The masfcnv Migration Script

This section provides a procedure to migrate the configuration of the Sun SNMP Management Agent for Sun Fire and Netra Systems to the SMA. The procedure uses the masfcnv script. This script is designed specifically for migrating to the SMA SNMP agent from the Sun SNMP Management Agent for Sun Fire and Netra Systems.

The ./masfcnv migration script is located at /usr/sfw/lib/sma_snmp. The ./masfcnv migration script performs the following functions:

• The script migrates USM (SNMP) user names and passwords. The script checks that USM user names migrated from the Sun SNMP Management Agent for Sun Fire and Netra Systems to the SMA do not already exist in the SMA. If a duplicate exists, you need to determine whether the identified user should be treated as the same user in the SMA. For information on USM within the SMA, see Using USM for Authentication and Message Privacy.

  You must decide whether you want to migrate the Sun SNMP Management Agent for Sun Fire and Netra Systems key that is associated with that user. The alternative is to continue to use the existing System Management Agent key for that user. The Sun SNMP Management Agent for Sun Fire and Netra Systems only supports MD5 based keys. The SMA supports additional authentication schemes such as SHA and encryption (DES) for SNMP requests. A migrated user is therefore be unable to use these additional capabilities until the necessary keys have been configured. However, access based on MD5 authentication is available to such users. For more information on authentication and encryption, see Authentication Protocol Algorithms.

• The script uses the snmpd.conf template file that is located at /usr/sfw/lib/sma_snmp/. The script uses this template file to create a new snmpd.conf agent configuration file. This new snmpd.conf agent configuration file is specifically for the Sun SNMP Management Agent for Sun Fire and Netra Systems. This new snmpd.conf agent configuration file is installed at /etc/opt/SUNWmasf/conf/. The Sun SNMP Management Agent for Sun Fire and Netra Systems uses this new snmpd.conf agent configuration file to modify the SMA main configuration file. The Sun SNMP Management Agent for Sun Fire and Netra Systems also uses its agent configuration file to modify the SMA persistent storage file at /var/sma_snmp/snmpd.conf.

  For more information on SMA configuration files, see Configuration Files and Scripts.

• The script replaces Sun SNMP Management Agent for Sun Fire and Netra Systems configuration files by a default configuration. This default configuration sets up the Sun SNMP Management Agent for Sun Fire and Netra Systems as an AgentX subagent.

• The script makes back ups of the changed configuration files. Configuration file back ups are made by appending the extension .bak.n to the filename where n is an optional number.

• The script replaces the existing Sun SNMP Management Agent for Sun Fire and Netra Systems startup script in /etc/init.d with a new script.

• The script migrates the VACM configuration. The Sun SNMP Management Agent for Sun Fire and Netra Systems configuration related to the OID space used by the SUN MIB is migrated automatically. VACM configuration can be related to other OIDs. For example, VACM information can be related to the system branch in MIB-II. If VACM information is related to other OIDs, you must confirm if migration is required. For more information on VACM, see Using VACM for Access Control.

• The script migrates trap destinations from the Sun SNMP Management Agent for Sun Fire and Netra Systems to the SMA. Entries originally configured for both agents do not result in duplicate entries in the migrated configuration.

• The script migrates community strings from the Sun SNMP Management Agent for Sun Fire and Netra Systems to the SMA. You are advised if an identical string is configured for both agents.

After migration, the SMA provides SNMP access on its standard ports 161/162. The SMA provides access on other ports if you configure it. The SMA also provides SNMP access on the ports previously used by the Sun SNMP Management Agent for Sun Fire and Netra Systems. All ports provide access to the same set of OIDs. These OIDs include OIDs used by the SUN-PLATFORM-MIB as used by the Sun SNMP Management Agent for Sun Fire and Netra Systems. You can configure additional access controls to limit the visibility of data on a user basis.

If you are migrating user names and passwords from the Sun SNMP Management Agent for Sun Fire and Netra Systems, the engineID used by the SMA must be the same as that previously used by the Sun SNMP Management Agent for Sun Fire and Netra Systems. USM, used by SNMPv3, embeds the engineID into the keys used for authentication. If you have configured the SMA to use a different engineID to that of the Sun SNMP Management Agent for Sun Fire and Netra Systems, you must determine which engineID to use. If the engineID is different to that originally used by the Sun SNMP Management Agent for Sun Fire and Netra Systems, reset those passwords used by migrated users. For more information on the USM, see Using USM for Authentication and Message Privacy.

For further information on the masfcnv script, see the masfcnv(1M) man page.

In all cases, the Sun SNMP Management Agent for Sun Fire and Netra Systems agent runs independently of the Solstice Enterprise Agents' executable, snmpdx. If you stop the Sun SNMP Management Agent for Sun Fire and Netra Systems agent, you do automatically stop the Solstice Enterprise Agents software. You must migrate to the System Management Agent from the Solstice Enterprise Agents software. For more information, see Migration From Solstice Enterprise Agents Software.

To Migrate From the Sun SNMP Management Agent for Sun Fire and Netra Systems to the SMA

1. As root, stop both the System Management Agent and the masfd agents.

   # svcadm disable svc:/application/management/sma:default # /etc/init.d/masfd stop

   Any other agents that have been configured as subagents of SMA also need to be stopped and restarted after the migration is complete.

2. Perform a test migration to determine the effect of running the migration script.

   A test migration is useful if you have made significant configuration changes to the System Management Agent.

   # cd /usr/sfw/lib/sma_snmp # ./masfcnv --dry-run -i -p enable --select-community=agent

   If this dry run completes successfully, the proposed SMA configuration files are be presented in the standard output. Review this output before proceeding. The configuration of the Sun SNMP Management Agent for Sun Fire and Netra Systems is migrated to the SMA by the ./masfcnv migration script. If a conflict arises in the configuration, see the masfcnv(1M) man page for information on its resolution.

3. Run the migration script.

   # cd /usr/sfw/lib/sma_snmp # ./masfcnv -i -p enable --select-community=agent

4. As root, restart both the System Management Agent and the Sun SNMP Management Agent for Sun Fire and Netra Systems.

   # svcadm enable svc:/application/management/sma:default # /etc/init.d/masfd start

   The Sun SNMP Management Agent for Sun Fire and Netra Systems is then reconfigured to run as a subagent under the System Management Agent. Any other agents that have been configured as subagents of the System Management Agent also need to be restarted after the migration is complete.

   After migration to the SMA from the Sun SNMP Management Agent for Sun Fire and Netra Systems, the Sun Fire hardware instrumentation becomes accessible to SNMP applications through the SMA. The SMA uses the same port that was previously used by the Sun SNMP Management Agent for Sun Fire and Netra Systems.