Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1020204.1
Update Date:2012-07-10
Keywords:

Solution Type  Technical Instruction Sure

Solution  1020204.1 :   Collecting snapshot on ILOM 3.x and later platforms  


Related Items
  • SPARC T4-2
  •  
  • Sun Netra T5440 Server
  •  
  • SPARC T3-2
  •  
  • Sun SPARC Enterprise T5440 Server
  •  
  • Sun SPARC Enterprise T5120 Server
  •  
  • SPARC T3-4
  •  
  • Sun SPARC Enterprise T5220 Server
  •  
  • SPARC T4-1
  •  
  • Sun SPARC Enterprise T5240 Server
  •  
  • SPARC T3-1
  •  
  • SPARC T4-4
  •  
  • Sun Blade T6320 Server Module
  •  
  • Sun Netra T5220 Server
  •  
  • Sun SPARC Enterprise T5140 Server
  •  
Related Categories
  • PLA-Support>Sun Systems>SPARC>Usx/Blade/Netra>SN-SPARC: USx
  •  
  • .Old GCS Categories>Sun Microsystems>Servers>CMT Servers
  •  
  • .Old GCS Categories>Sun Microsystems>Servers>Blade Servers
  •  
  • .Old GCS Categories>Sun Microsystems>Servers>NEBS-Certified Servers
  •  

PreviouslyPublishedAs
254168


Applies to:

Sun Blade T6320 Server Module - Version Not Applicable and later
Sun SPARC Enterprise T5120 Server - Version Not Applicable and later
Sun SPARC Enterprise T5140 Server - Version Not Applicable and later
Sun SPARC Enterprise T5240 Server - Version Not Applicable and later
SPARC T3-1 - Version Not Applicable and later
All Platforms

To discuss this information further with Oracle experts and industry peers, we encourage you to review, join or start a discussion in the My Oracle Support Community, Oracle Solaris Entrylevel Servers.



Goal

Collecting snapshot on ILOM 3.x and later platforms.

Fix

Description
Collecting snapshot on ILOM 3.x and later platforms.

Note that the snapshot data collector is only available since ILOM 3.0.


Steps to Follow
The snapshot utility provides a single solution to collect SP data for use by Sun Services personnel to diagnose problems.

Overview

The Snapshot utility provides a single solution to collect SP data for use by Oracle/Sun Services personnel to diagnose problems.  The utility collects log files, runs various commands and collects their output, and sends the data collection as a zip file to a user defined location.  The resulting file is a zip file.

It is possible to invoke snapshot in normal mode (via DMTF CLI and BUI), Service mode (via DMTF CLI) and Escalation mode (as a regular bash command).  Collecting the snapshot requires the "a" role.  Snapshot supports the SFTP (Secure File Transfer Protocal) and FTP (File Transfer Protocal) download protocols as well as HTTPS when using the browser as the target in the BUI.   Snapshot also supports encrypting the entire output file.

The information to be collected is organized in logsets. The logsets are :

  • o => Linux operating system data
    • SP/CMM OS : Linux O/S logs
    • SP/CMM OS : Linux O/S commands output
  • i => Common ILOM data
    • 'show -d properties -level all /'
    • /conf
    • /X/logs/event/list
    • etc.
  • h => Hardware specific logs and commands which are non-disruptive
    • Includes FMA logs and command output
    • Includes IPMI command output
  • d => Diagnostics, which may cause the host to reset
    • This is platform specific. On platforms that collect hdtl output as part of these tests, using this dataset may reset the host. For this reason, the reset role (r) is required to use this logset.
  • F => FRUID; series of commands which dumps & collects raw FRUID images
    • All files generated by running fruimage
  • S => dataset collected only when in Service mode or higher
    • This includes the files in /persist, /var/log/*.log and the output of ps auxwwww
  • E => dataset collected only when in Escalation mode
    • This includes information specific to the linux kernel and runtime environment along with ILOM binary coredumps
    • Black Box Recorder (BBR) data

Note : the CONFIG file available in the root directory of the snapshot output file provides the detail for all the files and command outputs collected, by logset.  See an example of a the master CONFIG file in attachment (CONFIG).

