Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1017404.1
Update Date:2011-08-12
Keywords:

Solution Type  Technical Instruction Sure

Solution  1017404.1 :   VTL - How to enable rpc for external access on ACSLS server  


Related Items
  • Sun StorageTek VTL Plus Storage Appliance
  •  
Related Categories
  • PLA-Support>Sun Systems>TAPE>Virtual Tape>SN-TP: VTL
  •  
  • .Old GCS Categories>Sun Microsystems>Storage - Tape>Tape Virtualization
  •  

PreviouslyPublishedAs
228488


Applies to:

Sun StorageTek VTL Plus Storage Appliance - Version: 1.0 - Build 1323 to 2.0 - Build 1656   [Release: 1.0 to 2.0]
All Platforms
.
***Checked for relevance on 05-08-2011*** (dd-mm-yyyy)

Goal

How to enable rpc for external access.

VTL Physical library configuration wizard fails to configure ACSLS library: Message: "Check ACSLS server IP nn.nn.nn.nn"

Summary:
The "secure by default" option (selectable at installation time) added to Solaris 10 11/06 is equivalant to issue the command "netservices limited".

In particular this results that the following services are restricted from external access:

network/rpc/bind:default
/system/webconsole:console

which has to consequence:

1) due to rpcbind being restricted, the rpc communication between nodes can not happen
2) webconsole and thus Sun Cluster Manager is not available

Solution

Problem Summary:
During the installation of the Solaris[TM] 10 11/06 or Solaris[TM] 10 8/07 OS, if you choose not to enable network services for remote clients, a restricted network profile is used that disables external access for certain network services. The restricted services include the following services that affect cluster functionality:

  • The RPC communication service, which is required for cluster communication
  • The Sun[TM] Java Web Console service, which is required to use the Sun[TM] Cluster Manager GUI


Workaround:

The following procedure is outlined in the SC 3.2 EIS checklist, which describes which steps are necessary if the customer decides to enable "secure by default" or issues "netservices limited":

Solaris 10 11/06 only:
Ensure that the local_only property of rpcbind is set to false:
# svcprop network/rpc/bind:default | grep local_only
if not false run:
# svccfg
svc:> select network/rpc/bind
svc:/network/rpc/bind> setprop config/local_only=false
svc:/network/rpc/bind> quit
# svcadm refresh network/rpc/bind:default
This is not false if you have installed with secure by default option of Solaris10u3. Is needed for cluster communication.


Solaris 10 11/06 only:
Ensure that the tcp_listen property of webconsole is set to true:
# svcprop /system/webconsole:console | grep tcp_listen
if not true run:
# svccfg
svc:> select system/webconsole
svc:/system/webconsole> setprop options/tcp_listen=true
svc:/system/webconsole> quit
# /usr/sbin/smcwebserver restart
This is not true if you have installed with secure by default option of Solaris10u3. Is needed for Sun Cluster Manager communication.
To verify if the port is listen to *.6789 you can execute
# netstat -a | grep 6789


Note that this also applies to Sun Cluster 3.1 08/05 (update 3) with Solaris 10 11/06.



References

<BUG:6558275> - REQUIRED STEPS IF SOLARIS SECURE BY DEFAULT OPTION IS ENABLED NEED DOCUMENTATION

Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback