| |
| System Administration | smsconfig(1m) |
| | smsconfig - configures the SMS environment |
SYNOPSIS
| | smsconfig -m I1 [ domain_id|
sc] |
| | smsconfig -m I2 [sc0|sc1] |
| | smsconfig -a -u username -G admn|oper|svc
platform |
| | smsconfig -r -u username -G admn|oper|svc
platform |
| | smsconfig -a -u username -G admn|rcfg
domain_id |
| | smsconfig -r -u username -G admn|rcfg
domain_id |
| | smsconfig -l domain_id|platform |
| |
smsconfig(1M) configures and modifies the host name and IP address settings used by the MAN daemon, mand(1M). For each network, smsconfig can singularly set one or more interface designations within that network. By default, smsconfig steps through the configuration of all three internal enterprise networks.
Note – Once you have configured or changed the configuration of the MAN network you must reboot the SC in order for the changes to take effect.To configure an individual network, append the net_id to the command line. Management network net_ids are designated I1, I2, and L. Configure a single interface within an enterprise network by specifying both the desired interface and its net_id. Any changes made to the network configuration on one SC using smsconfig
-m must be run on the other SC. Network configurations files are not automatically propagated.
For security purposes, SMS disables forwarding, broadcast and multicast by setting the appropriate ndd variables upon startup.
smsconfig configures the UNIX groups used by SMS to describe user privileges. SMS uses a default set of UNIX groups installed locally on each SC. smsconfig allows you to customize those groups using the -g option. For more information refer to the System Management Services (SMS) 1.2 Installation Guide and Release Notes for the Sun Fire 15K/12 Systems.
smsconfig also adds users to SMS groups and configures domain and platform administrative privileges. smsconfig sets access control list (ACL) attributes on SMS directories.
Note – Do not manually edit the /etc/group SMS file entries to add or remove users. User access will be compromised. |
| |
The following options are supported.
- -a
- Adds a user to an SMS group and provides read, write and execute access for a domain or the platform directories. You must specify a valid username, SMS group and if applicable, a domain_id
- -G admn|rcfg
- Indicates an SMS domain administrator or reconfigurator. All groups are case insensitive.
- -G admn|oper|svc
- Indicates an SMS platform administrator, operator or service personnel. All groups are case insensitive.
- -g
- Configures the UNIX groups used by SMS to describe user privileges.
- -h
- Help. Displays usage descriptions. Note – Use alone. Any option specified in addition to -h is ignored.
- -l
- Lists all users with access to the specified SMS domain or platform.
- -m
- Configures all interfaces for all enterprise networks and the external community.
- -m I1
- Configures all interfaces for enterprise network I1. Network designation is case insensitive. A domain can be excluded from the I1 network configuration by using the word NONE as the net_id. This applies to the I1 network only.
- -mI2
- Configures all interfaces for enterprise network I2. Network designation is case insensitive.
- -m L
- Configures all interfaces for the external community network. Network designation is case insensitive.
- -r
- Removes a user from an SMS group and denies read, write and execute access for a domain or the platform directories. You must specify a valid username, SMS group and if applicable, a domain_id.
- -u username
- Indicates user login name.
|
| |
The following operands are supported:
-
domain_id
- ID for a domain. Valid domain_ids are 'A'...'R' and are case insensitive.
-
platform
- Specifies the Sun Fire 15K/12K platform and platform specific directories.
-
SC, SC0, SC1
- Interface designation for the Sun Fire 15K/12K SC. Interface designations are case insensitive.
|
| |
Group Privileges Required
| |
You must have superuser privileges to run this command.
Refer to Chapter 2 in the System Management Services (SMS) 1.2 Administrator Guide for the Sun Fire 15K/12K Systems for more information.
|
|
| | Example 1. Initial Setup
| |
You must configure all interfaces in the MAN network. This example steps through all the prompts needed to completely set up all three enterprise networks using IPv4. An IPv6 network example differs slightly.
CAUTION: The IP addresses shown in the following examples are examples only. Refer to your Sun Fire 15K/12K System Site Planning Guide for valid IP addresses for your network. Using invalid network IP addresses could, under certain circumstances, render your system unbootable!