Note :
There might be some platform-specific commands added to the master file.  Some additional commands (hdtl, spdiag, hostdiags ...) are collected as well for C10 or Galaxy platforms.  These commands are added to the master file.  See an example of additional commands for Galaxy G12 (CONFIG_galaxy_G12) or an example of additional commands for C10 Vayu (CONFIG_C10_vayu).  A copy of the config file for any given platform can be obtained by taking a snapshot from that platform.

The logsets are grouped in datasets that are available from CLI/BUI and defined as following :

  • "normal" collects ILOM, SPOS & Hardware (logsets = ioh)
  • "fruid" collects everything in "normal" plus FRUID (logsets = Fioh)
  • "full" collects everything in "fruid" plus Diagnostic tests (logsets = Fiohd)
    • because full includes the "d" logset, collecting a "full" dataset may reset the host. Snapshot will request confirmation before collecting this dataset.

There is also a -logonly version for each dataset.  These versions are intended for situations where the SP/CMM software is malfunctioning.  Using this dataset causes snapshot to only collect "log" files as indicated by their entries in the snapshot config file. No commands or normal files are collected.

Note : It is possible to check which logsets were used and if the log-only option was used via the README file available in the snapshot directory.  Example from a normal-logonly:

     bash-3.00$ more sn-br-sp-sca11_xx.xx.xx.xx_2009-03-02T15-24-37/README
   Archive Name: sn-br-sp-sca11_
xx.xx.xx.xx_2009-03-02T15-24-37.zip
   Config File: /usr/local/bin/../lib/snapshot/snapshot.conf
   Version: 1.1
   LOG-ONLY MODE: no
   Log Sets: ioh
   SP SW DOWN: no
   Max Domains: 1

It is possible to encrypt the resulting zip file.  The user will be prompted for the password used for encryption in order to decrypt the file.  See below for the details.

The snapshot utility is implemented as an spsh target in /X/diag namespace with the following properties :

  • dataset
  • dump_uri
  • encrypt_output
  • result

-> help /X/diag/snapshot  

 /SP/diag/snapshot : Take snapshot of system for diagnostic purposes
    Targets:

    Properties:
    dataset : dataset
    dataset : Possible values = normal, normal-logonly, fruid, fruid-logonly, full, full-logonly
    dataset : User role required for set = a

    dump_uri : initiate snapshot to URI.  URI syntax and examples:
            ftp://user[:password]@host//absolute-directory-path/
            ftp://user[:password]@host/relative-directory-path/
            sftp://user[:password]@host/absolute-directory-path/
            ex:  sftp://[email protected]/tmp/
    dump_uri : Possible values = sftp, ftp
    dump_uri : User role required for set = a

    encrypt_output : encrypt snapshot output file
    encrypt_output : Possible values = true, false
    encrypt_output : User role required for set = a

    result : snapshot command result
    result : User role required for set = a


Collect the snapshot

Snapshot supports HTTPS, SFTP and FTP download protocols and encrypt file and can be invoked from Normal, Service and Escalation mode.  The data collection will start as soon as the dump_uri property is defined.

Collect from the Browser User Interface

It is possible to collect data and invoke snapshot from the BUI.  The BUI offers to select the dataset to be used or to specify the logset; as well as the -logonly options.

Note : The Service and Escalation datasets are not available from the BUI.  See the attached screenshot.

Here are the details of the /X/diag/snapshot target.

