SunRay : Configuration

De OpenWikiBSD
Aller à : navigation, rechercher

Configuration globale

  • http://@IP:1660
  • Onglet Paramètres avancés
  • Stratégie du système
  • Activez le mode kiosque pour les utilisateurs de carte
  • Onglet Paramètres avancés
  • Mode kiosque
  • Editez et coller dans arguments -s @IP windows
  • Redémarrez les services SRSS
  • Insérez une smartCard dans le DTU
  • Allez dans l'onglet Jetons modifiez les pramètres de la carte (proprio et surtout Mode= kiosque)
  • Validez
  • Ressortez et réinserez la carte!

Howtos

Ajouter à un FOG (Groupe de basculement, FailOverGroup)

Lors de l'install :

Configure this server for a failover group? (y/[n])? y

..

You have chosen to configure this server for a failover group.

All servers in a failover group must share a unique signature, 
which is a string of 8 or more characters where at least two 
characters are letters and at least one is not.
 
Enter signature: 

Puis sur le premier serveur:

  • Ajouter un FOG :
/opt/SUNWut/sbin/utgroupsig 
Enter signature: 
Re-enter signature: 
  • Sur le secondaire :
/opt/SUNWut/sbin/utreplica -s primaire

Sun Ray Core Services 4.2
Administration Failover Configuration

Converting Administration Standalone Server to Administration Secondary
Stopping Sun Ray Data Store daemon
Sun Ray Data Store daemon stopped
### updating the Datastore init file
        ...already configured with port 7012
### updating the SRDS config file
        ...done
### updating the system services file
        ...done
### updating the SunRay admin config file
        ...done
Starting Sun Ray Data Store daemon .
Thu Oct  8 17:36 : utdsd starting

Restarting Sun Ray Core Services ...
stopping authentication manager
starting session manager
starting device manager
starting printer service
starting serial service
starting authentication manager

Configuration of Failover Administration has completed.
Please check the log file, /var/adm/log/utreplica.2009_10_08_17:36:58.log, for errors.

/opt/SUNWut/sbin/utadm -L on
### Turning on Sun Ray LAN connection

NOTE: utrestart must be run before LAN connections will be allowed

/opt/SUNWut/sbin/utrestart
A warm restart has been initiated... messages will be logged to /var/opt/SUNWut/log/messages.

  • Sur le primaire :
/opt/SUNWut/sbin/utreplica -p -a secondaire

Sun Ray Core Services 4.1
Administration Failover Configuration

Converting Administration Standalone Server to Administration Primary
thales.lyceenobel.org: Connexion refusée
utreplica: Warning, Unable to determine the replication status of secondary
 server thales. It's possible that the secondary server is not yet configured.

Do you want to continue with configuration of this server as a primary? (y/[n])? y
### updating the SRDS config file
        ...done
Stopping Sun Ray Data Store daemon
Sun Ray Data Store daemon stopped
Starting Sun Ray Data Store daemon .
Thu Oct  8 17:44 : utdsd starting
Starting utpushd daemon

Restarting Sun Ray Core Services ...
stopping authentication manager
starting session manager
starting device manager
starting printer service
starting serial service
starting authentication manager

Configuration of Failover Administration has completed.
Please check the log file, /var/adm/log/utreplica.2009_10_08_17:43:36.log, for errors.

  • On vérifie que tout est OK :
 /opt/SUNWut/sbin/utreplica -l

Sun Ray Core Services 4.2
Administration Failover Configuration

thales is a secondary server
The primary server is: solaris
/opt/SUNWut/sbin/utreplica -l

Sun Ray Core Services 4.1
Administration Failover Configuration

solaris is a primary server for:
thales

Migrer un serveur SRSS

Il est beaucoup plus simple de faire la migration avec le primaire vivant....

Primaire est vivant

Primaire est mort

/opt/SUNWut/srds/lib/utldbmcat /var/opt/SUNWut/srds/dbm.ut/id2entry.dbb > /tmp/store


Regarder les deux docs suivants pour savoir comment faire si le primaire est HS !

