Sb x6000 Ilom20 Admin Guide

8/21/2019 Sb x6000 Ilom20 Admin Guide

1/144

Sun Microsystems, Inc.www.sun.com

Submit comments about this document at: http://www.sun.com/hwdocs/feedback

Integrated Lights Out Manager(ILOM) Administration Guide

For the Sun Blade™ 6000 Modular System

Part No. 820-0052-10April 2007, Revision A


2/144

PleaseRecycle

Copyright2007 SunMicrosystems,Inc.,4150 Network Circle, Santa Clara,California 95054, U.S.A.All rightsreserved.

SunMicrosystems, Inc. hasintellectualproperty rightsrelatingto technology that is describedin this document.In particular, andwithoutlimitation, these intellectual propertyrights mayinclude oneor more of theU.S. patents listedat http://www.sun.com/patentsandoneormore additionalpatents or pending patentapplicationsin theU.S. andin other countries.

This document andtheproduct to which it pertains aredistributedunder licenses restricting their use, copying, distribution, anddecompilation. No part of theproduct or of this document may be reproduced in any form by anymeans without prior written authorization of Sunand itslicensors, if any.

Third-party software, including font technology, is copyrighted and licensed fromSun suppliers.

Parts of theproduct maybe derived from Berkeley BSD systems, licensed from theUniversity of California. UNIX is a registered trademarkintheU.S. andin other countries, exclusively licensed through X/OpenCompany, Ltd.

Sun, Sun Microsystems, the Sun logo, Java,AnswerBook2, docs.sun.com,SunBlade, and Solarisare trademarks or registered trademarks of SunMicrosystems, Inc. in theU.S. andin other countries.

AllSPARCtrademarks areused under license andaretrademarks or registered trademarks of SPARCInternational, Inc. in theU.S. andin othercountries.Products bearing SPARC trademarks are basedupon an architecture developed by Sun Microsystems, Inc.

TheOPEN LOOK andSun™ GraphicalUser Interface wasdevelopedby SunMicrosystems, Inc. for itsusersand licensees. Sunacknowledgesthepioneering efforts of Xerox in researching anddeveloping theconcept of visual or graphical user interfaces for thecomputerindustry. Sunholds a non-exclusive license from Xerox to theXeroxGraphicalUser Interface, which license also coversSun’slicensees who implementOPENLOOKGUIs andotherwisecomply with Sun’s written licenseagreements.

AMDOpteron is a trademark or registered trademarkof Advanced Microdevices, Inc.

U.S. Government Rights—Commercial use. Government usersare subject to the Sun Microsystems, Inc. standard license agreementandapplicable provisions of theFAR andits supplements.

DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES,INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE OR NON-INFRINGEMENT,ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID.

Copyright 2007 Sun Microsystems, Inc.,4150 Network Circle, SantaClara,Californie 95054,Etats-Unis. Tous droits réservés.

SunMicrosystems, Inc. a les droitsde propriété intellectuelsrelatants à la technologie quiestdécritdans ce document. En particulier, et sans lalimitation, ces droits de propriété intellectuels peuvent inclure un ou plus desbrevets américains énumérés àhttp://www.sun.com/patentset un ou lesbrevets plus supplémentairesou lesapplicationsde brevet en attente dans les Etats-Unis etdans les autrespays.

Ce produit ou document estprotégé parun copyrightet distribuéavec des licences quien restreignent l’utilisation, la copie, la distribution, et ladécompilation. Aucunepartie de ce produit ou document ne peut être reproduite sous aucuneforme, parquelque moyen que ce soit, sansl’autorisation préalable et écritede Sunet de sesbailleursde licence, s’il y en a.

Le logiciel détenupar destiers, et quicomprendla technologie relativeaux polices de caractères, estprotégé par un copyrightet licencié par desfournisseurs de Sun.

Desparties de ce produit pourrontêtre dérivées des systèmes Berkeley BSDlicenciéspar l’Université de Californie. UNIX estune marquedéposée aux Etats-Unis et dans d’autres pays et licenciée exclusivement parX/OpenCompany, Ltd.

Sun, SunMicrosystems,le logo Sun, Java, AnswerBook2, docs.sun.com, SunBlade,et Solarissont desmarques de fabrique ou desmarquesdéposées de SunMicrosystems, Inc. aux Etats-Unis et dans d’autres pays.

Toutes les marques SPARCsont utiliséessous licence et sont desmarques de fabrique ou desmarques déposées de SPARCInternational, Inc.auxEtats-Unis et dans d’autres pays. Les produitsportant les marques SPARCsont basés surune architecture développée par SunMicrosystems, Inc.

L’interface d’utilisation graphique OPEN LOOKet Sun™ a été développée parSun Microsystems, Inc. pour sesutilisateurs et licenciés. Sunreconnaîtles efforts de pionniersde Xerox pour la rechercheet le développement du concept des interfaces d’utilisation visuelle ou graphiquepour l’industrie de l’informatique.Sun détient unelicense nonexclusivede Xerox surl’interface d’utilisation graphiqueXerox, cette licence

couvrant égalementles licenciées de Sunqui mettent en place l’interface d ’utilisation graphique OPEN LOOK et quien outre se conformentauxlicences écrites de Sun.AMDOpteron estune marque de fabrique ou unemarque deposee de Advanced Microdevices, Inc.

LA DOCUMENTATION EST FOURNIE "EN L’ÉTAT" ET TOUTES AUTRES CONDITIONS, DECLARATIONS ET GARANTIES EXPRESSESOU TACITESSONT FORMELLEMENTEXCLUES, DANS LA MESUREAUTORISEE PAR LA LOIAPPLICABLE, Y COMPRIS NOTAMMENTTOUTE GARANTIE IMPLICITE RELATIVE A LA QUALITE MARCHANDE, A L’APTITUDE A UNE UTILISATION PARTICULIERE OU AL’ABSENCE DE CONTREFAÇON.

LA DOCUMENTATION EST FOURNIE "EN L’ÉTAT" ET TOUTES AUTRES CONDITIONS, DÉCLARATIONS ET GARANTIES EXPRESSESOU TACITES SONT FORMELLEMENT EXCLUES DANS LA LIMITE DE LA LOI APPLICABLE, Y COMPRIS NOTAMMENT TOUTEGARANTIE IMPLICITE RELATIVE À LA QUALITÉ MARCHANDE, À L’APTITUDE À UNE UTILISATION PARTICULIÈRE OU ÀL’ABSENCE DE CONTREFAÇON.

http://www.sun.com/patentshttp://www.sun.com/patentshttp://www.sun.com/patentshttp://www.sun.com/patents


3/144

iii

Contents

Preface ix

1. CMM ILOM and System Management Overview 1–1

1.1 Introduction 1–1

1.1.1 Address Space 1–2

1.1.1.1 CMM Address Space 1–3

1.1.1.2 CH Address Space 1–5

1.1.2 Components 1–6

1.2 Managing Server Modules 1–6

1.2.1 Accessing Server Module Service Processors 1–6

1.2.2 Changing the Server Module User Name 1–8

1.2.3 Changing the Server Module Network Configuration 1–8

2. CMM ILOM Initial Setup 2–1

2.1 Connecting to the CMM ILOM 2–1

2.1.1 Connecting to the CMM ILOM Using a Serial Connection 2–2

2.1.2 Connecting to the CMM ILOM Using an Ethernet Connection 2–4

2.2 Configuring the CMM ILOM IP Address 2–5

2.2.1 Viewing the CMM ILOM’s IP Address 2–5

2.2.2 Using DHCP to Assign an IP Address 2–5


4/144

iv Integrated Lights Out Manager (ILOM) Administration Guide for Sun Blade 6000 Modular System • April 2007

