Summary of Contents for Fujitsu SPARC EnterpriseM3000
Page 1
SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers XSCF User's Guide Part No.: E25381-01, Manual Code: C120-E332-11EN January 2012...
Page 2
INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. Unless otherwise expressly set forth in such agreement, to the extent allowed by applicable law, in no event shall Oracle or Fujitsu Limited, and/or any of their affiliates have any liability to any third party under any legal theory for any loss of revenues or profits, loss of use or data, or business interruptions, or for any indirect, special, incidental or consequential damages, even if advised of the possibility of such damages.
Page 3
OU À L’ABSENCE DE CONTREFAÇON, SONT EXCLUES, DANS LA MESURE AUTORISÉE PAR LA LOI APPLICABLE. Sauf mention contraire expressément stipulée dans ce contrat, dans la mesure autorisée par la loi applicable, en aucun cas Oracle ou Fujitsu Limited et/ou l’une ou l’autre de leurs sociétés affiliées ne sauraient être tenues responsables envers une quelconque partie tierce, sous quelque théorie juridique que ce soit, de tout manque à...
Contents Preface xiii XSCF Overview 1–1 XSCF Features 1–1 XSCF Functions 1–9 1.2.1 Major Differences Among the Server Models 1–14 Types of Connection to XSCF 1–14 1.3.1 Examples of LAN Connection Operations 1–16 1.3.2 NTP Configuration and Time Synchronization 1–20 1.3.3 The CD-RW/DVD-RW Drive Unit and Tape Drive Unit 1–20 XSCF User Interfaces 1–21...
Page 7
3.2.1 Connecting XSCF via the XSCF-LAN Port Or the Serial Port 3–12 3.2.2 XSCF-LAN and Serial Connection Purposes 3–15 Operation of the Server 4–1 Display Server Hardware Environment 4–1 4.1.1 Displaying System Information 4–2 4.1.2 Display Server Configuration/Status Information 4–6 Display Domain Information 4–9 4.2.1 Domain Information 4–10...
Page 8
Displaying State of an External I/O Expansion Unit and Administration 4–27 4.10 Restore Factory Settings of the Server or XSCF Unit 4–32 Overview of the XSCF Shell 5–1 Overview of the XSCF Command Shell 5–1 Login to XSCF Shell 5–7 5.2.1 Before Logging In 5–7 5.2.2...
Page 9
Upgrade of XSCF Firmware and Maintenance 8–1 Update the XSCF Firmware 8–1 8.1.1 Firmware Update Overview 8–1 8.1.2 Firmware Update Conditions and Environment 8–3 8.1.3 Method of Delivering Firmware 8–4 8.1.4 Method of Checking the Firmware Version 8–5 8.1.5 Three Steps of the Firmware Update 8–6 8.1.6 Features of XSCF Firmware Update 8–7 8.1.7...
Page 10
XSCF Web Pages 9–9 XSCF Web Error Messages 9–30 A. Warning and Information Messages A–1 Message Types A–1 Messages in Each Function A–3 B. XSCF Log Information B–1 XSCF Error Log B–1 Power Log B–5 Event Log B–7 Using the showlogs Command to Display Other Logs B–8 B.4.1 Monitor Message Log B–8 B.4.2...
Page 11
Troubleshooting the Server While XSCF Is Being Used D–7 E. Software License Conditions E–1 Index Index–1 Contents...
System Control Facility (XSCF), which is used to control, monitor, operate, and service SPARC Enterprise M3000/M4000/M5000/M8000/M9000 servers and domains from Oracle and Fujitsu. XSCF may also be referred to as the System Control Facility (SCF). Unless otherwise stated in this manual, the SPARC Enterprise system is described as “the server” or “the system”.
All documents for your server are available online at the following locations: Documentation Link Sun Oracle software-related manuals http://www.oracle.com/documentation (Oracle Solaris OS, and so on) Fujitsu documents http://www.fujitsu.com/sparcenterprise/manual / Oracle M-series server documents http://www.oracle.com/technetwork/documentation/s parc-mseries-servers-252709.html The following table lists titles of related documents.
Page 15
Related SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers Documents SPARC Enterprise M3000 Server Safety and Compliance Guide SPARC Enterprise M4000/M5000 Servers Safety and Compliance Guide SPARC Enterprise M8000/M9000 Servers Safety and Compliance Guide External I/O Expansion Unit Safety and Compliance Guide SPARC Enterprise M4000 Server Unpacking Guide SPARC Enterprise M5000 Server Unpacking Guide SPARC Enterprise M8000/M9000 Servers Unpacking Guide SPARC Enterprise M3000 Server Installation Guide...
Text Conventions This manual uses the following fonts and symbols to express specific types of information. Font/symbol Meaning Example What you type, when contrasted XSCF> adduser jsmith AaBbCc123 with on-screen computer output. This font represents the example of command input in the frame. The names of commands, files, and AaBbCc123 XSCF>...
If you have any comments or requests regarding this document, go to the following websites: For Oracle users: ■ http://www.oracle.com/goto/docfeedback Include the title and part number of your document with your feedback: SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers XSCF User’s Guide, part number E25381-01 For Fujitsu users: ■ http://www.fujitsu.com/global/contact/computing/sparce_index.html Preface xvii...
Page 18
xviii SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
C H A P T E R XSCF Overview This chapter provides an overview of the system monitoring and control facility (eXtended System Control Facility, or XSCF). XSCF Features The XSCF firmware is a system monitoring and control facility consisting of a dedicated processor (Note 1) that is independent from the system processor.
the XSCF Unit is fixed to the Motherboard Unit (MBU). For details of the server differences, see Section 1.2.1, “Major Differences Among the Server Models” on page 1-14. Note – (1) Processors on server boards are called CPUs. Note – (2) Only the system model with a special interface can power on and off the peripheral devices.
Page 21
Remote Cabinet Interface (RCI) port to perform power supply interlock by ■ connecting a system and an I/O device with an RCI device The RCI is the power and system control interface that connects a peripheral device with an RCI connector to the server, and performs such functions as power supply interlock and alarm notification and recognition.
Page 22
Outline Drawing of the Rear Panel (In the Entry-level Server) FIGURE 1-1 Number Description Number Description RCI port ACT LED USB port LAN 1 port (XSCF-LAN#1 port) READY LED LAN 0 port (XSCF-LAN#0 port) CHECK LED UPC 1 port Serial port UPC 0 port Link Speed LED RCI Port...
Note – To use the RCI function, peripheral devices with the RCI connector and the server on which the RCI function is supported are required. For the information whether the RCI function is supported on your server, see the SPARC Enterprise M3000/M4000/M5000/M8000/M9000 Servers Product Notes.
Page 24
XSCF-LAN Port (Ethernet Port) There are two XSCF-LAN ports. Both use an RJ-45 connector and are compatible with 10BASE-T/100BASE-T (TX). The XSCF-LAN ports are used with the XSCF Shell and XSCF Web to perform system administrator operations, output the system status, perform domain operations, and display the console.
Page 25
Outline Drawing of the XSCF Unit Front Panel (In the Midrange Servers) FIGURE 1-2 XSCF Unit (Front) Number Description Number Description RCI port ACT LED Serial port UPC#1 port USB port UPC#0 port ETHERNET#1 port CHECK LED (XSCF-LAN#1 port) ETHERNET#0 port READY LED (XSCF-LAN#0 port) Link Speed LED...
Page 26
Outline Drawing of the XSCF Unit Front Panel (In High-End Servers) FIGURE 1-3 XSCF Unit (Front) XSCF Unit ( Front ; in Expansion cabinet Number Description Number Description Link Speed LED RCI port ACT LED ACTIVE LED ETHERNET#0 port READY LED (XSCF-LAN#0 port) ETHERNET#1 port CHECK LED...
ACTIVE LED The ACTIVE LED lights up in green. If the XSCF Unit is in a redundant configuration, the ACTIVE LED indicates the active XSCF Unit. Connector That Connects the XSCF Unit for the Base Cabinet With the XSCF Unit for the Expansion Cabinet The connector for connecting between XSCF Units is used to connect the Base cabinet to an Expansion cabinet on the M9000 server.
Page 28
Initial System Configuration Function XSCF configures the initial hardware settings of the XSCF Unit and initializes hardware as required to start the Oracle Solaris Operating System (Oracle Solaris OS). XSCF also controls the initial system configuration information. XSCF User Account Control XSCF controls the user accounts for XSCF operations.
Page 29
Automatically shut down and cancel a power on operation when an error is ■ detected If a system abnormality occurs, the Oracle Solaris OS is automatically shut down, and the subsequent power on will not be started. This can minimize damage to the system.
Internal Cabinet Configuration, Recognition, and Domain Configuration Control Functions To use XSCF, you can display the system configuration status, and create and change domain configuration definitions. It also provides domain start and stop functions, mainly for its own use. In the server, the user can configure a domain as a single Physical System Board (PSB) that has CPU, memory, and I/O device, or a PSB logically divided, which are the eXtended System Boards: (XSBs).
Page 31
Capacity on Demand Function Capacity on Demand is an option to purchase spare processing resources (CPUs) for your server. The spare resources are provided in the form of one or more CPUs on COD boards that are installed on your server. When you need the spare processing resources (CPUs) for the server, XSCF assists the operation to add or delete the resources.
Firmware Update Function The web browser and commands can be used to download new firmware image (XSCF firmware and OpenBoot PROM firmware) without stopping the domain and to update firmware without stopping other domains. To complete updating the OpenBoot PROM firmware in the target domain, the domain must be rebooted. For details on updating firmware, see Chapter 1.2.1...
Types of Connection to XSCF This section outlines types of connection to the XSCF. XSCF enables access to the server over a serial port or from networks connected to XSCF-LAN. outlines the connections to the XSCF. FIGURE 1-4 Connections to XSCF (In the Midrange Servers) FIGURE 1-4 SSH/telnet/ SSH/telnet/...
The following connections in the XSCF Unit connection configuration shown in are described below: FIGURE 1-4 Serial port connection ■ XSCF-LAN Ethernet connection ■ Serial Port Connection The serial port enables workstations, PCs, and ASCII terminals to connect to the XSCF through the serial (RS-232C) port.
Page 35
XSCF-LAN Operation Examples 1 TABLE 1-2 LAN Name Operation XSCF-LAN#0 port • For system administrator operation The system administrator can control the server, control domains, and display the console using the XSCF Shell. XSCF-LAN#1 port • For field engineer operation. Field engineers can configure the server and perform maintenance tasks using the XSCF Shell.
Page 36
XSCF-LAN Redundancy In the M3000/M4000/M5000/M8000/M9000 servers, the XSCF-LAN paths can be made redundant (duplicated). If a LAN failure occurs, it contributes significantly to reducing system availability. However, in a system equipped with a duplicate LAN, the routes (paths) in the remaining network can be used even if one subnetwork is faulty.
Page 37
Two XSCF-LANs and Two XSCF Units Configuration (In High-End Servers) FIGURE 1-6 c) A subnet failed Failure of a path Active Standby XSCF XSCF System d) XSCF failed Active Standby XSCF XSCF System XSCF failed Failover For details on LAN configurations and connections, see Chapter 3.
1.3.2 NTP Configuration and Time Synchronization The system uses the XSCF Unit clock for the system standard time. The domains in the server synchronize their times based on the XSCF Unit clock when the domains are started. The XSCF Unit clock can be adjusted to the exact time through a network connection to an external NTP server.
In the M8000/M9000 servers, a basic cabinet and an expansion cabinet contain one DVD drive/tape drive unit respectively, and they are assigned to a single operating domain of each cabinet. The DVD drive/tape drive unit can be used by assigning it to a specific card port on the I/O unit.
Page 40
Caution – IMPORTANT – To use the function as explained previously, you must create your XSCF account. Create your account before you start using the XSCF functionality. In addition, create an account for your field engineer (FE) with the privilege of fieldeng during initial setup. To use these XSCF interfaces, users need to log in to XSCF with an XSCF user account, and then enter a password.
XSCF Functions and Connection Ports (Continued) TABLE 1-6 XSCF-LAN Functions Contents Serial port Ethernet XSCF Web Provides the same functions as the functions of the XSCF Shells, but provides graphical displays for easier operation. Mail report Mail notification in the event of a failure enables prompt action to be taken.
Page 42
User Privilege Names and Descriptions TABLE 1-7 User privilege Outline Description of Defined Contents domainop@n Reference of the status of any • Can refer to the status of any hardware mounted part of one entire domain_n in a domain_n. • Can refer to the status of any part of a domain_n. •...
Page 43
User Privilege Names and Descriptions (Continued) TABLE 1-7 User privilege Outline Description of Defined Contents auditadm Audit control (Note) • Can monitor and control XSCF access. • Can delete an XSCF access monitoring method. fieldeng Field engineer operations • Allows field engineers to perform the maintenance tasks or change the server configuration.
C H A P T E R Setting Up XSCF This chapter explains how to set up XSCF. XSCF Setup Summary Each XSCF function must be configured before it can be used. Make the following settings: User Account Administration (required) ■...
Page 45
Altitude Administration (required) ■ DVD Drive/Tape Drive Unit Administration (optional) ■ COD Administration (optional) (see the following Note 4) ■ Note – (1) This document does not provide details on the remote maintenance service functions. For the information of the remote maintenance service, see the Product Notes for your server.
2.1.1 Setup Summary by the XSCF Shell This section describes the step summary of setup using the XSCF Shell. This procedure contains examples of command usage and setting items. For details on settings, see the corresponding parts of Section 2.2, “Specifying the XSCF Settings” on page 2-15.
Page 47
login: default Change the panel mode switch to Service and press return... (Operation : Locked state -> Service -> Return) Leave it in that position for at least 5 seconds. Change the panel mode switch to Locked, and press return... (Operation : Wait more than 5 seconds ->...
Page 48
4. Set the time. • Set and display the time zone. showtimezone(8), settimezone(8), • Set and display the XSCF time. showdate(8), setdate(8) • Reset and display the time subtraction showdateoffset(8) between the XSCF and the domain. resetdateoffset(8) (See Section 2.2.6, “Time Administration” on page 2-92) When the system time is updated, the XSCF reset is done and the XSCF session is...
Page 49
XSCF> showssh SSH status: enabled SSH DSCP: accept RSA key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEArmf46B4xSvunUNZPWOi4mRbqO9hsunxHitwR/ 0P6NTQbNK8BqCpCsyzK6nfjrARztO1rgXIdFfXLDEIY2hudEkuMCjyorX1HK+d8WH C7eydTCM8Edwwtwm0Q4o66peB/QwI/OL4lDCNRg+4aGyWUHZBwmiwahum+7MJDCKs fKKM= Fingerprint: 1024 14:75:fd:5c:e1:68:79:f6:db:cb:a7:36:25:53:25:9a DSA key: ssh-dss AAAAB3NzaC1kc3MAAACBAMMG1ewTyceFX7EnKuDIp1BVnuxf+UTtALVinkfXLQbUn gn84G8xp9GPnWOpNqiWXxAL8wInQrpz9wFd7n4sZk74HALM+gIhpjbpdXR76FpEvO MzCi6qYuv4yQ/0+uKCHmJEfzIOvQnDoofVElXYRKxTIyQY5+mtsf+44IoGzJbxAAA AFQCTNSxe0+5hbDziCOlgvch7FdUM3QAAAIBKGSbFr3XMYxubT7ViDHHIFgFpjEMw DREJD05g7XwlslgFX4Ff2nqItepyfnok/CeDi1bv1Xs0JGAGsbcwpBeKe7YcSepM3 xe8vGXSIdVqGbfDvqbO9P1q1n58qEKTA2Cj5L9a+6usSYfKHOSDhnvX3R8/Hk+Iiy 6EUaVSaJUHjgAAAIAZ+qQahRLAMuOq5FCuQ000xgfZzExRBIa1Q7sBhMTrg1dksKP +yPN9YjIw6QJXUD69acCWHD+nIKBTnSdO/NdwxDRKU2+9cOvNriUpbs5RoZgiCNCd 7nMMQUMFTzc78nd3w+pcjD5mBB6kELKuQurWbIDELTgYJcfm52C9TlR5WA== Fingerprint: 1024 e2:66:1a:c8:8f:37:6f:ec:6c:2a:d4:93:a7:6f:dc:5c 7. Installing the user public key. Before using the SSH user key for an XSCF-LAN connection, generate a user ■...
Page 50
8. Configure the network. • Display and set the DSCP showdscp(8), setdscp(8), • Display XSCF network settings (enable/disable, IP shownetwork(8), address, netmask) and configure/remove an XSCF setnetwork(8) network. • Display and set XSCF host name. showhostname(8), sethostname(8) • Display XSCF route settings (destination IP address, showroute(8), setroute(8) gateway, netmask, interface) and configure an XSCF route.
Page 51
RSA key fingerprint is xxxxxx Connecting? [yes|no] : yes Type the passphrase you have already set in the case that you would be using SSH with user key authentication. Enter passphrase for key ’/home/nana/.ssh/id_rsa’ :xxxxxxxx Warning: No xauth data; using fake authentication data for X11 forwarding.
