Unix System AdministrationSolaris Management ConsoleChuck Hauser2006-10-13

Presentation ConventionsNames (files, users, daemons) are usually in bold: /etc/syslog.confSystem dependent or variable items are usually in italics: /var/sadm/patch/patchnumber/logFile entries and output are in mono-spaced type: > root 8036 c Tue Apr 26 23:59:00 2005 < root 8036 c Tue Apr 26 23:59:59 2005 marks a line wrapped to fit on the slide: mv Solaris_9_Recommended_Patch_Cluster_log Solaris_9_Recommended_Patch_Cluster_log.yyyymmdd marks a horizontal tab (09 hex)Reference OE for programs and documentation is Solaris 9

IntroductionThe Solaris Management Console is a graphical user interface that provides access to Solaris system administration tools.Replaces both AdminSuite and Admintool.The Solaris Management Console (abbreviated as SMC from here forward) first appeared in Solaris 2.6.SMC continues at least through Solaris 10.

Admintool and Java Web ConsoleSolaris 9 includes admintool, but it opens with this message. Admintool is not in Solaris 10. The browser-based Java Web Console was introduced in Solaris 10 as a future replacement for SMC, but currently it has almost no functionality.

SMC Advantages Over admintoolReplaces the root-privileges of admintool with more flexible role-based access control (RBAC) if desired.Based on a toolbox concept; different collections of tools and folders can be grouped for users role or experience.Can be extended with JavaBeans, legacy apps, commands, etc.Has context-sensitive help.

Role-Based Access Control (RBAC)A role account is created with specific rights that are granted to a set of users.See System Administration Guide: Security Services (817-0365) Chapters 5-7.Replaces the all-or-nothing superuser model with least-privilege security; allows separation of superuser capabilities.

Solaris Management Tools HistorySee System Administration Guide: Basic Administration (817-3814) Chapter 1 Solaris Management Tools (Roadmap) for a matrix of Solaris management tools support.

Solaris Management Console 2. 1 Packages

Solaris Management 2.1 Packages

Solaris Volume Management PackagesBecause Solstice DiskSuite has been incorporated in Solaris 9 as the Solaris Volume Manager, the DiskSuite Tool (metatool) has been removed and SMC is now the graphical interface for Solaris Volume Management.

SMC DocumentationThere is no Sun manual that covers only SMC.The System Administration Guide: Basic Administration (817-3814) introduces SMC in Chapter 2 Working With the Solaris Management Console (Tasks)Other references are scattered in the various System Administration Guides.BigAdmin has SMC 2.0 Frequently Asked Questions which also has 2.1 tips at http://www.sun.com/bigadmin/content/misc/smc20_faq.html.SunSolve has a Solaris Management Console Support Document (70475).

Solaris Management Console ToolsSolaris Management Console Tools by Janice Winsor (Sun Microsystems Press, 2002) covers SMC 2.0 and is out of print.Three sample chapters are online:Networked System Administration Tools from Sun MicrosystemsSMC Toolbox Editor: Creating and Editing the SMC ToolboxUsing SMC Tools

SMC HelpOnline help is available. The currently selected tool will determine the help shown.A simple non-boolean search is available.Help can be printed.

SMC ComponentsSMC Server: provides tools for console and services such as authentication, authorization, logging, messaging, etc. SMC Toolbox Editor: used to modify or create toolboxes. SMC client (the Console): interface that contains the GUI tools used to perform management tasks.

SMC Server ComponentsThe SMC server is a Java-based daemon.Although it is a single process, it is a server for both the Solaris Management Console and Solaris Web-Based Enterprise Management (WBEM). If server crashes or console never loads, stop and restart the server using the init.wbem command (next slide).

Running the SMC ServerThe script /etc/init.d/init.wbem is used to start smcboot, a small proxy server (see Initial Server Configuration slide).In addition to the usual start and stop arguments, init.wbem also takes a status argument: # /etc/init.d/init.wbem status Solaris Management Console server version 2.1.0 running on port 898.For startup, init.wbem is linked to /etc/rc2.d/S90wbem and the shutdown scripts are /etc/rc0.d/K36wbem, /etc/rc1.d/K36wbem, and /etc/rcS.d/K36wbem.

Running the Console LocallyChoose Solaris Management Console from the CDE Tools Menu (see right)Or double-click the SMC icon in CDE Applications Manager or File Manager

Starting the Console Locally by Command LineMust be in an X11 terminal window, i.e., xterm.Use the following command: /usr/sadm/bin/smc&The command line is also used when using a PC X server to remotely run SMC.