2.2.3 Configuring the CMM ILOM IP Address Using the CLI 2–7

3. Using the Command-Line Interface 3–1

3.1 Using CLI Commands 3–1

3.1.1 CLI Namespace 3–1

3.1.2 Privilege Levels 3–2

3.1.3 CLI Command Syntax 3–2

3.1.3.1 Command Verbs 3–2

3.1.3.2 Command Options 3–3

3.1.3.3 Command Targets 3–3

3.1.3.4 Command Properties 3–3

3.2 Command Syntax 3–4

4. Managing User Accounts 4–1

4.1 User Accounts Overview 4–1

4.2 Managing User Accounts 4–2

4.2.1 Adding a User Account 4–2

4.2.2 Deleting a User Account 4–2

4.2.3 Displaying User Accounts 4–24.2.4 Configuring User Accounts 4–3

4.2.4.1 Syntax 4–3

4.2.4.2 Targets, Properties, and Values 4–3

5. Managing the CMM ILOM Using the CLI 5–1

5.1 Configuring CMM ILOM Network Settings 5–1

5.1.1 Displaying Network Settings 5–1

5.1.2 Configuring Network Settings 5–2

5.1.2.1 Syntax 5–2


5.2 Setting the CMM ILOM Clock 5–3


5/144

Contents v

5.2.1 Displaying Clock Settings 5–3

5.2.2 Configuring the Clock to Use NTP Servers 5–3

5.2.2.1 Syntax 5–45.2.2.2 Targets, Properties, and Values 5–4

5.2.3 Interpreting CMM ILOM Clock Settings 5–5

5.3 Resetting the CMM ILOM 5–5

5.4 Updating the CMM ILOM Firmware 5–5

5.5 Viewing SSH Settings 5–65.6 Displaying CMM ILOM Information 5–8

5.6.1 Displaying Version Information 5–8

5.7 Resetting the CMM ILOM Password 5–9

6. Managing the Chassis Using the CLI 6–1

6.1 Viewing Components, Indicators, and Sensors 6–1

6.2 Shutting Down and Restarting the Chassis 6–4

6.3 Setting the Locate LED 6–4

6.4 Viewing and Clearing Event Logs 6–4

6.4.1 Sending Logs to Other Machines 6–6

6.5 Displaying Available Targets 6–6

7. Lightweight Directory Access Protocol (LDAP) 7–1

7.1 LDAP Servers Directory Organization 7–1

7.2 LDAP Clients and Servers 7–2

7.3 Configuring the LDAP Server 7–37.3.1 Configuring LDAP Server 7–4

7.3.2 Configuring the CMM ILOM 7–4

8. RADIUS 8–1

8.1 RADIUS Overview 8–1

8.2 Configuring RADIUS Settings 8–2


6/144

vi Integrated Lights Out Manager (ILOM) Administration Guide for Sun Blade 6000 Modular System • April 2007

8.2.1 RADIUS Parameters 8–2

8.3 RADIUS Commands 8–3

8.3.1 show /CMM/clients/radius 8–38.3.2 set /CMM/clients/radius 8–4

8.3.3 show /CMM/clients 8–5

9. Using Simple Network Management Protocol (SNMP) 9–1

9.1 About SNMP 9–1

9.1.1 How SNMP Works 9–1

9.2 SNMP Management Information Base (MIB) Files 9–2

9.3 MIBs Integration 9–3

9.4 About SNMP Messages 9–3

9.5 About the CMM ILOM and SNMP 9–4

9.5.1 Integrating the MIBs 9–4

9.5.2 Adding Your Server to Your SNMP Environment 9–4

9.6 Managing SNMP Users 9–5

9.6.1 Adding a User Account 9–5

9.6.2 Deleting a User Account 9–5

9.6.3 Configuring User Accounts 9–5

9.6.3.1 Syntax 9–5


9.6.3.3 Examples 9–6

10. Sensors 10–1

n Types of Sensors 10–1

n Discrete Sensors 10–1

n Threshold Sensors 10–2

n Displaying Sensors 10–2

Note – Sensor Information 10–3


7/144

Contents vii

A. Command-Line Interface Reference A–1

A.1 CLI Command Quick Reference A–1

A.2 CLI Command Reference A–5A.2.1 Using the cd Command A–5

A.2.2 Using the create Command A–6

A.2.3 Using the delete Command A–7

A.2.4 Using the exit Command A–8

A.2.5 Using the help Command A–8A.2.6 Using the load Command A–10

A.2.7 Using the reset Command A–11

A.2.8 Using the set Command A–12

A.2.9 Using the show Command A–14

A.2.10 Using the start Command A–18A.2.11 Using the stop Command A–19

A.2.12 Using the version Command A–19

B. CMM ILOM Ports B–1

Glossary Glossary–1

Index Index–1


8/144

viii Integrated Lights Out Manager (ILOM) Administration Guide for Sun Blade 6000 Modular System • April 2007


9/144

ix

Preface

The Integrated Lights Out Manager (ILOM) Administration Guide for Sun Blade 6000 Modular System provides instructions for managing the Sun Blade™ 6000 modularsystem chassis using a modified version of the Integrated Lights Out Manager(ILOM)™ called the Chassis Management Module (CMM). Throughout thisdocument, it is referred to as the CMM ILOM.

Using UNIX CommandsThis document might not contain information about basic UNIX® commands andprocedures such as shutting down the system, booting the system, and configuring

devices. Refer to the following for this information:■ Software documentation that you received with your system.

■ Solaris™ Operating System documentation, which is at:

http://docs.sun.com

http://docs.sun.com/http://docs.sun.com/


10/144

x Integrated Lights Out Manager (ILOM) Administration Guide for Sun Blade 6000 Modular System • April 2007

Shell Prompts

Typographic Conventions

Shell Prompt

C shell machine-name%

C shell superuser machine-name#

Bourne shell and Korn shell $

Bourne shell and Korn shell superuser #

Typeface*

* The settings on your browser might differ from these settings.

Meaning Examples

AaBbCc123 The names of commands, files,and directories; onscreencomputer output

Edit your.login file.Use ls -a to list all files.% You have mail.

AaBbCc123 What you type, when contrasted

with onscreen computer output

% su

Password:

AaBbCc123 Book titles, new words or terms,words to be emphasized.Replace command-line variableswith real names or values.

Read Chapter 6 in the User’s Guide.These are called class options.You must be superuser to do this.To delete a file, type rm filename.


11/144

Preface xi

Documentation, Support, and Training

Third-Party Web SitesSun is not responsible for the availability of third-party web sites mentioned in thisdocument. Sun does not endorse and is not responsible or liable for any content,

advertising, products, or other materials that are available on or through such sitesor resources. Sun will not be responsible or liable for any actual or alleged damageor loss caused by or in connection with the use of or reliance on any such content,goods, or services that are available on or through such sites or resources.

Sun Welcomes Your CommentsSun is interested in improving its documentation and welcomes your comments andsuggestions. You can submit your comments by going to:

http://www.sun.com/hwdocs/feedback

Please include the title and part number of your document with your feedback:

Integrated Lights Out Manager (ILOM) Administration Guide for Sun Blade 6000 ModularSystem, part number 820-0052-10

Sun Function URL

Documentation http://www.sun.com/documentation/

Support http://www.sun.com/support/

Training http://www.sun.com/training/

http://www.sun.com/hwdocs/feedbackhttp://www.sun.com/documentation/http://www.sun.com/support/http://www.sun.com/training/http://www.sun.com/documentation/http://www.sun.com/support/http://www.sun.com/training/http://www.sun.com/hwdocs/feedback


12/144

xii Integrated Lights Out Manager (ILOM) Administration Guide for Sun Blade 6000 Modular System • April 2007


13/144

1-1

CHAPTER 1

CMM ILOM and SystemManagement Overview

This chapter contains the following sections:

■ Section 1.1, “Introduction” on page 1-1

■ Section 1.2, “Managing Server Modules” on page 1-6

1.1 IntroductionThe CMM ILOM manages the Sun Blade 6000 modular system chassis. It providesmanagement of chassis components, and a method of accessing the serviceprocessors in individual server modules. It also provides automatic control of thechassis fan speed.

The Sun Blade 6000 modular system chassis holds up to ten server modules. Each of these has its own service processor (SP). It is separate from the CMM ILOM, whichmanages only the chassis.

Users interact with the CMM ILOM through the command-line interface (CLI).

Note – All access to the CMM ILOM is through the CLI. WebGUI access is notsupported.

The CMM ILOM enables you to:

■ Display and configure CMM ILOM network parameters

■ Display and configure server module SP network parameters


14/144

1-2 Integrated Lights Out Manager (ILOM) Administration Guide for Sun Blade 6000 Modular System • April 2007

■ Connect to server module SP

■ Display information about chassis components:

■ Whether the component is present

■ FRU SEEPROM data

■ Status

1.1.1 Address Space

The CMM ILOM address space is divided into two regions:■ /CMM is used to manage the CMM ILOM.

■ /CH is used to manage the chassis.


15/144

Chapter 1 CMM ILOM and System Management Overview 1-3

1.1.1.1 CMM Address SpaceThe CMM address space is used for managing the chassis. It contains thefollowing objects:

The following paragraphs describe these targets.

-> cd /CMM/CMM

-> show

/CMM Targets:

cli clients clock logs network serial services sessions users

Properties:

Commands: cd load reset

show version

->


16/144


cli – Displays information about the CMM ILOM, including commands and version.For example, you can look up the syntax of the command stop:

clients – Used to manage LDAP, RADIUS, NTP, and syslog:

■ LDAP – See Chapter 7.■ RADIUS – See Chapter 8.

■ NTP – See Section 5.2, “Setting the CMM ILOM Clock” on page 5-3.

■ syslog (sending syslog files to remote IP) – See Section 6.4.1, “Sending Logs toOther Machines” on page 6-6.

clock – Set the clock. See Section 5.2, “Setting the CMM ILOM Clock” on page 5-3.

logs – Show and clear the system logs. See Section 6.4, “Viewing and Clearing EventLogs” on page 6-4.

network – Used to set up the CMM ILOM’s network configuration. See Chapter 2.

serial – Displays the serial port configuration.

services – Used to configure SNMP and to view SSH settings.

■

SNMP – See Chapter 9.■ View SSH settings – See Section 5.5, “Viewing SSH Settings” on page 5-6

sessions – Displays a list of all active user sessions.

users – Used to view and manage user accounts. See Chapter 4.

