C H A P T E R 2 |
Configuring System Access Parameters |
This chapter describes how to configure system access settings. It contains the following sections:
Note - For instructions on accessing the CLI commands and GUI functions described in this chapter, see Using the Administrative Interfaces. |
The 5800 system exports two IP addresses per cell for system access: one for administrative access and one for data access. To administer and monitor data on each cell in the system, you must configure the administrative and data IP addresses for each cell.
The gateway is the router that connects the local subnet on which the 5800 system resides to the larger network. You must configure a default gateway for each 5800 system cell, to enable information about the system to be available on the network.
You can also set the service node IP address on each cell, control which clients on the network have access to the data on the system, and change the administrative password and public key.
The following IP addresses are reserved for use by the 5800 system. Do not configure any hosts on your network with these addresses:
The administrative IP address is the address exported by the 5800 system for administrative access to a cell. You configure the administrative IP address on a per-cell basis.
To Configure the Administrative IP Address Using the CLI |
Assign an administrative IP address with the command
cellcfg --cellid cellid --admin_ip ip_address.
ST5800 $ cellcfg --cellid 1 --admin_ip 10.7.224.41
To Configure the Administrative IP Address Using the GUI |
1. From the navigation panel, choose Configuration > System Access.
3. Select the cell for which you want to configure an administrative IP address.
4. Type the administrative IP address in the Administrative IP Address box.
5. (Optional) If you want to configure the data IP address, the service node IP address, or the gateway address or mask, change those settings now so that the system only reboots once for the changes to take effect.
7. Repeat steps 1-6 for each cell for which you want to configure the administrative IP address.
The data IP address is the address exported by the 5800 system for access to the data stored on a cell. You configure the data IP address on a per-cell basis.
To Configure the Data IP Address Using the CLI |
Assign a data IP address with the command
cellcfg --cellid cellid --data_ip ip_address.
ST5800 $ cellcfg --cellid 2 --data_ip 10.7.224.42
To Configure the Data IP Address Using the GUI |
1. From the navigation panel, choose Configuration > System Access.
3. Select the cell for which you want to configure the data IP address.
4. Type the data IP address in the Data IP Address box.
5. (Optional) If you want to configure the administrative IP address, the service node IP address, or the gateway address or mask, change those settings now so that the system only reboots once for the changes to take effect.
7. Repeat steps 1-6 for each cell for which you want to configure the data IP address.
The service node IP address is the address of the server for the cell. The 5800 system uses the service node for configuration, troubleshooting, and upgrading the system software. If there is a conflict between the default IP address on the service node (10.7.227.100) and an address on your network, you can set a new address for the service node. You configure the service node IP address on a per-cell basis.
Note - Only qualified Sun service personnel should access the 5800 system using the service node. |
To Configure the Service Node IP Address Using the CLI |
Assign the service node IP with the command
cellcfg --cellid cellid --service_node_ip ip_address.
ST5800 $ cellcfg --cellid 2 --service_node_ip 10.7.224.40
To Configure the Service Node IP Address Using the GUI |
1. From the navigation panel, choose Configuration > System Access.
3. Select the cell for which you want to configure the service node IP address.
4. Type the service node IP address in the Service Node IP Address box.
5. (Optional) If you want to configure the administrative IP address, the data IP address, or the gateway address or mask, change those settings now so that the system only reboots once for the changes to take effect.
7. Repeat steps 1-6 for each cell for which you want to configure a service node IP address.
The gateway is the router that connects the local subnet on which the 5800 system resides to the larger network. You must configure a default gateway for each 5800 system cell, to enable information about the system to be available on the network. You configure the gateway on a per-cell basis.
Note - The 5800 system will not boot up correctly if the gateway address that you configure is not a valid IP address on the same network as the 5800 system service node IP address. (See Service Node IP Address.) The system can boot up if the gateway you configure is down, or even if the gateway is not an actual “live” machine, but the system cannot boot if the gateway IP address is invalid or is not reachable from the service node. |
To Configure a Gateway Using the CLI |
Configure the default gateway using the command
cellcfg --cellid cellid --gateway ip_address --subnet subnet_mask.
