test

Sun N1 System Manager 1.3 Installation and Configuration Guide

Configuring the N1 System Manager

This section provides the procedures for stopping and starting the N1 System Manager and for configuring the N1 System Manager system.

Initial configuration is performed by running the n1smconfig command. You can also reconfigure the N1 System Manager at any time by running the n1smconfig command again, for example, if you later add a RIS server to your production N1 System Manager environment.

If you have already installed and configured N1 System Manager, running n1smconfig again and accepting the changes will, in most cases, stop and then restart the N1 System Manager. To minimize impact, a good practice is to schedule the reconfiguration, and then stop N1 System Manager before running n1smconfig. The following table lists the commands to start and stop N1 System Manager.

Table 1–1 Starting and Stopping N1 System Manager

Starting N1 System Manager: 
 

On a Solaris management server, type svcadm enable n1sm

On a Linux management server, type /etc/init.d/n1sminit start

Stopping N1 System Manager: 
 

On a Solaris management server, type svcadm disable n1sm

On a Linux management server, type /etc/init.d/n1sminit stop

ProcedureTo Configure the N1 System Manager

Before You Begin

The N1 System Manager software must be successfully installed as described in Installing the Sun N1 System Manager 1.3 Software, or successfully upgraded as described in Chapter 3, Upgrading the Sun N1 System Manager Software.

Note –

You must have at least a provisioning network or a management network connected to the management server. If your network configuration provides only a management network or only a provisioning network to the management server, then you are running a restricted N1 System Manager. N1 System Manager provides two default security roles with specific privileges assigned for the restricted mode of operation. See Managing Roles in Sun N1 System Manager 1.3 Discovery and Administration Guide and Restricted Mode Capabilities in Sun N1 System Manager 1.3 Discovery and Administration Guide.

Steps

  1. Log in as root to the N1 System Manager management server.

  2. If you are reconfiguring N1 System Manager, stop N1 System Manager.

    • On a Solaris management server, type svcadm disable n1sm.

    • On a Linux management server, type /etc/init.d/n1sminit stop.

  3. Type n1smconfig to start the configuration process.

    • If you are running n1smconfig for the first time, the current N1 System Manager configuration settings are displayed, followed by a description of the provisioning network and a list of the network interfaces that have been detected.

    • If you are rerunning n1smconfig, only configuration settings that can be changed are displayed.

    You are asked whether you want to continue. Type y to continue.

    • If you are running n1smconfig for the first time, you are prompted to specify the interface that is to be used by the provisioning network.

    • If you are rerunning n1smconfig, you are notified that the DHCP range may be modified only when modifying the provisioning interface. You are then asked whether you want to modify the interface or DHCP range used for the provisioning network. Type y to continue.

    You are then prompted to specify the interface that is to be used by the provisioning network.

  4. Specify the interface to be used by the provisioning network.

    • If you do not have a provisioning network, type none.

      Without a provisioning network, the N1 System Manager operates in a restricted mode.

      A description of the management network appears, followed by a list of the network interfaces that have been detected. You are then prompted to specify the interface that is to be used by the management network. Go to Step 6.

    • If you do have a provisioning network, type the interface name, for example, eth1, hme0, bge1, and so on, depending on the machine architecture and installed OS.

    You are asked whether you want to specify a range of IP addresses for the DHCP server to use.

  5. Choose whether to configure the DHCP server address range.

    • If you choose to configure the DHCP IP address range, the range of IP addresses you provide will be allocated for assignment to the manageable servers for loading operating systems and updates over the provisioning network.

    • If you choose not to configure the DHCP IP address range, then you must specify static addressing when using the N1 System Manager load operation for OS profiles.

    Note –

    The management server provides DHCP services only for the provisioning network. The management server does not provide DHCP services for the data network. If you plan to dynamically configure IP services on the data network, you must provide an external DHCP server for the data network. You must not have another DHCP server on the provisioning network.

    • Type n if you do not want to specify a range of IP addresses.

      A description of the management network is displayed, followed by the network interfaces that have been detected. You are then prompted to specify the interface for the management network. Go to Step 6.

    • Type y if you want to specify a range of IP addresses for the DHCP server to use for the provisioning network.