Page 52
This manual does not provide details on LDAP, Active Directory, and LDAP/SSL, so see the available LDAP, Active Directory, and LDAP/SSL manuals. 10. Configure the LDAP settings. Configure XSCF as an LDAP client. ■ • Display and set LDAP client information. showldap(8), setldap(8) (See Section 2.2.3, “LDAP Administration”...
Page 53
14. Configure the log archiving settings. • Display log archiving settings and showarchiving(8), setarchiving(8) configure log archiving. (See Section 2.2.10, “Log Archiving Administration” on page 2-127) 15. Configure the audit settings. • Display audit settings and configure showaudit(8), setaudit(8) auditing. (See Section 2.2.9, “Audit Administration”...
Page 54
19. Configure the domain settings. • Display domain information and specify showboards(8), showdcl(8), setdcl(8) the domain configuration. (DCL displaying and settings, configuration policy settings, System board settings) • Add, delete, or move a system board. addboard(8), deleteboard(8), moveboard(8) (See Section 2.2.13, “Domain Configuration” on page 2-146) In the M3000 server, you cannot perform operations such as setting the domain...
21. Configure the Locale settings. • Display and set the Locale. showlocale(8), setlocale(8) (See Section 2.2.16, “Locale Administration” on page 2-190) 22. Configure the Altitude Administration settings. • Display altitude settings and configure showaltitude(8), setaltitude(8) altitude. (See Section 2.2.17, “Altitude Administration”...
Page 56
Before attempting to establish a connection to the XSCF and log in from the web browser window of the XSCF Web, perform Step 1 Step 8 Section 2.1.1, “Setup Summary by the XSCF Shell” on page 2-3, and enable https in Section 2.2.8, “Https Administration”...
10. Establish a connection to XSCF and log in from a web browser. Specify the host name or the IP address of the XSCF during the network ■ configuration, in a web browser running on a PC with an XSCF-LAN port used to establish a connection to the XSCF.
Specifying the XSCF Settings This section describes the XSCF settings in detail. XSCF settings can be made in the following ways: On the PC connected to the serial port, or you can specify the IP address of the ■ XSCF to establish a connection to the XSCF, and then use the XSCF Shell over an Ethernet or a user LAN connection.
2.2.1 Network Configuration Network Configuration is used to specify items relating to network interfaces like XSCF-LANs and Domain-SP Communication Protocol(DSCP), also, routing, and DNS. lists terms used in Initial Configuration. TABLE 2-1 Network Configuration Terms TABLE 2-1 Term Explanation XSCF network General term for an interface required in XSCF network configuration.
Page 60
lists setting items and the corresponding shell commands. TABLE 2-2 To complete the network settings, the XSCF reset is required. Reset the XSCF by using the rebootxscf(8) command. After the XSCF is reset, the XSCF session is disconnected. Please log in again to the XSCF. Network Configuration TABLE 2-2 Item...
Page 61
Network Configuration (Continued) TABLE 2-2 Item Description Shell Command Remarks Host Sets a host name and a domain name for the No default setting sethostname name/domain XSCF Unit. has been specified. name FQDN cannot be specified for the host name. A host name can be specified up to 64 characters.
Page 62
Network Configuration (Continued) TABLE 2-2 Item Description Shell Command Remarks Add/delete DNS Add or delete the IP address of a name No default setting setnameserver server and the domain name of a search has been specified. path. If the DNS Up to three name servers can be registered.
Page 63
XSCF network interface configuration The XSCF network interface includes the following. LAN (XSCF-LAN) for users to access to XSCF ■ LAN (ISN) for the communication between XSCF Units (M8000/M9000 servers ■ only) LAN (DSCP) for the communication between XSCF and each domain ■...
Page 64
Network Interface Required for XSCF Network Configuration (In the FIGURE 2-1 High-End Servers) Server DomainID 1 DomainID 0 DomainID X 10+X XSCFU#1 XSCFU#0 Ethernet 1-6; Addresses of XSCF-LAN Inside LAN 7,8; Addresses of Inter SCF Network(ISN) 9,10,..,10+X; Addresses of DSCP links Chapter 2 Setting Up XSCF 2-21...
Number Description Number Description XSCF-LAN#0 address ISN address. (XSCFU#0 side) (XSCFU#0 side) XSCF-LAN#0 address ISN address. (XSCFU#1 side) (XSCFU#1 side) Takeover IP address DSCP link address between XSCF-LAN#0s (XSCF side) XSCF-LAN#1 address 10 or DSCP link addresses (XSCFU#0 side) later (Domains side) XSCF-LAN#1 address (XSCFU#1 side)
Page 66
To make the IP address redundant, specify the same subnet address to the LAN port of XSCFU#0 side and to the LAN port of XSCFU#1 side which share the same LAN port number. Also, The IP address of XSCF-LAN#0 and the IP address of XSCF-LAN#1 must be specified in different subnet addresses.
Page 67
5. Specify the host name, routing, and DNS. In the M8000/M9000 servers, subsequently to the XSCFU#0 side, specify the host name and the routing of the XSCFU#1 side. (See showhostname(8), sethostname(8), showroute(8), setroute(8), shownameserver(8), and setnameserver(8).) 6. Configure IP packet filtering rules. Configure IP packet filtering rules for XSCF-LANs.
Page 68
Enabling or Disabling the XSCF Network and Specifying an IP Address and Netmask for the Network and DSCP Command operation ■ 1. Use the shownetwork(8) command to display network interface information. <Example 1> Display information on all network interfaces of XSCF. XSCF>...
Page 69
2. Use the showdscp(8) command to display DSCP information. <Example> Display DSCP information. XSCF> showdscp DSCP Configuration: Network: 192.168.244.0 Netmask: 255.255.255.0 Location Address ---------- --------- XSCF 192.168.244.1 Domain #00 192.168.244.2 Domain #01 192.168.244.3 Domain #02 192.168.244.4 Domain #03 192.168.244.5 3. Use the setnetwork(8) command to specify network interface information. <Example 1>...
Page 70
4. Use the setdscp(8) command (see Note) to specify network interface information. < Example 1> Specify the entire DSCP network IP address 192.168.2.0 and netmask 255.255.255.0. XSCF> setdscp -i 192.168.2.0 -m 255.255.255.0 <Example 2> Specify IP address 192.168.2.1 for the XSCF. XSCF>...
This is because the DSCP communication protocol, PPP (Point to Point Protocol), does not notify the netmask value specified by the -m option to the domain side, and also because the ifconfig(1M) displays the netmask value corresponding to the class of IP address in the DSCP interface. Note –...
Page 72
Configuring XSCF Routing In a redundant XSCF unit configuration, the following are examples of data when routing is done in each subnet. <Example> XSCF Unit 0 XSCF Unit 1 xscf#0-lan#0 [192.168.1.10] xscf#1-lan#0 [192.168.1.20] +------------------------------+ XSCF-LAN#0 XSCF-LAN#0 XSCF Unit 0 XSCF Unit 1 xscf#0-lan#1 [10.12.108.10] xscf#1-lan#1 [10.12.108.20] +------------------------------+ XSCF-LAN#1...
Page 73
2. Use the setroute(8) command to specify the routing environment for a network interface. <Example 1> Add routing with Destination 192.168.1.0 and Netmask 255.255.255.0 to XSCF-LAN#0 in the XSCFU#0. XSCF> setroute -c add -n 192.168.1.0 -m 255.255.255.0 xscf#0-lan#0 <Example 2> Add routing with the default network for Destination and Gateway 10.12.108.1 to XSCF-LAN#1 in the XSCFU#0.
Page 74
2. Use the setnameserver(8) command to specify the name server and the search path. <Example 1> Add the three IP addresses 10.0.0.2, 172.16.0.2, and 192.168.0.2 as name servers. XSCF> setnameserver 10.0.0.2 172.16.0.2 192.168.0.2 <Example 2> Delete all available name servers. XSCF>...
Page 75
Configuring IP Packet Filtering Rules for XSCF Network Command operation ■ 1. Use the showpacketfilters(8) command to display the IP packet filtering rules for XSCF-LANs. <Example 1> Display the IP packet filtering rules settings for XSCF network. XSCF> showpacketfilters -a -i xscf#0-lan#0 -j ACCEPT -i xscf#0-lan#1 -j ACCEPT -s 173.16.0.0/255.255.0.0 -j ACCEPT...
Page 76
<Example 1> Permit the IP address 192.168.100.0/255.255.255.0 to go through. XSCF> setpacketfilters -y -c add -i xscf#0-lan#0 -s 192.168.100.0/255.255.255.0 -s 192.168.100.0/255.255.255.0 -i xscf#0-lan#0 -j ACCEPT NOTE: applied IP packet filtering rules. Continue? [y|n] :y <Example 2> Communication to xscf#0-lan#0 exclusively accepts those IP packets sent from the 192.168.100.0/255.255.255.0 network.
Page 77
Note – You can set the IP filtering rules to the input packets, not to the output packets. Applying the XSCF Network Settings Command operation ■ 1. After performing the setnetwork(8), sethostname(8), setroute(8), and setnameserver(8) commands, apply these Network settings. 2.
Page 78
XSCF> rebootxscf The XSCF will be reset. Continue? [y|n] :y At this time, the window session is disconnected, so please reconnect to the XSCF ■ by using the new network interface and log in again. 4. Display the Network Configuration by using the shownetwork(8), showhostname(8), showroute(8) and shownameserver(8) commands again and check the new network information.
3. Use the traceroute(8) command to confirm the network path to network devices. <Example> Display the network path to the host server.example.com. XSCF> traceroute server.example.com traceroute to server.example.com (XX.XX.XX.XX), 30 hops max, 40 byte packets XX.XX.XX.1 (XX.XX.XX.1) 1.792 ms 1.673 ms 1.549 ms XX.XX.XX.2 (XX.XX.XX.2) 2.235 ms...
Page 80
lists setting items and the corresponding shell commands. TABLE 2-4 User Account Administration TABLE 2-4 Item Description Shell Command Remarks Display user Displays user account management The item displayed is showuser account information. Never, which means management unlimited. information Add/delete user Adds or deletes a user account.
Page 81
User Account Administration (Continued) TABLE 2-4 Item Description Shell Command Remarks Password policy Sets a password policy as described below. • Once an account is setpassword-pol locked after password • Minimum number of days that must expiration, its user elapse before the password can be must contact the changed (Mindays) system administrator...
Page 82
User Account Administration (Continued) TABLE 2-4 Item Description Shell Command Remarks Enable/disable Enables or disables the lockout function. setloginlockout • The lockout is disabled lockout function by default. To disable the lockout, specify 0 minutes for lockout period. To enable lockout, •...
Page 83
Adding or Deleting a User Account and Specifying a Password Command operation ■ 1. Use the showuser(8) command to display all of the user account information. (See the description of the password policy in TABLE 2-4 XSCF> showuser -l User Name: user001 UID: Status:...
3. Use the password(8) command to specify a password. <Example 1> Specify a password. XSCF> password jsmith Changing password for platadm (current) XSCF password: xxxxxx New XSCF password: xxxxxx BAD PASSWORD: is too similar to the old one New XSCF password: xxxxxx BAD PASSWORD: it is too simplistic/systematic New XSCF password: xxx BAD PASSWORD: it’s WAY too short...
Page 85
3. Use the showuser(8) command to confirm the privilege. XSCF> showuser -p User Name: jsmith Privileges: useradm auditadm Enabling or Disabling a User Account Command operation ■ 1. Use the showuser(8) command to display user account settings. XSCF> showuser -a 2.
Page 86
2. Use the setpasswordpolicy(8) command to specify a password policy. <Example> Specify 3 for the retry count, an eight-character password containing at least two digits, 60 days for the expiration period, and 15 days for the advance notice of expiration. XSCF>...
2.2.3 LDAP Administration LDAP administration is used to specify items relating to LDAP clients. The LDAP server, bind ID, password, baseDN and so on are set. In the LDAP server, the XSCF user information is managed. Note – This section does not cover LDAP configuration and administration. An administrator who is familiar with LDAP should perform the LDAP design.
Page 88
lists setting items and the corresponding shell commands: TABLE 2-6 LDAP Administration TABLE 2-6 Item Description Shell command Remarks Display the Displays the use of an LDAP server for showlookup use of LDAP authentication and privilege lookup. Enable/ Enables or disables the use of an LDAP server If this specifies that setlookup disable the...
Page 89
Note – PEM: Abbreviation for Privacy Enhanced Mail. Mail to be sent is encrypted for increased privacy. Enabling or Disabling the LDAP Server Command operation ■ 1. Use the showlookup(8) command to display the lookup method of authentication and user privileges. XSCF>...
Page 90
2. Use the setldap(8) command to configure an LDAP client. <Example 1> Specify bind ID and search base (baseDN). XSCF> setldap –b "cn=Directory Manager" –B "ou=People,dc=users,dc= apl,dc=com,o=isp" <Example 2> Specify bind password. XSCF> setldap -p Password:xxxxxxxx <Example 3> Specify the primary and secondary LDAP servers and port numbers.
Page 91
3. Use the showldap(8) command to confirm that you have imported the certificate chain. XSCF> showldap Bind Name: cn=Directory Manager Base Distinguished Name: ou=People,dc=users,dc=apl,dc=com,o=isp LDAP Search Timeout: Bind Password: LDAP Servers: ldap://onibamboo:389 ldaps://company2.com:636 CERTS: Exists Testing a Connection to an LDAP Server Command operation ■...
2.2.4 Active Directory Administration Active Directory administration is used to specify items relating to Active Directory clients. The Active Directory server, loading of server certificate, group name, privileges, user domain, log, DNS locator query, and so on are set. In the Active Directory server, the XSCF user information is managed.
Page 93
If the defaultrole parameter is not configured or set, user privileges are learned ■ from the Active Directory server based on the user’s group membership. On XSCF, the group parameter must be configured with the corresponding group name from the Active Directory server. Each group has privileges associated with it which are configured on the XSCF.
Page 94
Active Directory Administration (Continued) TABLE 2-8 Item Description Shell command Remarks Enable/ Enables or disables the expanded search mode. The expanded search mode is setad disable disabled by default. The expanded search mode is only enabled expanded when to address specific customer environment search mode where user's account is not UserPrincipalName (UPN) format.
Page 95
Active Directory Administration (Continued) TABLE 2-8 Item Description Shell command Remarks Operator Assigns group name for up to five specified setad group operator groups. The operator group has platop and auditop privileges and you cannot change that. Custom group Assigns group name and privileges for up to setad five groups.
Page 96
While Active Directory is enabled, when you attempt to login to XSCF via the ■ telnet, you might fail to login due to timeout of the query to secondary alternated server or later. If the specified timeout is too brief for the configuration, the login process or ■...
Page 97
Specifying an Active Directory Server and Port Number Command operation ■ 1. Use the showad(8) command to display Active Directory server settings. XSCF> showad server Primary Server address: (none) port: 0 XSCF> showad server -i Alternate Server address: (none) port: 0 Alternate Server address: (none) port: 0...
Page 98
3. Use the showad(8) command to confirm the Active Directory server setting. XSCF> showad server Primary Server address: 10.24.159.150 port: 8080 XSCF> showad server -i Alternate Server address: 10.24.159.151 port: 0 Alternate Server address: (none) port: 0 Alternate Server address: (none) port: 0 Alternate Server address: (none)
Page 99
3. Use the showad(8) command to confirm the DNS locator mode status. XSCF> showad dnslocatormode: enabled expsearchmode: disabled state: enabled strictcertmode: disabled timeout: 4 logdetail: none Configuring the DNS locator Query Command operation ■ 1. Use the showad(8) command to display the configuration of the DNS locator query.
Page 100
Enabling or Disabling the Expanded Search Mode Command operation ■ 1. Use the showad(8) command to display the expanded search mode status. XSCF> showad dnslocatormode: enabled expsearchmode: disabled state: enabled strictcertmode: disabled timeout: 4 logdetail: none 2. Use the setad(8) command to enable or disable the expanded search mode. <Example1>...
Page 101
2. Use the setad(8) command to enable or disable the strictcertmode. <Example1> Enable the strictcertmode. XSCF> setad strictcertmode enable <Example2> Disable the strictcertmode. XSCF> setad strictcertmode disable 3. Use the showad(8) command to confirm the strictcertmode status. XSCF> showad dnslocatormode: enabled expsearchmode: enabled state: enabled strictcertmode: enabled...
Page 102
Loading or Deleting the Server Certificate Command operation ■ 1. Use the showad(8) command to display the server certificate information. XSCF> showad cert Primary Server: certstatus = certificate not present issuer = (none) serial number = (none) subject = (none) valid from = (none) valid until = (none) version = (none)
Page 103
2. Use the setad(8) command to load the server certificate to the XSCF. <Example1> Loads a server certificate for the primary server using a username and password XSCF> setad loadcert -u yoshi http://domain_2/UID_2333/testcert Warning: About to load certificate for Primary Server. Continue? [y|n]: y Password: <Example2>...
