C H A P T E R 3 |
Installing or Upgrading SMS 1.6 Software |
This chapter provides all the instructions for installing SMS 1.6 or upgrading to SMS 1.6 on Sun Fire high-end systems. The chapter includes the following topics:
Note - Your Sun Fire system comes with the Solaris OS and SMS 1.6 preinstalled. You need to use the procedures in this section only if you want to do a fresh install on your system or are installing a new SC on your system. If the software is already installed, proceed to To Configure the Management Network. |
TABLE 3-1 shows the sequence of procedures to freshly install SMS 1.6 software using the smsinstall script for both the main SC (SC0) and the spare SC (SC1). Perform the procedures in the sequence shown in the table. The sections following the figure are in the order that the procedures should be performed. Each procedure contains the page number where that specific procedure can be found in this document.
Note - You need to record the chassis serial number (CSN) only on the main SC. You do not need to record the CSN on the spare SC. |
Note - The smsinstall script hardens the system controller after the first reboot. As pointed out in Security After Installation, hardening disables most remote access services. Do not reboot the system without providing serial or console access to the SC, or having ssh configured to survive a reboot on the SC. |
Note - If you are using ssh, you must change the ssh escape character to avoid conflict with the SMS console. See Changing the ssh Escape Character for more information. |
To Prepare for Installation |
Before you begin the installation, do the following tasks.
1. Gather the superuser passwords for both SCs.
2. Be sure you have platadmn privileges to both SCs.
3. On both SCs, determine the directory into which you will download the SMS software from the web.
4. Before installing the SMS 1.6 packages, make sure that you have serial or console access to the SC or have Secure Shell (ssh) available on the SC.
After you install SMS 1.6 and reboot the SC, the hardening performed by the smsinstall script disables remote access.
Note - If you are using ssh on the SC, you must change the ssh escape character to avoid conflict with the SMS console. See Changing the ssh Escape Character for more information. |
5. If you are freshly installing on new hardware:
a. Become familiar with the smsconfig command and its options.
Refer to the smsconfig(1M) man page.
b. Fill out the information in the site planning guide for your Sun Fire system (Sun Fire 15K/12K System Site Planning Guide or Sun Fire E25K/E20K System Site Planning Guide).
You need this information to configure the Management Network (MAN) after installing the SMS 1.6 packages on new hardware. (See To Configure the Management Network for more information about the MAN.)
6. Gather the following publications before you start the installation or upgrade:
7. Check the Solaris (SPARC Platform Edition) Release Notes and the Solaris Release Notes Supplement for Sun Hardware for your version of the Solaris OS, the System Management Services (SMS) 1.6 Release Notes, and SunSolve at http://sunsolve.sun.com for the latest information on issues, late-breaking news, and patch availability.
8. Refer to the Site Planning Guide for your Sun Fire system when reconfiguring your MAN.
You need the following information from your worksheets:
9. Install the release-appropriate Solaris patch cluster available at http://sunsolve.sun.com to ensure that SMS runs properly. Apply any patches to the Solaris OS before reinstalling or upgrading the SMS software.
Note - During installation, or whenever the other SC is at the OpenBoot PROM prompt or not running SMS, you might see "SC clocks NOT phase locked" messages in the platform log. You can ignore them. |
To Install the Solaris OS on the SC |
1. Install the Solaris OS, if it has not already been installed on the SC for you.
Refer to the appropriate Solaris installation guide for instructions. Make sure that you:
a. Install the proper release of the Solaris OS, including patches (see SC Software Requirements).
Without the proper version and patches, the availability daemons on the SC will not start, causing SMS daemon startup failures and an unusable SC.
b. Select the Entire Distribution group of the OS.
c. Select the English, C, locale. On the SC, SMS 1.6 does not support any Solaris OS locale other than English.
2. Verify that Java 1.2.2 software has been installed in the default directory.
The default directory is /usr/java1.2/bin/java. If you are using the Sun Fire Interconnect software and Java 1.2.2 software is not installed in the default directory, SMS does not start.
Note - After installing Java 1.2.2 software, be sure to stop and restart SMS. |
To Download SMS 1.6 Software From the Web |
1. Using your web browser, go to http://www.sun.com/servers/sw/
2. Select the System Management Services (SMS) link.
3. Select the correct SMS 1.6 software to download depending on the Solaris OS you are running:
4. Log in to the SC as superuser.
5. Change directory to the location where you downloaded the software.
6. Extract the downloaded file, depending on which operating system you are using.
After the file is extracted, the SMS 1.6 packages are located in /download_directory/sms_1_6_sparc/System_Management_Services_1.6/Product.
To Install SMS Software |
1. Log in to the SC as superuser.
2. Change directory to the location of the smsinstall script.
The smsinstall script automates many of the steps in the installation process.
3. Begin the installation process by running the smsinstall(1M) script.
where directory_name represents the directory (/download_directory/sms_1_6_sparc/System_Management_Services_1.6/Product) into which the SMS packages were downloaded (see To Download SMS 1.6 Software From the Web).
