Configuring the Guardian Service Processor (GSP)The Guardian Service Processor (GSP) is a built-in processor on most HP systems that can be used for either local or remote system administration functions. I won't cover the use of the GSP, but I will cover its initial configuration. The initial configuration is important because the first person to gain access to the GSP before it has been configured is a GSP administrator by default. You gain access to the GSP with ^b (control b). If the GSP has not been configured, anyone who gets access to the console can type ^b and gain access to the system. I recommend you perform GSP configuration as soon as possible after installing your system. The following example shows issuing a ^b, which results in the GSP> prompt, and issuing he for help: Service Processor login: Service Processor password: Hewlett-Packard Guardian Service Processor 9000/800/L2000-44 System Name: uninitialized GSP Host Name: uninitialized GSP> GSP Host Name: uninitialized GSP> he HE Hardware Revision 8 Firmware Revision A.01.06 Aug 2 1999,11:38:47 AC : Alert Display Configuration PC : Remote Power Control AR : Config. Automatic System Restart PS : Power Management Module status CA : Configure serial port parameters RP : Reset password configuration CE : Log repair info in history buffer RS : System reset through RST signal CL : Display console history SDM: Set Display Mode (hex or text) CO : Return to Console Mode SE : Activate a system session DC : Default configuration SL : Display SPU status logs DI : Disconnect remote or LAN console SO : Security options & access control DR : Disable remote or LAN console SS : System's processor status ER : Enable remote or LAN console TC : System reset through INIT signal HE : Display the available commands TE : Sends a message to other terminals IT : Modify GSP inactivity timeouts VFP: Activates Alert Log Display LC : Configure LAN console WHO: Display list of GSP connected users LS : Display LAN console status XD : GSP Diagnostics and Reset MR : Modem Reset XU : Upgrade the GSP Firmware MS : Display the status of the Modem GSP Host Name: uninitialized GSP> You can see that in order to log in after the ^b was issued neither a login name or password were required. This is because GSP users have not yet been configured, so anyone can get access to this menu with ^b at the system console. There are several commands here to which you don't want unauthorized users to have access, so the first step we'll take is to setup security with SO : GSP> so SO This command allow you to modify the security options and access control. GSP wide parameters are: . Login Timeout: 1 minutes. . Number of Password Faults allowed: 3 . Flow Control Timeout: 5 minutes. Do you want to modify the GSP wide parameters? (Y/[N]) User number 1 parameters are: . User's Name: . User's Login: . Organization's Name: . Dial-back configuration: Disabled . Access Level: Operator . Mode: Single . User's state: Disabled Do you want to modify the user number 1 parameters? (Y/[N]/Q to quit) : From this menu, you can change GSP-wide parameters and establish GSP users. The first user added the first time you enter this screen will be the GSP system administrator. This is the user you want to set initially so that your system is secure. You can add one administrator and 19 users. This is an important step since users will now have to add a user name and password to gain access to GSP. The user information you add is shown in the previous listing and is self-explanatory. In addition to configuring users, there are many useful features of GSP, so I encourage you to experiment with it. One feature I often use is to issue CL to display a console history as shown in the following listing for the rp54xx system used throughout the examples in this chapter: GSP> cl CL Firmware Version 39.46 Duplex Console IO Dependent Code (IODC) revision 1 ------------------------------------------------------------------------------ (c) Copyright 1995-1998, Hewlett-Packard Company, All rights reserved ------------------------------------------------------------------------------ Processor Speed State CoProcessor State Cache Size Number State Inst Data --------- -------- --------------------- ----------------- ------------ 0 440 MHz Active Functional 512 KB 1 MB 3 440 MHz Idle Functional 512 KB 1 MB Central Bus Speed (in MHz) : 82 Available Memory : 2097152 KB Good Memory Required : 11468 KB Press Q/q to quit, Enter to continue: Primary boot path: 0/0/1/1.2 Alternate boot path: 0/0/2/0.2 Console path: 0/0/4/0.0 Keyboard path: 0/0/4/0.0 WARNING: The non-destructive test bit was set, so memory was not tested destructively. Information only, no action required. Processor is booting from first available device. To discontinue, press any key within 10 seconds. 