Page 104
3. Use the showad(8) command to confirm that the server certificate is loaded. XSCF> showad cert Primary Server: certstatus = certificate present issuer = DC = local, DC = xscf, CN = apl serial number = 55:1f:ff:c4:73:f7:5a:b9:4e:16:3c:fc:e5:66:5e:5a subject = DC = local, DC = xscf, CN = apl valid from = Mar 9 11:46:21 2010 GMT valid until = Mar...
Page 105
Setting a user domain Command operation ■ 1. Use the showad(8) command to display user domains. XSCF> showad userdomain domain 1: (none) domain 2: (none) domain 3: (none) domain 4: (none) domain 5: (none) 2. Use the setad(8) command to set the user domain. <Example1>...
Page 106
2. Use the setad(8) command to set default roles. XSCF> setad defaultrole platadm platop 3. Use the showad(8) command to confirm the default roles. XSCF> showad defaultrole Default role: platadm platop Chapter 2 Setting Up XSCF 2-63...
Page 107
Setting Group name and privileges Command operation ■ 1. Use the showad(8) command to display the group name. <Example1> Displays configuration for administrator group. XSCF> showad group administrator Administrator Group 1 name: (none) Administrator Group 2 name: (none) Administrator Group 3 name: (none) Administrator Group 4 name: (none)
Page 108
2. Use the setad(8) command to set group name and privileges. <Example1> Sets administrator group 1. XSCF> setad group administrator -i 1 name CN=SpSuperAdmin,OU= Groups,DC=davidc,DC=example,DC=aCompany,DC=com <Example2> Sets operator group 1. XSCF> setad group operator -i 1 name CN=OpGroup1,OU=SCFTEST,DC= aplle,DC=local <Example3> Sets custom group 1. XSCF>...
Page 109
3. Use the showad(8) command to confirm the group name and privileges. <Example1> Confirm administrator group. XSCF> showad group administrator Administrator Group 1 name: CN=<USERNAME>,CN=SpSuperAdmin,OU=Groups,DC=davidc,DC= example,DC=aCompany,DC=com Administrator Group 2 name: (none) Administrator Group 3 name: (none) Administrator Group 4 name: (none) Administrator Group 5 name: (none) <Example2>...
Page 110
The administrator group has platadm, useradm, and auditadm privileges and you cannot change that. Also the operator group has platop and auditop privileges and you cannot change that. Setting timeout Command operation ■ 1. Use the showad(8) command to display timeout period. XSCF>...
Page 111
Enabling or Disabling the Logging of Active Directory Authentication and Authorization Diagnostic Messages Command operation ■ 1. Use the showad(8) command to display the log detail level. XSCF> showad dnslocatormode: enabled expsearchmode: enabled state: enabled strictcertmode: enabled timeout: 10 logdetail: none 2.
Page 112
2. Use the showad(8) command to display the diagnostic messages. <Example> Displays diagnostic messages in real time. XSCF> showad log -f Mon Nov 16 14:47:53 2009 (ActDir): module loaded, OPL Mon Nov 16 14:47:53 2009 (ActDir): --error-- authentication status: auth-ERROR Mon Nov 16 14:48:18 2009 (ActDir): module loaded, OPL 3.
Page 113
3. Use the showad(8) command to confirm the default settings. XSCF> showad dnslocatormode: disabled expsearchmode: disabled state: disabled strictcertmode: disabled timeout: 4 logdetail: none 2-70 SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
2.2.5 LDAP/SSL Administration LDAP/SSL administration is used to specify items relating to LDAP/SSL clients. The LDAP/SSL server, loading of server certificate, group name, privileges, user domain, log, and so on are set. In the LDAP/SSL server, the XSCF user information is managed.
Page 115
LDAP/SSL server. Each group has privileges associated with it which are configured on the XSCF. A user's group membership is used to determine the user's privileges once authenticated. 2-72 SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
Page 116
lists setting items and the corresponding shell commands: TABLE 2-10 LDAP/SSL Administration TABLE 2-10 Item Description Shell command Remarks Display the Displays the current setting of LDAP/SSL, such showldapssl status of as enabled/disabled, usermapmode, and so on. LDAP/SSL Enable/ Enables or disables the use of an LDAP/SSL LDAP/SSL is disabled setldapssl disable the...
Page 117
LDAP/SSL Administration (Continued) TABLE 2-10 Item Description Shell command Remarks Load/Delete Loads or deletes the certificate of primary and The strictcertmode must be in setldapssl certificate up to five alternate LDAP/SSL servers. the disabled state for a certificate to be removed. Display Displays the userdomain.
Page 118
Before LDAP/SSL settings Note the following before settings: LDAP/SSL is supported in XCP1091 or later. ■ The useradm privilege is required for the LDAP/SSL settings. ■ If the XSCF is configured to use LDAP, Active Directory, or LDAP/SSL for user ■...
Page 119
3. Use the showldapssl(8) command to confirm the use of LDAP/SSL server. XSCF> showldapssl usermapmode: disabled state: enabled strictcertmode: disabled timeout: 4 logdetail: none Specifying an LDAP/SSL Server and Port Number Command operation ■ 1. Use the showldapssl(8) command to display LDAP/SSL server settings. XSCF>...
Page 120
3. Use the showldapssl(8) command to confirm the LDAP/SSL server setting. XSCF> showldapssl server Primary Server address: 10.18.76.230 port: 4041 XSCF> showldapssl server -i Alternate Server address: 10.18.76.231 port: 0 Alternate Server address: (none) port: 0 Alternate Server address: (none) port: 0 Alternate Server address: (none)
Page 121
3. Use the showldapssl(8) command to confirm the usermapmode status. XSCF> showldapssl usermapmode: enabled state: enabled strictcertmode: disabled timeout: 4 logdetail: none Configuring or Clearing the Usermap Command operation ■ 1. Use the showldapssl(8) command to display the configuration of the usermap. XSCF>...
Page 122
4. Use the setldapssl(8) command to clear the usermap. <Example1> Clears the attribute information. XSCF> setldapssl usermap attributeInfo <Example2> Clears the bind distinguished name. XSCF> setldapssl usermap binddn <Example3> Clears the bind password. XSCF> setldapssl usermap bindpw <Example4> Clears the search base. XSCF>...
Page 123
3. Use the showldapssl(8) command to confirm the strictcertmode status. XSCF> showldapssl usermapmode: enabled state: enabled strictcertmode: enabled timeout: 4 logdetail: none If strictcertmode is enabled, the server's certificate must have already been uploaded to the XSCF. 2-80 SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
Page 124
Loading or Deleting the Server Certificate Command operation ■ 1. Use the showldapssl(8) command to display the server certificate information. XSCF> showldapssl cert Primary Server: certstatus = certificate not present issuer = (none) serial number = (none) subject = (none) valid from = (none) valid until = (none) version = (none)
Page 125
2. Use the setldapssl(8) command to load the server certificate to the XSCF. <Example1> Loads a server certificate for the primary server using a username and password XSCF> setldapssl loadcert -u yoshi http://domain_3/UID_2333/testcert Warning: About to load certificate for Primary Server. Continue? [y|n]: y Password: <Example2>...
Page 126
3. Use the showldapssl(8) command to confirm that the server certificate is loaded. XSCF> showldapssl cert Primary Server: certstatus = certificate present issuer = DC = local, DC = xscf, CN = apl serial number = 55:1f:ff:c4:73:f7:5a:b9:4e:16:3c:fc:e5:66:5e:5a subject = DC = local, DC = xscf, CN = apl valid from = Mar 9 11:46:21 2010 GMT valid until = Mar...
Page 127
Setting a user domain Command operation ■ 1. Use the showldapssl(8) command to display user domains. XSCF> showldapssl userdomain domain 1: (none) domain 2: (none) domain 3: (none) domain 4: (none) domain 5: (none) 2. Use the setldapssl(8) command to set the user domain. <Example1>...
Page 128
3. Use the showldapssl(8) command to confirm the default roles. XSCF> showldapssl defaultrole Default role: platadm platop Chapter 2 Setting Up XSCF 2-85...
Page 129
Setting Group name and privileges Command operation ■ 1. Use the showldapssl(8) command to display the group name. <Example1> Displays configuration for administrator group. XSCF> showldapssl group administrator Administrator Group 1 name: (none) Administrator Group 2 name: (none) Administrator Group 3 name: (none) Administrator Group 4 name: (none)
Page 130
2. Use the setldapssl(8) command to set group name and privileges. <Example1> Sets administrator group 1. XSCF> setldapssl group administrator -i 1 name CN=SpSuperAdmin,OU= Groups,DC=davidc,DC=example2,DC=aCompany,DC=com <Example2> Sets operator group 1. XSCF> setldapssl group operator -i 1 name CN=OpGroup1,OU= SCFTEST,DC=aplle2,DC=local <Example3> Sets custom group 1. XSCF>...
Page 131
3. Use the showldapssl(8) command to confirm the group name and privileges. <Example1> Confirm administrator group. XSCF> showldapssl group administrator Administrator Group 1 name: CN=<USERNAME>,CN=SpSuperAdmin,OU=Groups,DC=davidc,DC= example2,DC=aCompany,DC=com Administrator Group 2 name: (none) Administrator Group 3 name: (none) Administrator Group 4 name: (none) Administrator Group 5 name: (none) <Example2>...
Page 132
The administrator group has platadm, useradm, and auditadm privileges and you cannot change that. Also the operator group has platop and auditop privileges and you cannot change that. Setting timeout Command operation ■ 1. Use the showldapssl(8) command to display timeout period. XSCF>...
Page 133
2. Use the setldapssl(8) command to set the log detail level. <Example1> Enable the log and trace is set for detail level. XSCF> setldapssl logdetail trace <Example2> Disable the log. XSCF> setldapssl logdetail none 3. Use the showldapssl(8) command to confirm the log detail level. XSCF>...
Page 134
Change the LDAP/SSL Settings Back to the Default Command operation ■ 1. Use the showldapssl(8) command to display the LDAP/SSL settings. XSCF> showldapssl usermapmode: enabled state: enabled strictcertmode: enabled timeout: 10 logdetail: trace 2. Use the setldapssl(8) command to change the LDAP/SSL setting back to the default.
2.2.6 Time Administration Time administration is used to specify the time and the NTP settings for this system. The server (all domains) uses the XSCF Unit clock as the reference time. Note – The customer should decide the NTP server operating mode. For details on NTP, see the NTP manuals.
Page 136
lists the settings and the corresponding shell commands. TABLE 2-11 Setting Time and Date TABLE 2-11 Item Description Shell Command Remarks Display time Displays the time zone and Daylight Saving showtimezone zone Time information. Time zone Sets the time zone and Daylight Saving The time zone provided by settimezone Time.
Setting Time and Date (Continued) TABLE 2-11 Item Description Shell Command Remarks Prefer Specifies/cancels “prefer” to an NTP server The default is prefer setntp for XSCF network. specified. If prefer is specified, the NTP server specified first by setntp (8) command has priority over the others.
<Example 1> Display the timezone list. XSCF> settimezone -c settz -a Africa/Abidjan Africa/Accra <Example 2> Set the timezone. XSCF> settimezone -c settz -s Asia/Tokyo Asia/Tokyo The set time zone takes effect after executing the command. 3. Use the showtimezone(8) command to confirm the setting. Specifying a Daylight Saving Time Command operation ■...
Page 139
2. Use the settimezone(8) command to set the Daylight Saving Time information. <Example 1> Sets the Daylight Saving Time information as follows: abbreviation of time zone is JST, the offset from GMT is +9 hours, the name of Daylight Saving Time is JDT, the offset of Daylight Saving Time from GMT is +10 hours, and the time period is from the first Sunday of April 0:00(JST) to the first Sunday of September 0:00(JDT).
Setting the XSCF Time Command operation ■ 1. Use the showdate(8) command to display the XSCF time. <Example 1> Display the current time with local time. XSCF> showdate Mon Jan 23 14:53:00 JST 2006 <Example 2> Display the current time with UTC. XSCF>...
Page 141
Configuring an NTP Server Command operation ■ 1. Use the showntp(8) command to display the NTP server for the XSCF network. XSCF> showntp -a server ntp1.example.com prefer server ntp2.example.com 2. Use the showntp(8) command to check synchronization and display the status. XSCF>...
5. Use the showntp(8) command to confirm the NTP server. XSCF> showntp -a server ntp1.red.com prefer server ntp2.blue.com Specifying or Canceling prefer for NTP Server Command operation ■ 1. Use the showntp(8) command to display the prefer settings. XSCF> showntp -m prefer : on localaddr : 0 2.
Page 143
Changing Stratum Value for XSCF Command operation ■ 1. Use the showntp(8) command to display the stratum value for the XSCF network. XSCF> showntp -s stratum : 5 2. Use the setntp(8) command to change a stratum value. <Example> Set 7 as stratum value for XSCF network. XSCF>...
Page 144
2. Use the setntp(8) command to change a clock address of the XSCF's own local clock. <Example> Set 1 as the least significant byte of the clock address. XSCF> setntp -m localaddr=1 Please reset the XSCF by rebootxscf to apply the ntp settings. When you use the setntp(8) command to specify the localaddr value, execute the rebootxscf(8) command to apply the specified configuration and reset the XSCF.
Page 145
XSCF> showntp –l remote refid st t when poll reach delay offset jitter ============================================================================== 192.168.1.2 LOCAL(0) 10 1024 0.000 0.000 0.000 *127.127.1.0 .LOCL. 0.000 0.000 0.008 Of the two NTP server outputs, the upper (192.168.1.2) indicates the NTP server which is set by using the setntp(8) command. The refid is LOCAL(0), which means that the local clock which has the address of "127.127.1.0"...
specified. By specifying either from 1 to 3, the address of an NTP server which is referring to the local clock does not correspond to the address of the XSCF internal local clock anymore, and a server which is referring to the local clock can also be set as the NTP server of XSCF.
5. Use the poweron(8) command to turn on power to all domains. XSCF> poweron -a DomainIDs to power on:00,01,02,03 Continue? [y|n] :y 00 :Powering on 01 :Powering on 02 :Powering on 03 :Powering on *Note* This command only issues the instruction to power-on. The result of the instruction can be checked by the "showlogs power".
SSH/Telnet Administration Terms TABLE 2-12 Term Description RW console RW (Read and Write). This is a write-enabled OS console (domain console). RO console RO (Read Only). This is a read-only OS console SSH Client In this system, you can use the following SSH clients. Oracle Solaris Secure Shell ■...
Page 149
SSH/Telnet Administration (Continued) TABLE 2-13 Item Description Shell command Remarks Host key Generates an SSH2 host key (RSA key and When the SSH is enabled setssh DSA key). first, the host key is generated. The DSA key length is 1024 bits. The RSA key length is 1024 bits by default.
Page 150
Note – The control function of SSH access from domain by XSCF Shell command is supported only on M3000/M4000/M5000/M8000/M9000 servers that run certain versions of XCP firmware (beginning with XCP 1081). Note – The XCP 1110 is the first release to support the RSA key of 2048 bit length. Chapter 2 Setting Up XSCF 2-107...
Page 151
Enabling or Disabling SSH/Telnet Command operation ■ 1. Use the showssh(8) command to display SSH settings or use the showtelnet(8) command to display telnet settings. <Example 1> Display SSH settings XSCF> showssh SSH status: enabled SSH DSCP: accept RSA key: DSA key: <Example 2>...
Page 152
Permitting or Refusing the SSH Access to XSCF from Domain via DSCP Command operation ■ 1. Use the showssh(8) command to display SSH settings. XSCF> showssh SSH status: enabled SSH DSCP: accept RSA key: DSA key: 2. Use the setssh(8) command to permit or refuse the SSH access to XSCF from domain via DSCP.
Specifying the Timeout Period of SSH/Telnet Command operation ■ 1. Use the showlogout(8) command to display the timeout period. XSCF> showautologout 30min 2. Use the setautologout(8) command to set the timeout period. <Example 1> Specify 255 (minutes) for the timeout period. XSCF>...
Page 155
4. Use the showssh(8) command to confirm the user public key and its number. <Example> The user key is set by number 1. XSCF> showssh -c pubkey Public key: 1 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAzFh95SohrDgpnN7zFCJCVNy+jaZ PTjNDxcid/QGbihYDCBttI4151Y0Sv85FJwDpSNHNKoVLMYLjtBmUMPbGgGVB61qs kSv/FeV44hefNCZMiXGItIIpKP0nBK4XJpCFoFbPXNUHDw1rTD9icD5U/wRFGSRRx FI+Ub5oLRxN8+A8= efgh@example.com Do the SSH connection by using the user account of XSCF on the client software when you log in the XSCF Shell next time.
2.2.8 Https Administration Use https administration to specify the settings required for operating the web browser window of the XSCF Web over an XSCF-LAN connection. Here, you can specify the enabling/disabling of https and configure https settings. In this system, https is disabled by default.
