Sun Cluster System Administration Guide for Solaris OS

Chapter 13 Administering Sun Cluster With the Graphical User Interfaces

This chapter provides descriptions of Sun Cluster Manager and Sun Management Center graphical user interface (GUI) tools, which you can use to administer many aspects of a cluster. It also contains procedures to configure and start Sun Cluster Manager. The online help that is included with the Sun Cluster Manager GUI provides instructions for accomplishing various Sun Cluster administrative tasks.

This chapter includes the following:

Overview of Sun Cluster Manager

Sun Cluster Manager is a GUI that enables you to graphically display cluster information, monitor configuration changes, and check the status of cluster components. Sun Cluster Manager also enables you to perform many administrative tasks for the following Sun Cluster components.

Information about installing and using Sun Cluster Manager can be found in the following locations.


Note –

However, Sun Cluster Manager currently cannot perform all Sun Cluster administrative tasks. You must use the command-line interface for some operations.


SPARC: Overview of Sun Management Center

The Sun Cluster module for Sun Management CenterTM (formerly Sun Enterprise SyMONTM) GUI console enables you to graphically display cluster resources, resource types, and resource groups. It also enables you to monitor configuration changes and check the status of cluster components. However, the Sun Cluster module for Sun Management Center cannot perform Sun Cluster configuration tasks. You must use the command-line interface for configuration operations. See “Command-Line Interface” in Chapter 1 for more information.

For information about installing and starting the Sun Cluster module for Sun Management Center, see the Chapter 8, Installing the Sun Cluster Module to Sun Management Center, in Sun Cluster Software Installation Guide for Solaris OS.

The Sun Cluster module of Sun Management Center is Simple Network Management Protocol (SNMP) compliant. Sun Cluster has created a Management Information Base (MIB) that can be used as the data definition by third-party management stations based on SNMP.

The Sun Cluster MIB file is located at /opt/SUNWsymon/modules/cfg/sun-cluster-mib.mib on any cluster node.

The Sun Cluster MIB file is an ASN.1 specification of the Sun Cluster data that is modeled. This is the same specification used by all Sun Management Center MIBs. To use the Sun Cluster MIB, refer to the instructions for using other Sun Management Center MIBs in the in “SNMP MIBs for Sun Management Centre Modules” in Sun Management Center 3.6 User's Guide.

Configuring Sun Cluster Manager

Sun Cluster Manager is a GUI that you can use to administer and view the status of all aspects of quorum devices, IPMP groups, interconnect components, and global devices. You can use the GUI in place of many of the Sun Cluster CLI commands.

The procedure for installing Sun Cluster Manager on your cluster is included in the Sun Cluster Software Installation Guide for Solaris OS. The Sun Cluster Manager online help contains instructions for completing various tasks by using the GUI.

This section contains the following procedures for reconfiguring Sun Cluster Manager after initial installation.

Setting up RBAC Roles

The Sun Cluster Manager uses RBAC to determine who has rights to administer the cluster. Several RBAC rights profiles are included in the Sun Cluster software. You can assign these rights profiles to users or to roles to give users different levels of access to Sun Cluster. For more information about how to set up and manage RBAC for Sun Cluster software, see Chapter 2, Sun Cluster and RBAC.

ProcedureHow to Use the Common Agent Container to Change the Port Numbers for Services or Management Agents

If the default port numbers for your common agent container services conflict with other running processes, you can use the cacaoadm command to change the port number of the conflicting service or management agent on each node of the cluster.

  1. On all cluster nodes, stop the common agent container management daemon.


    # /opt/bin/cacaoadm stop
    
  2. Stop Sun Java Web Console.


    # /usr/sbin/smcwebserver stop
    
  3. Retrieve the port number currently used by the common agent container service with the get-param subcommand.


    # /opt/bin/cacaoadm get-param parameterName
    

    You can use the cacaoadm command to change the port numbers for the following common agent container services. The following list provides some examples of services and agents that can be managed by the common agent container, along with corresponding parameter names.

    JMX connector port

    jmxmp-connector-port

    SNMP port

    snmp-adaptor-port

    SNMP trap port

    snmp-adaptor-trap-port

    Command stream port

    commandstream-adaptor-port

  4. Change a port number.


    # /opt/bin/cacaoadm set-param parameterName=parameterValue
    =parameterValue
    
  5. Repeat Step 4 on each node of the cluster.

  6. Restart Sun Java Web Console.


    # /usr/sbin/smcwebserver start
    
  7. Restart the common agent container management daemon on all cluster nodes.


    # /opt/bin/cacaoadm start
    

ProcedureHow to Change the Server Address for Sun Cluster Manager

If you change the hostname of a cluster node, you must change the address from which Sun Cluster Manager runs. The default security certificate is generated based on the node's hostname at the time Sun Cluster Manager is installed. To reset the node's hostname, delete the certificate file, keystore and restart Sun Cluster Manager. Sun Cluster Manager automatically creates a new certificate file with the new hostname. You must complete this procedure on any node that has had its hostname changed.

  1. Remove the certificate file, keystore, located in /etc/opt/webconsole.


    # cd /etc/opt/webconsole
    # pkgrm keystore
    
  2. Restart Sun Cluster Manager.


    # /usr/sbin/smcwebserver restart
    

ProcedureHow to Regenerate Common Agent Container Security Keys

Sun Cluster Manager uses strong encryption techniques to ensure secure communication between the Sun Cluster Manager web server and each cluster node.

The keys that Sun Cluster Manager uses are stored under the /etc/opt/SUNWcacao/security directory on each node. They should be identical across all cluster nodes.

Under normal operation, these keys can be left in their default configuration. If you change the hostname of a cluster node, you must regenerate the common agent container security keys. You might also need to regenerate the keys because a possible key compromise (for example, root compromise on the machine). To regenerate the security keys, use the following procedure.

  1. On all cluster nodes, stop the common agent container management daemon.


    # /opt/bin/cacaoadm stop
    
  2. On one node of the cluster, regenerate the security keys.


    phys-schost-1# /opt/bin/cacaoadm create-keys --force
    
  3. Restart the common agent container management daemon on the node on which you regenerated the security keys.


    phys-schost-1# /opt/bin/cacaoadm start
    
  4. Create a tar file of the /etc/cacao/instances/default directory.


    phys-schost-1# cd /etc/cacao/instances/default
    phys-schost-1# tar cf /tmp/SECURITY.tar security
    
  5. Copy the /tmp/Security.tar file to each of the cluster nodes.

  6. On each node to which you copied the/tmp/SECURITY.tar file, extract the security files.

    Any security files that already exist in the /etc/opt/SUNWcacao/ directory are overwritten.


    phys-schost-2# cd /etc/cacao/instances/default
    phys-schost-2# tar xf /tmp/SECURITY.tar
    
  7. Delete the /tmp/SECURITY.tar file from each node in the cluster.

    You must delete each copy of the tar file to avoid security risks.


    phys-schost-1# rm /tmp/SECURITY.tar
    
    phys-schost-2# rm /tmp/SECURITY.tar
    
  8. On all nodes, restart the common agent container management daemon.


    phys-schost-1# /opt/bin/cacaoadm start
  9. Restart Sun Cluster Manager.


    # /usr/sbin/smcwebserver restart
    

Starting the Sun Cluster Manager Software

The Sun Cluster Manager graphical user interface (GUI) provides an easy way to administer some aspects of the Sun Cluster software. See the Sun Cluster Manager online help for more information.

Both Sun Java Web Console and the common agent container are started automatically when you boot the cluster. If you need to verify that Sun Java Web Console and the common agent container are running, see the Troubleshooting section immediately following this procedure.

ProcedureHow to Start Sun Cluster Manager

This procedure shows how to start Sun Cluster Manager on your cluster.

  1. Determine if you intend to access Sun Cluster Manager by using the cluster node root user name and password or set up a different user name and password?

    • If you will access Sun Cluster Manager by using the cluster node root user name, go to Step 5.

    • If you intend to set up a different user name and password, go to Step 3 to set up Sun Cluster Manager user accounts.

  2. Become superuser on a cluster node.

  3. Create a user account to access the cluster through Sun Cluster Manager.

    You use the useradd(1M) command to add a user account to the system. You must set up at least one user account to access Sun Cluster Manager if you do not use the root system account. Sun Cluster Manager user accounts are used only by Sun Cluster Manager. These accounts do not correspond to any Solaris OS system user accounts. Creating and assigning an RBAC role to a user account is described in more detail in Creating and Assigning an RBAC Role With a Sun Cluster Management Rights Profile.


    Note –

    Users who do not have a user account set up on a particular node cannot access the cluster through Sun Cluster Manager from that node, nor can users manage that node through another cluster node to which the users do have access.


  4. (Optional) Repeat Step 3 to set up additional user accounts.

  5. From the administrative console or any other machine outside the cluster, start a browser.

  6. Ensure that the browser's disk and memory cache sizes are set to a value that is greater than 0.

  7. Ensure that the Java and Javascript are enables in the browser.

  8. From the browser, connect to the Sun Cluster Manager port on one node of the cluster.

    The default port number is 6789.


    https://node:6789/
    
  9. Accept any certificates that are presented by the web browser.

    The Java Web Console login page is displayed.

  10. Enter the user name and password for the user you want to access Sun Cluster Manager.

  11. Click the Log In button.

    The Java Web Console application launch page is displayed.

  12. Click the Sun Cluster Manager link under the Systems category.

  13. Accept any additional certificates that are presented by the web browser.

  14. If you cannot connect to the Sun Cluster Manager, perform the following substeps to determine if a restricted network profile was chosen during Solaris installation and to restore external access to the Java Web Console service.

    If you choose a restricted network profile during Solaris installation, external access for the Sun Java Web Console service is restricted. This network is required to use the Sun Cluster Manager GUI.

    1. Determine whether the Java Web Console service is restricted.


      # svcprop /system/webconsole:console | grep tcp_listen
      

      If the value of the tcp_listen property is not true, the web console service is restricted.

    2. Restore external access to the Java Web Console service.


      # svccfg
      svc:> select system/webconsole
      svc:/system webconsole> setprop options/tcp_listen=true
      svc:/system/webconsole> quit
      # /usr/sbin/smcwebserver restart
      
    3. Verify that the service is available.


      # netstat -a | grep 6789
      

      If the service is available, the command output returns an entry for 6789, which is the port number used to connect to Java Web Condole.

Troubleshooting

If after performing this procedure you cannot connect to Sun Cluster Manager, determine if the Sun Java Web Console is running by entering /usr/sbin/smcwebserver status. If the Sun Java Web Console is not running, manually start it by entering /usr/sbin/smcwebserver start. If you still cannot connect to Sun Cluster Manager, determine if the common agent container is running by entering usr/bin/cacoadm status. If the common agent container is not running, manually start it by entering /usr/sbin/cacoadm start.