Netra T2000 Server Administration Guide
Contents
1. if strcmp alarm crit 0 altype ALARM CRITICAL else if strcmp alarm major 0 altype ALARM MAJOR else if strcmp alarm minor 0 altype ALARM_MINOR else if strcmp alarm user 0 altype ALARM _USER else printf invalid alarm value s n alarm altype ALARM_INVALID return altype static int lom_ioctl int ioc char buf int fd ret fd open LOM DEVICE O RDWR if fd 1 printf Error opening device s n LOM DEVICE exit 1 ret ioctl fd ioc void buf close d return ret static char get_alarmval int state if state ALARM OFF return off else if state ALARM ON 98 Netra T2000 Server Administration Guide September 2006 CODE EXAMPLE B 1 Example Program to get and set Status of the Alarms Continued return on else return NULL static void get_alarmvals get_alarm crit get_alarm major get_alarm minor get_alarm user AppendixB Alarm Relay Output Application Programming Interface 99 100 Netra T2000 Server Administration Guide September 2006 Index Symbols etc remote file 4 A Activity disk drive LED 82 activity indicator 40 alarm programming interface 95 states 42 status indicators 42 ALOM commands 16 bootmode 18 break 10 18 29 clearasrdb 18 clearfault 18 configuration 16 console 18 29 consolehistory2. Issue the bootmode command without arguments to display the current setting sc gt bootmode Bootmode reset_nvram Expires WED SEP 09 09 52 01 UTC 2005 bootscript setenv auto boot false 3 To reset the system type the following command sc gt reset Are you sure you want to reset the system y n Yy sc gt Netra T2000 Server Administration Guide e September 2006 4 To view console output as the system boots with default OpenBoot configuration variables switch to console mode sc gt console ok 5 Type set defaults to discard any customized IDPROM values and to restore the default settings for all OpenBoot configuration variables Stop F Functionality The Stop F functionality is not available on systems with USB keyboards Stop D Functionality The Stop D Diags key sequence is not supported on systems with USB keyboards However the Stop D functionality can be closely emulated by setting the virtual keyswitch to diag using the ALOM setkeyswitch command Chapter 3 OpenBoot PROM 35 36 Netra T2000 Server Administration Guide September 2006 CHAPTER 4 Basic Administrative Tasks This chapter describes status indicators and basic tasks that might be done as the course of system administration Topics include Status Indicators on page 37 Selecting a Boot Device on page 43 Unconfiguring and Reconfiguring Devices on page 45 Displaying System Fa
3. m Ethernet interface failure USB interface failure m Serial interface failure m PCI card failure a Memory failure If a DIMM fails the firmware will unconfigure the entire logical bank associated with the failed module Another nonfailing logical bank must be present in the system for the system to attempt a degraded boot Note If POST or OpenBoot diagnostics detects a nonfatal error associated with the normal boot device the OpenBoot firmware automatically unconfigures the failed device and tries the next in line boot device as specified by the boot device configuration variable m Ifa fatal error is detected by POST or OpenBoot diagnostics the system does not boot regardless of the settings of auto boot or auto boot on error Fatal nonrecoverable errors include the following All CPUs failed All logical memory banks failed Flash RAM cyclical redundancy check CRC failure Critical field replaceable unit FRU PROM configuration data failure Critical application specific integrated circuit ASIC failure w To Enable ASR 1 Obtain the ok prompt See To Obtain the ok Prompt on page 30 2 Configure the system for ASR Type ok setenv diag switch true ok setenv auto boot true ok setenv auto boot on error true 50 Netra T2000 Server Administration Guide September 2006 3 Enable ASR Type ok reset all The system permanently stores the parameter changes and boots automatically
4. sc gt userperm newuser cr usershow username Displays a list of all user accounts permission sc gt usershow newuser levels and whether passwords are assigned FRU Commands The ALOM FRU commands can show installed FRUs TABLE 2 3 ALOM FRU Commands Command Summary Example removefru PS0 PS1 showfru Indicates if it is OK to perform a hot swap of a power supply Displays information about the FRUs field replaceable units in a host server sc gt removefru PSO sc gt showfru Chapter 2 Advanced Lights Out Manager 17 Log Commands The ALOM log commands display the console output and ALOM event buffers TABLE 2 4 ALOM Log Commands Command Summary Example consolehistory b Displays the host server console output sc gt consolehistory boot b 10 lines e lines g lines buffers The v option displays the entire v boot run contents of the specified log showlogs b lines e Displays the history of all events logged in sc gt showlogs b 100 lines g lines v the ALOM event buffer Status and Control Commands The ALOM status and control commands enable you to perform typically manual tasks with the server remotely TABLE 2 5 ALOM Status and Control Commands Command Summary Example bootmode skip iag Controls the host server boot method through sc gt bootmode reset_nvram diag reset_nvram the OpenBoot PROM firmware SC reset normal bootscript string bre
5. Navigation Between Consoles 7 Location of the Bezel Server Status and Alarm Status Indicators 40 Graphical Representation of Disk Striping 65 Graphical Representation of Disk Mirroring 66 x Netra T2000 Server Administration Guide September 2006 Tables TABLE 1 1 TABLE 1 2 TABLE 2 1 TABLE 2 2 TABLE 2 3 TABLE 2 4 TABLE 2 5 TABLE 2 6 TABLE 3 1 TABLE 3 2 TABLE 4 1 TABLE 4 2 TABLE 4 3 TABLE 4 4 TABLE 4 5 TABLE 4 6 TABLE 5 1 TABLE 6 1 TABLE A 1 TABLE A 2 Pin Crossovers for Connecting to a Typical Terminal Server 3 Entries for hardwire In the etc remote File 4 What ALOM Monitors 14 ALOM Configuration Commands 16 ALOM FRU Commands 17 ALOM Log Commands 18 ALOM Status and Control Commands 18 Other ALOM Commands 20 Methods of Obtaining the ok Prompt 30 OpenBoot Configuration Variables Stored on the System Configuration Card 31 LED Behavior and Meaning 38 LED Behaviors With Assigned Meanings 38 Bezel Server Status Indicators 40 Locator LED Commands 41 Alarm Indicators and Dry Contact Alarm States 42 Device Identifiers and Devices 45 SSH Server Attributes 57 Disk Slot Numbers Logical Device Names and Physical Device Names 67 Alarm3 Behavior 92 Watchdog Timer Error Messages 94 xi xii Netra T2000 Server Administration Guide September 2006 Preface The Netra T2000 Server Administration Guide provides information and detailed procedures that enable administ
6. v To Disable ASR 1 Obtain the ok prompt See To Obtain the ok Prompt on page 30 2 Unconfigure diagnostic modes Type ok setenv diag switch false 3 Disable ASR Type ok reset all The system permanently stores the parameter changes and boots automatically Updating the Firmware Updating or downgrading the firmware is accomplished using the flashupdate command from the ALOM prompt The flashupdate command updates the flash PROMs in the system controller and the server motherboard The flashupdate command requires the network management port to be connected to a suitable network The network management port must be configured so that it can recognize an external FTP server that contains the new firmware images to be downloaded To use the flashupdate command you need to know the following m IP address of the FTP server from which you want to download the firmware image m Path at which the image is stored m Username and password to enter at the prompts If you do not have this information ask your network administrator Chapter 4 Basic Administrative Tasks 51 The syntax for the flashupdate command is flashupdate s IPaddr pathname v where m s lPaddr is the IP address of an FTP server having the firmware image m f pathname is the full directory path to the firmware image file m v enables verbose output of the download and update progression Note flashu
7. 18 disablecomponent 18 45 enablecomponent 18 46 flashupdate 18 flashupdate command 52 FRU 17 help 20 log 18 logout 10 20 other 20 password 16 powercycle 19 poweroff 19 30 poweron 19 30 removefru 17 reset 19 30 resetsc 20 restartssh 60 setalarm 19 setdate 16 setkeyswitch 19 setlocator 19 setsc 5 16 setupsc 16 showcomponent 19 showdate 17 showenvironment 19 showfaults 19 showfru 17 showkeyswitch 19 showlocator 19 showlogs 18 shownetwork 6 19 showplatform 17 showsc 17 showusers 17 ssh keygen 60 status and control 18 useradd 17 userdel 17 userpassword 17 userperm 17 usershow 17 introduction 13 obtaining prompt from OpenBoot prompt 8 from Solaris console 8 software 14 tasks 101 backup 25 basic 20 email alerts 24 environmental information 21 locator 21 logging in 24 password 24 reconfiguring port 22 resetting 20 resetting host server 21 switching between consoles 21 user accounts 22 23 version 25 alphanumeric terminal setting baud rate 4 auto boot OpenBoot configuration variable 27 automatic system recovery disabling 51 enabling 50 error handling 49 overview 48 B bootmode ALOM command 18 bootmode reset_ nvram sc gt command 34 break ALOM command 10 18 29 Break key alphanumeric terminal 30 C cfgadm Solaris command 80 cfgadm install_device Solaris command cautions against using 81 cfgadm remove de
8. Caution Forcing a manual system reset results in loss of system state data and should be attempted only as a last resort After a manual system reset all state information is lost which inhibits troubleshooting the cause of the problem until the problem recurs Use the ALOM reset command or poweron and poweroff commands to reset the server Using these commands results in the loss of all system coherence and state information A manual system reset could corrupt the server s file systems although the sck command usually restores them Use this method only when nothing else works To Obtain the ok Prompt Decide which method you need to use to reach the ok prompt Follow the appropriate instructions in TABLE 3 1 TABLE 3 1 Methods of Obtaining the ok Prompt Method What to Do Graceful shutdown of From a shell or command tool window issue an appropriate the Solaris OS command for example the shutdown or init 0 command as described in Solaris system administration documentation Stop A keys or e From a Sun keyboard connected directly to the server press the Break key Stop and A keys simultaneously e From an alphanumeric terminal configured to access the system console press the Break key ALOM break and From the sc gt prompt type the break command Then issue the console commands console command provided the operating system software is not running and the server is already under OpenBoot firmware
9. LEDs 37 Activity disk drive LED 82 alarm status 39 critical 42 major 42 minor 43 user 43 interpreting 38 OK to Remove disk drive LED 81 server status 39 locator indicator 40 logical device name disk drive reference 67 logout ALOM command 10 20 M major alarm 42 manual device reconfiguration 46 unconfiguration 45 system reset 30 minimization domain 61 minor alarm 43 monitored components 14 multipathing 47 N network management port NET MGT 5 activating 5 configuring IP address 5 non mirrored disk hot plug operation 79 normally closed NC relay state 43 open NO relay state 43 ntwdt driver 88 O ok prompt obtaining ALOM break command 28 29 Break key 28 29 graceful system shutdown 29 LI A Stop A keys 28 manual system reset 28 30 risks in using 28 suspension of Solaris Operating System 28 ways to obtain 28 OK to Remove disk drive LED 81 OpenBoot commands go 28 probe ide 29 probe scsi all 29 set defaults 35 showenv 31 configuration variables auto boot 27 changing 31 default values 31 described table 31 restoring 34 emergency procedures 33 firmware control 27 obtaining prompt from ALOM 10 from Solaris 10 PROM overview 27 operating system software suspending 28 P parity 4 Index 103 password ALOM command 16 passwords changing ALOM 24 setting initial 15 users and security 55 patch panel terminal server connect
10. control Manual system reset 1 From the sc gt prompt type sc gt bootmode bootscript setenv auto boot false 2 Press Enter 3 Then type sc gt reset Netra T2000 Server Administration Guide September 2006 OpenBoot PROM Configuration Variables v To Change an OpenBoot PROM Configuration Variable Use the setenv command For example ok setenv diag switch true This example enables diagnostics TABLE 3 2 describes the OpenBoot firmware configuration variables stored in non volatile memory on the system The OpenBoot configuration variables are printed here in the order in which they appear when you issue the showenv command TABLE 3 2 OpenBoot Configuration Variables Stored on the System Configuration Card Variable Possible Values Default Value Description local mac address true false true If true network drivers use their own MAC address not the server MAC address fcode debug true false false If true includes name fields for plug in device FCodes scsi initiator id 0 15 7 SCSI ID of the serial attached SCSI controller oem logo true false false If true uses custom OEM logo otherwise uses Sun logo oem banner true false false If true uses custom OEM banner ansi terminal true false true If true enables ANSI terminal emulation screen columns 0 n 80 Sets number of columns on screen screen rows 0 n 34 Sets number of rows on screen Chapter 3 OpenBoot
11. format selecting c0t2d0 disk formatted FORMAT MENU disk type partition current format fdisk repair label analyze defect backup verify save inquiry volname lt cmd gt quit Searching for disks done AVAILABLE DISK SELECTIONS 0 cOtodo lt SUN72G cyl 14084 alt 2 hd 24 sec 424 gt pci 780 pci 0 pci 9 scsi 0 sd 0 0 1 cOt1d0 lt SUN72G cyl 14084 alt 2 hd 24 sec 424 gt pci 780 pci 0 pci 9 scsi 0 sd 1 0 2 c0t2d0 lt SUN72G cyl 14084 alt 2 hd 24 sec 424 gt pci 780 pci 0 pci 9 scsi 0 sd 2 0 Specify disk enter its number 2 select a disk select define a disk type select define a partition table describe the current disk format and analyze the disk run the fdisk program repair a defective sector write label to the disk surface analysis defect list management search for backup labels read and display labels save new disk partition definitions show vendor product and revision set 8 character volume name execute lt cmd gt then return Netra T2000 Server Administration Guide September 2006 3 Issue the type command at the format gt prompt then select 0 zero to autoconfigure the volume For example format gt type AVAILABLE DRIVE TYPES 0 Auto configure 1 DEFAULT 2 SUN72G 3 SUN72G 4 other Specify disk type enter its number 3 0 c0t2d0 configured with capacity of 68 23GB lt LSILOGIC LogicalVolume 3000 cyl 69866 alt 2 hd 16 sec 128 gt sel
12. http www sun com documentation 63 Disk Volumes From the perspective of the server s on board disk controller disk volumes are logical disk devices comprising one or more complete physical disks Once you create a volume the operating system uses and maintains the volume as if it were a single disk By providing this logical volume management layer the operating system overcomes the restrictions imposed by physical disk devices The on board disk controller of the server provides for the creation of as many as two hardware RAID volumes The controller supports either two disk RAID 1 integrated mirror or IM volumes or two three or four disk RAID 0 integrated stripe or IS volumes Note Due to the volume initialization that occurs on the disk controller when a new volume is created properties of the volume such as geometry and size are unknown RAID volumes created using the hardware controller must be configured and labeled using format 1M prior to use with the Solaris Operating System See To Configure and Label a RAID Volume on page 73 or the format 1M man page for further details Volume migration relocating all RAID volume disk members from one chassis to another is not supported If this operation must be performed contact Sun Service RAID Technology RAID technology allows for the construction of a logical volume made up of several physical disks to provide data redundancy increas
13. ALOM Shell Commands The following tables list some of more common ALOM shell commands and briefly describes what these commands do Configuration Commands on page 16 FRU Commands on page 17 Log Commands on page 18 Status and Control Commands on page 18 Other ALOM Commands on page 20 Many ALOM shell commands can be executed from the Solaris command line interface using the scadm command For example scadm loghistory Refer to the scadm man page for more information Configuration Commands The ALOM configuration commands set or show the configuration of various aspects of the system TABLE 2 2 ALOM Configuration Commands Command Summary Example password Changes the login password of the current sc gt password user setdate Sets the date and time when the managed sc gt setdate 091321451999 mmddHHMMyyyy operating system is not running MON SEP 13 21 45 00 1999 UTC setdefaults y a Resets all ALOM configuration parameters to sc gt setdefaults a their default values The y option enables you to skip the confirmation question The a option resets the user information to the factory default one admin account only setsc parameter value Sets the specified ALOM parameter to the sc gt setsc netsc_ipaddr 1 2 3 4 assigned value setupsc Runs the interactive configuration script This sc gt setupsc script configures the ALOM configuration variables 16 Netra T2000 Server Admin
