5.1 Overview of the XSCF Command Shell
Performing certain XSCF commands on the XSCF Shell terminal can display the server status so that control and configuration information related to system operation can be viewed.
The XSCF commands are effectively used by users who have created user accounts for the XSCF Shell terminal but cannot use the XSCF Web.
The following XSCF commands can be used from the XSCF Shell prompt (XSCF>) displayed after login to XSCF.
There are nine user privilege types as described below. For details on setting the user privilege, see Chapter 2. For details on the operations available with each user privilege level, see Chapter 1 or the Administration Guide.
•domainop: The user can refer to all status information in a domain.
•domainmgr: The user can perform domain power operations.
•domainadm: The user has domain administrator privilege and can perform every type of domain operation.
•platop: The user can refer to all status information in the entire system.
•platadm: The user has system administrator privilege and can use almost all XSCF Shell commands
•useradm: The user can manage user accounts.
•auditop: The user can refer to the audit method of the XSCF and the audit records.
•auditadm: The user can control the audit to the XSCF.
•fieldeng: The user can perform the commands for FEs.
TABLE 5-1 outlines the XSCF Shell commands. For details on each command and user privileges, see the man page or the XSCF Reference Manual.
TABLE 5-1 XSCF Commands Command
Description
adduser
Creates an XSCF user account.
deleteuser
Deletes an XSCF user account.
disableuser
Disables an XSCF user account
enableuser
Enables an XSCF user account.
showuser
Displays XSCF user account information. Alternatively, it displays the user's own user account information.
password
Changes an XSCF user account password. Alternatively, it changes the user's own XSCF user account password.
setpasswordpolicy
Configures the XSCF password policy.
showpasswordpolicy
Displays the XSCF password policy.
setprivileges
Assigns user privileges.
setloginlockout
Configures the lockout of user accounts.
showloginlockout
Displays the lockout setting of user accounts.
setnetwork
Configures the XSCF network.
shownetwork
Displays the XSCF network settings and XSCF-LAN network status.
setroute
Configures the XSCF-LAN route.
showroute
Displays XSCF-LAN route settings.
sethostname
Specifies the XSCF-LAN host name and domain name.
showhostname
Displays the XSCF-LAN host name and domain name.
setnameserver
Sets the XSCF name servers (DNS servers) and the search paths.
shownameserver
Displays the XSCF name servers and the search paths.
applynetwork
Applies the network settings.
setdscp
Configures DSCP.
showdscp
Displays the DSCP settings.
nslookup
Checks for the name resolution of a host name.
ping
Checks the response for a host.
traceroute
Displays the network path to the host by list.
setpacketfilters
Sets the IP packet filtering rules to be used in the XSCF network.
showpacketfilters
Displays the IP packet filtering rules that are set in the XSCF network.
settimezone
Specifies the time zone.
showtimezone
Displays the time zone setting.
setdate
Sets the XSCF time.
showdate
Displays the XSCF time.
setntp
Configures the NTP server.
showntp
Displays the NTP server setting.
resetdateoffset
Resets the time subtraction between the XSCF and the domain.
showdateoffset
Displays the time subtraction between the XSCF and the domain.
setssh
Configures SSH. Generates RSA and DSA keys for SSH2 host authentication.
showssh
Displays the SSH settings and fingerprint.
settelnet
Configures telnet.
showtelnet
Displays the telnet settings.
setautologout
Sets the session timeout time of the XSCF Shell.
showautologout
Displays the session timeout time of the XSCF Shell.
setsmtp
Configures the SMTP server.
showsmtp
Displays the the SMTP server settings.
setemailreport
Configures mail notification.
showemailreport
Displays the mail notification settings.
setlookup
Enables or disables the use of an LDAP server for authentication and user privilege lookup.
showlookup
Displays information about whether an LDAP server is used for authentication and user privilege lookup.
setldap
Configures LDAP client settings.
showldap
Displays LDAP client settings.
setad
Configures Active Directory client settings.
showad
Displays Active Directory client settings.
setldapssl
Configures LDAP/SSL client settings.
showldapssl
Displays LDAP/SSL client settings.
sethttps
Configures the https settings.
showhttps
Displays the https settings.
setupplatform
•Sets up platform-specific settings.
Note: In the platform-specific settings, the following items can be optionally configured. Each item is the same as the setting of Chapter 2.
•User Account settings
•XSCF Network Settings
•Internal DSCP Network
•Domain Name Service
•Network Time Protocol
•SSH
•HTTPS Server
•Email Reports
setarchiving
Configures the log archiving function of XSCF.
showarchiving
Displays the settings of the log archiving function of XSCF.
setaudit
Configures the auditing of XSCF.
showaudit
Displays the settings of the audit of XSCF.
viewaudit
Displays the audit records (Audit trail) of XSCF.
setsnmp
Configures the SNMP Agent.
showsnmp
Displays the SNMP Agent settings.
setsnmpusm
Configures the USM management information for the SNMP agent.
showsnmpusm
Displays the USM management information for the SNMP agent.
setsnmpvacm
Configures the VACM management information for the SNMP agent.
showsnmpvacm
Displays the VACM management information for the SNMP agent.
setsunmc
Start or stop the Sun Management Center agent and make changes to its configuration.
showsunmc
Show setup information and status of Sun Management Center agent.
setdcl
Specifies the domain configuration information (DCL).
showdcl
Displays the domain configuration information.
showboards
Displays the component information and the COD information about a system board.
showdevices
Displays the domain information specified for a system board.
showdomainstatus
Displays the domain status.
setupfru
Specifies the number of XSB partitions of the system board and sets the memory mirror mode.
showfru
Displays the specified number of XSB partitions of the system board and the memory mirror mode that is set.
testsb
Diagnoses the system board.
addboard
Adds a system board to a domain.
deleteboard
Deletes a system board from a domain. Alternatively, it reserves a delete to the system board. If the deletion is reserved, the deletion is done after Oracle Solaris OS reboot.
moveboard
Moves a system board to another domain. Alternatively, it reserves a move to the system board. If the movement is reserved, the deletion is done after Oracle Solaris OS reboot of source domain, and the assignment to the new domain is done.
replacefru
Replaces a CPU/Memory Board unit, I/O unit, fan unit, PSU, or XSCF Unit in work performed according to the applicable guide.
addfru
Installs a CPU/Memory Board unit, I/O unit, fan unit, or PSU in work performed according to the applicable guide.
deletefru
Removes a CPU/Memory Board unit or I/O unit in work performed according to the applicable guide.
setdomainmode
Sets a hardware initial diagnostic level (No, standard, maximum).