Page 157
5. Enable https. Step 1 Step 5 above, specify each option using the sethttps(8) command. Also, when using the XSCF Web, select the appropriate items for each setting. When the XSCF Unit is redundant, the https settings are automatically applied to ■...
https Administration (Continued) TABLE 2-15 Item Description Shell Command Remarks External When the external CA and CA in Intranet are Specify the following sethttps authentication used, set the following. Distinguished Name for making a CSR. • Create a web server private key of XSCF •...
Page 159
Enabling or Disabling Https Command operation ■ 1. Use the showhttp(8) or the showhttps(8) command to display https settings. <Example> Display the https settings. XSCF> showhttps HTTPS status: enabled Server key: installed in Apr 24 12:34:56 JST 2006 CA key: installed in Apr 24 12:00:34 JST 2006 CA cert: installed in Apr 24 12:00:34 JST 2006 CSR: -----BEGIN CERTIFICATE REQUEST-----...
Page 160
3. To enable the https, the XSCF reset is required. Use the rebootxscf(8) command to reset the XSCF. XSCF> rebootxscf The XSCF will be reset. Continue? [y|n] :y After the XSCF reset, the XSCF session is disconnected. Please log in again to the ■...
Page 161
4. Send the copied CSR to the CA and request the web server certificate. 5. Perform the sethttps(8) command with option for import. Then copy and paste the signed web server certificate in the window. Please press Enter and press the "Ctrl" and "D" keys. Then the importing is completed. XSCF>...
Page 162
Creating a Web Server Certificate by Constructing the Self CA Command operation ■ 1. Use the sethttps(8) command to create a self-signed web server certificate by specifying the DN. <Example> Specify the DN (JP, Kanagawa, Kawasaki, Example, Development, scf-host, abc@example.com) XSCF>...
2.2.9 Audit Administration Audit administration is used to specify logging of access details, such as which users logged in to XSCF, their login times, and the operations that they executed. In the server, the default access audit setting is enabled. The main audit settings include the access audit enable/disable setting (see ) and audit trail management TABLE 2-16...
Page 164
Audit Administration Terms (Continued) TABLE 2-16 Term Description Audit trail Set of audit files. The user refers to an audit trail to analyze the information contained in it. Audit policy Audit settings. The audit policy mainly defines whether auditing is enabled or disabled and the management method when audit trail becomes full.
Page 165
Audit Administration (Continued) TABLE 2-17 Item Description Shell Command Remarks Display audit Displays an audit trail. • To use a delimiter as part of viewaudit trail input data, enclose it in To display an audit trail, select one of the items quotation marks.
Page 166
If the audit trail becomes full while count is the specified policy, new audit trail data is discarded, and the number of times that records are dropped is counted. If you plan to specify suspend, you need to generate in advance a user account that has the auditadm privilege specified, and whose audit policy is set to disable.
Page 167
Enabling or Disabling Audit, Transferring a Log File, and Deleting Audit Data Command operation ■ 1. Use the showaudit(8) command to display audit settings. <Example> Display all information on the current audit status in the system. XSCF> showaudit all Auditing: enabled Audit space used: 13713 (bytes)
Specifying the Audit Policy Command operation ■ 1. Use the showaudit(8) command to display the audit policy. XSCF> showaudit all Auditing: enabled Audit space used: 13713 (bytes) Audit space free: 4180591 (bytes) Records dropped: Policy on full trail: suspend User global policy: enabled Mail: Thresholds:...
Page 169
3. Use the showaudit(8) command to confirm the setting. XSCF> showaudit all Auditing: enabled Audit space used: 13713 (bytes) Audit space free: 4180591 (bytes) Records dropped: Policy on full trail: count User global policy: enabled Mail: yyyy@example.com Thresholds: 50% 75% 90% User policy: Events: AEV_AUDIT_START...
2.2.10 Log Archiving Administration This section explains how to set the log archiving function, which saves the logs retained on an XSCF Unit. The archive host, the archive directory, enable/disable for the log archiving and so on are set. Note – Logs archived on the log host should be rotated at regular intervals to avoid loss of log information.
Page 171
Log Archiving Administration (Continued) TABLE 2-19 Item Description Shell Command Remarks Password Sets a password used for ssh login to the The password is used for setarchiving archive host. the ssh login. Host public Sets a public key used in server authentication •...
Page 172
Specifying a Host Name, Directory Name, Login User Name and Password for the Target of Log Archiving, and Enabling or Disabling the Log Archiving Command operation ■ 1. Use the showarchiving(8) command to display log archiving settings. <Example> No values have been set for the settings XSCF>...
Page 173
4. Use the showarchiving(8) command to confirm the settings. XSCF> showarchiving *** Archiving Configuration *** Archiving state ---------- Enabled Archive host ------------- example.com Archive directory -------- /var/logs/xx User name for ssh login -- foo Specifying the Host Public Key for the Archive Host Command operation ■...
Page 174
Setting Capacity Limits for the Log Archiving Function Command operation ■ 1. Use the showarchiving(8) command to display the amount of space used for log archiving. XSCF> showarchiving -v *** Archiving Configuration *** Archiving state ---------- Enabled Archive host ------------- example.com Archive directory -------- /var/logs/this-xscf/xx User name for ssh login -- foo Archive host public key -- Server authentication disabled...
Displaying Log Archiving Error Information Command operation ■ ● Use the showarchiving(8) command to display details of log archiving errors. <Example 1> Three errors occurred XSCF> showarchiving -e 2004/06/17 01:12:12 - Failed to connect to the archive host. - Output from ssh: "ssh: foo.bar: host not responding" 2004/06/19 22:15:46 - Failed to create a file on the archive host.
Page 176
SNMP Administration Terms (Continued) TABLE 2-20 Term Description VACM Abbreviation for View-based Access Control Model. This view-based access control model is defined by SNMPv3. Group Users belonging to a VACM model. The group is defined in the access privilege of every user in the group.
SNMP Administration (Continued) TABLE 2-21 Item Description Shell Command Remarks SNMPv1/ Enables/disables SNMPv1 and SNMPv2c The community string setsnmp SNMPv2c communication. used to enable communication SNMPv1/SNMPv2c is Read-Only. SNMPv3 trap Makes the following SNMPv3 trap settings: • Must start with 0x, but setsnmp also consist of an even •...
Page 178
SNMP Administration (Continued) TABLE 2-21 Item Description Shell Command Remarks Sets USM management information for the • SNMPv3 settings. setsnmpusm management following for the SNMP agent: • Specify the password information • Specifying a user authentication algorithm over 8 characters. •...
Page 179
Setting the SNMP Agent’s System Management Information and Enabling/Disabling the SNMP Agent Command operation ■ 1. Use the showsnmp(8) command to display the SNMP settings. <Example> Display of the status when no management information has been set XSCF> showsnmp Agent Status: Disabled Agent port: System Location:...
Setting SNMPv3 Trap Command operation ■ 1. Use the showsnmp(8) command to display SNMP settings. <Example> Display of the status when settings have been made for SNMPv1 and SNMPv2c XSCF> showsnmp Agent Status: Enabled Agent Port: System Location: MainTower21F System Contact: foo@example.com System Description: DataBaseServer Trap Hosts:...
Page 181
3. Confirm the SNMPv3 trap settings. XSCF> showsnmp Agent Status: Enabled Agent Port: System Location: MainTower21F System Contact: musha@jp.fujitsu.com System Description: DataBaseServer Trap Hosts: Hostname Port Type Community String Username Auth Protocol -------- ---- ---- ---------------- -------- ------------- host3 yyyyy...
Page 182
Enabling/Disabling the SNMPv1 and SNMPv2c Communication Command operation ■ 1. Use the showsnmp(8) command to display SNMP settings. XSCF> showsnmp 2. Use the setsnmp(8) command to enable the SNMPv2c agent. <Example 1> Enable SNMPv1 and SNMPv2c XSCF> setsnmp enablev1v2c public <Example 2>...
Page 183
Disabling Traps to the Target Host of SNMPv1/SNMPv2c Command operation ■ 1. Use the showsnmp(8) command to display SNMP settings. XSCF> showsnmp 2. Use the setsnmp(8) command to disable the trap destination host of the SNMPv1 or SNMPv2c target. <Example> Disables trap host for SNMPv2c type. XSCF>...
Page 184
5. Confirm the SNMP settings. XSCF> showsnmp Note – When you changed the SNMP settings back to the default, if the Sun Management Center (Sun MC) is being used, the SNMP agent information for Sun MC is also cleared. To set the SNMP agent information for Sun MC again, execute the setsunmc(8) command with the -s option.
Page 185
3. Use the showsnmpusm(8) command to display USM management information. XSCF> showsnmpusm Username Auth Protocol -------------- ------------------ yyyyy user2 Creating a User Account in an Access Control Group, Deleting a User Account From an Access Control Group, Creating and Deleting MIB Access Control Views, Providing an MIB Access Control View to a Group, and Deleting a Group From All MIB Access Control Views, All of Which is VACM Management Information...
2. Use the setsnmpvacm(8) command to set VACM management information. <Example 1> Add a user to an access control group xxxxx. XSCF> setsnmpvacm creategroup -u yyyyy xxxxx <Example 2> Delete a user from an access control group xxxxx. XSCF> setsnmpvacm deletegroup -u yyyyy xxxxx <Example 3>...
Page 187
lists the settings and the corresponding shell commands. TABLE 2-22 Mail Administration TABLE 2-22 Shell Item Description Command Remarks Display SMTP Displays SMTP server setting showsmtp server settings information. SMTP server Sets the host name or IP address of the No default value has been setsmtp SMTP server.
Specifying the Host Name, Port Number, and Reply Address of the SMTP Server Command operation ■ 1. Use the showsmtp(8) command to display SMTP server setting information. XSCF> showsmtp Mail Server: Port: 25 Authentication Mechanism: none Reply address: 2. Use the setsmtp(8) command to set SMTP server setting information. <Example 1>...
Enabling or Disabling the Mail Report Function and Specifying the Recipient Address Used for Notification Command operation ■ Specifying the Host Name, Port Number, 1. Set the SMTP server as described in and Reply Address of the SMTP Server. Use the showemailreport(8) command to display mail report setting information.
Page 190
In the M3000 server, you cannot perform the operations such as setting the domain configuration, or adding or deleting the system board. Domain has been configured by default and cannot be changed. However, you can set the configuration policy and display the domain information. For an overview of the domain and the system board, see the Overview Guide for your server.
Domain Configuration Terms (Continued) TABLE 2-23 Term Description Domain Divides hardware resources in this system into independent software-based units. Configuration Partitioning is performed with XSCF as follows: 1. XSBs are defined with each consisting of a CMU or MBU and an I/O unit divided by software.
Page 192
Domain Configuration Terms (Continued) TABLE 2-23 Term Description XSB status The power status and the diagnostic, assignment, and integration conditions of a system board belonging to a domain are displayed for each XSB. The progress of changes in conditions can be found by switching the domain configuration. The XSB status information can be referred to with showdcl(8) and showboards(8).
Page 193
Number of Domains and XSBs for Each System TABLE 2-24 Range of Domain Maximum Number of System XSBs Memory Mirror (Note) Entry-level systems The system containing Not available 1 CPU chip. (M3000 server) Midrange systems The system containing 0 - 1 4 (1 x 4) Enabled for both up to 4 CPU chips.
Page 194
If a PSB has one XSB number, the Uni-XSB configuration is assumed; and if it has four XSB numbers, the Quad-XSB configuration is assumed. PSB, XSB, and LSB Numbers to be Assigned (Decimal) TABLE 2-25 XSB Number XSB Number (Quad-XSB) PSB Number (Note) (Uni-XSB) (Note) (Note)
Page 195
DCL Information (Continued) TABLE 2-26 DCL Item Setting Details and Notes Floating Board True : Selects a Floating Board. False : Does not select a Floating Board (default). Configuration policy FRU : Removal in units of Field Replaceable Unit (FRU) components. (Default) XSB : Removal in XSB units System : Hardware is degraded in units of domains or the relevant domain is stopped without degradation.
Page 196
XSB Status Information TABLE 2-27 Item Explanation XSB number XSB number. Domain ID. LSB number that is used for domain. assignment Status of pre-arranged registration in a domain (Assignment) unavailable: ..The XSB is in the system board pool (not assigned to a domain) and its status is one of the following: not-yet diagnosed, under diagnosis, or diagnosis error.
Page 197
XSB Status Information (Continued) TABLE 2-27 Item Explanation fault_code Indicates that state of a degradation in the XSB. (Fault) Normal: ..Normal. Degraded: ..A component is to be removed. Faulted: ..Error found in initial diagnosis. Reservation Displays the reservation status of XSB. If * mark is displayed in the XSB, DR processing is reserved.
Page 198
Domain Hardware and Software Configurations lists the hardware resources that configure a domain. XSCF manages the FIGURE 2-2 hardware configuration of each domain in the server. The CPU and the memory (DIMM) are installed in a CMU or MBU. The domain uses CPU, memory, and I/O device logically divided as one system board.
Page 200
show XSB hardware configuration diagrams in the FIGURE 2-4 FIGURE 2-5 midrange servers. The number of hardware resources depends on whether the PSB type is a Uni-XSB or Quad-XSB. are examples when two FIGURE 2-4 FIGURE 2-5 CMUs are mounted on the MBU. XSB Configuration Diagram (Uni-XSB) (In the Midrange Servers) FIGURE 2-4 When PSB#n is Uni-XSB type...
Page 201
XSB Configuration Diagram (Quad-XSB) (In the Midrange Servers) FIGURE 2-5 When PSB#n is Quad-XSB type Memory I/O device XSB#00-0 Memory XSB#00-1 I/O device Memory XSB#00-2 Memory XSB#00-3 Memory XSB#01-0 I/O device Memory XSB#01-1 I/O device Memory XSB#01-2 Memory XSB#01-3 2-158 SPARC Enterprise Mx000 Servers XSCF User’s Guide •...
Page 202
show XSB hardware configuration diagrams in the FIGURE 2-6 FIGURE 2-7 high-end servers. The number of hardware resources depends on whether the PSB type is a Uni-XSB or Quad-XSB. shows Uni- XSB hardware configuration diagrams in high-end servers. FIGURE 2-6 XSB Configuration Diagram (Uni-XSB) (In the High-End Servers) FIGURE 2-6 When PSB#n is Uni-XSB type...
Page 203
shows Quad-XSB hardware configuration diagrams in high-end servers. FIGURE 2-7 XSB Configuration Diagram (Quad-XSB) (In the High-End Servers) FIGURE 2-7 When PSB#n is Quad-XSB type CMU#n IOU#n XSB#xx-0 Memory I/O device XSB#xx-1 Memory I/O device XSB#xx-2 Memory I/O device XSB#xx-3 Memory I/O device 2-160...
Page 204
shows Uni-XSB hardware configuration diagrams in an entry-level server. FIGURE 2-8 The PSB type is fixed to Uni-XSB. In the entry-level server, the number of domains is one, and the domain fully uses the resources in the PSB XSB Configuration Diagram (Uni-XSB) (In the Entry-Level Server) FIGURE 2-8 Domain Configuration Procedure and Reference Sources The steps from making domain configuration settings to activating a domain are...
Page 205
Note – For the procedure for installing, removing, or replacing a system board in the server, see the Service Manual for your server. Also, for details on using the DR function, see the Dynamic Reconfiguration User’s Guide. Note – For an overview of configuring domains, including an extensive example, refer to the Administration Guide.
Page 206
Domain Configuration (Continued) TABLE 2-28 Item Description Shell command Remarks Delete from Deletes an XSB from a domain. • The XSB is placed in deleteboard domain the assigned state Specify the following: when "disconnect" is • Number of the deleted XSB performed.
Page 207
Displaying the XSB Status By referring to the XSB status of a domain, the user obtains information about an XSB, such as whether its has been assigned and whether it has been recognized by the Oracle Solaris OS. Such information also includes the current process and state of the XSB and whether it was added or deleted successfully.
Page 208
Displaying or Specifying DCL Information Command operation ■ 1. Use the showdcl(8) command to display DCL information. <Example> Display DCL information on domain ID 2. XSCF> showdcl -v -d 2 Status No-Mem No-IO Float Cfg-policy Powered Off System 00-0 False False False 2.
Page 209
3. Use the showdcl(8) command to display DCL information. XSCF> showdcl -va System No-Mem No-IO Float Cfg-policy Powered Off System 00-0 False False False 01-0 False False False 01-1 False False False 01-2 False False False 01-3 False False False 2-166 SPARC Enterprise Mx000 Servers XSCF User’s Guide •...
Page 210
Assigning or Configuring a System Board to a Domain Command operation ■ 1. After the DCL information, use the showfru(8), showdcl(8) commands to display XSB status information. XSCF> showfru –a sb Device Location XSB Mode Memory Mirror Mode Quad XSCF> XSCF>...
Page 211
3. Use the addboard(8) command to add an XSB and use the showboards(8) command to confirm the XSB status. <Example> Assign XSB#00-0, XSB#01-0, XSB#01-1, XSB#01-2, XSB#01-3 to domain ID 2. XSCF> addboard -c assign -d 2 00-0 01-0 01-1 01-2 01-3 XSB#00-0 will be assigned to DomainID 2.