14. Inc poss de les droits de propri t intellectuels relatifs la technologie d crite dans ce document En particulier et sans limitation ces droits de propri t intellectuels peuvent inclure un ou plusieurs des brevets am ricains list s sur le site http www sun com patents un ou les plusieurs brevets suppl mentaires ainsi que les demandes de brevet en attente aux les Etats Unis et dans d autres pays Ce document et le produit auquel il se rapporte sont prot g s par un copyright et distribu s sous licences celles ci en restreignent l utilisation la copie la distribution et la d compilation Aucune partie de ce produit ou document ne peut tre reproduite sous aucune forme par quelque moyen que ce soit sans l autorisation pr alable et crite de Sun et de ses bailleurs de licence s il y en a Tout logiciel tiers sa technologie relative aux polices de caract res comprise est prot g par un copyright et licenci par des fournisseurs de Sun Des parties de ce produit peuvent d river des syst mes Berkeley BSD licenci s par l Universit de Californie UNIX est une marque d pos e aux Etats Unis et dans d autres pays licenci e exclusivement par X Open Company Ltd Sun Sun Microsystems le logo Sun Java AnswerBook2 docs sun com Netra OpenBoot Sun Fire et Solaris sont des marques de fabrique ou des marques d pos es de Sun Microsystems Inc aux Etats Unis et dans d autres pays Toutes les marques SPARC sont
15. OpenBoot commands probe scsi probe scsi all1 or probe ide might hang the system Graceful Shutdown The preferred method of obtaining the ok prompt is to shut down the operating system by issuing an appropriate command for example the shutdown init or uadmin command as described in Solaris system administration documentation You can also use the system Power button to initiate a graceful system shutdown Gracefully shutting down the system prevents data loss enables you to warn users beforehand and causes minimal disruption You can usually perform a graceful shutdown provided the Solaris OS is running and the hardware has not experienced serious failure You can also perform a graceful system shutdown from the ALOM command prompt ALOM break or console Command Typing break from the sc gt prompt forces the server to change to OpenBoot firmware control If the operating system is already halted you can use the console command instead of break to reach the ok prompt Stop A Keys or Break Key When it is impossible or impractical to shut down the system gracefully you can obtain the ok prompt by typing the Stop A key sequence from a Sun keyboard If you have an alphanumeric terminal attached to the server press the Break key Note These methods of reaching the ok prompt will only work if the system console has been redirected to the appropriate port Chapter 3 OpenBoot PROM 29 30 Manual System Reset
16. PDF Online Documentation Support and Training Sun Function URL Documentation http www sun com documentation Support http www sun com support Training http www sun com training Preface xv Third Party Web Sites Sun is not responsible for the availability of third party web sites mentioned in this document Sun does not endorse and is not responsible or liable for any content advertising products or other materials that are available on or through such sites or resources Sun will not be responsible or liable for any actual or alleged damage or loss caused by or in connection with the use of or reliance on any such content goods or services that are available on or through such sites or resources xvi Sun Welcomes Your Comments Sun is interested in improving its documentation and welcomes your comments and suggestions You can submit your comments by going to http www sun com hwdocs feedback Please include the title and part number of your document with your feedback Netra T2000 Server Administration Guide part number 819 5837 10 Netra T2000 Server Administration Guide September 2006 CHAPTER 1 System Console This chapter explains how to access the system console to enable remote management and administration This chapter includes the following topics m Communicating With the System Console on page 1 m Switching Between the Consoles on page 6 Communicatin
17. PROM 31 TABLE 3 2 Variable Possible Values Default Value OpenBoot Configuration Variables Stored on the System Configuration Card Continued Description ttya rts dtr off ttya ignore cd ttya mode output device input device auto boot on error load base auto boot boot command boot file boot device use nvramrc nvramre security mode security password security badlogins true false true false 9600 8 n 1 virtual console screen virtual console keyboard true false 0 n true false variable name variable name variable name true false variable name none command full variable name variable name false true 9600 8 n 1 virtual console virtual console false 16384 true boot none disk net false none none none none If true operating system does not assert rts request to send and dtr data transfer ready on serial management port If true operating system ignores carrier detect on serial management port Serial management port baud rate bits parity stop handshake The serial management port only works at the default values Power on output device Power on input device If true boots automatically after system error Address If true boots automatically after power on or reset Action following a boot command File from which to boot if diag switch i
18. Port on page 22 Configure email alerts and mail host Type sc gt setsc if_emailalerts true sc gt setsc mgt_mailhost ipaddress1 Configure each alert recipient Type sc gt setsc mgt_mailalert emailaddress alertlevel where m emailaddress is in the form of emailusername maildomain m alertlevel is 1 for critical 2 for major and 3 for minor Repeat Step 3 for each alert recipient ALOM email alerts are displayed in the following format 24 Netra T2000 Server Administration Guide September 2006 HOSTID SEVENT STIME CUSTOMERINFO HOSTNAME message v To Back Up Your ALOM Configuration You should periodically create a backup file on a remote system that records ALOM configuration settings e As superuser open a terminal window and type usr platform SUNW Netra210 sbin scadm show gt remote filename usr platform SUNW Netra210 sbin scadm usershow gt remote filename Use a meaningful file name that includes the name of the server that ALOM controls Later you can refer to this file to restore the settings if necessary v To Display Your ALOM Version To display your ALOM version type sc gt showsc version Advanced Lights Out Manager v1 6 Chapter 2 Advanced Lights Out Manager 25 26 Netra T2000 Server Administration Guide September 2006 CHAPTER 3 OpenBoot PROM This chapter describes the function methods of obtaining
19. RAID Volume RAID RAID Disk Volume Type Status Disk Status cOtodo TM OK c0c0g0 OK c0t1d0 OK In this example the RAID volume is c0t1 0 Note The logical device names might appear differently on your system depending on the number and type of add on disk controllers installed 76 Netra T2000 Server Administration Guide September 2006 3 To delete the volume type the following command raidctl d mirrored volume For example raidctl d c0t0 0 RAID Volume c0Ot0do deleted If the RAID volume is an IS volume the deletion of the RAID volume is interactive for example raidctl d c0t0 0 Deleting volume c0t0 0 will destroy all data it contains proceed yes no yes Volume cO0t0d0 deleted The deletion of an IS volume results in the loss of all data that it contains As an alternative you can use the f option to force the deletion if you are sure that you no longer need the IS volume or the data it contains For example raidctl f d c0t0 0 Volume cOt0d0 deleted 4 To confirm that you have deleted the RAID array type the following command raidctl For example raidctl No RAID volumes found For more information see the raidct1 1M man page Chapter 6 Managing Disk Volumes 77 v To Perform a Mirrored Disk Hot Swap Operation 1 Verify which hard drive corresponds with which logical devi
20. SSH Host Keys 60 Additional Security Considerations 60 Special Key Sequences for RTOS Shell Access 60 Domain Minimization 61 Solaris Operating System Security 61 6 Managing Disk Volumes 63 RAID Requirements 63 Disk Volumes 64 RAID Technology 64 Integrated Stripe Volumes RAID 0 65 vi Netra T2000 Server Administration Guide September 2006 Integrated Mirror Volumes RAID 1 65 Hardware RAID Operations 66 Slot Numbers and Device Names for Non RAID Disks 67 To Create a Mirrored Volume 67 To Create a Mirrored Volume of the Default Boot Device 70 To Create a Striped Volume 71 To Configure and Label a RAID Volume 73 To Delete a RAID Volume 76 To Perform a Mirrored Disk Hot Swap Operation 78 lt 4 4 4 4 4 To Perform a Nonmirrored Disk Hot Swap Operation 79 A Watchdog Timer Application Mode 85 Understanding the Watchdog Timer Application Mode 85 Watchdog Timer Limitations 86 Using the ntwdt Driver 88 Understanding the User API 88 Using the Watchdog Timer 89 Setting the Timeout Period 89 Enabling or Disabling the Watchdog 89 Rearming the Watchdog 90 Getting the State of the Watchdog Timer 90 Finding and Defining Data Structures 90 Example Watchdog Program 91 Programming Alarm3 92 Watchdog Timer Error Messages 94 B Alarm Relay Output Application Programming Interface 95 Contents vii viii Netra T2000 Server Administration Guide September 2006 FIGURE 1 1 FIGURE 4 1 FIGURE 6 1 FIGURE 6 2 Figures
21. Whena serious hardware problem develops while the system is running the operating system transitions smoothly to run level 0 Before You Obtain the ok Prompt Note Accessing the ok prompt suspends the Solaris OS Before suspending the operating system you should back up files warn users of the impending shutdown and bring the system down in an orderly manner Caution When you access the ok prompt from a functioning server you are suspending the Solaris OS and placing the system under firmware control Any processes that were running under the operating system are also suspended and the state of such processes might not be recoverable The commands you run from the ok prompt have the potential to affect the state of the system This means that it is not always possible to resume execution of the operating system from the point at which it was suspended Although the go command will resume execution in most circumstances in general each time you obtain the ok prompt you should expect to have to reboot the system to get back to the operating system Obtaining the ok Prompt There are several ways to obtain the ok prompt In order of desirability these are Graceful shutdown ALOM break and console command Stop A keys or Break key Manual system reset 28 Netra T2000 Server Administration Guide September 2006 Note After forcing the system into OpenBoot firmware control be aware that issuing certain
22. XXX XXX Netmask xxx xxx xxx xX Gateway xxx xxx xxx xxx DNS Domain xxxx xXxXxX xXxx Primary DNS Server xxx xxx xxx xx Secondary DNS Server xxx xxx xx x Connection type ssh telnet none ssh Rebooting the SC is required for changes in the above network settings to take effect lom gt Features Not Supported by SSH The SSH server on the server does not support the following features Remote command line execution scp command secure copy program sftp command secure file transfer program Port forwarding Key based user authentication SSH v1 clients If you try to use any of the above features an error message is generated For example if you type the following command ssh SCHOST showboards The following messages are generated m On the SSH client Connection to SCHOST closed by remote host Chapter 5 Securing the Server 59 m On the SC console 0x89 1e0 sshdSessionServerCreate no server registered for showboards 0x89 1e0 sshd Failed to create sshdSession Changing SSH Host Keys It is good security practice to obtain new host keys periodically If you suspect that the host key might be compromised you can use the ssh keygen command to regenerate system host keys Host keys once generated can only be replaced and not deleted without resorting to the setdefaults command For newly generated host keys to be activated the SSH server must be res
23. a session network connection 11 serial port 10 tip Solaris command 4 toggling between prompts 21 U uadmin Solaris command 29 user alarm 43 useradd ALOM command 17 userdel ALOM command 17 userpassword ALOM command 17 userperm ALOM command 17 usershow ALOM command 17 W watchdog timer APIs 88 application mode 85 data structures 90 disabling 89 enabling 89 error messages 94 example program 91 getting state of 90 IOCTLs 88 limitations 86 programming alarm3 92 rearming 90 setting timeout period 89 Index 105 106 Netra T2000 Server Administration Guide September 2006
24. amp Sun microsystems Netra T2000 Server Administration Guide Sun Microsystems Inc www sun com Part No 819 5837 10 September 2006 Revision A Submit comments about this document at http www sun com hwdocs feedback Copyright 2006 Sun Microsystems Inc 4150 Network Circle Santa Clara California 95054 U S A All rights reserved Sun Microsystems Inc has intellectual property rights relating to technology fiat is described in this document In particular and without limitation these intellectual property rights may include one or more of the U S patents listed at http www sun com patents and one or more additional patents or pending patent applications in the U S and in other countries This document and the product to which it pertains are distributed under licenses restricting their use copying distribution and decompilation No part of the product or of this document may be reproduced in any form by any means without prior written authorization of Sun and its licensors if any Third party software including font technology is copyrighted and licensed from Sun suppliers Parts of the pose may be derived from Berkeley BSD systems licensed from the University of California UNIX is a registered trademark in the U S and in other countries exclusively licensed through X Open Company Ltd Sun Sun Microsystems the Sun logo Java AnswerBook2 docs sun com Netra OpenBoot SunFire and Solaris are trademar
25. and configuration of the OpenBoot PROM Topics include OpenBoot PROM Overview on page 27 Before You Obtain the ok Prompt on page 28 Obtaining the ok Prompt on page 28 OpenBoot PROM Configuration Variables on page 31 OpenBoot Emergency Procedures on page 33 OpenBoot PROM Overview The OpenBoot PROM is the low level firmware that enables the server to boot into the Solaris Operating System Once running Solaris the OpenBoot PROM releases control of the server to the Solaris OS Under certain conditions the OpenBoot PROM will regain control of the server A list of scenarios under which OpenBoot firmware control can occur follows When you deliberately place the system under firmware control in order to execute firmware based commands This situation most often concerns you as an administrator since there will be times when you need to obtain the ok prompt By default before the operating system is installed the system comes up under OpenBoot firmware control When the auto boot OpenBoot variable is set to false the system boots to the ok prompt When the operating system is halted the system transitions to run level 0 in an orderly way When the operating system crashes the system reverts to OpenBoot firmware control 27 m During the boot process when there is a serious hardware problem that prevents the operating system from running the system reverts to OpenBoot firmware control m
26. device s n LOM_DEVICE return 1 Set Alarm3 to on state ald state ALARM ON ioctl fd LOMIOCALCTL void amp ald Get Alarm3 state ioctl fd LOMIOCALSTATE char amp ald printf alarm d state d n ald alarm_no ald state Set Alarm3 to off state ald state ALARM OFF ioctl fd LOMIOCALCTL char amp ald Get Alarm3 state ioctl fd LOMIOCALSTATE char amp ald printf alarm d state d n ald alarm no ald state close d return 0 Appendix A Watchdog Timer Application Mode 93 Watchdog Timer Error Messages TABLE A 2 describes watchdog timer error messages that might be displayed and what they mean TABLE A 2 Watchdog Timer Error Messages Error Message EAGAIN EFAULT EINVAL EINTR ENXIO Meaning An attempt was made to open more than one instance of open on dev ntwdt A bad user space address was specified A nonexistent control command was requested or invalid parameters were supplied A thread awaiting a component state change was interrupted The driver is not installed in the system 94 Netra T2000 Server Administration Guide September 2006 APPENDIX Alarm Relay Output Application Programming Interface This appendix provides an example program that illustrates how to get or set the status of the alarms The application can use the LOMIOCALSTATE ioctl function to