The Solaris Security Toolkit 4.2 package is installed. A message similar to this is displayed.
The script installs the SMS packages. Messages similar to this are displayed.
Note - The smsinstall(1M) script automatically installs the SMS man pages in the directory /opt/SUNWSMS/man/sman1m. To avoid conflicts, do not change this location. |
4. Conclude the installation process.
After installing the SMS packages, the script begins the hardening process.
Note - Although the smsinstall script displays a YES/NO prompt asking whether you want to continue, you do not need to respond to the prompt. The script automatically continues the hardening process. |
5. Before you reboot, if you want someone to be able to log in to an SC remotely, you must make a change in your /etc/hosts.allow file in the Solaris Security Toolkit.
Note - Once you reboot and the hardening takes effect, you cannot log in to an SC remotely. |
The line in the file for the spare SC should read:
For more information about the /etc/hosts.allow file, refer to the Solaris Security Toolkit 4.2 Reference Manual.
To Install Patches on the SC |
SMS patches are available at http://sunsolve.sun.com.
Before you install patches for your SMS software, follow these guidelines and notify the affected administrators if necessary.
Complete any domain, board, or configuration changes before you begin patch installation.
Read all patch instructions (included with the patch) carefully before attempting to install a patch. Instructions in the patch procedure could preempt these instructions.
1. Log in to the SC with platform administrator privileges.
2. Install any patches on both SCs.
To Configure the Management Network |
1. In the procedure, you use the smsconfig script to create the network configuration for your SCs.
2. Read and fill out the information in the site planning guide for your Sun Fire high-end system.
Note - You can exclude a domain from the I1 network configuration by using the word NONE as the net_id. This applies only to the I1 network. |
3. Log in to the SC as superuser.
4. Type the following to display, review, or change the MAN settings.
5. Answer the questions based on the information gathered for your site in the site planning guide for your system.
The following example shows IPv4 and accepts the default settings included with your version of the Solaris OS.
Note - The IP addresses on the external network for failover, eri0 and eri3, must be unique on each SC. The floating IP address is the same on both SCs. |
For more information on the smsconfig -m command, refer to the "MAN Configuration" section of the System Management Services (SMS) 1.6 Administrator Guide and the smsconfig man page.
Note - Any changes made to the network configuration on one SC using smsconfig -m must be made to the other SC as well. Network configuration is not automatically propagated. |
6. Edit the /etc/nsswitch.conf file.
The first entry for password, group, hosts, netmasks, and ethers should be files. To the right of files, list other naming services in use, such as nis or DNS, as in the following example.
sc: # vi /etc/nsswitch.conf ... passwd: files nis group: files nis ... hosts: files nis ... netmasks: files nis ... ethers: files nis ... |
Note - smsconfig automatically updates the /etc/netmasks and the /etc/inet/hosts file with all the private host names and logical addresses for the SC. |
7. Update your Solaris OS naming software, such as NIS, NIS+, or DNS, as needed.
To Set Up Users and Groups |
Note - You must add users and groups to both the main and spare SCs. Perform the following procedure twice, once for each SC. |
The SMS user group IDs are created during initial installation. For a complete list of the user group IDs, see TABLE 4-1.
2. Type the following command for each user you want to add.
For example, to add a user to the dmnaadmn group with access to domain A directories, type the following.
sc0: # /opt/SUNWSMS/bin/smsconfig -a -u fdjones -G admn a fdjones has been added to the dmnaadmn group All privileges to domain a have been applied. |
Note - Do not manually add users from SMS groups in the /etc/group file. This can limit or deny access to users. |
3. To list SMS groups and administrative privileges, use the following command.
For example, to display all users with platform privileges, type the following.
To Record the Chassis Serial Number on the Main SC |
You can skip this procedure if you are installing on the spare SC. You need to record the chassis serial number (CSN) only on the main SC. The chassis serial number is a unique alphanumeric text string, up to 20 characters in length, that identifies a Sun Fire high-end system. This serial number is displayed on a label located on the front of the system chassis, near the bottom center.
Note - SMS must be running before you can record the chassis serial number. |
1. Log in to the main SC as a user with platadm privileges.
2. Determine whether the centerplane is powered on by typing the following command.
3. Use the showplatform -p csn command to list the chassis serial number.
If a chassis serial number was previously recorded, it is displayed in the output as shown in the following example.
4. Record the chassis serial number.
where the chassis_serial_number is the number that identifies your Sun Fire high-end system. You obtain the chassis serial number from a label on the front of the system chassis, near the bottom center.
To Enable the Alternate Break Sequence |
To facilitate failover in SMS, the default sequence to stop the system [Stop-A] has been changed to the following alternate: [Return] [~] [Control-B]. Use this procedure to enable the alternate break sequence.
1. Log in to the SC as superuser.
2. In the /etc/default/kbd file, uncomment the following line:
This takes effect when you reboot the SC. For more information about the Alternate Break Sequence, see Using the Alternate Break Sequence.
To Reboot the System Controller |
Rebooting the SC enables the automatic hardening that you set up when you installed the SMS software.