Page 212
6. Use the showboards(8) command to confirm the XSB status. (See TABLE 2-27 XSCF> showboards –va R DID(LSB) Assignment Conn Conf Test Fault ---- - -------- ----------- ---- ---- ---- ------- -------- ---- 00-0 02(00) Assigned Passed Normal 01-0 02(07) Assigned Passed Normal...
Page 213
Deleting a System Board From a Domain Command operation ■ 1. Use the showdevices(8) command to display the usage of XSB resources. <Example> Display usage of XSB resources of domain ID 2. XSCF> showdevices -d 2 CPU: ---- DID XSB state speed ecache...
Page 214
2. Use the showboards(8) command to display XSB status information. XSCF> showboards –va R DID(LSB) Assignment Conn Conf Test Fault ---- - -------- ----------- ---- ---- ---- ------- -------- ---- 00-0 02(00) Assigned Passed Normal 01-0 02(07) Assigned Passed Normal 01-1 02(08) Assigned...
Page 215
Note – When you delete the system board, please confirm the domain status, the system board status, the device usage status on the system board, and also the processes usage that are bound to the CPU or are accessing I/O devices. Then confirm whether you should be able to delete the system board.
Page 216
3. Use the showdcl(8) command to confirm the DCL information. XSCF> showdcl –a Status Powered Off 00-0 01-1 01-2 01-3 ------------------------------------------ Powered Off 00-0 01-0 01-1 01-2 01-3 4. Use the showboards(8) command to display XSB status information. XSCF> showboards –va R DID(LSB) Assignment Conn Conf Test Fault...
Page 217
6. Use the showboards(8) command to display the XSB status again. XSCF> showboards –va R DID(LSB) Assignment Conn Conf Test Fault ---- - -------- ----------- ---- ---- ---- ------- -------- ---- 00-0 02(00) Assigned Passed Normal 01-0 01(00) Assigned Passed Normal 01-1 Available...
2.2.14 System Board Configuration System board configuration settings are used to specify XSB division information for a PSB and configure the memory mirror mode. System board configuration is a function which is available on the M4000/M5000/M8000/M9000 servers. In the M3000 server, the system board has been configured by default and you cannot change the settings.
System Board Configuration (Continued) TABLE 2-30 Item Description Shell Command Remarks Delete device The device, such as a system board, is deleted. (Note 2) deletefru Replace device The device, such as a system board, is replaced. (Note 2) replacefru Diagnosis Diagnose the system board.
3. Use the showfru(8) command to display information on dividing a PSB into XSBs. XSCF> showfru –a sb Device Location XSB Mode Memory Mirror Mode Quad Setting the Memory Mirror Mode for a PSB Command operation ■ 1. Use the showfru(8) command to display PSB memory mirror mode information.
4. Use the testsb(8) command to check the PSB, then check the results by using the showboards(8) command. XSCF> testsb 0 Initial diagnosis is about to start. Continue? [y|n] : y Initial diagnosis is executing. Initial diagnosis has completed. Test Fault ---- ------- -------- 00-0 Passed...
lists terms used in domain mode configuration. TABLE 2-31 Domain Mode Configuration Terms TABLE 2-31 Term Description Initial hardware Sets a POST diagnostic level. diagnostic level The following levels can be set: • Maximum • Standard • None Host watchdog Based on communication between XSCF and a domain, the host watchdog function checks whether the domain is alive (heart beat or alive check).
Page 223
lists setting items and the corresponding shell commands. TABLE 2-32 Domain Mode Configuration TABLE 2-32 Item Description Shell command Remarks Display Displays domain host ID, ethernet address (mac showdomainmode domain mode address), and domain mode setting information setting on the specified domain. information Initial Sets the initial hardware diagnostic level for the...
Note – The display for domain ethernet address (mac address) by the showdomainmode(8) command is supported only on M3000/M4000/M5000/M8000/M9000 servers that run certain versions of XCP firmware (beginning with XCP 1082). The Status of the Mode Switch on Oracle Solaris OS When you execute the prtdiag(1M) command on Oracle Solaris OS, either "LOCK"...
Page 225
Note – Supported firmware releases and Oracle Solaris releases vary based on processor type. For details, see the Product Notes that apply to the XCP release running on your server and the latest version of the Product Notes (no earlier than XCP version 1100).
Page 226
SPARC64 VI Compatible Mode (for M4000/M5000/M8000/M9000 servers only) ■ All processors in the domain behave like and are treated by the Oracle Solaris OS as SPARC64 VI processors. The extended capabilities of SPARC64 VII+ and SPARC64 VII processors are not available in this mode. Domains 1 and 2 in correspond to this mode.
Page 227
DR operations work normally on M4000/M5000/M8000/M9000 server domains running in SPARC64 VI Compatible Mode. You can use DR to add, delete or move boards with any of the processor types, which are all treated as if they are SPARC64 VI processors. The M3000 servers do not support DR operations. DR also operates normally on domains running in SPARC64 VII Enhanced Mode, with one exception: You cannot use DR to add or move into the domain a system board that contains any SPARC64 VI processors.
Page 228
Changing the Initial Hardware Diagnostic Level Command operation ■ 1. Use the showdomainmode(8) command to display the initial hardware diagnostic level. <Example> Display the initial hardware diagnostic levels of domain ID 0. XSCF> showdomainmode -d 0 -v Host-ID :0f010f10 Diagnostic Level :min Secure Mode :off...
Page 229
2. Use the setdomainmode(8) command to change the initial hardware diagnostic level. <Example> Specify the maximum initial hardware diagnostic level for domain ID 0. XSCF> setdomainmode -d 0 -m diag=max Diagnostic Level :min -> max Secure Mode :off -> - Autoboot ->...
Page 230
2. Use the setdomainmode(8) command to specify host watchdog and break signal suppression. <Example> Enable Host watchdog and Break signal suppression for domain ID 0. XSCF> setdomainmode -d 0 -m secure=on Diagnostic Level :max -> - Secure Mode :off -> on Autoboot ->...
Page 231
2. Use the setdomainmode(8) command to disable automatic boot. <Example> Disable automatic boot for domain ID 0. XSCF> setdomainmode -d 0 -m autoboot=off Diagnostic Level :max -> - Secure Mode -> - Autoboot -> off CPU Mode :auto -> - The specified modes will be changed.
Page 232
3. Use the setdomainmode(8) command to set the CPU operational mode. <Example> Specify SPARC64 VI compatible mode for CPU operational mode of domain ID 0. XSCF> setdomainmode -d 0 -m cpumode=compatible Diagnostic Level :max -> - Secure Mode -> - Autoboot ->...
2.2.16 Locale Administration Locale administration is used to set the XSCF Shell default locale. lists setting items and the corresponding shell commands. TABLE 2-35 Locale Administration TABLE 2-35 Item Description Shell Command Remarks Display locale Displays the locale of XSCF Shell. showlocale Locale Specify the following a default locale:...
2.2.17 Altitude Administration This section explains the altitude settings. The server changes the system monitoring due to the altitude of the server. Therefore, the operator must set the altitude during the initial system setting. This setting is done by FEs. With the altitude setting, the fan speed level varies by the environmental temperature.
2.2.18 DVD Drive/Tape Drive Unit Administration DVD drive/tape drive unit configuration is used to specify a DVD drive unit and tape drive unit by specifying a PCI card port that can connect to the DVD/tape drive. Note – A DVD drive unit and tape drive unit needs to be specified only for M8000/M9000 servers.
Page 236
lists the settings and the corresponding shell commands. TABLE 2-38 DVD Drive/Tape Drive Unit Configuration TABLE 2-38 Item Description Shell Command Remarks Display DVD Displays the DVD drive/tape drive unit setting cfgdevice drive/tape information for an IOUA port. drive unit setting information Sets the target IOUA port for connecting or...
Page 237
Changing the DVD Drive/Tape Drive Unit Settings Command operation ■ 1. Use the cfgdevice(8) command to display DVD drive/tape drive unit settings. <Example> Display DVD drive/tape drive unit setting information. XSCF> cfgdevice -l Current connection for DVD/DAT: Main chassis: port 0-2 Expansion chassis: port 8-0 Expander status Port No.
Save and Restore XSCF Configuration Information To save/restore the XSCF configuration information, execute the dumpconfig(8) and the restoreconfig(8) command in the XSCF Shell. When the command is executed with some options, all XSCF configuration information is saved at the specified location and is restored from the specified location. Note –...
Page 239
The dumpconfig(8) command can encrypt saved data by specifying an option. ■ You can safely restore the encrypted data by performing the restoreconfig(8) command, then input the specified key when saving. The head of the saved configuration file contains the following identification data. ■...
Page 240
Saving the Configuration Information to a Specified Target Directory Over a Network Command operation ■ 1. Perform the dumpconfig(8) command specifying the target directory. XSCF> dumpconfig ftp://server/backup/backup-sca-ff2-16.txt 2. When the data transfer is complete, confirm the identification data in the head of the saved configuration file.
Page 241
3. Perform the restoreconfig(8) command and specify the local USB device on the XSCF Unit for the input file. XSCF> restoreconfig file:///media/usb_msd/backup-file.txt Configuration backup created on Tue Jul 19 17:04:48 2011 *** You will need to power-cycle the entire system after this operation is completed *** Do you want to restore this configuration to your system? [y|n]: 4.
Page 242
3. The message includes the identification data. Verify that the correct desired configuration file was selected and answer yes to continue. 4. The XSCF will be reset. After about 10 minutes, the data is restored and the XSCF halts. Note – If a serial terminal is connected to the XSCF Unit, you should see the message, "XSCF BOOT STOP (recover by NFB-OFF/ON)".
C H A P T E R Connecting to the XSCF and the Server This chapter describes how to connect consoles and terminals to XSCF in order to use the software, and how to connect to the server. Connect Terminals to the XSCF XSCF monitors and controls the server.
3.1.1 Terminal Operating Modes for Connection to XSCF shows the terminal operating modes for connecting to XSCF. FIGURE 3-1 Operating Modes for Connection to XSCF (In Midrange Servers) FIGURE 3-1 SSH/telnet/ SSH/telnet/ https https connection connection Terminal Terminal Mail Router notification XSCF-LAN Server...
3.1.2 Port and Terminal Types Connected to the XSCF As shown in , two types of ports, serial and Ethernet, can be used for FIGURE 3-1 connecting to the XSCF and the XSCF terminal. Serial The XSCF Shell and domain console (OS console) can be used while a terminal is connected to a serial port.
Page 246
lists the types of terminals connected to each port shown in TABLE 3-1 FIGURE 3-1 corresponding port numbers. Types of Terminals Connected With XSCF TABLE 3-1 Port Terminal Type Port Number, Cable XSCF-LAN port XSCF Shell terminal SSH: 22 (2 ports per XSCF •...
Types of Terminals Connected With XSCF (Continued) TABLE 3-1 Port Terminal Type Port Number, Cable Serial port XSCF Shell terminal A RS-232C serial crosscable is (One per XSCF Unit) • The XSCF Shell can be used immediately following connection required. to a serial port.
Page 248
XSCF-LAN Port Numbers and Connection Directions for Functions TABLE 3-2 Port Number / Protocol Function Connection Direction 22/TCP XSCF Shell (SSH) External network -> XSCF 22/TCP Log archiving, firmware update and data collector XSCF -> External network (snapshot) 23/TCP XSCF Shell (telnet) External network ->...
3.1.4 Connecting to XSCF via the Serial Port The following is the procedure for connecting to a terminal to XSCF via the serial port. 1. Confirm that a serial cable is inserted into the serial connector on the front of the XSCF Unit, and confirm that the PC and workstation to be used are correctly connected.
3. On the PC or workstation to be used, use one of the following procedures: Connecting the XSCF Shell terminal ■ a. Establish a connection via the serial port to use the XSCF Shell terminal. b. Enter a user account and password to login to the XSCF Shell. c.
Note – To start up the SSH client, see your SSH manual. For details on login, see Chapter Connecting the domain console (OS console) ■ a. If the domain is powered off, use the poweron(8) command for the domain on the XSCF Shell terminal and turn it on to start the Oracle Solaris OS. Step a Step c “Connecting the XSCF Shell...
Example of Starting the Terminal Emulator FIGURE 3-3 a. To establish a telnet connection, activate the terminal emulator and specify the IP address of XSCF and port number 23. In the systems with redundant XSCF Units, specify the IP address of active XSCF. b.
1. Perform the console(8) command on the XSCF Shell terminal screen to select the domain console. XSCF> console -d 0 Note – One RW console can be connected in one domain. If a user with platadm or domainadm user privilege forcibly connects a RW console, the currently connected RW console is disconnected.
3.2.1 Connecting XSCF via the XSCF-LAN Port Or the Serial Port XSCF Connection via an XSCF-LAN Port (Recommended) Establish an XSCF connection via a XSCF-LAN port. The Ethernet connection used for XSCF connection is shown in . The XSCF connection to the LAN FIGURE 3-1 utilizes the functions listed below.
Page 255
shows the intranet connection. FIGURE 3-4 Intranet Connection (In a High-End Server) FIGURE 3-4 SSH/telnet/ https SSH/telnet/ connection https connection Terminal Terminal Mail Router Notification XSCF-LAN port Basic cabinet DomainID m XSCFU Intranet DomainID n User DomainID x XSCFU DomainID y User Serial port When you use the XSCF Shell, you can have high security by using SSH not telnet.
Page 256
shows the connection via an external network. FIGURE 3-5 Connection of External Internet Using VPN Communication (In High-End FIGURE 3-5 Server) SSH/telnet/ SSH/telnet/ https https connection Internet connection Terminal Terminal Mail Router Router Notification VPN communication XSCF-LAN port Basic cabinet DomainID m XSCFU DomainID n...
XSCF Connection via a Serial Port Establish an XSCF connection via a serial port. Connect the serial port as shown in . An XSCF connection via the serial port has the following functions and FIGURE 3-1 advantages: XSCF Shell ■ Advantageous when connection to the LAN is not desirable for reasons of ■...
Page 258
In the example of the configuration shown in , if errors occur in either of FIGURE 3-6 the two LAN ports and its switch hub, its LAN is replaced by the other LAN. Moreover, if an error occurs in the switch hub, the other LAN can be relied on for notification.
Page 259
Example of LAN Port Connections Made Redundant FIGURE 3-6 Fire Wall Remote Services Basic cabinet DomainID m Maintenance port XSCFU DomainID n User DomainID x XSCFU DomainID y Fire Wall System User administration port Serial Direct attach port Serial for initial setup maintenance Port from XSCFU#0 Port from XSCFU#1...
Page 260
Example of LAN Port Connections Not Made Redundant FIGURE 3-7 Fire Wall Remote Services Basic cabinet DomainID m Maintenance port XSCFU DomainID n User DomainID x XSCFU DomainID y System administration port User Serial Direct attach port Serial for initial setup maintenance Port from XSCFU#0 Port from XSCFU#1...
Page 261
Example of a Connection With One LAN Port FIGURE 3-8 Fire Wall Basic cabinet Remote Services DomainID m Maintenance port XSCFU DomainID n User DomainID x XSCFU DomainID y Direct attach port for initial setup User maintenance Serial Serial Port from XSCFU#0 Port from XSCFU#1 (System with redundant XSCFU only) Chapter 3...
C H A P T E R Operation of the Server This chapter mainly describes operation of the server hardware. Display Server Hardware Environment This section describes methods for checking the configuration and status of the server hardware during system configuration or operation. To display the configuration and status of a server, use the XSCF Shell.
4.1.1 Displaying System Information Command operation ■ 1. Use the showhardconf(8) command to check the mode switch status. XSCF> showhardconf SPARC Enterprise xxxx; + Serial:PP20605005; Operator_Panel_Switch:Locked; + Power_Supply_System:Single; SCF-ID:XSCF#0; + System_Power:On; System_Phase:Cabinet Power On; Domain#0 Domain_Status:Powered Off; MBU_B Status:Normal; Ver:0101h; Serial:7867000282 2.
Page 264
4. Use the showstatus(8) command to display information on degraded components in the system. XSCF> showstatus BP_A Status:Degraded; DDC_A#0 Status:Faulted; PSU#0 Status:Faulted; (This screenshot is provided as an example.) 5. Use the showenvironment(8) command to display the ambient temperature, humidity, and voltage of the system. XSCF>...
Page 265
The M8000/M9000 servers do not indicate Middle speed. The M3000 server indicates multi levels. In case errors detected in the fan, Full or High speed will be indicated. list the fan speed level indicated by using the TABLE 4-1 TABLE 4-2 TABLE 4-3 showenvironment(8) command, which corresponding to the altitude configured and the environmental temperature.
Page 266
Power consumption and Exhaust air To display power consumption and exhaust air of a server, use the power consumption monitoring function and the airflow indicator. Power consumption monitoring function and airflow indicator make it possible to routinely confirm the amount of power consumed on and airflow emitted while the server is up and running.