-> cd /CMM/cli/commands

-> show stop

/CMM/cli/commands/stop Targets:

Properties: requiredrole = administrator, operator

Commands: cd show

->


17/144


1.1.1.2 CH Address Space

The /CH address space is used for managing the objects in the chassis. A typical/CH address space contains the following objects:

Note – Modules that are not present do not appear in this list. For example, achassis with no server module in slot 5 does not show BL5.

-> cd /CH-> show

/CH Targets: CMM BL0 BL1 BL2 BL3 BL4 BL5 BL6

BL7 BL8 BL9 T_AMB0 T_AMB1 T_OVRD NORMAL SERVICE LOCATE TEMPFAIL FM0 FM1 FM2 FM3 FM4 FM5 PS0 PS1 NEM0 NEM1

Properties: type = Chassis board_part_number = 501-7376-03 board_serial_number = 1762TH1-0701YB006C board_product_name = ASY,BD,MIDPLANE,C10 power_state = On

Commands: cd set show start stop


18/144


1.1.2 ComponentsThe CMM ILOM provides access to the following components:

■ CMM ILOM CLI■ Chassis

■ Power supplies

■ Fan trays

■ NEMs

■ Server module SPs

For each of these FRUs, the CMM ILOM enables you to detect whether it is present,view its status, and view SEEPROM data.

The following sections describe how to use the CLI to access these components.

1.2 Managing Server ModulesThe CMM ILOM allows you to access the CLI on the server module’s SP, and tochange the server module's network configuration.

1.2.1 Accessing Server Module Service ProcessorsUse the following steps to access and exit the server module SPs from the CMMILOM:

1. Navigate to /CH/BLn /SP/cli.

Where n is 0 through 9 for server modules 0 through 9 respectively.

Note – Server modules are identified by their chassis slot ID.

2. Enter the the command start.

A prompt appears.

3. Enter y to continue or n to cancel.

If you entered y, the server module SP prompts you for its password.


19/144


Note – The CMM ILOM logs in to the server module using the user name in theuser target under /CH/BLn/SP/cli (where n is the server module number). Thedefault is root.

To change the user name, see Section 1.2.2, “Changing the Server Module UserName” on page 1-8.

4. Enter the SP password.

The server module SP’s CLI interface appears. See the documentation for yourserver module SP for instructions.

5. When you are done, type the command to exit the service processor. Forexample, type:

exit.

The server module SP exits and the CMM ILOM CLI appears.

The following display shows an example:

-> cd /CH/BL2/SP/cli/CH/BL2/SP/cli

-> startAre you sure you want to start /CH/BL2/SP/cli (y/n)? yPassword: Type the password to the server module SP.

Sun(TM) Integrated Lights Out Manager

Version 1.1.1

Copyright 2006 Sun Microsystems, Inc. All rights reserved.Use is subject to license terms.

Warning: password is set to factory default.

-> cd /SYS This command is only available on the server module./SYS

-> exit Type this command to exit the server module SP and return to theCMM ILOM.Connection to 10.6.153.33 closed.


20/144


1.2.2 Changing the Server Module User NameWhen you log into a server module from the CMM ILOM, the CMM ILOM uses the

default user name root. To change the user name used by the CMM to log in to theserver module:

1. Navigate to /CH/BLn /SP/cli.


2. Enter the command:

set user=name

where name is the user name you want to use on the server module.

1.2.3 Changing the Server Module NetworkConfigurationThe CMM ILOM allows you to change the server module network information,

including the IP address, and DHCP settings.

1. Log in to the CMM ILOM.

2. Navigate to /CH/BLn /SP/network.


3. Type the following commands:

■

To specify a static Ethernet configuration, type:set pendingipaddress=xxx.xxx.xx.xx

set pendingipnetmask= yyy.yyy.yyy.y

set pendingipgateway= zzz.zzz.zz.zzz

set pendingipdiscovery=static

set commitpending=true

where xxx.xxx.xx.xx, yyy.yyy.yyy.y and zzz.zzz.zz.zzz are the IP address,netmask, and gateway for your ILOM and network configuration.

■ To specify a dynamic Ethernet configuration, type:

set pendingipdiscovery=dhcp


Note – Typing set commitpending=true commits your changes.


21/144



22/144



23/144

2-1

CHAPTER 2

CMM ILOM Initial Setup

This chapter describes how to access the CMM ILOM and do the initial setup.

Access to the CMM ILOM is through the serial connector or the NET MGT 0Ethernet connector on the chassis rear panel.

Before you can connect to the Ethernet connector, you must know or configure its IPaddress.

This chapter contains the following sections:■ Section 2.1, “Connecting to the CMM ILOM” on page 2-1

■ Section 2.1.1, “Connecting to the CMM ILOM Using a Serial Connection” onpage 2-2

■ Section 2.1.2, “Connecting to the CMM ILOM Using an Ethernet Connection”on page 2-4

■ Section 2.2, “Configuring the CMM ILOM IP Address” on page 2-5

■ Section 2.2.1, “Viewing the CMM ILOM’s IP Address” on page 2-5

■ Section 2.2.2, “Using DHCP to Assign an IP Address” on page 2-5

■ Section 2.2.3, “Configuring the CMM ILOM IP Address Using the CLI” onpage 2-7

2.1 Connecting to the CMM ILOMThere are two ways to connect to the CMM ILOM:

■ Using a serial connection, as described in Section 2.1.1, “Connecting to the CMMILOM Using a Serial Connection” on page 2-2.

■ Using the Ethernet, as described in Section 2.1.2, “Connecting to the CMM ILOMUsing an Ethernet Connection” on page 2-4


24/144


FIGURE 2-1 shows the connectors on the chassis rear panel.

FIGURE 2-1 Connectors on the Chassis Rear Panel

2.1.1 Connecting to the CMM ILOM Using a SerialConnectionYou can access the CMM ILOM at any time by connecting a terminal or a PCrunning terminal emulation software to the serial connector on the chassis.

1. Verify the your terminal, laptop, or terminal server is operational.

2. Configure that terminal device or the terminal emulation software to use thefollowing settings:

■ 8N1: eight data bits, no parity, one stop bit

■ 9600 baud

■ Disable software flow control (XON/XOFF)


25/144

Chapter 2 CMM ILOM Initial Setup 2-3

3. Connect a serial cable from the serial port (SER MGT) on the chassis panel toa terminal device.

The port appears in FIGURE 2-1.

Note – The serial port requires that the serial cable connected to it use the followingpin assignments.

4. Press Enter on the terminal device.

This establishes the connection between the terminal device and the CMM ILOM.

Note – If you connect a terminal or emulator to the serial port before the CMMILOM has been powered on or during its power on sequence, you will see bootupmessages.

When the system has booted, the CMM ILOM displays its login prompt:

SUNCMMnnnnnnnnnn login:

The first string in the prompt is the default host name. It consists of the prefix

SUNCMM and the CMM ILOM’s MAC address. The MAC address for eachILOM is unique.

TABLE 2-1

Pin Signal Description

1 Request To Send (RTS)

2 Data Terminal Ready (DTR)

3 Transmit Data (TXD)

4 Ground

5 Ground

6 Receive Data (RXD)

7 Data Carrier Detect (DCD)

8 Clear To Send (CTS)


26/144


5. Log in to the CLI:

a. Type the default user name, root.

b. Type the default password, changeme.When you have successfully logged in, the CMM ILOM displays the defaultcommand prompt:

->

The CMM ILOM is running the CLI. You can now run CLI commands.

6. To log out, type exit.

2.1.2 Connecting to the CMM ILOM Using an EthernetConnectionThe CMM ILOM supports SSH sessions through the NET MGT 0 port on the chassisrear panel.

Before you can use this connection, you must:

■ Know its IP address. See Section 2.2, “Configuring the CMM ILOM IP Address”on page 2-5 for more information.

■ Have an Ethernet connection to the NET MGT 0 port, as shown in FIGURE 2-1.

■ Have an SSH client on the host you are using to connect to the CMM ILOM.

To log in using the Ethernet:

1. Start your SSH client.

2. To log in to the CMM ILOM, type:

$ ssh root@ipaddress

where ipaddress is the IP address of the CMM ILOM.

3. Type your password when prompted.

Note – The default user name is root, and the default password is changeme. Tochange it see Chapter 4.


27/144


For example:

4. To log out, type exit.

2.2 Configuring the CMM ILOM IP AddressThis section describes how to view the CMM ILOM’s IP address, and how to changeit using DHCP, or manually, using the CLI.

2.2.1 Viewing the CMM ILOM’s IP Address1. Log in to the CMM ILOM using a serial connection, as described in

Section 2.1.1, “Connecting to the CMM ILOM Using a Serial Connection” onpage 2-2.

2. Type the command:■ To see all the IP address-related information, type:

show /CMM/network

■ To see only the IP address, type:

show /CMM/network/ipaddress

2.2.2 Using DHCP to Assign an IP AddressMost installations use DHCP to assign an IP address to the CMM ILOM. To useDHCP, the following conditions must be present:

■ A DHCP server must be connected to the same subnet as the CMM ILOM. It must be connected to the NET MGT 0 port.

