Chapter 4 Hosts and Groups

This chapter explains how to create, edit, and delete user-defined groups. Creating groups allows you to manage hosts in a consistent and efficient manner. This chapter also explains the purpose of the default groups; and it explains how to test single hosts for compliance with your company requirements.

The procedures of this section are relevant to the admin user and to users with full permissions. Users with restricted permissions do not have access to group management features.

The following topics are covered:

• Terms

• Groups

• Managing Groups (Task Map)

• Managing Hosts (Task Map)

• Profile Compliance

Terms

This chapter uses the following terms:

Group

Logical set of managed hosts.

Managed Host

Linux or Solaris environment that is managed by Sun Update Connection – Enterprise through an agent.

Default Group

Group created by Sun Update Connection – Enterprise according to local configurations. Includes the All Hosts group and distribution groups.

Distribution Group

Default group containing all managed hosts with the same distribution and hardware platform.

Profile

Machine type definition. Associate a group or managed host with a profile to run compliance checks, which test whether a group or host complies with all requirements of the associated profile.

Groups

Managed hosts are assigned to and identified with groups. If you send a job to a group, all hosts in the group receive the job simultaneously. Sun Update Connection – Enterprise has two types of groups: user-defined groups and default groups.

User-Defined Groups

Create groups to make a large Sun Update Connection – Enterprise system more efficient. Groups enable you to simultaneously and consistently control managed hosts of similar functions and to prevent inappropriate configurations.

A User-defined group can hold as many hosts as you choose. Such a group can be comprised of mixed or homogeneous operating systems and can be nested within other groups.

Default Groups

A default group is system-defined collection of hosts and cannot be deleted or edited.

• All Hosts group. Contains all managed hosts. Every machine with an installed agent automatically belongs to this group.

• Distribution groups. Contains all hosts of a particular distribution and hardware platform. When an Agent registers with the SDS, it is identified by its operating system (specific Linux or Solaris distribution) and assigned to the group of agents with the same distribution and hardware platform.

For example, you install the agent on five Red Hat 8.0 Intel 32-bit machines. The agents rise. In the console you see a group called RH8_IA32 Hosts, and the five machines are listed under it. You install the agent on another five machines with SLES 9 on Power 64-bit. When the agents rise, you see a new group, SLES9_PPC64 Hosts, and it contains the five machines.

Updated Groups in Jobs

If you set a job to start at a single future date, any change in the host list of the group is reflected in the list of hosts that run the job.

For example, you select a group of five hosts to receive a job scheduled for the first of the next month. Before the job runs, you add two hosts to the group. When the first of the month comes, the job is sent to the seven hosts in the selected group.

If you set a job to a recurring schedule, you can add hosts to the group, and the next run of the job will be sent to the new host list. You cannot remove hosts from the group.

Say you reschedule the job of the previous example to be a recurring job for the first of each month. Before the next month, you want to remove four hosts from the group. When you attempt to do so, you receive an error message. You must delete the recurring job before you can edit the group.

Hosts and Groups in the Hosts List

To view the Hosts list, make sure the Inventory panel is open in the main window. From the View menu, choose Inventory.

The Hosts list displays default and user-defined groups, and their hosts. The distribution groups appear under the All Hosts group and contain only those distributions that are represented by managed hosts whose agents have risen and automatically registered their hosts with the system dependency server. Every group has a number next to it, which indicates how many hosts are in that group.

See Hosts List for explanations of the Hosts List columns and status icons.

Managing Groups (Task Map)

The following table identifies the tasks that you might perform when you want to manage groups.

To Create a Group

In this procedure, you create groups of managed hosts. Your groups can be on the same level as the default groups, or you can create a hierarchy of groups. The first procedure explains how to create a group in general. Then there is a procedure for creating nested groups.

1. Login as a user with full permissions or as the admin user.

2. Do one of the following:

   • From the tool bar, click the Add Group button.

   • In the Host list, right-click and choose Add Group.

