Unix system administration
This presentation is the property of its rightful owner.
Sponsored Links
1 / 74

Unix System Administration PowerPoint PPT Presentation


  • 109 Views
  • Uploaded on
  • Presentation posted in: General

Unix System Administration. Solaris Management Console. Chuck Hauser 2006-10-13. Presentation Conventions. Names (files, users, daemons) are usually in bold: /etc/syslog.conf System dependent or variable items are usually in italics: / var/sadm/patch/ patchnumber /log

Download Presentation

Unix System Administration

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Unix system administration

Unix System Administration

Solaris Management Console

Chuck Hauser

2006-10-13


Presentation conventions

Presentation Conventions

  • Names (files, users, daemons) are usually in bold:/etc/syslog.conf

  • System dependent or variable items are usually in italics: /var/sadm/patch/patchnumber/log

  • File entries and output are in mono-spaced type:> root 8036 c Tue Apr 26 23:59:00 2005 < root 8036 c Tue Apr 26 23:59:59 2005

  • Ämarks a line wrapped to fit on the slide:mv Solaris_9_Recommended_Patch_Cluster_log

    ÄSolaris_9_Recommended_Patch_Cluster_log.yyyymmdd

  • ð marks a horizontal tab (09 hex)

  • Reference OE for programs and documentation is Solaris 9


Introduction

Introduction

  • “The Solaris Management Console is a graphical user interface that provides access to Solaris system administration tools.”

  • Replaces both AdminSuite and Admintool.

  • The Solaris Management Console (abbreviated as SMC from here forward) first appeared in Solaris 2.6.

  • SMC continues at least through Solaris 10.


Admintool and java web console

Admintool and Java Web Console

  • Solaris 9 includes admintool, but it opens with this message. Admintool is not in Solaris 10.

  • The browser-based Java Web Console was introduced in Solaris 10 as a future replacement for SMC, but currently it has almost no functionality.


Smc advantages over admintool

SMC Advantages Over admintool

  • Replaces the root-privileges of admintool with more flexible role-based access control (RBAC) if desired.

  • Based on a toolbox concept; different collections of tools and folders can be grouped for user’s role or experience.

  • Can be extended with JavaBeans, legacy apps, commands, etc.

  • Has context-sensitive help.


Role based access control rbac

Role-Based Access Control (RBAC)

  • Replaces the all-or-nothing superuser model with least-privilege security; allows separation of superuser capabilities.

  • A role account is created with specific rights that are granted to a set of users.

  • See System Administration Guide: Security Services (817-0365) Chapters 5-7.


Solaris management tools history

Solaris Management Tools History

See System Administration Guide: Basic Administration (817-3814) Chapter 1 Solaris Management Tools (Roadmap) for a matrix of Solaris management tools support.


Solaris management console 2 1 packages

Solaris Management Console 2. 1 Packages


Solaris management 2 1 packages

Solaris Management 2.1 Packages


Solaris volume management packages

Solaris Volume Management Packages

Because Solstice DiskSuite has been incorporated in Solaris 9 as the Solaris Volume Manager, the DiskSuite Tool (metatool) has been removed and SMC is now the graphical interface for Solaris Volume Management.


Smc documentation

SMC Documentation

  • There is no Sun manual that covers only SMC.

  • The System Administration Guide: Basic Administration (817-3814) introduces SMC in Chapter 2 Working With the Solaris Management Console (Tasks)

  • Other references are scattered in the various System Administration Guides.

  • BigAdmin has SMC 2.0 Frequently Asked Questions which also has 2.1 tips at http://www.sun.com/bigadmin/content/misc/smc20_faq.html.

  • SunSolve has a Solaris Management Console Support Document (70475).


Solaris management console tools

Solaris Management Console Tools

  • Solaris Management Console Tools by Janice Winsor (Sun Microsystems Press, 2002) covers SMC 2.0 and is out of print.

  • Three sample chapters are online:

    • Networked System Administration Tools from Sun Microsystems

    • SMC Toolbox Editor: Creating and Editing the SMC Toolbox

    • Using SMC Tools


Smc help

SMC Help

  • Online help is available. The currently selected tool will determine the help shown.

