1 / 74

Unix System Administration

Unix System Administration. Solaris Management Console. Chuck Hauser 2006-10-13. Presentation Conventions. Names (files, users, daemons) are usually in bold: /etc/syslog.conf System dependent or variable items are usually in italics: / var/sadm/patch/ patchnumber /log

varsha
Download Presentation

Unix System Administration

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Unix System Administration Solaris Management Console Chuck Hauser 2006-10-13

  2. Presentation Conventions • Names (files, users, daemons) are usually in bold:/etc/syslog.conf • System dependent or variable items are usually in italics: /var/sadm/patch/patchnumber/log • File entries and output are in mono-spaced type:> root 8036 c Tue Apr 26 23:59:00 2005 < root 8036 c Tue Apr 26 23:59:59 2005 • Ämarks a line wrapped to fit on the slide:mv Solaris_9_Recommended_Patch_Cluster_log ÄSolaris_9_Recommended_Patch_Cluster_log.yyyymmdd • ð marks a horizontal tab (09 hex) • Reference OE for programs and documentation is Solaris 9

  3. Introduction • “The Solaris Management Console is a graphical user interface that provides access to Solaris system administration tools.” • Replaces both AdminSuite and Admintool. • The Solaris Management Console (abbreviated as SMC from here forward) first appeared in Solaris 2.6. • SMC continues at least through Solaris 10.

  4. Admintool and Java Web Console • Solaris 9 includes admintool, but it opens with this message. Admintool is not in Solaris 10. • The browser-based Java Web Console was introduced in Solaris 10 as a future replacement for SMC, but currently it has almost no functionality.

  5. SMC Advantages Over admintool • Replaces the root-privileges of admintool with more flexible role-based access control (RBAC) if desired. • Based on a toolbox concept; different collections of tools and folders can be grouped for user’s role or experience. • Can be extended with JavaBeans, legacy apps, commands, etc. • Has context-sensitive help.

  6. Role-Based Access Control (RBAC) • Replaces the all-or-nothing superuser model with least-privilege security; allows separation of superuser capabilities. • A role account is created with specific rights that are granted to a set of users. • See System Administration Guide: Security Services (817-0365) Chapters 5-7.

  7. Solaris Management Tools History See System Administration Guide: Basic Administration (817-3814) Chapter 1 Solaris Management Tools (Roadmap) for a matrix of Solaris management tools support.

  8. Solaris Management Console 2. 1 Packages

  9. Solaris Management 2.1 Packages

  10. Solaris Volume Management Packages Because Solstice DiskSuite has been incorporated in Solaris 9 as the Solaris Volume Manager, the DiskSuite Tool (metatool) has been removed and SMC is now the graphical interface for Solaris Volume Management.

  11. SMC Documentation • There is no Sun manual that covers only SMC. • The System Administration Guide: Basic Administration (817-3814) introduces SMC in Chapter 2 Working With the Solaris Management Console (Tasks) • Other references are scattered in the various System Administration Guides. • BigAdmin has SMC 2.0 Frequently Asked Questions which also has 2.1 tips at http://www.sun.com/bigadmin/content/misc/smc20_faq.html. • SunSolve has a Solaris Management Console Support Document (70475).

  12. Solaris Management Console Tools • Solaris Management Console Tools by Janice Winsor (Sun Microsystems Press, 2002) covers SMC 2.0 and is out of print. • Three sample chapters are online: • Networked System Administration Tools from Sun Microsystems • SMC Toolbox Editor: Creating and Editing the SMC Toolbox • Using SMC Tools

  13. SMC Help • Online help is available. The currently selected tool will determine the help shown. • A simple non-boolean search is available. • Help can be printed.

  14. SMC Components • SMC Server: provides tools for console and services such as authentication, authorization, logging, messaging, etc. • SMC Toolbox Editor: used to modify or create toolboxes. • SMC client (the ‘Console’): interface that contains the GUI tools used to perform management tasks.

