|C H A P T E R 3|
This chapter provides help in some basic configuration tasks including:
Your ALOM software comes preinstalled on your host server, so it works as soon as you apply power to the server. You can connect a terminal to the serial management port (SERIAL MGT) and immediately start working with ALOM. On some servers (Sun Fire V215, V245, and V445), DHCP is enabled by default on the network management port. This allows an administrator network access to ALOM without first requiring a serial connection to the serial management port. To be secure by default, there are specific steps and constraints for the initial login through the network.
However, if you want to customize ALOM for your installation, you must perform some basic tasks.
Here are the tasks you must complete to customize ALOM:
1. Plan how to customize your configuration. See Planning Your ALOM Configuration.
2. Use the configuration worksheet to record your settings. See Configuration Variable Worksheet.
3. Power on your host server. See Powering On Your Host Server.
4. Run the setupsc command. See Setting Up ALOM.
5. Use the configuration variables to customize the ALOM software. See To Use Configuration Variables in the ALOM Command Shell.
Explanations of the listed tasks follow.
ALOM software comes preinstalled on your host server and is ready to run when you apply power to the server. You only need to follow the directions in this section if you decide to change the default configuration of ALOM to customize it for your installation.
Before you run the setupsc command, you must decide how you want ALOM to manage your host server. You must make the following decisions about your configuration:
Once you make those decisions, print the configuration worksheet shown in Configuration Variable Worksheet, and use it to record your responses to the setupsc command prompts.
The ALOM hardware contains two types of communication ports:
Both ports give you access to the ALOM command shell. By default ALOM communicates through the SERIAL MGT port at startup. All initial configuration must de done through the serial management port on the Sun Fire V210, V240, V250, and V440 servers and Netra 210, 240, 440 servers. Some servers (Sun Fire V215, V245, and V445) support DHCP by default on the network management port. These servers can be configured from the serial management port or network management port, if the attached subnet has a DHCP server. The default network configuration allows a Secure Shell session to be started.
You can connect to the ALOM serial management port with an ASCII terminal. This port is not an all-purpose serial port; it can be used to access ALOM and the server console through ALOM. On the host server, this port is referred to as the SERIAL MGT port. Refer to your server's documentation for more information.
The serial management port (SERIAL MGT) has a dedicated purpose. It enables ASCII communication between an external terminal and ALOM or the host server. This port takes a standard RJ-45 connector.
The port can only be used with an external terminal or with a terminal emulator, such as a serial connection from a workstation. It is not a general-purpose serial port. However, the Solaris Operating System sees this port as ttya.
If you want to use a general-purpose serial port with your server, use the regular
7-pin serial port on the back panel of your server. The Solaris Operating System sees this port as ttyb. For more information about the server's serial port, refer to your server's documentation.
Make sure that your console serial port is set to the following parameters:
The host server automatically sets these parameters for ALOM when it starts up. The settings are read-only, and cannot be changed from the ALOM sc> prompt. To view the settings for the parameters from the sc> prompt after you establish an ALOM session, check the serial port variables. See Serial Management Port Variables for more information.
1. Connect to ALOM.
See Connecting to ALOM and Logging in to Your ALOM Account for detailed instructions on establishing an ALOM system controller session.
The ALOM shell prompt (sc>) is displayed.
2. To connect to the system console, in the ALOM system controller window, type:
3. To return to the ALOM shell prompt (sc>) type #. (pound period).
Note - The #. (pound-period) character sequence is the default escape character sequence for ALOM. You can change the first character in the escape sequence by using the sc_escapechars variable. See sc_escapechars for more information.
The Ethernet port enables you to access ALOM from within your company network. You can connect to ALOM remotely using any standard Telnet client with Transmission Control Protocol/Internet Protocol (TCP/IP) or Secure Shell (ssh). On your host server, the ALOM Ethernet port is referred to as the NET MGT port.
Note - The Sun Fire V210, V240, V250, and V440 servers and Netra 210, 240, and 440 servers support 10BASE-T only. The Sun Fire V215, V245, and V445 servers support 10/100BASE-T. ALOM does not support one-gigabit networks.
The network management port is disabled by default on the Sun Fire V210, V240, V250, and V440 servers and Netra 210, 240, and 440 servers. It is enabled by default on the Sun Fire V215, V245, and V445 servers to support DHCP.
Refer to your server's documentation for more information on hardware capability.