The showenvironment power and showenvironment air commands do not include the information of External I/O Expansion Unit and peripheral I/O device. Also, the M4000/M5000/M8000/M9000 servers do not indicate power consumption by showenvironment command. For a power consumption value of the M4000/M5000/M8000/M9000 servers, see the SPARC Enterprise M4000/M5000 Servers Site Planning Guide or the SPARC Enterprise M8000/M9000 Servers Site Planning Guide.
Page 268
CPU/Memory board unit / Motherboard unit information ■ Unit number, status, version, serial number, FRU number, memory capacity, and type. In the M3000 server, the displayed information is CPU status, CPU operating frequency, CPU type, number of CPU cores, and number of CPU strands.
Page 269
The displayed information on each I/O boat includes the unit number, serial number, and link information. The displayed link information includes the version, serial number, and type. The displayed information on each power supply unit includes the unit number and serial number. XSCF Unit information ■...
Note – 8GB DIMM is supported in XCP1081 or later. "Type" in the CPU/Memory board unit information is supported in XCP1090 or later on M8000/M9000 servers. "Type" in the Motherboard unit information is supported in XCP1100 or later on M4000/M5000 servers. "Type"...
4.2.1 Domain Information Command operation ■ 1. Use the showdcl(8) command to check the domain ID, LSB number, configuration policy, No memory state (true/false), No IO state (true/false), floating board state, and degradation information. <Example 1> In the SPARC Enterprise M4000/M5000/M8000/M9000 servers XSCF>...
■ deleteboard moveboard ■ For details on adding or changing a domain, see Chapter 2 of the XSCF Reference Manual or the Administration Guide. For details on using the DR function to change the domain configuration, see the Dynamic Reconfiguration User’s Guide. Server and Domain Power Operations This section describes power operations for servers and domains, and it explains how to display the power status of a server or domain.
Domain reset ■ Sending break signal to a domain ■ Air-conditioning wait time administration ■ Warm-up time administration ■ Dual power feed ■ 4.4.1 System Power On Command operation ■ 1. Use the showlogs power command to check the status of system power off. The System Power Off status means one of the following.
3. Use the showlogs power command to check the system power on. XSCF> showlogs power Feb 26 14:12:19 JST 2010 System Power On Operator Service Note – Use the showdomainstatus(8) command to check the power status of the domain. 4.4.2 System Power Off Command operation ■...
Note – Only the domains that are able to be powered off are displayed. Note – If the poweroff(8) command is performed, and the shutdown has completed, then the domain is powered off. 4. Use the showlogs power command to check the system power off. XSCF>...
4.4.4 Domain Power Off Command operation ■ 1. Use the showdomainstatus(8) command to check the power status of all domains. XSCF> showdomainstatus -a Domain Status Running Running Running Powered Off 2. Use the poweroff(8) command to turn off power to the specified domain. <Example 1>...
Note – If the poweroff(8) command is performed, and the shutdown has completed, then the domain is powered off. Caution – IMPORTANT - See the following paragraphs for important information about the domain power-off procedure. When Oracle Solaris OS of the domain is being booted, the power cannot be ■...
Page 279
<Example> Issue a panic instruction to the specified domain. XSCF> reset -d 0 panic DomainID to panic:00 Continue? [y|n] :y 00 :Panicked *Note* This command only issues the instruction to reset. The result of the instruction can be checked by the "showlogs power".
4.4.6 Domain Reset Command operation ■ 1. Use the showdomainstatus(8) command to check the power status of the domain. XSCF> showdomainstatus -a Domain Status Running Running Running Running 2. Use the reset(8) command to issue a reset instruction to the specified domain. <Example 1>...
3. Use the showdomainstatus(8) command to check the power status of the domain specified to be reset. XSCF> showdomainstatus -a Domain Status Booting/OpenBoot PROM prompt Running Running Running Note – When the mode switch on the operator panel is set to "Service" or auto boot is disabled by the setdomainmode(8) command, automatic boot of the Oracle Solaris OS after the reset instruction is suppressed.
3. Confirm ok prompt on the specified domain console. Note – To send the break signal to the domain, the domain mode setting is required. When the mode switch on the operator panel is set to Service, the automatic boot and host watchdog functions are suppressed and the break signal is received, regardless of the domain mode settings.
4.4.9 Warm-Up Time Administration The warm-up time is intended to prevent the power supply unit and the fan from running until the power supply environments of peripheral units are prepared after the server starts the power-on processing. Once the warm-up time is set, the OpenBoot PROM will start after the server power supply is turned on, the power-on processing starts, and the set warm-up time elapses.
Caution – IMPORTANT - When the power is turned on from the operator panel, the air-conditioning time and warm-up time that you set are ignored. If you have set these times and wish to observe them at startup, perform the poweron(8) command. 4.4.10 Shutdown Wait Time Administration The shutdown wait time administration is a setting to delay the shutdown start by...
Page 285
Command operation ■ 1. Use the showdualpowerfeed(8) command to display the current setting status of the dual power feed. XSCF> showdualpowerfeed Dual power feed is disabled. 2. Use the setdualpowerfeed(8) command to enable or disable the dual power feed of this system. <Example 1>...
Identifying the Location of the System When more than one same type of system is installed in the same area, it may be difficult to locate the target system. You can easily find target machine, even when it does not have any faulty components, by using the XSCF Shell showlocator(8) command and looking for the blinking the CHECK LED on the operator panel.
Command operation ■ ● Use the showstatus(8) command to display the unit status. An asterisk (*) is attached to a unit in abnormal status. <Example 1> The memory board and memory on the motherboard unit (MBU) are degraded due to failure. XSCF>...
Changing the Time The time of the server is based on the XSCF time. Time can be displayed or set to local time or UTC. For details on displaying or setting the system time, see Chapter Switching the XSCF Unit In some cases, such as when an error occurs in the LAN route of the XSCF Unit on the active side in a system in which the XSCF Unit is redundantly configured, it may be necessary to switch the active side over to the standby side.
Caution – IMPORTANT - An XSCF reset or failover might prevet the above setting operation from completing. If a reset or failover occurs during the operation, log in to the active XSCF to determine if the operation succeeded. If not, try it again. For details on DR, see the Dynamic Reconfiguration User’s Guide.
Page 290
lists setting items and the corresponding shell commands. TABLE 4-5 External Administration I/O Expansion Unit TABLE 4-5 Item Description Shell Command Remarks Display list Displays a list of External I/O Expansion External I/O Expansion ioxadm Units and cards in the host slot is identified by Unit numbers are set in two the host_path to the card.
Page 291
External Administration (Continued) I/O Expansion Unit TABLE 4-5 Item Description Shell Command Remarks Display/set Displays and sets the locator LED state for Only one locator LED can ioxadm locator LED individual components in the specified be enabled or disabled at a (Note 2) External I/O Expansion Unit.
Page 292
Displaying a List of External I/O Expansion Units, I/O Boards, Link Cards, and Power Supply Units or Displaying Their Environment Information Command operation ■ ● Use the ioxadm(8) command to display a list of External I/O Expansion Units and downlink card paths and to display information for each component. <Example 1>...
Page 293
Displaying and Setting the Locator LED State of Each Specified Component in an External I/O Expansion Unit Command operation ■ ● Use the ioxadm(8) command to display or set the locator LED state of the specified component. <Example 1> Display the locator LED states of an External I/O Expansion Unit and components.
Displaying and Clearing the Card with ESM Command operation ■ ● Use the ioxadm(8) command to display and clear runtime of the card with ESM. <Example 1> Display runtime of card with ESM using verbose output. XSCF> ioxadm -v lifetime IOU#0-PCI#1 Total Time On (% of life) Warning Time...
Page 295
2. Log in the XSCF Unit. 3. Use the restoredefaults(8) command to initialize the server (operator panel and XSCF Unit) or the XSCF Unit. For specifying an option in the restoredefaults(8) command, see the XSCF Reference Manual. Note – For this command support information, see the Product Notes for your server.
C H A P T E R Overview of the XSCF Shell This chapter describes how to use the XSCF Shell. The chapter also describes how to use commands and log in with an XSCF user account. It also explains command errors.
Page 297
auditop: The user can refer to the audit method of the XSCF and the audit ■ records. auditadm: The user can control the audit to the XSCF. ■ fieldeng: The user can perform the commands for FEs. ■ outlines the XSCF Shell commands. For details on each command and user TABLE 5-1 privileges, see the man page or the XSCF Reference Manual.
Page 298
XSCF Commands (Continued) TABLE 5-1 Command Description Checks the response for a host. ping Displays the network path to the host by list. traceroute Sets the IP packet filtering rules to be used in the XSCF network. setpacketfilters Displays the IP packet filtering rules that are set in the XSCF network. showpacketfilters Specifies the time zone.
Page 299
XSCF Commands (Continued) TABLE 5-1 Command Description Displays LDAP/SSL client settings. showldapssl Configures the https settings. sethttps Displays the https settings. showhttps • Sets up platform-specific settings. setupplatform Note: In the platform-specific settings, the following items can be optionally configured. Each item is the same as the setting of Chapter •...
Page 300
XSCF Commands (Continued) TABLE 5-1 Command Description Specifies the number of XSB partitions of the system board and sets the memory setupfru mirror mode. Displays the specified number of XSB partitions of the system board and the showfru memory mirror mode that is set. Diagnoses the system board.
Page 301
XSCF Commands (Continued) TABLE 5-1 Command Description Displays the temperature, humidity, voltage, fan rotation speed, power showenvironment consumption, and exhaust airflow. Lists degraded components. showstatus Displays all components mounted in the server. showhardconf Turns on power to all domains or the specified domain. poweron Turns off power to all domains or the specified domain.
XSCF Commands (Continued) TABLE 5-1 Command Description Initializes the server or XSCF Unit to the factory shipping state. restoredefaults Saves log information to the specified destination. snapshot Displays the XSCF monitoring messages on console in real time. showmonitorlog Displays an error log, power log, event log, console log, panic log, IPL log, showlogs temperature/humidity log, and monitor message log.
After login, if the shell has not been accessed for a certain period, XSCF ■ automatically terminates the shell. The default timeout period is 10 minutes. The timeout period can be specified. For details on specifying the timeout period, see Chapter In one domain, only one user can use the RW console (write-enabled console).
Page 304
2. From an SSH client, specify the IP address or host name of XSCF and the port number, if necessary (default port number 22), and use SSH connection via XSCF-LAN. 3. Enter a user account and password when prompted by XSCF. 4.
The following is a login example: [foo@phar foo]% ssh june@192.168.0.2 The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established. RSA key fingerprint is 03:4b:b4:b2:3d:4d:0c:24:03:ca:f1:63:f2:a7:f3:35. Are you sure you want to continue connecting ? [yes|no] : yes Warning: Permanently added '192.168.0.2' (RSA) to the list of known hosts. foo@phar's password:xxxxxx XSCF>...
View Server Status and Control Commands This section describes the typical XSCF Shell commands that can be used to display the server status, operate the server, and control the server. For details on the commands, see the man page or the XSCF Reference Manual. For XSCF setup commands, see Chapter showenvironment...
Page 307
fmadm / fmdump / fmstat The server has an architecture that performs fault management (FMA) for CPUs, memory, and the I/O system during Oracle Solaris OS operation. The system administrator can use the fmadm(8) command to display configuration and status information about individual FMA modules that detect faults, perform fault diagnoses, and resolve faults.
Server Configuration Information Commands This section describes the typical XSCF Shell commands used to display configuration information on components in the server, such as the number of CPUs and memory capacity, the XSCF network configuration, the time, and degradation information. showhardconf ■...
showntp / showdate The showntp(8) command displays the NTP server configured with the server and the XSCF's own local clock informations. The showdate(8) command displays the system standard time (XSCF time). The system administrator can use the showdate(8) command to determine the reference time used in the server. showstatus The system administrator can use the showstatus(8) command to list degraded components.
Page 310
console The console(8) command establishes a connection to the domain console. This command supports both interactive and read-only connections. showdcl / setdcl The showdcl(8) command displays the domain configuration information (DCL) specified for individual domains or LSBs that compose a domain, and the setdcl(8) command specifies the configuration.
showdomainmode / setdomainmode In a certain domain, the user may want to suppress the break signal or panic with host watchdog or disable the automatic boot function. The system administrator can use the showdomainmode(8) command to display the related function settings and the setdomainmode(8) command to suppress or disable one of these functions for a domain.
server. The showldapssl(8) and setldapssl(8) commands display and specify LDAP/SSL client settings, which are used when retrieving user informations from an LDAP/SSL server. showaudit / setaudit / viewaudit The showaudit(8) and setaudit(8) commands display and specify information such as which events can be subject for auditing. The system administrator can use the viewaudit(8) command to display audit records (audit trail).
exit The exit(1) command ends the XSCF Shell. version The version(8) command displays the comprehensive firmware version (XCP version, see Note) of the XSCF firmware and POST/OpenBoot PROM firmware. The system administrator can display version information when upgrading firmware. Note – XCP: XSCF Control Package that includes the programs which control the hardware components making up a computer system.
C H A P T E R XSCF Mail Function This chapter describes the XSCF mail function. Overview of XSCF Mail Function The mail report function, used by XSCF firmware to send messages to the administrator, has the following features: Notification by email of faults in system components monitored by the XSCF ■...
Page 316
outlines the XSCF mail function. FIGURE 6-1 XSCF Mail Function FIGURE 6-1 Mail server SMTP server / POP auth SMTP auth server server Authenti Via SMTP sever cation Internet XSCF Parts fault Unauthorized access System Mail terminal XSCF Email Notification Path The email notification path is described below.
Parts Fault Notification XSCF monitors components (such as CPU modules, fan units, CPU/Memory Board unit) in the server. XSCF can notify the system administrator by email of any fault that occurs in these devices. shows mail being sent for parts fault notification to the system FIGURE 6-2 administrator.
Page 318
Reply address (from specification)—(See setsmtp(8)) Recipient address for mail for the system administrator—(See setemailreport(8)) 3. Enable the XSCF mail function. (See setemailreport(8)) 4. Send test mail. Test mail is automatically sent when the work for these mail settings is completed. If the email message sent as test mail is confirmed to have been received by the system administrator, it means that the correct settings have been made.
Contents of Parts Fault Notification This section explains the contents of the email messages sent for parts faults that occur. shows the contents of mail sent for a parts fault that occurred. FIGURE 6-3 Mail Sent for an XSCF Parts Fault That Occurred FIGURE 6-3 Date: Mon, 02 Jun 2003 14:03:16 +0900 From: XSCF <root@host-name.example.com>...
MSG-ID: Message ID. Use the message ID for accessing the specified URL to ■ acquire detailed information on this problem. For the specified URL, see the Web site information about messages described in the Product Notes for your server. For the message ID, the following information can be confirmed at the Web site: Message type (Type) ■...
C H A P T E R XSCF SNMP Agent Function This chapter explains the XSCF SNMP agent function. Overview of the XSCF SNMP Agent XSCF supports the Simple Network Management Protocol (SNMP) agent function.
Page 322
shows an example of a network management environment using SNMP. FIGURE 7-1 Example of a Network Management Environment FIGURE 7-1 SNMP SNMP is a protocol for managing networks. The SNMP manager consolidates management of the operating conditions of terminals and network problems. The SNMP agent responds with management information from the Management Information Base (MIB) to requests from the manager.
MIB Definition File The SNMP agent responds with management information from the MIB information to requests from the manager. Standard MIB XSCF supports MIB-II (supports SNMPv2c and SNMPv3) and MIB-I (supports SNMPv1), which are Internet standards, to manage mainly the following information: Basic XSCF-LAN information (such as, administrator name) ■...
Page 324
The following shows data as an example of MIB management information. scfMachineType OBJECT-TYPE SYNTAX DisplayString ACCESS read-only STATUS mandatory DESCRIPTION "System model name and model type name." ::= { scfInfo 1 } scfNumberOfCpu OBJECT-TYPE SYNTAX INTEGER ACCESS read-only STATUS mandatory DESCRIPTION "Number of CPUs"...
About Trap When an event occurs, the SNMP agent function notifies the SNMP manager of the event. This function is called a Trap (see ). The XSCF Trap covers the FIGURE 7-2 following events: 1. XSCF failover 2. Additions, removals, and replacements of a component such as a system board 3.
Page 326
TRAP agent:10.123.223.18 community:- generic:6 enterprise:enterprises.42.2.195.1.7 specific:1 timestamp:754201501 varbind:(enterprises.42.2.195.1.1.1.2.36.51.101.49.52.53.52.53.50.45.54.53.52. 57.45.52.97.55.101.45.57.97.99.52.45.49.100.55.52.98.101.49.57.53.98.56.52 [2 36 0] 3e145452-6549-4a7e-9ac4- 1d74be195b84)(enterprises.42.2.195.1.1.1.3.36.51.101.49.52.53.52.53.50.45.54.5 3.52.57.45.52.97.55.101.45.57.97.99.52.45.49.100.55.52.98.101.49.57.53.98.56.5 2 [2 11 0] FMD-8000- 11)(enterprises.42.2.195.1.1.1.4.36.51.101.49.52.53.52.53.50.45.54.53.52.57.45 .52.97.55.101.45.57.97.99.52.45.49.100.55.52.98.101.49.57.53.98.56.52 [2 54 0] http://xxxx.com/sparcenterprise/msg/FMD-8000-11) In the example above, the following items are displayed: agent-address: The IP address of the XSCF which sent trap. (TRAP agent) ■...
