XSCF (eXtended System Control Facility is used to control, monitor,
operate, and service SPARC Enterprise series servers and domains. You
can power on/off the server (domain) via the XSCF interface. As long as
the server is plugged into a power source the XSCF console will always
be online even though the domain (server) is off. For those who are
familiar with Windows servers, the XSCF is similar to the DRAC interface
for Dell servers or HP Insight Manager.
When you are connected to the XSCF console, you will be prompted for a login ID. The default ID is “default” and there is no password. With this ID you will need to create a new administrative ID. You also need to be standing close to the server for this process as you will be prompted to change the panel mode switch. If you do not create a new logon ID whenever you connect to the console or when the console session times out, you will be prompted to change the panel mode switch.
Configure DSCP with an IP address using the setdscp command.
First generate the web server private key. Remember the passphrase you will need it in the next step.
Create the self-signed web server certificate by speficying the DN.
When you are connected to the XSCF console, you will be prompted for a login ID. The default ID is “default” and there is no password. With this ID you will need to create a new administrative ID. You also need to be standing close to the server for this process as you will be prompted to change the panel mode switch. If you do not create a new logon ID whenever you connect to the console or when the console session times out, you will be prompted to change the panel mode switch.
login: defaultCheck the version of XSCF.
Change the panel mode switch to Locked and press return…
Leave it in that position for at least 5 seconds. Change the panel mode switch
to Service, and press return…
XSCF> version -c xcpCreate a user andrew
XSCF#0 (Active )
XCP0 (Current): 1090
XCP1 (Reserve): 1090
XSCF> adduser andrewChange the password for andrew
XSCF> password
password: Permission denied
XSCF> password andrewGrant andrew the following privileges, useradm, platadm, aplatop.
New XSCF password:
Retype new XSCF password:
XSCF> setprivileges andrew useradm platadm platopHere is a list of all available privileges.
domainop@nXSCF firmware has two networks for internal communication. The Domain to Service Processor Communications Protocol (DSCP) network provides an internal communication link between the Service Processor and the Solaris domains. The Inter-SCF Network (ISN) provides an internal communication link between the two Service Processors in a high-end server.
• Can refer to the status of any hardware mounted in a domain_n.
• Can refer to the status of any part of a domain_n.
• Can refer to the information of all system boards mounted.
domainmgr@n
• Can power on, power off, and reboot a domain_n.
• Can refer to the status of any hardware mounted in a domain_n.
• Can refer to the status of any part of a domain_n.
• Can refer to the information of all system boards mounted.
platop
• Can refer to the status of any part of the entire server but cannot change it.
platadm
• Control of the entire system
• Can operate all hardware in the system.
• Can configure all XSCF settings except the useradm and auditadm privilege settings.
• Can add and delete hardware in a domain.
• Can do the power operation of a domain.
• Can refer to the status of any part of the entire server.
useradm
• Can create, delete, invalidate, and validate user accounts.
• Can change user passwords and password profiles.
• Can change user privileges.
auditop
• Can refer to the XSCF access monitoring status and monitoring methods.
auditadm
• Can monitor and control XSCF access.
• Can delete an XSCF access monitoring method.
fieldeng
• Allows field engineers to perform the maintenance tasks or change the server configuration.
None
• When the local privilege for a user is set to none, that user has no privileges, even if the privileges
for that user are defined in LDAP.
• Setting a user’s privilege to none prevents the user’s privileges from being looked up in LDAP.
Configure DSCP with an IP address using the setdscp command.
XSCF> setdscpConfigure the XSCF interface with an IP address, this will be the adress you connect to via telnet to manage the console.
DSCP network [0.0.0.0 ] > 10.1.1.0
DSCP netmask [255.0.0.0 ] > 255.255.255.0
XSCF address [10.1.1.1 ] >
Domain #00 address [10.1.1.2 ] >
Commit these changes to the database? [y|n] : y
XSCF> setnetwork xscf#0-lan#0 -m 255.255.0.0. 162.10.10.11Enable the XSCF interface you just configured with an IP address of 162.10.10.11
XSCF> setnetwork -c up lan#0Confiure the default route
XSCF> setroute -c add -n 0.0.0.0 -g 162.10.10.1 xscf#0-lan#1Configure the hostname.
XSCF> showroute -a
Destination Gateway Netmask Flags Interface
1622.10.0.0 * 255.255.0.0 U xscf#0-lan#0
XSCF> sethostname xscf#0 parisConfigure the domain name.
XSCF> sethostname -d parishilton.comYou must apply the network configurations with the applynetwork command.
XSCF> applynetworkNow reboot XSCF for the configuration to take effect.
The following network settings will be applied:
xscf#0 hostname :paris
DNS domain name :parishilton.com
interface : xscf#0-lan#0
status :up
IP address :162.10.10.11
netmask :255.255.0.0
route :
interface : xscf#0-lan#1
status :down
IP address :
netmask :
route :
Continue? [y|n] :yes
Please reset the XSCF by rebootxscf to apply the network settings.
Please confirm that the settings have been applied by executing
showhostname, shownetwork, showroute and shownameserver after rebooting
the XSCF.
XSCF> rebootxscfAfter the reboot check the network settings.
XSCF> shownetwork -aEnable ssh, it will require a reboot.
xscf#0-lan#0
Link encap:Ethernet HWaddr 00:0B:5D:E3:39:B4
inet addr:162.10.10.11 Bcast:162.10.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:13160 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1943545 (1.8 MiB) TX bytes:210 (210.0 B)
Base address:0xe000
xscf#0-lan#1
Link encap:Ethernet HWaddr 00:0B:5D:E3:39:B5
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Base address:0xc000
XSCF> setssh -c enableEnable telnet. You probably do not need telnet if ssh is enabled.
Continue? [y|n] :y
Please reset the XSCF by rebootxscf to apply the ssh settings.
XSCF> settelnet -c enableIt is much easier to configure and manage XSCF via https as you do not have to remember all the commands. I will show you how to enable https by creating a Web Server Certificate by constructing the self CA.
XSCF> showtelnet
Telnet status: enabled
First generate the web server private key. Remember the passphrase you will need it in the next step.
XSCF> sethttps -c genserverkey
Enter passphrase:
Verifying – Enter passphrase:
XSCF> sethttps -c selfsign CA Ontario Toronto CupidPost Technology Center andrew_lin@email.comNow enable https.
CA key and CA cert already exist. Do you still wish to update? [y|n] :y
Enter passphrase:
Verifying – Enter passphrase:
XSCF> sethttps -c enableReboot with the rebootxscf command,
Continue? [y|n] :y
Please reset the XSCF by rebootxscf to apply the https settings.
XSCF> rebootxscfAfter the reboot you can connect to the XSCF console by telnet, ssh or https.
The XSCF will be reset. Continue? [y|n] :y
i have one question why my solaris is stuck on xsfc ?
ReplyDeletewhile i wont it to be as root ?
please
help me wich process im wrong ?
it solaris sparc 10
This comment has been removed by the author.
ReplyDeletefaultmgmt server m4000 commonds
ReplyDelete