27. from the system s machine description prior to the hand off to other layers of system firmware such as OpenBoot PROM To Unconfigure a Device Manually Obtain the ALOM prompt See Switching Between the Consoles on page 6 At the sc gt prompt type sc gt disablecomponent asr key where asr key is one of the device identifiers from TABLE 4 6 Note The device identifiers are not case sensitive You can type them as uppercase or lowercase characters TABLE 4 6 Device Identifiers and Devices Device Identifiers Devices MB CMPcpu number Pstrand number CPU strand Number 0 31 PCIEslot number PCIXslot number TOBD PCTI ha PCI E slot Number 0 2 PCI X Number 0 1 PCI E leaf A pci 780 Chapter 4 Basic Administrative Tasks 45 TABLE 4 6 Device Identifiers and Devices Continued Device Identifiers Continued Devices Continued TOBD PCTEb PCI E leaf B pci 7c0 TTYA DB9 serial port MB CMPO CHchannel number Rrank number Ddimm number DIMMS v To Reconfigure a Device Manually 1 Obtain the ALOM prompt See Switching Between the Consoles on page 6 2 At the sc gt prompt type sc gt enablecomponent asr key where asr key is any device identifier from TABLE 4 6 Note The device identifiers are not case sensitive You can type them as uppercase or lowercase characters You can use the ALOM enablecomponent command t
28. hard drive corresponds with which logical device name and physical device name See Slot Numbers and Device Names for Non RAID Disks on page 67 To verify the current hardware RAID configuration type raidctl No RAID volumes found Chapter 6 Managing Disk Volumes 67 The preceding example indicates that no RAID volume exists In another case raidctl RAID Volume RAID RAID Disk Volume Type Status Disk Status coOtodo TM OK c0c0g0 OK c0t1d0 OK In this example a single IM volume has been enabled It is fully synchronized and is online The server s on board SAS controller can configure as many as two RAID volumes Prior to volume creation ensure that the member disks are available and that there are not two volumes already created The values provided in the RAID Status column are described as follows OK The RAID volume is online and fully synchronized RESYNCING The data between the primary and secondary member disks in an IM are still synchronizing DEGRADED A member disk has failed or is otherwise offline FAILED The volume should be deleted and reinitialized This can occur when any member disk in an IS volume is lost or when both disks are lost in an IM volume The values provided in the Disk Status column are described as follows OK The drive is online and functioning properly FAILED MISSING or OFFLINE The disk has hardware or configuration issues
29. hardening your system These steps are guidelines for system configuration m Implement security modifications immediately after updating the Sun Fire Real Time Operating System RTOS and SC application firmware and before configuring or installing any Sun Fire domains m In general restrict access to the SC operating system RTOS m Limit physical access to serial ports m Expect to reboot depending upon the configuration changes 55 Defining the Console Password The only restrictions on SC console passwords are the character set supported by ASCII and the terminal emulator in use The SC uses the MD5 algorithm to generate a hash of the password entered Correspondingly all characters entered are significant A minimum password length of 16 characters promotes the use of pass phrases instead of passwords Passwords should be composed of a mixture of lowercase uppercase numeric and punctuation characters For information on how to set the console password see the Netra T2000 Server Installation Guide 819 5838 Using the SNMP Protocol Default Configuration Simple Network Management Protocol SNMP is commonly used to monitor and manage networked devices and servers By default SNMP is disabled Note The use of Sun Management Center software requires SNMP However since the SC does not support a secure version of the SNMP protocol do not enable SNMP unless you must use Sun Management Center software Reboo
30. int reset_enable reset enabled if non zero int dog_enable watchdog enabled if non zero uint_t dog_timeout Current watchdog timeout lom_dogstate_t m The watchdog and reset control data structure is as follows 90 Netra T2000 Server Administration Guide September 2006 CODE EXAMPLE A 2 Watchdog and Reset Control Data Structure typedef struct int reset_enable reset enabled if non zero int dog_enable watchdog enabled if non zero lom_dogctl_t Example Watchdog Program Following is a sample program for the watchdog timer CODE EXAMPLE A 3 Example Watchdog Program include lt sys types h gt include lt fcntl h gt include lt unistd h gt include lt sys stat h gt include lt lom_io h gt int main uint_t timeout 30 30 seconds lom_dogctl_t dogctl int fd dogctl reset_enable 1 dogctl dog_enable 1 fd open dev ntwdt O_EXCL Set timeout ioctl fd LOMIOCDOGTIME void amp timeout Enable watchdog ioctl fd LOMIOCDOGCTL void amp dogctl Keep patting while 1 ioctl fd LOMIOCDOGPAT NULL sleep 5 return 0 Appendix A Watchdog Timer Application Mode 91 Programming Alarm3 Alarm3 is available to Solaris Operating System users independent of the watchdog mode Alarm3 or system alarm on and off have been redefined see TABLE A 1 Set the value of Alarm
31. obtain the status of each alarm and the LOMIOCALCTL ioctl function to set the alarms individually For more details on the alarm indicators see Alarm Status Indicators on page 41 CODE EXAMPLE B 1 Example Program to get and set Status of the Alarms include include include include include include lt sys types h gt lt string h gt lt stdlib h gt lt sys unistd h gt lt fcntl h gt lom_io h define ALARM_INVALID 1 define LOM_DEVICE dev lom static void usage static void get_alarm const char alarm static int set alarm const char alarm const char alarmval static int parse_alarm const char alarm static int lom_ioctl int ioc char buf static char get_alarmval int state static void get_alarmvals main int argc char argv if argc lt 3 usage if argc 1 95 CODE EXAMPLE B 1 Example Program to get and set Status of the Alarms Continued get_alarmvals exit 1 if strcmp argv l get 0 if argc 3 usage exit 1 get_alarm argv 2 else if stremp argv 1 set 0 if arge 4 usage exit 1 set_alarm argv 2 argv 3 else usage exit 1 static void usage printf usage alarm get set crit major minor user static void get_alarm const char alarm ts_aldata_t ald int altype parse_alarm alarm char val if altype ALA
32. the network interfaces a m full path name Specifies the device or network interface by its full path name Note The Solaris OS modifies the boot device variable to its full path name not the alias name If you choose a nondefault boot device variable the Solaris OS specifies the full device path of the boot device Note You can specify the name of the program to be booted as well as the way the boot program operates For more information refer to the OpenBoot 4 x Command Reference Manual in the OpenBoot Collection AnswerBook for your specific Solaris OS release If you want to specify a network interface other than an on board Ethernet interface as the default boot device you can determine the full path name of each interface by typing ok show devs The show devs command lists the system devices and displays the full path name of each PCI device Netra T2000 Server Administration Guide September 2006 Note To boot off of a network interface you must have a boot server available on the network Unconfiguring and Reconfiguring Devices To support a degraded boot capability the ALOM firmware provides the disablecomponent command which enables you to unconfigure system devices manually This command creates an entry in the ASR database with the specified device flagged as disabled Any device marked disabled whether manually or by the system s firmware diagnostics is removed
33. utilis es sous licence et sont des marques de fabrique ou des marques d pos es de SPARC International Inc aux Etats Unis et dans d autres pays Les produits portant les marques SPARC sont bas s sur une architecture d velopp e par Sun Microsystems Inc L interface utilisateur graphique OPEN LOOK et Sun a t d velopp e par Sun Microsystems Inc pour ses utilisateurs et licenci s Sun reconna t les efforts de pionniers de Xerox dans la recherche et le devo pement du concept des interfaces utilisateur visuelles ou graphiques pour l industrie informatique Sun d tient une license non exclusive de Xerox sur l interface utilisateur graphique Xerox cette licence couvrant galement les licenci s de Sun impl mentant les interfaces utilisateur graphiques OPEN LOOK et se conforment en outre aux licences crites de Sun LA DOCUMENTATION EST FOURNIE EN L TAT ET TOUTES AUTRES CONDITIONS DECLARATIONS ET GARANTIES EXPRESSES OU TACITES SONT FORMELLEMENT EXCLUES DANS LA LIMITE DE LA LOI APPLICABLE Y COMPRIS NOTAMMENT TOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE A L APTITUDE A UNE UTILISATION PARTICULIERE OU A L ABSENCE DE CONTREFA ON mom ca Adobe PostScript Contents Preface xiii 1 System Console 1 Communicating With the System Console 1 Serial Management Port 1 Establishing Communication With the Serial Management Port 2 Network Management Port 5 Switching Between the Consoles 6 ALOM sc gt P
34. 16 showcomponent ALOM command 19 showdate ALOM command 17 showenv OpenBoot command 31 showenvironment ALOM command 19 showfaults ALOM command 19 showfru ALOM command 17 showkeyswitch ALOM command 19 showlocator ALOM command 19 showlogs ALOM command 18 shownetwork ALOM command 6 19 showplat form ALOM command 17 showsc ALOM command 17 showusers ALOM command 17 shutdown Solaris command 29 30 SNMP 56 Solaris commands 104 Netra T2000 Server Administration Guide September 2006 cfgadm 80 cfgadm install device cautions against using 81 cfgadm remove_device cautions against using 81 fsck 30 init 29 30 init 0 10 raidctl 67 to 79 shutdown 29 30 telnet 14 tip 4 uadmin 29 Solaris console connecting from ALOM prompt 9 SSH changing host keys 60 enabling 57 features not supported 59 ssh keygen ALOM command 60 status indicators 37 alarm 39 42 critical 42 major 42 minor 43 user 43 interpreting 38 server 39 Stop A USB keyboard functionality 33 Stop D USB keyboard functionality 35 Stop F USB keyboard functionality 35 Stop N USB keyboard functionality 34 suspending the operating system software 28 switching between consoles 6 system console 1 fault displaying 46 hardening 55 T telnet Solaris command 14 terminal server accessing system console from 2 connection through patch panel 2 pinouts for crossover cable 3 terminating
35. 22 To Add ALOM User Accounts on page 23 To Remove an ALOM User Account on page 23 To Log In to ALOM on page 24 To Change an ALOM Password on page 24 To Set Up Email Alerts on page 24 To Back Up Your ALOM Configuration on page 25 To Display Your ALOM Version on page 25 v To Reset ALOM Resetting ALOM reboots the ALOM software Reset ALOM after you have changed settings for ALOM or if ALOM stops responding for any reason e At the sc gt prompt type resetsc 20 Netra T2000 Server Administration Guide September 2006 v To Switch Between the System Console and ALOM e To switch from the console to the ALOM sc gt prompt type hash period To switch from the sc gt prompt to the console type console v To Control the Locator LED To turn the LED on and off use the setlocator command To check the state of the LED use the showlocator command The LED can also be controlled at the Solaris superuser prompt using the locator command v To Reset the Host Server 1 Type the poweroff command This message is displayed SC Alert Host system has shut down 2 Type the poweron command w To View Environmental Information About the Server ALOM can display system temperatures hard drive status power supply and fan status front panel LED status rotary switch position voltage and current sensors alarm status and so on e To view environmental informatio
36. 3 using the LOMIOCALCTL IOCTL You can program Alarm3 the same way you set and clear Alarm1 and Alarm2 The following table presents the behavior of Alarm3 TABLE A 1 Alarm3 Behavior Alarm3 Relay System LED Green Poweroff On COM gt NC Off Poweron LOM up On COM gt NC Off Solaris running Off COM gt NO On Solaris not running On COM gt NC Off Host WDT expires On COM gt NC Off User sets to on On COM gt NC Off User sets to off Off COM gt NO On where m COM means the common line m NC means normally closed m NO means normally open To summarize the data in the table m Alarm3 on Relay COM gt NC System LED off m Alarm3 off Relay COM gt NO System LED on When programmed you can check Alarm3 or the system alarm with the showalarm command and the argument system For example sc gt showalarm system system alarm is on 92 Netra T2000 Server Administration Guide September 2006 The data stru follows CODE EXAMPLE cture used with the LOMIOCALCTL and LOMIOCALSTATE IOCTLs is as A 4 LOMIOCALCTL and LOMIOCALSTATE IOCTL Data Structure include lt fentl h gt include lt lom_io h gt define LOM_DEVICE dev lom define A define A int main LARM_OFF 0 LARM_ON 1 int fd ret lom_aldata_t ald ald alarm_no ALARM _NUM_3 ald state ALARM OFF fd open LOM_DEVICE O_RDWR if fd 1 printf Error opening
37. AID volume c0t0d0 appears as a disk to the Solaris installation program Note The logical device names might appear differently on your system depending on the number and type of add on disk controllers installed v To Create a Striped Volume 1 Verify which hard drive corresponds with which logical device name and physical device name See Slot Numbers and Device Names for Non RAID Disks on page 67 Chapter 6 Managing Disk Volumes 71 72 2 Optional To verify the current RAID configuration type raidctl No RAID volumes found The preceding example indicates that no RAID volume exists Note The logical device names might appear differently on your system depending on the number and type of add on disk controllers installed Type the following command raidctl c r 0 disk disk2 The creation of the RAID volume is interactive by default For example raidctl c r 0 c0t1 0 c0t2d0 c0t3d0 Creating RAID volume c0t1 0 will destroy all data on member disks proceed yes no yes Volume c0Ot1d0 created When you create a RAID striped volume the other member drives in this case c0t2d0 and c0t3 0 disappear from the Solaris device tree As an alternative you can use the f option to force the creation if you are sure of the member disks and sure that the data on all other member disks can be lost For example raidctl f c r 0 cOt1d0
38. Obtaining the ok Prompt 28 Graceful Shutdown 29 ALOM break or console Command 29 Stop A Keys or Break Key 29 Manual System Reset 30 v To Obtain the ok Prompt 30 OpenBoot PROM Configuration Variables 31 v To Change an OpenBoot PROM Configuration Variable 31 OpenBoot Emergency Procedures 33 Stop A Functionality 33 Stop N Functionality 34 w To Restore OpenBoot Configuration Defaults 34 Stop F Functionality 35 Stop D Functionality 35 Basic Administrative Tasks 37 Status Indicators 37 Interpreting Status LEDs 38 Bezel Server Status Indicators 39 Alarm Status Indicators 41 Selecting a Boot Device 43 v To Select a Boot Device 44 Unconfiguring and Reconfiguring Devices 45 w To Unconfigure a Device Manually 45 w To Reconfigure a Device Manually 46 Displaying System Fault Information 46 w To Display System Fault Information 46 Multipathing Software 47 Storing FRU Information 48 Contents v v To Store Information in Available FRU PROMs 48 Automatic System Recovery 48 Autoboot Options 49 v To Enable Automatic Degraded Boot 49 Error Handling Summary 49 v ToEnable ASR 50 v To Disable ASR 51 Updating the Firmware 51 v To Update the Server Firmware 52 5 Securing the Server 55 Security Guidelines 55 Defining the Console Password 56 Using the SNMP Protocol Default Configuration 56 Rebooting the System Controller to Implement Settings 56 Selecting a Remote Connection Type 57 Enabling SSH 57 Features Not Supported by SSH 59 Changing