Enables or disables break signal sending, host watchdog, automatic boot, and sets CPU operation mode.
showdomainmode
Displays the domain host ID, the hardware initial diagnostic level, information of enabled or disabled status on break signal sending, Host watchdog, automatic boot, and displays CPU operation mode, ethernet address (mac address).
sendbreak
Sends a break signal to the server.
showresult
Displays the exit status of the most recently executed command.
setlocale
Sets locale.
showlocale
Displays locale.
setaltitude
Sets altitude.
showaltitude
Displays altitude.
cfgdevice
Sets the connection destination of the DVD drive unit and tape drive unit. Displays the setting status information.
console
Connects to a domain console.
showconsolepath
Displays the operating status of the main console.
showenvironment
Displays the temperature, humidity, voltage, fan rotation speed, power consumption, and exhaust airflow.
showstatus
Lists degraded components.
showhardconf
Displays all components mounted in the server.
poweron
Turns on power to all domains or the specified domain.
poweroff
Turns off power to all domains or the specified domain.
reset
Resets the specified domain.
Note: The following three reset modes are available:
por: Domain system reset
request: Domain panic instruction
xir: Domain CPU reset
setpowerupdelay
Sets the warm-up time and the air-conditioning wait time.
showpowerupdelay
Displays the warm-up time and the air-conditioning wait time settings.
setshutdowndelay
Sets the UPS shutdown delay time at power failure.
showshutdowndelay
Displays the UPS shutdown delay time at power failure.
setdualpowerfeed
Sets the dual power feed.
showdualpowerfeed
Displays the dual power feed.
setlocator
Enables or disables the CHECK LED blinking.
showlocator
Displays the LED status.
switchscf
Switches the XSCF Unit state (Active/Standby).
ioxadm
Configures the External I/O Expansion Unit (IOBOX).
Displays the External I/O Expansion Unit settings.
clockboard
Sets/Displays the number of clock unit (CLKU) used when the next platform is powered on.
setdomparam
Rewrites the OpenBoot PROM environment variable that is compulsory.
getflashimage
Gets the firmware update program.
flashupdate
Updates the firmware program.
version
Displays the comprehensive firmware (XCP) version.
Displays the XSCF firmware version.
Displays the OpenBoot PROM firmware version.
prtfru
Displays the FRU-ROM data.
dumpconfig
Saves XSCF configuration information to the specified destination.
restoreconfig
Restores XSCF configuration information from the specified destination.
restoredefaults
Initialises the server or XSCF Unit to the factory shipping state.
snapshot
Saves log information to the specified destination.
showmonitorlog
Displays the XSCF monitoring messages on console in real time.
showlogs
Displays an error log, power log, event log, console log, panic log, IPL log, temperature/humidity log, and monitor message log.
fmadm
Monitors or controls the Fault Management Diagnosis Engines (FMDE).
fmdump
Dumps the fault event log containing FM diagnosis results.
fmstat
Displays the FMDE status.
unlockmaintenance
Forcibly release the locked status of the XSCF.
rebootxscf
Resets the XSCF.
who
Displays users who login to the XSCF.
man
Displays the man page of the specified command.
You can see the list of commands by executing man intro.
exit
Ends the XSCF Shell.
--------------------------------------------------------------------------------
Note - In the M3000/M4000/M5000/M8000/M9000 servers, some of the commands are not available, depending on the model in use. For the support information of each command, see the man page or the XSCF Reference Manual.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
5.2 Login to XSCF Shell
This section describes how to log in to XSCF. The user can log in to XSCF from an XSCF-LAN port using either SSH or telnet, or from the serial port.
5.2.1 Before Logging In
Note the following before attempting to log in:
•For details on how to create, add, and delete user accounts, see Chapter 2.
•After login, if the shell has not been accessed for a certain period, XSCF automatically terminates the shell. The default timeout period is 10 minutes. The timeout period can be specified. For details on specifying the timeout period, see Chapter 2.
•In one domain, only one user can use the RW console (write-enabled console). While one user is using the RW console, another user cannot start another RW console in the same domain. For details on console connection, see Chapter 3.
•When a login fails, see Appendix D.
--------------------------------------------------------------------------------
Note - In this manual, the window of the XSCF Shell terminal is called the XSCF console.
--------------------------------------------------------------------------------
5.2.2 Operation From a Terminal Connected to the Serial Port
This section describes how to log in from a terminal connected to the serial port.
1. After the terminal is connected to the serial port, press the Enter key on the terminal.
2. Enter a user account and password when prompted by XSCF.
3. Enter XSCF commands at the shell prompt (XSCF>) that is displayed after login to XSCF.
The following is a login example:
login: jsmith
Password: xxxxxxxx
XSCF>
5.2.3 Operation for Connecting Via the XSCF-LAN (SSH)
This section describes how to log in to XSCF through an XSCF-LAN (SSH) connection.
1. Before logging in using SSH, check that the fingerprint is pre-stored. If you did not save the fingerprint, please connect to the serial port and use showssh(8) to make a memo of the fingerprint of the host public key.
2. From an SSH client, specify the IP address or host name of XSCF and the port number, if necessary (default port number 22), and use SSH connection via XSCF-LAN.
3. Enter a user account and password when prompted by XSCF.
4. The fingerprint of the host public key may be displayed with a request to confirm its authenticity. If it is authentic, enter "yes" as the response, since the XSCF is correct with confirming the fingerprint.
5. Enter XSCF commands at the shell prompt (XSCF>) that is displayed after log in to XSCF.
--------------------------------------------------------------------------------
Note - To set the password for an XSCF user account, use the password(8) command. The shownetwork(8) command can be used to display XSCF-LAN setting information and the current network connection status.
