| Sun StorageTek 5800 System Administration Guide |    
|
| Sun StorageTek 5800 System Administration Guide |
|
| C H A P T E R 3 |
|
Configuring System Access Parameters |
This chapter describes how to configure system access settings. It contains the following sections:
| Note - For instructions on accessing the CLI commands and GUI functions described in this chapter, see Using the Administrative Interfaces. |
The 5800 system exports two IP addresses per cell for system access: one for administrative access and one for data access. To administer and monitor data on each cell in the system, you must configure the administrative and data IP addresses for each cell.
You can also set the service node IP address on each cell, control which clients on the network have access to the data on the system, and change the administrative password and public key.
The following IP addresses are reserved for use by the 5800 system. Do not configure any hosts on your network with these addresses:
The administrative IP address is the address exported by the 5800 system for administrative access to a cell. You configure the administrative IP address on a per-cell basis.
|
Assign an administrative IP address with the command
cellcfg --cellid cellid --admin_ip ip_address.
|
1. From the navigation panel, choose Configuration > System Access.
3. Choose the cell for which you want to configure an administrative IP address.
4. Type the administrative IP address in the Administrative IP Address box.
5. (Optional) If you want to configure the data IP address or service node IP address, change those settings now so that the system only reboots once for the changes to take effect.
7. Repeat steps 1-5 for each cell for which you want to configure the administrative IP address.
The data IP address is the address exported by the 5800 system for access to the data stored on a cell. You configure the data IP address on a per-cell basis.
|
Assign a data IP address with the command
cellcfg --cellid cellid --data_ip ip_address.
|
1. From the navigation panel, choose Configuration > System Access.
3. Choose the cell for which you want to configure the data IP address.
4. Type the data IP address in the Data IP Address box.
5. (Optional) If you want to configure the administrative IP address or service node IP address, change those settings now so that the system only reboots once for the changes to take effect.
7. Repeat steps 1-5 for each cell for which you want to configure the data IP address.
The service node IP address is the address of the server for the cell. The 5800 system uses the service node for configuration, troubleshooting, and upgrading the system software. If there is a conflict between the default IP address on the service node (10.7.227.100) and an address on your network, you can set a new address for the service node. You configure the service node IP address on a per-cell basis.
|
Assign the service node IP with the command
cellcfg --cellid cellid --service_node_ip ip_address.
|
1. From the navigation panel, choose Configuration > System Access.
3. Choose the cell for which you want to configure the service node IP address.
4. Type the service node IP address in the Service Node IP Address box.
5. (Optional) If you want to configure the administrative IP address or data IP address, change those settings now so that the system only reboots once for the changes to take effect.
7. Repeat steps 1-5 for each cell for which you want to configure a service node IP address.
The administrative password allows you to access the 5800 system CLI commands and also to perform configuration and administrative tasks using the GUI. The default password is admin. Passwords are case-sensitive.
You set the administrative password on a per-hive basis.
|
Log in to the CLI and change the password interactively with the passwd command.
ST5800 $ passwd Enter current password:XXXXX Enter new password:XXXXXX Re-enter new password:XXXXXX CLI admin: The admin password has been changed successfully. ST5800 $ |
|
1. From the navigation panel, choose Configuration > System Access.
2. Click Change Admin Password.
3. Type the current password in the Current Password field. (If there is no current password, leave this field blank.)
4. Type the password you would like to use in the New Password field.
5. Type the new password again in the Reenter Password field.
A public key allows you to log in to the 5800 system from client systems carrying the private version of the key without using a password. You might want to use this feature so that you can execute scripts of CLI commands from a specific client. See To Create and Execute a Script for CLI Commands for more information about scripting CLI commands.
Use the ssh application on your client to create public and private key files. (See the documentation for your ssh application for information about creating these files.) Create the public key without a passphrase.
Once you have configured the public key file on the 5800 system, you can log in from any client with the private version of that key without being prompted for a password. If you wish to return to interactive logins, remove the private key from the client, or configure a new public key on the 5800 system.
| Note - Only one public key is allowed on the 5800 system. If you have already configured a public key and then configure a new one, the new key replaces the old one. |
You set the public key on a per-hive basis.
|
1. Configure ssh for password-free login by supplying a public key from a client system.
where key.pub is the file containing the public key.
2. Enter the administrative password for the 5800 system.
3. Verify password-free login.
client $ ssh admin@admin_IP Sun StorageTek (TM) 5800 System Management Console Copyright (C) 2007 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. ST5800 $ |
This function is not available from the GUI.
By default, the system allows any client on the network to access the data stored on the 5800 system. Using the authorized subnetworks feature, you can control which clients can access the data by specifying a list of authorized subnetworks. Only clients running on the authorized subnetworks can access the data stored on the 5800 system. You set the authorized subnetworks on a per-hive basis.
For example, if you specify an authorized subnetwork of 192.37.54.0/24, all clients running on the 192.37.54.0/24 subnetwork will be allowed to access data on the 5800 system. You may specify a single client as an authorized “subnetwork” consisting of one host. For example, to allow the client with IP address 172.168.20.35 to access the system, specify 172.168.20.35 as an authorized subnetwork.
To ensure optimal performance, there are limitations on the number of authorized subnetworks you can specify. The maximum number of authorized subnetworks allowed is five.
| Note - If your configuration requires that you specify more than five authorized subnetworks, consult Sun services for assistance. |
|
1. Configure authorized subnetworks using the command
hivecfg --authorized_clients ip_addresses.
| Note - If DNS is enabled on your system, you may specify host names instead of IP addresses. |
2. To reset this property and allow all clients to access data, use the command hivecfg --authorized_clients all.
|
1. From the navigation panel, choose Configuration > System Access.
2. Click Authorize Data Clients.
A new row is displayed in the table.
4. (Optional) If DNS is enabled and you want to enter host names instead of IP addresses, select Host Name.
5. Type the host name or Internet Protocol (IP) address and subnet mask for the subnetwork.
7. Repeat Steps 3-6 for each client that you want to authorize.
| Sun StorageTek 5800 System Administration Guide | 819-7555-10 |
|
To Configure the Administrative IP Address Using the CLI