C H A P T E R 4 |
Common ALOM Tasks |
Once you have logged in to ALOM as admin and specified the admin password, you might want to perform some common administrative tasks:
You will be connecting to ALOM through either the serial management port (SERIAL MGT) or the network management, or Ethernet, port (NET MGT). See Choosing ALOM Communication Ports for more information. Refer to your server's installation guide or administration guide for more information about these ports and how to connect devices to them.
There are several ways to connect to ALOM:
When you connect to ALOM through the serial management port for the first time, you are automatically connected as the admin account. This account has full (cuar) permissions. Before you can continue using ALOM, you must specify a password for this account. After you specify the password, you can continue using ALOM. The next time you log in, you must specify the password. When you are logged in as admin, you can add new users and specify passwords and permissions for them.
On servers that support DHCP enabled-by-default (Sun Fire V215, V245, and V445 servers), you can connect to the network management port prior to connecting to the serial management port. In this case, there is an extra layer of security to ensure the SC is secure-by-default. You only are allowed to connect with a Secure Shell (ssh) session, and you must provide a system-specific predetermined password. This is described in Default DHCP Connection (Sun Fire V215, V245, and V445 Servers). Once the default password is provided and you are allowed to continue, you then must specify a new password for the admin account.
See Permission Levels, useradd, userpassword, and userperm for more information about this process.
To Log in to ALOM |
All users (admin and other users) employ the following procedure to log in to ALOM.
See Connecting to ALOM.
2. When the connection is established, type #. (pound-period) to escape from the system console.
3. Type your ALOM login name and password.
Your password is not echoed to the screen; instead, the host server displays an asterisk (*) for each character that you type. After you successfully log in, ALOM displays its command prompt:
You can now use ALOM commands or switch to the system console. See Overview of the ALOM Command Shell and Serial Management Port.
The ALOM event log records login information. If more than five login failures occur within five minutes, ALOM generates a critical event. See showlogs.
There are two ways to add ALOM user accounts:
You can add a maximum of 15 unique user accounts to ALOM.
To Add an ALOM User Account From the sc> Prompt |
1. At the sc> prompt, type the useradd command, followed by the user name you want to assign to that user.
See useradd.
2. To assign a password to the account, type the userpassword command, followed by the user name you assigned to the account.
For more on the userpassword command, see userpassword. ALOM prompts you to specify the password, and to verify the password. Note that ALOM does not echo the password to the screen. For example:
Note - User passwords have certain restrictions. Make sure that the password you assign observes these restrictions. See Password Restrictions. |
3. To assign permissions to the account, type the userperm command, followed by the user name you assigned to the account and the permission levels you want that user to have.
You can also view the permission and password status for a single ALOM user, or view information for all ALOM user accounts.
See usershow.
sc> usershow Username Permissions Password? admin cuar Assigned wwilson --cr none joeuser --cr Assigned |
To Add an ALOM User Account Using the scadm Utility |
To add and configure an ALOM user account from the system console, use the scadm utility. Perform the following steps:
1. Log in to the system console as superuser.
2. At the # prompt, type the scadm useradd command, followed by the user name you want to assign to that user.
3. To assign a password to the account, type the scadm userpassword command, followed by the user name you assigned to the account.
The system prompts you to specify the password, and to verify the password. Note that the system does not echo the password to the screen. For example:
Note - User passwords have certain restrictions. Make sure that the password you assign observes these restrictions. See Password Restrictions. |
4. To assign permissions to the account, type the userperm command, followed by the user name you assigned to the account and the permission levels you want that user to have.
See scadm userperm, and Password Restrictions.
You can also view the permission and password status for a single ALOM user, or view information for all ALOM user accounts.
See usershow.
# scadm usershow Username Permissions Password? admin cuar Assigned wwilson --cr none joeuser --cr Assigned |
There are two ways to remove ALOM user accounts:
Note - You cannot delete the default admin account from ALOM. |
To Remove an ALOM User Account From the sc> Prompt |
At the sc> prompt, type the userdel command, followed by the user name of the account you want to delete.
To Remove an ALOM User Account Using the scadm Utility |
1. Log in to the system console as superuser.
2. At the # prompt, type the scadm userdel command, followed by the user name of the account you want to delete.
You can change your own password, or that of another user by performing the following procedures.
To Change Your ALOM Password |
You can change your own ALOM account password from the sc> prompt. You do not need to have any permissions to change your own password.
At the sc> prompt, type the following command:
When you use this command, ALOM prompts you for your current password. If you enter the password correctly, it prompts you twice to enter the new password. For example:
sc> password password: Changing password for username Enter current password: ****** Enter new password: ****** Re-enter new password: ****** sc> |
To Change the ALOM Password for Another User |
Note - You must have u level user permission to change another user's password. See Permission Levels. |
There are two ways to change the password for another user's ALOM account:
Note - The #. (pound-period) character sequence is the default escape character sequence for ALOM. If desired, you can change the first character in the escape sequence by using the sc_escapechars variable. For example: sc> setsc sc_escapechars a. See sc_escapechars for more information. |
To temporarily redirect the system console output to the serial management port by resetting the IDPROM variables, refer to the administration guide that came with your system.