1. Log in to the SC as superuser and change to the OpenBoot PROM prompt.
To Upgrade the SC Flash PROMs |
You must have platform (platadm) privileges to run the flashupdate(1M) command.
1. Log in to the SC as a user with platadmn privileges.
2. Use flashupdate to upgrade the fp0 flash PROM.
3. Use flashupdate again to upgrade the fp1 flash PROM, using the appropriate image for the type of board.
For more information on the flashupdate(1M) command, refer to the System Management Services (SMS) 1.6 Reference Manual or the flashupdate man page.
4. Log in to the SC as superuser and change to the OpenBoot PROM prompt.
To Finish the Setup Process |
To Upgrade the System Board Flash PROMs |
You must have platform privileges to run the flashupdate(1M) command.
1. Log in to the main SC as a user with platadmn privileges.
2. Use flashupdate to upgrade the CPU flash PROMs in a domain.
The location argument can be either of the following:
Specify the FPROM_id only when you want to update a particular FPROM (FP0 or FP1) on a system board. These are the possible values for board_loc, provided an I/O slot is occupied by an MCPU board:
The following FPROM_id forms are accepted for all platforms:
For example, the location SB4/FP0 indicates the FPROM 0 on the CPU board in slot 4.
3. Perform a system power-on self-test (POST) control application, hpost, per board with a dynamic reconfiguration operation to make the new firmware active on system boards.
Caution - Doing a reboot will not activate the new firmware. Use the setkeyswitch(1M) command to activate the firmware. |
To Enable Failover |
1. Log in to the SC as a user with platadmn privileges.
3. Verify that failover is working.
sc:sms-user:> /opt/SUNWSMS/bin/showfailover -v SC Failover Status: ACTIVATING sc:sms-user:> /opt/SUNWSMS/bin/showfailover -v SC Failover status: ACTIVE |
After you issue the setfailover command, the SCs begin to synchronize. While the main SC synchronizes with the spare SC, the failover status reads ACTIVATING. Once the synchronization is complete, the status reads ACTIVE.
TABLE 3-2 shows the sequence of procedures to restore previously installed versions of Solaris OS and SMS, such as after a hardware failure and the spare SC is down. Perform the procedures in the sequence shown in the table on the spare SC. The sections following TABLE 3-2 are in the order that the procedures should be performed. Each procedure contains the page number where that specific procedure can be found in this document.
1. To Install the Previously Installed Solaris OS on the Spare SC |
2. To Install the Previously Installed Version of SMS on the Spare SC |
To Install the Previously Installed Solaris OS on the Spare SC |
1. Install the previously installed Solaris OS you had on the spare SC.
Refer to the appropriate Solaris installation guide for instructions. Make sure that you:
a. Install the proper release of the Solaris OS, including patches (see SC Software Requirements).
Without the proper version and patches, the availability daemons on the SC do not start, causing SMS daemon startup failures and an unusable SC.
b. Select the Entire Distribution group of the OS.
c. Select the English, C, locale.
On the SC, SMS 1.6 does not support any Solaris locale other than English.
2. Verify that Java 1.2.2 software has been installed in the default directory. Type the following command.
The default directory is /usr/java1.2/bin/java. If you are using the Sun Fire Interconnect and Java 1.2.2 software is not installed in the default directory, SMS does not start.
Note - After installing Java 1.2.2 software, be sure to stop and restart SMS. |
To Install the Previously Installed Version of SMS on the Spare SC |
1. Log in to the spare SC as superuser.
2. Change directory to the location of the smsinstall script.
The smsinstall script automates many of the steps in the installation process.
3. Begin the installation process by running the smsinstall(1M) command.
where directory_name represents the directory (/download_directory/sms_1_6_sparc/System_Management_Services_1.6/Product) into which the SMS packages were downloaded (see To Download SMS 1.6 Software From the Web).
The Solaris Security Toolkit 4.2 package is installed. A message similar to this one is displayed.
The script installs the SMS packages.
Note - The smsinstall(1M) script automatically installs the SMS man pages in the directory /opt/SUNWSMS/man/sman1m. To avoid conflicts, do not change this location. |
4. Conclude the installation process.
After installing the SMS packages, the script begins the hardening process.
Note - Although the smsinstall script displays a YES/NO prompt asking you to continue, you do not need to respond to the prompt. The script automatically continues the hardening process. |
5. Before you reboot, if you want someone to be able to log in to an SC remotely, you must make a change in your /etc/hosts.allow file in the Solaris Security Toolkit.
Note - Once you reboot and the hardening takes effect, you cannot log in to an SC remotely. |
The line in the file for the spare SC should read:
For more information about the /etc/hosts.allow file, refer to the Solaris Security Toolkit 4.2 Reference Manual.
To Restore the SMS Configuration on the Spare SC |
Run smsrestore on the smsbackup file.
where filename is the absolute path to the backup file that was created by smsbackup(1M). The filename must contain the full path name for the file. This file can reside anywhere on the system, connected network, or tape device. If no filename is specified, you receive an error.