Define the dataset:  Before collecting the information, the dataset must be set in order to collect the proper level of information.  As previously stated, the logsets are grouped in datasets that are available from CLI/BUI and defined as following :

  • "normal" collects ILOM, SPOS & Hardware (logsets = ioh)
  • "fruid" collects everything in "normal" plus FRUID (logsets = Fioh)
  • "full" collects everything in "fruid" plus Diagnostic tests (logsets = Fiohd)
    • because "full" includes the "d" logset, collecting a "full" dataset may reset the host. For this reason, the (r)eset role is required to select the "full" dataset.

Plus the -logonly versions.

The dataset is a property of the /X/diag/snapshot target and may be changed prior to starting the data collection.  The default value is "normal", which will be sufficient for the vast majority of diagnostic cases.

     -> show /X/diag/snapshot

     /X/diag/snapshot
        Targets:

        Properties:
       dataset = normal
       dump_uri = (Cannot show property)
       encrypt_output = false
       result = (none)

        Commands:
       cd
       set
       show

     -> help /X/diag/snapshot dataset
        Properties:
       dataset : dataset
       dataset : Possible values = normal, normal-logonly, fruid, fruid-logonly, full, full-logonly
       dataset : User role required for set = a

    -> set /X/diag/snapshot dataset=full
     Set 'dataset' to 'full'

    -> show /X/diag/snapshot

     /X/diag/snapshot
        Targets:

        Properties:
       dataset = full
       dump_uri = (Cannot show property)
       encrypt_output = false
       result = (none)

        Commands:
       cd
       set
       show


Define the encryption mode:  It is possible to encrypt the resulting zip file.  The user will be prompted for an encryption password at time of starting the collection.  The user will be prompted for the password used for encryption in order to decrypt the file.

Example :

     -> show /X/diag/snapshot encrypt_output     

       /X/diag/snapshot
         Properties:
        encrypt_output = false

     -> set /X/diag/snapshot encrypt_output=true
     Set 'encrypt_output' to 'true'

     -> show /X/diag/snapshot encrypt_output

      /X/diag/snapshot
         Properties:
        encrypt_output = true

     -> set /X/diag/snapshot dump_uri=sftp://user@
xx.xx.xx.xx/tmp/Tests
     Enter remote user password: *********
     Enter encryption passphrase for snapshot output file: ***
     Confirm encryption passphrase for snapshot output file: ***
     Set 'dump_uri' to 'sftp://user@
xx.xx.xx.xx/tmp/Tests'

When the zip.e file is ready, then decrypt and unzip.

     % openssl aes-128-cbc -d -in sn-br-sp-sca11_xx.xx.xx.xx_2009-03-02T15-54-15.zip.e -out sn-br-sp-sca11_xx.xx.xx.xx_2009-03-02T15-54-15.zip
     enter aes-128-cbc decryption password: *******
     % unzip -q sn-br-sp-sca11_
xx.xx.xx.xx_2009-03-02T15-54-15.zip


Start the data collection

The data collection will start as soon as the dump_uri property is properly set.
It is possible to send the zip file resulting from the snapshot data collection to a remote system via https (BUI), SFTP (BUI/CLI) and FTP (BUI/CLI).

The dump_uri property will contain this information.

     -> help /X/diag/snapshot dump_uri
         Properties:
         dump_uri : initiate snapshot to URI.  URI syntax and examples:
                 ftp://user[:password]@host//absolute-directory-path/
                 ftp://user[:password]@host/relative-directory-path/
                 sftp://user[:password]@host/absolute-directory-path/
                 ex:  sftp://[email protected]/tmp/
         dump_uri : Possible values = sftp, ftp
         dump_uri : User role required for set = a


Example using the FTP protocol :

     -> set dump_uri=ftp://user@xx.xx.xx.xx//tmp/
     Enter remote user password: *********
     Set 'dump_uri' to 'ftp://user@
xx.xx.xx.xx//tmp/'

Notes :

  • By default FTP references the user's home directory,
  • For absolute paths, the double slash after the host is needed,
  • It is not possible to specify the filename for the snapshot zip file; snapshot generates its own filename,
  • Which means that the dump_uri is a reference to a directory (not a file) that must exist and be writable


Example using the SFTP protocol :

     -> set /X/diag/snapshot dump_uri=sftp://user@xx.xx.xx.xx/home/user
     Enter remote user password: *********
     Set 'dump_uri' to 'sftp://user@
xx.xx.xx.xx/home/user'

If the URI contains the password then the system will not prompt you for it.