  • A simple non-boolean search is available.

  • Help can be printed.


Smc components

SMC Components

  • SMC Server: provides tools for console and services such as authentication, authorization, logging, messaging, etc.

  • SMC Toolbox Editor: used to modify or create toolboxes.

  • SMC client (the ‘Console’): interface that contains the GUI tools used to perform management tasks.


Smc server components

SMC Server Components

  • The SMC server is a Java-based daemon.

  • Although it is a single process, it is a server for both the Solaris Management Console and Solaris Web-Based Enterprise Management (WBEM).

  • If server crashes or console never loads, stop and restart the server using the init.wbem command (next slide).


Running the smc server

Running the SMC Server

  • The script /etc/init.d/init.wbem is used to start smcboot, a small proxy server (see Initial Server Configurationslide).

  • In addition to the usual start and stop arguments, init.wbem also takes a status argument:# /etc/init.d/init.wbem statusSolaris Management Console serverÄversion 2.1.0 running on port 898.

  • For startup, init.wbem is linked to /etc/rc2.d/S90wbem and the shutdown scripts are /etc/rc0.d/K36wbem, /etc/rc1.d/K36wbem, and /etc/rcS.d/K36wbem.


Running the console locally

Running the Console Locally

  • Choose Solaris Management Console from the CDE Tools Menu (see right)

  • Or double-click the SMC icon in CDE Applications Manager or File Manager


Starting the console locally by command line

Starting the Console Locally by Command Line

  • Must be in an X11 terminal window, i.e., xterm.

  • Use the following command:/usr/sadm/bin/smc&

  • The command line is also used when using a PC X server to remotely run SMC.


Running smc in web browser

Running SMC in Web Browser

  • Despite what some of the documentation implies, SMC cannot be run in a web browser.

  • Java Web Console (Solaris 10) can.


Options for running smc remotely

Options for Running SMC Remotely

  • Use a Unix box with SSH and Xwindows

  • Run Xwindows on a PC

  • Run Solaris or other Unix in a PC virtual machine such as VMware (right)


Remote x server to run on pc

Remote X Server to Run on PC

  • Use commercial product or download free Cygwin environment (www.cygwin.com).

  • Cygwin provides both X11 and OpenSSH for running SMC.


Install openssh and x11from cygwin

Install OpenSSH and X11from Cygwin


Ssh x11 tunneling

SSH X11 Tunneling

  • The Secure Shell (SSH) can be used to encrypt X11 traffic by forwarding through an SSH tunnel.

  • Neither Xhosts nor Xauth are necessary when using SSH to tunnel.


X11 forwarding configuration

X11 Forwarding Configuration

  • /etc/ssh/sshd_config must be modified to allow X11 forwarding by the ssh server.

  • Find Line with X11 tunneling options:# X11 tunneling optionsð# X11Forwarding noï

    X11DisplayOffset 10

  • Change to allow forwarding:X11Forwarding yes


Getting sshd to reread sshd config

Getting sshd to reread sshd_config

  • Send a SIGHUP signal to the sshd daemon to reread the configuration file.

  • There may be multiple instances of sshd running if using privilege separation:ps -ef | grep sshd root 304 702 0 19:36:22 ? 0:00 /usr/lib/ssh/sshdroot 702 1 0 Oct 05 ? 0:00 /usr/lib/ssh/sshdcfhauser 308 304 0 19:36:30 ? 0:00 /usr/lib/ssh/sshdcfhauser 178 175 0 19:25:32 ? 0:01 /usr/lib/ssh/sshd root 175 702 0 19:25:25 ? 0:00 /usr/lib/ssh/sshd

  • Signal process 702 (whose parent is process 1):kill -1 702


Ssh x11 tunneling example

SSH X11 Tunneling Example


Possible missing font message

Possible Missing Font Message

  • This message may appear when using a remote X server on a PC to run SMC:Warning: Cannot convert string"-monotype-arial-regular-r-normal--*-140-*-*-p-*-iso8859-1" to type FontStruct

  • The Java Virtual Machine running SMC on the server is requesting a font that is not in the font set of the remote X server.