There will be no prompts for netmasks and /etc/ipnodes will be modified in addition to /etc/hosts.
IP addresses on the external network for failover, hme0 and eri1 on each SC must be unique. The floating IP address is the same on both SCs.
By default, the I1 network settings are derived from the base network address entered for that network. A domain can be excluded from the I1 network configuration by using the word NONE as the net_id. For more information refer to the System Management Services (SMS) 1.2 Installation Guide and Release Notes for the Sun Fire 15K/12 Systems.
Once you have configured the MAN network, you must reboot the SC.
| |
sc0:# smsconfig-m
The platform name identifies the entire host machine to the SMS software.
The platform name occupies a different name space than domain names (hostnames of bootable systems).
What is the name of the platform this SMS will service? sun15
Configuring the External Network for Community C1
Do you want to define this Community? [y,n] y
Enter NICs associated with community C1 [hme0 eri1]: [Return]
Enter Logical/Floating IP hostname for community C1 [sun15-sc-C1]:[Return]
Enter IPMP IP address for sun15-sc-C1: 10.1.1.50
Enter Netmask for community C1: 255.255.255.0
Enter IPMP hostname for community C1 failover address [sun15-sc0-C1-failover]:[Return]
Enter IPMP IP address for sun15-sc0-C1-failover: 10.1.1.51
Enter IPMP hostname for hme0 [sun15-sc0-hme0]:[Return]
Enter IPMP IP address for sun15-sc0-hme0: 10.1.1.52
Enter IPMP hostname for eri1 [sun15-sc0-eri1]:[Return]
Enter IPMP IP address for sun15-sc0-eri1: 10.1.1.53
Hostname IP Address (platform=sun15)
-------- ----------
sun15-sc-C1 10.1.1.50
sun15-sc0-C1-failover 10.1.1.51
sun15-sc0-hme0 10.1.1.52
sun15-sc0-eri1 10.1.1.53
Do you want to:
1) Accept these network settings.
2) Edit these network settings.
3) Delete these network settings and go onto the next community? [y,n] y
Configuring the External Network for Community C2
Do you want to define this Community? [y,n] n
Configuring I1 Management Network - 'I1' is the Domain to SC MAN.
MAN I1 Network Identification
Enter the IP network number (base address) for the I1 network: 10.2.1.0
Enter the netmask for the I1 MAN network [ 255.255.255.224 ]: [Return}
Hostname IP Address platform=sun15)
-------- ----------
netmask-i1 255.255.255.224
sun15-sc-i1 10.2.1.1
sun15-a 10.2.1.2
sun15-b 10.2.1.3
sun15-c 10.2.1.4
sun15-d 10.2.1.5
sun15-e 10.2.1.6
sun15-f 10.2.1.7
sun15-g 10.2.1.8
sun15-h 10.2.1.9
sun15-i 10.2.1.10
sun15-j 10.2.1.11
sun15-k 10.2.1.12
sun15-l 10.2.1.13
sun15-m 10.2.1.14
sun15-n 10.2.1.15
sun15-o 10.2.1.16
sun15-p 10.2.1.17
sun15-q 10.2.1.18
sun15-r 10.2.1.19
Do you want to accept these network settings? [y,n] y
Configuring I2 Management Network - 'I2' is for SC to SC MAN.
MAN I2 Network Identification
Enter the IP network number (base address) for the I2 network: 10.3.1.0
Enter the netmask for the I2 MAN network [ 255.255.255.252 ]:[Return]
Hostname IP Address (platform=sun15)
-------- ----------
netmask-i2 255.255.255.252
sun15-sc0-i2 10.3.1.1
sun15-sc1-i2 10.3.1.2
Do you want to accept these settings? [y,n] y
Creating /.rhosts to facilitate file propagation ... done.
MAN Network configuration modified!
Changes will take effect on next reboot.
The following changes are about to be applied to the "/etc/hosts" hosts file.
