Sun Secure File Transport User Guide

Using Sun SFT

Question:

What file types does Sun SFT 2.0 support?

Answer:

Sun SFT 2.0 supports two data types:

Sun™ Explorer data packages. These files should retain their filenames as created by Explorer (explorer.{hostid}.*.tar.gz). Sun SFT does some checks to validate the Explorer file before attempting to send it. Any validation failures are logged and the file is moved to the directory for failed transfers.
Any files to assist in support case resolution such as core files, log files, configuration files, etc. These files must be named with the case number, optionally preceded by the word "case", and followed by additional file description and an extension. The preferred format is the first one listed below: #-name.ext (Case# hyphen name dot extension). However, several variations are acceptable.

Sample filenames:

12345678-core.gz

case_12345678_messages.Z

CASE-12345678-vmcore.bz2

Case1234567.resolv.conf

If a file in the transfer directory does not match the filename pattern for any active slot, the file simply remains in the transfer directory and no information about that file is logged.

Note –

Only validated files that are awaiting transfer are reported with the sftransport --info command.

Question:

How do I place the Explorer data (and other files) in the transfer directory for Sun SFT transfer?

Answer:

Sun SFT does not place restrictions on how you get the files to the transfer directory for Sun SFT to transfer. You can use any appropriate solution to transfer files from the systems running Explorer to the system where Sun SFT is installed. NFS, SCP, FTP, or any other solution may be used. In addition, Sun SFT includes an HTTP Listener that can be used to receive files directly from systems running Sun Explorer 5.8 (and higher) Data Collector.

Question:

What is HTTP Listener?

Answer:

HTTP Listener is a separate daemon process from the main transfer process that receives data. It can be setup and enabled during the Sun SFT installation procedure.

If you choose to enable the Listener, the Listener port can be verified or changed during the Sun SFT installation.

Solaris 9 uses the Sun SFT --start-listener and --stop-listener command line options. Restart is managed via the /etc/rc3.d/S73sftransport and /etc/rc2.d/K27sftransport scripts.
Solaris 10 uses svcadm to manage the separate network/sftransport-listener service. The svcadm manages the Listener restart on system reboot if Listener is enabled.

Note –

Make sure that there will be no conflict using port 80 (the default port) on the Sun SFT host. If this port is already being used, then change the listener port to another acceptable value.

Question:

What is HTTPS Listener?

Answer:

HTTPS Listener provides the same basic functionality as the HTTP listener, but with added SSL encryption. To enable HTTPS, please follow the Sun SFT installation process to enable the HTTP Listener. In addition, you must complete the following steps to configure and setup the HTTPS Listener:

To generate the SSL certificate for the Sun SFT host, please follow the SSL Certificate directions located at: http://docs.codehaus.org/display/JETTY/How+to+configure+SSL
Modify the /etc/opt/SUNWsftransport/listener.xml configuration file to enable SSL.
1. The listener.xml file has a section for SslSocketConnector that is commented out by default; un-comment this section and add the appropriate port and key/password configuration.
2. Make sure that there will be no conflict with using port 443, the default port on the Sun SFT host.
  
  If port 443 is already being used, then change the Listener port to another acceptable value.
3. Comment out the jetty.nio.SelectChannelConnector <Item> element, so that jetty.security.SslSocketConnector is the only active connector.
Note –
Please consult the Jetty documentation for additional information.

Question:

How do I use the HTTP Listener to receive files from Explorer 5.8 (and higher)?

Answer:

Use one of the following options to send data to the HTTP Listener from Explorer:

Note –

The server:port variables in both options are the Sun SFT server and the port number for the Listener.

Set the EXP_TRANSPORT value in /etc/opt/SUNWexplo/default/explorer configuration file to http://server:port and run Explorer with the -P command line option.

Note –
This is the recommended method of configuring Sun Explorer to use the Sun SFT Listener. This method ensures that the Sun SFT Listener setting remains constant during future Sun Explorer upgrades.
Configure and run Explorer with the -T http://server:port command line option.

Question:

How do I send core files or other case-data files to the HTTP Listener?

Answer:

If the system has Explorer installed, use this command to transfer a file to the SFT transfer directory: /opt/SUNWexplo/bin/curl.{sparc or i386} -T {file} "{Listener-URL}/?file={filename}"

Example: /opt/SUNWexplo/bin/curl.sparc -T /var/core.gz "http://my-sft-server:8080/?file=12345678-core.gz"

Notes:

It is recommended to compress files to reduce the size of the data transfer, as shown in the core.gz example above.
The {file} parameter may include a path to the file location on the local system, but {filename} in the target URL must be a filename only (no path).
The {filename} in the target URL must use the correct filename format (including case number), but this does not have to match the filename on the local system, as shown in the example above.

Question:

Does Sun SFT run in the background?

Answer:

Sun SFT is a daemon process. A daemon process runs in the background, rather than under your direct control. The daemon process restarts automatically on system reboots and continues running until it receives a system-wide interrupt command.

Question:

Can I archive files that are sent?

Answer:

By default, files are deleted after successful transfer. To save files, configure the archivePath setting in the /etc/opt/SUNWsftransport/sftransport.xml file for each slot and restart SFT (for more information, see How-To Edit the Configuration File.

Question:

Can I be notified of transfer failures?

Answer:

Email notification of log messages can be configured in /etc/opt/SUNWsftransport/logging.properties file. Setup instructions are included in this file.

Question:

If transfer of a large file fails part-way through the transfer, what happens?

Answer:

There are two attributes in the sftransport.xml file that work together to control how a file is re-sent after a failed attempt:

transferTries attribute

This attribute defines the total number of attempts that will be made (including the first attempt). If a transfer fails somewhere in the middle of the transfer (for example, the connection is lost due to a network issue), then Sun SFT will continue the transfer from the point it left off on the next transfer attempt. When transferring large files, this attribute avoids starting over from the beginning. Of course, if the transferTries value is set at 1, there is no retry, and this feature will not be used.
secondsBetweenTriesattribute

This attribute defines the wait time, in seconds, before a transfer is re-attempted after a failed attempt. The suggested value is at least 60 to give any network issues causing the original failure some time to clear up before attempting to resume the transfer. (To enable this feature, the transferTries value must be greater than one.)

For more information, see the sftransport(4) man page.

Question:

Where can I find log files?

Answer:

Log files are located in /var/opt/SUNWsftransport. Information about all transfer attempts and any errors that occur are recorded here. Log files are in XML format. They may be viewed with any text viewer, or see the/opt/SUNWsftransport/logviewer/README.txt file for information about a browser- based log viewer.

The /opt/SUNWsftransport/logviewer/README.txt outlines the following two options for browser-based log viewing:

Use of the Sun SFT Listener process, which is included with Sun SFT, to view the logs.

Note –
logviewer can be enabled during the Sun SFT installation process, and the logs can be browsed by appending /logviewer/sftransport_log.cgi to the Sun SFT Listener URL. For more information, see What is HTTP Listener?
Use of another web server, such as Apache2, to view the logs.

The Apache2 web server is bundled with the Solaris 10 operating system and it can be configured via httpd.conf file. For example, the following can be added to the httpd.conf configuration file to enable the log viewer.
AddHandler cgi-script .cgi <Directory /var/apache2/htdocs/SFT> Options +ExecCGI </Directory>
For more information, see the Apache documentation at: http://httpd.apache.org/docs/2.0/howto/cgi.html

On Solaris 10, you can use svcs -x sftransport-listener command to show the listener log location.