      Caution – Caution –

      • If the management network port address is on the same subnet as the provisioning network, ensure that the management server IP addresses are not within the range of the IP addresses you specify for the DHCP address range. This rule ensures that the DHCP server does not assign a duplicate IP address to a client that does not resolve using the DHCP client clause.

      • Ensure that you specify an IP address range that does not include the management server IP addresses. If the management server IP addresses are within the range of addresses used for discovery, then the discovery process will discover the management server and reboot the management server.

      You are prompted to type the starting DHCP IP address. Type the starting IP address for the DHCP server to use.

      You are prompted to type the ending IP address. Type the ending IP address for the DHCP server to use.

      You are then prompted to configure the DNS name servers and search list entries. Go to Step 6.

  6. Specify the interface to be used by the management network.

    • If you do not have a management network, type none.

      Without a management network, the N1 System Manager operates in a restricted mode.

    • If you do have a management network, type the interface name.

    You are then prompted to configure the DNS name servers and search list entries.

  7. Choose whether to configure the name servers.

    • Type y if you want to configure the name servers and domain search list. You are prompted for the name server addresses. Go to Step 8.

    • Type n if you accept the displayed name servers and domain search list. You are asked whether you want to configure the SMTP server for event notification. Go to Step 10.

  8. Configure the name servers.

    Type the IP addresses of the name servers, separated by a single space. For example:


    129.111.111.11 129.111.111.22

    You are prompted to enter the search domain suffix list.

  9. Specify the search domains.

    Type the names of the domains that are to be used for DNS search separated by a single space. For example:


    location-one.company.com location-two.company.com location-three.company.com

    You are asked whether you want to configure the SMTP server for event notification.

  10. Choose whether to configure SMTP for event notification.

    SMTP must be configured if you want the N1 System Manager to receive event notifications from ALOM-based managed servers. To determine which manageable servers are ALOM-based, see Manageable Server Requirements in Sun N1 System Manager 1.3 Site Preparation Guide.

    • Type y if you want to configure the SMTP server. You are prompted for the name of the SMTP server, or the IP address of the SMTP server. Go to Step 11.

    • Type n if you do not want to configure the SMTP server. You are asked whether you want to modify logging configuration. Go to Step 12.

  11. Specify the SMTP server name or IP address.

    Type either the fully qualified SMTP server name, or the IP address for the SMTP server. For example:


    smtp.mycompany.com

    or


    129.111.222.33

    You are asked whether you want to modify logging event configuration.

  12. Modify logging event configuration

    • Type y if you want to configure logging. Information about logging configuration appears. Go to Step 13.

    • Type n if you do not want to configure logging. The configuration process displays information about OS deployment and job time out configuration. You are then asked whether you want to modify job time out configuration. Go to Step 16.

  13. Configure logging.

    Press Return to accept the default of “ALL” or type the specifications as directed. You are prompted to enter the event logging severity value.

  14. Specify the event logging severity value.

    Take one of the following actions:

    • Type q to exit event logging severity specification. The event logging severity level is not set. You are then asked whether you want to modify job time out configuration. Go to Step 16.

    • Press Return to accept the default value of 0, or type the number corresponding to one of the following event severity levels:

      • 0 = unknown

      • 1 = other

      • 2 = information

      • 3 = warning

      • 4 = minor

      • 5 = major

      • 6 = critical

      • 7 = fatal

    The configuration process displays information about log entry retention. You are prompted for the number of days to retain event log entries.

  15. Specify the number of days to retain event log entries.

    Press return to accept the default of 365 days, or type the number of days that event log entries are to be retained.

    The configuration process displays information about OS deployment and job time out configuration. You are then asked whether you want to modify job time out configuration.

  16. Choose whether to modify job time out configuration.

    Some OS distributions are very large, and might take longer than the default time when provisioning a server. If you plan to provision large OS distributions, increase the time out values.

    • Type y if you want to modify job time out configuration.

      A description of job and step time out values appears. Type the new time out values when prompted.

    • Type n if you do not want to modify time out configuration.

    You are asked whether to enable N1 System Manager (N1SM) startup at each boot.

  17. Choose whether to start the N1 System Manager system at each boot.

    • Type y to start the N1 System Manager system each time the system boots.

    • Type n if you want to start the N1 System Manager system manually after the management server has been rebooted. You are notified that you can start the N1 System Manager manually.