--------------------------------------------------------------------------------
The following is a login example:
[foo@phar foo]% ssh june@192.168.0.2
The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established.
RSA key fingerprint is 03:4b:b4:b2:3d:4d:0c:24:03:ca:f1:63:f2:a7:f3:35.
Are you sure you want to continue connecting ? [yes|no] : yes
Warning: Permanently added '192.168.0.2' (RSA) to the list of known hosts.
foo@phar's password:xxxxxx
XSCF>
When the SSH connection is done using a user key, install the user public key in XSCF in advance. See Chapter 2 for instructions on how to install the user public key.
The following example shows a login using a user public key:
[client]# ssh nana@192.168.1.12
Enter passphrase for key ‘/home/nana/.ssh/id_rsa’: xxxxxxx
Warning: No xauth data; using fake authentication data for X11 forwarding.
Last login: Mon Sep 1 10:19:37 2006 from client
XSCF>
5.2.4 Operation For Connecting Via the XSCF-LAN (Telnet)
This section describes how to log in to XSCF via an XSCF-LAN (telnet) connection.
1. Enter the IP address or host name of XSCF and port number 23, and use telnet via XSCF-LAN.
2. Enter a user account and password from the XSCF console.
3. Enter XSCF commands at the shell prompt (XSCF>) that is displayed after you login to XSCF.
4. The following is a login example:
login:jsmith
Password:xxxxxxxx
XSCF>
--------------------------------------------------------------------------------
5.3 View Server Status and Control Commands
This section describes the typical XSCF Shell commands that can be used to display the server status, operate the server, and control the server. For details on the commands, see the man page or the XSCF Reference Manual. For XSCF setup commands, see Chapter 2.
•showenvironment
•showlocator/setlocator
•showconsolepath
•fmadm / fmdump / fmstat
•showdomainstatus
•reset / poweron / poweroff
•sendbreak
showenvironment
The showenvironment(8) command displays the values of all sensors in the server. By finding out the intake temperature, humidity, voltage, and fan rotation speed in the server, the system administrator can check for errors in the system environment.
In addition, by knowing the power consumption and volume of air exhausted from the server, the plant administrator can identify the specific areas in the installation site where the energy consumption can be reduced.
showlocator/setlocator
These commands display status information indicated by the LEDs on devices and the operator panel of the server. Finding out information on device errors is helpful in component degradation and replacement. Also, the system administrator can use the commands to identify the target device among many devices.
showconsolepath
The showconsolepath(8) command displays the operating status of the domain console. By finding out the users of domain consoles, the system administrator can notify the users before a user performs a server operation or server control.
fmadm / fmdump / fmstat
The server has an architecture that performs fault management (FMA) for CPUs, memory, and the I/O system during Oracle Solaris OS operation. The system administrator can use the fmadm(8) command to display configuration and status information about individual FMA modules that detect faults, perform fault diagnoses, and resolve faults. The command can also list faulty and degraded resources. The fmstat(8) command displays the processing time and number of events for each FMA module. The fmdump(8) command displays detailed fault information so that system administrator can determine faulty resources.
showdomainstatus
The showdomainstatus(8) command displays the current operating status of a domain. The system administrator can find out the status of each domain from its power on time to its operation start time.
reset / poweron / poweroff
There are three types of resets: the system reset, the panic instruction, and the CPU reset. To reset a domain, the system administrator can perform the reset(8) command with one of these three types specified. Performing the poweron(8) or poweroff(8) command can turn power on or off to a constructed domain in the system configuration.
sendbreak
The system administrator can use the sendbreak(8) command to send a break signal to the Oracle Solaris OS.
--------------------------------------------------------------------------------
5.4 Server Configuration Information Commands
This section describes the typical XSCF Shell commands used to display configuration information on components in the server, such as the number of CPUs and memory capacity, the XSCF network configuration, the time, and degradation information.
•showhardconf
•shownetwork / showhostname / showroute / shownameserver / showdscp
•showntp / showdate
•showstatus
showhardconf
The showhardconf(8) command lists all the components mounted in the server and their status information. A problem component is indicated by a mark (*). The system administrator can check the component configurations and the numbers of different types of components.
shownetwork / showhostname / showroute / shownameserver / showdscp
The shownetwork(8) command displays the IP addresses, masks, and network connection information for the XSCF-LAN and ISN installed in the XSCF Unit. Also, the shownetwork(8) command displays the XSCF network connection status. By finding out the amount of data sent or received through a particular interface, the system administrator can check the LAN connection status and the management network load. The showhostname(8) command displays the current host name for the XSCF unit. The showroute(8) command displays routing environment such as destination IP addresses. The shownameserver(8) displays the DNS server. The system administrator can view the interface information required for the XSCF network. The showdscp(8) command displays the IP addresses assigned for DSCP usage. The showpacketfilters(8) command displays the IP packet filtering rules that are set in the XSCF network.
showntp / showdate
The showntp(8) command displays the NTP server configured with the server and the XSCF's own local clock informations. The showdate(8) command displays the system standard time (XSCF time). The system administrator can use the showdate(8) command to determine the reference time used in the server.
showstatus
The system administrator can use the showstatus(8) command to list degraded components.
--------------------------------------------------------------------------------
5.5 Domain Control and Maintenance Commands
This section describes the typical XSCF Shell commands that manage resource assignment to domains and resource removal from domains, install devices, remove devices, replace devices, and enable or disable functions.