To Install Any SMS Patches on the Spare SC |
SMS patches are available at http://sunsolve.sun.com.
Before you install patches for your SMS software, follow these guidelines and notify the affected administrators if necessary.
Complete any domain, board, or configuration changes before you begin patch installation.
Read all patch instructions (included with the patch) carefully before attempting to install a patch. Instructions in the patch procedure could preempt these instructions.
1. Log in to the spare SC with platform administrator privileges.
2. Install any patches on the spare SC.
To Configure the Management Network |
1. In the procedure, you use the smsconfig script to create the network configuration for your spare SC.
2. Read and fill out the information in the site planning guide for your Sun Fire high-end system.
Note - You can exclude a domain from the I1 network configuration by using the word NONE as the net_id. This applies only to the I1 network. |
3. Log in to the spare SC as superuser.
4. Type the following to display, review, or change the MAN settings.
5. Answer the questions based on the information gathered for your site in the site planning guide for your system.
The following example shows IPv4 and accepts the default settings included with your version of the Solaris OS.
Note - The IP addresses on the external network for failover, eri0 and eri3, must be unique on each SC. The floating IP address is the same on both SCs. |
For more information on the smsconfig -m command, refer to the "MAN Configuration" section of the System Management Services (SMS) 1.6 Administrator Guide and the smsconfig man page.
Note - Any changes made to the network configuration on one SC using smsconfig -m must be made to the other SC as well. Network configuration is not automatically propagated. |
6. Edit the /etc/nsswitch.conf file.
The first entry for password, group, hosts, netmasks, and ethers should be files. To the right of files, list other naming services in use, such as nis or DNS, as in the following example.
sc1: # vi /etc/nsswitch.conf ... passwd: files nis group: files nis ... hosts: files nis ... netmasks: files nis ... ethers: files nis ... |
Note - smsconfig automatically updates the /etc/netmasks and the /etc/inet/hosts file with all the private host names and logical addresses for the SC. |
7. Update your Solaris OS naming software, such as NIS, NIS+, or DNS, as appropriate.
To Set Up Users and Groups |
The SMS user group IDs are created during initial installation. For a complete list of the user group IDs, see TABLE 4-1.
1. Log in to the spare SC as superuser.
2. Type the following command for each user you want to add.
For example, to add a user to the dmnaadmn group with access to domain A directories, type the following.
sc1: # /opt/SUNWSMS/bin/smsconfig -a -u fdjones -G admn a fdjones has been added to the dmnaadmn group All privileges to domain a have been applied. |
Note - Do not manually add users from SMS groups in the /etc/group file. This can limit or deny access to users. |
3. To list SMS groups and administrative privileges, use the following command.
For example, to display all users with platform privileges, type the following.
To Enable the Alternate Break Sequence |
To facilitate failover in SMS, the default sequence to stop the system [Stop-A] has been changed to the following alternate: [Return] [~] [Control-B]. Use this procedure to enable the alternate break sequence.
1. Log in to the spare SC as superuser.
2. In the /etc/default/kbd file, uncomment the following line:
This takes effect when you reboot the spare SC. For more information about the Alternate Break Sequence, see Using the Alternate Break Sequence.
To Reboot the Spare SC |
Rebooting the SC enables the automatic hardening that you set up when you installed the SMS software.
1. Log in to the spare SC as superuser and change to the OpenBoot PROM prompt.
TABLE 3-3 shows the sequence of procedures to upgrade a previous version of SMS software to version 1.6. You use the smsupgrade command to upgrade the SMS software in these instances:
The smsupgrade script automatically backs up and restores the SMS environment during the upgrade process.
If you already have SMS 1.6 software installed and you want to upgrade the Solaris OS on the SCs to a minor release (for example, you want to upgrade from Solaris 9 4/04 OS to Solaris 9 9/04 OS), you do not need to upgrade your SMS software. You can back up the SMS environment, upgrade the Solaris OS, and then restore the SMS environment. See Manually Backing Up and Restoring the SMS 1.6 Environment for instructions.
To Do Before Starting the Upgrade |
Before you begin the upgrade procedure, do these tasks.
1. Gather the superuser passwords for both SCs.
2. Be sure you have platadmn privileges to both SCs.
3. On both SCs, determine the directory into which you will download the SMS software from the web.
4. Ensure that the SC data is synchronized between the two SCs by typing this command on the main SC.
5. Ensure that both SC clocks are phase-locked. You can do this by looking at the most recent messages in the platform logs, which say whether the SC clocks are locked or not.
Note - During installation, or whenever the other SC is at the OpenBoot PROM prompt or not running SMS, you might see "SC clocks NOT phase locked" messages in the platform log. You can ignore them. |
6. Before installing the SMS 1.6 packages, make sure that you have serial or console access to the SC or have Secure Shell (ssh) available on the SC.
After you install SMS 1.6 and reboot the SC, the hardening performed by the smsinstall script disables remote access.
