALOM User Account Using the scadm Utility

To add and configure an ALOM user account from the system console, use the scadm utility. Perform the following steps:

1. Log in to the system console as superuser.

2. At the # prompt, type the scadm useradd command, followed by the user name you want to assign to that user.

For example:


# scadm useradd joeuser 

3. To assign a password to the account, type the scadm userpassword command, followed by the user name you assigned to the account.

The system prompts you to specify the password, and to verify the password. Note that the system does not echo the password to the screen. For example:


# scadm userpassword joeuser 
New password: 
Re-enter new password:



Note - User passwords have certain restrictions. Make sure that the password you assign observes these restrictions. See Password Restrictions.



4. To assign permissions to the account, type the userperm command, followed by the user name you assigned to the account and the permission levels you want that user to have.

For example:


# scadm userperm joeuser cr

See scadm userperm, and Password Restrictions.

You can also view the permission and password status for a single ALOM user, or view information for all ALOM user accounts.

For example:


# scadm usershow joeuser
Username                 Permissions                Password? 
joeuser                  --cr                       Assigned

See usershow.

For example:


# scadm usershow
Username                 Permissions                Password? 
admin                    cuar                       Assigned 
wwilson                  --cr                       none
joeuser                  --cr                       Assigned


Removing ALOM User Accounts

There are two ways to remove ALOM user accounts:



Note - You cannot delete the default admin account from ALOM.




procedure icon  To Remove an ALOM User Account From the sc> Prompt

single-step bulletAt the sc> prompt, type the userdel command, followed by the user name of the account you want to delete.

For example:


sc> userdel joeuser 
Are you sure you want to delete user <joeuser> [y/n]? y
sc> 


procedure icon  To Remove an ALOM User Account Using the scadm Utility

1. Log in to the system console as superuser.

2. At the # prompt, type the scadm userdel command, followed by the user name of the account you want to delete.

For example:


# scadm userdel joeuser 
Are you sure you want to delete user <joeuser> [y/n]? y
#


Changing the Password on Your Account or Another User's Account

You can change your own password, or that of another user by performing the following procedures.


procedure icon  To Change Your ALOM Password

You can change your own ALOM account password from the sc> prompt. You do not need to have any permissions to change your own password.

single-step bulletAt the sc> prompt, type the following command:


sc> password 

When you use this command, ALOM prompts you for your current password. If you enter the password correctly, it prompts you twice to enter the new password. For example:


sc> password
password: Changing password for username
Enter current password: ******
Enter new password: ****** 
Re-enter new password: ****** 
sc>


procedure icon  To Change the ALOM Password for Another User



Note - You must have u level user permission to change another user's password. See Permission Levels.



There are two ways to change the password for another user's ALOM account:


Switching Between the System Console and ALOM



Note - The #. (pound-period) character sequence is the default escape character sequence for ALOM. If desired, you can change the first character in the escape sequence by using the sc_escapechars variable. For example: sc> setsc sc_escapechars a. See sc_escapechars for more information.



To temporarily redirect the system console output to the serial management port by resetting the IDPROM variables, refer to the administration guide that came with your system.


Redirecting the System Console From ALOM to Other Devices

When you first start to apply power to the host server, ALOM is initially configured to display the system console output. The SERIAL MGT port is shown on the host server as ttya.

If desired, you can use other devices to access the system console besides the terminal connected to the serial management port. You can also use the general-purpose port (ttyb) on the back panel of your host server. This port is labeled as 10101. Refer to your server's documentation for more information.


procedure icon  To Redirect the System Console

To redirect the output from the system console to ttyb, perform the following steps:

1. At the ALOM sc> prompt, type the break command to bring the host server to the OpenBoot PROM prompt (ok).

If you have the kadb debugger configured, type $# to exit kadb first. See break for more on that command.

2. At the sc> prompt, type the console command to access the server's system console.


sc> console
ok

The console command is covered in console.

3. At the ok prompt, type the following commands:


ok setenv input-device ttyb 
ok setenv output-device ttyb 

4. To cause these changes to take effect immediately, type reset-all at the ok prompt.

Otherwise, these changes take effect the next time you cycle the power on the host server.

These changes remain in effect until you manually change the OpenBoot PROM settings back to ALOM (ttya) as described in the following section.


procedure icon  To Reset the Default Console Back to ALOM (ttya)

1. Type the following commands at the ok prompt:


ok setenv input-device ttya 
ok setenv output-device ttya

2. To cause these changes to take effect immediately, type reset-all at the ok prompt.

Otherwise, these changes take effect the next time you cycle the power on the host server.


Reconfiguring ALOM to Use the Ethernet (NET MGT) Port

By default, ALOM uses the serial management port (SERIAL MGT) to communicate with an external terminal or other ASCII device. On some servers (Sun Fire V215, V245, and V445), DHCP is enabled by default on the network management (NET MGT) port. This allows an administrator network access to the ALOM without first requiring a serial connection to the serial management port. To be secure by default, there are specific steps and constraints for the initial login through the network. Default DHCP Connection (Sun Fire V215, V245, and V445 Servers).