When Dynamic Host Configuration Protocol is enabled, the SC acquires its network configuration, such as IP address, automatically from a DHCP server. DHCP is enabled by default on Sun Fire V215, V245, and V445 servers. It is disabled by default on all other servers and must be manually configured.
DHCP enabled-by-default allows a network connection to be established to the SC without first requiring a serial connection to manually configure the network. To make best use of this feature, the administrator must be aware of the associated default configuration variables and default parameters for the DHCP server and for log in to the SC.
The following ALOM variables and the default contents support DHCP on-by-default:
A DHCP client, in this case the SC, provides a unique client identifier (clientid) to identify itself to the DHCP server. The clientid is based on a system property easily obtainable by an authorized administrator with physical access to the system. Once a clientid is determined, the DHCP server can be preconfigured to map the clientid to a known IP address. After the SC is assigned an IP address, it starts the SSH server. An administrator can then initiate an ssh session with the SC. If the system is brand-new out-of-box, or upon reboot after the setdefaults -a command is run, the default admin user account requires a default password to log in. The default password is also composed of a system property that is easily obtainable by an administrator with physical access to the system. The next two sections show how clientid and default password can be constructed.
The clientid is based on the base Ethernet address for the system. The base Ethernet address is available on the Customer Information Sheet that is delivered with each system and is also available on a label on the back panel of the system chassis. The clientid is composed of the following concatenation:
For example, if the base-ethernet-address is 08:00:20:7C:B4:08, then the clientid that the SC generates is the string prefix SUNW,SC= concatenated with the 12-digit base-ethernet-address minus the colons:
This clientid is in ASCII format. It should be possible to program the DHCP server with an ASCII clientid. The actual entry into the DHCP mapping table is the hexadecimal equivalent.
When a system is shipped new from the factory, or upon reboot after a setdefaults -a command, a default password is required to log in from an ssh session. The default password is unique for each system. It is derived from the chassis serial number. The chassis serial number can be found on the Customer Information Sheet shipped with each server and can be found on a label attached to the back panel of the chassis. The default password is composed of the last 8 digits of the chassis serial number. For example, if the chassis serial number is 0547AE81D0 then the default password is:
Note - After an admin password is set, then the admin password is required for login. The default password is no longer applicable, unless a setdefaults -a command is run. For example, if a setdefaults command is run without the -a option, then the admin password remains the same as it was before the setdefaults command was run.
1. Determine the clientid from the host system base Ethernet address. The base Ethernet address can be obtained from the Customer Information Sheet or label on the back panel of the chassis.
2. Determine the default admin user login password from chassis serial number. The chassis serial number can be obtained from the Customer Information Sheet or label on the back panel of the chassis.
3. Program the DHCP server to serve the new clientid.
4. Attach the Sun Fire V215, V245, or V445 system to the network and ensure the system has AC power.
5. Start the ssh session using the IP address assigned by the DHCP server.
6. Log in as the admin user using the predetermined default password.
If the DHCP server is configured to pull from a block of IP addresses, then the administrator can use a DHCP administrative utility to determine the IP address that was assigned, although it may first be necessary to convert the clientid to a hexadecimal equivalent. For example, if the DHCP server is running the Solaris OS, then the pntadm(1M) command can be used to display the IP address assignments. In the following example, the SC with Ethernet address 123456789012 is connected to the .203 subnet.
In this case it is necessary to convert ASCII to a hexadecimal equivalent clientid to determine the IP address assignment. For example:
S U N W , S C = 1 2 3 4 5 6 7 8 9 0 1 2
If you want to connect to ALOM from an external PC or terminal using a modem, you can connect an external modem to the serial management port (SERIAL MGT). This allows you to run the ALOM software using your remote PC.
However, you can only use the modem for incoming ASCII connections to connect to the serial port to obtain the ALOM command prompt (sc>). Outgoing calls from ALOM using a modem are not supported.
Before attaching the modem to the ALOM serial port, set to factory default settings. On many modems, setting the factory default settings is done by using the AT&F0 command.
In order to connect the modem to the ALOM serial management port, a specific connector needs to be created or purchased with the specific pinout requirements.
One way to connect a modem to this port is to use a modified RJ-45 to DB-25 connector, Sun part number 530-2889-03, and a crossover RJ-45 to RJ-45 cable. The connector 530-2889-03 is modified by extracting the DB-25 pin in the pin 6 position and inserting it into the pin 8 position.