     -> set /X/diag/snapshot dump_uri=sftp://user:password@
xx.xx.xx.xx/home/user
     Set 'dump_uri' to 'sftp://user@
xx.xx.xx.xx/home/user'


Service mode (logsets = S)


When the Service mode is enabled, it is possible to collect the snapshot including the extra information gathered while running in Service mode.
This extra information will be stored in the spos_info/service/, spos_logs/service/ and ilom/service/ directories.

Similar to Normal mode, set the dataset to the appropriate value and start the data collection by setting the dump_uri property.

Setting the dataset to normal will result in using the iohS logsets.
Setting the dataset to fruid will result in using the FiohS logsets.
Setting the dataset to full will result in using the FiohdS logsets.

     -> show SESSION mode

        /X/sessions/22
         Properties:
       mode = service

     -> show  /X/diag/snapshot dataset

       /X/diag/snapshot
         Properties:
       dataset = fruid

     -> set /X/diag/snapshot dump_uri=sftp://user@xx.xx.xx.xx/home/user
     Enter remote user password: *********
     Set 'dump_uri' to 'sftp://user@xx.xx.xx.xx/home/user'


Escalation mode (logset = E)

When running in Escalation mode, it is possible to invoke snapshot from the bash command line.  The dataset/logset can be defined via the "-L" option. 

WARNING: No user role checking is performed in escalation mode.  BE CAREFUL especially with the diagnostics logset.  This extra information will be stored in the ilom/escalation/ and spos_info/escalation/ directories.

Example :
     bash-2.05b# snapshot
     Usage: snapshot [-l] [-v] [-q] [-{y|n}] [-e [-P encryption-password]]                 [-L ] [-p user-password] -u

     set = one or more letters from logset field in configuration file entries
      
estination-URI (i.e. the target directory) may be specified as:
          file:///path
          protocol://host/path
          protocol://username@host/path
          protocol://username:password@host/path
     protocol = 'sftp', 'tftp', 'ftp', 'ftps', 'http', or 'https'

     bash-2.05b# snapshot -L E -u sftp://[email protected]/tmp/Tests
     E
nter password for user "user":
     Collecting data into sftp://[email protected]/tmp/Tests/sn-br-sp-sca11_xx.xx.xx.xx_2009-03-02T21-12-24.zip
     @ Snapshot Complete.

     bash-2.05b# snapshot -L oihFE -u sftp://[email protected]/tmp/Tests
     Enter password for user "user":
     Collecting data into sftp://[email protected]/tmp/Tests/sn-br-sp-sca11_xx.xx.xx.xx_2009-03-02T21-15-28.zip
     Snapshot Complete.


Check the result

The /X/diag/snapshot target has a "result" property that reports information about the status of the data collection.

When the snapshot is running.

     -> show /X/diag/snapshot result

       /X/diag/snapshot
        Properties:
       result = Running

When the snapshot has completed successfully.

     -> show /X/diag/snapshot result                                          

      /X/diag/snapshot
         Properties:
       result = Collecting data into sftp://
[email protected]/home/user/sn-br-sp-sca11_xx.xx.xx.xx_2009-01-23T09-33-07.zip
     Snapshot Complete.
     Done.


When a problem occurred while collecting the data, the result property will also return the reason for the failure.