Doc de migration/Nettoyage

Autre doc plus généraliste


  • Ajouter le nouveau au FOG en tant que secondaire
  • Mettre le secondaire en primaire et le primaire en secondaire

  • Débrancher l'ancien (voire l'éteindre proprement avant, on ne sait jamais....)
  • Sortir le nouveau du réplicat
/opt/SUNWut/sbin/utreplica -u
Sun Ray Core Services 4.2
Administration Failover Configuration

Converting Server from Administration Secondary to Administration Standalone

Restarting Sun Ray Data Store ...
Stopping Sun Ray Data Store daemon
Sun Ray Data Store daemon stopped
Starting Sun Ray Data Store daemon .
Tue Nov 17 13:17 : utdsd starting

Restarting Sun Ray Core Services ...
stopping authentication manager
starting session manager
starting device manager
starting printer service
starting serial service
starting authentication manager

Unconfiguration of Administration Failover has completed.

Please run /opt/SUNWut/sbin/utconfig -u to complete the process of converting it to a standalone server.
Please check the log file, /var/adm/log/utreplica.2009_11_17_13:17:28.log, for errors.

# /opt/SUNWut/sbin/utreplica -l

Sun Ray Core Services 4.2
Administration Failover Configuration

No replica context for this server

FOG BugTracking

  • La redondance ne fonctionne pas
Thales utreader [PID]: [ID XXX user.info] open_connection(): Could not bind to DS server Thales - Invalid credentials
  • Explication :
    • Les mdp d'admin LDAP sont différents entre le primaire et le secondaire :
  • Solution :
/opt/SUNWut/sbin/utpw 
Enter new UT admin password: 
Re-enter new UT admin password: 
Enter old UT admin password: 

Changing LDAP password...
Done.
Changing password file...
Done.

Note: If this server is part of a failover 
      configuration, please run utpw on the 
      remaining servers.
  • La redondance ne fonctionne toujours pas
  • Explication possible :
    • Les politiques sont différentes entre le primaire et le secondaire :
  • Solution :
/opt/SUNWut/sbin/utpolicy -a -r card -z pseudo -g

The authentication manager must be restarted for changes to take effect. 
If a significant policy change has been made then a cold restart must be
initiated with the following command, note that all existing sessions 
will be terminated:

        /opt/SUNWut/sbin/utrestart -c

If a minor policy change was made then it is not necessary to terminate 
existing sessions and a warm restart is sufficient by executing the 
following command:

        /opt/SUNWut/sbin/utrestart

    • Seule le restart cold a marché (avé le -c)


Debug

Si vos logs se remplissent de

May  3 14:59:54 solaris utauthd: [ID 874716 user.info] WatchIO UNEXPECTED: 172.16.197.252 protocolError: networkNotAllowed
May  3 14:59:54 solaris utauthd: [ID 303596 user.info] WatchIO UNEXPECTED: WatchIO.doRemove(null)
May  3 14:59:58 solaris utauthd: [ID 493148 user.info] WatchIO UNEXPECTED: Connection from 172.16.198.254 is not allowed
May  3 14:59:58 solaris utauthd: [ID 215981 user.info] WatchIO UNEXPECTED: 172.16.198.254 protocolError: networkNotAllowed
May  3 14:59:58 solaris utauthd: [ID 303596 user.info] WatchIO UNEXPECTED: WatchIO.doRemove(null)

Vous avez un souci de connexion, dont la cause m'est ...inconnue

  • Solution :

Sur le master :