■

The DHCP server must be configured to accept new media access control (MAC)addresses, or configured to know the MAC address of the CMM ILOM.

$ ssh [email protected]@192.168.25.25's password:Sun Integrated Lights Out Manager

Version 1.0Copyright 2006 Sun Microsystems, Inc. All rights reserved.

Warning: password is set to factory default.->


28/144


■ The CMM ILOM must be configured to use DHCP. This is its default setting.

If the CMM ILOM is not configured to use DHCP, you can configure it using theinstructions in Section 2.2.3, “Configuring the CMM ILOM IP Address Using the

CLI” on page 2-7.If these conditions are present, when the CMM ILOM is powered on or reset, DHCPautomatically assigns it an IP address.

Note – Some DHCP servers allow you to specify the IP address that it will assign tothe CMM ILOM. In this case, the CMM ILOM still must be configured for a“dynamic” IP address, even though DHCP’s choice of addresses is “static.”

Finding the CMM ILOM’s MAC Address

The ILOM has a unique media access control (MAC) address that is different fromthe server or server module’s MAC address. You might need this address toconfigure your DHCP server software.

MAC addresses are 12-digit hexadecimal strings in the format xx:xx:xx:xx:xx:xxwhere x represents a single hexadecimal letter (0–9, A–F, a–f). Write down thataddress for future reference.

You can obtain the ILOM MAC address from one of the following locations.

■ Start the CMM ILOM CLI and enter the command show /CMM/network. TheILOM displays its MAC address.

■ Check the Customer Information Sheet shipped with your server.

Using the MAC Address to Find the IP Address

Once the CMM ILOM has been assigned an IP address by DHCP, you can use theMAC address to identify that IP address by looking in the DHCP log file.

Typically, DHCP log file entries are individual lines with the following comma-

separated fields:ID, Date, Time, Description, IP Address, Host Name, MAC Address

Locate the MAC address of your CMM ILOM in the MAC Address (seventh) field of the correct DHCP file entry, and record the corresponding value of the IP address(fifth) field. This is the IP address that you must use to access the WebGUI and theremote console.


29/144


2.2.3 Configuring the CMM ILOM IP Address Usingthe CLI

Use the following procedure to configure the ILOM IP to use a static or dynamic IPaddress.

1. Log in to the CMM ILOM using one of the following methods:

■ Use a serial connection, as described in Section 2.1.1, “Connecting to the CMMILOM Using a Serial Connection” on page 2-2.

■ Use the Ethernet, as described in Section 2.1.2, “Connecting to the CMM ILOMUsing an Ethernet Connection” on page 2-4.

Note – To use the Ethernet, you must already know the CMM ILOM’s IP address.

2. Type the following command to set the working directory:

cd /CMM/network

3. Type the following commands:

■ To specify a static Ethernet configuration, type:

set pendingipaddress=xxx.xxx.xx.xx

set pendingipnetmask= yyy.yyy.yyy.y

set pendingipgateway= zzz.zzz.zz.zzz

set pendingipdiscovery=static


where xxx.xxx.xx.xx, yyy.yyy.yyy.y and zzz.zzz.zz.zzz are the IP address,netmask, and gateway for your ILOM and network configuration.

■ To specify a dynamic Ethernet configuration, type:

set pendingipdiscovery=dhcp


Note – Typing set commitpending=true commits your changes.

4. When you are done, exit the ILOM by typing exit.

Note – If you connected to the ILOM using the Ethernet (SSH), you aredisconnected automatically, because you logged in from a different IP address.


30/144



31/144

3-1

CHAPTER 3

Using the Command-Line Interface

This chapter describes how to use the CMM ILOM’s command-line interface (CLI).The sections include:

■ Section 3.1, “Using CLI Commands” on page 3-1

■ Section 3.2, “Command Syntax” on page 3-4

3.1 Using CLI CommandsThis section describes how to use CLI commands. CLI commands are case-sensitive.

3.1.1 CLI NamespaceThe CLI architecture is based on a hierarchical namespace, which is a predefined treethat contains every managed object in the system. This namespace defines thetargets for each command verb.

The CMM ILOM includes two namespaces: the /CMM namespace and the /CHnamespace.

■ The /CMM namespace manages the CMM ILOM. For example, you use thisspace to manage users, clock settings, and other CMM ILOM issues.

■ The /CH namespace manages the chassis. For example, use this namespace toaccess server modules, fans, and power supplies.


32/144


3.1.2 Privilege LevelsThe CLI provides two privilege levels: administrator and operator. Administratorshave full access to CMM ILOM functionality and operators have read-only access toCMM ILOM information.

Note – The default user, root, has administrator privileges. To create a user accountwith operator privileges, see Chapter 4.

3.1.3 CLI Command SyntaxThe syntax of a command is: verb options target properties

The following sections describe each of these.

3.1.3.1 Command Verbs

The CLI supports the following command verbs.

TABLE 3-1 CLI Command Verbs

Command Description

cd Navigates the object namespace.

create Sets up an object in the namespace.delete Removes an object from the namespace.

exit Terminates a session to the CLI.

help Displays Help information about commands and targets.

load Transfers a file from an indicated source to an indicated target.

reset Resets the state of the target.

set Sets target properties to the specified value.show Displays information about targets and properties.

start Starts the target.

stop Stops the target.

version Displays the version of CMM ILOM firmware.


33/144

Chapter 3 Using the Command-Line Interface 3-3

3.1.3.2 Command Options

The CLI supports the options listed in TABLE 3-2. Not all options are supported for allcommands. See a specific command section for the options that are valid with that

command. The help option can be used with any command.

3.1.3.3 Command Targets

Every object in your namespace is a target. Not all targets are supported for allcommands. Section A.2, “CLI Command Reference” on page A-5 lists eachcommand, with its targets and properties.

3.1.3.4 Command Properties

Properties are the configurable attributes specific to each object. An object can have

one or more properties. Section A.2, “CLI Command Reference” on page A-5 listseach command, with its targets and properties.

TABLE 3-2 Command Options

Option Long Form Short Form Description

-default Causes the verb to perform only its default functions.

-destination Specifies the destination for data.

-display -d Shows the data the user wants to display.

-force -f Causes an immediate action instead of an orderlyshutdown.

-help -h Displays Help information.

-level -l Executes the command for the current target and alltargets contained through the level specified.

-output -o Specifies the content and form of command output.

-script Skips warnings or prompts normally associated withthe command.

-source Indicates the location of a source image.


34/144


3.2 Command SyntaxTo execute most commands, you need to specify the location of the target, then enterthe command. You can execute commands individually, or you can combine them onthe same command line.

1. To execute commands individually:

a. Navigate to the namespace using the CD command.

For example:

cd /CMM/services/snmp

b. Enter the verb, target, and value.

For example:

set port=161

2. To combine commands, use the form verb path/target=value.

For example:set /CMM/services/snmp port=160

The following display shows both methods:

-> cd /CMM/services/snmp - Navigate to namespace /CMM/services/snmp

-> set port=161Set 'port' to '161' - Enter the verb, target, and value

-> set /CMM/services/snmp port=161 - Combine path and show command Set 'port' to '161'

->

4


35/144

4-1

CHAPTER 4

Managing User Accounts

This chapter describes how to manage user accounts using the CLI and the WebGUI.It includes the following sections:

■ Section 4.1, “User Accounts Overview” on page 4-1

■ Section 4.2, “Managing User Accounts” on page 4-2

4.1 User Accounts OverviewThe CMM ILOM supports up to nine user accounts. The root account is set bydefault and cannot be removed. Therefore, you can configure eight additionalaccounts.

Each user account consists of a user name, a password, and a role.

Caution – The CMM ILOM includes a user account called sunservice, which sharesthe CMM ILOM root password. Normally, it is used exclusively by Sun Servicepersonnel; however, it can also be used to perform recovery procedures documentedin the product notes. Incorrect use of this account can corrupt the service processorimage or operations.

The roles include:

■ Administrator – Enables access to all CMM ILOM features, functions, andcommands.

■ Operator – Enables limited access to CMM ILOM features, functions, andcommands. In general, operators cannot change configuration settings.

Operators cannot:

■ See or change LDAP settings

S h RADIUS tti


36/144


■ See or change RADIUS settings

■ Add or remove users

■ Change network settings (view only)

■ Change Network Time Protocol (NTP) settings (view only)■ Change SNMP settings (view only)

■ Change HTTP settings (view only)

4.2 Managing User AccountsThis section describes how to add, modify, and delete user accounts.

4.2.1 Adding a User Account

Type the following command to add a local user account:create /CMM/users/username password= password role=administrator|operator

Only accounts with administrator privileges are allowed to add, modify, or deleteuser accounts. However, operators can modify their own password.

4.2.2 Deleting a User AccountType the following command to delete a local user account:

delete /CMM/users/username

4.2.3 Displaying User AccountsType the following command to display information about all local user accounts:

show /CMM/users

4 2 4 Configuring User Accounts


37/144

Chapter 4 Managing User Accounts 4-3

4.2.4 Configuring User AccountsUse the set command to change passwords and roles for configured user accounts.

4.2.4.1 Syntax

set target [propertyname=value]

4.2.4.2 Targets, Properties, and Values

The following targets, properties, and values are valid for local user accounts.

Examples

When changing the role for user1 from administrator to operator type:

-> set /CMM/users/user1 role=operator

To change the password for user1, type:

-> set /CMM/users/user1 password

Changing password for user /CMM/users/user1/password...

Enter new password:********

Enter new password again:********

New password was successfully set for user /CMM/users/user1

Note – You must have administrator privileges to change user properties.

TABLE 4-1 Valid Targets, Properties, and Values for Local User Accounts

Target Property Value Default

/CMM/users/username permissions

password

administrator|operatorstring

operator


38/144


CHAPTER 5


39/144

5-1

CHAPTER 5

Managing the CMM ILOM Usingthe CLI

This chapter describes how to manage the CMM ILOM. The sections include:

■ Section 5.1, “Configuring CMM ILOM Network Settings” on page 5-1

■ Section 5.2, “Setting the CMM ILOM Clock” on page 5-3

■ Section 5.3, “Resetting the CMM ILOM” on page 5-5

■ Section 5.4, “Updating the CMM ILOM Firmware” on page 5-5■ Section 5.5, “Viewing SSH Settings” on page 5-6

■ Section 5.6, “Displaying CMM ILOM Information” on page 5-8

■ Section 5.7, “Resetting the CMM ILOM Password” on page 5-9

5.1 Configuring CMM ILOM NetworkSettingsYou can display or configure the CMM ILOM network settings from the CLI.

5.1.1 Displaying Network SettingsType the following command to display network settings:

show /CMM/network

5 1 2 Configuring Network Settings


40/144


5.1.2 Configuring Network SettingsUse the set command to change properties and values for network settings.

Network settings have two sets of properties: pending and active. The active settingsare the settings currently in use by the CMM ILOM. These settings are read-only. If you want to change settings, enter the updated settings as the pending settings(pendingipaddress or pendingipgateway), then set the commitpendingproperty to true. This prevents accidental disconnections for both port and networksettings.

Note – Ensure that the same IP address is always assigned to the CMM ILOM byeither assigning a static IP address after initial setup, or configuring your DHCPserver to always assign the same IP address. This enables the CMM ILOM to beeasily located on the network.

5.1.2.1 Syntax



The following targets, properties, and values are valid for CMM ILOM networksettings.

TABLE 5-1 CMM ILOM Network Targets, Properties, and Values


/CMM/network ipaddressipdiscoveryipgatewayipnetmask

These read onlyvalues are updated

by the system

macaddress MAC address of CMM ILOM

commitpendingpendingipaddresspendingipdiscoverypendingipgatewaypendingipnetmask

true|(none)ipaddress|nonedhcp|staticipaddress|noneipdotteddecimal

(none)nonedhcpnone255.255.255.255

Examples


41/144

Chapter 5 Managing the CMM ILOM Using the CLI 5-3

p

To change the IP address for the CMM ILOM, type:

-> set /CMM/network pendingipaddress=nnn.nn.nn.nn commitpending=true

Note – Changing the IP address disconnects your active session if you areconnected to the CMM ILOM via a network.

To change the network settings from DHCP to static assigned settings, type:

-> set /CMM/network pendingipdiscovery=static pendingipaddress=nnn.nn.nn.nn pendingipgateway=nnn.nn.nn.nn pendingipnetmask=nnn.nn.nn.nn commitpending=true

5.2 Setting the CMM ILOM ClockYou can display clock settings or configure your clock to synchronize with one ortwo Network Time Protocol (NTP) servers.

5.2.1 Displaying Clock Settings

Type the following command to display clock settings:

show /CMM/clock

5.2.2 Configuring the Clock to Use NTP ServersUse the set command to change properties and values for NTP servers.

5.2.2.1 Syntax


42/144


y



The following targets, properties, and values are valid for NTP servers.

Example

To configure your clock to synchronize with an NTP server, type:

-> set /CMM/clients/ntp/server/1 address=125.128.84.20

Then enable the NTP service by typing:

-> set /CMM/clock/usentpserver=enabled

Note – After you enable the NTP service, it can take up to five minutes for the clockto synchronize.

TABLE 5-2 Valid Targets, Properties, and Values for NTP Servers


/CMM/clients/ntp/server/1 address ipaddress (none)

/CMM/clients/ntp/server/2 address ipaddress (none)

5.2.3 Interpreting CMM ILOM Clock Settings


43/144


p g gWhen the CMM ILOM reboots, the CMM ILOM clock is set to Thu Jan 1 00:00:00UTC 1970. The CMM ILOM reboots as a result of the following:

■ A complete system unplug/replug power cycle

■ A command-line interface (CLI) command; for example, reset /CMM

■ A CMM ILOM firmware upgrade

After a CMM ILOM reboot, the CMM ILOM clock is changed by the following:

■ Continuously through NTP if NTP is enabled on the CMM ILOM – NTP jumping is enabled, to recover quickly from an erroneous update from the user.

NTP servers provide UTC time. Therefore, if NTP is enabled on the CMM ILOM,the CMM ILOM clock is in UTC.

■ Through the CLI

5.3 Resetting the CMM ILOMTo reset the CMM ILOM using the CLI, type reset /CMM.

5.4 Updating the CMM ILOM FirmwareYou can use CLI to update the CMM ILOM firmware. See Section A.2.6, “Using theload Command” on page A-10 for more information.

Caution – Ensure that you have reliable power before upgrading your firmware. If power to the system fails (for example, if the wall socket power fails or the system isunplugged) during the firmware update procedure, the CMM ILOM could be left inan unbootable state.

Note – The upgrade takes about five minutes During this time no other tasks can


44/144


Note The upgrade takes about five minutes. During this time, no other tasks can be performed in the CMM ILOM.

A successful firmware causes the CMM ILOM to reboot.

A firmware upgrade causes the server and the CMM ILOM to be reset. It isrecommended that a clean shutdown of the server be done prior to the upgradeprocedure.

An upgrade takes about 6 minutes to complete. The CMM ILOM enters a specialmode to load new firmware. No other tasks can be performed in the CMM ILOMuntil the firmware upgrade is complete and the CMM ILOM is reset.

1. If the server OS is running, perform a clean shutdown.

2. Type the following command to update the CMM ILOM firmware:

load -source URL

Note – A network failure during the file upload will result in a time-out. Thiscauses the CMM ILOM to reboot with the prior version of the CMM ILOM firmware.

Example:

3. Firmware update is complete.

The CMM ILOM will now be restarted with the new firmware.

5.5 Viewing SSH SettingsUse the show command to view SSH settings. These are read-only values that youcan display but not write.

-> load -source tftp://zbank/ah27901/CMM-P0-rom.pkgAre you sure you want to load the specified file (y/n)? yFile upload is complete.

Firmware image verification is complete.Do you want to preserve the configuration (y/n)? nUpdating firmware in flash RAM:.Firmware update is complete.ILOM will not be restarted with the new firmware.

TABLE 5-3 shows the valid targets and properties for SSH values.


45/144


TABLE 5-3 Valid Targets and Properties for SSH

Target Property

/CMM/services/ssh/keys/dsa fingerprintlengthpublickey

/CMM/services/ssh/keys/rsa fingerprintlengthpublickey

Use the show command to enter dsa or rsa values.


46/144


Example:

5.6 Displaying CMM ILOM InformationYou can display active sessions, current versions, and other information about theCMM ILOM using the CLI. TABLE 5-4 shows the commands and the information theydisplay.

5.6.1 Displaying Version Information

-> show /CMM/services/ssh/keys/dsa

/CMM/services/ssh/keys/dsa Targets:

Properties: fingerprint =

f7:49:85:b0:e3:65:c0:d0:96:48:06:f5:8c:b7:9c:6b length = 1024 publickey =AAAAB3NzaC1kc3MAAACBAKh+LPnkehPiIou96JraqiZ7qjJ4KTc4DdNJ3ZkBZ94XKrz2B5BNROCL7h4Gb7uAaMZEgtpPqefKy5awEvkA8jNyL5P=

Commands: cd show

->

TABLE 5-4 Commands to Display CMM ILOM Information

Command Information Displayed

version The current CMM ILOM versionshow /CMM/cli/commands All the CLI commands

show /CMM/sessions All active sessions

help targets Available valid targets

Type the following command to display the current CMM ILOM version:

i


47/144


version

For example:

5.7 Resetting the CMM ILOM PasswordResetting the CMM ILOM password requires manipulating a jumper in the chassis.See the Sun Blade 6000 Modular Server Installation Guide, 820-0050 for details.