     -> ls                                                                                                        

      /X/diag/snapshot
         Targets:

         Properties:
       dataset = normal
       dump_uri = (Cannot show property)
       encrypt_output = false
       result = Access denied to remote resource
     Exited with error code 109


         Commands:
       cd
       set
       show


Here is a list of common errors (not exhaustive) :

ResultError CodeHelp
Unsupported protocol 101 Use ‘help dump_uri’ to list the supported protocols
Failed initialization 102 Confirm that sft-server is properly running on the remote target. For Solaris, check the sftp entry in the /etc/ssh/sshd_config file.
Couldn't resolve host name 106 The name provided for the remote is host is unknown. Ultimately, use the IP address.
Couldn't connect to server 107 Connection to the remote host is not possible (invalid IP address, ssh is not running on the remote host etc...)
Access denied to remote resource 109 Check that the target directory is valid (perms etc...) on the remote host
Login denied 167 Bad password provided, user does not exist etc...
Disk full or allocation exceeded 170 No space left on the target location on remote host.
Remote file not found 178 No filename should be specified in the dump_uri

 



Structure of the snapshot directory

After unzipping the resulting snapshot zip file, the following structure is available :

  • fruid :
    • contains information about FRUID
    • exists when the "F" logset was collected
  • ilom
    • common ILOM data
    • exists when the "i" logset was collected
  • ipmi
    • IPMI data
    • exists when the "h" logset was collected
  • spos_info
    • Linux O/S commands output
    • exists when the "o" logset was collected
  • spos_logs
    • Linux O/S commands output
    • exists when the "o" logset was collected
  • spos_info/service
    • more Linux commands output (ps output)
    • exists when the "S" logset was collected
  • spos_logs/service/
    • more Linux logs information (/var/log/*.log)
    • exists when the "S" logset was collected
  • ilom/service/
    • more ILOM configuration files (/persist/*)
    • exists when the "S" logset was collected
  • spos_info/escalation
    • more Linux information
    • exists when the "E" logset was collected
  • ilom/escalation
    • more /conf, coredumps information
    • exists when the "E" logset was collected


See an example of a the master CONFIG file in attachment (CONFIG).

Note :
There might be some platform-specific commands added to the master file.  Some additional commands (hdtl, spdiag, hostdiags ...) are collected as well for C10 or Galaxy platforms.  These commands are added to the master file.  See an example of additional commands for Galaxy G12 (CONFIG_galaxy_G12)  or example of additional commands for C10 Vayu (CONFIG_C10_vayu).  A copy of the config file for any given platform can be obtained by taking a snapshot from that platform.

As an example :

     bash-3.00$ pwd
     sn-br-sp-sca11_xx.xx.xx.xx_2009-03-02T15-44-34

     bash-3.00$ more README
     Archive Name: sn-br-sp-sca11_xx.xx.xx.xx_2009-03-02T15-44-34.zip
     Config File: /usr/local/bin/../lib/snapshot/snapshot.conf
     Version: 1.1
     LOG-ONLY MODE: no
     Log Sets: Fiohd
     SP SW DOWN: no
     Max Domains: 1

     bash-3.00$ ls -la
     total 194
     drwx--x--x   7 sdutille divers         9 Mar  2 15:47 .
     drwxrwxrwx 159 sdutille staff        456 Mar  2 22:47 ..
     -rw-------   1 sdutille divers      6090 Dec 18 06:51 CONFIG
     -rw-------   1 sdutille divers       200 Mar  2 07:44 README
     drwx--x--x   2 sdutille divers        38 Mar  2 15:47 fruid
     drwx--x--x   3 sdutille divers         8 Mar  2 15:47 ilom
     drwx--x--x   2 sdutille divers         6 Mar  2 15:47 ipmi
     drwx--x--x   3 sdutille divers        17 Mar  2 15:47 spos_info
     drwx--x--x   2 sdutille divers        11 Mar  2 15:47 spos_logs


Making ILOM snapshot work with explorer:

Explorer 6.1 will be able to collect snapshot data from systems running ILOM 3.0.