39. PROM go to the ALOM prompt by typing the escape sequence then terminate the ALOM prompt session by typing logout and pressing Return sc gt logout m If you are connected through a terminal server invoke the terminal server s command to disconnect the connection m If the connection was established using a tip command then type the tip exit sequence tilde and a period Pe 10 Netra T2000 Server Administration Guide e September 2006 v To Terminate a Session When Connected to the System Controller Through a Network Connection 1 If you are at the Solaris prompt or the OpenBoot PROM go to the ALOM prompt by typing the escape sequence 2 Terminate the ALOM prompt session by using the logout command The remote session terminates automatically sc gt logout Connection closed by foreign host 9 Chapter 1 System Console 11 12 Netra T2000 Server Administration Guide September 2006 CHAPTER 2 Advanced Lights Out Manager This chapter describes using Advanced Lights Out Manager ALOM for remote administration of your server Topics include m ALOM Overview on page 13 m ALOM Shell Commands on page 16 m Basic ALOM Tasks on page 20 More information about ALOM is available in the Advanced Lights Qut Manager CMT v1 2 Guide 819 6672 10 ALOM Overview ALOM Features ALOM is a system controller that comes preinstalled on your server and is available as soon as you
40. RM_INVALID usage exit 1 ald alarm no altype ald alarm state ALARM_OFF lom_ioctl LOMIOCALSTATE char amp ald on off n 96 Netra T2000 Server Administration Guide September 2006 CODE EXAMPLE B 1 printf ALARM s s n static int set_alarm const char alarm ald ALARM_OFF ts_aldata_t int alarmval Example Program to get and set Status of the Alarms Continued if ald alarm state ALARM OFF amp amp ald alarm state ALARM ON printf Invalid value returned d n ald alarm state exit 1 alarm get_alarmval ald alarm state const char alarmstate altype parse_alarm alarm if altype ALARM_INVALID usage exit 1 if strcmp alarmstate on 0 alarmval ALARM_ON else if strcmp alarmstate off 0 alarmval ALARM_OFF else usage exit 1 ald alarm no altype ald alarm state alarmval char amp ald 0 LARM s to s failed n l alarm alarmstate alarm if lom_ioctl LOMIOCALCTL printf Setting A return 1 else printf Setting A alarmstate return 1 static int parse_alarm const char alarm int altype LARM s successfully set to s n Appendix B Alarm Relay Output Application Programming Interface 97 CODE EXAMPLE B 1 Example Program to get and set Status of the Alarms Continued
41. ak y c Drops the host server from the system into sc gt break OpenBoot PROM or kadb clearasrdb Removes all entries from the asr db sc gt clearasrdb clearfault UUID console f disablecomponent asrkey enablecomponent asrkey flashupdate s IPaddr f pathname v blacklist Manually clears host detected faults UUID is the unique fault ID of the fault to be cleared Connects to the host system console The f option forces the console write lock from one user to another Adds a component to the asr db blacklist where asrkey is the component to disable Removes a component from the asr db blacklist where asrkey is the component to enable Updates the ALOM firmware This command downloads main and bootmon firmware images to ALOM SC gt SC gt clearfault 1234 console i sablecomponent MB CMP0 CH3 R1 D1 SC gt enablecomponent MB CMP0 CH3 R1 D1 SC gt flashupdate s 1 2 3 4 f usr platform SUNW Netra210 li b images alommainfw 18 Netra T2000 Server Administration Guide September 2006 TABLE 2 5 Command ALOM Status and Control Commands Continued Summary Example powercycle poweroff y f poweron c FRU setalarm critical major minor user on o setkeyswitch y normal stby diag locked setlocator on off showcomponent showfaults v showenvironment showkeyswitch showlocator shownetwork v Perfor
42. ancy where two complete copies of all data are stored on two separate disks to protect against loss of data due to disk failure One logical volume is duplicated on two separate disks Chapter 6 Managing Disk Volumes 65 FIGURE 6 2 Graphical Representation of Disk Mirroring Whenever the operating system needs to write to a mirrored volume both disks are updated The disks are maintained at all times with exactly the same information When the operating system needs to read data it reads from whichever disk is more readily accessible at the moment which can result in enhanced performance for read operations Caution Creating RAID volumes using the on board disk controller destroys all data on the member disks The disk controller s volume initialization procedure reserves a portion of each physical disk for metadata and other internal information used by the controller Once the volume initialization is complete you can configure the volume and label it using format 1M You can then use the volume in the Solaris Operating System 66 Hardware RAID Operations On the server the SAS controller supports mirroring and striping using the Solaris OS raidctl utility A hardware RAID volume created under the raidct1 utility behaves slightly differently than one created using volume management software Under a software volume each device has its own entry in the virtual device tree and read write operations are performed to both v
43. ary event is taking place for which direct proportional feedback is not needed or not feasible Bezel Server Status Indicators FIGURE 4 1 shows the location of the bezel indicators and TABLE 4 3 provides information about the server status indicators Chapter 4 Basic Administrative Tasks 39 Fault Acti Locator Alarm status indicators Critical red Major red Minor amber User amber FIGURE 4 1 Location of the Bezel Server Status and Alarm Status Indicators TABLE 4 3 Bezel Server Status Indicators Indicator LED Color LED State Component Status Locator White On Server is identified with the superuser locator or ALOM setlocator command Off Normal state Fault Amber On The server has detected a problem and requires the attention of service personnel Off The server has no detected faults Activity Green On The server is powered up and running the Solaris Operating System Off Either power is not present or the Solaris software is not running 40 Netra T2000 Server Administration Guide September 2006 You can check the status and turn the Locator LED on and off from either the superuser or ALOM prompt TABLE 4 4 lists the commands TABLE 4 4 Locator LED Commands Prompt Status Turn On Turn Off Superuser usr sbin locator usr sbin locator n usr sbin locator f ALOM sc gt showlocator sc gt setlocator on sc gt setlocator off Alarm Status Indicators The
44. atchdog timer Your applications running on the host can configure and use the watchdog timer enabling you to detect fatal problems from applications and to recover automatically m Program Alarm3 This capability enables you to generate this alarm in case of critical problems in your applications The setupsc command an existing command for ALOM can be used to configure the recovery for the system watchdog only sc gt setupsc The system controller configuration should be as follows SC POST diag Level off Host Watchdog enabled Rocker Switch enabled Secure Mode off PROC RTUs installed 0 PROC Headroom quantity 0 to disable 4 MAX 0 The recovery configuration for the application watchdog is set using input output control codes IOCTLs that are issued to the ntwdt driver Watchdog Timer Limitations The limitations of the watchdog timer mode include m In the case of the watchdog timer expiration detected by the system controller the recovery is attempted only once there are no further attempts of recovery if the first attempt fails to recover the domain m If the application watchdog is enabled and you break into the OpenBoot PROM by issuing the break command from the system controller s sc gt prompt the system controller automatically disables the watchdog timer 86 Netra T2000 Server Administration Guide September 2006 Note The system controller displays a console message as a remi
45. c0t2d0 c0t3d0 Volume c0Ot1d0 created Netra T2000 Server Administration Guide September 2006 4 Optional To check the status of a RAID striped volume type the following command raidctl RAID Volume RAID RAID Disk Volume Type Status Disk Status c0t1d0_ IS OK cOt1d0 OK c0t2d0 OK c0c3g0 OK The example shows that the RAID striped volume is online and functioning Under RAID 0 disk striping there is no replication of data across drives The data is written to the RAID volume across all member disks in a round robin fashion If any one disk is lost all data on the volume is lost For this reason RAID 0 cannot be used to ensure data integrity or availability but can be used to increase write performance in some scenarios For more information about the raidct1 utility see the raidct1 1M man page v To Configure and Label a RAID Volume After a creating a RAID volume using raidct1 use format 1M to configure and label the volume before attempting to use it in the Solaris Operating System 1 Start the format utility format The format utility might generate messages about corruption of the current label on the volume which you are going to change You can safely ignore these messages Chapter 6 Managing Disk Volumes 73 74 2 Select the disk name that represents the RAID volume that you have configured In this example c0t2 0 is the logical name of the volume
46. ce name and physical device name See Slot Numbers and Device Names for Non RAID Disks on page 67 If the Disk Status is FAILED then the drive can be removed and a new drive inserted Upon insertion the new disk status should be OK and the volume should be RESYNCING 2 To confirm a failed disk type the following command raidctl For example raidctl RAID Volume RAID RAID Disk Volume Type Status Disk Status c0t1d0 IM DEGRADED c0t1d0 OK c0t2d0 FAILED This example indicates that the disk mirror has degraded due to a failure in disk c0t2d0 Note The logical device names might appear differently on your system depending on the number and type of add on disk controllers installed 3 Remove the hard drive as described in the server service manual There is no need to issue a software command to bring the drive offline when the drive has failed 4 Install a new hard drive as described in the server service manual The RAID utility automatically restores the data to the disk 78 Netra T2000 Server Administration Guide September 2006 5 To check the status of a RAID rebuild type the following command raidctl For example raidctl RAID Volume RAID RAID Disk Volume Type Status Disk Status cOt140 IM RESYNCING cOt140 OK c0t2d0 OK This example indicates that RAID volume c0t1d0 is resynchronizing If you issue the command again once synchroni
47. cedures are summarized in FIGURE 1 1 6 Netra T2000 Server Administration Guide September 2006 Type init 0 Solaris OS gt OpenBoot PROM prompt prompt ok Type boot ALOM shell prompt sc gt FIGURE 1 1 Navigation Between Consoles ALOM sc gt Prompt The ALOM runs independently of the server and regardless of the server power state When you connect the server to source power the ALOM immediately starts up and begins monitoring the system Note To view ALOM boot messages you must connect an alphanumeric terminal to the serial management port before connecting the power cords to the server The sc gt prompt indicates that you are interacting with the ALOM directly It is the first prompt you see when you log in to the system through the serial management port or network management port regardless of system power state Note When you access the ALOM for the first time and you issue an administrative command the system controller forces you to create a password for the default username admin for subsequent access After this initial configuration you are prompted to enter a user name and password every time you access the ALOM For more information about ALOM see Chapter 2 Chapter 1 System Console 7 v To Obtain the ALOM Prompt From the Solaris Console e When connected to the Solaris console type the escape sequence to take the console to the ALOM prompt By default the e
48. ded 5 Type the resetsc command to reset ALOM sc gt resetsc Are you sure you want to reset the SC y n y User Requested SC Shutdown Note To bypass the confirmation prompt use the y flag with the resetsc command If resetsc is issued from a Telnet session upon reset the Telnet session will be terminated The output from the reset will be displayed through the serial management port of the system controller The system controller resets runs diagnostics and returns to the login prompt Chapter 4 Basic Administrative Tasks 53 54 Netra T2000 Server Administration Guide September 2006 CHAPTER 5 Securing the Server This chapter provides important information about securing the system explains security recommendations discusses domain minimization and provides references to Solaris Operating System security This chapter includes the following topics m Security Guidelines on page 55 Selecting a Remote Connection Type on page 57 Additional Security Considerations on page 60 Security Guidelines The following are security practices to consider m Ensure that all passwords comply with security guidelines m Change your passwords on a regular basis m Scrutinize log files on a regular basis for any irregularities The practice of configuring a system to limit unauthorized access is called hardening There are several configuration steps that can contribute to
49. dry contact alarm card has four LED status indicators that are supported by ALOM They are located vertically on the bezel FIGURE 4 1 Information on the alarm indicators and dry contact alarm states is provided in TABLE 4 5 For more information on alarm indicators see the Advanced Lights Out Manager CMT v1 2 Guide 819 6672 10 Chapter 4 Basic Administrative Tasks 41 TABLE 4 5 Alarm Indicators and Dry Contact Alarm States Indicator Activity Alarm Relay Relay and Relay Indicator Application or Indicator Indicator NC NO Labels Color Server State Condition or Action State State State State Comments Critical Red Server state No power input Off Off Closed Open Default Alarm0 Power on state ff and System power off Off Offt Closed Open Input functional or power d not connecte functional System power Off Offt Closed Open Transient turns on Solaris state OS not fully loaded Solaris OS On Off Open Closed Normal successfully operating loaded state Watchdog Off On Closed Open Transient timeout state reboot Solaris OS Solaris OS Off Off Closed Open Transient shutdown state initiated by user Lost input power Off Off Closed Open Default state System power Off Offt Closed Open Transient shutdown by user state Application User sets critical On Closed Open Critical state alarm to ont fault detected User sets critical Off Open Closed Critical alarm to off fault cleared Major Red Application User sets majo
50. e LEDs have assigned meanings described in TABLE 4 2 TABLE 4 2 LED Behaviors With Assigned Meanings Color Behavior Definition Description White Off Steady state Fast blink 4Hz repeating This indicator helps you to locate a particular sequence equal enclosure board or subsystem for example the intervals on Locator LED and off Blue Off Steady state Steady on Steady state If blue is on a service action can be performed on the applicable component with no adverse consequences for example the OK to Remove LED Yellow Amber Off Steady state Slow blink 1Hz repeating This indicator signals new fault conditions Service is sequence equal required for example the Service Required LED intervals on and off Steady on Steady state The amber indicator stays on until the service action is completed and the system returns to normal function 38 Netra T2000 Server Administration Guide September 2006 Color TABLE 4 2 LED Behaviors With Assigned Meanings Continued Behavior Definition Description Green Off Steady state Standby blink Repeating sequence consisting of a brief 0 1 sec on flash followed by a long off period 2 9 sec Steady on Steady state Slow blink The system is running at a minimum level and is ready to be quickly revived to full function for example the System Activity LED Status normal system or component functioning with no service actions required A transitory tempor
51. ead only commands There are two ways to connect to ALOM m Use the telnet command to connect to ALOM through the Ethernet connection attached to the NET MGT port m Connecta serial device such as an ASCII terminal or a port on a terminal server to the SERIAL MGT port Netra T2000 Server Administration Guide September 2006 To Set the Initial Password When you first apply power to the server ALOM automatically begins monitoring the system and displaying output to the system console using a preconfigured default account called admin which has full cuar permissions For security purposes the administration password should be set Physically connect to the ALOM serial management port and establish a connection Communication parameters are as follows 9600 Baud 8 data bits No parity 1 stop bit Full duplex No handshaking Log in to the ALOM prompt Type SC gt That is a Press and hold the Shift key and press the 3 key b Press the period key c Press the Return key The sc gt prompt ALOM prompt is displayed Type the password command sc gt password Type the password and re type the password The password is created and is required for all future ALOM connections If you do not log in before ALOM times out ALOM reverts to the system console and displays the following message Enter to return to ALOM Chapter 2 Advanced Lights Out Manager 15