----------------------
ADD: 10.2.1.2 sun15-a #smsconfig-entry#
ADD: 10.2.1.3 sun15-b #smsconfig-entry#
ADD: 10.2.1.4 sun15-c #smsconfig-entry#
ADD: 10.2.1.5 sun15-d #smsconfig-entry#
ADD: 10.2.1.6 sun15-e #smsconfig-entry#
ADD: 10.2.1.7 sun15-f #smsconfig-entry#
ADD: 10.2.1.8 sun15-g #smsconfig-entry#
ADD: 10.2.1.9 sun15-h #smsconfig-entry#
ADD: 10.2.1.10 sun15-i #smsconfig-entry#
ADD: 10.2.1.11 sun15-j #smsconfig-entry#
ADD: 10.2.1.12 sun15-k #smsconfig-entry#
ADD: 10.2.1.13 sun15-l #smsconfig-entry#
ADD: 10.2.1.14 sun15-m #smsconfig-entry#
ADD: 10.2.1.15 sun15-n #smsconfig-entry#
ADD: 10.2.1.16 sun15-o #smsconfig-entry#
ADD: 10.2.1.17 sun15-p #smsconfig-entry#
ADD: 10.2.1.18 sun15-q #smsconfig-entry#
ADD: 10.2.1.19 sun15-r #smsconfig-entry#
ADD: 10.2.1.1 sun15-sc-i1 #smsconfig-entry#
ADD: 10.1.1.50 sun15-sc-C1 #smsconfig-entry#
ADD: 10.1.1.51 sun15-sc0-C1-failover #smsconfig-entry#
ADD: 10.1.1.52 sun15-sc0-hme0 #smsconfig-entry#
ADD: 10.1.1.53 sun15-sc0-eri1 #smsconfig-entry#
ADD: 10.3.1.1 sun15-sc0-i2 #smsconfig-entry#
ADD: 10.3.1.2 sun15-sc1-i2 #smsconfig-entry#
----------------------
Update the hosts file, "/etc/hosts", with these changes? [y,n] y
Hosts file "/etc/hosts" has been updated.
The following information is about to be applied to the "/etc/netmasks" file.
----------------------
ADD network: 10.1.1.50, mask: 255.255.255.0
ADD network: 10.2.1.0, mask: 255.255.255.224
ADD network: 10.3.1.0, mask: 255.255.255.252
----------------------
Update the netmasks file, "/etc/netmasks", with these changes? [y,n] y
Netmasks file "/etc/netmasks" has been updated.
sc#
|
|
Example 2. Configuring the I2 Network
| |
| |
sc0: # smsconfig -m I2
Configuring I2 Management Network - 'I2' is for SC to SC MAN
Which System Controller are you configuring [choose 0 or 1]: 0.
Hostname IP Address (platform=sun15)
-------- ----------
netmask-i2 255.255.255.252
sun15-sc0-i2 10.3.1.1
sun15-sc1-i2 10.3.1.2
Do you want to accept these network settings? [y,n] n
MAN I2 Network Identification
Enter the IP network number (base address) for the I2 network: 172.16.0.0
Enter the netmask for the I2 MAN network [ 255.255.255.252 ]: [Return]
Hostname IP Address (platform=sun15)
-------- ----------
netmask-i2 255.255.255.252
sun15-sc0-i2 172.16.0.1
sun15-sc1-i2 172.16.0.2
Do you want to accept these network settings? [y,n] y
Creating /.rhosts to facilitate file propagation ... done.
MAN Network configuration modified!
Changes will take effect on the next reboot.
The following changes are about to be applied to the "/etc/hosts" hosts file.
----------------------
ADD: 172.16.0.1 sun15-sc0-i2 #smsconfig-entry#
ADD: 172.16.0.2 sun15-sc1-i2 #smsconfig-entry#
----------------------
Update the hosts file, "/etc/hosts". with these changes [y,n] y
Hosts file "/etc/hosts" has been updated.
The following information is about to be applied to the "/etc/netmasks" file.
---------------------
ADD network: 172.16.0.0, mask: 255.255.255.252
---------------------
Update the netmasks file, "/etc/netmasks", with these changes? [y,n] y
Netmasks file "/etc/netmasks" has been updated.
sc#
|
|
Example 3. Configuring Internal Host Name and IP Address, SC to Domain B on the I1 Network
| |
| |
sc0: # smsconfig -m I1 B
Enter the MAN hostname for DB-I1 [ sun15-b ]: domainB-i1
I could not automatically determine the IP address of domainB-i1.