    You are asked whether you want to enable auto-login to the ILOM Web GUI on managed servers that offer the auto-login feature.

  18. Choose whether to enable the managed server ILOM GUI auto-login feature.

    The Sun FireTM X4100 and Sun Fire X4200 servers provide a web GUI for performing various system administration tasks such as connecting remote devices and performing system monitoring.

    • If you enable the ILOM GUI auto-login feature, then you will automatically be logged onto the Sun Fire X4100 or X4200 web GUI when you click the managed server's Open Web Console link in the N1 System Manager browser interface.

    • If you do not enable the auto-login feature, you are prompted for the password when you click the Open Web Console link. For further information, see To Open the Sun ILOM Web GUI for a Sun Fire X4000 Series Server in the N1 System Manager online help after you have installed or upgraded the N1 System Manager.

    Caution – Caution –

    Enabling the Web Console (Sun ILOM Web GUI) automatic login feature for Sun Fire X4100 and X4200 managed servers exposes the server's service processor credentials to users who can view the web page source for the ILOM on the management network login page.

    • Type y to enable the auto-login feature.

    • Type n if you do not want to enable the auto-login feature.

      You are asked whether you want to modify the SSH policies for changed and unknown host keys.

  19. Choose whether to modify SSH policies.

    Note –

    Accepting changed or unknown host keys for SSH operations can expose N1 System Manager to security risks, but will allow more N1 System Manager operations to succeed.

    • Type n if you do not want to modify SSH policies.

      Note –

      You can modify the SSH policies at any time after initial configuration as described in Configuring SSH Unknown and Changed Host Key Policies.

      The following SSH policies are applied for changed and unknown host keys.

      • Accept changed host keys for Management IP address: yes

      • Accept changed host keys for Platform IP address: yes

      • Accept unknown host keys for Management IP address: yes

      • Accept unknown host keys for Platform IP address: yes

      If your are running n1smconfig for the first time, the configuration process then displays information about ALOM-based manageable server mail alerts. If you are reconfiguring N1 System Manager, the current ALOM email alert settings are displayed. Go to Step 21.

    • Type y if you want to modify SSH policies.

      You are asked whether you want to accept changed host keys to management IP addresses.

    1. Choose whether to accept changed host keys for SSH operations to management IP addresses.

      • Type n if you do not want N1 System Manager to accept changed host keys for management IP addresses.

      • Type y to accept changed host keys for the management IP addresses.

      You are asked whether to accept changed host keys to platform IP addresses.

    2. Choose whether to accept changed host keys for SSH operations to platform IP addresses.

      • Type n if you do not want N1 System Manager to accept changed host keys for platform IP addresses.

      • Type y to accept changed host keys for the platform IP addresses.

      You are asked whether to accept unknown host keys to management IP addresses.

    3. Choose whether to accept unknown host keys for SSH operations to management IP addresses.

      • Type n if you do not want N1 System Manager to accept changed host keys for management IP addresses.

      • Type y to accept changed host keys for the management IP addresses.

      You are asked whether to accept unknown host keys to platform IP addresses.

    4. Choose whether to accept unknown host keys for SSH operations to platform IP addresses.

      • Type n if you do not want N1 System Manager to accept changed host keys for platform IP addresses.

      • Type y to accept changed host keys for the platform IP addresses.

    The next step depends on the operating system installed on the management server.

    • If you are configuring a Solaris-based management server, you are then asked whether you want to enable the SSHv1 protocol so that you can access the serial console on managed servers. Go to Step 20.

    • If you are configuring a Linux-based management server, the configuration process then displays information about ALOM-based manageable server mail alerts. If you are reconfiguring N1 System Manager, the current ALOM email alert settings are displayed. Go to Step 21.

  20. Choose whether to enable the SSHv1 protocol on a Solaris-based management server.

    SSHv1 is required to enable managed server remote serial console access from a Solaris-based N1 System Manager browser interface. For more information, see To Open the Serial Console for a Server in the N1 System Manager online help after you have installed or upgraded the N1 System Manager.

    Caution – Caution –

    The following SSHv1 security issues should be considered:

    • The applet used for the serial console access from the browser interface does not provide a certificate-based authentication of the applet. The applet uses SSHv1 only for communication back to the management server, and requires that SSHv1 is enabled for themanagement server. Users concerned about this issue can use the serial console feature from the command line through the connect command.