  15. SMC Server Components • The SMC server is a Java-based daemon. • Although it is a single process, it is a server for both the Solaris Management Console and Solaris Web-Based Enterprise Management (WBEM). • If server crashes or console never loads, stop and restart the server using the init.wbem command (next slide).

  16. Running the SMC Server • The script /etc/init.d/init.wbem is used to start smcboot, a small proxy server (see Initial Server Configurationslide). • In addition to the usual start and stop arguments, init.wbem also takes a status argument:# /etc/init.d/init.wbem statusSolaris Management Console serverÄversion 2.1.0 running on port 898. • For startup, init.wbem is linked to /etc/rc2.d/S90wbem and the shutdown scripts are /etc/rc0.d/K36wbem, /etc/rc1.d/K36wbem, and /etc/rcS.d/K36wbem.

  17. Running the Console Locally • Choose Solaris Management Console from the CDE Tools Menu (see right) • Or double-click the SMC icon in CDE Applications Manager or File Manager

  18. Starting the Console Locally by Command Line • Must be in an X11 terminal window, i.e., xterm. • Use the following command:/usr/sadm/bin/smc& • The command line is also used when using a PC X server to remotely run SMC.

  19. Running SMC in Web Browser • Despite what some of the documentation implies, SMC cannot be run in a web browser. • Java Web Console (Solaris 10) can.

  20. Options for Running SMC Remotely • Use a Unix box with SSH and Xwindows • Run Xwindows on a PC • Run Solaris or other Unix in a PC virtual machine such as VMware (right)

  21. Remote X Server to Run on PC • Use commercial product or download free Cygwin environment (www.cygwin.com). • Cygwin provides both X11 and OpenSSH for running SMC.

  22. Install OpenSSH and X11from Cygwin

  23. SSH X11 Tunneling • The Secure Shell (SSH) can be used to encrypt X11 traffic by forwarding through an SSH tunnel. • Neither Xhosts nor Xauth are necessary when using SSH to tunnel.

  24. X11 Forwarding Configuration • /etc/ssh/sshd_config must be modified to allow X11 forwarding by the ssh server. • Find Line with X11 tunneling options:# X11 tunneling optionsð# X11Forwarding noï X11DisplayOffset 10 • Change to allow forwarding:X11Forwarding yes

  25. Getting sshd to reread sshd_config • Send a SIGHUP signal to the sshd daemon to reread the configuration file. • There may be multiple instances of sshd running if using privilege separation:ps -ef | grep sshd root 304 702 0 19:36:22 ? 0:00 /usr/lib/ssh/sshdroot 702 1 0 Oct 05 ? 0:00 /usr/lib/ssh/sshdcfhauser 308 304 0 19:36:30 ? 0:00 /usr/lib/ssh/sshdcfhauser 178 175 0 19:25:32 ? 0:01 /usr/lib/ssh/sshd root 175 702 0 19:25:25 ? 0:00 /usr/lib/ssh/sshd • Signal process 702 (whose parent is process 1):kill -1 702

  26. SSH X11 Tunneling Example

  27. Possible Missing Font Message • This message may appear when using a remote X server on a PC to run SMC:Warning: Cannot convert string"-monotype-arial-regular-r-normal--*-140-*-*-p-*-iso8859-1" to type FontStruct • The Java Virtual Machine running SMC on the server is requesting a font that is not in the font set of the remote X server. • This message may be safely ignored, but it can be fixed by aliasing the font (see following).