   • From the Hosts menu, choose Add Group.

   The New Group window opens.

   

3. Type a name for the group.

4. If you want all hosts in this group to comply to a profile, select one from the Profile drop-down list.

   This does not lock the hosts to the profile; you can still run any job on the group. It does provide information, letting you know whenever one of the hosts in the group does not comply with the profile requirements.

5. Type an optional, free-text description of the group.

6. Select the hosts that you want to put into this group and then click the Add button.

   The Selected Hosts list shows the hosts that are to be assigned to this group.

7. Click OK.

   The New Group window closes. The new group appears in the Hosts list of the main window.

To Create a Nested Group

1. Do one of the following:

   • In the Hosts list, select an existing group. The new group will be a nested group of the selected group. Right-click the selected group and choose Add Group.

   • Do not select a group yet. You can choose the parent group when you create the new group. Click the Add Group button.

   The New Group window opens.

2. Check the Parent Group field:

   • If you selected a group before opening the New Group window, notice that the name of the selected group appears in the Parent Group field.

   • If you want to assign the new group to a different parent group, including if you did not select a group beforehand, click the Group Select button.

   The Group Selection window opens.

3. Select one group to be the parent of the new group and then click OK.

4. Finish creating the new group as in the previous procedure.

Example 4–1 Creating a Group with the CLI

The Add Group command in the CLI can create a top-level group. It has an optional parameter to create a nested group. To add hosts to the created group, use the Add Host to Group command. See Add Group (-ag) Command and Add Host to Group (-ahg) Command.

#! /bin/bash

function login { 
   echo -n “Type your user name:” 
   read user 
   echo -n “Type your password:” 
   read password
} 

function groupBasics { 
   echo -n “Type a name for the new group:” 
   read newGroup 
   echo -n “Should the new group be nested? (y | n):” 
   read pGyes 
} 

function createGroupWParent { 
   echo “Existing groups are:” 
   uce_cli -lg -u “$user” -p “$password” 
   echo “Copy the name of the group to be the parent.” 
   echo -n “It cannot be a default group:” 
   read parentGroup 
   echo “Creating $newGroup under $parentGroup” 
   uce_cli -ag -g “$newGroup” -pG “$parentGroup” -u “$user” -p “$password” 
} 

function createGroupNoParent {
   echo “Creating group without parent” 
   uce_cli -ag -g “$newGroup” -u “$user” -p “$password” 
} 

function addHost { 
   echo “Add a host to $newGroup...” 
     echo “Hosts are:” 
   uce_cli -lah -u “$user” -p “$password” 
   echo -n “Copy the host name that you want to add:” 
   read hostname 
   uce_cli -ahg -h “$hostname” -g “$newGroup” -u “$user” -p “$password” 
} 

login 
groupBasics 
if [ “$pGyes” = “y” ]; then 
   createGroupWParent 
else 
   createGroupNoParent 
fi 
addHost

To Edit a Group

In this procedure you edit groups of managed hosts. Use this procedure to change the name of a group, or the list of managed hosts assigned to it. If the group is scheduled for future jobs, the host list of the job is updated for the added hosts.

You cannot edit a group in the following circumstances:

• You cannot edit a group that is currently in an active job.

• You cannot remove hosts from a group that is scheduled for a future job.

1. Login as a user with full permissions or as the admin user.

2. In the Hosts list, select the group that you want to edit.

3. Do one of the following:

   • From the tool bar, click the Edit Group button.

   • Right-click the selected group in the Hosts list and choose Edit.

   • From the Hosts menu, choose Edit.

   The Group Properties window opens.

4. Change any of the following:

   • Name

   • Parent Group

   • Profile

   • Description

   • Add more hosts

   • Remove hosts, if not in scheduled jobs

Example 4–2 Editing a Group with the CLI

A group can be edited with the CLI command to rename a group. See Rename Group (-rg) Command.

