This chapter provides the instructions for post-installation tasks you can perform to complete your Sun Management Center 3.6 configuration and implementation.
This chapter discusses the following topics:
During Sun Management Center server setup, the file /var/opt/SUNWsymon/cfg/esusers is created.
Sun Management Center users are valid UNIX users whose login names are stored in the file /var/opt/SUNWsymon/cfg/esusers. All users listed in this file have general access privileges by default unless the user is given additional privileges, as described in To Assign a User to a Security Group.
If a user login name is not in /var/opt/SUNWsymon/cfg/esusers, that user cannot log in to Sun Management Center. For a user to be able to access Sun Management Center, the user name must be added to the /var/opt/SUNWsymon/cfg/esusers file, as described in To Add Sun Management Center Users.
Users must also be assigned a security level for access. Sun Management Center assigns users to specific security groups. Three groups are created by default during the installation process: esops, esadm, and esdomadm.
esops is the group that is assigned to users who can effectively use the product and fine-tune its operation. These users cannot affect major configuration or architectural changes. The esops group has the greatest restriction of access privileges.
esadm is the group that is assigned to users who can perform privileged operations, including the loading of modules and the configuration of managed objects and data properties. The esadm group has more access privileges than esops, but fewer access privileges than esdomadm.
esdomadm is the group that is assigned to users who have domain administration privileges. These users can create top-level domains in a server context and assign privileges for other Sun Management Center users within these domains. This role is the highest-level role.
For further information about security groups and roles, see Users, Groups, and Roles Overview. To find out how to assign a user to a specific Sun Management Center security group, see To Assign a User to a Security Group. For further information about Sun Management Center security, see Security Recommendations.
Log in as root (su - root) on the Sun Management Center server machine.
Add the user name on a new line in the /var/opt/SUNWsymon/cfg/esusers file.
The user name that you add must be a valid UNIX user name.
Save the file and exit the editor.
The user can now log in to Sun Management Center as a general user with limited access privileges. To enable additional access privileges for the user, assign the user to a specific security group. For further information about security groups, see Users, Groups, and Roles Overview.
Ensure that the user login name is in the /var/opt/SUNWsymon/cfg/esusers file.
Log in as root on the Sun Management Center Server machine.
In the /etc/group file, add the user to one of the following lines as applicable: esadm, esops, or esdomadm.
Separate each entry by a comma. For example, assume that you want to make the following assignments:
sysadmin1 and syadmin2 to the domain administration group esdomadm
admin1, admin2, and admin3 to the administration group esadm
ops1 and ops2 to the operations group esops
The entries in the /etc/group file would then be:
esadm::1000:admin1,admin2,admin3 esdomadm::1001:sysadmin1,sysadmin2 esops::1002:ops1,ops2
See Users, Groups, and Roles Overview for a thorough description of each of the security groups.
Save the file and exit the editor.
The user can now log in to Sun Management Center using the security privileges that you have assigned.
The Sun Management Center agent uses User Datagram Protocol (UDP) port 161 by default to communicate with the Sun Management Center server. The Sun Management Center agent is a complete replacement and enhancement for the SNMP agent snmpdx and the Sun SNMP utility mibissa, which also use port 161 by default.
The SNMP agent snmpdx is the main component of Solstice Enterprise Agent technology. snmpdx and mibissa run as daemon processes and listen for SNMP requests on port 161.
(On Solaris 10) If you use port 161, you are reminded to manually stop and disable the SNMP daemon, SMA.
If port 161 is in use during Sun Management Center setup, you are given the opportunity to specify a different port for the Sun Management Center agent and server, or to continue and use port 161. If you choose to use port 161, you are given the opportunity to stop and disable the SNMP agent daemon.
If you use port 161 and have chosen to manually stop and disable the SNMP daemon, Sun Management Center will not start until you stop all processes that use port 161.
The following procedure applies to any machine on which the Sun Management Center agent has been installed.
Log in as root.
Stop the snmpdx daemon by typing:
# /etc/rc3.d/S76snmpdx stop |
Disable the snmpdx daemon by typing:
# mv /etc/rc3.d/S76snmpdx /etc/rc3.d/s76snmpdx |
A script whose name begins with an uppercase “S” automatically starts when the system reboots. A script whose name begins with a lowercase “s” is not run automatically.
Your system might have other legacy SNMP agents or processes utilizing port 161. If Sun Management Center fails to start even though you have stopped and disabled snmpdx, view the agent.log file /var/opt/SUNWsymon/log/agent.log to see whether there is a port conflict.
Installing a separately released add-on product involves two steps:
Installing the add-on product as directed by the documentation for the product.
Setting up the add-on product by using either the Sun Management Center setup wizard es-guisetup or the command-line script es-setup.