To Configure a Gateway Using the GUI |
1. From the navigation panel, choose Configuration > System Access.
3. Select the cell for which you want to configure the gateway.
4. Type the gateway IP address in the Gateway Address box.
5. Type the subnet mask in the Subnet Mask box.
6. (Optional) If you want to change the data IP address, the administrative IP address, or the service node IP address, change those settings now, so that the system only reboots once for the changes to take effect.
8. Repeat steps 1-7 for each cell for which you want to configure a gateway.
The administrative password allows you to access the 5800 system CLI commands and also to perform configuration and administrative tasks using the GUI. The default password is admin. Passwords are case-sensitive.
You set the administrative password on a per-hive basis.
To Configure the Administrative Password Using the CLI |
Log in to the CLI and change the password interactively with the passwd command.
ST5800 $ passwd Enter current password:XXXXX Enter new password:XXXXXX Re-enter new password:XXXXXX CLI admin: The admin password has been changed successfully. ST5800 $ |
To Configure the Administrative Password Using the GUI |
1. From the navigation panel, choose Configuration > System Access.
2. Click Change Admin Password.
3. Type the current password in the Current Password field.
(If there is no current password, leave this field blank.)
4. Type the password you would like to use in the New Password field.
5. Type the new password again in the Reenter Password field.
A public key allows you to log in to the 5800 system from client systems carrying the private version of the key without using a password. You might want to use this feature so that you can execute scripts of CLI commands from a specific client. See To Create and Execute a Script for CLI Commands for more information about scripting CLI commands.
Use the ssh application on your client to create public and private key files. (See the documentation for your ssh application for information about creating these files.) Create the public key without a passphrase.
Once you have configured the public key file on the 5800 system, you can log in from any client with the private version of that key without being prompted for a password. If you want to return to interactive logins, remove the private key from the client, or configure a new public key on the 5800 system.
Note - Only one public key is allowed on the 5800 system. If you have already configured a public key and then configure a new one, the new key replaces the old one. |
You set the public key on a per-hive basis.
To Configure a Public Key Using the CLI |
1. Configure ssh for password-free login by supplying a public key from a client system.
where key.pub is the file containing the public key.
2. Enter the administrative password for the 5800 system.
3. Verify password-free login.
client $ ssh admin@admin_IP Sun StorageTek (TM) 5800 System Management Console Copyright (C) 2007 Sun Microsystems, Inc. All rights reserved. Use is subject to license terms. ST5800 $ |
This function is not available from the GUI.
By default, the system allows any client on the network to access the data stored on the 5800 system. Using the authorized subnetworks feature, you can control which clients can access the data by specifying a list of authorized subnetworks. Only clients running on the authorized subnetworks can access the data stored on the 5800 system. You set the authorized subnetworks on a per-hive basis.
For example, if you specify an authorized subnetwork of 192.37.54.0/24, all clients running on the 192.37.54.0/24 subnetwork will be allowed to access data on the 5800 system. You can specify a single client as an authorized “subnetwork” consisting of one host. For example, to allow the client with IP address 172.168.20.35 to access the system, specify 172.168.20.35 as an authorized subnetwork.
To ensure optimal performance, there are limitations on the number of authorized subnetworks you can specify. The maximum number of authorized subnetworks allowed is five.
Note - If your configuration requires that you specify more than five authorized subnetworks, consult Sun services for assistance. |
To Configure Authorized Subnetworks Using the CLI |
1. Configure authorized subnetworks using the command
hivecfg --authorized_clients ip_addresses.
ST5800 $ hivecfg --authorized_clients 172.168.20.35,192.37.54.0/24
Note - If DNS is enabled on your system, you may specify host names instead of IP addresses. |
2. To reset this property and allow all clients to access data, use the command hivecfg --authorized_clients all.
ST5800 $ hivecfg --authorized_clients all
To Configure Authorized Subnetworks Using the GUI |
1. From the navigation panel, choose Configuration > System Access.
2. Click Authorize Data Clients.
.
A new row is displayed in the table.
4. (Optional) If DNS is enabled and you want to enter host names instead of IP addresses, select Host Name.
5. Type the host name or Internet Protocol (IP) address and subnet mask for the subnetwork.
7. Repeat Steps 3-6 for each client that you want to authorize.
Copyright © 2008, Sun Microsystems, Inc. All Rights Reserved.