#! /bin/bash 

echo -n “Enter your user name:” 
read user 
echo -n “Enter your password:” 
read password 

echo “The list of existing groups is:” 
uce_cli -lg -u “$user” -p “$password” 
echo -n “Copy the full path and name of the group you want to rename:” 
read origName 
echo -n “Type a name for the new group:” 
read newName 

uce_cli -rg -sG “$origName” -tG “$newName” -u “$user” -p “$password”

To Delete a Group

In this procedure you delete user-defined groups. The hosts are not deleted, but nested groups are. Though you cannot delete default distribution groups, if you uninstall the Sun Update Connection – Enterprise Agent from the last managed host of a distribution group, that group is deleted automatically.

You cannot delete groups in the following circumstances:

• The group is a default group: All Hosts or a distribution group.

• The group is in a currently active job.

• The group is selected for a scheduled job.

1. Login as a user with full permissions or as the admin user.

2. In the Hosts list, select the group that you want to delete.

3. Do one of the following:

   • From the tool bar, click the Delete Group button.

   • Right-click the selected group and choose Delete.

   • From the Hosts menu, choose Delete.

4. In the dialog box that opens, click Delete again.

   The group and its child groups are deleted.

To Delete Multiple Groups

1. Login as a user with full permissions or as the admin user.

2. In the Hosts list, hold Shift or Control while selecting groups.

3. Do one of the following:

   • From the tool bar, click the Delete Group button.

   • Right-click the selection and choose Delete.

   • From the Hosts menu, choose Delete.

4. In the dialog box that opens, click one of the following:

   • Delete All – Delete all selected groups at the same time.

   • Delete – Delete each selected group one at a time.

Example 4–3 Deleting a Group with the CLI

The Delete Group command in the CLI deletes a given user-defined group and its nested groups. It does not delete hosts and cannot be used to delete default groups. See Delete Group (-dg) Command.

#! /bin/bash 

echo -n “Enter your user name:” 
read user 
echo -n “Enter your password:” 
read password 

echo “The list of existing groups is:” 
uce_cli -lg -u “$user” -p “$password” 
echo -n “Copy the full path and name of the group you want to delete:” 
read delGroup 
uce_cli -dg -g “$delGroup” -u “$user” -p “$password”

Managing Hosts (Task Map)

A managed host is any computer or virtual machine:

• running a supported Linux distribution or Solaris on SPARC

• that has the Sun Update Connection – Enterprise Agent installed and

• is connected through TCP/IP to the system dependency server (SDS).

  A machine becomes an Sun Update Connection – Enterprise managed host when the agent starts up and registers its machine with the SDS.

  Users with full permissions and the admin user can perform the procedures in this section.

The following table identifies the tasks that you might perform when you want to manage hosts.

To Enable Add Hosts Commands

The Add Host commands on the console are disabled by default. Turn on the flag that permits you to add hosts manually before starting or restarting the console.

1. Copy the following line from /usr/local/uce/console/bin/uce.rc to .uce.rc and change its value to true.

   ( all ) ( invisible.gui.__general.manual_host_create, false );

2. Start the console with the parameter and value.

   • Linux: uce_console -manual_host_create true

   • Windows: uce_console.exe -manual_host_create true

To Add a Host

In this procedure, you manually add a host to Sun Update Connection – Enterprise. As Sun Update Connection – Enterprise will recognize and automatically add hosts when their agents rise, you will not use this procedure in general. Use the Add Host feature to predefine hosts.

1. Login as a user with full permissions or as the admin user.

2. Do one of the following:

   • From the tool bar, click the Add Host button.

   • In the Hosts list, right-click and choose Add Host.

   • From the Hosts menu, choose Add Host.

   The New Host window opens.

3. In the Host Name text box, create an Sun Update Connection – Enterprise name for the host.

4. In the Unique String text box, type the unique string of the machine.

5. From the Distro list, click one of the locally activated distributions.

6. From the Profile list, optionally click a user-defined profile to attach to this host.

7. Type an optional description of the host.

8. In the Groups list, select a user-defined group and click the Add button.

9. Click OK.

   The New Host window closes.