Background: It is assumed that explorer will be run as root on a host dedicated to collecting one or more ILOM snapshot output files (the Explorer Host). This is potentially the platform host itself. In general, explorer will login to the SP or CMM using SSH public key authentication, start snapshot with its output directed back to the host running explorer, then collect the .zip output file once snapshot is complete. The zip file will be collected at the end of the explorer execution and made available in the ../ilom directory of the explorer.

There are several preparation steps necessary for an ILOM SP/CMM to work with explorer.

Setup public key authentication on SP/CMM

1. Create a user on the SP/CMM with the administration (a) role.

Below, replace "X" with "SP" or "CMM" based on your platform.

      -> create /X/users/expluser
      Creating user...
      Enter new password:
      create: Password length must be between 8 and 16 characters
      Enter new password: *********
      Enter new password again: *********
      Created /X/users/expluser
      -> set /X/users/expluser role=ao
      Set 'role' to 'ao'


2. Load the public key.

So that the Explorer Host root user can login to the SP or CMM as user expluser, you must make the Explorer Host's root user's public key available to the SP or CMM via one of its supported protocols. The load_uri supports numerous protocols. To use sftp, scp or ftp, be sure to supply the username and password in the URI. e.g. set load_uri=sftp://username:password@host/absolute/path/to/public/key

First, generate a key on the Explorer Host. This is the key that will be loaded on the SP / CMM (do not use passphrase) :

    bash-3.00# ssh-keygen -t dsa
    Generating public/private dsa key pair.
    Enter file in which to save the key (//.ssh/id_dsa):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in //.ssh/id_dsa.
    Your public key has been saved in //.ssh/id_dsa.pub.
    The key fingerprint is:
    d9:93:ce:38:53:32:65:9c:60:30:be:00:76:df:05:fe root@host

Log to the SP/CMM from the Explorer Host as expluser :

    bash-3.00# ssh [email protected]
    Password:
    Waiting for daemons to initialize...

    Daemons ready

    Sun(TM) Integrated Lights Out Manager

    Version 3.0.4.0-bld_55-t

    Copyright 2010 Sun Microsystems, Inc. All rights reserved.
    Use is subject to license terms.

    ->

Make sure to clear any existing key :

    -> cd /X/users/expluser/ssh/keys/1
    /X/users/expluser/ssh/keys/1

    -> set clear_action=true
    Are you sure you want to clear /X/users/expluser/ssh/keys/1 (y/n)? y
    Set 'clear_action' to 'true'

Then load the key on the SP :

    -> cd /X/users/expluser/ssh/keys/1
    /X/users/expluser/ssh/keys/1

    -> set load_uri=tftp://1.2.3.4/.ssh/id_dsa.pub
    Load successful.
    -> ls -d properties
    /X/users/expluser/ssh/keys/1
    Properties:
        fingerprint = c0:98:22:33:60:84:ec:b8:88:ba:cb:5c:fc:1c:6b:37
        algorithm = ssh-dss
        embedded_comment = (none)
        bit_length = 1024
        load_uri = (Cannot show property)
        clear_action = (Cannot show property)

Note that using the tfpt protocol is just an example here.
The load_uri supports numerous protocols. To use sftp, scp or ftp, be sure to supply the username and password in the URI.  e.g. set load_uri=scp://root:password@host/.ssh/id_dsa.pub
Refer to the Oracle Integrated Lights Out Manager (ILOM) 3.0 CLI Procedures Guide for the syntax and usage.


3. Log again to the SP user account from the Explorer Host

From the account on the Explorer Host running explorer (usually root), login once to the user account just created on the SP in order to accept the host key

      # ssh [email protected]
      The authenticity of host 'xx.xx.xx.xx' can't be established.
      RSA key fingerprint is ec:29:8c:8c:3d:82:59:15:f3:4b:fe:dd:12:52:7e:49.
      Are you sure you want to continue connecting (yes/no)? yes
      Warning: Permanently added 'xx.xx.xx.xx' (RSA) to the list of known hosts.