-> versionCMM firmware 1.1.6CMM firmware build number: 16671CMM firmware date: Tue Feb 27 11:01:21 PST 2007CMM filesystem version: 0.1.14->


48/144


CHAPTER 6


49/144

6-1

Managing the Chassis Using the CLI

This chapter describes how to use the command-line interface (CLI) to manage thechassis. The sections include:

■ Section 6.1, “Viewing Components, Indicators, and Sensors” on page 6-1

■ Section 6.3, “Setting the Locate LED” on page 6-4

■ Section 6.4, “Viewing and Clearing Event Logs” on page 6-4

6.1 Viewing Components, Indicators, andSensorsOn the CLI, components, indicators (LEDs), and sensors are located in /CH. For

details on individual sensors, see Chapter 10.The following display shows the contents of a typical /CH.

Note – The displays in this section are examples. For detailed sensor information,see Chapter 10


50/144


see Chapter 10.

-> cd /CH-> show

/CH Targets: CMM BL0 BL1 BL2

BL3 BL4 BL5 BL6 BL7 BL8 BL9 T_AMB0 T_AMB1 T_OVRD NORMAL

SERVICE LOCATE TEMPFAIL FM0 FM1 FM2 FM3 FM4 FM5 PS0 PS1 NEM0 NEM1

Properties: type = Chassis board_part_number = 501-7376-03 board_serial_number = 1762TH1-0701YB006C board_product_name = ASY,BD,MIDPLANE,C10 power_state = On

Commands: cd set show start stop

->

● To display information about a particular sensor, indicator or component, usethe show command.


51/144

Chapter 6 Managing the Chassis Using the CLI 6-3

In this example, /CH/BL2 represents server module number 2. It has thefollowing targets:

The following display shows a temperature sensor (T_AMB0).

-> show /CH/BL2

/CH/BL2 Targets: PRSNT SP

Properties: type = Blade FRU

Commands: cd show

->

--> show /CH/T_AMB0

/CH/T_AMB0 Targets:

Properties: type = Temperature class = Threshold Sensor value = 22.000 degree C upper_nonrecov_threshold = Not Available upper_critical_threshold = Not Available upper_noncritical_threshold = Not Available lower_nonrecov_threshold = Not Available lower_critical_threshold = Not Available

lower_noncritical_threshold = Not Available

Commands: cd show->

6 2 Sh tti D d R t ti th


52/144


6.2 Shutting Down and Restarting the

ChassisUse the stop and start commands to shut down and restart the chassis.

● To shut down the chassis, use the stop /CH command.

This command shuts down the entire chassis, including fans, power supplies,and all server modules.

Caution – Do not use this command unless all the server modules in the chassis areshut down. Shutting down the chassis when server modules are not shut down candamage chassis components and the server modules.

● To restart the chassis, use the start /CH command.

6.3 Setting the Locate LEDThe locate LED is a white LED that you can light to help you find your server in acrowded equipment room. It has two states, fast blink and off.

■ To turn off the LED, type:

set /CH/LOCATE value=Off

■ To turn on the LED, type:

set /CH/LOCATE value=Fast_Blink

6.4 Viewing and Clearing Event LogsThis section describes how to view and clear the system event log (SEL).

Caution – The CMM ILOM tags all events or actions with LocalTime=GMT (orUDT). Browser clients show these events in LocalTime. This can cause apparentdiscrepancies in the event log. When an event occurs on the CMM ILOM, the event

log shows it in UDT, but a client would show it in local time.

1. Navigate to /CMM/logs/event.

2. From the CLI, type show list


53/144

Chapter 6 Managing the Chassis Using the CLI 6-5

The event log scrolls onto your screen.

3. To scroll down, press any key except q.

4. To stop displaying the log, press q.

5. To clear the event log, type set clear=true.

The CLI asks you to confirm.

6. Type y.

The CLI clears the event log.

For example:

-> cd /CMM/logs/event/CMM/logs/event

-> show list

/CMM/logs/event/list Targets:

Properties:

Commands: show

ID Date/Time Class Type Severity----- ------------------------ -------- -------- --------1522 Sun Jul 30 01:11:36 2006 Audit Log minor

root : Close Session : object = /session/type : value = www : success1521 Sun Jul 30 01:05:34 2006 Audit Log minor root : Close Session : session ID = 1307912184 : success1520 Sun Jul 30 01:05:33 2006 Audit Log minor root : Close Session : session ID = 2004820934 : successPaused: press any key to continue, or 'q' to quit

-> set clear=trueAre you sure you want to clear /CMM/logs/event (y/n)? ySet 'clear' to 'true'

->

6.4.1 Sending Logs to Other MachinesYou can send logs to other machines After a destination is configured new


54/144


You can send logs to other machines. After a destination is configured, newmessages are sent to the destination machine(s) in syslog format.

1. Navigate to /CMM/clients/syslog.

2. Enter the IP address of the receiving machine:

6.5 Displaying Available TargetsType the following command to display the available valid targets:

help targets

-> cd syslog/CMM/clients/syslog

-> show

/CMM/clients/syslog Targets:

Properties: destination_ip1 = (none) destination_ip2 = (none)

Commands: cd set show

-> set destination_ip1 = nn.nn.nn.nn

CHAPTER 7


55/144

7-1

Lightweight Directory AccessProtocol (LDAP)

The CMM ILOM supports LDAP authentication for users, based on the OpenLDAPsoftware. LDAP is a general-purpose directory service. A directory service is acentralized database for distributed applications designed, to manage the entries in adirectory. Thus, multiple applications can share a single user database. For moredetailed information on LDAP, go to http://www.openldap.org/.

LDAP is based on a client-server model. LDAP provides the directory, and theclients use the directory service to access entries. The data stored in a directory can

be distributed among several LDAP servers.

This chapter includes the following sections:

■ Section 7.1, “LDAP Servers Directory Organization” on page 7-1

■ Section 7.2, “LDAP Clients and Servers” on page 7-2

■ Section 7.3, “Configuring the LDAP Server” on page 7-3

7.1 LDAP Servers Directory OrganizationData in LDAP is organized hierarchically, starting at a root and branching down into

individual entries. Entries at the top level of the hierarchy represent largerorganizations, and under the larger organizations are entries for smallerorganizations. At the bottom of the hierarchy are entries for individual people orresources.

Each entry is uniquely identified by a distinguished name (dn). A distinguishedname consists of a name that uniquely identifies the entry at that hierarchical leveland a path that traces the entry back to the root of the tree.

For example, the distinguished name for jsmith is:

dn: uid=jsmith, ou=people, dc=sun.com

Here, uid represents the user ID of the entry, ou represents the organizational unitin which the entry belongs and dc represents the larger organization in which the

http://www.openldap.org/http://www.openldap.org/http://www.openldap.org/


56/144


in which the entry belongs, and dc represents the larger organization in which theentry belongs.

FIGURE 7-1 shows how distinguished names are used to identify entries uniquely inthe directory hierarchy.

FIGURE 7-1 LDAP Distinguished Names

7.2 LDAP Clients and ServersIn the LDAP client-server model, LDAP servers make information about people,organizations, and resources accessible to LDAP clients. Clients make changes to the

LDAP database using a client utility, usually bundled with the LDAP server. When achange is made to the LDAP database, all client applications see the changeimmediately, so there is no need to update each distributed application.

An LDAP client can perform the following operations, among others:

■ Search for and retrieve entries from the directory.

■ Add new entries to the directory.

■

Update entries in the directory.

■ Delete entries from the directory.

■ Rename entries in the directory.

F l t d t t i th di t LDAP li t b it th


57/144

Chapter 7 Lightweight Directory Access Protocol (LDAP) 7-3

For example, to update an entry in the directory, an LDAP client submits the

distinguished name of the entry with updated attribute information to the LDAPserver. The LDAP server uses the distinguished name to find the entry and performsa modify operation to update the entry in the directory. The updated information isimmediately available to all the distributed applications using that LDAP server.

To perform any of these LDAP operations, an LDAP client needs to establish aconnection with an LDAP server. LDAP specifies the use of TCP/IP port number389, although servers may run on other ports.

Your Sun server can be a client of an LDAP server. To use LDAP authentication, youneed to create a user on your LDAP server that your Sun server can authenticate, or bind to, so that the client has permission to search the proper directory on the LDAPserver.

7.3 Configuring the LDAP ServerTo use LDAP, you must configure your LDAP server, according to your LDAP serverdocumentation, and your CMM ILOM, using the CLI.

This procedure requires detailed knowledge of your LDAP server configuration.Before you begin, gather basic network information about your LDAP server,including its IP address.

Note – This task is similar to configuring LDAP as a name service for Linux or theSolaris operating system.

7.3.1 Configuring LDAP Server1. Ensure that all users authenticating to the CMM ILOM have passwords stored


58/144


in crypt format or the GNU extension to crypt , commonly referred to as MD5

crypt.For example,

userPassword: {CRYPT}ajCa2He4PJhNo

or

userPassword: {CRYPT}$1$pzKng1$du1Bf0NWBjh9t3FbUgf46.

The CMM ILOM supports LDAP authentication only, for passwords stored inthese two variations of the crypt format.

2. Add object classes posixAccount and shadowAccount , and populate therequired property values for this schema (RFC 2307).

3. Provide the CMM ILOM access to user accounts on your LDAP server.

Either enable your LDAP server to accept anonymous binds, or create a proxyuser on your LDAP server that has read-only access to all user accounts that willauthenticate through the CMM ILOM.