•showdevices / cfgdevice
•console
•showdcl / setdcl
•showfru / setupfru
•addfru / deletefru / replacefru
•showboards / addboard / deleteboard / moveboard
•showdomainmode / setdomainmode
showdevices / cfgdevice
The cfgdevice(8) command displays the domain to which a DVD drive unit or tape drive unit is assigned. Also, the cfgdevice(8) command can be used only on M8000/M9000 servers. The showdevices(8) command displays the operating status of resources installed on a system board (XSB). The system administrator can use this command to determine the devices to be assigned to a domain and check whether the DR function can be used to connect or disconnect an XSB.
console
The console(8) command establishes a connection to the domain console. This command supports both interactive and read-only connections.
showdcl / setdcl
The showdcl(8) command displays the domain configuration information (DCL) specified for individual domains or LSBs that compose a domain, and the setdcl(8) command specifies the configuration. The system administrator refers to and specifies DCL when adding an XSB to a domain.
showfru / setupfru
The showfru(8) command displays the locations of devices, such as system boards, mounted in the server and resource partition information, and the setupfru(8) command specifies these locations and this information. The system administrator can use the commands for effective use of resources.
addfru / deletefru / replacefru
The addfru(8) command is used to select a device, such as a CPU/Memory Board unit, I/O unit, fan unit, or PSU, to add it to the server, and the deletefru(8) and replacefru(8) commands are used to select and remove or replace, respectively, such a device mounted in the server. Each type of operation can be performed interactively with menus.
showboards / addboard / deleteboard / moveboard
The showboards(8) command displays status information about a system board (XSB). The system administrator can use the command to find out whether a system board has been configured to a domain or unconfigured from it, and to find out whether this operation was successful. The addboard(8) command adds a system board to the domain, the deleteboard(8) command removes a system board, and the moveboard(8) command moves a system board.
--------------------------------------------------------------------------------
Note - In the M3000 server, the domain configuration cannot be changed.
--------------------------------------------------------------------------------
showdomainmode / setdomainmode
In a certain domain, the user may want to suppress the break signal or panic with host watchdog or disable the automatic boot function. The system administrator can use the showdomainmode(8) command to display the related function settings and the setdomainmode(8) command to suppress or disable one of these functions for a domain. Also, the showdomainmode(8) command displays a domain host ID and ethernet address (mac address).
--------------------------------------------------------------------------------
5.6 View and Archive the XSCF Logs
This section describes the XSCF commands that fetch and display server operation logs, console logs, temperature histories, and error logs from XSCF log files which also configure the information for archiving XSCF logs to a host.
For details on error logs, see Appendix B.
•showlogs
•showarchiving / setarchiving
showlogs
The showlogs(8) command displays error logs, power logs, event logs, console logs, panic logs, IPL logs, and temperature/humidity logs. The system administrator can use the command to check the operating status of the server and the cause of any error in the system.
showarchiving / setarchiving
The showarchiving(8) and setarchiving(8) commands display and specify, respectively, the information required for saving XSCF log information to servers. The system administrator can use these commands to set up automatic, secure archiving of logs to a specified archive host.
--------------------------------------------------------------------------------
5.7 User Management and Security Commands
This section describes the typical XSCF commands for user management and security management.
•showuser / adduser / deleteuser / enableuser / disableuser
•password / setprivilege / showpasswordpolicy / setpasswordpolicy
•showlookup / setlookup / showldap / setldap / showad / setad / showldapssl / setldapssl
•showaudit / setaudit / viewaudit
•showloginlockout / setloginlockout
•showssh / setssh
showuser / adduser / deleteuser / enableuser / disableuser
The showuser(8) command can be used to list XSCF user accounts or display information about a particular user account. The adduser(8) and deleteuser(8) commands add and delete user accounts. The enableuser(8) and disableuser(8) commands enable and disable, respectively, user accounts.
password / setprivilege / showpasswordpolicy / setpasswordpolicy
The password(8) and setprivilege(8) commands set passwords and user privileges, respectively, for user accounts. The showpasswordpolicy(8) and setpasswordpolicy(8) commands display and specify the validity of passwords and other password policy information.
showlookup / setlookup / showldap / setldap / showad / setad / showldapssl / setldapssl
The showlookup(8) and setlookup(8) commands display and specify information on whether an LDAP server should be used for looking up the authentication and the user privilege. The showldap(8) and setldap(8) commands display and specify LDAP client settings, which are used when retrieving data from an LDAP server. The showad(8) and setad(8) commands display and specify Active Directory client settings, which are used when retrieving user informations from an Active Directory server. The showldapssl(8) and setldapssl(8) commands display and specify LDAP/SSL client settings, which are used when retrieving user informations from an LDAP/SSL server.
showaudit / setaudit / viewaudit
The showaudit(8) and setaudit(8) commands display and specify information such as which events can be subject for auditing. The system administrator can use the viewaudit(8) command to display audit records (audit trail).
showloginlockout / setloginlockout
The showloginlockout(8) and setloginlockout(8) commands display and specify information on whether to refuse a user login for a certain period of time after multiple attempts to log in to that user account failed.
showssh / setssh
The showssh(8) and setssh(8) commands can be used to display and specify the information on whether or not to enable the SSH access when a user logs in to XSCF. These commands can be used in generating the host key, registering/deleting the user public key, setting the timeout period of XSCF Shell, and setting whether or not to permit the SSH access from domain to XSCF via DSCP.
--------------------------------------------------------------------------------
5.8 Use the XSCF Other Commands
The following XSCF Shell commands end the XSCF Shell and display version information. (Note)
•exit
•version
--------------------------------------------------------------------------------
Note - The server provides many other commands. For details on these commands, see the man page or the XSCF Reference Manual.
--------------------------------------------------------------------------------
exit
The exit(1) command ends the XSCF Shell.
version
The version(8) command displays the comprehensive firmware version (XCP version, see Note) of the XSCF firmware and POST/OpenBoot PROM firmware. The system administrator can display version information when upgrading firmware.
--------------------------------------------------------------------------------
Note - XCP: XSCF Control Package that includes the programs which control the hardware components making up a computer system.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
5.9 View XSCF Shell Error Messages
TABLE 5-2 lists the typical messages from each XSCF Shell command.
TABLE 5-2 Error Messages of XSCF Shell Commands Message
Meaning
Invalid parameter.
An abnormal parameter error has occurred.
Operation failed.
Abnormal end.
Permission denied.
An execution authority error has occurred.
Operation not supported on this system.
Unsupported function.
Operation interrupted.
Processing interruption from user.
The current configuration does not support this operation.
Abnormal configuration.
A hardware error occurred. Please check the error log for details.
A hardware error has occurred.
An internal error has occurred. Please contact your system administrator.
An XSCF internal error has occurred.
--------------------------------------------------------------------------------
Note - The error message depends on the command. Therefore, you will occasionally see more messages.