Example 4–4 Adding a Host with the CLI

The Add Host to Group command allows you to predefine a host, before it has an installed agent. In this command, the -D parameter is mandatory. See Add Host to Group (-ahg) Command.

#! /bin/bash

function login { 
   echo -n “Type your user name:” 
   read user 
   echo -n “Type your password:” 
   read password 
} 

function addHost { 
   echo “Add a host” 
   echo “Existing hosts are:” 
   uce_cli -lah -u “$user” -p “$password” 
   echo -n “Create a new name, one not already used:” 
   read hostname 
   echo “Active distros are:” 
   uce_cli -ld -u “$user” -p “$password” 
   echo -n “What is the distribution of the host?” 
   read distro 
   uce_cli -ah -h “$hostname” -D “$distro” -u “$user” -p “$password” 
} 
login addHost

To Assign a Host to Groups

You assign a managed host to user-defined groups. This does the same as adding hosts to groups, but from the perspective of each host and the groups it should belong to, rather than adding hosts to a single group.

1. Login as a user with full permissions or as the admin user.

2. In the Hosts list, expand a group and select a single managed host.

3. Do one of the following:

   • From the tool bar, click the Edit Host button.

   • Right-click the managed host and choose Edit.

   • From the Hosts menu, choose Edit.

   The Host Properties window opens.

4. In the Groups list, select a group and click the Add button.

   The host is added to the selected group. You can assign a managed host to multiple user-defined groups of any hierarchy.

5. Click OK.

   The Host Properties window closes.

Example 4–5 Assigning a Host to a Group with the CLI

The Add Host to Group command allows you to add a single host to a single group. See Add Host to Group (-ahg) Command.

See Example 4–1 for an example script.

To Edit a Managed Host

In this procedure you will view and edit properties of a managed host.

You cannot edit managed hosts in the following circumstances:

• The host is currently in an active job.

• The host is selected for a scheduled job.

• The host belongs to a group that is currently in an active job.

• If the host belongs to a permitted group of a user with restricted permissions, which group is selected for a scheduled job, you cannot remove a group from the Selected Groups list of the host.

1. Login as a user with full permissions or as the admin user.

2. In the Hosts list, expand a group and select a single managed host.

3. Do one of the following:

   • From the tool bar, click the Edit Host button.

   • Right-click the managed host and choose Edit.

   • From the Hosts menu, choose Edit.

   The Host Properties window opens.

4. (Optional) Change the Host Name.

   The name is for Sun Update Connection – Enterprise display only and the name does not affect the host. You cannot change the Unique String, IP Address, or Distribution.

5. (Optional) Change the Profile of the host.

   This step does not lock the host to the profile. You can still run any job on the managed host. This step does provide information, letting you know whenever the host does not comply with the profile requirements.

6. (Optional) Change the free-text description.

7. (Optional) Add more groups to the Selected Groups list of this host.

8. (Optional) Remove groups from the Selected Groups list, but only if the groups are not selected for active or scheduled jobs.

9. Click OK.

   The Host Properties window closes.

To Delete a Managed Host from Sun Update Connection – Enterprise

You cannot delete managed hosts in the following circumstances:

• The agent of the host is still running.

• The host is in a currently active job.

• The host is selected for a scheduled job.

  If you delete a host and then restart its agent, it is re-registered as an Sun Update Connection – Enterprise managed host, but it is not assigned to user-defined groups.

1. Log into a terminal with root permissions and stop the agent application.

   # /etc/init.d/uce_agent stop

2. Log in to Sun Update Connection – Enterprise as a user with full permissions or as the admin user.

3. In the Hosts list, select the host from within any group.

4. Do one of the following:

   • From the tool bar, click the Delete Host button.

   • Right-click the selected host and choose Delete.