For all servers you can manually reconfigure ALOM to use the Ethernet network management (NET MGT) port, and then you can connect to ALOM through telnet or ssh.

The NET MGT port accommodates a standard RJ-45 connector. For information about how to establish the hardware connections between the NET MGT port and your network, refer to your server's documentation.

The Sun Fire V210, V240, V250, and V440 servers and Netra 210, 240, and 440 servers support 10BASE-T only. The Sun Fire V215, V245, and V445 servers support 10/100BASE-T. ALOM does not support one-gigabit networks.

To configure the ALOM software to communicate using the NET MGT port, you must specify values for the network interface variables. See Network Interface Variables.

There are three ways to specify values for these variables:


procedure icon  To Run the setupsc Script

1. To run the setupsc script, at the sc> prompt type setupsc:


sc> setupsc 

The setup script starts.

2. To exit the script, do one of the following:

For example, the script starts as follows:


sc> setupsc
Entering interactive script mode. To exit and discard changes to that point, use Ctrl-C or to exit and save changes to that point, use Ctrl- Z. 

If desired, you can customize all of the ALOM configuration variables at once by following the interactive questions in the script. See Overview of the ALOM Configuration Variables. To configure only the network interface variables, press Return at each prompt until the following prompt is displayed:


Do you wish to configure the enabled interfaces [y]? 

See Network Interface Variables for further details.


procedure icon  To Configure the Network Interface Variables

1. At the sc> prompt, type y to confirm that you want to configure the network interface variables.

The setupsc script returns the following prompt:


Should the SC network interface be enabled? 

2. Type true or press Return to enable the network interface, or type false to disable it.

This sets a value for the if_network variable. See if_network.

3. Follow the interactive questions in the script. The script prompts you to set values for the following variables:

4. When you have finished setting up the network interface variables, press Control-Z to save your changes and exit the setupsc script.

If desired, you can finish configuring all of the ALOM configuration variables.

Before you can use your network configuration, you must reset ALOM. You can do this in one of two ways:

Using the setsc Command to Set the Network Interface Variables

You can set values for the network interface variables from the sc> prompt using the setsc command. You issue the command once for each variable you want to configure. For example:


sc> setsc if_network true 
sc> setsc netsc_ipaddr 123.123.123.123
sc> setsc if_connection ssh

Specify values (or use the default values) for each of the following variables:

Using the scadm set Command to Set the Network Interface Variables

You can set values for the network interface variables from the superuser (#) prompt in the system console using the scadm set command. You issue the command once for each variable you want to configure. For example:


# scadm set if_network true 
# scadm set netsc_ipaddr 123.123.123.123
# scadm set if_connection ssh

Specify values (or use the default values) for each of the following variables:

For more information, see Overview of the ALOM Configuration Variables.


Sending and Receiving Alert Messages

You can customize ALOM to send email alerts to all users logged in to ALOM at the time an event occurs. You can specify which levels (critical, major, minor) of email alerts are sent to each user, and you can send customized event messages as emails to each user. See scadm send_event.

The ALOM software enables you to send and receive alerts, directly or using a script. In addition, there are three levels of alerts:



Note - You can configure email alerts for up to eight users. You can configure each email address to receive its own severity level of alert.




procedure icon  To Set Up Email Alerts

1. Make sure that ALOM is set up to use the Ethernet network management port (NET MGT), and that the network interface variables are configured.

See Reconfiguring ALOM to Use the Ethernet (NET MGT) Port.

2. Set the if_emailalerts variable to true.

See if_emailalerts

3. Set values for the mgt_mailhost variable to identify one or two mail hosts on the network.

See mgt_mailhost.

4. Set values for the mgt_mailalert variable to specify email addresses and alert levels for each user.

See mgt_mailalert.

Sending Customized Alerts

To send customized alerts, use the scadm command send_event. You can do this in two ways:

Receiving Alerts From ALOM

If you are using the ALOM command shell and are not connected to the host server's console, you will receive alert messages from ALOM when it detects a major-level or critical-level event. This can happen while you are typing ALOM commands. If this happens, press Return and retype the command.

For example:


sc> cons 
MAJOR: Fan1 Faulty 
sc> console 

ALOM generates alert messages in the following format:

$HOSTID $EVENT $TIME $CUSTOMERINFO $HOSTNAME message 


Resetting ALOM

Resetting ALOM reboots the ALOM software. Reset ALOM after you have changed settings on ALOM, such as specifying a new value for a configuration variable. Reset ALOM from the system console if ALOM stops responding for any reason.

There are two ways to reset ALOM:

After you reset ALOM, the serial connection times out at the login prompt after one minute and takes the console write lock automatically if no one else has it by then. The username field shows auto in the showusers command output entry for the serial interface. For example:


sc> showusers
username  connection  login time      client IP addr      console
--------------------------------------------------------------
auto      serial     Apr 14 10:30                       system

The word system under console means that the connection has the console write lock.

If you use the console -f command after resetting ALOM and the serial connection times out, you will receive this message:


sc> console -f
Warning: User <auto> currently has write permission to this console and forcibly removing them will terminate any current write actions and all work will be lost. Would you like to continue? [y/n]y

Type y for yes, if you want to obtain the console write lock.