  28. Removing Font Error Message in Cygwin • Edit /usr/X11R6/lib/X11/fonts/75dpi/fonts.alias • Add the following as one complete line:-monotype-arial-regular-r-normal--*-140-*-*-p-*-iso8859-1 -b&h-lucida-medium-r-normal-sans-14-140-75-75-p-81-iso8859-1 • In an xterm window, force X server to re-read fonts: xset fp rehash

  29. Removing Font Error Message in X-Win32 (Hummingbird) • Open the X-Util32 configuration utility. • Select FontsðAlias • Double-click 75dpi; double-click fonts.alias to open Font Alias dialog box. • Enter in the Alias from field:-monotype-arial-regular-r-normal--*-140-*-*-p-*-iso8859-1 • Enter in the Alias to field: -b&h-lucida-medium-r-normal-sans-14-140-75-75-p-81-iso8859-1 • Click Add

  30. Running su When Tunnelling • Although a normal user can start SMC, usually want to run as root (if not using RBAC) to avoid problems with loading some tools. • When using su to switch to root, do not use the ‘–’ option, otherwise the DISPLAY variable defining the local display will be lost:

  31. Initial Server Configuration • The smcboot native program waits for a connection from a console program on port 898. • When a connection is received for the first time, the real java-based server is called and displays the above while the server initializes.

  32. Console Elements • The default console consists of three main panes: Navigation, View, and Information. • There is a menu bar, tool bar, status bar, and if enabled, a location bar. • Context Help and Console Event tabs are at the bottom.

  33. Console Preferences Choose ConsoleèPreferences to change: • Console (toolbox used) • Appearance • Toolbar • Fonts • Tool Loading • Authentication

  34. Navigation Pane • Acts similar to a frame in a web page. • Clicking on in item in this pane will display this item in the View pane. • Double-click on an item or click on the turner icon ( ) to expand tree.

  35. View and Information Panes • View Pane – shows information related to selected node in navigation pane. • Information Pane – on bottom; either displays context-sensitive help or console events depending on selected button.

  36. Default Toolbox The default toolbox contains tools for: • System Status • System Configuration • Services • Storage • Devices and Hardware

  37. Logging In Even when running as root, selecting a tool will require logging in as root. If using RBAC, login as a role name and password.

  38. System Status – System Information

  39. System Status – Log Viewer • The log view defaults to events logged by the WBEM logging service (/var/sadm/wbem/log). • Syslog files may be chosen by selecting drop down box labeled Log File, but view must be manually refreshed. Note: the OpenWindows xconsole program provides a continually updated display of console messages in an Xwindow; it should be run as root:/bin/su root –c “/usr/openwin/bin/xconsole –daemon –verbose”

  40. System Status – Performance • Displays performance data based on projects, user, or summary. • Basically useless in System Performance Summary mode: the display blanks while system gathers new data, information appears briefly, then blanks for next cycle. Project and User screens are more useful. • Before running: be sure to change Preferences è General from default 30 seconds to longer time period to have a chance of seeing data.

  41. System Status – Processes • Use View è Filter to search for an individual process. • Right-click on an individual process to see process properties, suspend a process, resume a suspended process, or kill (‘delete’) a process.

  42. System Configuration – User Accounts • Allows viewing or modification of individual user accounts. • Probably best method for working with RBAC. • Multiple users can be added in a batch operation (see Adding Multiple Users).

  43. User Properties (1)

  44. User Properties (2)

  45. User Properties – Home Directory Modifying the user’s home directory will change the entry in /etc/passwd for the user and rename the old home directory to the new name.

  46. Users – Adding Multiple Users • An SMC wizard can be used to add multiple users by • User types each name • Generate automatic prefix followed by numeric sequence • Use text file in a format similar to /etc/passwd; minimum should have: newdudeid:New Dude • Other batch operations on users (add, delete, modify) can be performed at the command line using the smmultiuser command.

  47. Users – User Templates User templates are a named collection of user properties that can be used as the starting point for creating new users.

  48. Users – Rights • Actually RBACRights Profiles, a collection of commands, authorizations, or other rights. • Rights could be directly assigned to a user, but better to assign to a role, then assign the role to users. • The next slide shows a rights profile for User Security.

  49. Right Properties for User Security

  50. Users – Administrative Roles • No roles are predefined. • Sun suggests creating Primary Administrator, System Administrator, and Operator rights profiles. • This example adds a password.operator role for handling user password requests.

More Related