C H A P T E R 1 |
Sun SPARC Enterprise M8000/M9000 Servers Product Notes for XCP 1091 |
This document covers changes introduced in the XCP 1090 and XCP 1091 firmware releases. This chapter contains the following sections:
For more information, see Airflow Indicator.
The Airflow indicator, added in XCP 1090, confirms the amount of airflow emitted while the SPARC Enterprise M8000/M9000 servers are up and running.
The Airflow indicator value indicates the volume of air exhausted from the server. The values do not include the peripheral devices. To display the amount of exhaust air, use the showenvironment air command.
Note - Airflow monitoring measurement values are for reference only. |
For details of the showenvironment(8) command, refer to the man page.
You can also obtain the exhaust air data using the SNMP agent function. To obtain the data of exhaust air using the SNMP agent function, install the latest XSCF extension MIB definition file to the SNMP manager. For details on the XSCF extension MIB definition file, see the SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers XSCF User’s Guide.
The XCP 1091 release introduces support for the Active Directory and LDAP over SSL features.
Active Directory and LDAP over SSL each provide both authentication of user credentials and authorization of the user access level to networked resources. They use authentication to verify the identity of users before they can access system resources, and to grant specific access privileges to users in order to control their rights to access networked resources.
User privileges are either configured on XSCF or learned from a server based on each user’s group membership in a network domain. A user can belong to more than one group. Active Directory or LDAP over SSL authenticates users in the order in which the users’ domains are configured. (A user domain is the authentication domain used to authenticate a user.)
Once authenticated, user privileges can be determined in the following ways:
Three types of groups can be configured: administrator, operator, and custom. To configure an administrator or operator group, only group name is required.
An administrator group has platadm, useradm, and auditadm privileges associated with it. An operator group has platop, and auditop privileges associated with it. To configure a custom group, both group name and privileges are required. For each type of group, up to five groups can be configured. A user assigned to more than one group receives the sum of all privileges associated with those groups.
To support these new features, two new configuration screens, Active Directory and LDAP over SSL, have been added to the Settings menu of the XSCF Web. Remote users can log in and use the XSCF Web once they have been authenticated by Active Directory or LDAP over SSL.
The commands setad(8) and showad(8) let you set and view the Active Directory configuration from the command line.
By default, Active Directory support is disabled. To enable Active Directory support, use the following command:
To disable Active Directory support, use the following command:
To show if Active Directory support is enabled or disabled, enter: :
Use the setad command with its various parameters to configure Active Directory. For example, you can use it to set up one primary and five alternate Active Directory servers, assign group names and privileges, configure a particular user domain, control logging of diagnostic messages, and more. A user domain can be configured explicitly through the setad userdomain command on XSCF, or entered at login prompt using the form, user@domain.
See the setad(8) and showad(8) man pages, and the note about these commands in TABLE 3-8.
The commands setldapssl(8) and showldapssl(8) let you set and view LDAP over SSL configuration from the command line. These commands do for LDAP over SSL what the setad(8) and showad(8) commands do for Active Directory, and support many of the same parameters.
For more information, see the setldapssl(8) and showldapssl(8) man pages.
To support Active Directory and LDAP over SSL, this release features a new system account named proxyuser. Verify that no user account of that name already exists. If one does, use the deleteuser(8) command to remove it, then reset XSCF before using the Active Directory or LDAP over SSL feature.
Note - This section was updated in May 2010. |
The Solaris Operating System and Sun Java Enterprise System software are preinstalled on new Sun SPARC Enterprise M3000 Servers.
TABLE 1-1 lists the first firmware and operating system (OS) version to support SPARC64 VI and SPARC64 VII processors..