Note - If you are using ssh on the SC, you must change the ssh escape character to avoid conflict with the SMS console. See Changing the ssh Escape Character for more information. |
7. Gather the following publications before you start the installation or upgrade:
8. Check the Solaris (SPARC Platform Edition) Release Notes and the Solaris Release Notes Supplement for Sun Hardware for your version of the Solaris OS, the System Management Services (SMS) 1.6 Release Notes, and http://sunsolve.sun.com for the latest information on issues, late-breaking news, and patch availability.
9. Refer to the site planning guide for your Sun Fire system when reconfiguring your MAN.
You need the following information from your worksheets:
10. Install the release-appropriate Solaris patch cluster available at http://sunsolve.sun.com, to ensure that SMS runs properly. Apply any patches to the Solaris OS before reinstalling or upgrading the SMS software.
To Start the Upgrade |
TABLE 3-3 shows the upgrade process for both the main SC (SC0) and the spare SC (SC1). Perform the procedures in the sequence shown in the table. The sections following the figure are in the order that the procedures should be performed. Each procedure contains the page number where that specific procedure can be found in this document.
To Unharden the Main SC |
To undo the hardening manually, perform the following procedure.
1. Log in to the main SC as superuser.
2. Type the following command at the sc prompt to undo the hardening.
(Both the smsinstall and the smsupgrade scripts install the Solaris Security Toolkit in /opt/SUNWjass/.)
The system prompts you to select a hardening operation (called a Solaris Security Toolkit run) to undo.
3. Type the number of the run you want to undo at the CHOICE (`q' to exit)? prompt.
For more information about using the Solaris Security Toolkit, refer to the Solaris Security Toolkit 4.2 Administration Guide or the Solaris Security Toolkit 4.2 Reference Manual.
To Disable Failover on the Main SC |
Before you disable failover on the main SC, be sure SMS is running and your configuration remains stable. No commands should be active and no hardware should be changed during the reinstallation process.
1. Log in to the main SC as a user with platadmn privileges.
2. Disable failover by typing the following command.
To Back Up the SMS Environment on the Main SC |
Note - The smsupgrade script automatically backs up and restores the SMS environment during the upgrade process. However, your system is more secure if you perform your own manual backup here also. |
If you have a recent SMS backup file, you do not have to perform this procedure. Note, however, that the sms_backup.X.X.cpio file of one SC cannot be used by the other SC. They are SC-specific files and are not interchangeable.
1. Log in to the main SC (sc0) as superuser.
3. Back up the SMS environment.
Run smsbackup or have the latest copy of the smsbackup file (sms_backup.X.X.cpio) accessible to the disk.
Note - The sms_backup.X.X.cpio file of one SC cannot be used by the other SC. They are SC-specific files and are not interchangeable. |
where directory_name is the name of the directory in which the backup file is created. This file can reside in any directory on the system, connected network, or tape device to which you have read/write privileges. If you do not specify a directory_name, the backup file is created in /var/tmp.
The directory_name you specify must be mounted as a UNIX file system (UFS). Specifying a temporary file system (TMPFS), such as /tmp, causes smsbackup to fail.
If you are not certain that your directory_name is mounted as a UFS, type the following command.
A UFS returns directory information. Any other type of file system returns a warning.
Caution - Before you upgrade the Solaris OS on the SC or run smsupgrade, be sure that SMS is stopped. |
To Unharden the Spare SC |
To undo the hardening manually, perform the following procedure.
1. Log in to the spare SC as superuser.
2. Type the following command at the sc prompt to undo the hardening.
(Both the smsinstall and the smsupgrade scripts install the Solaris Security Toolkit in /opt/SUNWjass/.)
The system prompts you to select a hardening operation (called a Solaris Security Toolkit run) to undo.
3. Type the number of the run you want to undo at the CHOICE (`q' to exit)? prompt.
For more information about using the Solaris Security Toolkit, refer to the Solaris Security Toolkit 4.2 Administration Guide or the Solaris Security Toolkit 4.2 Reference Manual.
To Back Up the SMS Environment on the Spare SC |
Note - smsupgrade automatically backs up and restores the SMS environment during the upgrade process. However, your system is more secure if you perform your own manual backup here also.v |
If you have a recent SMS backup file, you do not have to perform this procedure. Note, however, that the sms_backup.X.X.cpio file of one SC cannot be used by the other SC. They are SC-specific files and are not interchangeable.
1. Log in to the spare SC (sc1) as superuser.
3. Back up the SMS environment.
Run smsbackup or have the latest copy of the smsbackup file (sms_backup.X.X.cpio) accessible to the disk.
Note - The sms_backup.X.X.cpio file of one SC cannot be used by the other SC. They are SC-specific files and are not interchangeable. |
where directory_name is the name of the directory in which the backup file is created. This file can reside in any directory on the system, connected network, or tape device to which you have read/write privileges. If you do not specify a directory_name, the backup file is created in /var/tmp.
The directory_name you specify must be mounted as a UNIX file system (UFS). Specifying a temporary file system (TMPFS), such as /tmp, causes smsbackup to fail.