Please enter the IP address of domainB-i1: 10.2.1.20
You should make sure that this host/IP address is set up properly in the
/etc/inet/hosts file or in your local name service system.
Network: I1 (DB-I1) Hostname: domainB-i1 IP Address: 10.2.1.20
Do you want to accept these settings? [y,n] y
Creating /.rhosts to facilitate file propagation ... done.
MAN Network configuration modified!
Changes will take effect on the next reboot.
The following changes are about to be applied to the "/etc/hosts" hosts file.
----------------------
ADD: 10.2.1.20 domainB-i1 #smsconfig-entry#
----------------------
Update the hosts file, "/etc/hosts", with these changes? [y,n] y
Hosts file "/etc/hosts" has been updated.
sc#
|
|
Example 4. Excluding Domain D from the I1 Network
| |
| |
sc0: # smsconfig -m I1 D
Enter the MAN hostname for DB-I1 [ sun15-b ]: NONE
Network: I1 (DB-I1)
Hostname: NONE IP Address: NONE
Do you want to accept these settings? [y,n] y
Creating /.rhosts to facilitate file propagation ... done.
sc#
|
|
Example 5. Configuring Non Default Groups
| |
In this example, all domain administrator and domain reconfiguration groups are left as the default groups.
| |
sc0: # smsconfig -g
1) Edit current configuration
2) Restore default groups
3) Quit
Select one of the above options: 1
NOTE: In order to configure a new group the group must already exist.
The Platform Administrator group has configuration control, a means to
get environmental status, the ability to assign boards to domains, power
control and other generic service processor functions.
Enter the name of the Platform Administrator group [platadmn]? zeus
The Platform Operator group has a subset of the platform privileges,
limited generally to platform power control and platform status.
Enter the name of the Platform Operator group [platoper]? poseidon
The Platform Service group posses platform service command privileges in
addition to limited platform control and platform configuration status
privileges
Enter the name of the Platform Service group [platsvc]? kronos
The Domain Administrator group posses domain control and status, and
console access privileges (for the respective domain), but does not
posses platform wide control or platform resource allocation privileges.
Enter the name of the Domain A Administrator group [dmnaadmn]? [Return]
Enter the name of the Domain B Administrator group [dmnbadmn]? [Return]
Enter the name of the Domain C Administrator group [dmncadmn]? [Return]
Enter the name of the Domain D Administrator group [dmndadmn]? [Return]
Enter the name of the Domain E Administrator group [dmneadmn]? [Return]
Enter the name of the Domain F Administrator group [dmnfadmn]? [Return]
Enter the name of the Domain G Administrator group [dmngadmn]? [Return]
Enter the name of the Domain H Administrator group [dmnhadmn]? [Return]
Enter the name of the Domain I Administrator group [dmniadmn]? [Return]
Enter the name of the Domain J Administrator group [dmnjadmn]? [Return]
Enter the name of the Domain K Administrator group [dmnkadmn]? [Return]
Enter the name of the Domain L Administrator group [dmnladmn]? [Return]
Enter the name of the Domain M Administrator group [dmnmadmn]? [Return]
Enter the name of the Domain N Administrator group [dmnnadmn]? [Return]
Enter the name of the Domain O Administrator group [dmnoadmn]? [Return]
Enter the name of the Domain P Administrator group [dmnpadmn]? [Return]
Enter the name of the Domain Q Administrator group [dmnqadmn]? [Return]
Enter the name of the Domain R Administrator group [dmnradmn]? [Return]
The Domain Reconfiguration group posses a subset of the Domain
Administration group privileges. This group has no domain control other
than board power and reconfiguration (for the respective domain).