See console, resetsc, and showusers for more information.


Resetting the Host Server

There are four ways to reset the host server from the sc> prompt:



Note - After you issue the command poweroff or poweroff -f, ALOM returns the following message:




SC Alert: Host system has shut down. 

Wait until you see the message before issuing the poweron command.


Displaying Your ALOM Version

The showsc command displays information about the ALOM software configuration.

For example, to display the ALOM version, type the following at the sc> prompt:


sc> showsc version 
Advanced Lights Out Manager v1.4 

For more details, see To Use the showsc Command.


Controlling the Locator LED

If your host server has a front panel Locator LED, you can use ALOM to turn the LED on and off and to check the state of the LED. If your host server does not have a Locator LED, this command will not work.


Viewing Environmental Information About the Server

This section discusses displaying and monitoring the server's environmental status.


procedure icon  To Use the showenvironment Command

The showenvironment command displays a snapshot of the server's environmental status. The information this command can display includes system temperatures, hard disk drive status, power supply and fan status, front panel LED status, rotary switch position, voltage and current sensors, alarm status, and so on. The output uses a format similar to the UNIX command prtdiag(1M).



Note - You do not need user permissions to use this command.



single-step bulletTo use the showenvironment command, at the sc> prompt, type:


sc> showenvironment

The display output differs according to your host server's model and configuration. Some environmental information might not be available when the server is in standby mode. See showenvironment.


Creating a Script to Send Alerts From ALOM

You can embed the scadm send_event command within a script to log an ALOM event or to send an alert when certain conditions occur. Use the -c option to send a custom critical alert. See scadm send_event for details.

This example shows a Perl script file named dmon.pl that sends an ALOM alert when a specified disk partition exceeds a specified percent of its capacity.



Note - This script is written for the Netra host server. Use the uname -i command to obtain the server name for your host server and replace the SUNW,Netra x40 string in the example.



To use this script as intended, submit a separate entry to the crontab utility for each disk partition you want to monitor. Refer to the crontab(1) man page for more information.


CODE EXAMPLE 4-1 Sample Script for send_event

#!/usr/bin/perl 
# Disk Monitor 
# USAGE: dmon <mount> <percent> 
# e.g.: dmon /usr 80 
@notify_cmd = `/usr/platform/SUNW,Netra x40/sbin/scadm'; 
if (scalar(@ARGV) != 2) 
{ 
print STDERR "USAGE: dmon.pl <mount_point> <percentage>\n"; 
print STDERR " e.g. dmon.pl /export/home 80\n\n"; 
exit; 
} 
open(DF, "df -k|"); 
$title = <DF>; 
$found = 0; 
while ($fields = <DF>)
{ 
chop($fields); 
($fs, $size, $used, $avail, $capacity, $mount) = split(` `,$fields); 
if ($ARGV[0] eq $mount) 
{
$found = 1; 
if ($capacity > $ARGV[1])
{ 
print STDERR "ALERT: '", $mount, "\" is at ", $capacity,\ 
     " of capacity, sending notification\n"; 
$notify_msg = `mount point "`.$mount.'" is at `. $capacity.' of capacity'; 
exec (@notify_cmd, `send_event', `-c', $nofify_msg) || die "ERROR: $!\n"; 
} 
} 
} 
if ($found != 1) 
{ 
print STDERR "ERROR: '", $ARGV[0],
"\" is not a valid mount point\n\n";
} 
close(DF); 


Backing Up Your ALOM Configuration

You should periodically create a backup file on a remote system that records ALOM configuration settings. Use the dumpconfig utility to save all user configurable variables in an encrypted file on a remote server.

single-step bulletTo use the dumpconfig command, at the sc> prompt, type:


sc> dumpconfig -s IPaddr -f pathname

The dumpconfig utility uses the File Transfer Protocol (FTP) and prompts you for a username and password that must be valid on the remote server. See dumpconfig.

You can use the restoreconfig utility to restore the user options from an encrypted file created by the dumpconfig utility.

single-step bulletTo use the restoreconfig command, at the sc> prompt, type:


sc> restoreconfig -s IPaddr -f pathname

The restoreconfig utility uses the FTP and prompts you for a user name and password that must be valid on the remote server. See restoreconfig.

Use a meaningful file name that includes the name of the server that ALOM controls. Later, you can refer to this file to restore the settings, if necessary.

You can also save the configuration in a human-readable file by using the scadm utility on the host server. This file is human readable; however, there is no utility to restore the ALOM configuration from this file. You must manually re-enter the variables or create a script to do this. Use the dumpconfig and restoreconfig commands to programmatically save and restore the configuration variables. See Overview of the scadm Utility for a summary of the scadm utility.

The following commands show how to copy information using scadm commands to a backup file. Replace the variable remote-filename1 and remote-filename2 with the names of your backup files in the following example:



Note - Before you can use these commands, you must set your path to the scadm utility. See To Set Your Path to the scadm Utility.




# scadm show > remote-filename1 
# scadm usershow > remote-filename2
# 

Use meaningful file names that include the name of the server that ALOM controls. Later, you can refer to these files to restore the settings, if necessary.