You can install several add-ons, and then set up all of the add-ons by using the es-guisetup command.
Log in as root on the Sun Management Center machine where the add-on is installed.
Go to the Sun Management Center sbin directory, for example:
# cd /opt/SUNWsymon/sbin |
If you installed Sun Management Center in a different directory than /opt, go to /installdir/SUNWsymon/sbin, where installdir is the directory that you specified.
Run the es-guisetup script:
# ./es-guisetup |
The Welcome screen appears.
Click Next.
The Advanced Setup Options screen appears.
Select Configure Add-ons and click Next.
The Sun Management Center Core Product Setup Complete screen appears.
Click Next.
If no add-ons have been set up, the add-ons are listed. You are informed that the listed add-ons will be set up. Click Next to start the setup process for the listed add-ons.
If one or more add-ons have already been set up, those add-ons are listed. A list of add-ons that have not been set up is also displayed.
Select the add-on or add-ons that you want to set up, then click Next.
The setup screens for each selected add-on are presented in sequence. The Sun Management Center setup process prompts you for any information required by each selected add-on. Provide the requested information as needed. Refer to the add-on documentation for additional information for each add-on product that you selected.
If an add-on product setup failed, you are informed that the setup of the add-on product was not successful. You are then directed to see the log file for more details. The name of the log file is provided.
When the add-on setup process is complete, a list of the add-on components you installed and set up is displayed. You are prompted to click Next to start Sun Management Center, or to click Close to exit the setup process and start Sun Management Center later.
Log in as root on the Sun Management Center machine where the add-on is installed.
Go to the Sun Management Center sbin directory, for example:
# cd /opt/SUNWsymon/sbin |
If you installed Sun Management Center in a different directory than /opt, go to /installdir/SUNWsymon/sbin, where installdir is the directory that you specified.
Determine the directory name of the add-on.
List the contents of the installdir/SUNWsymon/addons directory, for example:
# ls -p /opt/SUNWsymon/addons AdvancedMonitoring/ PRM/ SystemManagement/ storage/ EServices/ SunfireSun4dConfigReader/ wgs/ |
Set up the add-on by typing es-setup -p add-on-name, where add-on-name is the directory name for the add-on. For example:
# ./es-setup -p SunfireSun4dConfigReader |
The setup process is started for the specified add-on. When the add-on setup completes, you are asked whether you want to start the Sun Management Center agent and server processes.
Type y to start the Sun Management Center agent and server.
Type n to exit without starting the Sun Management Center agent and server.
The Sun Management Center validation tool es-validate checks and verifies installation and setup information after the software has been installed on your system. The tool is automatically installed when you install any of the base component layers.
es-validate provides the following information, which is based on the parameters you use:
The version of the Sun Management Center base product installed on the local host
The Sun Management Center base component layers installed on the host
Whether the production environment or developer environment has been installed
A list of all Sun Management Center base packages installed on the host
A list of all Sun Management Center add-on packages and the version of each installed on the host
The Sun Management Center base installation directory (BASEDIR)
The Sun Management Center patch IDs that have been installed
The Solaris operating environment version
The disk space used by the Sun Management Center installation
The validation tool also checks functional aspects of your system, including the following items:
Confirms whether the products installed on your system are compatible
Checks whether the Sun Management Center base product and add-on products have been set up
Checks whether the Sun Management Center database is functional
Confirms whether the Sun Management Center Web server is running
Displays all agents in the server context of the current Sun Management Center server, and also checks for agent connections in the server context
Confirms whether the command-line interface is functional
The syntax for the es-validate command is as follows:
es-validate [-s server [-r serverport] [-u user-name [-p password ]]] [-a agenthost [-b agentport] [-d]] [-c] [-o outfile]The following table describes the es-validate parameters.
Table 7–1 es-validate Options
Option |
Modifying Options |
Description |
---|---|---|
-a |
agenthost |
Check connectivity with agent host machine agenthost. |
-b |
agentport |
The SNMP port number associated with agentport. |
-c |
|
Show all the agents in the context of the Sun Management Center server specified with -s option. |
-d |
|
Show the version number of the agent on agenthost. |
-o |
outfile |
Store the output of es-validate in file outfile. outfile should be an absolute file path. The default is an arbitrary file name in /tmp. |
-p |
password |
The password for -uuser-name If not specified, and -uuser-name is specified, you are prompted for the password. |
-r |
serverport |
The Sun Management Center RMI port number. If not specified, port 2099 is used. |
-s |
server |
The Sun Management Center server host name. If not specified, the current host is used. |
-u |
user-name |
The user name used to connect with the Sun Management Center server. The -u user name parameter is mandatory for login checks. |