Spare SSP

The following table and figure describe the spare SSP network configuration.

Figure 2-3 Spare SSP Network Configuration

In Figure 2-3, the Built-in port on the main SSP and the spare SSP is le0 for a Sparcstation 5 and hme0 for a Sun Ultra 5.

To Configure Your SSP Network

This procedure provides instructions for configuring your SSP network in one of the three configurations discussed earlier in this chapter.

1. Log in to the SSP and assume the root role.

   Do the following steps as root at the label admin_low.

2. Create the /etc/hostname.* configuration files.

   If you need to view your network controllers, use ifconfig -a.

   For example, if you are using a QuadFastEthernet^TM (QFE) card, model 1049A, in the two-subnet, three-subnet, or spare SSP network configuration on a Sun Ultra 5, you need the following files:

   • /etc/hostname.qfe0 -- contains the current SSP host name; it configures the primary subnet, dom_subnet.

   • /etc/hostname.hme0 -- contains ssp_hostname-hme0; it configures the second subnet, cb0_subnet.

   The following file is also needed if you are using either the three-subnet or spare SSP configuration:

   • /etc/hostname.qfe1 -- contains ssp_hostname-qfe1; it configures the third subnet, cb1_subnet.

   ---

   Example 2-1 SSP with hostname xf4-ssp

   
   

   File Name	File Contents
   /etc/hostname.qfe0	xf4-ssp
   /etc/hostname.hme0	xf4-ssp-hme0
   /etc/hostname.qfe1	xfe-ssp-qfe1

   ---

3. Set the contents of the defaultrouter file to the IP address of the primary network interface:

   ---

   ssp# echo primary_network_IP_address > /etc/defaultrouter
   

   ---

4. Manually update your name service hosts registry to include the host names and IP addresses of your control board(s) and other hosts, such as domains and the SSP.

   This can involve updating the Network Information Service (NIS+), or the /etc/hosts file, or the Domain Name Service (DNS).

   The following example shows the typical modifications for an /etc/hosts file:

   ---

   # Internet host table
   127.0.0.1  localhost
   0.0.0.0   tsol_default 
   # Entries for dom_subnet.
   www.xxx.yyy.zzz domain1_hostname
   www.xxx.yyy.zzz domain2_hostname
   ...
   www.xxx.yyy.zzz domainn_hostnname(n is the number of domains)
   #
   # Entries on both ssp's. 
   # NOTE : On the spare SSP, make sure "loghost" 
   # belongs to the spare.
   #
   www.xxx.yyy.zzz main_ssp_hostname loghost
   www.xxx.yyy.zzz spare_ssp_hostname
   #
   # The next three entries need to be on cb0_subnet.
   #
   www.xxx.yyy.zzz main_ssp_hostname-hme0
   www.xxx.yyy.zzz spare_ssp_hostname-hme0
   www.xxx.yyy.zzz cb0_hostname
   #
   # The next three entries need to be on cb1_subnet. 
   #
   www.xxx.yyy.zzz main_ssp_hostname-qfe1
   www.xxx.yyy.zzz spare_ssp_hostname-qfe1
   www.xxx.yyy.zzz cb1_hostname
   

   ---

   Here is an example of a main SSP's /etc/hosts file. In this example, the SSP is configured as follows:

   • xf4 and xf4-b3 are host domains.

   • xf4-ssp is the main SSP and xf4-ssp1 is the spare SSP.

   • xf4-cb0 and xf4-cb1 are the host names for the two control boards.

   ---

   #/etc/hosts
   #
   127.0.0.1  localhost
   0.0.0.0   tsol_default 
   #dom_subnet (www.xxx.49.zzz). The 49 subnet
   #
   129.153.49.8    xf4
   129.153.49.9    xf4-b3
   129.153.49.113  xf4-ssp loghost
   129.153.49.114  xf4-ssp1
   #
   #cb0_subnet (www.xxx.151.zzz). The 151 subnet
   #
   129.153.151.113 xf4-ssp-hme0
   129.153.151.114 xf4-ssp1-hme0
   129.153.151.123 xf4-cb0
   #
   #cb1_subnet (www.xxx.152.zzz). The 152 subnet
   #
   129.153.152.113 xf4-ssp-qfe1
   129.153.152.114 xf4-ssp1-qfe1
   129.153.152.127 xf4-cb1

   ---

   The /etc/hosts file is a link to the /etc/inet/hosts file.

   ---

   Note -

   The SSP and the host domains must be on the same subnet so you can boot domains from the network.