      Sun(TM) Integrated Lights Out Manager

      Version 3.0.4.0-bld_55-t

      Copyright 2008 Sun Microsystems, Inc. All rights reserved.
      Use is subject to license terms.

      ->

Note that no password is now required.

During the explorer execution, if the snapshot collection fails with "ilomsnapshot_start: SSH hostkey must be accepted" , see example:


    # /opt/SUNWexplo/bin/explorer
    :
    17:27:21 T5440[29340] explorer: explorer ID: explorer.84aabf4a.T5440-2010.04.22.08.27
    17:27:22 T5440[29340] ilomsnapshot_start: RUNNING
    17:27:22 T5440[29340] ilomsnapshot_start: SSH hostkey must be accepted.
    :
   
then generate a new key on the SP :

- Log in to the SP

- Set the key type by typing the following:

    -> set /X/services/ssh generate_new_key_type=dsa|rsa

- Set the action to true.

    -> set /X/services/ssh generate_new_key_action=true


When running explorer, you can check the result for the snapshot data collection via the ilom/snapshot_*.* files.

If the "ilom/snapshot_start.err" file reports a "Host key verification failed."

Example:
    # cat /opt/SUNWexplo/output/explorer.xxxxxxxx.T5440-2010.04.26.07.10/ilom/snapshot_start.err
    ***********************************************************
    * WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! *
    ***********************************************************
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    Someone could be eavesdropping on you right now (man-in-the-middle attack)!
    It is also possible that the RSA host key has just been changed.
    The fingerprint for the RSA key sent by the remote host is
    db:83:8e:44:xx:yy:zz:7d:f5:89:ef:88:c6:aa:bb:cc.
    Please contact your system administrator.
    Add correct host key in /.ssh/known_hosts to get rid of this message.
    Offending key in /.ssh/known_hosts:2
    RSA host key for 10.mm.mmm.YYY has changed and you have requested strict checking.
    Host key verification failed.

Then the old key for the SP must be removed from the Explorer Host :

    # rm /.ssh/known_hosts


Setup a user on the Explorer Host to receive snapshot data.

There must be a user account on the Explorer Host that can be accessed from the SP or CMM via ftp or sftp. This user account must be able to write into the dropoff directory.

1. Create the user

      # useradd expltest
      # passwd expltest
      New Password: 
      Re-enter new Password:  
      passwd: password successfully changed for expltest

See svcadm(1M) if necessary to allow ftp or sftp

2. Configure ilomsnapshotinput.txt

The ilomsnapshotinput.txt file lives in /etc/opt/SUNWexplo on the Explorer Host. This file contains one line per SP or CMM to have its ILOM snapshot data collected.
Note that explorer requires the permissions for ilomsnapshotinput.txt to be 400 or 600.
Here is the empty file that is distributed with Explorer:

    # Input file for extended ilom snapshot data collection
    # Format:
    #   SPHOST SPUSER PROTO DESTHOST DESTPICKUP DESTDROPOFF DESTUSER DESTPASSWORD
    # Explorer requires the mode of ilomsnapshotinput.txt is 0400 or 0600
    # SPHOST: hostname or IP address of SP or CMM.
    # SPUSER: explorer logs in to SP/CMM as this user.
    # PROTO={ftp|sftp}
    # DESTHOST: hostname or IP address of system running explorer (this system).
    #     Use "-" to have explorer lookup IP address for hostname from hosts table.
    # DESTPICKUP: Absolute path of directory on this system where explorer will be
    #     receive snapshots.  Use "-" to use /tmp.
    # DESTDROPOFF: directory where snapshot will deposit output.  When PROTO is sftp
    # this must be an absolute path to a directory.  Use "-" to use /tmp.
    # DESTUSER: snapshot logs in to the system running explorer as this user
    # DESTPASSWORD: DESTUSER's password
    #
    # mysp.mydom spuser sftp ftpzone-lomnet /zones/ftpzone/export/ftp/incoming /ftp/incoming explrecvuser explrecvuser-password


The file allows for the user explrecvuser to have a different view of the filesystem than the Explorer Host root user. This may be useful in systems with zones or other configurations that want to provide increased security around the user explrecvuser. In most cases, the default configuration will work fine.