    • SSH fingerprints used during connections from the management server to the provisioning network interfaces on the managed servers are automatically acknowledged by the N1 System Manager software, which might make the managed servers vulnerable to man-in-the middle attacks.

    • Type y to enable SSHv1.

      If you later want to disable SSHv1:

      1. Stop the N1 System Manager.

      2. Edit the file /etc/ssh/sshd_config.

      3. Change the line Protocol 2,1 to Protocol 2.

      4. Delete the line HostKey /etc/ssh/ssh_host_rsa1_key.

      5. Start the N1 System Manager.

    • Type n if you do not want to enable SSHv1.

    You are asked whether you want to use the N1 System Manager internal email server to receive ALOM email alerts.

    If your are running n1smconfig for the first time, the configuration process then displays information about ALOM-based manageable server mail alerts. If you are reconfiguring N1 System Manager, the current ALOM email alert settings are displayed.

  21. Choose whether to use the N1 System Manager internal email server to receive ALOM email alerts.

    ALOM-based managed servers use email to send hardware monitoring alerts to theN1 System Manager.

    You can use the secure N1 System Manager internal email server, which requires only that port 25 is not in use, or you can use an existing mail server which must be accessible by the N1 System Manager and configured for use by the N1 System Manager.

    To determine whether port 25 has been assigned to a process, open a terminal window and type the command grep 25 /etc/services. To determine if port 25 is in use, type the command netstat -an | grep 25. If port 25 is in use, refer to your operating system documentation to disable the process using port 25.

    Note –

    Using an existing email server exposes N1 System Manager to denial of service attacks and other email-based security risks.

    • Type y if you want to use the secure N1 System Manager internal email server.

      You are prompted to add, delete, or modify the Windows RIS (Remote Installation System) server. Go to Step 24.

    • Type n if you want to use an existing email server.

      The current external email server values are displayed, and you asked whether you want to change the settings.

  22. Choose whether to change the external email server settings.

    • Type n if you do not want to change the email settings.

      You are prompted to add, delete, or modify the Windows RIS (Remote Installation System) server. Go to Step 24.

    • Type y if you want to change any of the displayed email settings.

      You are prompted to specify each of the ALOM email alert settings as described in the next step.

  23. Specify the ALOM email alert settings.

    1. Specify the email folder in which the email alerts are to be stored.

      Press Enter or Return to accept the default value of Inbox, or type the name of an email folder.

      You are prompted for email alert IP address.

    2. Specify the mail server IP address.

      • If you have installed and enabled an email server on the management server, type the IP address of the management servers management network interface.

      • If you have installed and enabled an email server on a different machine that is accessible by the management server management network interface, type the IP address of the server on which the email server is installed.

      You are prompted for the email alert mail address.

    3. Specify the email address to which alerts are to be sent.

      Type the full email address. For example: n1smadmin@company.com

      You are prompted for the email account password.

    4. Specify the account password.

      Type the password for the external email account.

      You are prompted for the email alert protocol.

    5. Specify the email alert protocol.

      Type the name of the email protocol used by the management server. Valid entries are pop3 or imap.

      You are prompted for the email alert user name.

    6. Specify the email alert user name.

      Type the account name that is to be used for email alerts.

      For example: n1smadmin

      The mail settings you have specified are displayed, and you are asked whether you want to accept the settings.

    7. Choose whether to accept the settings.

      • Type n if the settings are not correct. The ALOM email alert settings process is restarted, and you are prompted to specify the email alert mail folder.

      • Type y to accept the email alert settings.

        You are whether to add, delete, or modify the Windows RIS (Remote Installation System) server.

  24. Choose whether to Add, Delete, or Modify the Windows RIS server.

    If you plan to provision a Windows operating system to one or more managed servers, you must install and configure a separate Windows RIS server that is accessible to the provisioning network. For further information, see Setting Up a Windows Remote Installation Services Server in Sun N1 System Manager 1.3 Site Preparation Guide.

    If you install a RIS server after completing N1 System Manager installation and configuration, you can add the RIS server to your N1 System Manager network by running n1smconfig again.