/opt/SUNWut/sbin/utadm -r

/opt/SUNWut/sbin/utadm -A 172.16.0.0
### Configuring /etc/nsswitch.conf
### Configuring Service information for Sun Ray
### Disabling Routing
  Selected values for subnetwork "172.16.0.0" 
    net mask:           255.255.0.0
    no IP addresses offered
    auth server list:   172.16.0.8
    firmware server:    172.16.0.8
  Accept as is? ([Y]/N): n
  netmask: 255.255.0.0 (cannot be changed - system defined netmask)
  Do you want to offer IP addresses for this subnet? (Y/[N]): 
  auth server list:     172.16.0.8
To read auth server list from file, enter file name: 
Auth server IP address (enter <CR> to end list): 172.16.0.8
Auth server IP address (enter <CR> to end list): 
If no server in the auth server list responds, 
should an auth server be located by broadcasting on the network? ([Y]/N): 
  new firmware server: [172.16.0.8] 172.16.0.9
  Selected values for subnetwork "172.16.0.0" 
    net mask:           255.255.0.0
    no IP addresses offered
    auth server list:   172.16.0.8
    firmware server:    172.16.0.9
  Accept as is? ([Y]/N): 
### Configuring firmware version for Sun Ray
        All the units served by "solaris" on the 172.16.0.0
        network interface, running firmware other than version
        "4.1_50_2008.09.25.12.37" will be upgraded at their next power-on.

### Configuring Sun Ray Logging Functions
### Turning on Sun Ray LAN connection

NOTE: utrestart must be run before LAN connections will be allowed

DHCP is not currently running, should I start it? ([Y]/N): n

#### DHCP daemon not started.  You will need to manually start one
using "/etc/init.d/dhcp start".

# /opt/SUNWut/sbin/utrestart
A warm restart has been initiated... messages will be logged to /var/opt/SUNWut/log/messages.
# /opt/SUNWut/sbin/utadm -l
LAN connections: On
Subnetwork: 172.16.0.0
        Netmask=        255.255.0.0
        AuthSrvr=       172.16.0.8
        AltAuth=        172.16.0.8 255.255.255.255 
        FirmwareSrvr=   172.16.0.9


Sur le Slave :

/opt/SUNWut/sbin/utadm -r
### Removing Sun Ray information for subnetwork "172.16.0.0"
# /opt/SUNWut/sbin/utadm -A 172.16.0.0
### Configuring /etc/nsswitch.conf
### Configuring Service information for Sun Ray
  Selected values for subnetwork "172.16.0.0" 
    net mask:           255.255.0.0
    no IP addresses offered
    auth server list:   172.16.0.9
    firmware server:    172.16.0.9
  Accept as is? ([Y]/N): n
  netmask: 255.255.0.0 (cannot be changed - system defined netmask)
  Do you want to offer IP addresses for this subnet? (Y/[N]): 
  auth server list:     172.16.0.9
To read auth server list from file, enter file name: 
Auth server IP address (enter <CR> to end list): 172.16.0.8
Auth server IP address (enter <CR> to end list): 
If no server in the auth server list responds, 
should an auth server be located by broadcasting on the network? ([Y]/N): 
  new firmware server: [172.16.0.9] 
  Selected values for subnetwork "172.16.0.0" 
    net mask:           255.255.0.0
    no IP addresses offered
    auth server list:   172.16.0.8
    firmware server:    172.16.0.9
  Accept as is? ([Y]/N): 
### Configuring firmware version for Sun Ray
        All the units served by "Thales" on the 172.16.0.0
        network interface, running firmware other than version
        "4.2_49_2009.08.27.18.08" will be upgraded at their next power-on.

### Configuring Sun Ray Logging Functions
### Turning on Sun Ray LAN connection

NOTE: utrestart must be run before LAN connections will be allowed
/opt/SUNWut/sbin/utadm -L on
### Turning on Sun Ray LAN connection

NOTE: utrestart must be run before LAN connections will be allowed

 /opt/SUNWut/sbin/utrestart
A warm restart has been initiated... messages will be logged to /var/opt/SUNWut/log/messages.
/opt/SUNWut/sbin/utadm -l
LAN connections: On
Use IPv4 multicast
Subnetwork: 172.16.0.0
        Netmask=        255.255.0.0
        AuthSrvr=       172.16.0.8
        AltAuth=        172.16.0.8 255.255.255.255 
        FirmwareSrvr=   172.16.0.9
        NewTver=        4.2_49_2009.08.27.18.08


Accessoirement le master n'a que faire de gérer des sessions SRSS

/opt/SUNWut/sbin/utadm -L off
/opt/SUNWut/sbin/utrestart