Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition | |||
|
|
Solution Type Technical Instruction Sure Solution 1010444.1 : Sun Fire 12K/15K/E20K/E25K Server: ACL usage and common error messages
PreviouslyPublishedAs 214352
Applies to:Sun Fire 12K ServerSun Fire 15K Server Sun SPARC Sun OS GoalThis document describes the usage and purpose of domain access control lists(ACLs) on a Sun Fire[TM] 12K/15K/E25K/E20K Server and lists common error messages. SolutionACL usage and error messagesOne of the tasks when setting up a Sun Fire 12K/15K/E20K/E25K Server is to assign boards to each domain's ACL, or access control list. The purpose of these ACLs is to limit the domain administrator(s) ability to assign and unassign boards to a given domain. A sample ACL list for a system with five system boards and five IO boards is shown below. Available Component List for Domains: ===================================== Available Component List for domain mc15k-da: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain mc15k-db: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain C: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain D: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain E: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain F: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain G: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain H: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain I: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain J: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain K: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain L: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain M: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain N: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain O: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain P: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain Q: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain R: SB0 SB1 SB2 SB16 SB17 IO0 IO1 IO2 IO16 IO17 Note that in this case any of the system boards or IO boards can be assigned to any domain. In our test version, the altered ACL for domains A and B look like this: Available Component List for Domains: ===================================== Available Component List for domain mc15k-da: SB0 SB1 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain mc15k-db: SB0 SB1 SB2 SB17 IO0 IO1 IO2 IO16 IO17 Note that domain B has SB2 in its ACL but Domain A does not; neither domain has SB16 in its ACL. If we become the domain admin for Domains A and B and attempt to addboard, we'll see the error below: # addboard -d a sb16 Now since my domain admin account has access to domain A and B, let's move a board from B to A where it is in B's ACL but not A's: # showboards Now SB2 belongs to neither domain, although it is still in B's ACL. Available Component List for Domains: ===================================== Available Component List for domain mc15k-da: SB0 SB1 SB17 IO0 IO1 IO2 IO16 IO17 Available Component List for domain mc15k-db: SB0 SB1 SB2 SB17 IO0 IO1 IO2 IO16 IO17 Also, as implied by the messages above, the platform admin is NOT bound by the ACLs, and can add, delete, and move boards at will (subject to Solaris[TM] cooperating, and the HW being good for POST). In summary, the ACLs on the Sun Fire 12K/15K/E20K/E25K Server are for limiting domain administrators from taking boards away from other domains and would be used in a situation where multiple administrators share responsibility for domains on a Sun Fire 12K/15K/E20K/E25K Server. The ACLs are not updated by the add/delete/move board commands, nor is the user sms-svc (or any platform admin user) prohibited from making board changes on the platform by ACLs. Product Sun Fire 15K Server Sun Fire 12K Server Sun Fire E20K Server Sun Fire E25K Server Internal Section 12K, 15K, E20K, E25K, ACL, domain, addboard, moveboard, deleteboard, cfgadm, showplatform, setupplatform Previously Published As 70834 Attachments This solution has no attachment |
||||||||||||
|