See your LDAP server documentation for more details.

7.3.2 Configuring the CMM ILOMAfter the LDAP server is configured, you must configure the CMM ILOM.

1. Enter the proxy user name and password. From the command line, type:

set /CMM/clients/ldap binddn=cn=proxyuser, ou=sales, dc=sun, dc=combindpw =password

TABLE 7-1 LDAP Property Values

Required Property Description

uid User name for logging in to your CMM ILOM

uidNumber Any unique number

gidNumber Any unique number

userPassword Password

homeDirectory Any value (this property is ignored by the CMM ILOM)

loginShell Any value (this property is ignored by the CMM ILOM)

2. Enter the IP address of the LDAP server. From the command line, type:

set /CMM/clients/ldap ipaddress=ldapipaddress

3 Assign the port used to communicate with the LDAP server; the default port is


59/144

Chapter 7 Lightweight Directory Access Protocol (LDAP) 7-5

3. Assign the port used to communicate with the LDAP server; the default port is

389. From the command line, type:set /CMM/clients/ldap port=ldapport

Enter the distinguished name of the branch of your LDAP tree that containsusers and groups. From the command line, type:

set /CMM/clients/ldap searchbase="ou=people, ou=sales, dc=sun, dc=com"

This is the location in your LDAP tree that you want to search for userauthentication.

4. Set the state of the LDAP service to enabled. From the command line, type:

set /CMM/clients/ldap state=enabled

5. To verify that LDAP authentication works, log in to the CMM ILOM using anLDAP user name and password.

Note – The CMM ILOM searches local users before it searches LDAP users. If an

LDAP user name exists as a local user, the CMM ILOM uses the local account forauthentication.


60/144


CHAPTER 8


61/144

8-1

RADIUS

The CMM ILOM supports Remote Authentication Dial-In User Service (RADIUS)authentication for users, based on RFC 2058 and RFC 2059. RADIUS is anauthentication protocol that facilitates centralized user administration. RADIUSallows many servers shared access to user data in a central database, providing

better security and easier administration.

This chapter contains the following sections:

■ Section 8.1, “RADIUS Overview” on page 8-1

■ Section 8.2, “Configuring RADIUS Settings” on page 8-2

■ Section 8.3, “RADIUS Commands” on page 8-3

8.1 RADIUS OverviewRADIUS is based on a client-server model. The RADIUS server provides the userauthentication data and can grant or deny access, and the clients send user data tothe server and receive an accept or deny response. A RADIUS server can work inconjunction with multiple RADIUS servers and other types of authenticationservers.

In the RADIUS client-server model, the client sends an Access-Request query to the

RADIUS server. When the server receives an Access-Request message from a client,it searches the database for that user’s authentication information. If the user’sinformation is not found, the server sends an Access-Reject message and the user isdenied access to the requested service. If the user’s information is found, the serverresponds with an Access-Accept message. The Access-Accept message confirms theuser’s authentication data and grants the user access to the requested service.

All transactions between the RADIUS client and server are authenticated by the useof a shared secret. The client and server must each know the secret because it isnever passed over the network. You must know the shared secret to configureRADIUS authenticating for the CMM ILOM.


62/144


To use RADIUS configuration with the CMM ILOM, you must configure the CMMILOM as a RADIUS client. For more information, see Section 8.2, “ConfiguringRADIUS Settings” on page 8-2.

8.2 Configuring RADIUS SettingsIf you need to provide CMM ILOM access beyond the 10 local user accounts, youcan configure the CMM ILOM to use RADIUS authentication. You must have aproperly configured RADIUS server before you can use RADIUS authentication withthe CMM ILOM.

Before completing this procedure, collect the appropriate information about yourRADIUS environment, as described in Section 8.1, “RADIUS Overview” on page 8-1.

1. Log in to the CLI as administrator.

2. Navigate to /CMM/clients/radius.

3. Set the parameters shown in TABLE 8-1.

8.2.1 RADIUS ParametersTABLE 8-1 describes the RADIUS parameters.

TABLE 8-1 RADIUS WebGUI and CLI Settings

CLI Description

defaultrole

administrator|operator

Sets the default role for all RADIUS user:

administrator or operatoripaddress ipaddress The IP address of the RADIUS server

port portnum The port number used to communicate withthe RADIUS server. The default port is 1812.

state enabled|disabled Enable to authenticate RADIUS users

secret text The shared secret used to gain access toRADIUS

8.3 RADIUS Commands


63/144

Chapter 8 RADIUS 8-3

This section describes the RADIUS commands.

8.3.1 show /CMM/clients/radius

This command is available to administrators and operators.

Purpose

Use this command to view the properties associated with RADIUS authentication.

Syntax

show /CMM/clients/radius

Properties

defaultrole – This is the role assigned to all RADIUS users. It is either administratoror operator.

ipaddress – The IP address of your RADIUS server.

port – The port number used to communicate with your RADIUS server. The defaultport is 1812.

secret – Enter the shared secret used to gain access to your RADIUS server.

state – Choose enabled or disabled to allow or deny access to your RADIUSusers.

Example

-> show /CMM/clients/radius


64/144


8.3.2 set /CMM/clients/radiusThis command is available to administrators.

Purpose

Use this command to configure the properties associated with RADIUSauthentication on a service processor.

Syntax

set /CMM/clients/radius [defaultrole=[Administrator|Operator]ipaddress=radiusserverIP port=port# secret=radiussecret state=[enabled|disabled]]

Properties

■ defaultrole – Assign a permission level that will apply to all RADIUS users.

■ ipaddress – The IP address of your RADIUS server.

/CMM/clients/radius Targets:

Properties: defaultrole = Operator ipaddress = 129.144.36.142 port = 1812 secret = (none) state = enabled

Commands: cd set show

->

■ port – The port number used to communicate with your RADIUS server. Thedefault port is 1812.

■ secret – Enter the shared secret used to gain access to your RADIUS server. This isalso known as an encryption key.


65/144

Chapter 8 RADIUS 8-5

■ state – Choose enabled or disabled to allow or deny access to your RADIUS users.

Example

8.3.3 show /CMM/clientsThis command is available to administrators and operators.

Purpose

Use this command to view clients that can recive data from a service processor,including LDAP, NTP, RADIUS, and SYSLOG clients.

Syntax

show /CMM/clients

-> set /CMM/clients/radius state=enabled ipaddress=10.8.145.77Set 'state' to 'enabled'Set 'ipaddress' to '10.8.145.77

Example

-> show /CMM/clients


66/144


Note – Users with operator privileges can only view the ntp and syslog targets.The radius and ldap targets remain hidden.

/CMM/clients Targets:ldapntpradiussyslog

Properties:

Commands: cd show

CHAPTER 9


67/144

9-1

Using Simple NetworkManagement Protocol (SNMP)

This chapter describes how to use SNMP. It includes the following sections:

■ Section 9.1, “About SNMP” on page 9-1

■ Section 9.2, “SNMP Management Information Base (MIB) Files” on page 9-2

■ Section 9.3, “MIBs Integration” on page 9-3

■

Section 9.4, “About SNMP Messages” on page 9-3■ Section 9.5, “About the CMM ILOM and SNMP” on page 9-4

■ Section 9.6, “Managing SNMP Users” on page 9-5

9.1 About SNMPThe Sun server supports the Simple Network Management Protocol (SNMP)interface, versions 1, 2c, and 3. SNMP is an open technology that enables themanagement of networks and devices, or nodes, connected to the network. SNMPmessages are sent over IP using the User Datagram Protocol (UDP). Anymanagement application that supports SNMP can manage your server.

9.1.1 How SNMP WorksUtilizing SNMP requires two components: a network management station and amanaged node (in this case, the CMM ILOM). Network management stations hostmanagement applications, which monitor and control managed nodes.

Managed nodes are any number of devices, including servers, routers, and hubs thathost SNMP management agents responsible for carrying out the requests frommanagement stations. The management station monitors nodes by pollingmanagement agents for the appropriate information using queries. Managed nodescan also provide unsolicited status information to a management station in the form


68/144


p gof a trap. SNMP is the protocol used to communicate management information

between the management stations and agents.

The SNMP agent is preinstalled and runs on the CMM ILOM, so all SNMPmanagement of the server should occur through the CMM ILOM. To utilize thisfeature, your operating system must have an SNMP client application. See youroperating system vendor for more information.

The SNMP agent on your CMM ILOM provides the following capabilities: inventorymanagement and sensor and system state monitoring.

9.2 SNMP Management Information Base

(MIB) FilesThe base component of an SNMP solution is the management information base(MIB). A MIB is a text file that describes a managed node’s available informationand where it is stored. When a management station requests information from amanaged node, the agent receives the request and retrieves the appropriateinformation from the MIBs. The Sun server supports the following SNMP classes of MIB files. Download and install the product-specific MIB files from your Tools and

Drivers CD for your platform.■ The system group and SNMP group from RFC1213 MIB

■ SNMP-FRAMEWORK-MIB

■ SNMP-USER-BASED-MIB

■ SNMP-MPD-MIB SUN-PLATFORM-MIB

■ ENTITY-MIB

■ SUN-PLATFORM-MIB

9.3 MIBs Integration


69/144

Chapter 9 Using Simple Network Management Protocol (SNMP) 9-3

Use the MIBs to integrate the management and monitoring of the server into SNMPmanagement consoles. The MIB branch is a private enterprise MIB, located at MIBobject iso(1)/org (3)/dod (6)/internet (1)/private (4)/enterprises (1)/sun(42)/products (2). FIGURE 9-1 shows the arrangement. The standard SNMP port (port161) is used by the SNMP agent on the CMM ILOM.

