You are on page 1of 4

Sun Server configuration

This document describes the specific configuration that should be done to a Sun box at build time to match the required USF standard. For each box the OS version should be Solaris 2.7. Note that this document does not discuss patch management, but the most recent patches should be obtained from Sun and added to the Jumpstart build process. Standard filesystem sizing Each host should have at least four disks. Two will be used for the mirrored root disk, and two for mirrored customer data. The root disk structure should be as follows: 18G disk layout: Filesystem / /opt /var Size (G) 3 3 6 Purpose The root OS Application directory All log files Temp and swap space (dual use in Sun)

swap (/tmp) 4 Notes:

• There is no separate /export/home. Nothing is really stored here and so it is not
required. This does mean that applications such as the Tivoli package should be altered to put their data under /var and their config files under /usr (where they should go anyway!). Users should log into a home directory that is where their data is; they should not be allowed to put non-OS files in the root filesystem. • The model here provides more than enough space for the root filesystem -probably only 500M is needed so this should be far more than enough. application executables, application support and customer configuration files only. The customer data files and any log files will be written to elsewhere. Customer data files should be written to the data disk, and log files should be written to /var.

• /opt is to be used for application data. Note that this is only for static data -- the

• swap is set to 4G -- this should be large enough to hold any savecore image that
may be created. The savecore image itself should be written to /savecore that should exist on the data disk. Note that savecore doesn't need to be mirrored so it can be concatenated across both disks effectively halving the space requirement.

32.62. 194. host access host access Here the red indicates specific customer access. This will be used to create the following additional volumes /data/inf /savecore swap swap 1 Gb 3 Gb 4 Gb 4 Gb System and Unix PT logs Crash Dumps Secondary swap Tertiary swap General configuration setup • The following packages should be added: Package TIVsmCapi TIVsmCba TIVsmCdoc USFSasert USFSssh Notes: Description Tivoli Storage Manager Solaris 2.194. # # # # # # # # Socks & Socks & Socks & Socks & Customer Customer Back-end Back-end admin access admin access admin access admin access access. 213. as this negates the point of this file! Can we build this from an IP book? • If the box is to be a web server.• All midrange servers have two 36 Gb internal disks which will be mirrored using Veritas Volume Manager.4 F-Secure SSH • When ASERT is installed it will add a default /etc/hosts. 32.6 Documentation ASERT Security Package v1. a public region will exist with approx 18 Gb of free space. of course. from customer to customer.34. Patch/software management Additional Software After the root disk has been encapsulated.183. This must be set up so that remote access is possible! The general contents of this file will be something like this: ALL ALL ALL ALL ALL ALL ALL ALL : : : : : : : : 194. 213. access.35. 213. otherwise no default route should be added (ie /etc/defaultrouter should not exist). 195.allow.239.224. All will have the same root disk layout on install s0 s1 s3 s7 / swap /var /opt 3 4 6 7 Gb Gb Gb Gb Root Primary swap Application logs. the default route should be set (/etc/defaultrouter).36.6 Client Tivoli Storage Manager Solaris 2. .62. 32. The intention is not to have an ALL : ALL line.62.6 API Tivoli Storage Manager Solaris 2. This will change.

. adv_autoneg_cap=0./* and that the directory /var/log/adsm must exist. ADSM ADSM should be set up so that its config file (/usr/bin/dsm.. Additional requirements The following additional requirements should be adopted on each new build: • IP book used to generate the following files: /etc/staticroutes /etc/hosts. This is achieved by modifying /kernel/drv/qfe./* /var/archive/.• All hosts should have their USF-connected network ports set to 100-full duplex.conf and|or /kernel/drv/hme. adv_100hdx_cap=0.def should be (modify to include only application configuration files): *DSM: files *exclude *include include exclude exclude to backup USF Servers * /home/..log 3 d /opt/tivoli/tsm/client/ba/bin/inclexcl.log 3 d /var/log/adsm/dsmerror./* /opt/weblogic/config /tmp/.allow /etc/macaddress • The following additions to the start scripts should be added: /etc/init. ln -s /var/archive /archive This is used by ADSM to perform weekly archiving. In addition the directory /archive should also exist and be a sym link to /var/archive: mkdir /var/archive..d/macaddress /etc/init. adv_10hdx_cap=0.def The contents of inclexcl. adv_10fdx_cap=0.sys) has these lines: schedlogname schedlogretention errorlogname errorlogretention INCLEXCL /var/log/adsm/dsmsched..d/staticroutes ..conf to this: adv_100fdx_cap=1.

.....• Direct root login should only be allowed from the console port (disable network access via /etc/default/login)....0.. ....200. • For apps (WebLogic) servers: make sure the muticast address (224.84. • Loopback address setup for web servers....0) is bound to the same network on both apps servers (netstat -rn|grep ^224).. (How do I set this -.I know this is ifconfig: lo0:1: flags=859<UP..POINTOPOINT.136 --> 127..1 netmask ff000000 ?) ...LOOPBACK.0..0..RUNNING..MULTICAST> mtu 8232 inet 62....0.