  • This message may be safely ignored, but it can be fixed by aliasing the font (see following).


Removing font error message in cygwin

Removing Font Error Message in Cygwin

  • Edit /usr/X11R6/lib/X11/fonts/75dpi/fonts.alias

  • Add the following as one complete line:-monotype-arial-regular-r-normal--*-140-*-*-p-*-iso8859-1 -b&h-lucida-medium-r-normal-sans-14-140-75-75-p-81-iso8859-1

  • In an xterm window, force X server to re-read fonts: xset fp rehash


Removing font error message in x win32 hummingbird

Removing Font Error Message in X-Win32 (Hummingbird)

  • Open the X-Util32 configuration utility.

  • Select FontsðAlias

  • Double-click 75dpi; double-click fonts.alias to open Font Alias dialog box.

  • Enter in the Alias from field:-monotype-arial-regular-r-normal--*-140-*-*-p-*-iso8859-1

  • Enter in the Alias to field: -b&h-lucida-medium-r-normal-sans-14-140-75-75-p-81-iso8859-1

  • Click Add


Running su when tunnelling

Running su When Tunnelling

  • Although a normal user can start SMC, usually want to run as root (if not using RBAC) to avoid problems with loading some tools.

  • When using su to switch to root, do not use the ‘–’ option, otherwise the DISPLAY variable defining the local display will be lost:


Initial server configuration

Initial Server Configuration

  • The smcboot native program waits for a connection from a console program on port 898.

  • When a connection is received for the first time, the real java-based server is called and displays the above while the server initializes.


Console elements

Console Elements

  • The default console consists of three main panes: Navigation, View, and Information.

  • There is a menu bar, tool bar, status bar, and if enabled, a location bar.

  • Context Help and Console Event tabs are at the bottom.


Console preferences

Console Preferences

Choose ConsoleèPreferences to change:

  • Console (toolbox used)

  • Appearance

  • Toolbar

  • Fonts

  • Tool Loading

  • Authentication


Navigation pane

Navigation Pane

  • Acts similar to a frame in a web page.

  • Clicking on in item in this pane will display this item in the View pane.

  • Double-click on an item or click on the turner icon ( ) to expand tree.


View and information panes

View and Information Panes

  • View Pane – shows information related to selected node in navigation pane.

  • Information Pane – on bottom; either displays context-sensitive help or console events depending on selected button.


Default toolbox

Default Toolbox

The default toolbox contains tools for:

  • System Status

  • System Configuration

  • Services

  • Storage

  • Devices and Hardware


Logging in

Logging In

Even when running as root, selecting a tool will require logging in as root. If using RBAC, login as a role name and password.


System status system information

System Status – System Information


System status log viewer

System Status – Log Viewer

  • The log view defaults to events logged by the WBEM logging service (/var/sadm/wbem/log).

  • Syslog files may be chosen by selecting drop down box labeled Log File, but view must be manually refreshed.

Note: the OpenWindows xconsole program provides a continually updated display of console messages in an Xwindow; it should be run as root:/bin/su root –c “/usr/openwin/bin/xconsole –daemon –verbose”


System status performance

System Status – Performance

  • Displays performance data based on projects, user, or summary.

  • Basically useless in System Performance Summary mode: the display blanks while system gathers new data, information appears briefly, then blanks for next cycle. Project and User screens are more useful.

  • Before running: be sure to change Preferences è General from default 30 seconds to longer time period to have a chance of seeing data.


System status processes

System Status – Processes

  • Use View è Filter to search for an individual process.

  • Right-click on an individual process to see process properties, suspend a process, resume a suspended process, or kill (‘delete’) a process.


System configuration user accounts

System Configuration – User Accounts

  • Allows viewing or modification of individual user accounts.

  • Probably best method for working with RBAC.

  • Multiple users can be added in a batch operation (see Adding Multiple Users).


User properties 1

User Properties (1)


User properties 2

User Properties (2)


User properties home directory

User Properties – Home Directory

Modifying the user’s home directory will change the entry in /etc/passwd for the user and rename the old home directory to the new name.