Add an entry in ilomsnapshotinput.txt for every SP/CMM that will have its snapshot data collected by this Explorer Host. For example:

    * xx.xx.xx.XX expluser sftp - - - expltest expltest
    * The user on the explorer host (expltest in this example) can have its login access restricted or removed and the account can be made very secure, just so long as it is possible to write into the dropoff directory on the explorer host using ftp or sftp.

Starting from Explorer 6.4 and later, it's possible to specify the dataset (normal, full, fruid) in the ilomsnapshotinput.txt file.

Example :

# Input file for extended ilom snapshot data collection
# Format
# SPHOST SPUSER PROTO DESTHOST DESTPICKUP DESTDROPOFF DATASET DESTUSER DESTPASSWORD
# Explorer requires the mode of ilomsnapshotinput.txt is 0400 or 0600 # SPHOST      :hostname or IP address of SP or CMM.
# SPUSER      :explorer logs in to SP/CMM as this user.
# PROTO={ftp|sftp}
# DESTHOST    :hostname or IP address of system running explorer (this system).
#              Use - to have explorer lookup IP address for hostname from hosts table.
# DESTPICKUP  :Absolute path of directory on this system where explorer will
#              receive snapshots. Use - to use /tmp.
# DESTDROPOFF :directory where snapshot will deposit output.  When PROTO is sftp
#              this must be an absolute path to a directory.  Use - to use /tmp.
# DATASET     :dataset for which snapshot to be collected.
# DESTUSER    :snapshot logs in to the system running explorer as this user
# DESTPASSWORD:DESTUSER's password
# mysp.mydom spuser sftp ftpzone-lomnet /zones/ftpzone/export/ftp/incoming /ftp/incoming fruid explrecvuser explrecvuser-password
xx.xx.xx.xx expluser sftp - - - normal expltest expltest_password


xx.xx.xx.xx expluser sftp - - - full expltest expltest_password


3. Invoke Explorer

Run Explorer as normal.

      # explorer

Feb 07 18:23:35 explorer_host[5037] explorer: explorer ID: explorer.xxxxxxxx.explorer_host-2011.02.07.10.23
Feb 07 18:23:35 explorer_host[5037] ilomsnapshot_start: RUNNING
[…]
Feb 07 18:32:52 explorer_host[5037] ilomsnapshot_finish: RUNNING
Feb 07 18:38:12 explorer_host[5037] explorer: data collection complete
Feb 07 18:38:21 explorer_host[5037] explorer: removing previous explorers from /opt/SUNWexplo/output
Feb 07 18:38:21 explorer_host[5037] explorer: Explorer finished


Run Explorer only to collect ILOM snapshot.

      # explorer -w !default,ilomsnapshot

4. When the explorer data collection has completed, the snapshot will then be available in the 'ilom' directory.

Example :

# pwd
/opt/SUNWexplo/output/explorer.xxxxxxxx.explorer_host-2011.02.07.10.23/ilom/xx.xx.xx.xx
# ls
snapshot_finish.out
snapshot_start.out
SP_Host_xx.xx.xx.xx_2011-02-07T09-03-25.zip



Sun SPARC Enterprise T5220 Server
Sun Blade T6320 Server Module
Netra T5220 AC
Sun Netra T5220 Server
Sun SPARC Enterprise T5140 Server
Sun SPARC Enterprise T5240 Server
Sun Netra T5440 Server
Sun SPARC Enterprise T5440 Server

Internal Comments
For internal Sun use only.

ILOM, snapshot, explorer


Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback