Configuring Sun Cluster Manager

Sun Cluster Manager is a GUI that you can use to administer and view the status of all aspects of quorum devices, IPMP groups, interconnect components, and global devices. You can use the GUI in place of many of the Sun Cluster CLI commands.

The procedure for installing Sun Cluster Manager on your cluster is included in the Sun Cluster Software Installation Guide for Solaris OS. The Sun Cluster Manager online help contains instructions for completing various tasks by using the GUI.

This section contains the following procedures for reconfiguring Sun Cluster Manager after initial installation.

• Setting up RBAC Roles

• How to Change the Server Address for Sun Cluster Manager

• How to Regenerate Common Agent Container Security Keys

Setting up RBAC Roles

The Sun Cluster Manager uses RBAC to determine who has rights to administer the cluster. Several RBAC rights profiles are included in the Sun Cluster software. You can assign these rights profiles to users or to roles to give users different levels of access to Sun Cluster. For more information about how to set up and manage RBAC for Sun Cluster software, see Chapter 2, Sun Cluster and RBAC.

How to Use the Common Agent Container to Change the Port Numbers for Services or Management Agents

If the default port numbers for your common agent container services conflict with other running processes, you can use the cacaoadm command to change the port number of the conflicting service or management agent on each node of the cluster.

1. On all cluster nodes, stop the common agent container management daemon.

   # /opt/bin/cacaoadm stop

2. Stop Sun Java Web Console.

   # /usr/sbin/smcwebserver stop

3. Retrieve the port number currently used by the common agent container service with the get-param subcommand.

   # /opt/bin/cacaoadm get-param parameterName

   You can use the cacaoadm command to change the port numbers for the following common agent container services. The following list provides some examples of services and agents that can be managed by the common agent container, along with corresponding parameter names.

   JMX connector port

   jmxmp-connector-port

   SNMP port

   snmp-adaptor-port

   SNMP trap port

   snmp-adaptor-trap-port

   Command stream port

   commandstream-adaptor-port

4. Change a port number.

   # /opt/bin/cacaoadm set-param parameterName=parameterValue =parameterValue

5. Repeat Step 4 on each node of the cluster.

6. Restart Sun Java Web Console.

   # /usr/sbin/smcwebserver start

7. Restart the common agent container management daemon on all cluster nodes.

   # /opt/bin/cacaoadm start

How to Change the Server Address for Sun Cluster Manager

If you change the hostname of a cluster node, you must change the address from which Sun Cluster Manager runs. The default security certificate is generated based on the node's hostname at the time Sun Cluster Manager is installed. To reset the node's hostname, delete the certificate file, keystore and restart Sun Cluster Manager. Sun Cluster Manager automatically creates a new certificate file with the new hostname. You must complete this procedure on any node that has had its hostname changed.

1. Remove the certificate file, keystore, located in /etc/opt/webconsole.

   # cd /etc/opt/webconsole # pkgrm keystore

2. Restart Sun Cluster Manager.

   # /usr/sbin/smcwebserver restart

How to Regenerate Common Agent Container Security Keys

Sun Cluster Manager uses strong encryption techniques to ensure secure communication between the Sun Cluster Manager web server and each cluster node.

The keys that Sun Cluster Manager uses are stored under the /etc/opt/SUNWcacao/security directory on each node. They should be identical across all cluster nodes.

Under normal operation, these keys can be left in their default configuration. If you change the hostname of a cluster node, you must regenerate the common agent container security keys. You might also need to regenerate the keys because a possible key compromise (for example, root compromise on the machine). To regenerate the security keys, use the following procedure.

1. On all cluster nodes, stop the common agent container management daemon.

   # /opt/bin/cacaoadm stop

2. On one node of the cluster, regenerate the security keys.

   phys-schost-1# /opt/bin/cacaoadm create-keys --force

3. Restart the common agent container management daemon on the node on which you regenerated the security keys.

   phys-schost-1# /opt/bin/cacaoadm start

4. Create a tar file of the /etc/cacao/instances/default directory.

   phys-schost-1# cd /etc/cacao/instances/default phys-schost-1# tar cf /tmp/SECURITY.tar security

5. Copy the /tmp/Security.tar file to each of the cluster nodes.

6. On each node to which you copied the/tmp/SECURITY.tar file, extract the security files.

   Any security files that already exist in the /etc/opt/SUNWcacao/ directory are overwritten.

   phys-schost-2# cd /etc/cacao/instances/default phys-schost-2# tar xf /tmp/SECURITY.tar

7. Delete the /tmp/SECURITY.tar file from each node in the cluster.

   You must delete each copy of the tar file to avoid security risks.

   phys-schost-1# rm /tmp/SECURITY.tar phys-schost-2# rm /tmp/SECURITY.tar

8. On all nodes, restart the common agent container management daemon.

   phys-schost-1# /opt/bin/cacaoadm start

9. Restart Sun Cluster Manager.

   # /usr/sbin/smcwebserver restart