Performing certain XSCF commands on the XSCF Shell terminal can display the server status so that control and configuration information related to system operation can be viewed.
The XSCF commands are effectively used by users who have created user accounts for the XSCF Shell terminal but cannot use the XSCF Web.
The following XSCF commands can be used from the XSCF Shell prompt (XSCF>) displayed after login to XSCF.
There are nine user privilege types as described below. For details on setting the user privilege, see Chapter 2. For details on the operations available with each user privilege level, see Chapter 1 or the Administration Guide.
•domainop: The user can refer to all status information in a domain.
•domainmgr: The user can perform domain power operations.
•domainadm: The user has domain administrator privilege and can perform every type of domain operation.
•platop: The user can refer to all status information in the entire system.
•platadm: The user has system administrator privilege and can use almost all XSCF Shell commands
•useradm: The user can manage user accounts.
•auditop: The user can refer to the audit method of the XSCF and the audit records.
•auditadm: The user can control the audit to the XSCF.
•fieldeng: The user can perform the commands for FEs.
TABLE 5-1 outlines the XSCF Shell commands. For details on each command and user privileges, see the man page or the XSCF Reference Manual.
TABLE 5-1 XSCF Commands Command
Description
adduser
Creates an XSCF user account.
deleteuser
Deletes an XSCF user account.
disableuser
Disables an XSCF user account
enableuser
Enables an XSCF user account.
showuser
Displays XSCF user account information. Alternatively, it displays the user's own user account information.
password
Changes an XSCF user account password. Alternatively, it changes the user's own XSCF user account password.
setpasswordpolicy
Configures the XSCF password policy.
showpasswordpolicy
Displays the XSCF password policy.
setprivileges
Assigns user privileges.
setloginlockout
Configures the lockout of user accounts.
showloginlockout
Displays the lockout setting of user accounts.
setnetwork
Configures the XSCF network.
shownetwork
Displays the XSCF network settings and XSCF-LAN network status.
setroute
Configures the XSCF-LAN route.
showroute
Displays XSCF-LAN route settings.
sethostname
Specifies the XSCF-LAN host name and domain name.
showhostname
Displays the XSCF-LAN host name and domain name.
setnameserver
Sets the XSCF name servers (DNS servers) and the search paths.
shownameserver
Displays the XSCF name servers and the search paths.
applynetwork
Applies the network settings.
setdscp
Configures DSCP.
showdscp
Displays the DSCP settings.
nslookup
Checks for the name resolution of a host name.
ping
Checks the response for a host.
traceroute
Displays the network path to the host by list.
setpacketfilters
Sets the IP packet filtering rules to be used in the XSCF network.
showpacketfilters
Displays the IP packet filtering rules that are set in the XSCF network.
settimezone
Specifies the time zone.
showtimezone
Displays the time zone setting.
setdate
Sets the XSCF time.
showdate
Displays the XSCF time.
setntp
Configures the NTP server.
showntp
Displays the NTP server setting.
resetdateoffset
Resets the time subtraction between the XSCF and the domain.
showdateoffset
Displays the time subtraction between the XSCF and the domain.
setssh
Configures SSH. Generates RSA and DSA keys for SSH2 host authentication.
showssh
Displays the SSH settings and fingerprint.
settelnet
Configures telnet.
showtelnet
Displays the telnet settings.
setautologout
Sets the session timeout time of the XSCF Shell.
showautologout
Displays the session timeout time of the XSCF Shell.
setsmtp
Configures the SMTP server.
showsmtp
Displays the the SMTP server settings.
setemailreport
Configures mail notification.
showemailreport
Displays the mail notification settings.
setlookup
Enables or disables the use of an LDAP server for authentication and user privilege lookup.
showlookup
Displays information about whether an LDAP server is used for authentication and user privilege lookup.
setldap
Configures LDAP client settings.
showldap
Displays LDAP client settings.
setad
Configures Active Directory client settings.
showad
Displays Active Directory client settings.
setldapssl
Configures LDAP/SSL client settings.
showldapssl
Displays LDAP/SSL client settings.
sethttps
Configures the https settings.
showhttps
Displays the https settings.
setupplatform
•Sets up platform-specific settings.
Note: In the platform-specific settings, the following items can be optionally configured. Each item is the same as the setting of Chapter 2.
•User Account settings
•XSCF Network Settings
•Internal DSCP Network
•Domain Name Service
•Network Time Protocol
•SSH
•HTTPS Server
•Email Reports
setarchiving
Configures the log archiving function of XSCF.
showarchiving
Displays the settings of the log archiving function of XSCF.
setaudit
Configures the auditing of XSCF.
showaudit
Displays the settings of the audit of XSCF.
viewaudit
Displays the audit records (Audit trail) of XSCF.
setsnmp
Configures the SNMP Agent.
showsnmp
Displays the SNMP Agent settings.
setsnmpusm
Configures the USM management information for the SNMP agent.
showsnmpusm
Displays the USM management information for the SNMP agent.
setsnmpvacm
Configures the VACM management information for the SNMP agent.
showsnmpvacm
Displays the VACM management information for the SNMP agent.
setsunmc
Start or stop the Sun Management Center agent and make changes to its configuration.
showsunmc
Show setup information and status of Sun Management Center agent.
setdcl
Specifies the domain configuration information (DCL).
showdcl
Displays the domain configuration information.
showboards
Displays the component information and the COD information about a system board.
showdevices
Displays the domain information specified for a system board.
showdomainstatus
Displays the domain status.
setupfru
Specifies the number of XSB partitions of the system board and sets the memory mirror mode.
showfru
Displays the specified number of XSB partitions of the system board and the memory mirror mode that is set.
testsb
Diagnoses the system board.
addboard
Adds a system board to a domain.
deleteboard
Deletes a system board from a domain. Alternatively, it reserves a delete to the system board. If the deletion is reserved, the deletion is done after Oracle Solaris OS reboot.
moveboard
Moves a system board to another domain. Alternatively, it reserves a move to the system board. If the movement is reserved, the deletion is done after Oracle Solaris OS reboot of source domain, and the assignment to the new domain is done.
replacefru
Replaces a CPU/Memory Board unit, I/O unit, fan unit, PSU, or XSCF Unit in work performed according to the applicable guide.
addfru
Installs a CPU/Memory Board unit, I/O unit, fan unit, or PSU in work performed according to the applicable guide.
deletefru
Removes a CPU/Memory Board unit or I/O unit in work performed according to the applicable guide.
setdomainmode
Sets a hardware initial diagnostic level (No, standard, maximum).