If you are not certain that your directory_name is mounted as a UFS, type the following command.
A UFS returns directory information. Any other type of file system returns a warning.
To Upgrade the Solaris OS on the Spare SC (Optional) |
This procedure is optional. If you do not want to upgrade the Solaris OS and you just want to upgrade the SMS software, skip this procedure. Proceed directly to To Download SMS 1.6 Software From the Web for the Spare SC.
Caution - Before you upgrade the Solaris OS on the SC or run smsupgrade, be sure that SMS is stopped. |
Refer to the appropriate Solaris installation guide for instructions. Make sure that you:
a. Install the proper release of the Solaris OS, including patches (see SC Software Requirements).
Without the proper version and patches, the availability daemons on the SC do not start, causing SMS daemon startup failures and an unusable SC.
b. Select the Entire Distribution group of the OS.
c. Select the English, C, locale.
On the SC, SMS 1.6 does not support any Solaris locale other than English.
2. Verify that Java 1.2.2 software has been installed in the default directory. Type the following command.
The default directory is /usr/java1.2/bin/java. If you are using the Sun Fire Interconnect and Java 1.2.2 software is not installed in the default directory, SMS does not start.
Note - After installing Java 1.2.2 software, be sure to stop and restart SMS. |
3. Install any recommended or required Solaris OS patches.
To Download SMS 1.6 Software From the Web for the Spare SC |
1. Using your web browser, go to:
http://www.sun.com/servers/highend/sms.html
2. Select the SMS 1.6 software to download depending on the Solaris OS you are running:
3. Log in to the spare SC (sc1) as superuser.
4. Change directory to the location where you downloaded the software.
5. Extract the downloaded file.
After the file is extracted, the SMS 1.6 packages are located in /download_directory/sms_1_6_sparc/System_Management_Services_1.6/Product.
6. Download any recommended or required patches for SMS from:
To Remove the Solaris Security Toolkit from the Spare SC If You Have a Previous Package |
1. Use the pkgrm command to remove the Solaris Security Toolkit package.
A message similar to this one is displayed for each package.
The following package is currently installed: SUNWjass Solaris Security Toolkit (Solaris) 4.1.1 Do you want to remove this package? |
2. To remove each package, enter y for Yes.
Here is an example. The message varies by package.
To Upgrade SMS Software on the Spare SC |
Caution - Before you upgrade the Solaris OS on the SC or run smsupgrade, be sure that SMS is stopped. |
1. Log in to the spare SC (sc1) as superuser.
2. Change directory to the location of the smsupgrade script.
Note - The smsupgrade(1M) script automatically installs the SMS man pages in the directory /opt/SUNWSMS/man/sman1m. To avoid conflicts, do not change this location. |
3. Begin the upgrade process by running the smsupgrade(1M) script.
where directory_name represents the directory (/download_directory/sms_1_6_sparc/System_Management_Services_1.6/Product) into which the SMS packages were downloaded (see To Download SMS 1.6 Software From the Web for the Spare SC).
The smsupgrade script first backs up any existing SMS environment as in this example.
Note - The name of the SMS backup file depends upon the version from which you are upgrading. In this example, the version is SMS 1.6. |
After backing up the SMS environment, the smsupgrade script detects the version of the Solaris Security Toolkit previously installed on the SC. As with the smsinstall script, the result of the smsupgrade script depends on whether:
If the toolkit passes the integrity check, the upgrade process finishes automatically as described in Step 4. If the toolkit files have been damaged or modified, the script displays an error with instructions to remove the toolkit.
Note - If you are running Solaris 9 OS on your SC, and you already have Solaris Security Toolkit 4.1.1 on the SC, you can keep using that version. |
If you receive an error message, take the following steps.
a. Remove the damaged or modified package.
i. Use the pkgrm command to remove the Solaris Security Toolkit package.
A message similar to this one is displayed for each package.
The following package is currently installed: SUNWjass Solaris Security Toolkit (Solaris) 4.1.1 Do you want to remove this package? |
ii. To remove each package, enter y for Yes.
Here is an example. The message varies by package.
b. After removing the package, start smsupgrade again.
4. Conclude the upgrade process.
After verifying the integrity of the toolkit, the script installs the SMS packages.
Note - The smsupgrade(1M) script automatically installs the SMS man pages in the directory /opt/SUNWSMS/man/sman1m. To avoid conflicts, do not change this location. |
After installing the SMS 1.6 packages, the smsupgrade script restores the previous SMS environment and starts picld. The screen output includes instructions about manually hardening the SC.
To Install Any SMS Patches on the Spare SC |
SMS patches are available at http://sunsolve.sun.com.
Before you install patches for your SMS software, follow these guidelines and notify the affected administrators if necessary.
Complete any domain, board, or configuration changes before you begin patch installation.
Read all patch instructions (included with the patch) carefully before attempting to install a patch. Instructions in the patch procedure could preempt these instructions.
1. Log in to the spare SC (sc1) with platform administrator privileges.
2. Install any patches on the spare SC.
To Manually Harden the Spare SC |
The smsupgrade command does not automatically harden the SC. To manually harden the SCs after upgrading SMS software, follow the instructions shown on the screen or in this section.
1. Log in to the spare SC as superuser.
2. Type the following command to harden.
Note - The -q (quiet) option suppresses verbose output from the system when you execute this command. |
The system responds with the prompt Are you sure?
4. Before you reboot, if you want someone to be able to log in to an SC remotely, you must make a change in your /etc/hosts.allow file in the Solaris Security Toolkit.
Note - Once you reboot and the hardening takes effect, you cannot log into an SC remotely. |
For more information about the /etc/hosts.allow file, refer to the Solaris Security Toolkit 4.2 Reference Manual.
To Switch Control to the Spare SC |
1. Log in to the main system controller (sc0) as superuser .
3. Log in to the spare SC (sc1) and change to the OpenBoot PROM prompt.
Note - Before rebooting, make sure you have serial or console access to the SC, or have ssh available on the SC. Starting with SMS 1.6 software, Solaris Security Toolkit 4.2 software disables all remote access services except ssh on Solaris 9 OS.
|
After you reboot the spare SC, SMS starts with the spare SC (sc1) acting as the main SC. However, this document continues to refer to SC0 as the main SC and SC1 as the spare SC.
This procedure assumes that smsconfig -m has already been run. If smsconfig -m has not been run, you receive the following error and SMS exits.
To Upgrade the Spare SC Flash PROMs |
You must have platform (platadm) privileges to run the flashupdate(1M) command.
1. Log in to the spare SC as a user with platadmn privileges.
2. Use flashupdate to upgrade the fp0 flash PROM.
3. Use flashupdate again to upgrade the fp1 flash PROM, using the appropriate image for the type of board.
For more information on the flashupdate(1M) command, refer to the System Management Services (SMS) 1.6 Reference Manual or the flashupdate man page.
To Reboot the Spare System Controller |
1. Log in to the spare SC as superuser and change to the OpenBoot PROM prompt.
To Upgrade the Solaris OS on the Main SC (Optional) |
This procedure is optional. If you do not want to upgrade the Solaris OS and you just want to upgrade the SMS software, skip this procedure. Proceed directly to To Download SMS 1.6 Software From the Web for the Main SC.
Caution - Before you upgrade the Solaris OS on the SC or run smsupgrade, be sure that SMS is stopped. |
Refer to the appropriate Solaris installation guide for instructions. Make sure that you:
a. Install the proper release of the Solaris OS, including patches (see SC Software Requirements).
Without the proper version and patches, the availability daemons on the SC do not start, causing SMS daemon startup failures and an unusable SC.
b. Select the Entire Distribution group of the OS.
c. Select the English, C, locale.
On the SC, SMS 1.6 does not support any Solaris locale other than English.
2. Verify that Java 1.2.2 software has been installed in the default directory. Type the following command.
The default directory is /usr/java1.2/bin/java. If you are using the Sun Fire Interconnect and Java 1.2.2 software is not installed in the default directory, SMS does not start.
Note - After installing Java 1.2.2 software, be sure to stop and restart SMS. |
3. Install any required Solaris OS patches.
To Download SMS 1.6 Software From the Web for the Main SC |
1. Using your web browser, go to:
http://www.sun.com/servers/highend/sms.html
2. Select the SMS 1.6 software to download depending on the Solaris OS you are running:
3. Log in to the main SC (sc0) as superuser.
4. Change directory to the location where you downloaded the software.
5. Extract the downloaded file.
After the file is extracted, the SMS 1.6 packages are located in /download_directory/sms_1_6_sparc/System_Management_Services_1.6/Product.
6. Download any recommended or required patches for SMS from:
To Remove the Solaris Security Toolkit from the Main SC If You Have a Previous Package |
1. Use the pkgrm command to remove the Solaris Security Toolkit package.
A message similar to this one is displayed for each package.
The following package is currently installed: SUNWjass Solaris Security Toolkit (Solaris) 4.1.1 Do you want to remove this package? |
2. To remove each package, enter y for Yes.
Here is an example. The message varies by package.
To Upgrade SMS Software on the Main SC |
Caution - Before you upgrade the Solaris OS on the SC or run smsupgrade, be sure that SMS is stopped. |
1. Log in to the main SC (sc0) as superuser.
2. Change directory to the location of the smsupgrade script.
Note - The smsupgrade(1M) script automatically installs the SMS man pages in the directory /opt/SUNWSMS/man/sman1m. To avoid conflicts, do not change this location. |
3. Begin the upgrade process by running the smsupgrade(1M) script.
where directory_name represents the directory (/download_directory/sms_1_6_sparc/System_Management_Services_1.6/Product) into which the SMS packages were downloaded (see To Download SMS 1.6 Software From the Web for the Main SC).
The smsupgrade script first backs up any existing SMS environment, as in this example.