Page 327
is a conceptual diagram of issuance of a Trap. FIGURE 7-2 Trap Issuance FIGURE 7-2 System XSCF Trap issued XSCF SNMP agent function started System XSCF Unauthorized access to XSCF SNMP agent System SNMP manager XSCF Parts fault System XSCF Faulty part replaced System XSCF...
Setting Up the XSCF SNMP Agent Function This section explains how to set up the XSCF SNMP agent function. The workflow is as described below. Perform each setup step with the setsnmp(8) command of the XSCF Shell. For details on setup, see Chapter Starting Transmission Step 1:...
Page 329
Community name ■ Port number of the trap destination ■ Host name of the trap destination ■ Step 3: ■ Enable the XSCF SNMP agent function. Enable one or both of the following, according to the user environment: SNMPv1 and SNMPv2c ■...
Page 330
Performing User Management (USM Management) and Management of the Access Control Views of the MIB Definition File (V ACM Management) Step 1: ■ Set, change, and delete user management information by performing the following operations individually: Specifying a user authentication algorithm ■...
C H A P T E R Upgrade of XSCF Firmware and Maintenance This chapter explains how to update the firmware and how to collect log data. Update the XSCF Firmware This section explains firmware update functions and how to update the firmware. The firmware update work is performed by the system administrator or a field engineer.
is a conceptual diagram of the firmware update. FIGURE 8-1 Conceptual Diagram of the Firmware Update FIGURE 8-1 Web site CD-ROM, DVD-ROM, or flash drive Server Flash memories of CMUs/MBUs Flash memory of the XSCF PROM XCP data DomainID 0 PROM DomainID 1 PROM...
Note – The OpenBoot PROM firmware is applied by a domain reboot. In the M3000 server, this function updates the OpenBoot PROM firmware which is in the flash memory of the single MBU. And the number of domains to be updated is one. User Interfaces The following function is used for the firmware update: Firmware update using XSCF Web in a browser...
fieldeng ■ Firmware Update Environment The following environment is required for the firmware to update properly: The update is performed from a browser connected to the XSCF-LAN. ■ The update is performed after the domain console is switched to the XSCF Shell ■...
8.1.4 Method of Checking the Firmware Version The firmware version for this system is called the XCP version. Higher version numbers represent newer firmware. Before updating the firmware, be sure to check the XCP version in the current system. The following example shows a command that displays the XCP version: XSCF>...
8.1.5 Three Steps of the Firmware Update The firmware update for the server has three steps (XCP import, update, application) as explained below. 1. XCP import Storing the obtained XCP data in this system is called "XCP import." The system administrator or a field engineer obtains the XCP data files from the network or external media (CD-ROM, DVD-ROM, or flash drive), then he or she imports the data file using an XSCF console from a client (personal computer or workstation)
Page 337
Note – The update of the pool system board is completed at the following timing. - Using DR functions, when you configure the board into a domain, the board is automatically matched to the version of target domain. After rebooting the target domain, the board is updated to new firmware version.
8.1.6 Features of XSCF Firmware Update The firmware update that is managed by XSCF has the following features: New firmware for a domain can be updated without stopping the domain. To ■ update the OpenBoot PROM firmware, however, the target domain must be rebooted so that the firmware can be applied.
Page 339
describes the firmware update types and update times. TABLE 8-1 Firmware Update Types and Timing TABLE 8-1 Type Description Conditions Update Time Operator's update Imports XCP and updates The system power is off XCP update time the XSCF firmware and (input power is on and all (XCP update) OpenBoot PROM firmware...
Note – (2) The replacement of the XSCF Unit and the version matching is performed by FEs. When both XSCF Units are replaced in the systems with redundant XSCF Units (the M8000/M9000 servers), or when in the M4000/M5000 servers, or when a Motherboard unit is replaced (an XSCF Unit is replaced) in the M3000 server, the firmware version cannot be automatically set to match the version of the replaced unit.
Making Versions Agree With Each Other XSCF automatically sets firmware versions to match each other as follows: When power to a domain is turned on, the versions on the system boards in the ■ domain are automatically set to match each other. When a system board is moved to a domain by the DR function, the version on ■...
Page 342
Firmware Update Tasks TABLE 8-2 Firmware Update Task Item Outline Task time Updating XCP From the Obtain the XCP files from the • In the system with a XSCF Network appropriate web site, and use XSCF to Unit; About 45 minutes import XCP.
Page 343
Firmware Update Tasks (Continued) TABLE 8-2 Firmware Update Task Item Outline Task time Confirming That the XSCF The firmware update is automatically About 5 minutes Firmware is Updated When an performed by using the maintenance (Excludes the time for component XSCF Unit Is Replaced (There guidance for FE.
Page 344
2. Confirm the XCP version. To confirm the XCP version, see the figure of a four-digit number that exists in the firmware program (tar.gz) file name. The latest XCP information is released on a web site. To obtain the URL of the web site, see the description of the firmware download in the Product Notes for your server.
Page 345
c. If complete message, "Download successful: ..." and "MD5: ..." are displayed, the XCP import has ended. Use the getflashimage(8) command with -l option to confirm the imported version. Note – After importing, if “Error: File is invalid or corrupt” message is displayed, it means the XCP file that imported is not a correct file.
Page 346
Note – If the "XCP update requires all domains to be rebooted (Previous OpenBoot PROM update has not been completed)" message is displayed, you cannot update the firmware because previous OpenBoot PROM firmware update has not been completed. Perform the firmware update again after rebooting all domains. c.
Page 347
Note – The display might be different according to XCP version and system configuration. At this time, the XSCF will reset and the XSCF session will disconnect, so please connect the XSCF again. Only the application of the XSCF firmware is completed.
Page 348
5. Confirm that the version of the system firmware that is running is that of the firmware applied at the XSCF Shell command line by using the version(8) command. Web browser operation ■ For information about using the XSCF Web, see Chapter 1.
Page 349
Note – In a system with redundant XSCF Units: i) Perform the firmware update in order, beginning with the standby side and then the active side automatically. After the update on the standby side is completed, the active and standby sides are switched. At this time, the XSCF reset is done and the XSCF session is disconnected.
Page 350
1. After a CMU/MBU addition or replacement task and an allocation to a domain have completed, turn on power to the domain. The update of the OpenBoot PROM firmware is automatically performed at this time (automatic matching of versions). 2. Confirm that the firmware version of the target domain agrees with the version of the XSB firmware allocated to the added or replacement CMU/MBU.
Page 351
1. Turn on power to the server after completing XSCF Unit replacement task. 2. If the replacement unit and the replaced unit have different versions, a message is displayed such as the following. XCP version of Panel EEPROM and XSCF FMEM mismatched, Panel EEPROM=1080, XSCF FMEM=1090 3.
Page 352
Confirming That the XSCF Firmware Is Updated When the XSCF Unit Is Replaced (in a System With a Single XSCF Unit or Both Replacement in a System With Redundant XSCF Units) 1. Turn on power to the server after completing the XSCF Unit replacement task. 2.
8.1.11 If an Error Occurs During XSCF Firmware Update If the system hangs or any of the messages shown below is output during the firmware update, the XSCF Unit on the faulty side cannot be used and is treated as a faulty component.
Collecting XSCF Logs Log information for the XSCF firmware is used for investigating hardware or firmware faults. XSCF log information can be viewed by the system administrator, domain administrators, and FEs. 8.2.1 Log Types and Reference Commands You can view XSCF log information from the XSCF console after logging in to XSCF. When the log archiving function is enabled, logs are stored on the archive host (see Section 8.2.2, “Method of Collecting the Log Information”...
Page 355
Logs Containing Fault Information If a failure occurs in the system, the system and XSCF collects some fault information logs. lists the types of logs that are collected, descriptions, and TABLE 8-3 reference methods. For details on commands, see the XSCF Reference Manual and the man page.
Page 356
Other Logs outlines other logs collected for XSCF log information. TABLE 8-4 Other Logs TABLE 8-4 Standard Size Storage Period Type Description (Entry Size) Archiving Reference Method Power log Log for recording power events of 1920 generations About 1 month •...
Other Logs (Continued) TABLE 8-4 Standard Size Storage Period Type Description (Entry Size) Archiving Reference Method LDAP/SSL Log for LDAP/SSL authentication 250KB Not Archived • showldapss and authorization diagnostic (About 3000 messages lines) • XSCF Web Temperature Log containing a history of the 16384 About 6 months •...
Page 358
The configuration information can be saved and restored when a USB device has ■ been connected to the USB connector mounted on the XSCF Unit front panel of the M4000/M5000/M8000/M9000 servers or on the rear panel of the M3000 server. The log data is transmitted through the network with an encryption protocol.
Page 359
The following is the procedure for saving logs. Saving the Logs by Connecting the USB Device for Exclusive Use to the Front Panel of the XSCF Unit Web browser operation ■ 1. Select the snapshot (Note) menu for saves of the logs menu and display the saving operation page.
Page 360
3. Execute the data transfer. When the data transfer is complete, please contact authorized service personnel. Command operation ■ 1. Perform the snapshot(8) command using a public key, specifying the target directory, and specifying the encryption password for the output file. XSCF>...
C H A P T E R How to Use the XSCF Web This chapter describes how to use the XSCF Web. Overview of the XSCF Web The XSCF Web uses https and the SSL/TLS protocols for connection to the server connected to a user network and for web-based support of server status display, server operation control, and configuration information display.
Page 362
outlines each page. TABLE 9-1 XSCF Web Pages TABLE 9-1 Basic Page Description Login page XSCF Web console login page. Log in with an XSCF user account from the login page. Masthead frame The page on the upper part of the screen. The masthead frame displays the user account name specified at login, the connected host name, and so on.
Page 363
The following figures show examples of these pages in a web browser. shows an e xample of the Login page. FIGURE 9-1 Example of the Login Page FIGURE 9-1 Chapter 9 How to Use the XSCF Web...
Page 364
shows an example of the Tree frame. FIGURE 9-2 Example of the Tree Frame FIGURE 9-2 SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
shows an example of the Tree frame and main page. FIGURE 9-3 Example of the Tree Frame and Main Page FIGURE 9-3 Note – Screen layouts and displays are provided as image examples, and they may be changed to improve functionality. The screen displays shown may also depend on the model and other conditions.
9.2.1 Prerequisites Some settings are disabled in the initial settings of the XSCF Web. To use this function, advance configuration is required as follows: Create an XSCF user account. ■ Enable https at the https setting to use the XSCF Web. ■...
9.2.4 Specifying the URL When specifying the URL, specify the IP address configured with XSCF or the XSCF host name as the root directory. Example: URL https://192.168.111.111/ (Note: The IP address of XSCF is input by number) Alternatively, https://XSCF-host-name/ (Note: Not the host name of a domain) Note –...
The authentication timeout setting can be changed. The authentication timeout is 10 minutes by default. The monitoring interval ranges from 1 to 255 minutes. You can set the monitoring interval ranges at the [Menu]-[Settings]-[Autologout] page. 9.3.3 Logging Out From XSCF To exit the XSCF Web, log out by selecting "logout"...
XSCF Web Pages This section describes the configuration of pages available with the XSCF Web console. Menu and page configuration are described below. • Menu tree When you select an item on the menu, the target page is displayed on the main page. + XSCF Pages, which are the system/domain state + Status...
Displaying System Status lists the functions for displaying the status of the entire system. Select TABLE 9-3 [Status]-[System Status] in the Menu tree. System Status Display TABLE 9-3 Function Remarks Mode switch display Displays the mode switch status of the operator panel.
Page 372
lists the functions for displaying the status of a domain. Select TABLE 9-4 [Status]-[Domain Status] in the Menu tree. Domain Status Display TABLE 9-4 Function Remarks Domain configuration information display Displays the XSB number corresponding to each LSB number of each domain in the form of a table. Note - In the M3000 server, this function does not display the table of the corresponding XSB and LSB, but displays the detail information which is...
Page 373
System and Domain Operation lists the function used for the system as a whole and individual domains. TABLE 9-6 Select [Operation]-[Domain Operation]-[Domain Power] in the Menu tree. System and Domain Operation TABLE 9-6 Function Remarks System power on/off Specifies the system power on/off. This function is equivalent to the poweron(8) / poweroff(8) commands.
Page 374
lists the functions used for System board configuration. Select TABLE 9-8 [Operation]-[Domain Configuration]-[System Board Configuration] in the Menu tree. System Board Configuration TABLE 9-8 Function Remarks System board configuration information display Displays the XSB division information, the XSB number, and the memory mirror information for each PSB in the form of table.
Page 375
lists the functions for the domain configuration. Select TABLE 9-9 [Operation]-[Domain Configuration]-[Domain Configuration] in the Menu tree. Domain Configuration TABLE 9-9 Function Remarks Domain configuration information display (DCL) Displays the DCL information for a system board in the specified domain, and sets the configuration policy for the domain.
Page 376
Setting System lists the functions for the network configuration of XSCF. Select TABLE 9-10 [Settings]-[Network]-[Current] or [Settings]-[Network]-[Reserve] in the Menu tree. You can make the network configuration from both [Current] and [Reserve] menus. The [Current] menu displays the XSCF network information which is running on the server, and the [Reserve] menu can be used to confirm the data you configured.
Page 377
Network Configuration (2 of 2) TABLE 9-10 Menu Function Remarks Reserve XSCF network configuration information Displays the XSCF network configuration display and configuration information. This function is equivalent to the applynetwork(8) command. Also, this function sets each host name, domain name, IP address, netmask, and enabling/disabling of the XSCF network interface.
Page 378
Note – The IP packet filtering rules cannot be set and displayed through the XSCF Web. Set and display the filtering rules by using the setpacketfilters(8) and showpacketfilters(8) commands. 9-18 SPARC Enterprise Mx000 Servers XSCF User’s Guide • January 2012...
Page 379
lists the functions for setting the XSCF time. Select [Settings]-[Time] in the TABLE 9-11 Menu tree. Time Settings TABLE 9-11 Function Remarks System time display and setting Displays and sets the current system time. This function is equivalent to the applynetwork(8) and rebootxscf(8) commands.
Page 380
lists the functions for configuring LDAP. Select [Settings]-[LDAP] in the TABLE 9-13 Menu tree. LDAP Configuration TABLE 9-13 Function Remarks LDAP server display and registration Displays and configures the LDAP server when XSCF is as an LDAP client. This function is equivalent to the showldap(8) and setldap(8) commands.
Page 381
lists the functions for configuring LDAP/SSL. Select TABLE 9-14 [Settings]-[LDAP/SSL] in the Menu tree. LDAP/SSL Configuration TABLE 9-14 Function Remarks LDAP/SSL server display and configuration When XSCF is as an LDAP/SSL client, enable and disable the LDAP/SSL. Displays and configures an LDAP/SSL server, modes, timeout piriod, log, default settings, and so on.
Page 382
lists the functions for configuring Active Directory. Select TABLE 9-15 [Settings]-[Active Directory] in the Menu tree. Active Directory Configuration TABLE 9-15 Function Remarks Active Directory Active Directory server display and configuration When XSCF is as an client, Active Directory enable and disable the .
Page 383
lists the functions for configuring XSCF user management. Select TABLE 9-16 [Settings]-[User Manager] in the Menu tree. User Management Configuration TABLE 9-16 Function Remarks User accounts list display Displays user accounts information and the state being registered now. The useradm privilege is required.
Page 384
lists the functions for configuring XSCF audit. Select [Settings]-[Audit] in TABLE 9-17 the Menu tree. Audit Configuration TABLE 9-17 Function Remarks Audit enabling and disabling Enable and disable the auditing. This function is equivalent to the setaudit(8) command. Request the archive and data deletion Request the log archive for the audit trail.
Page 385
Mail Configuration (SMTP) TABLE 9-18 Function Remarks SMTP server display and configuration Displays SMTP server setting information. Sets the host name and the port number of the SMTP server. These functions are equivalent to the showamtp(8) and setsmtp(8) commands. Authentication server display and configuration When you enable the Authentication, displays and specifies the authentication mechanism and authentication server.
Page 386
SNMP Configuration TABLE 9-20 Function Remarks Agent display and configuration Enables and disables the SNMPv1v2c or SNMPv3 agent, sets the system management information, and selects the MIB module. This functions is equivalent to the showsnmp(8) and setsnmp(8) commands. Notification destination server display and setting Displays and sets the trap host for SNMPv1v2c or SNMPv3.
Page 387
lists the functions for configuring security access for SNMPv3. Select TABLE 9-21 [Settings]-[SNMP Security] in the Menu tree. SNMP Configuration (Security Access) TABLE 9-21 Function Remarks USM management information display and setting Displays and sets the USM management information for SNMPv3. This function is equivalent to the showsnmpusm(8) and setsnmpusm(8) commands.