Enables or disables break signal sending, host watchdog, automatic boot, and sets CPU operation mode.
showdomainmode
Displays the domain host ID, the hardware initial diagnostic level, information of enabled or disabled status on break signal sending, Host watchdog, automatic boot, and displays CPU operation mode, ethernet address (mac address).
sendbreak
Sends a break signal to the server.
showresult
Displays the exit status of the most recently executed command.
setlocale
Sets locale.
showlocale
Displays locale.
setaltitude
Sets altitude.
showaltitude
Displays altitude.
cfgdevice
Sets the connection destination of the DVD drive unit and tape drive unit. Displays the setting status information.
console
Connects to a domain console.
showconsolepath
Displays the operating status of the main console.
showenvironment
Displays the temperature, humidity, voltage, fan rotation speed, power consumption, and exhaust airflow.
showstatus
Lists degraded components.
showhardconf
Displays all components mounted in the server.
poweron
Turns on power to all domains or the specified domain.
poweroff
Turns off power to all domains or the specified domain.
reset
Resets the specified domain.
Note: The following three reset modes are available:
por: Domain system reset
request: Domain panic instruction
xir: Domain CPU reset
setpowerupdelay
Sets the warm-up time and the air-conditioning wait time.
showpowerupdelay
Displays the warm-up time and the air-conditioning wait time settings.
setshutdowndelay
Sets the UPS shutdown delay time at power failure.
showshutdowndelay
Displays the UPS shutdown delay time at power failure.
setdualpowerfeed
Sets the dual power feed.
showdualpowerfeed
Displays the dual power feed.
setlocator
Enables or disables the CHECK LED blinking.
showlocator
Displays the LED status.
switchscf
Switches the XSCF Unit state (Active/Standby).
ioxadm
Configures the External I/O Expansion Unit (IOBOX).
Displays the External I/O Expansion Unit settings.
clockboard
Sets/Displays the number of clock unit (CLKU) used when the next platform is powered on.
setdomparam
Rewrites the OpenBoot PROM environment variable that is compulsory.
getflashimage
Gets the firmware update program.
flashupdate
Updates the firmware program.
version
Displays the comprehensive firmware (XCP) version.
Displays the XSCF firmware version.
Displays the OpenBoot PROM firmware version.
prtfru
Displays the FRU-ROM data.
dumpconfig
Saves XSCF configuration information to the specified destination.
restoreconfig
Restores XSCF configuration information from the specified destination.
restoredefaults
Initialises the server or XSCF Unit to the factory shipping state.
snapshot
Saves log information to the specified destination.
showmonitorlog
Displays the XSCF monitoring messages on console in real time.
showlogs
Displays an error log, power log, event log, console log, panic log, IPL log, temperature/humidity log, and monitor message log.
fmadm
Monitors or controls the Fault Management Diagnosis Engines (FMDE).
fmdump
Dumps the fault event log containing FM diagnosis results.
fmstat
Displays the FMDE status.
unlockmaintenance
Forcibly release the locked status of the XSCF.
rebootxscf
Resets the XSCF.
who
Displays users who login to the XSCF.
man
Displays the man page of the specified command.
You can see the list of commands by executing man intro.
exit
Ends the XSCF Shell.
--------------------------------------------------------------------------------
Note - In the M3000/M4000/M5000/M8000/M9000 servers, some of the commands are not available, depending on the model in use. For the support information of each command, see the man page or the XSCF Reference Manual.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
5.2 Login to XSCF Shell
This section describes how to log in to XSCF. The user can log in to XSCF from an XSCF-LAN port using either SSH or telnet, or from the serial port.
5.2.1 Before Logging In
Note the following before attempting to log in:
•For details on how to create, add, and delete user accounts, see Chapter 2.
•After login, if the shell has not been accessed for a certain period, XSCF automatically terminates the shell. The default timeout period is 10 minutes. The timeout period can be specified. For details on specifying the timeout period, see Chapter 2.
•In one domain, only one user can use the RW console (write-enabled console). While one user is using the RW console, another user cannot start another RW console in the same domain. For details on console connection, see Chapter 3.
•When a login fails, see Appendix D.
--------------------------------------------------------------------------------
Note - In this manual, the window of the XSCF Shell terminal is called the XSCF console.
--------------------------------------------------------------------------------
5.2.2 Operation From a Terminal Connected to the Serial Port
This section describes how to log in from a terminal connected to the serial port.
1. After the terminal is connected to the serial port, press the Enter key on the terminal.
2. Enter a user account and password when prompted by XSCF.
3. Enter XSCF commands at the shell prompt (XSCF>) that is displayed after login to XSCF.
The following is a login example:
login: jsmith
Password: xxxxxxxx
XSCF>
5.2.3 Operation for Connecting Via the XSCF-LAN (SSH)
This section describes how to log in to XSCF through an XSCF-LAN (SSH) connection.
1. Before logging in using SSH, check that the fingerprint is pre-stored. If you did not save the fingerprint, please connect to the serial port and use showssh(8) to make a memo of the fingerprint of the host public key.
2. From an SSH client, specify the IP address or host name of XSCF and the port number, if necessary (default port number 22), and use SSH connection via XSCF-LAN.
3. Enter a user account and password when prompted by XSCF.
4. The fingerprint of the host public key may be displayed with a request to confirm its authenticity. If it is authentic, enter "yes" as the response, since the XSCF is correct with confirming the fingerprint.
5. Enter XSCF commands at the shell prompt (XSCF>) that is displayed after log in to XSCF.
--------------------------------------------------------------------------------
Note - To set the password for an XSCF user account, use the password(8) command. The shownetwork(8) command can be used to display XSCF-LAN setting information and the current network connection status.