Running SMC in Web BrowserDespite what some of the documentation implies, SMC cannot be run in a web browser.Java Web Console (Solaris 10) can.

Options for Running SMC Remotely Use a Unix box with SSH and XwindowsRun Xwindows on a PCRun Solaris or other Unix in a PC virtual machine such as VMware (right)

Remote X Server to Run on PCUse commercial product or download free Cygwin environment (www.cygwin.com).Cygwin provides both X11 and OpenSSH for running SMC.

Install OpenSSH and X11from Cygwin

SSH X11 TunnelingThe Secure Shell (SSH) can be used to encrypt X11 traffic by forwarding through an SSH tunnel.Neither Xhosts nor Xauth are necessary when using SSH to tunnel.

X11 Forwarding Configuration/etc/ssh/sshd_config must be modified to allow X11 forwarding by the ssh server.Find Line with X11 tunneling options: # X11 tunneling options # X11Forwarding no X11DisplayOffset 10Change to allow forwarding: X11Forwarding yes

Getting sshd to reread sshd_configSend a SIGHUP signal to the sshd daemon to reread the configuration file. There may be multiple instances of sshd running if using privilege separation: ps -ef | grep sshd root 304 702 0 19:36:22 ? 0:00 /usr/lib/ssh/sshd root 702 1 0 Oct 05 ? 0:00 /usr/lib/ssh/sshd cfhauser 308 304 0 19:36:30 ? 0:00 /usr/lib/ssh/sshd cfhauser 178 175 0 19:25:32 ? 0:01 /usr/lib/ssh/sshd root 175 702 0 19:25:25 ? 0:00 /usr/lib/ssh/sshd Signal process 702 (whose parent is process 1): kill -1 702

SSH X11 Tunneling Example

Possible Missing Font MessageThis message may appear when using a remote X server on a PC to run SMC: Warning: Cannot convert string "-monotype-arial-regular-r-normal--*-140-*-*-p-*-iso8859-1" to type FontStruct The Java Virtual Machine running SMC on the server is requesting a font that is not in the font set of the remote X server.This message may be safely ignored, but it can be fixed by aliasing the font (see following).

Removing Font Error Message in CygwinEdit /usr/X11R6/lib/X11/fonts/75dpi/fonts.alias Add the following as one complete line: -monotype-arial-regular-r-normal--*-140-*-*-p-*-iso8859-1 -b&h-lucida-medium-r-normal-sans-14-140-75-75-p-81-iso8859-1In an xterm window, force X server to re-read fonts: xset fp rehash

Removing Font Error Message in X-Win32 (Hummingbird)Open the X-Util32 configuration utility.Select Fonts AliasDouble-click 75dpi; double-click fonts.alias to open Font Alias dialog box.Enter in the Alias from field: -monotype-arial-regular-r-normal--*-140-*-*-p-*-iso8859-1Enter in the Alias to field: -b&h-lucida-medium-r-normal-sans-14-140-75-75-p-81-iso8859-1Click Add

Running su When TunnellingAlthough a normal user can start SMC, usually want to run as root (if not using RBAC) to avoid problems with loading some tools. When using su to switch to root, do not use the option, otherwise the DISPLAY variable defining the local display will be lost:

Initial Server ConfigurationThe smcboot native program waits for a connection from a console program on port 898.When a connection is received for the first time, the real java-based server is called and displays the above while the server initializes.

Console ElementsThe default console consists of three main panes: Navigation, View, and Information.There is a menu bar, tool bar, status bar, and if enabled, a location bar.Context Help and Console Event tabs are at the bottom.

Console PreferencesChoose Console Preferences to change:Console (toolbox used)AppearanceToolbarFontsTool LoadingAuthentication

Navigation PaneActs similar to a frame in a web page.Clicking on in item in this pane will display this item in the View pane.Double-click on an item or click on the turner icon ( ) to expand tree.

View and Information PanesView Pane shows information related to selected node in navigation pane.Information Pane on bottom; either displays context-sensitive help or console events depending on selected button.

Default Toolbox The default toolbox contains tools for:System StatusSystem ConfigurationServicesStorageDevices and Hardware

Logging In Even when running as root, selecting a tool will require logging in as root. If using RBAC, login as a role name and password.