Enter the name of the Domain A Reconfiguration group [dmnarcfg]? [Return]
Enter the name of the Domain B Reconfiguration group [dmnbrcfg]? [Return]
Enter the name of the Domain C Reconfiguration group [dmncrcfg]? [Return]
Enter the name of the Domain D Reconfiguration group [dmndrcfg]? [Return]
Enter the name of the Domain E Reconfiguration group [dmnercfg]? [Return]
Enter the name of the Domain F Reconfiguration group [dmnfrcfg]? [Return]
Enter the name of the Domain G Reconfiguration group [dmngrcfg]? [Return]
Enter the name of the Domain H Reconfiguration group [dmnhrcfg]? [Return]
Enter the name of the Domain I Reconfiguration group [dmnircfg]? [Return]
Enter the name of the Domain J Reconfiguration group [dmnjrcfg]? [Return]
Enter the name of the Domain K Reconfiguration group [dmnkrcfg]? [Return]
Enter the name of the Domain L Reconfiguration group [dmnlrcfg]? [Return]
Enter the name of the Domain M Reconfiguration group [dmnmrcfg]? [Return]
Enter the name of the Domain N Reconfiguration group [dmnnrcfg]? [Return]
Enter the name of the Domain O Reconfiguration group [dmnorcfg]? [Return]
Enter the name of the Domain P Reconfiguration group [dmnprcfg]? [Return]
Enter the name of the Domain Q Reconfiguration group [dmnqrcfg]? [Return]
Enter the name of the Domain R Reconfiguration group [dmnrrcfg]? [Return]
Configuration complete.
Select one of the above options:
1) Edit current configuration
2) Restore default groups
3) Quit
Select one of the above options: 3
sc#
|
|
Example 6. Adding a User to the Domain Administrator Group and Configuring Access to the Domain B Directories
| |
You must specify a valid username and valid SMS group and domain.
| |
sc0: # smsconfig -a -u fdjones -G admn B
fdjones has been added to the dmnBadmn group.
All privileges to domain B have been applied.
|
|
Example 7. Adding a User to the Domain Configurator Group and Configuring Access to the Domain C Directories
| |
You must specify a valid username and valid SMS group and domain.
| |
sc0: # smsconfig -a -u fdjones -G rcfg C
fdjones has been added to the dmnCrcfg group.
All privileges to domain C have been applied.
|
|
Example 8. Configuring Access to the Platform Directories
| |
You must specify a valid username and valid SMS group and the platform.
| |
sc0: # smsconfig -a -u jtd -G svc platform
jtd has been added to the platsvc group.
All privileges to the platform have been applied.
|
|
Example 9. Displaying Users with Access to the Domain C Directories
| |
| |
sc0: # smsconfig -l C
fdjones
shea
|
|
Example 10. Displaying Users with Access to the Platform Directories
| |
| |
sc0: # smsconfig -l platform
fdjones
jtd
|
|
Example 11. Removing User Access to the Domain C Directories
| |
You must specify a valid username and valid SMS group. If a user belongs to more than one group with access to a domain, they must be removed from all groups before directory access is denied.
| |
sc0: # smsconfig -r -u fdjones -G rcfg C
fdjones has been removed from the dmnCrcfg group.
fdjones belongs to the dmnCadmn group
Access to domain C remains unchanged.
|
| |
sc0: # smsconfig -r -u fdjones -G admn C
fdjones has been removed from the dmnCadmn group.
All access to domain C is now denied.
|
|
Example 12. Configuring Using an Invalid Groupname
| |
You must specify a valid SMS group.
| |
sc0: # smsconfig -a -u fdjones -G staff D
ERROR: group staff does not exist
ABORTING.
|
|
Example 13. Mixing Groups and Designations.
| |
You must specify group names with the correct area designations. The admn group works with either designation.
| |
sc0: # smsconfig -a -u fdjones -G rcfg platform
ERROR: group rcfg cannot access the platform
ABORTING.
|
| |
sc0: # smsconfig -a -u fdjones -G oper D
ERROR: group oper cannot access a domain
ABORTING.
|
|
|
| |
The following exit values are returned:
-
0
- Successful completion
- >0
- An error occurred.
|
| |
The following configuration files are required:
-
/etc/hostname.scman0
- MAN Ethernet interface file
-
/etc/hostname.scman1
- MAN Ethernet interface file
-
/etc/opt/SUNWSMS/config/MAN.cf
- MAN daemon configuration file
Note – MAN.cf is an internal SMS system file and should not be modified except by authorized Sun Microsystems personnel. |
| |
See attributes(5) for descriptions of the following attributes:
| Attribute Types | Attribute Values |
| Availability | SUNWSMSop |
|
| |