--------------------------------------------------------------------------------
The following is a login example:
[foo@phar foo]% ssh june@192.168.0.2
The authenticity of host '192.168.0.2 (192.168.0.2)' can't be established.
RSA key fingerprint is 03:4b:b4:b2:3d:4d:0c:24:03:ca:f1:63:f2:a7:f3:35.
Are you sure you want to continue connecting ? [yes|no] : yes
Warning: Permanently added '192.168.0.2' (RSA) to the list of known hosts.
foo@phar's password:xxxxxx
XSCF>
When the SSH connection is done using a user key, install the user public key in XSCF in advance. See Chapter 2 for instructions on how to install the user public key.
The following example shows a login using a user public key:
[client]# ssh nana@192.168.1.12
Enter passphrase for key ‘/home/nana/.ssh/id_rsa’: xxxxxxx
Warning: No xauth data; using fake authentication data for X11 forwarding.
Last login: Mon Sep 1 10:19:37 2006 from client
XSCF>
5.2.4 Operation For Connecting Via the XSCF-LAN (Telnet)
This section describes how to log in to XSCF via an XSCF-LAN (telnet) connection.
1. Enter the IP address or host name of XSCF and port number 23, and use telnet via XSCF-LAN.
2. Enter a user account and password from the XSCF console.
3. Enter XSCF commands at the shell prompt (XSCF>) that is displayed after you login to XSCF.
4. The following is a login example:
login:jsmith
Password:xxxxxxxx
XSCF>
--------------------------------------------------------------------------------
5.3 View Server Status and Control Commands
This section describes the typical XSCF Shell commands that can be used to display the server status, operate the server, and control the server. For details on the commands, see the man page or the XSCF Reference Manual. For XSCF setup commands, see Chapter 2.
•showenvironment
•showlocator/setlocator
•showconsolepath
•fmadm / fmdump / fmstat
•showdomainstatus
•reset / poweron / poweroff
•sendbreak
showenvironment
The showenvironment(8) command displays the values of all sensors in the server. By finding out the intake temperature, humidity, voltage, and fan rotation speed in the server, the system administrator can check for errors in the system environment.
In addition, by knowing the power consumption and volume of air exhausted from the server, the plant administrator can identify the specific areas in the installation site where the energy consumption can be reduced.
showlocator/setlocator
These commands display status information indicated by the LEDs on devices and the operator panel of the server. Finding out information on device errors is helpful in component degradation and replacement. Also, the system administrator can use the commands to identify the target device among many devices.
showconsolepath
The showconsolepath(8) command displays the operating status of the domain console. By finding out the users of domain consoles, the system administrator can notify the users before a user performs a server operation or server control.
fmadm / fmdump / fmstat
The server has an architecture that performs fault management (FMA) for CPUs, memory, and the I/O system during Oracle Solaris OS operation. The system administrator can use the fmadm(8) command to display configuration and status information about individual FMA modules that detect faults, perform fault diagnoses, and resolve faults. The command can also list faulty and degraded resources. The fmstat(8) command displays the processing time and number of events for each FMA module. The fmdump(8) command displays detailed fault information so that system administrator can determine faulty resources.
showdomainstatus
The showdomainstatus(8) command displays the current operating status of a domain. The system administrator can find out the status of each domain from its power on time to its operation start time.
reset / poweron / poweroff
There are three types of resets: the system reset, the panic instruction, and the CPU reset. To reset a domain, the system administrator can perform the reset(8) command with one of these three types specified. Performing the poweron(8) or poweroff(8) command can turn power on or off to a constructed domain in the system configuration.
sendbreak
The system administrator can use the sendbreak(8) command to send a break signal to the Oracle Solaris OS.
--------------------------------------------------------------------------------
5.4 Server Configuration Information Commands
This section describes the typical XSCF Shell commands used to display configuration information on components in the server, such as the number of CPUs and memory capacity, the XSCF network configuration, the time, and degradation information.
•showhardconf
•shownetwork / showhostname / showroute / shownameserver / showdscp
•showntp / showdate
•showstatus
showhardconf
The showhardconf(8) command lists all the components mounted in the server and their status information. A problem component is indicated by a mark (*). The system administrator can check the component configurations and the numbers of different types of components.
shownetwork / showhostname / showroute / shownameserver / showdscp
The shownetwork(8) command displays the IP addresses, masks, and network connection information for the XSCF-LAN and ISN installed in the XSCF Unit. Also, the shownetwork(8) command displays the XSCF network connection status. By finding out the amount of data sent or received through a particular interface, the system administrator can check the LAN connection status and the management network load. The showhostname(8) command displays the current host name for the XSCF unit. The showroute(8) command displays routing environment such as destination IP addresses. The shownameserver(8) displays the DNS server. The system administrator can view the interface information required for the XSCF network. The showdscp(8) command displays the IP addresses assigned for DSCP usage. The showpacketfilters(8) command displays the IP packet filtering rules that are set in the XSCF network.
showntp / showdate
The showntp(8) command displays the NTP server configured with the server and the XSCF's own local clock informations. The showdate(8) command displays the system standard time (XSCF time). The system administrator can use the showdate(8) command to determine the reference time used in the server.
showstatus
The system administrator can use the showstatus(8) command to list degraded components.
--------------------------------------------------------------------------------
5.5 Domain Control and Maintenance Commands
This section describes the typical XSCF Shell commands that manage resource assignment to domains and resource removal from domains, install devices, remove devices, replace devices, and enable or disable functions.