52. ecting c0t2d0 disk formatted 4 Use the partition command to partition or slice the volume according to your desired configuration See the format 1M man page for additional details 5 Write the new label to the disk using the label command format gt label Ready to label disk continue yes 6 Verify that the new label has been written by printing the disk list using the disk command format gt disk AVAILABLE DISK SELECTIONS 0 cOtodo lt SUN72G cyl 14084 alt 2 hd 24 sec 424 gt pci 780 pci 0 pci 9 scsi 0 sd 0 0 1 cOt1d40 lt SUN72G cyl 14084 alt 2 hd 24 sec 424 gt pci 780 pci 0 pci 9 scsi 0 sd 1 0 2 c0t2d0 lt LSILOGIC LogicalVolume 3000 cyl 69866 alt 2 hd 16 sec 128 gt pci 780 pci 0 pci 9 scsi 0 sd 2 0 Specify disk enter its number 2 Chapter 6 Managing Disk Volumes 75 Note c0t2d0 now has a type indicating it is an LSILOGIC LogicalVolume 7 Exit the format utility The volume can now be used in the Solaris Operating System Note The logical device names might appear differently on your system depending on the number and type of add on disk controllers installed w To Delete a RAID Volume 1 Verify which hard drive corresponds with which logical device name and physical device name See Slot Numbers and Device Names for Non RAID Disks on page 67 2 Determine the name of the RAID volume Type the following command raidctl
53. ed on the console For example when the critical alarm is set the following message is displayed on the console SC Alert CRITICAL ALARM is set In certain instances when the critical alarm is set the associated alarm indicator is not lit This implementation is subject to change in future releases Selecting a Boot Device The boot device is specified by the OpenBoot configuration variable boot device The default setting of this variable is disk net With this setting the firmware first attempts to boot from the system hard drive and if that fails from the on board NETO Gigabit Ethernet interface This procedure assumes that you are familiar with the OpenBoot firmware and that you know how to enter the OpenBoot environment For more information see OpenBoot PROM on page 27 Chapter 4 Basic Administrative Tasks 43 44 If you want to boot from a different device perform the following procedure To Select a Boot Device Obtain the ok prompt See To Obtain the ok Prompt on page 30 At the ok prompt type ok setenv boot device device specifier where device specifier is one of the following cdrom Specifies the optical media drive disk Specifies the system boot disk internal disk 0 by default i sk0 Specifies internal drive 0 disk1 Specifies internal drive 1 disk2 Specifies internal drive 2 disk3 Specifies internal drive 3 net net0 net1 net2 net3 Specifies
54. ed performance or both The server s on board disk controller supports both RAID 0 and RAID 1 volumes This section describes the RAID configurations supported by the on board disk controller m Integrated stripe or IS volumes RAID 0 m Integrated mirror or IM volumes RAID 1 64 Netra T2000 Server Administration Guide September 2006 Integrated Stripe Volumes RAID 0 Integrated Stripe volumes are configured by initializing the volume across two or more physical disks and sharing the data written to the volume across each physical disk in turn or striping the data across the disks Integrated stripe volumes provide for a logical unit LUN that is equal in capacity to the sum of all its member disks For example a three disk IS volume configured on 72 GByte drives will have a 216 GByte capacity FIGURE 6 1 Graphical Representation of Disk Striping Caution There is no data redundancy in an IS volume configuration Thus if a single disk fails the entire volume fails and all data is lost If an IS volume is manually deleted all data on the volume is lost IS volumes are likely to provide better performance than IM volumes or single disks Under certain workloads particularly some write or mixed read write workloads I O operations complete faster because each sequential block is written to each member disk in turn Integrated Mirror Volumes RAID 1 Disk mirroring RAID 1 is a technique that uses data redund
55. enabled No rearming is done by the user m The watchdog timer provides partial boot monitoring You can use the application watchdog to monitor a domain reboot However domain booting is not monitored for Bootup after a cold poweron m Recovery of a hung or failed domain In the case of a recovery of a hung or failed domain a boot failure is not detected and no recovery attempts are made m The watchdog timer s application mode provides no monitoring for application startup In application mode if the application fails to start up the failure is not detected and no recovery is provided Appendix A Watchdog Timer Application Mode 87 Using the ntwdt Driver To use the new application watchdog feature you must install the ntwdt driver To enable and control the watchdog s application mode you must program the watchdog system using the LOMIOCDOGxxx IOCTLs described in Understanding the User API on page 88 If the ntwdt driver as opposed to the system controller initiates a reset of the Solaris OS on application watchdog expiration the value of the following property in the ntwdt driver s configuration file ntwdt conf is used ntwdt boottimeout 600 In case of a panic or an expiration of the application watchdog the ntwdt driver reprograms the watchdog time out to the value specified in the property Assign a value representing a duration that is longer than the time it takes to reboot and
56. enabling this the server can resume operating after certain nonfatal hardware faults or failures have occurred If a component is monitored by ASR and the server can operate without the components the server automatically reboots if that component should develop a fault or fail This functionality prevents a faulty hardware component from keeping the entire system down or causing the system to fail repeatedly If a fault is detected during the power on sequence the faulty component is disabled If the system remains capable of functioning the boot sequence continues To support this degraded boot capability the OpenBoot firmware uses the 1275 Client Interface by means of the device tree to mark a device as either failed or disabled by creating an appropriate status property in the device tree node The Solaris Operating System does not activate a driver for any subsystem marked as failed or disabled 48 Netra T2000 Server Administration Guide September 2006 As long as a failed component is electrically dormant not causing random bus errors or signal noise for example the system reboots automatically and resumes operation while a service call is made Once a failed or disabled device is replaced with a new one the OpenBoot firmware automatically modifies the status of the device upon reboot Note ASR is not enabled until you activate it See To Enable ASR on page 50 Autoboot Options The auto boot setting c
57. erial peripheral connect it to the standard 9 pin serial port on the back panel of the server The Solaris OS sees this port as TTYA and it is labeled as such Establishing Communication With the Serial Management Port To Access The System Console Through a Terminal Server Complete the physical connection from the serial management port to your terminal server The serial management port on the server is a data terminal equipment DTE port Verify that the serial port pinouts of the server match those of the terminal server you plan to use m If the pinout of the server serial management port corresponds with the pinout of the RJ 45 port on the terminal server you have two connection options m Connect a serial interface breakout cable directly to the server m Connect a serial interface breakout cable to a patch panel and use the straight through patch cable supplied by Sun to connect the patch panel to the server m If the pinout of the server serial management port do not correspond with the pinout of the RJ 45 port on the terminal server you need to make a crossover cable TABLE 1 1 shows the pinout of the crossover cable Netra T2000 Server Administration Guide September 2006 TABLE 1 1 Pin Crossovers for Connecting to a Typical Terminal Server Server Serial Port RJ 45 Connector Pin Terminal Server Serial Port Pin Pin 1 RIS Pin 1 CTS Pin 2 DTR Pin 2 DSR Pin 3 TXD Pin 3 RXD Pin 4 Signal G
58. eruser machine name Bourne shell and Korn shell Bourne shell and Korn shell superuser Typographic Conventions Typeface Meaning Examples AaBbCc123 The names of commands files Edit your login file and directories on screen Use 1s a to list all files computer output You have mail AaBbCc123 What you type when contrasted su with on screen computer output password AaBbCc123 Book titles new words or terms Read Chapter 6 in the User s Guide words to be emphasized These are called class options Replace command line variables You must be superuser to do this with real names or values To delete a file type rm filename xiv Netra T2000 Server Administration Guide September 2006 The settings on your browser might differ from these settings Related Documentation The documents listed as online are available at http www sun com products n solutions hardware docs Application Title Part Number Format Location Installation Netra T2000 Server Installation Guide 819 5838 PDF Online Updates Netra T2000 Server Product Notes 819 5840 PDF Online Service Netra T2000 Server Service Manual 819 5841 PDF Online Planning Netra T2000 Server Site Planning Notes 819 5842 PDF Online Compliance Netra T2000 Server Safety and Compliance Guide 819 5843 PDF Online Documentation Netra T2000 Server Getting Started Guide 819 5844 Printed Shipping kit PDF Online Reference ALOM CMT 1 2 Guide 819 3250
59. etwork configuration information The v option shows additional information about your network including information about your DHCP server sc gt sc gt sc gt sc gt SC gt SC gt SC gt SC gt SC gt SC gt SC gt SC gt powercycle poweroff poweron HDD1 reset x setalarm critical on setkeyswitch diag setlocator on showcomponent showfaults showenvironment showkeyswitcht showlocator Locator LED is ON sc gt shownetwork Chapter 2 Advanced Lights Out Manager 19 Other ALOM Commands TABLE 2 6 lists other ALOM commands TABLE 2 6 Other ALOM Commands Command Summary Example help Displays a list of all ALOM commands or of a sc gt help poweron particular command with their syntax and a brief description of how each command works logout Logs out from an ALOM shell session sc gt logout resetsc y Reboots ALOM The y option enables you to sc gt resetsc skip the confirmation question Basic ALOM Tasks Once you have logged in to ALOM as admin and specified the admin password you can perform some common administrative tasks To Reset ALOM on page 20 To Switch Between the System Console and ALOM on page 21 To Control the Locator LED on page 21 To Reset the Host Server on page 21 To View Environmental Information About the Server on page 21 To Reconfigure ALOM to Use the Ethernet NET MGT Port on page
60. g that is to the value specified by LOMIOCDOGTIME This IOCTL requires no arguments If the watchdog is enabled this IOCTL must be used at regular intervals that are less than the watchdog timeout or the watchdog expires Getting the State of the Watchdog Timer The LOMIOCDOGSTATE IOCTL gets the state of the watchdog and reset functions and retrieves the current time out period for the watchdog If LOMIOCDOGSTATE was never issued to set up the timeout period prior to this IOCTL the watchdog is not enabled in the hardware The argument is a pointer to the lom_dogstate_t structure which is described in greater detail in Finding and Defining Data Structures on page 90 The structure members are used to hold the current states of the watchdog reset circuitry and current watchdog timeout period This timeout period is not the time remaining before the watchdog is triggered The LOMIOCDOGSTATE IOCTL requires only that open be successfully called This IOCTL can be run any number of times after open is called and it does not require any other DOG IOCTLs to have been executed Finding and Defining Data Structures All data structures and IOCTLs are defined in lom_io h which is available in the SUNW1omh package The data structures for the watchdog timer are shown here m The watchdog and reset state data structure is as follows CODE EXAMPLE A 1 Watchdog and Reset State Data Structure typedef struct
61. g With the System Console The administrator needs a way to interact with the server at a low level to configure the very basic I O and server boot behavior The system console enables the administrator to accomplish these tasks using special commands Additionally the system console displays information status and error messages generated by firmware during server startup and operation Once the operating system is booted the system console displays Solaris system messages and accepts Solaris commands The server has two I O ports dedicated to the system console m SC SERIAL MGT m SC NET MGT Serial Management Port The serial management port SC SERIAL MGT is the default connection to the system console Though a serial connection this port uses an RJ 45 connector Communicating with the system controller through this port requires the following serial parameters m 9600 baud 2 8 bits No parity 1 stop bit No handshaking Serial devices that can communicate with the serial management port are m Terminal server m TIP line connected to another Sun computer m Alphanumeric terminal or similar device Because it is a serial connection there is communication between only two devices This constraint limits access and provides for a more secure link between the administrator and the server The serial management port is not a general purpose serial port It is dedicated to the system controller If you want to use a s
62. g command cfgadm c unconfigure Ap Id For example cfgadm c unconfigure c0 dsk c0t3d0 This example removes c0t3d0 from the device tree The blue OK to Remove LED lights Chapter 6 Managing Disk Volumes 81 82 4 Verify that the device has been removed from the device tree To verify that the device has been removed from the device tree type the following command cfgadm al Ap_Id Type Receptacle Occupant Condition c0 scs1 bus connected configured unknown c0 dsk c0t0do disk connected configured unknown c0 dsk c0t1d0 disk connected configured unknown c0 dsk c0t2d0 disk connected configured unknown c0 dsk c0t3d0 unavailable connected configured unknown c1 scsi bus connected unconfigured unknown cl dsk clt0d0 CD ROM connected configured unknown usb0 1 unknown empty unconfigured ok usb0 2 unknown empty unconfigured ok usb1 1 1 unknown empty unconfigured ok usb1 1 2 unknown empty unconfigured ok usb1 1 3 unknown empty unconfigured ok usb1 1 4 unknown empty unconfigured ok usb1 2 unknown empty unconfigured ok Note that c0t3d0 is now unavailable and unconfigured The corresponding hard drive OK to Remove LED is lit Remove the hard drive as described in the server service manual The blue OK to Remove LED goes out when you remove the hard drive Install a new hard drive as described in the server service manual Configure the new hard drive To configure the new hard dri
63. install and power on the system Through a command line interface you can customize ALOM to your particular installation Then you can monitor and control your server either over the network or through a terminal server using the dedicated serial management port on the server 14 What ALOM Monitors TABLE 2 1 lists some of the components that ALOM can monitor on the server TABLE 2 1 What ALOM Monitors Component Monitored Information Provided Disk drives Whether each slot has a drive present and whether the drive reports OK status Fans Fan speed and whether the fans report OK status CPU temperatures Whether a CPU is present the temperature measured at the CPU and any thermal warning or failure conditions System enclosure System ambient temperature as well as any enclosure thermal temperature warning or failure conditions Fuses Whether fuses have been blown Server front panel System rotary switch position and status of LEDs Voltages Whether voltages are within operating range Note While redundant power sources are desirable if only one DC connector is supplying power to the DC powered version of the server ALOM might occasionally report the following message SC Alert env_log_event unsupported event Using ALOM The ALOM software is supplied ready to use and can support multiple users However only one user at a time can issue any commands that require write permissions The other users can only issue r