Note - The name of the SMS backup file depends upon the version from which you are upgrading. In this example, the version is SMS 1.6. |
After backing up the SMS environment, the smsupgrade script detects the version of the Solaris Security Toolkit previously installed on the SC. As with the smsinstall script, the result of the smsupgrade script depends on whether:
If the toolkit passes the integrity check, the upgrade process finishes automatically as described in Step 4. If the toolkit files have been damaged or modified, the script displays an error with instructions to remove the toolkit.
Note - If you are running Solaris 9 OS on your SC, and you already have Solaris Security Toolkit 4.1.1 on the SC, you can keep using that version. |
If you receive an error message, take the following steps.
a. Remove the damaged or modified package.
i. Use the pkgrm command to remove the Solaris Security Toolkit package.
A message similar to this one is displayed for each package.
The following package is currently installed: SUNWjass Solaris Security Toolkit (Solaris) 4.1.1 Do you want to remove this package? |
ii. To remove each package, enter y for Yes.
Here is an example. The message varies by package.
b. After removing the package, start smsupgrade again.
4. Conclude the upgrade process.
After verifying the integrity of the toolkit, the script installs the SMS packages.
Note - The smsupgrade(1M) script automatically installs the SMS man pages in the directory /opt/SUNWSMS/man/sman1m. To avoid conflicts, do not change this location. |
After installing the SMS 1.6 packages, the smsupgrade script restores the previous SMS environment and starts picld. The screen output includes instructions about manually hardening the SC.
To Install Any SMS Patches on the Main SC |
SMS patches are available at http://sunsolve.sun.com.
Before you install patches for your SMS software, follow these guidelines and notify the affected administrators if necessary.
Complete any domain, board, or configuration changes before you begin patch installation.
Read all patch instructions (included with the patch) carefully before attempting to install a patch. Instructions in the patch procedure could preempt these instructions.
1. Log in to the main SC (sc0) with platform administrator privileges.
2. Install any SMS patches on the main SC.
To Manually Harden the Main SC |
The smsupgrade script does not automatically harden the SC. To manually harden the SC after upgrading SMS software, follow the instructions shown on the screen or in this section.
1. Log in to the main SC as superuser.
2. Type the following command to harden.
Note - The -q (quiet) option suppresses verbose output from the system when you execute this command. |
The system responds with the prompt Are you sure?
The system hardens the main SC.
4. Before you reboot, if you want someone to be able to log in to an SC remotely, you must make a change in your /etc/hosts.allow file in the Solaris Security Toolkit.
Note - Once you reboot and the hardening takes effect, you cannot log into an SC remotely. |
For more information about the /etc/hosts.allow file, refer to the Solaris Security Toolkit 4.2 Reference Manual.
To Reboot the Main System Controller |
1. Log in to the main SC as superuser and change to the OpenBoot PROM prompt.
To Upgrade the Main SC Flash PROMs |
You must have platform (platadm) privileges to run the flashupdate(1M) command.
1. Log in to the main SC as a user with platadmn privileges.
2. Use flashupdate to upgrade the fp0 flash PROM.
3. Use flashupdate again to upgrade the fp1 flash PROM, using the appropriate image for the type of board.
For more information on the flashupdate(1M) command, refer to the System Management Services (SMS) 1.6 Reference Manual or the flashupdate man page.
To Switch Control Back to the Main SC |
1. Log in to the spare SC (sc1) as superuser.
3. Log in to the main SC (sc0) and change to the OpenBoot PROM prompt.
Wait for all processes to start on the main SC before proceeding to the next step. Use the showenvironment command to verify that all SMS processes have started on the main SC.
5. Use the /etc/init.d/sms script to restart SMS on the spare SC.
To Enable Failover |
1. Log in to the main SC as a user with platadmn privileges.
3. Verify that failover is working.
sc0:sms-user:> /opt/SUNWSMS/bin/showfailover -v SC Failover Status: ACTIVATING sc0:sms-user:> /opt/SUNWSMS/bin/showfailover -v SC Failover status: ACTIVE |
After you issue the setfailover command, the SCs begin to synchronize. While the main SC synchronizes with the spare SC, the failover status reads ACTIVATING. Once the synchronization is complete, the status reads ACTIVE.
To Upgrade the System Board Flash PROMs |
You must have platform privileges to run the flashupdate(1M) command.
1. Log in to the main SC as a user with platadmn privileges.
2. Use flashupdate to upgrade the CPU flash PROMs in a domain.
The location argument can be either of the following:
Specify the FPROM_id only when you want to update a particular FPROM (FP0 or FP1) on a system board. These are the possible values for board_loc, provided an I/O slot is occupied by an MCPU board:
The following FPROM_id forms are accepted for all platforms:
For example, the location SB4/FP0 indicates the FPROM 0 on the CPU board in slot 4.
3. Perform a system power-on self-test (POST) control application, hpost, per board with a dynamic reconfiguration operation to make the new firmware active on system boards.
Caution - Doing a reboot will not activate the new firmware. Use the setkeyswitch(1M) command to activate the firmware. |
Copyright © 2006, Sun Microsystems, Inc. All Rights Reserved.