Solaris 10 11/06 - with patches[1] required |
||
Solaris 10 8/07 - with patches* required |
||
Solaris 10 8/07 - with patches* required |
||
Solaris 10 8/07 - with the Solaris 10 10/09 Patch Bundle required. |
Note - As for all releases, installation of the SunAlert Patch Cluster is recommended. Also, note that the Solaris 10 10/09 Patch Bundle is also known as MU8. |
Many web browsers support the XSCF Web. The browsers in TABLE 1-2 have demonstrated compatibility with the XSCF Web through testing.
This section lists mandatory patches, patch bundles, and SunAlert patch clusters for the M8000/M9000 servers. Always refer to the patch README for information about patch requirements and special installation instructions.
The patch identifiers listed in this section represent the minimum level of the patches that must be installed. The two-digit suffix represents the minimum revision level of the patch. Check http://sunsolve.sun.com for the latest patch revision. Apply patches in the order listed.
The Solaris 10 10/09 Patch Bundle is required, and the SunAlert Patch Cluster is recommended. See:
http://sunsolve.sun.com/show.do?target=patches/patch-access
The Solaris 10 10/09 Patch Bundle is required, and the SunAlert Patch Cluster is recommended. See:
http://sunsolve.sun.com/show.do?target=patches/patch-access
The Solaris 10 10/09 Patch Bundle is required, and and the SunAlert Patch Cluster is recommended. See:
http://sunsolve.sun.com/show.do?target=patches/patch-access
Patch 137137-09 - SunOS 5.10: kernel patch.
http://sunsolve.sun.com/show.do?target=patches/patch-access
Note - See http://sunsolve.sun.com/search/document.do?assetkey=1-62-252447-1 |
The following patches are required for Solaris 10 8/07 OS only on servers containing SPARC64 VII 2.52 GHz processors. Install them in the order listed:
1. 119254-51 - SunOS 5.10: Install and Patch Utilities Patch
2. 125891-01 - SunOS 5.10: libc_psr_hwcap.so.1 patch
3. 127755-01 - SunOS 5.10: Fault Manager patch
4. 127127-11 - SunOS 5.10: kernel patch
Solaris 10 8/07 OS with patch 127127-11 might panic/trap during normal domain operation. (CR 6720261) To prevent this you must set the following parameter in the system specification file (/etc/system):
In addition, you cannot do a fresh install of the Solaris 10 8/07 OS on a domain that contains SPARC64 VII processors. The following two workarounds apply:
Caution - For Sun SPARC Enterprise M8000/M9000 servers running Solaris 10 11/06 OS, patches 123003-03 and 124171-06 must be installed on your system prior to using Sun Connection Update Manager. These patches are available from http://sunsolve.sun.com. |
The following patches are required for Solaris 10 11/06 OS. Note that Solaris 10 11/06 does not support SPARC64 VII processors, even with these required patches. Install the patches in the order in which they are listed:
1. 118833-36 - Reboot your domain before proceeding.
2. 125100-10 - See the patch README file for a list of other patch requirements.
8. 125127-01 - Reboot your domain before proceeding.
The Sunsm Connection Update Manager can be used to reinstall the patches if necessary or to update the system with the latest set of mandatory patches. For more information about the Sun Connection Update Manager, refer to the Sun Update Connection System Administration Guide at:
http://docs.sun.com/app/docs/prod/updconn.sys
http://wikis.sun.com/display/SunConnection/Update+Manager
Installation information and README files are included in the patch downloads.
There are two options available to register your system and to use the Sun Connection Update Manager to obtain the latest Solaris OS patches:
For more information, refer to the Sun Update Connection documentation at the links mentioned previously.
For more information, refer to the smpatch(1M) man page or the reference manual collection for your version of Solaris.
Caution - For Sun SPARC Enterprise M8000/M9000 servers running Solaris 10 11/06 OS, patches 123003-03 and 124171-06 must be installed on your system prior to using Sun Connection Update Manager. These patches are available from http://sunsolve.sun.com. |
The following Emulex cards require drivers supplied in patch 120222-27:
The following QLogic cards require drivers supplied in patch 125166-10:
You can upgrade to XCP 1090 or XCP 1091 from XCP version 1050 or higher. Refer to the Sun SPARC Enterprise M3000M4000/M5000/M8000/M9000 Servers XSCF User’s Guide for instructions.
Note - After updating the firmware to XCP 1090 or XCP 1091, use the rebootxscf(8) command to reset the XSCF. |
If you are currently running a version earlier than XCP 1050, you cannot directly update to XCP 1090 or XCP 1091. You must first update to an interim version of XCP (between 1050 and 1070, inclusive). Contact your Oracle representative for access to older XCP releases.
Note - Use the deleteuser(8) command to delete any accounts named admin prior to updating to XCP 1050 or later. The admin account name is reserved starting in XCP 1050. |
On a domain that has been in operation during the update to XCP 1090 or XCP 1091 from a version between XCP 1050 and 1070 (inclusive), when you perform dynamic reconfiguration (DR) to add or replace a SPARC64 VII processor, you need to update the OpenBoot PROM firmware. The OpenBoot PROM firmware is updated as you update the XCP and restart the domain. For this reason, restart all the domains after you update the firmware to the latest XCP release, regardless of whether you added or replaced a SPARC64 VII processor.
This section describes issues and limitations known at the time of this release.
Caution - You must complete the upgrades to the XCP firmware and to the Solaris OS before inserting SPARC 64 VII processors into the chassis. |
Caution - For dynamic reconfiguration (DR) and hot-plug issues, see Solaris OS Issues and Workarounds. |
http://wikis.sun.com/display/PlatformIoSupport/Home/
This section describes additional issues and limitations known at the time of this release.
In addition to the standard default login, M3000/M4000/M5000/M8000/M9000 servers are delivered with a temporary login called admin to enable remote initial login, through a serial port. The admin user privileges are fixed to useradm and cannot be changed. You cannot log in as temporary admin using the standard UNIX user name and password authentication or SSH public key authentication. The temporary admin account has no password, and one cannot be added for it.
The temporary admin account is disabled after someone logs in as the default user, or after someone logged in as temporary admin has successfully added the first user with valid password and privileges.
If, before the default login is used, you cannot log in as temporary admin, you can determine if someone else has done so by executing the showuser -l command.
The WAN boot installation method enables you to boot and install software over a wide area network (WAN) by using HTTP. To support booting the M8000/M9000 servers from a WAN boot server, you must have the appropriate wanboot executable installed and OpenBoot version 4.24 or above to provide the needed hardware support.
For information about WAN boot servers, refer to the Solaris 10 Installation Guide: Network-Based Installations for the version of Solaris 10 OS that you are using. You can find Solaris 10 OS documentation here:
http://docs.sun.com/app/docs/prod/solaris.10
If you do not upgrade the wanboot executable, the server will panic, with messages similar to the following:
krtld: load_exec: fail to expand cpu/$CPU krtld: error during initial load/link phase panic - boot: exitto64 returned from client program |
The Sun Java Enterprise System is a comprehensive set of software and life cycle services that make the most of your software investment. The software and installation instructions can be found at the following web address:
http://www.sun.com/software/javaenterprisesystem/index.jsp
The software might not include patches that are mandatory for your server. After installing the software, refer to Solaris Patch Requirements for information about checking for and installing required patches.
For an overview and documentation, go to:
http://www.sun.com/service/javaes/index.xml
Note - Due to an issue that arises from the installation of the Java Enterprise System 5 Update 1 on your system (CR 6644798), it might be necessary to enable the Web Console SMF service. |
Log in to a terminal as root, then enable the service.
If you have to reload the software, go to the following web site for download and installation instructions:
http://www.sun.com/software/preinstall
If you download a fresh copy of software, that software might not include patches that are mandatory for your server. Before installing the software, refer to Solaris Patch Requirements for information about checking for and installing required patches.
Copyright © 2010, Oracle and/or its affiliates. All rights reserved.