10 seconds expired. Proceeding... Trying Primary Boot Path ------------------------ Booting... Boot IO Dependent Code (IODC) revision 1 Press Q/q to quit, Enter to continue: HARD Booted. ISL Revision A.00.38 OCT 26, 1994 ISL booting hpux Boot : disk(0/0/1/1.2.0.0.0.0.0;0)/stand/vmunix 6340608 + 821576 + 695024 start 0x210ce8 alloc_pdc_pages: Relocating PDC from 0xf0f0000000 to 0x7f9ab000. gate64: sysvec_vaddr = 0xc0002000 for 1 pages Unexpected interrupt on EIRR bit 32 NOTICE: autofs_link(): File system was registered at index 3. NOTICE: nfs3_link(): File system was registered at index 5. System Console is on the Built-In Serial Interface Logical volume 64, 0x3 configured as ROOT Logical volume 64, 0x2 configured as SWAP Logical volume 64, 0x2 configured as DUMP Swap device table: (start & size given in 512-byte blocks) entry 0 - major is 64, minor is 0x2; start = 0, size = 2097152 Starting the STREAMS daemons-phase 1 Checking root file system. log replay in progress replay complete - marking super-block as CLEAN Root check done. Create STCP device files Starting the STREAMS daemons-phase 2 B2352B/9245XB HP-UX (B.11.00) #1: Wed Nov 5 22:38:19 PST 1997 Memory Information: physical page size = 4096 bytes, logical page size = 4096 bytes Physical: 2097152 Kbytes, lockable: 1575156 Kbytes, available: 1816368 Kbyts /sbin/ioinitrc: /dev/vg00/lvol1: 34 files, 0 icont, 25716 used, 173665 free (81 frags, 21698 bl) /sbin/bcheckrc: Checking for LVM volume groups and Activating (if any exist) Volume group "/dev/vg00" has been successfully changed. Activated volume group Volume group "/dev/vg01" has been successfully changed. Resynchronized volume group /dev/vg00 Resynchronized volume group /dev/vg01 vxfs fsck: sanity check: root file system OK (mounted read/write) Checking hfs file systems /sbin/fsclean: /dev/vg00/lvol1 (mounted) ok HFS file systems are OK, not running fsck Checking vxfs file systems /dev/vg00/lvol8 : vxfs fsck: sanity check: /dev/vg00/lvol8 needs checking log replay in progress replay complete - marking super-block as CLEAN /dev/vg01/lvol09 : vxfs fsck: sanity check: /dev/vg01/lvol09 needs checking log replay in progress replay complete - marking super-block as CLEAN /dev/vg00/lvol3 : vxfs fsck: sanity check: root file system OK (mounted read/write) /dev/vg00/lvol4 : vxfs fsck: sanity check: /dev/vg00/lvol4 needs checking log replay in progress replay complete - marking super-block as CLEAN /dev/vg00/lvol5 : vxfs fsck: sanity check: /dev/vg00/lvol5 needs checking log replay in progress replay complete - marking super-block as CLEAN /dev/vg00/lvol6 : vxfs fsck: sanity check: /dev/vg00/lvol6 needs checking log replay in progress replay complete - marking super-block as CLEAN /dev/vg00/lvol7 : vxfs fsck: sanity check: /dev/vg00/lvol7 needs checking log replay in progress replay complete - marking super-block as CLEAN (c)Copyright 1983-1997 Hewlett-Packard Co., All Rights Reserved. (c)Copyright 1979, 1980, 1983, 1985-1993 The Regents of the Univ. of California (c)Copyright 1980, 1984, 1986 Novell, Inc. (c)Copyright 1986-1992 Sun Microsystems, Inc. (c)Copyright 1985, 1986, 1988 Massachusetts Institute of Technology (c)Copyright 1989-1993 The Open Software Foundation, Inc. (c)Copyright 1986 Digital Equipment Corp. (c)Copyright 1990 Motorola, Inc. (c)Copyright 1990, 1991, 1992 Cornell University (c)Copyright 1989-1991 The University of Maryland (c)Copyright 1988 Carnegie Mellon University (c)Copyright 1991-1997 Mentat, Inc. (c)Copyright 1996 Morning Star Technologies, Inc. (c)Copyright 1996 Progressive Systems, Inc. (c)Copyright 1997 Isogon Corporation RESTRICTED RIGHTS LEGEND Use, duplication, or disclosure by the U.S. Government is subject to restrictions as set forth in sub-paragraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause in DFARS 252.227-7013. Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304 U.S.A. Rights for non-DOD U.S. Government Departments and Agencies are as set forth in FAR 52.227-19(c)(1,2). /sbin/auto_parms: DHCP access is disabled (see /etc/auto_parms.log) /sbin/rc: failed to read row and column info from screen HP-UX Start-up in progress __________________________ Configure system crash dumps .............................. OK Mount file systems ........................................ OK Update kernel and loadable modules ........................ N/A Initialize loadable modules ............................... N/A Setting hostname .......................................... OK Set privilege group ....................................... N/A Display date .............................................. N/A Save system crash dump if needed .......................... N/A Enable auxiliary swap space ............................... OK Start syncer daemon ....................................... OK Configure HP Fibre Channel interfaces ..................... OK Configure Loopback interfaces (lo0) ....................... OK Start Software Distributor agent daemon ................... OK Configuring all unconfigured software filesets ............ OK Recover editor crash files ................................ OK Clean UUCP ................................................ OK List and/or clear temporary files ......................... N/A Clean up old log files .................................... OK Start system message logging daemon ....................... OK Start pty allocator daemon ................................ OK Start network tracing and logging daemon .................. OK Configure HP Ethernet interfaces .......................... OK Configure HP 100BT interfaces ............................. OK Configure HP SPP 100BT interfaces ......................... N/A Configure LAN interfaces .................................. OK Start name server daemon .................................. N/A Start NFS core subsystem .................................. OK Start NIS+ server subsystem ............................... OK Start NIS+ client subsystem ............................... OK Start NIS server subsystem ................................ OK Start NIS client subsystem ................................ OK Start NFS client subsystem ................................ OK Start the Trusted Mode with Nis+ subsystem ................ N/A Configure pseudo devices for MAC/LLA access ............... OK Start multicast routing daemon ............................ N/A Start Internet services daemon ............................ OK Start dynamic routing daemon .............................. N/A Start router discover protocol daemon ..................... N/A Configuring PPP Interface ................................. OK Start RARP protocol daemon ................................ N/A Start remote system status daemon ......................... N/A Configuring man pages for Internet Services ............... OK Starting mail daemon ...................................... OK Starting outbound connection daemons for DDFA software .... N/A Start SNMP Master Network Management daemon ............... OK Start OSPF MIB Network Management subAgent ................ N/A Start SNMP HP-UNIX Network Management subAgent ............ OK Start SNMP MIB-2 Network Management subAgent .............. OK Start SNMP Trap Dest Network Management subAgent .......... OK Start DCE daemons ......................................... N/A Start RPC daemon if needed ................................ OK Start the Isogon License Server daemon .................... N/A Start remote boot daemon .................................. OK Starting X Font Server at TCP port 7000 ................... OK Start vt daemon ........................................... OK Start time synchronization ................................ N/A Start accounting .......................................... N/A Starting the password/group assist subsystem .............. OK Starting HP Disk Array Manager daemons. ................... OK Starting disk array monitor daemons. ...................... OK Start print spooler ....................................... N/A Starting HP Distributed Print Service ..................... OK Start clock daemon ........................................ OK Support Tools Informational Fileset ....................... OK Start environment monitoring daemon ....................... OK Start auditing subsystem .................................. N/A Start audio server daemon ................................. N/A Start Distributed Single Logical Screen daemon ............ OK SAM System administration configuration ................... OK Reinitialize Software Distributor agent daemon ............ OK Configure HP Fibre Channel Mass Storage interfaces ........ OK Start NFS server subsystem ................................ OK Start X print server(s) ................................... N/A Starting ColdFusion Application Server .................... OK Start CDE login server .................................... OK The system is ready. GenericSysName [HP Release B.11.00] (see /etc/issue) Console Login: *************************10/100 Mb/s LAN/9000 Networking********************@#% Fri May 26 EDT 2000 15:43:26.401827 DISASTER Subsys:BASE100 Loc:00000 <6001> HPCORE 10/100BASE-T driver detected bad cable connection between the adapter in slot 0 and the hub or switch. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ *************************10/100 Mb/s LAN/9000 Networking********************@#% Fri May 26 EDT 2000 17:18:31.401884 DISASTER Subsys:BASE100 Loc:00000 <6001> HPCORE 10/100BASE-T driver detected bad cable connection between the adapter in slot 0 and the hub or switch. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ GenericSysName [HP Release B.11.00] (see /etc/issue) Console Login: root Password: This listing shows a smooth boot; however, there are often boot- related problems you may encounter and you can produce this listing with ^b anytime to review the sequence of events that took place at the time of boot. You can obtain the status of power modules with ps as shown in the following listing: GSP> ps PS Power Monitor Status: Temperature : Normal Over temperature: Enable Power Switch : ON Soft power : Disable Global fan state: Normal System power state: On Power supplies Fan # State Type States ----------------------------------------------------------- 0 Normal 1220 Watt Normal 1 Normal 1220 Watt Normal 2 Not Installed - Normal 3 - - Normal 4 - - Normal 5 - - Normal 6 - - Normal 7 - - Normal GSP Host Name: uninitialized GSP> This shows that we have two power supplies installed and a third is not installed. You can view processor status with ss as shown in the following listing: GSP> ss SS System Processor Status: Monarch Processor: 0 Processor 0 is : Installed and Configured Processor 1 is : Not Installed Processor 2 is : Not Installed Processor 3 is : Installed and Configured GSP Host Name: uninitialized GSP> After you have completed your GSP-related work you can return to console mode from the GSP prompt simply by issuing co , as shown in the following listing: GSP> co CO Leaving Guardian Service Processor Command Interface and entering Console mode. Type Ctrl-B to reactivate the GSP Command Interface. GenericSysName [HP Release B.11.00] (see /etc/issue) Console Login: Anytime that you are on the console, you can issue ^b and get access to GSP to issue any GSP commands and then get back to console mode with co . Table 1-4 is a list of GSP commands available on an rp7400 system at the time of this writing. Although an rp54xx system was used in the examples in this chapter, the GSP commands for platforms are similar. Keep in mind the GSP commands for your system may be somewhat different from those listed. GSP is updated occassionally, so the list for the rp7400 may also be somewhat different from that shown in Table 1-4. Table 1-4. List of GSP Commands for rp7400
|