When you first start to apply power to the host server, ALOM is initially configured to display the system console output. The SERIAL MGT port is shown on the host server as ttya.
If desired, you can use other devices to access the system console besides the terminal connected to the serial management port. You can also use the general-purpose port (ttyb) on the back panel of your host server. This port is labeled as 10101. Refer to your server's documentation for more information.
To Redirect the System Console |
To redirect the output from the system console to ttyb, perform the following steps:
1. At the ALOM sc> prompt, type the break command to bring the host server to the OpenBoot PROM prompt (ok).
If you have the kadb debugger configured, type $# to exit kadb first. See break for more on that command.
2. At the sc> prompt, type the console command to access the server's system console.
The console command is covered in console.
3. At the ok prompt, type the following commands:
4. To cause these changes to take effect immediately, type reset-all at the ok prompt.
Otherwise, these changes take effect the next time you cycle the power on the host server.
These changes remain in effect until you manually change the OpenBoot PROM settings back to ALOM (ttya) as described in the following section.
To Reset the Default Console Back to ALOM (ttya) |
1. Type the following commands at the ok prompt:
2. To cause these changes to take effect immediately, type reset-all at the ok prompt.
Otherwise, these changes take effect the next time you cycle the power on the host server.
By default, ALOM uses the serial management port (SERIAL MGT) to communicate with an external terminal or other ASCII device. On some servers (Sun Fire V215, V245, and V445), DHCP is enabled by default on the network management (NET MGT) port. This allows an administrator network access to the ALOM without first requiring a serial connection to the serial management port. To be secure by default, there are specific steps and constraints for the initial login through the network. Default DHCP Connection (Sun Fire V215, V245, and V445 Servers).
For all servers you can manually reconfigure ALOM to use the Ethernet network management (NET MGT) port, and then you can connect to ALOM through telnet or ssh.
The NET MGT port accommodates a standard RJ-45 connector. For information about how to establish the hardware connections between the NET MGT port and your network, refer to your server's documentation.
The Sun Fire V210, V240, V250, and V440 servers and Netra 210, 240, and 440 servers support 10BASE-T only. The Sun Fire V215, V245, and V445 servers support 10/100BASE-T. ALOM does not support one-gigabit networks.
To configure the ALOM software to communicate using the NET MGT port, you must specify values for the network interface variables. See Network Interface Variables.
There are three ways to specify values for these variables:
To Run the setupsc Script |
1. To run the setupsc script, at the sc> prompt type setupsc:
2. To exit the script, do one of the following:
For example, the script starts as follows:
sc> setupsc Entering interactive script mode. To exit and discard changes to that point, use Ctrl-C or to exit and save changes to that point, use Ctrl- Z. |
If desired, you can customize all of the ALOM configuration variables at once by following the interactive questions in the script. See Overview of the ALOM Configuration Variables. To configure only the network interface variables, press Return at each prompt until the following prompt is displayed:
See Network Interface Variables for further details.
To Configure the Network Interface Variables |
1. At the sc> prompt, type y to confirm that you want to configure the network interface variables.
The setupsc script returns the following prompt:
2. Type true or press Return to enable the network interface, or type false to disable it.
This sets a value for the if_network variable. See if_network.
3. Follow the interactive questions in the script. The script prompts you to set values for the following variables:
4. When you have finished setting up the network interface variables, press Control-Z to save your changes and exit the setupsc script.
If desired, you can finish configuring all of the ALOM configuration variables.
Before you can use your network configuration, you must reset ALOM. You can do this in one of two ways:
You can set values for the network interface variables from the sc> prompt using the setsc command. You issue the command once for each variable you want to configure. For example:
Specify values (or use the default values) for each of the following variables:
You can set values for the network interface variables from the superuser (#) prompt in the system console using the scadm set command. You issue the command once for each variable you want to configure. For example:
Specify values (or use the default values) for each of the following variables:
For more information, see Overview of the ALOM Configuration Variables.
You can customize ALOM to send email alerts to all users logged in to ALOM at the time an event occurs. You can specify which levels (critical, major, minor) of email alerts are sent to each user, and you can send customized event messages as emails to each user. See scadm send_event.
The ALOM software enables you to send and receive alerts, directly or using a script. In addition, there are three levels of alerts:
Note - You can configure email alerts for up to eight users. You can configure each email address to receive its own severity level of alert. |
To Set Up Email Alerts |
1. Make sure that ALOM is set up to use the Ethernet network management port (NET MGT), and that the network interface variables are configured.
