How to Install SDM Components on a Managed Host

Grid Engine Home > Service Domain Manager > SDM Installation Overview >

How to Install SDM Components on a Managed Host

Before You Begin

Install the SDM core components on the master host as described in How to Install the SDM Module on the Master Host.

Steps
  1. (Optional) To use "password-less" authentication, copy a keystore and the CA certificate to the managed host.
    After the master host installs successfully, the keystore of the SDM administrative user and the security (CA) certificate file are stored in the local spool directory. The keystore contains the private credentials to authenticate the SDM administrative user. The security certificate ensures that the contacted server component is trusted. The SDM administrative user is permitted to access both files.
    Note
    Although you can use any remote copy utility to copy these files, scp is most secure.


    1. Copy the keystore file to the managed host as shown in the following example. 
      master_host% scp /var/spool/hedeby1/security/users/sdm_admin.keystore \
               sdm_admin@foo1:/tmp/sdmadm_keystore.keystore
    2. Change the permissions of the keystore to ensure that only the SDM administrative user can read the copied file on the managed host. 
      master_host% ssh sdmadm@foo1
foo1% chmod 600 /tmp/sdm_admin.keystore
foo1% ls -l /tmp/sdm_admin.keystore
4 -rw------- 1 sdm_admin users 2713 2008-01-01 09:06 tmp/sdm_admin.keystore
foo1% exit


    3. Copy the security certificate file to the managed host as shown in the following example. 
      master_host% scp /var/spool/hedeby1/security/ca/ca_top/cacert.pem \
               sdm_admin@foo1:/tmp/cacert.pem
      Note
      If you do not perform this step, you must use the global -ppw option to authenticate the user as in this example: 
      foo1# sdmadm -s hedeby1 -p system -ppw install_managed_host ...

      The install_managed_host command prompts for user name and password.

      • The user name must be the name of the SDM administrative user.
      • The password must be the password used on the master host.
        The command also verifies that the contacted server component is trusted.


  2. Log in as the root user on the managed host.
  3. Install SDM components on the managed host. 
    foo1# sdmadm -s hedeby1 -p system -k /tmp/sdm_admin.keystore \
               -cc /tmp/cacert.pem                                \
               install_managed_host -au sdm_admin                 \
               -l /var/spool/sdm/hedeby1                          \
               -cs_url <master_host>:31118
  4. Start SDM component JVMs on the managed host. 
    foo1# sdmadm -p system -s hedeby1 startup_jvm
jvm         host result  message
----------------------------------------------------
executor_vm foo1 STARTED
  5. (Optional) For best security, delete the sdmadm_keystore.keystore and cacert.pem files from the managed host.
  6. Repeat the previous steps (1-5) as needed for each managed host.
  7. From the master host, confirm that all JVMs are started and that all SDM components are running as explained in SDM Installation Overview.
  8. After all the managed hosts are installed, add any service adapters.
    The master host installation adds automatically the first service, the spare pool, to the SDM system. After all managed hosts are installed, you can add additional services, such as Grid Engine services. For more information, see How to Add the Grid Engine Service.

Example – Installing SDM on a Managed Host

In the following example, the sdmadm install_managed_host command is used to make host foo1 a managed host. After successful execution, the bootstrap information is stored in the system preferences for the SDM system hedeby1. The command uses the keystore of the sdm_admin user for authentication against the configuration service.

master_host% scp /var/spool/hedeby1/security/users/sdm_admin.keystore \
               sdmadm@foo1:/tmp/sdmadm_keystore.keystore
master_host% ssh sdmadm@foo1
foo1% chmod 600 /tmp/sdm_admin.keystore
foo1% ls -l /tmp/sdm_admin.keystore
4 -rw------- 1 sdm_admin users 2713 2008-01-01 09:06 tmp/sdm_admin.keystore
foo1% exit
master_host% scp /var/spool/hedeby1/security/ca/ca_top/cacert.pem \
               sdmadm@foo1:/tmp/cacert.pem
master_host% ssh sdmadm@foo1
foo1% su -
foo1# sdmadm -s hedeby1 -p system               \
         -keystore /tmp/sdm_admin.keystore     \
         -cacert /tmp/cacert.pem               \
         install_managed_host                   \
         -au sdm_admin                          \
         -d /opt/sdm                            \
         -l /var/spool/sdm/hedeby1              \
         -cs_url <master_host>:31118

The following command ensures security by deleting the sdmadm_keystore.keystore and cacert.pem files from the managed host after the install_managed_host command finishes:

foo1# rm /tmp/sdm_admin.keystore /tmp/cacert.pem

After the managed host installation completes, the following command starts the executor component on the managed host:

foo1# sdmadm -p system -s hedeby1 startup_jvm
jvm         host  result  message
---------------------------------
cs_vm       foo1  STARTED

Install Managed Host Command Options

Use the sdmadm install_managed_host command to install the SDM functionality onto a managed host.

Synopsis
smdadm (-keystore <keystore-file> -cacert <cacert-file> | -ppw)
install_managed_host|imgdh [-autostart] [-nossl] -au <admin-user> -cs_url <cs-url> 
[-l <path-to-local-spool-dir>] [-d <path-to-dist-dir>]
Option Required or Optional Description
-au admin-user Required User name of the admin user. For example, sdm_admin.
-autostart Optional Specifies that SDM be restarted upon system boot. Applies only on systems with system preferences. If SMF is supported on the host, autostart uses SMF services; otherwise, autostart uses a startup script.
-cs_url cs-url Required URL of the configuration service. Use the following format: cs-host:cs-port
-d path-to-dist-dir Optional Path of the distribution directory. The default value is derived from the path to the sdmadm command.
-l path-to-local-spool-dir Required Complete path to the local spool directory. Default: /var/spool/sdm/system-name
-nossl Optional Turns off SSL encryption for the managed host.
Security
  • Optional Privileges
    • ADMINISTRATOR
      For the security bootstrapping the installing user must have the necessary credentials for the authentication as administrative user.
    • SUPER_USER
      If the -p parameter is set to SYSTEM the executing user must have the SUPER_USER privilege. The ownership of the keystores will be set to the corresponding users. If the -p parameter is set to USER the SUPER_USER privileges is not necessary. Owner of all keystores will be the executing user.

Also see Global Options for the sdmadm Command.

Participate
Have a best practice to share? Questions? Suggestions? Comments?

Learn More
For more on this topic, check out the following resources:

Enter labels to add to this page:
Please wait 
Looking for a label? Just start typing.

Sign up or Log in to add a comment or watch this page.


The individuals who post here are part of the extended Sun Microsystems community and they might not be employed or in any way formally affiliated with Sun Microsystems. The opinions expressed here are their own, are not necessarily reviewed in advance by anyone but the individual authors, and neither Sun nor any other party necessarily agrees with them.

Copyright 1994-2009 Sun Microsystems, Inc.
Powered by Atlassian Confluence Sun Guidelines on Public Discourse Privacy Policy Terms of Use Trademarks Site Map Employment Investor Relations Contact