If you want to connect wiring yourself, translate the signals between the RJ-45 and DB-25 according to the information shown in TABLE 3-2:
FIGURE 3-1 and TABLE 3-3 include information about pin assignments and signal description relevant to an RJ-45 connector.
FIGURE 3-2 and TABLE 3-4 include information about the serial port connector and signals relevant to a DB-25 connector.
For more information, see if_modem.
You only need to use this worksheet if you want to customize ALOM for your installation.
To customize ALOM, you use the configuration variables. See Using ALOM Configuration Variables for details of variables.
There are two ways to set up the configuration variables for ALOM:
Print this section and use the table to record your inputs. This table can also serve as your record of the host server configuration in case you must reinstall the server software or modify the ALOM settings.
Make sure that your terminal device is connected to ALOM before you customize the ALOM software. Choosing ALOM Communication Ports details the process. See your host server's documentation to find the location of the serial and Ethernet connections for ALOM.
TABLE 3-5 identifies the configuration variables responsible for Ethernet control and their default values. Enter your values in the extreme right column.
Manually, see Configuring Your Network Manually.
Using DHCP, see Configuring Your Network Using DHCP.
if_connection, see if_connection.
netsc_ipaddr, see netsc_ipaddr.
netsc_ipnetmask see netsc_ipnetmask.
netsc_ipgateway, see netsc_ipgateway.
mgt_mailalert, see mgt_mailalert.
Note - You can also set up user accounts manually, but not by using the setupsc script. To set up user accounts manually, see Adding ALOM User Accounts.
When Dynamic Host Configuration Protocol is enabled, the SC acquires its network configuration, such as IP address, automatically from a DHCP server. DHCP is enabled by default on Sun Fire V215, V245, and V445 servers; see Default DHCP Connection (Sun Fire V215, V245, and V445 Servers) for more information. DHCP is disabled by default on all other servers and must be manually configured.
There are two ways to configure DHCP for ALOM:
Note - It is a best practice to set the ALOM device name associated with the Internet Protocol (IP) address in name server maps, such as the network information service (NIS) or domain name service (DNS), to be the name of the host server with -sc appended to it. For example, if your host server's name is bert, the ALOM device name is bert-sc.
If you use DHCP to control your network configuration, configure the DHCP server to assign a fixed IP address to ALOM.
There are two ways to manually configure the network for ALOM:
If you set each variable individually, you must set the following variables:
Note - It is a best practice to set the ALOM device name associated with the IP address in name server maps (NIS or DNS) to be the name of the host server with -sc appended to it. For example, if your host server's name is bert, the ALOM device name is bert-sc.
Refer to your host server documentation for information about how to power on the system. If you want to capture ALOM messages, power on the terminal that you have connected to the SERIAL MGT port before powering on the host server.
As soon as power is applied to the host, the SERIAL MGT port connects to the host server's console stream. To switch to ALOM, type #. (pound-period). At startup, ALOM has one pre-configured administrator account admin.
When you switch to ALOM from the system console, you are prompted to create a password for this account. See the password command section in password on for a description of acceptable passwords.
The default admin account has full ALOM user permissions (cuar). For more on permissions, see userperm. You can use this account to view the console output from the host, to set up other user accounts and passwords, and to configure ALOM.
To send email alerts, the ALOM Ethernet port must be enabled. See Network Management (Ethernet) Port.
When a problem occurs on a host server, ALOM sends an alert message to all users who are logged in to ALOM accounts on that host. In addition, you can configure ALOM to send alerts by email to users who are not logged in. When a user receives an alert, that user can connect to the ALOM account for that host server and address the alert condition.
The ALOM software allows you to set up to eight unique email addresses to receive alerts. You can configure each email address to receive its own severity level of alerts (critical, major, or minor). See Sending Customized Alerts.
After you have finished planning your configuration, run the setupsc command described on setupsc. Follow the prompts on the screen to customize the ALOM software for your installation.
The setupsc command runs a script that steps you through each ALOM function that you can customize. Each function is associated with one or more configuration variables. For more on configuration variables, see Chapter 6. To configure a function, type y when the setupsc script prompts you to do so. To skip a function, type n.
If you later must change a setting, run the setsc command as described in setsc.
The setupsc script enables you to set up a number of configuration variables at once. See Chapter 6 for more information. If you want to change one or more configuration variables without running the setupsc script, use the setsc command as shown on To Use the setsc Command.