See Reconfiguring ALOM to Use the Ethernet (NET MGT) Port.
2. Set the if_emailalerts variable to true.
See if_emailalerts
3. Set values for the mgt_mailhost variable to identify one or two mail hosts on the network.
See mgt_mailhost.
4. Set values for the mgt_mailalert variable to specify email addresses and alert levels for each user.
See mgt_mailalert.
To send customized alerts, use the scadm command send_event. You can do this in two ways:
If you are using the ALOM command shell and are not connected to the host server's console, you will receive alert messages from ALOM when it detects a major-level or critical-level event. This can happen while you are typing ALOM commands. If this happens, press Return and retype the command.
ALOM generates alert messages in the following format:
$HOSTID $EVENT $TIME $CUSTOMERINFO $HOSTNAME message
Resetting ALOM reboots the ALOM software. Reset ALOM after you have changed settings on ALOM, such as specifying a new value for a configuration variable. Reset ALOM from the system console if ALOM stops responding for any reason.
There are two ways to reset ALOM:
After you reset ALOM, the serial connection times out at the login prompt after one minute and takes the console write lock automatically if no one else has it by then. The username field shows auto in the showusers command output entry for the serial interface. For example:
sc> showusers username connection login time client IP addr console -------------------------------------------------------------- auto serial Apr 14 10:30 system |
The word system under console means that the connection has the console write lock.
If you use the console -f command after resetting ALOM and the serial connection times out, you will receive this message:
Type y for yes, if you want to obtain the console write lock.
See console, resetsc, and showusers for more information.
There are four ways to reset the host server from the sc> prompt:
Note - After you issue the command poweroff or poweroff -f, ALOM returns the following message: |
Wait until you see the message before issuing the poweron command.
The showsc command displays information about the ALOM software configuration.
For example, to display the ALOM version, type the following at the sc> prompt:
For more details, see To Use the showsc Command.
If your host server has a front panel Locator LED, you can use ALOM to turn the LED on and off and to check the state of the LED. If your host server does not have a Locator LED, this command will not work.
This section discusses displaying and monitoring the server's environmental status.
To Use the showenvironment Command |
The showenvironment command displays a snapshot of the server's environmental status. The information this command can display includes system temperatures, hard disk drive status, power supply and fan status, front panel LED status, rotary switch position, voltage and current sensors, alarm status, and so on. The output uses a format similar to the UNIX command prtdiag(1M).
Note - You do not need user permissions to use this command. |
To use the showenvironment command, at the sc> prompt, type:
The display output differs according to your host server's model and configuration. Some environmental information might not be available when the server is in standby mode. See showenvironment.
You can embed the scadm send_event command within a script to log an ALOM event or to send an alert when certain conditions occur. Use the -c option to send a custom critical alert. See scadm send_event for details.
This example shows a Perl script file named dmon.pl that sends an ALOM alert when a specified disk partition exceeds a specified percent of its capacity.
Note - This script is written for the Netra host server. Use the uname -i command to obtain the server name for your host server and replace the SUNW,Netra x40 string in the example. |
To use this script as intended, submit a separate entry to the crontab utility for each disk partition you want to monitor. Refer to the crontab(1) man page for more information.
You should periodically create a backup file on a remote system that records ALOM configuration settings. Use the dumpconfig utility to save all user configurable variables in an encrypted file on a remote server.
To use the dumpconfig command, at the sc> prompt, type:
The dumpconfig utility uses the File Transfer Protocol (FTP) and prompts you for a username and password that must be valid on the remote server. See dumpconfig.
You can use the restoreconfig utility to restore the user options from an encrypted file created by the dumpconfig utility.
To use the restoreconfig command, at the sc> prompt, type:
The restoreconfig utility uses the FTP and prompts you for a user name and password that must be valid on the remote server. See restoreconfig.
Use a meaningful file name that includes the name of the server that ALOM controls. Later, you can refer to this file to restore the settings, if necessary.
You can also save the configuration in a human-readable file by using the scadm utility on the host server. This file is human readable; however, there is no utility to restore the ALOM configuration from this file. You must manually re-enter the variables or create a script to do this. Use the dumpconfig and restoreconfig commands to programmatically save and restore the configuration variables. See Overview of the scadm Utility for a summary of the scadm utility.
The following commands show how to copy information using scadm commands to a backup file. Replace the variable remote-filename1 and remote-filename2 with the names of your backup files in the following example:
Note - Before you can use these commands, you must set your path to the scadm utility. See To Set Your Path to the scadm Utility. |
Use meaningful file names that include the name of the server that ALOM controls. Later, you can refer to these files to restore the settings, if necessary.
Copyright © 2006, Sun Microsystems, Inc. All Rights Reserved.