    • Type n if you do not want to add, delete, or modify a Windows RIS server for use by the N1 System Manager.

      You are asked whether you want to enable OS discovery. Go to Step 26.

    • Type y if you want to add, delete, or modify a Windows RIS server for use by the N1 System Manager.

      You are prompted for the RIS server subnet address.

  25. Configure the Windows RIS Server.

    1. Specify the RIS server SSH access user name.

      Type the RIS server SSH account user name.For example: n1smssh.

      The user account you specify must already exist on the RIS server.

      You are prompted for the RIS server SSH access user password.

    2. Specify the RIS server SSH access user password.

      Type the password for the RIS server SSH user account. Type the password again when are prompted to re-enter the SSH access password.

      You are prompted for the RIS share path.

    3. Specify the RIS share path.

      The RIS share path is the drive letter and directory name on the RIS server in which the RIS software is installed. For example: D:\RemoteInstall.

      You are prompted for the RIS provisioning file location.

    4. Specify the RIS provisioning file location.

      The provisioning file location is the drive letter and directory path which the configuration process will create on the RIS server, and to which N1 System Manager will copy scripts for use by the RIS server. For example: C:\N1SM.

      You are prompted for the RIS netmask.

    5. Specify the RIS netmask.

      Press Return or Enter to accept the default netmask value 255.255.255.0, or type a different netmask value.

      You are prompted for the RIS language.

    6. Specify the RIS language.

      Press Return or Enter to accept the default language value English, or type the name of a different language.

      To view a list of valid languages, select Regional and Language Options from the Microsoft Windows Control Panel on your RIS server to display the Regional and Language Options panel. Click the Regional Options tab, and then click the arrow to the right of the displayed language. The list of languages is displayed.

      You are prompted for the RIS host name.

    7. Specify the RIS host name.

      Type the host name of the RIS server. For example: risserver.

      You are prompted for the RIS host IP address.

    8. Specify the RIS host IP address.

      Type the RIS host IP address.

      You are prompted for the RIS active directory user name.

    9. Specify the RIS active directory user name.

      Type the name of the active directory user account, for example n1smadmin. If the active directory user account does not exist on the RIS server, the configuration process will create the user account.

      You are prompted for the active user directory account password.

    10. Specify the RIS active directory password.

      Type the password for the RIS server active directory user account password. Type the password again when are prompted to re-enter the active directory password.

      You are prompted for the RIS active directory domain.

    11. Specify the RIS active directory domain name.

      Type the active directory domain name that you specified during setup of Active Directory on your RIS server For example: servername.company.com.

      The RIS settings you have specified are displayed, and you are asked whether you want to apply the settings.

    12. Choose whether to use the RIS settings you have specified.

      • Type n if you want to change any of the displayed settings. The RIS configuration process restarts, and you are asked whether to add, delete, or modify the Windows RIS server. Go to the beginning of Step 25.

      • Type y to apply the displayed settings.

    The settings are applied, and you are asked whether you want to enable OS discovery.

  26. Choose whether to enable OS discovery.

    If you enable OS discovery, you can discover manageable servers by the operating system running on the manageable servers.

    • Type n if you do not want to enable OS discovery.

    • Type y if you want to enable OS discovery.

    You are asked if you want to modify the default password of the plan and jobs execution server.

  27. Choose whether to modify the plan and jobs execution server password.

    Changing the execution server password increases security, and modifies the service provisioning password.

    • Type n if you do not want to change the password.

    • Type y if you want to change the password.

      You are prompted to type the new password or to accept the displayed default. Type a new password or accept the default.

    All of the settings you have specified are displayed, and you are asked whether you want to apply the settings.

  28. Review the proposed settings.

    • Type y to apply the settings.

      The settings are applied.

      • If you not previously run n1smconfig, you are prompted to press Enter to start the N1 System Manager.

      • If you have previously run n1smconfig, you are asked whether you want to restart N1 System Manager. Type y to restart N1 System Manager, or type n to exit to the command prompt.

    • Type n if the settings are not correct.

      You are notified that you must reconfigure and apply settings for the N1 System Manager to work properly. The configuration process then exits to the system prompt. To configure the N1 System Manager, run the n1smconfig command again.

Next Steps

Prepare the N1 System Manager system for production as described in Chapter 2, Preparing for Production