Page 388
For COD settings and command information, see the COD User’s Guide and the XSCF Reference Manual. Note – In the M3000 server, this function is not available. lists the functions for configuring Sun Management Center agent. Select TABLE 9-23 [Setting]-[Sun MC] in the Menu tree. Sun Management Center Agent Configuration TABLE 9-23 Function...
Page 389
lists the functions for the firmware update. Select [Utility]-[Firmware TABLE 9-25 Update] in the Menu tree. Firmware Updating TABLE 9-25 Function Remarks XCP version display Displays the XCP version. This function is equivalent to the version(8) command. XSCF/OpenBoot PROM version display Displays the XSCF firmware and the OpenBoot PROM firmware versions.
Page 390
Logs lists the functions for referring and saving each log. Select [Logs] in the TABLE 9-26 Menu Tree, and select a target log. Log Collection TABLE 9-26 Function Remarks Error log display Display the error log. Also, you can search the logs. This function is equivalent to the error option of the showlogs(8) command.
Log Collection (Continued) TABLE 9-26 Function Remarks LDAP/SSL log display Display the LDAP/SSL log. This function is equivalent to the log option of the showldapssl(8) command. Snapshot (or Data Collector) Collects the log. This function is equivalent to the snapshot(8) command. COD log display Display the COD log.
XSCF Web Error Messages lists the typical messages category from the XSCF Web. Moreover, in each TABLE 9-27 category, detailed messages are displayed. Also, the message from XSCF Web is almost the same as the error message of the XSCF Shell command. For typical messages from the XSCF Shell command, see Chapter Error Messages of XSCF Web TABLE 9-27...
A P P E N D I X Warning and Information Messages This appendix explains the XSCF fault and informational messages output during the operation with the console, mail, or SNMP function of the server. Message Types syslog message ■ The Oracle Solaris OS outputs this message to the domain console.
Page 394
Panic message ■ This message is output in case of panic. The panic message is output to the domain console and retained as log information in the XSCF. The panic log retains the information corresponding to the last single panic event that occurred. The showlogs(8) command of XSCF can be used to display the panic log.
Messages in Each Function This section explains each Oracle Solaris OS and XSCF function by which the user can recognize status notification or fault information in the server, including messages. Recognizing Status Notification or Fault Information by a Message on the Domain Console 1.
Page 396
3. The contents of notification or fault information can be confirmed by accessing the specified URL according to the message ID (SUNW-MSG-ID) displayed on the domain console. If no message ID (MSG-ID) is found, acquire detailed information from the syslog information. 4.
Page 397
Recognizing Status Notification or Fault Information in a Monitoring Message on the XSCF Shell Terminal 1. The user recognizes status notification or fault information in a XSCF monitoring message output by using showmonitorlog(8) comannd. The following shows an example of the XSCF monitoring message. Jun 16 12:20:37 JST 2005 FF2-5-0:Alarm:/CMU#0/CPU#0:XSCF:Uncorrectable error ( 80006000-20010000-0108000112345678) (The example is subject to change without previous notice for functional...
A P P E N D I X XSCF Log Information This appendix explains the following XSCF log information that can be referenced using the XSCF Shell showlogs(8) command on the XSCF console. The log types that can be referenced by the showlogs(8) command are shown below.
Page 400
■ fmdump(8) The showlogs(8) error option displays fault information in a format specific to the platform. Conversely, the fmdump command displays fault information in a format compatible with the Oracle Solaris OS. This latter command is provided for users who are familiar with the Oracle Solaris OS. When the log is referenced by these two commands, there is a difference in display format but little difference in the information.
Page 401
Alarm: The relevant component failed. Warning: Some subcomponents in the relevant component failed or degraded. Information: Notification. Notice: System state notification. Time at which each problem occurred (Occurred). This is indicated in local time. ■ Replacement component (FRU) that is probably faulty. A comma (,) separates two ■...
Page 402
The above indicates the following: CMU#0/MEM#02A-02B was detected as the suspect component, and memory slot No.02A and No.02B of CMU 0 are problematic. It may be necessary to replace the memory as pairs in memory slots No.02A and No.02B as circumstances require. One-row message to indicate an outline of the problem (Msg).
Time at which the problem was registered in the log (TIME). ■ Universal Unique Identifier that can be used to uniquely identify the problem in ■ an optional system set (UUID) Message ID (MSG-ID) that can be used to access the corresponding description of ■...
Page 404
<Example 1> Power logs are displayed as a list. XSCF> showlogs power Date Event Cause Switch Mar 30 17:25:31 JST 2005 System Power Off Pow.Fail/Recov.-- Service Mar 30 17:35:31 JST 2005 System Power On Pow.Fail/Recov.-- Locked Mar 30 17:45:31 JST 2005 Domain Power Off Operator Locked...
Panel: Operating a switch on the operator panel caused a power event. Scheduled: Setting the TOD timer caused a power event. RCI: The I/O device connected to the RCI caused a power event. Pow.Fail/Recov.: Power recovery turned on the power supply. Operator: An operator's instruction caused a power event.
<Example> XSCF event logs are displayed as a list. XSCF> showlogs event Date Message Mar 30 17:45:31 JST 2005 System power on Mar 30 17:55:31 JST 2005 System power off (The example is subject to change without previous notice for functional improvement.) In the example above, the following items are displayed: Time at which each event log was gathered (Date).
B.4.2 Temperature and Humidity History Log Using the showlogs(8) Command to Reference Temperature and Humidity History Logs The XSCF firmware collects the environment and temperature and humidity history regarding the server in a temperature and humidity log. The temperature and humidity history log is displayed at ten-minute intervals.
B.4.4 Panic Log Using the showlogs(8) Command to Reference Panic Logs In case of panic, a console message is output to the domain console. This console message is collected by the XSCF firmware in a panic log. In some cases, panic logs may be called panic message logs.
Page 409
Using the viewaudit(8) Command to Confirm the Audit Trail ● Perform the viewaudit(8) command on the XSCF Shell. <Example> Display all audit records. XSCF> viewaudit file,1,2006-04-26 21:37:25.626 +00:00,20060426213725.0000000000.SCF-4-0 header,20,1,audit - start,0.0.0.0,2006-04-26 21:37:25.660 +00:00 header,43,1,authenticate,0.0.0.0,2006-04-26 22:01:28.902 +00:00 authentication,failure,,unknown user,telnet 27652 0.0.197.33 header,37,1,login - telnet,0.0.0.0,2006-04-26 22:02:26.459 +00:00 subject,1,opl,normal,telnet 50466 10.18.108.4 header,78,1,command - setprivileges,0.0.0.0,2006-04-26...
Page 410
Return Token ■ Label, return value Text Token ■ Label, text string Note – Some fields might not be output according to the environment. The following lists the principal audit events and Tokens: Login telnet ■ header subject text return Login SSH ■...
Active Directory Log This section explains how to reference the Active Directory logs by using the showad(8) command. For details of each log option of showad(8), see the XSCF Reference Manual or the main page. See for the size and generation number TABLE 8-3 of each log.
Console message ■ COD Activation Log When an addition and a deletion of COD hardware activation permit occurs in the server, the XSCF firmware collects an COD activation log. Specify the log option on the XSCF Shell and perform the showcodactivationhistory(8) command to reference COD activation logs.
A P P E N D I X XSCF MIB This appendix explains the XSCF Management Information Base (MIB), which is supported by the XSCF SNMP agent function. MIB Object Identifiers below explains the MIB object identifiers supported by the XSCF. TABLE C-1 MIB Object Identifiers TABLE C-1...
MIB Object Identifiers (Continued) TABLE C-1 scfMIBObjectGroups OBJECT IDENTIFIER ::= { scfMIBGroups 1 } scfMIBNotifGroups OBJECT IDENTIFIER ::= { scfMIBGroups 2 } Standard MIB The standard MIB supported by the XSCF conforms to the following RFC (Note). For the standard MIB definition file, see the general RFC document. MIB II RFC1213 User-based Security Model (USM)
Page 416
Note – In the M3000/M4000/M5000/M8000/M9000 servers, information has been added, such as power consumption and exhaust air. If you install a new server, reinstall the XSCF extension MIB definition file to the SNMP manager. For specific information about power consumption and exhaust air, see the latest version of the Product Notes (no earlier than the XCP 1080 edition) for your server.
11. scfIoBoxInfo group This group provides information for the External I/O Expansion Unit (IOBOX) that is attached to the system and the components which make it up. The components include I/O boats, Link Cards, and Power Supplies/Fans. For details about these components, see the Service Manual for your server. 12.
A P P E N D I X Troubleshooting This chapter describes problems that can occur during use of the XSCF console or during the operation of the system and provides solutions for them. Troubleshooting XSCF and FAQ This section describes problems that may occur during the use of XSCF and provides solutions for the problems.
Page 420
Could Not Connect to XSCF Through the Serial Port Check the connection between the terminal software and the serial port. ■ Check the settings of the terminal software (baud rate is set to 9600 bps, delay is ■ set to 0, etc.). For information about the settings, see "Connecting to XSCF via the serial port"...
Page 421
Do Not Know the IP Address of XSCF Use the shownetwork(8) command to check the current network configuration. If ■ it has not yet been set, ask the network administrator to check the setting. If necessary, use the console on the personal computer that is directly connected ■...
Page 422
A Mail Report Was Not Received From XSCF XSCF does not necessarily report all events. It sends a mail message for each part ■ fault or authentication failure event. Check for the relevant event in the error log, or use the reference for event logs in Appendix B to check whether this is an event in an event log to be reported.
Page 423
Web Pages of the XSCF Web Function are not Displayed Correctly Some versions of web browsers do not display the windows correctly. See ■ "Supported browsers" in Chapter 9, and update your browser to the latest version. Alert Message is Displayed in XSCF Web Please confirm the content of the security alert message and stop the use of XSCF ■...
Page 424
Method 1. Press and hold down the POWER switch on the operator panel of the main unit for four seconds. Method 2. Execute the poweroff(8) command from the XSCF Shell. Q. What kind of processing is executed by XSCF from the time that input power to the main unit is turned on until the Oracle Solaris OS starts? A.
Page 425
Note – The above examples vary depending on the client software on the terminal. Q. What is the relationship between the XSCF error log and error information in the MIB file? A. Error information reflected in the MIB file is the latest log data of XSCF. Troubleshooting the Server While XSCF Is Being Used This section describes how to effectively use XSCF in case the main unit is not...
Page 426
Use the following commands to check the events that occurred at the time the problem occurred: showlogs error ■ showlogs event ■ showlogs power ■ showlogs monitor ■ showlogs console ■ fmdump ■ If you find an error, see Appendix B in this manual for the corrective action.
Page 427
A P P E N D I X Software License Conditions Some of the software functions explained in this manual are licensed under public licenses (GNU Public License (GPL), GNU Lesser Public License (LGPL), and others). This appendix lists these public licenses and conditions.
Page 428
GNU GENERAL PUBLIC LICENSE Version 2, June 1991 a) You must cause the modified files to carry prominent notices stating that you changed the files and the date of any change. Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA b) You must cause any work that you distribute or publish, that in whole Everyone is permitted to copy and distribute verbatim copies of this...
Page 429
END OF TERMS AND CONDITIONS 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original Appendix: How to Apply These Terms to Your New Programs licensor to copy, distribute or modify the Program subject to these terms and conditions.
Page 430
When we speak of free software, we are referring to freedom of use, not 0. This License Agreement applies to any software library or other price. Our General Public Licenses are designed to make sure that you program which contains a notice placed by the copyright holder or other have the freedom to distribute copies of free software (and charge for authorized party saying it may be distributed under the terms of this this service if you wish);...
Page 431
will operate properly with a modified version of the library, if 3. You may opt to apply the terms of the ordinary GNU General Public the user installs one, as long as the modified version is License instead of this License to a given copy of the Library. To do interface-compatible with the version that the work was made with.
Page 432
of software distributed through that system in reliance on consistent You should have received a copy of the GNU Lesser General Public application of that system; it is up to the author/donor to decide if he License along with this library; if not, write to the Free Software or she is willing to distribute software through any other system and a Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110- licensee cannot impose that choice.
Page 433
notice, this list of conditions and the following disclaimer. * Here is the statement of the license: * 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the * This software is provided 'as-is', without any express or implied documentation and/or other materials provided with the distribution.
Page 434
Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd and Clark Cooper "Reasonable copying fee" is whatever you can justify on the basis of media cost, duplication charges, time of people involved, and so on. (You will Permission is hereby granted, free of charge, to any person obtaining a not be required to justify it to the Copyright Holder, but only to the copy of this software and associated documentation files (the "Software"), computing community at large as a market that must bear the fee.)
Page 435
4) Exclusions From License Grant. Nothing in this License shall be deemed * 1. Redistributions of source code must retain the above copyright to grant any rights to trademarks, copyrights, patents, trade secrets or notice, this any other intellectual property of Licensor except as expressly stated list of conditions and the following disclaimer.
Page 436
Miscellaneous. This License represents complete agreement concerning the subject matter hereof. If any provision of this License is "Contribution" shall mean any work of authorship, including the original held to be unenforceable, such provision shall be reformed only to the version of the Work and any modifications or additions to that Work or extent necessary to make it enforceable.
Page 437
6. Trademarks. This License does not grant permission to use the trade * This software is not subject to any license of the American Telephone names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of * Telegraph Company or of the Regents of the University of California.
Page 438
PCRE software which distribute others, commercially * Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore) otherwise, you must put a sentence like this * Permission to use, copy, modify, and distribute this material for any Regular expression support is provided by the PCRE library package, which purpose is open source software, written by Philip Hazel, and copyright by the * and without fee is hereby granted, provided...
Page 439
2. Redistributions in binary form must reproduce all prior and current copyright notices, this list of conditions, and the following disclaimer ---- Part 2: Networks Associates Technology, Inc copyright notice (BSD) - documentation and/or other materials provided with ---- distribution. Copyright (c) 2001-2003, Networks Associates Technology, Inc All rights 3.
Page 440
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Copyright (c) David L. Mills 1992-2003 Neither the name of the Sun Microsystems, Inc. nor the names of its contributors may be used to endorse or promote products derived from this * Permission to use, copy, modify, and distribute this software and software without specific prior written permission.
Page 441
[However, none of that term is relevant at this point in time. of these restrictively licenced software components which he talks about * This code is hereby placed in the public domain. have been removed from OpenSSH, i.e., * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY - RSA is no longer included, found in the OpenSSL library * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, - IDEA is no longer included, its use is deprecated...
Page 442
* 4. If you include any Windows specific code (or a derivative thereof) * 2. Redistributions in binary form must reproduce the above copyright from notice, this list of conditions and the following disclaimer in the apps directory (application code) must include * documentation and/or other materials provided with the distribution.
Page 443
[C] The Regents of the University of Michigan and Merit Network, Inc. 1992, ---- 1993, 1994, 1995 All Rights Reserved * Copyright (c) 1990 The Regents of the University of California. Permission to use, copy, modify, and distribute this software and its * All rights reserved.
Page 444
* INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL Copyright 2001 by Steve Grubb * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR This is an exerpt from an email I recieved from the original author, * PROFITS;...
Page 445
Index Audit policy 2-121 Adding or deleting a user account and specifying a specifying, 2-39 2-116 password, Audit record, Administration 2-117 Audit token, 2-185 altitude, 2-117 Audit trail, 2-116 audit, Automatic boot function 2-109 https, 2-181 enabling or disabling, 2-184 locale, 2-123 log archiving,...
Page 446
2-173 Domain Time domain mode, 2-100 2-16 setting to XSCF time, network, 4-22 2-170 Dual power feed, system board, 2-186 2-95 DVD drive/tape drive unit administration, Configuring an NTP server, Configuring IP Packet Filtering Rules for XSCF 2-31 Network, Enabling or disabling 2-28 Configuring XSCF routing, 2-24...
Page 447
Installing and Uninstalling an ssh user public 2-170 Memory mirror mode, 2-107 key, Message types, Messages in functions, 2-43 2-48 2-70 LDAP, information, Locale monitoring, 2-184 setting, types, 2-184 Locale Administration, warning, B-10 audit, definition file, B-10 B-12 B-13 confirm the audit trail, extended, console, object identifiers,...
Page 448
2-41 Specifying a password policy, 2-43 2-48 2-70 2-92 Security administration, Specifying a time zone, 5-16 2-40 Security commands, Specifying a user privilege, Server 2-106 Specifying an ssh host key, 5-10 5-12 configuration, Specifying or Canceling prefer for NTP Server, 5-10 control, 5-10...
Page 449
Administration Redundant XSCFs, 2-35 2-28 user account, routing, 5-16 User management commands, SNMP agent, User privilege 2-27 specifying a host name, 2-40 specifying, 4-26 standby XSCF, 2-137 USM management information, telnet connection, terminal operating modes, TRAP, 2-138 VACM management information, troubleshooting, XSCF command shell, Web server certificate...