FIGURE 9-1 Sun server MIB Tree

9.4 About SNMP MessagesSNMP is a protocol, not an operating system, so you need some type of applicationto use SNMP messages. Your SNMP management software might provide thisfunctionality, or you can use an open source tool like net-SNMP, which is availableat:

http://net-snmp.sourceforge.net/

Both management stations and agents use SNMP messages to communicate.Management stations can send and receive information. Agents can respond torequests and send unsolicited messages in the form of a trap. There are fivefunctions that management stations and agents use:

■

http://net-snmp.sourceforge.net/http://net-snmp.sourceforge.net/


70/144


Get■ GetNext

■ GetResponse

■ Set

■ Trap

By default, port 161 is used for SNMP messages and port 162 is used to listen for

SNMP traps.

9.5 About the CMM ILOM and SNMPThe CMM ILOM has a preinstalled SNMP agent that supports trap delivery to an

SNMP management application.To use this feature, you must (1) integrate the platform-specific MIBs into yourSNMP environment, (2) tell your management station about your server, and (3)configure the specific traps.

The Sun server MIB tree appears in FIGURE 9-1.

9.5.1 Integrating the MIBsUse a third-party SNMP management application to load the SUN-PLATFORM-MIBlisted in Section 9.2, “SNMP Management Information Base (MIB) Files” on page 9-2.

9.5.2 Adding Your Server to Your SNMP EnvironmentAdd your Sun server as a managed node, using your SNMP managementapplication. See your SNMP management application documentation for moredetails.

9.6 Managing SNMP Usersdd d l f f h d f l


71/144

Chapter 9 Using Simple Network Management Protocol (SNMP) 9-5

You can add, delete, or configure SNMP user accounts from the CLI. By default,SNMP v3 is enabled, and SNMP v1 and v2c are disabled.

9.6.1 Adding a User AccountTo add an SNMP v3 read-only user account, type the following command:

create /CMM/services/snmp/users/username authenticationpassword= password

To add an SNMP v1/v2c user account, type the following command:

create /CMM/services/snmp/communities/communityname

9.6.2 Deleting a User AccountTo delete an SNMP v3 user account, type the following command:

delete /CMM/services/snmp/users/username

To delete an SNMP v1/v2c user account, type the following command:

delete /CMM/services/snmp/communities/communityname

9.6.3 Configuring User AccountsTo configure SNMP user accounts, use the set command.

9.6.3.1 Syntaxset target [propertyname=value]


These targets, properties, and values are valid for SNMP user accounts.

TABLE 9-1 SNMP User Account Targets, Properties, and Values


72/144


9.6.3.3 Examples

When changing the parameters of SNMP users, you must set values for all theproperties, even if you are not changing all the values. For example, to change user

jeff's privacyprotocol to DES you must type:

-> set /CMM/services/snmp/users/jeff privacyprotocol=DES privacypassword= password authenticationprotocol=SHA authenticationpassword= password

Your changes would be invalid if you typed:

-> set /CMM/services/snmp/users/jeff privacyprotocol=DES

Note – You can change SNMP user permissions without resetting the privacy andauthentication properties.


/CMM/services/snmp/communities/communityname

permissions ro|rw ro

/CMM/services/snmp/users/username

authenticationprotocolauthenticationpasswordpermissions

privacyprotocolprivacypassword

MD5|SHAstring

ro|rw

none|DESstring

MD5(null string)ro

none*(null string)

/CMM/services/snmp engineid = noneport = 161sets = enabledv1 = disabledv2c = disabled

v3 = disabled

string

integer

enabled|disabledenabled|disabledenabled|disabled

enabled|disabled

(null string)161disableddisableddisabled

enabled* If the privacyprotocol property has a value other than none, then a privacypassword must be set.

CHAPTER 10


73/144

10-1

Sensors

This chapter provides information about the CMM sensors.

■ Discrete sensors display information about the CMM components

■ Threshold sensors show analog values, such as temperature readings or voltagelevels.

Types of Sensors

Discrete Sensors

Discrete sensors display a single value from a set of possible values. The possiblevalues for discrete sensors are listed in TABLE 1.

Discrete sensors are displayed in the following format

Where the following variables are used:

■ POSSIBLE_SUB_SENSORS: A list of sensors below this sensor. Examples includefault or warning sensors. Using the ’cd’ command, the user can navigate to thesub-sensor node.

■ SENSOR_TYPE: The type of sensor.

■

SENSOR_VALUE: The sensor value.

/PATH/TO/SENSOR Targets: $(POSSIBLE_SUB_SENSORS) Properties: type = $(SENSOR_TYPE) class = Discrete value = $(SENSOR_VALUE)

Threshold Sensors

Threshold sensors display analog reading, such as temperature or voltage levels, andassociated thresholds for that reading. These can be configured to generate systemevents when they exceed specified thresholds.


74/144


In general, these sensors are displayed in the following format:

■ POSSIBLE_SUB_SENSORS: A list of sensors below this sensor. Examples includefault or warning sensors. Use the CD command to navigate to the sub-sensor.

■ SENSOR_TYPE: The type of sensor.

■ SENSOR_VALUE: The near real-time analog reading from the sensor.

■ SENSOR_UNITS: The units describing the SENSOR_VALUE reading.

■ UNR_THRESH, UC_THRESH UNC_THRESH, LNR_THRESH, LC_THRESH,

LNC_THRESH: These values may generate a system event if theSENSOR_VALUE crosses their thresholds.

If the CLI has no access to threshold values, for example if a component is notpresent, the corresponding sensor is displayed as “0.000”.

Displaying SensorsAll sensors are located in the /CH namespace. The fields are separated by periodsand (in limited cases) by the underbar character “_”. The first field of the sensor IDis one of the targets in /CH.

To display the sensors using the CLI, separate the fields into targets and navigateusing the cd and show commands:

For example:

/PATH/TO/SENSOR Targets: $(POSSIBLE_SUB_SENSORS) Properties: type = $(SENSOR_TYPE)

class = Threshold value = $(SENSOR_VALUE) $(SENSOR_UNITS) upper_nonrecov_threshold = $(UNR_THRESH) $(SENSOR_UNITS) upper_critical_threshold = $(UC_THRESH) $(SENSOR_UNITS)

upper_noncritical_threshold = $(UNC_THRESH) $(SENSOR_UNITS) lower_nonrecov_threshold = $(LNR_THRESH) $(SENSOR_UNITS) lower_critical_threshold = $(LC_THRESH) $(SENSOR_UNITS)

lower_noncritical_threshold = $(LNC_THRESH) $(SENSOR_UNITS)

fm3.f0.speed (0xb)

can be viewed by entering:

-> show /CH/FM3/F0/SPEED


75/144

Chapter 10 Sensors 10-3

Note – If the chassis slot does not contain a server module, or if a power supply isnot present, the corresponding target might not appear. For example, if slot 3 isempty, the target BL3 might not appear.

Sensor InformationThe following table shows the CMM sensors:

TABLE 1 CMM Sensors

Name Data Path to Sensor Description

Sensor ID nem0.prsnt (0x1) /CH/NEM0 NEM 0 presence

Entity ID 44.0

Sensor Type (Discrete) Entity Presence

States Asserted Availability State[Device Present|Absent]

Sensor ID nem1.prsnt (0x2) /CH/NEM1 NEM 1 presence

Entity ID 44.1



Sensor ID ps0.prsnt (0x3) /CH/PS0 Power supply module 0presence

Entity ID 10.0



Sensor ID ps1.prsnt (0x4) /CH/PS1 Power supply module 1presence

Entity ID 10 1

TABLE 1 CMM Sensors (Continued)

Name Data Path to Sensor Description


76/144


Entity ID 10.1



Sensor ID fm0.f0.speed (0x5) /CH/FM0/F0/SPEED Fan module 0 fan 0 speed

Entity ID 29.0

Sensor Type (Analog) Fan

Sensor Reading 3960 (+/- 0) RPM

Status ok

Lower Non-Recoverable

na

Lower Critical na

Lower Non-Critical na

Upper Non-Critical na

Upper Critical na

Upper Non-Recoverable

na

Assertions Enabled

Sensor ID fm0.f1.speed (0x6) /CH/FM0/F1/SPEED Fan module 0 fan 1 speed

Entity ID 29.0

Sensor Type (Analog) Fan

Sensor Reading 3960 (+/- 0) RPM

Status ok

Lower Non-Recoverable

na

Lower Critical na

Lower

Documents

Sb x6000 Ilom20 Admin Guide