JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Solaris Cluster System Administration Guide
search filter icon
search icon

Document Information

Preface

1.  Introduction to Administering Oracle Solaris Cluster

2.  Oracle Solaris Cluster and RBAC

3.  Shutting Down and Booting a Cluster

4.  Data Replication Approaches

5.  Administering Global Devices, Disk-Path Monitoring, and Cluster File Systems

6.  Administering Quorum

7.  Administering Cluster Interconnects and Public Networks

8.  Adding and Removing a Node

9.  Administering the Cluster

10.  Configuring Control of CPU Usage

11.  Patching Oracle Solaris Cluster Software and Firmware

12.  Backing Up and Restoring a Cluster

13.  Administering Oracle Solaris Cluster With the Graphical User Interfaces

Overview of Oracle Solaris Cluster Manager

SPARC: Overview of Sun Management Center

Configuring Oracle Solaris Cluster Manager

Setting up RBAC Roles

How to Use the Common Agent Container to Change the Port Numbers for Services or Management Agents

How to Change the Server Address for Oracle Solaris Cluster Manager

How to Regenerate Common Agent Container Security Keys

Starting the Oracle Solaris Cluster Manager Software

How to Start Oracle Solaris Cluster Manager

A.  Example

Index

Configuring Oracle Solaris Cluster Manager

Oracle Solaris Cluster Manager is a GUI that you can use to administer and view the status of all aspects of quorum devices, IPMP groups, interconnect components, and global devices. You can use the GUI in place of many of the Oracle Solaris Cluster CLI commands.

The procedure for installing Oracle Solaris Cluster Manager on your cluster is included in the Oracle Solaris Cluster Software Installation Guide. The Oracle Solaris Cluster Manager online help contains instructions for completing various tasks by using the GUI.

This section contains the following procedures for reconfiguring Oracle Solaris Cluster Manager after initial installation.

Setting up RBAC Roles

The Oracle Solaris Cluster Manager uses RBAC to determine who has rights to administer the cluster. Several RBAC rights profiles are included in the Oracle Solaris Cluster software. You can assign these rights profiles to users or to roles to give users different levels of access to Oracle Solaris Cluster. For more information about how to set up and manage RBAC for Oracle Solaris Cluster software, see Chapter 2, Oracle Solaris Cluster and RBAC.

How to Use the Common Agent Container to Change the Port Numbers for Services or Management Agents

If the default port numbers for your common agent container services conflict with other running processes, you can use the cacaoadm command to change the port number of the conflicting service or management agent on each node of the cluster.

  1. On all cluster nodes, stop the common agent container management daemon.
    # /opt/bin/cacaoadm stop
  2. Stop Sun Java Web Console.
    # /usr/sbin/smcwebserver stop
  3. Retrieve the port number currently used by the common agent container service with the get-param subcommand.
    # /opt/bin/cacaoadm get-param parameterName

    You can use the cacaoadm command to change the port numbers for the following common agent container services. The following list provides some examples of services and agents that can be managed by the common agent container, along with corresponding parameter names.

    JMX connector port

    jmxmp-connector-port

    SNMP port

    snmp-adapter-port

    SNMP trap port

    snmp-adapter-trap-port

    Command stream port

    commandstream-adapter-port

  4. Change a port number.
    # /opt/bin/cacaoadm set-param parameterName=parameterValue =parameterValue
  5. Repeat Step 4 on each node of the cluster.
  6. Restart Sun Java Web Console.
    # /usr/sbin/smcwebserver start
  7. Restart the common agent container management daemon on all cluster nodes.
    # /opt/bin/cacaoadm start

How to Change the Server Address for Oracle Solaris Cluster Manager

If you change the hostname of a cluster node, you must change the address from which Oracle Solaris Cluster Manager runs. The default security certificate is generated based on the node's hostname at the time Oracle Solaris Cluster Manager is installed. To reset the node's hostname, delete the certificate file, keystore and restart Oracle Solaris Cluster Manager. Oracle Solaris Cluster Manager automatically creates a new certificate file with the new hostname. You must complete this procedure on any node that has had its hostname changed.

  1. Remove the certificate file, keystore, located in /etc/opt/webconsole.
    # cd /etc/opt/webconsole
    # pkgrm keystore
  2. Restart Oracle Solaris Cluster Manager.
    # /usr/sbin/smcwebserver restart

How to Regenerate Common Agent Container Security Keys

Oracle Solaris Cluster Manager uses strong encryption techniques to ensure secure communication between the Oracle Solaris Cluster Manager web server and each cluster node.

The keys that Oracle Solaris Cluster Manager uses are stored under the /etc/opt/SUNWcacao/security directory on each node. They should be identical across all cluster nodes.

Under normal operation, these keys can be left in their default configuration. If you change the hostname of a cluster node, you must regenerate the common agent container security keys. You might also need to regenerate the keys because a possible key compromise (for example, root compromise on the machine). To regenerate the security keys, use the following procedure.

  1. On all cluster nodes, stop the common agent container management daemon.
    # /opt/bin/cacaoadm stop
  2. On one node of the cluster, regenerate the security keys.
    phys-schost-1# /opt/bin/cacaoadm create-keys --force
  3. Restart the common agent container management daemon on the node on which you regenerated the security keys.
    phys-schost-1# /opt/bin/cacaoadm start
  4. Create a tar file of the /etc/cacao/instances/default directory.
    phys-schost-1# cd /etc/cacao/instances/default
    phys-schost-1# tar cf /tmp/SECURITY.tar security
  5. Copy the /tmp/Security.tar file to each of the cluster nodes.
  6. On each node to which you copied the/tmp/SECURITY.tar file, extract the security files.

    Any security files that already exist in the /etc/opt/SUNWcacao/ directory are overwritten.

    phys-schost-2# cd /etc/cacao/instances/default
    phys-schost-2# tar xf /tmp/SECURITY.tar
  7. Delete the /tmp/SECURITY.tar file from each node in the cluster.

    You must delete each copy of the tar file to avoid security risks.

    phys-schost-1# rm /tmp/SECURITY.tar
    
    phys-schost-2# rm /tmp/SECURITY.tar
  8. On all nodes, restart the common agent container management daemon.
    phys-schost-1# /opt/bin/cacaoadm start
  9. Restart Oracle Solaris Cluster Manager.
    # /usr/sbin/smcwebserver restart