64. ion 2 physical device name disk drive 67 port reconfiguring 22 powercycle ALOM command 19 powerof f ALOM command 19 30 poweron ALOM command 19 30 probe ide OpenBoot command 29 probe scsi all OpenBoot command 29 R RAID device names 67 mirrored volume creating 67 default boot device 70 hot swapping 78 operations 66 requirements 63 striped volume creating 71 hot swapping 79 technology 64 volume configuring 73 deleting 76 RAID redundant array of independent disks 63 RAID 0 striping 65 RAID 1 mirroring 65 raidct1 Solaris command 67 to 79 relay state normally closed NC 43 normally open NO 43 remote network connections SSH 57 removefru ALOM command 17 reset ALOM 20 manual system 30 reset ALOM command 19 30 resetsc ALOM command 20 restartssh ALOM command 60 run levels explained 9 ok prompt and 9 S sc gt commands bootmode reset_nvram 34 console 35 reset 34 sc gt prompt about 7 Secure Shell SSH protocol host keys 60 SSHv2 server 57 security additional considerations 60 guidelines 55 users and passwords 55 selecting a boot device 44 serial management port 1 establishing communication 2 service required indicator 40 setalarm ALOM command 19 setdate ALOM command 16 set defaults OpenBoot command 35 setkeyswitch ALOM command 19 setlocator ALOM command 19 setsc ALOM command 5 16 setupsc ALOM command
65. irtual devices Under hardware RAID volumes only one device appears in the device tree Member disk devices are invisible to the operating system and are accessed only by the SAS controller Netra T2000 Server Administration Guide September 2006 Slot Numbers and Device Names for Non RAID Disks To perform a disk hot swap procedure you must know the physical or logical device name for the drive that you want to install or remove If your system encounters a disk error often you can find messages about failing or failed disks in the system console This information is also logged in the var adm messages files These error messages typically refer to a failed hard drive by its physical device name such as devices pci 1f 700000 scsi 2 sd 1 0 or by its logical device name such as c0t1d0 In addition some applications might report a disk slot number 0 through 3 You can use TABLE 6 1 to associate internal disk slot numbers with the logical and physical device names for each hard drive TABLE 6 1 Disk Slot Numbers Logical Device Names and Physical Device Names Disk Slot Number Logical Device Name Physical Device Name Slot 0 coOtodo devices pci 780 pci 0 pci 9 scsi 0 sd 0 0 Slot 1 c0t1d0 devices pci 780 pci 0 pci 9 scsi 0 sd 1 0 The logical device names might appear differently on your system depending on the number and type of add on disk controllers installed w To Create a Mirrored Volume 1 Verify which
66. istration Guide September 2006 TABLE 2 2 Command ALOM Configuration Commands Continued Summary Example showdate showplatform v showsc v parameter showusers g lines useradd username userdel username y userpas sword username userperm username c u a r Displays the ALOM set date The Solaris OS and ALOM time are synchronized but ALOM time is expressed in UTC Coordinated Universal Time rather than local time Displays information about the host system s hardware configuration and whether the hardware is providing service The v option displays verbose information about the displayed component s Displays the current value of nonvolatile random access memory NVRAM configuration parameters The v option is needed for full version information Displays a list of users currently logged in to ALOM The display for this command has a similar format to that of the UNIX command who The g option pauses the display after the number of lines you specify for lines Adds a user account to ALOM Deletes a user account from ALOM The y option enables you to skip the confirmation question Sets or changes a user password Sets the permission level for a user account sc gt showdate MON SEP 13 21 45 00 1999 UTC sc gt showplatform sc gt showsc sys_autorestart sc gt showusers g 10 sc gt useradd newuser sc gt userdel newuser sc gt userpassword newuser
67. ks or registered trademarks of Sun Microsystems Inc in the U S and in other countries All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International Inc in the U S and in other countries Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems Inc The OPEN LOOK and Sun Graphical User Interface was developed by Sun Microsystems Inc for its users and licensees Sun acknowledges the pioneering efforts of Xerox in researching and developing the concept of visual or graphical user interfaces for the computer industry Sun holds a non exclusive license from Xerox to the Xerox Graphical User Interface which license also covers Sun s licensees viho implement OPEN LOOK GUIs and otherwise comply with Sun s written license agreements U S Government Rights Commercial use Government users are subject to the Sun Microsystems Inc standard license agreement and applicable provisions of the FAR and its supplements DOCUMENTATION IS PROVIDED AS IS AND ALL EXPRESS OR IMPLIED CONDITIONS REPRESENTATIONS AND WARRANTIES INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE OR NON INFRINGEMENT ARE DISCLAIMED EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID Copyright 2006 Sun Microsystems Inc 4150 Network Circle Santa Clara Californie 95054 tats Unis Tous droits r serv s Sun Microsystems
68. l port Use a null modem serial cable or an RJ 45 serial cable and null modem adapter Connect this cable to the terminal s serial port connector 2 Attach the opposite end of the serial cable to the serial management port on the server 3 Power on the alphanumeric terminal 4 Set the alphanumeric terminal to receive 9600 baud 8 bits No parity 1 stop bit No handshake protocol Refer to the documentation accompanying your terminal for information about how to operate and configure the terminal 4 Netra T2000 Server Administration Guide September 2006 Network Management Port The network management port SC NET MGT permits communication with the system controller through your existing Ethernet network The network management port is a 10 100BASE T port with a unique IP address separate from the server IP address Like the serial management port the network management port is dedicated to the system controller Unlike the serial management port up to eight sessions of the system controller can exist concurrently As such strict control of system controller access is required Before you can use the network management port its unique IP address must be assigned using the serial management port You can either assign a static IP address or configure the system controller to find a dynamic IP address using DHCP Note Data centers frequently devote a separate subnet to system management If your data center ha
69. me if any of the member disks currently have a file system mounted This section describes the procedure required to create a hardware RAID volume containing the default boot device Since the boot device always has a mounted file system when booted an alternate boot medium must be employed and the volume created in that environment The suggested alternate medium is a network installation image in single user mode Refer to the Solaris 10 Installation Guide for information about configuring and using network based installations Netra T2000 Server Administration Guide September 2006 1 Determine which disk is the default boot device From the OpenBoot ok prompt invoke the printenv command and if necessary the devalias command to identify the default boot device For example ok printenv boot device boot device disk ok devalias disk disk pci 780 pci 0 pci 9 scsi 0 disk 0 0 2 Execute the boot net s command ok boot net s 3 Once the system has booted use the raidct1 1 utility to create a hardware mirrored volume using the default boot device as the primary disk See To Create a Mirrored Volume on page 67 For example raidctl c cOtodo c0t1d0 Creating RAID volume c0t0d0 will destroy all data on member disks proceed yes no yes Volume c0t0d0 created The volume can now be installed with the Solaris Operating System using any supported method The hardware R
70. ms a powerof f followed by poweron The option forces an immediate poweroff otherwise the command attempts a graceful shutdown Removes the main power from the host server The y option enables you to skip the confirmation question The f option forces an immediate shutdown Applies the main power to the host server or a particular FRU Generates a hardware reset on the host server The x option generates an XIR externally initiated reset The y option enables you to skip the confirmation question Turns the alarm and associated LED on and off Sets the virtual keyswitch The y option enables you to skip the confirmation question when setting the keyswitch to stby Turns the Locator LED on the server on or off This function is available only on host servers that have Locator LEDs Displays system components and their current state The showcomponent command may not report all blacklisted DIMMS Displays current system faults The v option provides verbose output Displays the environmental status of the host server This information includes system temperatures power supply status front panel LED status hard drive status fan status voltage and current sensor status and rotary switch position Displays the status of the virtual keyswitch Displays the current state of the Locator LED as either on or off This function is available only on host servers that have Locator LEDs Displays the current n
71. n use the showenvironment command Chapter 2 Advanced Lights Out Manager 21 v To Reconfigure ALOM to Use the Ethernet NET MGT Port By default ALOM uses the serial management port SERIAL MGT to communicate with a serial device If desired you can reconfigure ALOM to use the Ethernet network management NET MGT port and then you can connect to ALOM through the telnet command Note ALOM supports only 10 Mbit networks To configure the ALOM software to communicate using the NET MGT port you must specify values for the network interface variables The setupsc script helps you do this 1 Run the setupsc script Type sc gt setupsc The setup script starts Answer the questions in the script The script asks Do you wish to configure the enabled interfaces y 2 Type y The script asks Should the SC network interface be enabled 3 Type true or press Return to enable the network interface This sets a value for the if_ network variable 4 Provide values for the following variables in the script if_modem specify false netsc_dhcp true or false netsc_ipaddr IP address netsc_ipnetmask netmask netsc_ipgateway IP address netsc_tpelinktest true or false 5 When you have finished setting up the network interface variables type Ctrl Z to save your changes and exit the setupsc script 22 Netra T2000 Server Administration Guide September 2006 Reset ALOM Type sc g
72. nder that the watchdog from the system controller s perspective is disabled However when you re enter the Solaris OS the watchdog timer is still enabled from the Solaris Operating System s perspective To have both the system controller and the Solaris OS view the same watchdog state you must use the watchdog application to either enable or disable the watchdog m If you perform a dynamic reconfiguration DR operation in which a system board containing kernel permanent memory is deleted then you must disable the watchdog timer s application mode before the DR operation and enable it after the DR operation This is required because Solaris software quiesces all system IO and disables all interrupts during a memory delete of permanent memory As a result system controller firmware and Solaris software can not communicate during the DR operation Note that this limitation affects neither the dynamic addition of memory nor the deletion of a board not containing permanent memory In those cases the watchdog timer s application mode can run concurrently with the DR implementation You can execute the following command to locate the system boards that contain kernel permanent memory sc gt cfgadm lav grep i permanent m If the Solaris Operating System hangs under the following conditions the system controller firmware cannot detect the Solaris software hang m Watchdog timer s application mode is set m Watchdog timer is not
73. necessary to change some of the OpenBoot emergency procedures Specifically the Stop N Stop D and Stop F commands that were available on systems with non USB keyboards are not supported on systems that use USB keyboards If you are familiar with the earlier non USB keyboard functionality this section describes the analogous OpenBoot emergency procedures available in newer systems that use USB keyboards Stop A Functionality Stop A Abort key sequence works the same as it does on systems with standard keyboards except that it does not work during the first few seconds after the server is reset In addition you can issue the ALOM break command For more information see Switching Between the Consoles on page 6 Chapter 3 OpenBoot PROM 33 34 Stop N Functionality Stop N functionality is not available However the Stop N functionality can be closely emulated by completing the following steps provided the system console is configured to be accessible using either the serial management port or the network management port To Restore OpenBoot Configuration Defaults Log in to the ALOM See Switching Between the Consoles on page 6 Type the following command sc gt bootmode reset _nvram sc gt bootmode bootscript setenv auto boot false sc gt Note If you do not issue the poweroff and poweron commands or the reset command within 10 minutes the host server ignores the bootmode command
74. ns to help you understand how to configure and use the watchdog timer and to program Alarm3 Understanding the Watchdog Timer Application Mode on page 85 Watchdog Timer Limitations on page 86 Using the ntwdt Driver on page 88 Understanding the User API on page 88 Using the Watchdog Timer on page 89 Programming Alarm3 on page 92 Watchdog Timer Error Messages on page 94 Note Once the application watchdog timer is in use it is necessary to reboot the Solaris operating system in order to return to the default non programmable watchdog timer and default LED behavior no Alarm3 Understanding the Watchdog Timer Application Mode The watchdog mechanism detects a system hang or an application hang or crash should they occur The watchdog is a timer that is continually reset by a user application as long as the operating system and user application are running When the application is rearming the application watchdog an expiration can be caused by m Crash of the rearming application m Hang or crash of the rearming thread in the application m System hang 85 When the system watchdog is running a system hang or more specifically the hang of the clock interrupt handler causes an expiration The system watchdog mode is the default If the application watchdog is not initialized then the system watchdog mode is used The application mode enables you to m Configure the w
75. o reconfigure any device that you previously unconfigured with the disablecomponent command Displaying System Fault Information ALOM software lets you display current valid system faults The showfaults command displays the fault ID the faulted FRU device and the fault message to standard output The showfaults command also displays POST results v To Display System Fault Information 1 Obtain the ALOM prompt See Switching Between the Consoles on page 6 46 Netra T2000 Server Administration Guide September 2006 2 At the sc gt prompt type sc gt showfaults v For example sc gt showfaults ID FRU Fault 0 FTO FM2 SYS_FAN at FTO FM2 has FAILED Adding the v option displays the time sc gt showfaults v ID Time FRU Fault 0 MAY 20 10 47 32 FTO FM2 SYS_FAN at FTO FM2 has FAILED Multipathing Software Multipathing software enables you to define and control redundant physical paths to I O devices such as storage devices and network interfaces If the active path to a device becomes unavailable the software can automatically switch to an alternate path to maintain availability This capability is known as automatic failover To take advantage of multipathing capabilities you must configure the server with redundant hardware such as redundant network interfaces or two host bus adapters connected to the same dual ported storage array For the server three different types of multipa
