Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1017404.1
Update Date:2011-08-12
Keywords:
Solution Type  Technical Instruction Sure

Solution  1017404.1 :   VTL - How to enable rpc for external access on ACSLS server  

Related Items 
    

  • Sun StorageTek VTL Plus Storage Appliance
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>TAPE>Virtual Tape>SN-TP: VTL
    •  
  • .Old GCS Categories>Sun Microsystems>Storage - Tape>Tape Virtualization
    •  

PreviouslyPublishedAs
228488 




Applies to: 
 
Sun StorageTek VTL Plus Storage Appliance - Version: 1.0 - Build 1323 to 2.0 - Build 1656   [Release: 1.0 to 2.0]
All Platforms

.

***Checked for relevance on 05-08-2011*** (dd-mm-yyyy)



Goal

How to enable rpc for external access.

VTL Physical library configuration wizard fails to configure ACSLS library: Message: "Check ACSLS server IP nn.nn.nn.nn"

Summary:
The "secure by default" option 
(selectable at installation time) added to Solaris 10 11/06 is 
equivalant to issue the command "netservices limited".

In particular this results that the following services are restricted from external access:

network/rpc/bind:default
/system/webconsole:console

which has to consequence:

1) due to rpcbind being restricted, the rpc communication between nodes can not happen
2) webconsole and thus Sun Cluster Manager is not available


Solution

Problem Summary: 
During the installation of the Solaris[TM] 10 11/06 or 
Solaris[TM] 10 8/07 OS, if you choose not to enable network services for
 remote clients, a restricted network profile is used that disables 
external access for certain network services. The restricted services 
include the following services that affect cluster functionality:

  •     The RPC communication service, which is required for cluster communication
  •     The Sun[TM] Java Web Console service, which is required to use the Sun[TM] Cluster Manager GUI



Workaround: 
The 
following procedure is outlined in the SC 3.2 EIS checklist, which 
describes which steps are necessary if the customer decides to enable 
"secure by default" or issues "netservices limited":

Solaris 10 11/06 only:
Ensure that the local_only property of rpcbind is set to false:
 # svcprop network/rpc/bind:default | grep local_only
if not false run:
 # svccfg
 svc:> select network/rpc/bind
 svc:/network/rpc/bind> setprop config/local_only=false
 svc:/network/rpc/bind> quit
 # svcadm refresh network/rpc/bind:default
This is not false if you have installed with secure by default option of Solaris10u3. Is needed for cluster communication.


Solaris 10 11/06 only:
Ensure that the tcp_listen property of webconsole is set to true:
 # svcprop /system/webconsole:console | grep tcp_listen
if not true run:
 # svccfg
 svc:> select system/webconsole
 svc:/system/webconsole> setprop options/tcp_listen=true
 svc:/system/webconsole> quit
 # /usr/sbin/smcwebserver restart
This
 is not true if you have installed with secure by default option of 
Solaris10u3. Is needed for Sun Cluster Manager communication.
To verify if the port is listen to *.6789 you can execute
 # netstat -a | grep 6789


Note that this also applies to Sun Cluster 3.1 08/05 (update 3) with Solaris 10 11/06.




References

 <BUG:6558275> - REQUIRED STEPS IF SOLARIS SECURE BY DEFAULT OPTION IS ENABLED NEED DOCUMENTATION



Attachments

This solution has no attachment


















       

Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.

 Feedback