•showdevices / cfgdevice
•console
•showdcl / setdcl
•showfru / setupfru
•addfru / deletefru / replacefru
•showboards / addboard / deleteboard / moveboard
•showdomainmode / setdomainmode
showdevices / cfgdevice
The cfgdevice(8) command displays the domain to which a DVD drive unit or tape drive unit is assigned. Also, the cfgdevice(8) command can be used only on M8000/M9000 servers. The showdevices(8) command displays the operating status of resources installed on a system board (XSB). The system administrator can use this command to determine the devices to be assigned to a domain and check whether the DR function can be used to connect or disconnect an XSB.
console
The console(8) command establishes a connection to the domain console. This command supports both interactive and read-only connections.
showdcl / setdcl
The showdcl(8) command displays the domain configuration information (DCL) specified for individual domains or LSBs that compose a domain, and the setdcl(8) command specifies the configuration. The system administrator refers to and specifies DCL when adding an XSB to a domain.
showfru / setupfru
The showfru(8) command displays the locations of devices, such as system boards, mounted in the server and resource partition information, and the setupfru(8) command specifies these locations and this information. The system administrator can use the commands for effective use of resources.
addfru / deletefru / replacefru
The addfru(8) command is used to select a device, such as a CPU/Memory Board unit, I/O unit, fan unit, or PSU, to add it to the server, and the deletefru(8) and replacefru(8) commands are used to select and remove or replace, respectively, such a device mounted in the server. Each type of operation can be performed interactively with menus.
showboards / addboard / deleteboard / moveboard
The showboards(8) command displays status information about a system board (XSB). The system administrator can use the command to find out whether a system board has been configured to a domain or unconfigured from it, and to find out whether this operation was successful. The addboard(8) command adds a system board to the domain, the deleteboard(8) command removes a system board, and the moveboard(8) command moves a system board.
--------------------------------------------------------------------------------
Note - In the M3000 server, the domain configuration cannot be changed.
--------------------------------------------------------------------------------
showdomainmode / setdomainmode
In a certain domain, the user may want to suppress the break signal or panic with host watchdog or disable the automatic boot function. The system administrator can use the showdomainmode(8) command to display the related function settings and the setdomainmode(8) command to suppress or disable one of these functions for a domain. Also, the showdomainmode(8) command displays a domain host ID and ethernet address (mac address).
--------------------------------------------------------------------------------
5.6 View and Archive the XSCF Logs
This section describes the XSCF commands that fetch and display server operation logs, console logs, temperature histories, and error logs from XSCF log files which also configure the information for archiving XSCF logs to a host.
For details on error logs, see Appendix B.
•showlogs
•showarchiving / setarchiving
showlogs
The showlogs(8) command displays error logs, power logs, event logs, console logs, panic logs, IPL logs, and temperature/humidity logs. The system administrator can use the command to check the operating status of the server and the cause of any error in the system.
showarchiving / setarchiving
The showarchiving(8) and setarchiving(8) commands display and specify, respectively, the information required for saving XSCF log information to servers. The system administrator can use these commands to set up automatic, secure archiving of logs to a specified archive host.
--------------------------------------------------------------------------------
5.7 User Management and Security Commands
This section describes the typical XSCF commands for user management and security management.
•showuser / adduser / deleteuser / enableuser / disableuser
•password / setprivilege / showpasswordpolicy / setpasswordpolicy
•showlookup / setlookup / showldap / setldap / showad / setad / showldapssl / setldapssl
•showaudit / setaudit / viewaudit
•showloginlockout / setloginlockout
•showssh / setssh
showuser / adduser / deleteuser / enableuser / disableuser
The showuser(8) command can be used to list XSCF user accounts or display information about a particular user account. The adduser(8) and deleteuser(8) commands add and delete user accounts. The enableuser(8) and disableuser(8) commands enable and disable, respectively, user accounts.
password / setprivilege / showpasswordpolicy / setpasswordpolicy
The password(8) and setprivilege(8) commands set passwords and user privileges, respectively, for user accounts. The showpasswordpolicy(8) and setpasswordpolicy(8) commands display and specify the validity of passwords and other password policy information.
showlookup / setlookup / showldap / setldap / showad / setad / showldapssl / setldapssl
The showlookup(8) and setlookup(8) commands display and specify information on whether an LDAP server should be used for looking up the authentication and the user privilege. The showldap(8) and setldap(8) commands display and specify LDAP client settings, which are used when retrieving data from an LDAP server. The showad(8) and setad(8) commands display and specify Active Directory client settings, which are used when retrieving user informations from an Active Directory server. The showldapssl(8) and setldapssl(8) commands display and specify LDAP/SSL client settings, which are used when retrieving user informations from an LDAP/SSL server.
showaudit / setaudit / viewaudit
The showaudit(8) and setaudit(8) commands display and specify information such as which events can be subject for auditing. The system administrator can use the viewaudit(8) command to display audit records (audit trail).
showloginlockout / setloginlockout
The showloginlockout(8) and setloginlockout(8) commands display and specify information on whether to refuse a user login for a certain period of time after multiple attempts to log in to that user account failed.
showssh / setssh
The showssh(8) and setssh(8) commands can be used to display and specify the information on whether or not to enable the SSH access when a user logs in to XSCF. These commands can be used in generating the host key, registering/deleting the user public key, setting the timeout period of XSCF Shell, and setting whether or not to permit the SSH access from domain to XSCF via DSCP.
--------------------------------------------------------------------------------
5.8 Use the XSCF Other Commands
The following XSCF Shell commands end the XSCF Shell and display version information. (Note)
•exit
•version
--------------------------------------------------------------------------------
Note - The server provides many other commands. For details on these commands, see the man page or the XSCF Reference Manual.
--------------------------------------------------------------------------------
exit
The exit(1) command ends the XSCF Shell.
version
The version(8) command displays the comprehensive firmware version (XCP version, see Note) of the XSCF firmware and POST/OpenBoot PROM firmware. The system administrator can display version information when upgrading firmware.
--------------------------------------------------------------------------------
Note - XCP: XSCF Control Package that includes the programs which control the hardware components making up a computer system.
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
5.9 View XSCF Shell Error Messages
TABLE 5-2 lists the typical messages from each XSCF Shell command.
TABLE 5-2 Error Messages of XSCF Shell Commands Message
Meaning
Invalid parameter.
An abnormal parameter error has occurred.
Operation failed.
Abnormal end.
Permission denied.
An execution authority error has occurred.
Operation not supported on this system.
Unsupported function.
Operation interrupted.
Processing interruption from user.
The current configuration does not support this operation.
Abnormal configuration.
A hardware error occurred. Please check the error log for details.
A hardware error has occurred.
An internal error has occurred. Please contact your system administrator.
An XSCF internal error has occurred.
--------------------------------------------------------------------------------
Note - The error message depends on the command. Therefore, you will occasionally see more messages.
No comments:
Post a Comment