76. on of minimization with examples see Minimizing Domains for Sun Fire V1280 6800 12K and 15K Systems two part article available online at http www sun com security blueprints Solaris Operating System Security For information on securing the Solaris Operating System see the following books and articles m Solaris Security Best Practices available online at http www sun com software security blueprints m Solaris Security Toolkit available online at http www sun com software security jass Chapter 5 Securing the Server 61 62 Netra T2000 Server Administration Guide September 2006 CHAPTER 6 Managing Disk Volumes This chapter describes redundant array of independent disks RAID concepts and how to configure and manage RAID disk volumes using the server s on board serial attached SCSI SAS disk controller This chapter discusses the following topics RAID Requirements on page 63 Disk Volumes on page 64 RAID Technology on page 64 m Hardware RAID Operations on page 66 RAID Requirements To configure and use RAID disk volumes on the server you must install patch IDs 119850 12 and 122165 01 Patches are available for download from http www sunsolve com Installation procedures for patches are included in text README files that accompany the patches Note For the latest information on patches for the server see the server product notes available at
77. ontrols whether or not the firmware automatically boots the operating system after each reset The default setting is true The auto boot on error setting controls whether the system attempts a degraded boot when a subsystem failure is detected The default setting for auto boot on error is false Both the auto boot and auto boot on error settings must be set to true to enable an automatic degraded boot To Enable Automatic Degraded Boot Obtain the ok prompt See To Obtain the ok Prompt on page 30 Type ok setenv auto boot true ok setenv auto boot on error true Note The system does not attempt a degraded boot in response to any fatal non recoverable error even if degraded booting is enabled For examples of fatal non recoverable errors see Error Handling Summary on page 49 Error Handling Summary Error handling during the power on sequence falls into one of the following three cases Chapter 4 Basic Administrative Tasks 49 m If no errors are detected by POST or OpenBoot diagnostics the system attempts to boot if auto boot is true m If only nonfatal errors are detected by POST or OpenBoot diagnostics the system attempts to boot if auto boot is true and auto boot on error is true Nonfatal errors include the following m SAS subsystem failure In this case a working alternate path to the boot disk is required For more information see Multipathing Software on page 47
78. owing message is generated sc gt console Solaris is not active Note The console command first attempts to connect to the Solaris console If the Solaris console is not available the console command then attempts to connect to the OpenBoot PROM If the attempt is unsuccessful the following message is displayed Solaris is not active OpenBoot PROM ok Prompt A server with the Solaris OS installed operates at different run levels Most of the time a server operates at run level 2 or run level 3 which are multiuser states with access to full system and network resources Occasionally you might operate the system at run level 1 which is a single user administrative state However the lowest operational state is run level 0 At this state it is safe to turn off power to the system When a server is at run level 0 the OpenBoot PROM ok prompt appears This prompt indicates that the OpenBoot firmware is in control of the system For more information about the OpenBoot PROM see Chapter 3 Chapter 1 System Console 9 v To Obtain the OpenBoot Prompt From the ALOM Prompt Type the break command sc gt break 2 ok v To Obtain the OpenBoot Prompt When the Solaris OS Is Running e Type the init 0 command at the Solaris prompt init 0 1 ok v To Terminate a Session When Connected to the System Controller Through the Serial Port m If you are at the Solaris console or the OpenBoot
79. own unknown unknown unknown unknown ok ok ok ok ok ok ok Note The logical device names might appear differently on your system depending on the number and type of add on disk controllers installed The al options return the status of all SCSI devices including buses and USB devices In this example no USB devices are connected to the system Netra T2000 Server Administration Guide September 2006 Note that while you can use the Solaris OS cfgadm install_device and cfgadm remove_device commands to perform a hard drive hot swap procedure these commands issue the following warning message when you invoke these commands on a bus containing the system disk cfgadm x remove device c0 dsk c0t1d0 Removing SCSI device devices pci 1f 4000 scsi 3 sd 1 0 This operation will suspend activity on SCSI bus c0 Continue yes no y dev devices pci 780 pci 0 pci 9 scsi 0 sd 1 0 cfgadm Hardware specific failure failed to suspend Resource Information dev dsk c0t0d0s0 mounted filesystem dev dsk c0t0d0s6 mounted filesystem usr This warning is issued because these commands attempt to quiesce the SAS SCSI bus but the server firmware prevents it This warning message can be safely ignored in the server but the following step avoids this warning message altogether Remove the hard drive from the device tree To remove the hard drive from the device tree type the followin
80. pdate cannot retrieve flash images from a secure user ID and password protected HTTP URL A message of the form flashupdate failed URL does not contain required file file is returned although the file might exist Caution Do not interrupt the flashupdate operation If the flashupdate command is terminated abnormally the system controller goes into single user mode and is only accessible from the serial port v To Update the Server Firmware 1 Power on the server 2 Obtain the ALOM prompt See Switching Between the Consoles on page 6 3 Upgrade the firmware sc gt flashupdate s IPaddr pathname For example replace 123 45 67 89 with a valid IP address sc gt flashupdate s 123 45 67 89 f net server sysfw System Firmware 6_0_0 Netra_T2000 bin SC Alert System poweron is disabled 52 Netra T2000 Server Administration Guide September 2006 4 When prompted type your username and password For example Username username Password password The username and password are based on your UNIX or LDAP user name and password and not your ALOM username and password After you type your username and password the download process continues and a series of periods appear across your screen For example When the download process is finished ALOM displays the message Update complete Reset device to use new software SC Alert SC firmware was reloa
81. perform a crash dump If the specified value is not large enough the system controller resets the host if reset is enabled Note that this reset by the system controller occurs only once Understanding the User API The ntwdt driver provides an application programming interface by using IOCTLs You must open the dev ntwdt device node before issuing the watchdog IOCTLs Note Only a single instance of open is allowed on dev ntwdt More than one instance of open will generate the following error message EAGAIN The driver is busy try again You can use the following IOCTLs with the watchdog timer LOMIOCDOGTIME LOMIOCDOGCTL LOMIOCDOGPAT LOMIOCDOGSTATE LOMIOCALCTL LOMIOCALSTATE 88 Netra T2000 Server Administration Guide September 2006 Using the Watchdog Timer Setting the Timeout Period The LOMIOCDOGTIME IOCTL sets the timeout period of the watchdog This IOCTL programs the watchdog hardware with the time specified in this IOCTL You must set the timeout period LOMIOCDOGTIME before attempting to enable the watchdog timer LOMIOCDOGCTL The argument is a pointer to an unsigned integer This integer holds the new timeout period for the watchdog in multiples of 1 second You can specify any timeout period in the range of 1 second to 180 minutes If the watchdog function is enabled the time out period is immediately reset so that the new value can take effect An error EINVAL i
82. r On Open Closed Major Alarm1 state alarm to ont fault detected User sets major Off Closed Open Major alarm to of ft fault cleared 42 Netra T2000 Server Administration Guide September 2006 TABLE 4 5 Alarm Indicators and Dry Contact Alarm States Continued Indicator Activity Alarm Relay Relay and Relay Indicator Application or Indicator Indicator NCS NO Labels Color Server State Condition or Action State State State State Comments Minor Amber Application User sets minor On Open Closed Minor Alarm2 state alarm to ont fault detected User sets minor Off Closed Open Minor alarm to off fault cleared User Amber Application User sets user On Open Closed User fault Alarm3 state alarm to ont detected User sets user Off Closed Open User fault alarm to off cleared The user can shut down the system using commands such as init0 and init6 These commands do not remove power from the sys tem t Based on a determination of the fault conditions the user can turn the alarm on using the Solaris platform alarm API or ALOM CLI The implementation of this alarm indicator state is subject to change NC state is the normally closed state This state represents the default mode of the relay contacts in the normally closed state NO state is the normally open state This state represents the default mode of the relay contacts in the normally open state When the user sets an alarm a message is display
83. ration and management of the NetraTM T2000 server This document is written for technicians system administrators authorized service providers ASPs and users who have advanced experience administrating server systems How This Document Is Organized Chapter 1 explains how to access the system console to enable remote management and administration Chapter 2 describes using Advanced Lights Out Manager ALOM for remote administration of your server Chapter 3 describes the function methods of obtaining and configuration of the OpenBoot PROM Chapter 4 describes status indicators and basic tasks that might be done as the course of system administration Chapter 5 provides important information about securing the system Chapter 6 describes redundant array of independent disks RAID concepts Appendix A gives information on the watchdog timer application mode on the server Appendix B provides a sample program that illustrates how to get or set the status of the alarms xiii Using UNIX Commands This document might not contain information about basic UNIX commands and procedures such as shutting down the system booting the system and configuring devices Refer to the following for this information m Software documentation that you received with your system m Solaris Operating System documentation which is at http docs sun com Shell Prompts Shell Prompt C shell machine name C shell sup
84. rompt 7 v v v To Obtain the ALOM Prompt From the Solaris Console 8 To Obtain the ALOM Prompt From the OpenBoot PROM 8 To Connect to the Solaris Console From the ALOM Prompt 9 OpenBoot PROM ok Prompt 9 v v v To Obtain the OpenBoot Prompt From the ALOM Prompt 10 To Obtain the OpenBoot Prompt When the Solaris OS Is Running 10 To Terminate a Session When Connected to the System Controller Through the Serial Port 10 To Terminate a Session When Connected to the System Controller Through a Network Connection 11 2 Advanced Lights Out Manager 13 ALOM Overview 13 ALOM Features 13 What ALOM Monitors 14 Using ALOM 14 v To Set the Initial Password 15 ALOM Shell Commands 16 Configuration Commands 16 FRU Commands 17 Log Commands 18 Status and Control Commands 18 Other ALOM Commands 20 Basic ALOM Tasks 20 To Reset ALOM 20 To Switch Between the System Console and ALOM 21 To Control the Locator LED 21 To Reset the Host Server 21 To View Environmental Information About the Server 21 To Reconfigure ALOM to Use the Ethernet NET MGT Port 22 To Add ALOM User Accounts 23 To Remove an ALOM User Account 23 To Log In to ALOM 24 To Change an ALOM Password 24 To Set Up Email Alerts 24 To Back Up Your ALOM Configuration 25 To Display Your ALOM Version 25 lt 4 4 4 4 4 4 4 4 lt 3 OpenBoot PROM 27 OpenBoot PROM Overview 27 Before You Obtain the ok Prompt 28 iv Netra T2000 Server Administration Guide September 2006
85. round Pin 4 Signal Ground Pin 5 Signal Ground Pin 5 Signal Ground Pin 6 RXD Pin 6 TXD Pin 7 DSR DCD Pin 7 DTR Pin 8 CTS Pin 8 RTS 2 Open a terminal session on the connecting device and type telnet IP address of terminal server port number For example for a server connected to port 10000 on a terminal server whose IP address is 192 20 30 10 you would type telnet 192 20 30 10 10000 w To Access the System Console Through the TIP Connection 1 Connect the RJ 45 serial cable and if required the DB 9 or DB 25 adapter provided The cable and adapter connect between another Sun system s serial port typically TTYB and the serial management port on the back panel of the server Chapter 1 System Console 3 2 Ensure that the etc remote file on the Sun system contains an entry for hardwire See TABLE 1 2 TABLE 1 2 Entries for hardwire In the etc remote File Serial port Entry for hardwire ttya hardwire dv dev term a br 9600 el C S Q U D ie 0e D ttyb hardwire dv dev term b br 9600 el C S 0 U D ie 0e D 3 In a terminal window on the Sun system type tip hardwire The Sun system responds by displaying connected The server and the Sun system are now communicating w To Access the System Console Through an Alphanumeric Terminal 1 Attach one end of the serial cable to the alphanumeric terminal s seria
86. s displayed if the timeout period is less than 1 second or longer than 180 minutes Note The LOMIOCDOGTIME is not intended for general purpose use Setting the watchdog time out to too low a value might cause the system to receive a hardware reset if the watchdog and reset functions are enabled If the timeout is set too low the user application must be run with a higher priority for example as a real time thread and must be rearmed more often to avoid an unintentional expiration Enabling or Disabling the Watchdog The LOMIOCDOGCTL IOCTL enables or disables the watchdog and it enables or disables the reset capability See Finding and Defining Data Structures on page 90 for the correct values for the watchdog timer The argument is a pointer to the lom_dogctl_t structure This structure is described in greater detail in Finding and Defining Data Structures on page 90 Use the reset_enable member to enable or disable the system reset function Use the dog_enable member to enable or disable the watchdog function An error EINVAL is displayed if the watchdog is disabled but reset is enabled Note If LOMIOCDOGTIME has not been issued to set up the timeout period prior to this IOCTL the watchdog is not enabled in the hardware Appendix A Watchdog Timer Application Mode 89 Rearming the Watchdog The LOMIOCDOGPAT IOCTL rearms or pats the watchdog so that the watchdog starts ticking from the beginnin
87. s false Devices from which to boot if diag switch is false If true executes commands in NVRAMRC during server startup Command script to execute if use nvramrc is true Firmware security level Firmware security password if security mode is not none never displayed Do not set this directly Number of incorrect security password attempts 32 Netra T2000 Server Administration Guide September 2006 TABLE 3 2 OpenBoot Configuration Variables Stored on the System Configuration Card Continued Variable Possible Values Default Value Description diag switch true false false If true 1 OpenBoot verbosity is set to maximum 2 After a boot request boot diag file from diag device If false 1 OpenBoot verbosity is set to minimum 2 After a boot request boot boot file from boot device error reset recovery boot sync boot Command to execute following a system none reset generated by an error network boot protocol none Arguments to be used by the PROM for arguments key value network booting Defaults to an empty string network boot arguments can be used to specify the boot protocol RARP DHCP to be used and a range of system knowledge to be used in the process For further information see the eeprom 1M man page or your Solaris reference manual OpenBoot Emergency Procedures The introduction of Universal Serial Bus USB keyboards with the newest Sun systems has made it
