Skip to main content

3.3 Setting Up From the XSCF Shell


3.3 Setting Up From the XSCF Shell
This section describes the flow of setup from the XSCF shell.

For details of each step, see the section indicated by the title enclosed in double quotation marks. Also, depending on the customer's environment, select whether to enable or disable setting (optional) items.
  1. Connect to the XSCF shell from any terminal capable of a serial connection.
    Set up a secure environment with a serial connection to the server.
    For details, see "2.2.1  How to Log In to the XSCF Shell With a Serial Connection."
  2. Log in to the XSCF shell.
    Log in to the XSCF shell with a new user account created at the initial login authentication time.
    For details of login, see "2.2  Logging In to the XSCF Shell."
    For details about creating a new user account at the initial login authentication time, see "3.5  Creating/Managing XSCF Users."
  3. Set the password policy.
    Specify the password attributes, such as the password expiration time and number of characters, of XSCF user accounts.
    For details, see "3.5  Creating/Managing XSCF Users."
  4. Configure items for auditing (optional).
    The audit function records XSCF logins and logouts and various other events in the audit log. The audit function is enabled by default. The auditadm user privilege is required for audit settings.
    For details, see "3.10  Configuring Auditing to Strengthen XSCF Security."
  5. Set the time.
    Set the XSCF time, which is the system standard time. After the system time is updated, the XSCF is rebooted, and the XSCF session is disconnected. Log in again.
    For details, see "3.6  Setting the XSCF Time/Date." 
Note - The work for this setting has been done during initial installation. If the value needs to be changed, set it again.
  1. Configure the SSH/Telnet service.
    SSH and Telnet can be concurrently enabled. However, connections using the Telnet service do not provide a secure communication protocol. We recommend disabling the Telnet service when an SSH service is enabled.
    The SSH/Telnet service is disabled by default.
    For details, see "3.7  Configuring the SSH/Telnet Service for Login to the XSCF."
  2. Confirm the XSCF host public key.
    To use an SSH service with an XSCF-LAN connection, execute the showssh command, and make a note of the fingerprint. Step 11 refers to the contents of the noted fingerprint during login to the XSCF shell via an SSH service. Copy the text data of the host public key to a file in a given directory on the client.
XSCF> showssh
SSH status: enabled
RSA key:
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAIEAt0IG3wfpQnGr51znS9XtzwHcBBb/UU0LN08S
ilUXE6j+avlxdY7AFqBf1wGxLF+Tx5pTa6HuZ8o8yUBbDZVJAAAAFQCfKPxarV+/
5qzK4A43Qaigkqu/6QAAAIBMLQl22G8pwibESrh5JmOhSxpLzl3P26ksI8qPr+7B
xmjLR0k=
Fingerprint:
1024 e4:35:6a:45:b4:f7:e8:ce:b0:b9:82:80:2e:73:33:c4
/etc/ssh/ssh_host_rsa_key.pub
DSA key:
ssh-dss
AAAAB3NzaC1kc3MAAACBAJSy4GxD7Tk4fxFvyW1D0NUDqZQPY3PuY2IG7QC4BQ1k
ewDnblB8/JEqI+8pnfbWzmOWU37KHL19OEYNAv6v+WZT6RElU5Pyb8F16uq96L8Q
DMswFlICMZgrn+ilJNStr6r8KDJfwOQMmK0eeDFj2mL40NOvaLQ83+rRwW6Ny/yF
1Rgv6PUpUqRLw4VeRb+uOfmPRpe6/kb4z++lOhtpWI9bay6CK0nrFRok+z54ez7B
rDFBQVuNZx9PyEFezJG9ziEYVUag/23LIAiLxxBmW9pqa/WxC21Ja4RQVN3009km
VwAAAIAON1LR/9Jdd7yyG18+Ue7eBBJHrCA0pkSzvfzzFFj5XUzQBdabh5p5Rwz+
1vriawFIZI9j2uhM/3HQdrvYSVBEdMjaasF9hB6T/uFwP8yqtJf6Y9GdjBAhWuH8
F13pX4BtvK9IeldqCscnOuu0e2rlUoI6GICMr64FL0YYBSwfbwLIz6PSA/yKQe23
dwfkSfcwQZNq/5pThGPi3tob5Qev2KCK2OyEDMCAOvVlMhqHuPNpX+hE19nPdBFG
zQ==
Fingerprint:
1024 9e:39:8e:cb:8a:99:ff:b4:45:12:04:2d:39:d3:28:15
/etc/ssh/ssh_host_dsa_key.pub
  1. For details, see "3.7  Configuring the SSH/Telnet Service for Login to the XSCF."
  2. Register a user public key.
    To use a user key of an SSH service through an XSCF-LAN connection, create a user secret key and user public key for a registered XSCF user account on the PC, and register the user public key with the XSCF.
    For details, see "3.7  Configuring the SSH/Telnet Service for Login to the XSCF."
  3. Configure the XSCF-dedicated network.
    Configure the XSCF network, including the XSCF-LAN IP address and SSCP. Multiple users can access the XSCF concurrently via SSH, Telnet, or HTTPS.
    Execute the applynetwork command to reflect the network settings. Then, execute the rebootxscf command to reboot the XSCF and complete configuration work. After the XSCF is rebooted, the XSCF session is disconnected. Log in again.
    For details, see "3.9  Configuring the XSCF Network."
  4. Connect to the XSCF shell from any terminal capable of an XSCF-LAN connection (optional).
    The setting work from this step can be done through an XSCF-LAN connection too. Here, connect to the XSCF by specifying its IP address on a PC connected to the XSCF-LAN, and log in again.
    To keep using the serial connection for settings, go to step 12.
    The Telnet service should not be considered as being a secure form of communication. We recommend using an SSH service. In login via an SSH service, there may be a question about the validity of the fingerprint of the host public key. Confirm that the fingerprint is the same as the one noted in step 7, and reply "yes". If the fingerprints do not match, the IP address may not be correct or unique to the connection destination, or may imply "spoofing." Check the IP address again.
RSA key fingerprint is xxxxxx
Connecting? [yes|no] : yes
  1. To use an SSH service with user key authentication when a passphrase has been set, enter the passphrase.
Enter passphrase for key '/home/nana/.ssh/id_rsa' :xxxxxxxx
Warning: No xauth data; using fake authentication data for X11
forwarding.
Last login: Fri Sep 1 10:19:37 2011 from client
  1. Configure NTP (optional).
    Configure NTP such that the XSCF operates as an NTP server or NTP client. You may also be configuring NTP after configuring a domain.
    For details, see "3.6  Setting the XSCF Time/Date."
The following configures the settings to manage a user account. To manage a user account, determine in advance whether to configure a local user account saved in the XSCF or to set the account data saved in a directory database on a network using the Lightweight Directory Access Protocol (LDAP), Active Directory, or LDAP over SSL. To configure a directory database on a network, set the user accounts to authenticate against the directory database.
To use the LDAP, Active Directory, or LDAP over SSL server, you need to download a certificate, create a public key, and complete user registration to the directory database in your environment in advance.
Since an Active Directory or LDAP over SSL user cannot upload a user public key to the XSCF, you must login after connecting to the XSCF via SSH, using password authentication.
This manual does not provide details on the LDAP, Active Directory, and LDAP over SSL. See the available LDAP, Active Directory, and LDAP over SSL manuals.
Note - For the XCP firmware version that supports the LDAP, Active Directory, and LDAP over SSL service, see the latest Product Notes for your server.
  1. Configure LDAP service settings (optional).
    Configure the XSCF as an LDAP client. For details, see "3.5.12  Managing XSCF User Accounts Using LDAP."
  2. Configure Active Directory service settings (optional).
    Configure the XSCF as an Active Directory client. For details, see "3.5.13  Managing XSCF User Accounts Using Active Directory."
  3. Configure LDAP over SSL service settings (optional).
    Configure the XSCF as an LDAP over SSL client. For details, see "3.5.14  Managing XSCF User Accounts Using LDAP over SSL." 
  4. Configure XSCF user accounts.
    Register the XSCF user accounts retained locally on the server, according to the user environment.
    - To add a user account, execute the showuser command with the -l option specified, and confirm that the user account list has no invalid user account.