Users adding multiple users

Users – Adding Multiple Users

  • An SMC wizard can be used to add multiple users by

    • User types each name

    • Generate automatic prefix followed by numeric sequence

    • Use text file in a format similar to /etc/passwd; minimum should have: newdudeid:New Dude

  • Other batch operations on users (add, delete, modify) can be performed at the command line using the smmultiuser command.


Users user templates

Users – User Templates

User templates are a named collection of user properties that can be used as the starting point for creating new users.


Users rights

Users – Rights

  • Actually RBACRights Profiles, a collection of commands, authorizations, or other rights.

  • Rights could be directly assigned to a user, but better to assign to a role, then assign the role to users.

  • The next slide shows a rights profile for User Security.


Right properties for user security

Right Properties for User Security


Users administrative roles

Users – Administrative Roles

  • No roles are predefined.

  • Sun suggests creating Primary Administrator, System Administrator, and Operator rights profiles.

  • This example adds a password.operator role for handling user password requests.


Adding an administrative role 2

Adding an Administrative Role (2)

  • A password is required, to be used when a user switches to the role.

  • The predefined User Security right is added; note the contextual help.


Adding an administrative role 3

Adding an Administrative Role (3)

  • Roles are structured similarly as users, including a home directory.

  • After a role is defined, add regular users to the role.


Adding an administrative role 4

Adding an Administrative Role (4)

  • The final review screen before creating the role.

  • The finished role on the Adminstrative Roles screen.


User groups and mailing lists

User Groups and Mailing Lists

  • Note that users can be pasted into a selected group.

  • Mailing Lists provides an convenient front-end for the sendmail alias file.


System configuration projects

System Configuration – Projects

  • Manages the Solaris project database.

  • A project is a way of identifying related work by users in groups.

  • The right screen shows Performance grouped by projects.


System configuration computers and networks

System Configuration – Computers and Networks

For working with ethers, hosts, and networks files.


System configuration patches

System Configuration – Patches


Patch tool configuration

Patch Tool Configuration

  • Analyze and Add Patches, and Download Patches tools will fail if not configured; even then the smpatch command is often more successful.

  • Cannot be configured in SMC, must use smpatch command as root:smpatch set patchpro.sun.user=yourSunsolveIdsmpatch set patchpro.sun.passwd=yourSunsolvePassword

  • To see settings:# smpatch getpatchpro.backout.directory - "“patchpro.download.directory - Ä/var/sadm/spoolpatchpro.install.types - rebootafter:reconfigafter:standardpatchpro.patch.source - Ähttps://updateserver.sun.com/solaris/patchpro.patchset - patchdbpatchpro.proxy.host - "“patchpro.proxy.passwd **** ****patchpro.proxy.port - 8080patchpro.proxy.user - "“patchpro.sun.passwd **** ****patchpro.sun.user [email protected] ""


Patch properties

Patch Properties


Services scheduled jobs

Services – Scheduled Jobs

  • Provides a human-friendly front-end to cron, instead of editing by hand with crontab –e

  • Command-line equivalent is smcron


Add scheduled job wizard

Add Scheduled Job Wizard


Storage tool

Storage Tool

  • Mounts and Shares – Creates and manages mounts and shares

  • Disks – Display disk properties and create partitions

  • Enhanced Storage – Solaris Volume Manager; create and manage volumes, soft partitions, hot spare pools, disk sets, and state database replicas.


Storage tool mounts and shares mounts

Storage Tool Mounts and Shares – Mounts


Mounts and shares mount properties

Mounts and Shares – Mount Properties


Mounts and shares usage

Mounts and Shares – Usage


Storage disks

Storage – Disks


Storage disk properties and partitions

Storage – Disk Properties and Partitions


Storage partitioning a disk

Storage – Partitioning a Disk


Enhanced storage volume properties 1

Enhanced Storage – Volume Properties (1)


Enhanced storage volume properties 2

Enhanced Storage – Volume Properties (2)


Enhance storage state database replicas

Enhance Storage – State Database Replicas


Devices

Devices

Currently the Devices tool only works with serial ports and modems.


Smc command line tools

SMC Command-line Tools


Rbac command line tools

RBAC Command-line Tools


  • Login