88. s such a configuration connect the network management port to this subnet To Activate the Network Management Port Connect an Ethernet cable to the network management port Log in to the system controller through the serial management port See Establishing Communication With the Serial Management Port on page 2 Type one of the following commands m If your network uses static IP addresses type sc gt setsc if_network true sc gt setsc netsc_ipaddr ip address sc gt setsc netsc_ipnetmask ip address sc gt setsc netsc_ipgateway ip address m If your network uses DHCP type sc gt setsc netsc_dhcp true Reset the system controller so that the new settings take affect sc gt resetsc Chapter 1 System Console 5 5 After the system controller resets use the shownetwork command to verify network settings sc gt shownetwork 6 Exit the system controller session sc gt console To connect through the network management port use the telnet command to the IP address you specified in Step 3 of To Activate the Network Management Port on page 5 Switching Between the Consoles The system controller SC console connection provides access to the ALOM shell the Solaris OS and the OpenBoot PROM This section describes the procedures to navigate between the following m ALOM prompt sc gt m Solaris OS prompt m OpenBoot PROM prompt ok These pro
89. scape sequence is hash period For instance if the escape sequence is the default of you will type sc gt Note Unlike the example you will not see the being typed When you type the first character of the escape sequence there is a one second delay before the character appears on the screen During this interval you must type the second character of the escape sequence If the escape sequence is completed within the one second interval the sc gt prompt appears Any characters typed after the second escape character are appended to the sc gt prompt If the second escape character is incorrect or is typed after the one second interval has expired then all characters are output at the original prompt v To Obtain the ALOM Prompt From the OpenBoot PROM e Type the sequence of escape characters By default the escape sequence is hash period 2 ok sc gt Note Unlike the example you will not see the being typed 8 Netra T2000 Server Administration Guide September 2006 v To Connect to the Solaris Console From the ALOM Prompt e Use the console command from the ALOM prompt m If Solaris software is running the system responds with the Solaris prompt sc gt console m If the system was in the OpenBoot PROM then the system responds with the OpenBoot PROM prompt sc gt console 2 ok m If the server is in Standby mode the foll
90. t resetsc To Add ALOM User Accounts You can add a maximum of 15 unique user accounts to ALOM Create an ALOM user account Type sc gt useradd username Assign a password to this account Type sc gt userpassword username New password Re enter new password Assign permissions to this account Type sc gt userperm Username cuar where cuar represents the cuar permissions To verify accounts and their permissions use the usershow command To Remove an ALOM User Account To delete an ALOM user account type sc gt userdel username Note You cannot delete the default admin account from ALOM Chapter 2 Advanced Lights Out Manager 23 v 1 2 To Log In to ALOM Establish a connection with ALOM When the connection is established type hash period to escape from the system console Type in your ALOM login name and password To Change an ALOM Password To change your password use the password command To change a user account password use the userpassword username command To Set Up Email Alerts Note You can configure email alerts for up to eight users You can configure each email address to receive its own severity level of alert Ensure that ALOM is set up to use the Ethernet network management port NET MGT and that the network interface variables are configured See To Reconfigure ALOM to Use the Ethernet NET MGT
91. tarted either by running the restartssh command or through a reboot For further information on the ssh keygen and restartssh commands with examples see the Sun Fire Entry Level Midrange System Controller Command Reference Manual 819 1268 Note You can also use the ssh keygen command to display the host key fingerprint on the system controller 60 Additional Security Considerations Special Key Sequences for RTOS Shell Access Special key sequences can be issued to the SC over its serial connection while it is booting These key sequences have special capabilities if entered at the serial port within the first 30 seconds after an SC reboot The special capabilities of these key sequences are automatically disabled 30 seconds after the Sun copyright message is displayed Once the capability is disabled the key sequences operate as normal control keys Because of the risk that the security of the SC could be compromised by unauthorized access to the RTOS shell you should control access to the serial ports of the SC Netra T2000 Server Administration Guide September 2006 Domain Minimization One way to contribute to the security of a server is to tailor the installation of software to an essential minimum By limiting the number of software components installed on each domain called domain minimization you can reduce the risks of security holes that can be exploited by potential intruders For a detailed discussi
92. that need to be addressed For example an IM with a secondary disk that has been removed from the chassis appears as raidctl RAID Volume RAID RAID Disk Volume Type Status Disk Status cOtodo IM DEGRADED cOt040 OK cOt140 MISSING See the raidct1 1M man page for additional details regarding volume and disk status 68 Netra T2000 Se rver Administration Guide September 2006 Note The logical device names might appear differently on your system depending on the number and type of add on disk controllers installed 2 Type the following command raidctl c primary secondary The creation of the RAID volume is interactive by default For example raidctl c cOtodo c0t1d0 Creating RAID volume c0t0d0 will destroy all data on member disks proceed yes no yes Volume c0Ot0do created As an alternative you can use the f option to force the creation if you are sure of the member disks and sure that the data on both member disks can be lost For example raidctl f c c0t0 0 c0t1 0 Volume cO0Ot0d0 created When you create a RAID mirror the secondary drive in this case cOt1d0 disappears from the Solaris device tree 3 Optional To check the status of a RAID mirror type the following command raidctl RAID Volume RAID RAID Disk Volume Type Status Disk Status c0t0g0 1M RESYNCING c0t0g0 OK cOt140 OK The preceding e
93. thing software are available m Solaris IP Network Multipathing software provides multipathing and load balancing capabilities for IP network interfaces m VERITAS Volume Manager VxVM software includes a feature called Dynamic Multipathing DMP which provides disk multipathing as well as disk load balancing to optimize I O throughput m Sun StorEdge Traffic Manager is an architecture fully integrated within the Solaris OS beginning with the Solaris 8 release that enables I O devices to be accessed through multiple host controller interfaces from a single instance of the I O device For instructions on how to configure and administer Solaris IP Network Multipathing consult the IP Network Multipathing Administration Guide provided with your specific Solaris release Chapter 4 Basic Administrative Tasks 47 For information about VxVM and its DMP feature refer to the documentation provided with the VERITAS Volume Manager software For information about Sun StorEdge Traffic Manager refer to your Solaris OS documentation Storing FRU Information v To Store Information in Available FRU PROMs 1 Obtain the ALOM prompt See Switching Between the Consoles on page 6 2 At the sc gt prompt type setfru c data Automatic System Recovery Automatic System Recovery ASR consists of self test features and an auto configuring capability to detect failed hardware components and unconfigure them By
94. ting the System Controller to Implement Settings w To Reboot the System Controller The SC needs to be rebooted if a console message similar to the following is displayed Rebooting the SC is required for changes in network settings to take effect 1 Type resetsc y to reboot the SC The SC can be rebooted while the Solaris domain is running 56 Netra T2000 Server Administration Guide September 2006 2 Use the shownetwork command to validate that all the network modifications were implemented For information about using the Sun Security Toolkit to create secure configurations for servers running the Solaris Operating System see the following web site http www sun com software security jass Selecting a Remote Connection Type The SSH and Telnet services on the system controller are disabled by default Enabling SSH If the system controller is on a general purpose network you can ensure secure remote access to the system controller by using SSH rather than Telnet SSH encrypts data flowing between host and client SSH provides authentication mechanisms that identify both hosts and users enabling secure connections between known systems Telnet is fundamentally insecure because the Telnet protocol transmits information including passwords unencrypted Note SSH does not help with FTP HTTP SYSLOG or SNMPv1 protocols These protocols are unsecure and should be used cautiously on general purpose net
95. ult Information on page 46 Multipathing Software on page 47 Storing FRU Information on page 48 Automatic System Recovery on page 48 Updating the Firmware on page 51 Status Indicators The system has LED indicators associated with the server itself and with various components The server status indicators are located on the bezel and repeated on the back panel The components with LED indicators to convey status are the dry contact alarm card power supply units Ethernet port and hard drives The topics in this section include m Interpreting Status LEDs on page 38 m Bezel Server Status Indicators on page 39 m Alarm Status Indicators on page 41 37 Interpreting Status LEDs The behavior of LEDs on the server conform to the American National Standards Institute ANSI Status Indicator Standard SIS These standard LED behaviors are described in TABLE 4 1 TABLE 4 1 LED Behavior and Meaning LED Behavior Meaning Off Steady on Standby blink Slow blink Fast blink Feedback flash The condition represented by the color is not true The condition represented by the color is true The system is functioning at a minimal level and ready to resume full function Transitory activity or new activity represented by the color is taking place Attention is required Activity is taking place commensurate with the flash rate such as disk drive activity Th
96. ve type the following command cfgadm c configure Ap Id For example cfgadm c configure c1 dsk c0t3d0 The green Activity LED flashes as the new disk at c1t340 is added to the device tree Netra T2000 Server Administration Guide September 2006 8 Verify that the new hard drive is in the device tree To verify that the new hard drive is in the device tree type the following command cfgadm al Ap_Id c0 c0 dsk c0t0do c0 dsk c0t1d0 c0 dsk c0t2d0 c0 dsk c0t3d0 cl cl dsk c1t0d0 usb0 1 usb0 2 usb1 1 usb1 1 usb1 1 usb1 1 usb1 2 DWINHH Type scsi bus disk disk disk disk scsi bus CD ROM unknown unknown unknown unknown unknown unknown unknown Receptacle connected connected connected connected connected connected connected empty empty empty empty empty empty empty Occupant configured configured configured configured configured configured configured unconfigured unconfigured unconfigured unconfigured unconfigured unconfigured unconfigured Condition unknown unknown unknown unknown unknown unknown unknown ok ok ok ok ok ok ok c0E3 0 is now listed as configured Chapter 6 Managing Disk Volumes 83 84 Netra T2000 Server Administration Guide September 2006 APPENDIX A Watchdog Timer Application Mode This appendix gives information on the watchdog timer application mode on the server It provides the following sectio
97. vice Solaris command cautions against using 81 clearasrdb ALOM command 18 clearfault ALOM command 18 components displaying the state of 19 monitored 14 configuration ALOM commands 16 console ALOM command 18 29 consolehistory ALOM command 18 critical alarm 42 D device identifiers listed 45 reconfiguration manual 46 unconfiguration manual 45 disablecomponent ALOM command 18 45 disk configuration RAIDO 65 RAID 1 65 hot plug mirrored disk 78 non mirrored disk 79 LEDs Activity 82 OK to Remove 81 logical device names table 67 slot number reference 67 volumes about 63 deleting 77 domain minimization 61 E enablecomponent ALOM command 18 46 enabling SSH 57 F firmware updating 51 upgrade 52 flashupdate ALOM command 18 52 fsck Solaris command 30 G go OpenBoot command 28 graceful system halt 29 30 H halt gracefully advantages of 29 30 hardening systems 55 hardware disk mirrorring about 66 102 Netra T2000 Server Administration Guide September 2006 checking volume status 69 hot plug operation 78 striping about 65 checking volume status 73 help ALOM command 20 host keys SSH 60 hot plug operation non mirrored disk drive 79 on hardware disk mirror 78 init Solaris command 29 30 init 0 Solaris command 10 introduction to ALOM 13 K keyboard sequences LI A 28 29 30 L LI A keyboard sequence 28 29 30
98. works The system controller provides limited SSH functionality supporting only SSH version 2 SSHv2 client requests TABLE 5 1 identifies the various SSH server attributes and describes how the attributes are handled in this subset These attribute settings are not configurable TABLE 5 1 SSH Server Attributes Attribute Example Values Comment Protocol 2 Supports only SSH v2 Port 22 Listening port ListenAddress 0 0 0 0 Supports multiple IP addresses AllowTcpForwarding no Port forwarding not supported Chapter 5 Securing the Server 57 58 TABLE 5 1 SSH Server Attributes Continued Attribute Example Values Comment RSAAuthentication no Public key authentication disabled PubkeyAuthentication no Public key authentication disabled PermitEmptyPasswords yes Password authentication MACS Ciphers hmac sha1 hmac md5 aes128 cbc blowfish cbc 3des chbc controlled by the SC Same SSH server implementation as the Solaris 9 Operating System Same SSH server implementation as the Solaris 9 Operating System To Enable SSH To enable SSH type sc gt setupsc You are prompted to enter the network configuration and connection parameters Netra T2000 Server Administration Guide e September 2006 For example sc gt setupsc Network Configuration Is the system controller on a network yes Use DHCP or static network settings static Hostname hostname IP Address XXX XXX
99. xample indicates that the RAID mirror is still resynchronizing with the backup drive Chapter 6 Managing Disk Volumes 69 70 The following example shows that the RAID mirror is synchronized and online raidctl RAID Volume RAID RAID Disk Volume Type Status Disk Status cOtodo TM OK c0c0g0 OK c0t1d0 OK The disk controller synchronizes IM volumes one at a time If you create a second IM volume before the first IM volume completes its synchronization the first volume s RAID status will indicate RESYNCING and the second volume s RAID status will indicate OK Once the first volume has completed its RAID status changes to OK and the second volume automatically starts synchronizing with a RAID status of RESYNCING Under RAID 1 disk mirroring all data is duplicated on both drives If a disk fails replace it with a working drive and restore the mirror For instructions see To Perform a Mirrored Disk Hot Swap Operation on page 78 For more information about the raidct1 utility see the raidct1 1M man page To Create a Mirrored Volume of the Default Boot Device Due to the volume initialization that occurs on the disk controller when a new volume is created the volume must be configured and labeled using the format 1M utility prior to use with the Solaris Operating System see To Configure and Label a RAID Volume on page 73 Because of this limitation raidct1 1M blocks the creation of a hardware RAID volu
100. zation has completed it indicates that the RAID mirror is finished resynchronizing and is back online raidctl RAID Volume RAID RAID Disk Volume Type Status Disk Status cOtldoO TM OK cOt140 OK c0t2d0 OK For more information see the raidct1 1M man page v To Perform a Nonmirrored Disk Hot Swap Operation 1 Verify which hard drive corresponds with which logical device name and physical device name See Slot Numbers and Device Names for Non RAID Disks on page 67 Ensure that no applications or processes are accessing the hard drive Chapter 6 Managing Disk Volumes 79 80 2 View the status of the SCSI devices To view the status of the SCSI devices type the following command cfgadm al For example c0 c1 c0 c0 c c0 c1 usb0 1 usb0 2 usb1 1 usb1 1 usb1 1 usb1 1 usb1 2 cfgadm al Ap_Id dsk c0t0d0 dsk c0t1d0 dsk c0t2d0 dsk c0t3d0 dsk c1t0d0 PUNR Type scsi bus disk disk disk disk scsi bus CD ROM unknown unknown unknown unknown unknown unknown unknown Receptacle connected connected connected connected connected connected connected empty empty empty empty empty empty empty Occupant configured configured configured configured configured configured configured unconfigured unconfigured unconfigured unconfigured unconfigured unconfigured unconfigured Condition unknown unknown unkn
Download Pdf Manuals
Related Search