   ---

5. Manually update your name service ethers registry to include the Ethernet addresses for the domain(s), SSP(s), and control board(s).

   You need to update NIS+, or the /etc/ethers file. For example:

   ---

   08:00:20:ac:5b:ba       xf4-ssp
   08:00:20:b0:64:78       xf4-ssp1
   00:00:be:a6:55:88       xf4
   00:00:be:a6:6f:89       xf4-b3
   00.00.be.01.00.1e       xf4-cb0
   00.00.be.01.00.57       xf4-cb1

   ---

   ---

   Note -

   The Ethernet address of the control board(s) is located on the front of each control board.

   ---

6. Update the tnrhdb(4) file to indicate the template for the SSP(s), domain(s), control board(s) and interface(s).

   You need to update the NIS+ tnrhdb table, or the /etc/security/tsol/tnrhdb file. For example, if the E10000 is configured as follows:

   ---

   Example 2-2 Tnrhdb Information for SSP xf4-ssp (129.153.49.113)

   
   

   Main SSP	xf4-ssp (129.153.49.113)
   	Is running the Trusted Solaris 7 operating environment.
   Interfaces	xf4-ssp-hme0 (129.153.151.113)
   	xf4-ssp-qfe1 (129.153.152.113)
   Spare SSP	xf4-ssp1 (129.153.49.114)
   	Is running the Trusted Solaris 7 operating environment.
   Interfaces	xf4-ssp1-hme0 (129.153.151.114)
   	xf4-ssp1-qfe1 (129.153.152.114)
   Domain1	xf4 (129.153.49.8)
   	Is running the Trusted Solaris 7 operating environment.
   Domain2	xf4-b3 (129.153.49.9)
   	Is running the Solaris 7 operating environment.
   Control boards	xf4-cb0 (129.153.151.123)
   	xf4-cb1 (129.153.152.127)

   1. Its tnrhdb file or NIS+ table has the following entries:

      # /etc/security/tsol/tnrhdb
      #
      # Assume that template unlab and tsol is defined in the tnrhtp database.
      #
      127.0.0.1:tsol
      0.0.0.0:unlab
      129.153.49.113:tsol
      129.153.151.113:tsol
      129.153.152.113:tsol
      129.153.49.114:tsol
      129.153.151.114:tsol
      129.153.152.114:tsol
      129.153.49.8:tsol
      129.153.49.9:unlab
      129.153.151.123:unlab
      129.153.152.127:unlab

   2. If there are other Solaris or Trusted Solaris machines that the SSP needs to communicate with, they also need to be viewed by the SSP using the correct template. This would require additional entries in this /etc/security/tsol/tnhdb file.

   3. Depending on the site's configuration, you might also need to update tnrhdb files on other Trusted Solaris machines so that they can communicate with the freshly installed SSP using the correct template.

   ---

7. Update the /etc/inet/netmasks file.

   If the netmasks file does not contain the netmask for all the network numbers used in the /etc/inet file.

   ---

   For example, if the /etc/hosts file defines the control boards to be:

   10.100.100.100  ctrl_brd_0
   10.100.101.100  ctrl_brd_1

   The /etc/inet/netmasks file would need to have an entry:

   10.100.0.0      255.255.255.0

   ---

8. Update the /etc/default/login file to allow remote login to the root role from any workstation.

   Comment out the CONSOLE=/dev/console line in the /etc/default/login file, as in:

   #CONSOLE=/dev/console

   Requirements for remote login are discussed in greater detail in "Remote Administration Options" in Trusted Solaris Administrator's Procedures.

9. Edit the /etc/nsswitch.conf file on the main SSP and the spare SSP.

   If you are using local configuration files, the lines in the /etc/nsswitch.conf files are similar to the following example:

   ---

   hosts:      files
   ethers:     files
   netmasks:   files
   bootparams: files
   netmasks:   files
   tnrhtp:     files
   tnrhdb:     files
   tsoluser:   files
   tsolprof:   files

   ---

   For NIS+, the lines in the file are similar to the following example:

   ---

   hosts:      files nisplus
   ethers:     files nisplus
   netmasks:   files nisplus
   bootparams: files nisplus
   tnrhtp:     nisplus files
   tnrhdb:     nisplus files
   tsoluser:   nisplus files
   tsolprof:   files nisplus

   ---

   ---

   Note -

   The name server information (NIS+) is dependent on your network configuration.

   ---

10. Reboot the SSP.