   • From the Hosts menu, choose Delete.

5. In the confirmation dialog box that opens, click Delete.

   The host name is removed from all groups and the host is deleted from Sun Update Connection – Enterprise.

To Delete Multiple Managed Hosts from Sun Update Connection – Enterprise

You cannot delete managed hosts in the following circumstances:

• The agent of the host is still running.

• The host is in a currently active job.

• The host is selected for a scheduled job.

  If you delete a host and then restart its agent, it is re-registered as an Sun Update Connection – Enterprise managed host, but it is not assigned to user-defined groups.

1. Log into a terminal with root permissions and stop the agent application on each managed host.

   # /etc/init.d/uce_agent stop

2. Log into Sun Update Connection – Enterprise as a user with full permissions or as the admin user.

3. In the Hosts list, hold Shift or Control while selecting hosts.

4. Do one of the following:

   • From the tool bar, click the Delete Host button.

   • Right-click the selection and choose Delete.

   • From the Hosts menu, choose Delete.

5. In the dialog box that opens, click one of the following:

   • Delete All – Delete all selected hosts at once.

   • Delete – Delete selected hosts separately.

Example 4–6 Deleting a Managed Host with the CLI

The Delete Host command functions only if the agent is already stopped. The following script example stops the agent, so the user would need root permissions to run it. See Delete Host (-dh) Command.

#! /bin/bash

echo “To run this script, you need root permissions.” 
echo “If you are not root, exit this script and re-login.” 
echo -n “Enter your Sun Update Connection – Enterprise user name:” 
read user 
echo -n “Enter your password:” 
read password 

echo -n “Enter the name of the host you want to delete:” 
read host 
echo “Stopping the agent...” 
/etc/init.d/uce_agent stop 
echo “Deleting the host...” 
uce_cli -dh -h “$host” -u “$user” -p “$password”

Profile Compliance

You can assign a profile to a managed host. You can also assign a profile to a group. Profile assignment does not limit the jobs you can run on hosts or groups. However, it does allow you to run a profile compliance check.

A profile compliance check tests whether a host complies with the requirements of its assigned profile, and to the profiles assigned to the groups to which the host belongs.

Example 4–7 Checking a Host for Profile Compliance

This example uses predefined profiles, which run tests on a complete system. Once you have created your own profiles (see Chapter 9, Profiles), that specifically define the requirements of your different machines, you can assign the appropriate profile to each host or group. In the example, you would probably change the assigned profile of the host from Check System to Web Server.

You have a host that will be a web server. You assign the Check System profile to this host. The Check System profile tests for missing or conflicting dependencies.

You assign the web server host to the test group. This group tests the integrity and stability of upgraded software. Its assigned profile is the Upgrade All Components check.

When the web server host has passed all tests, you move it to the web server production group. This group has an assigned profile of Check Security, which tests for known security holes.

At any time, you can run the profile compliance test and make sure that the web server host does not have dependency issues. While it is in the test group, you can also check, simultaneously, that all its software is upgraded. While it is in the production group, you can check (again, at the same time as you check for dependencies) that the server is secured.

To Check Profile Compliance

In this procedure, you will run a profile compliance check on a host that belongs to a group. Both the host and the group have assigned profiles. This procedure may be run by any user, of any level permissions.

1. In the Hosts list, expand a group and select a single managed host or group.

2. Do one of the following:

   • From the tool bar, click the Profile Compliance Check button.

   • Right-click the selected host and choose Profile Compliance.

   • From the Hosts menu, choose Profile Compliance Check.

   The Profile Compliance window opens.

   The Profile Compliance Check executes within seconds, resulting in compliance status for the profile attached to the host, and for the profiles attached to groups to which the host belongs.

   Select a profile in the list. Its details appear in the bottom panel.

   If the icon of a profile is marked with an exclamation mark in a red circle, the host is not compliant with that profile. Create a Complex Job to fix the issues (see Chapter 11, Complex Jobs).