    - Considering maintenance work, be sure to prepare a field engineer (FE) user account that has the fieldeng user privilege.

    For details, see "3.5  Creating/Managing XSCF Users."
  5. Configure SMTP (optional).
    Configure SMTP to use the XSCF e-mail notification function.
    For details, see "10.2  Receiving Notification by E-mail When a Failure Occurs."
  1. Configure SNMP protocol-related items for using the SNMP agent function (optional).
    For details, see "10.3  Monitoring/Managing the System Status With the SNMP Agent."
  2. Configure items for using the remote maintenance service (optional).
    This document does not describe the remote maintenance service function in detail. For information on the remote maintenance service function, see the latest Product Notes for your server.
The following steps configure items for management of hardware in the whole system.
  1. Set the altitude.
    For details, see "4.1  Setting/Checking the System Altitude."
Note - The work for this setting has been done during initial installation. If the value needs to be changed, set it again.
  1. Configure power capping (optional).
    For details, see "4.4  Reducing Power Consumption."
  2. Configure memory mirror mode (optional).
    For details, see "14.1  Configuring Memory Mirroring."
  3. Set the air-conditioning wait time (optional).
    Set the time so that power-on processing waits until the air conditioning facilities adjust the environment to room temperature.
    For details, see "4.2.2  Setting/Checking the Wait Time for Air Conditioning."
Note - The SPARC M12/M10 does not support the wait time setting for air conditioning.
The following steps configure items for management of physical partitions.
  1. Configure physical partitions (optional).
    Set domain configuration management information.
    For details, see "11.2  Checking a Physical Partition" and Fujitsu SPARC M12 and Fujitsu M10/SPARC M10 Domain Configuration Guide.
  2. Set the physical partition mode (optional).
    For details, see "7.2  Setting the Physical Partition Operation Mode" and Fujitsu SPARC M12 and Fujitsu M10/SPARC M10 Domain Configuration Guide.
  3. Perform the settings for CPU Activation.
    For details, see "Chapter 5  CPU Activation."
  4. Set the warmup time (optional).
    Set a time to delay power-on processing for a specific elapsed time immediately before Oracle Solaris starts running. The set time applies after the start of server power-on processing. This setting is used to wait until the server has warmed up and peripheral devices are powered on.
    If the setpowercapping command has set the upper limit value of power consumption, the power consumed by all physical partitions operating concurrently may exceed the upper limit value. To prevent this, you can use this setting to stagger operating times for each physical partition.
    For details, see "4.2.1  Setting/Checking the Warmup Time."
  5. Set the power schedule (optional).
    Set the power-on/off schedule of the physical partitions.
    To set the power-on/off schedule of the physical partitions, use the addpowerschedule, deletepowerschedule, and setpowerschedule commands of the XSCF firmware. For details of each command, see the man page of the command or the Fujitsu SPARC M12 and Fujitsu M10/SPARC M10 XSCF Reference Manual.