System Status System Information

System Status Log ViewerThe log view defaults to events logged by the WBEM logging service (/var/sadm/wbem/log).Syslog files may be chosen by selecting drop down box labeled Log File, but view must be manually refreshed.Note: the OpenWindows xconsole program provides a continually updated display of console messages in an Xwindow; it should be run as root: /bin/su root c /usr/openwin/bin/xconsole daemon verbose

System Status PerformanceDisplays performance data based on projects, user, or summary.Basically useless in System Performance Summary mode: the display blanks while system gathers new data, information appears briefly, then blanks for next cycle. Project and User screens are more useful.Before running: be sure to change Preferences General from default 30 seconds to longer time period to have a chance of seeing data.

System Status ProcessesUse View Filter to search for an individual process.Right-click on an individual process to see process properties, suspend a process, resume a suspended process, or kill (delete) a process.

System Configuration User AccountsAllows viewing or modification of individual user accounts.Probably best method for working with RBAC.Multiple users can be added in a batch operation (see Adding Multiple Users).

User Properties (1)

User Properties (2)

User Properties Home Directory Modifying the users home directory will change the entry in /etc/passwd for the user and rename the old home directory to the new name.

Users Adding Multiple UsersAn SMC wizard can be used to add multiple users byUser types each nameGenerate automatic prefix followed by numeric sequenceUse text file in a format similar to /etc/passwd; minimum should have: newdudeid:New DudeOther batch operations on users (add, delete, modify) can be performed at the command line using the smmultiuser command.

Users User Templates User templates are a named collection of user properties that can be used as the starting point for creating new users.

Users RightsActually RBAC Rights Profiles, a collection of commands, authorizations, or other rights.Rights could be directly assigned to a user, but better to assign to a role, then assign the role to users.The next slide shows a rights profile for User Security.

Right Properties for User Security

Users Administrative RolesNo roles are predefined.Sun suggests creating Primary Administrator, System Administrator, and Operator rights profiles.This example adds a password.operator role for handling user password requests.

Adding an Administrative Role (2)A password is required, to be used when a user switches to the role.The predefined User Security right is added; note the contextual help.

Adding an Administrative Role (3)Roles are structured similarly as users, including a home directory.After a role is defined, add regular users to the role.

Adding an Administrative Role (4)The final review screen before creating the role. The finished role on the Adminstrative Roles screen.

User Groups and Mailing ListsNote that users can be pasted into a selected group. Mailing Lists provides an convenient front-end for the sendmail alias file.

System Configuration ProjectsManages the Solaris project database.A project is a way of identifying related work by users in groups.The right screen shows Performance grouped by projects.

System Configuration Computers and Networks For working with ethers, hosts, and networks files.

System Configuration Patches

Patch Tool ConfigurationAnalyze and Add Patches, and Download Patches tools will fail if not configured; even then the smpatch command is often more successful.Cannot be configured in SMC, must use smpatch command as root: smpatch set patchpro.sun.user=yourSunsolveId smpatch set patchpro.sun.passwd=yourSunsolvePasswordTo see settings: # smpatch get patchpro.backout.directory - " patchpro.download.directory - /var/sadm/spool patchpro.install.types - rebootafter:reconfigafter:standard patchpro.patch.source - https://updateserver.sun.com/solaris/ patchpro.patchset - patchdb patchpro.proxy.host - " patchpro.proxy.passwd **** **** patchpro.proxy.port - 8080 patchpro.proxy.user - " patchpro.sun.passwd **** **** patchpro.sun.user yourid@youridemail ""

Patch Properties

Services Scheduled JobsProvides a human-friendly front-end to cron, instead of editing by hand with crontab eCommand-line equivalent is smcron

Add Scheduled Job Wizard

Storage ToolMounts and Shares Creates and manages mounts and sharesDisks Display disk properties and create partitionsEnhanced Storage Solaris Volume Manager; create and manage volumes, soft partitions, hot spare pools, disk sets, and state database replicas.

Storage Tool Mounts and Shares Mounts

Mounts and Shares Mount Properties

Mounts and Shares Usage

Storage Disks

Storage Disk Properties and Partitions

Storage Partitioning a Disk

Enhanced Storage Volume Properties (1)

Enhanced Storage Volume Properties (2)

Enhance Storage State Database Replicas

Devices Currently the Devices tool only works with serial ports and modems.

SMC Command-line Tools

RBAC Command-line Tools