HPE Community
Operating System - HP-UX
1825864 Members
3079 Online
109689 Solutions
New Discussion

Re: sd install problem

 
catastro
Super Advisor

‎02-11-2008 02:24 AM

‎02-11-2008 02:24 AM

sd install problem

Hi, I have a depot server and I am running on it sd. I try to install some software from my depot server to another server, and a new window prompt and tells me that I do not have permissions and that I have to check swacl.
I already performed an stop / start of swagentd and I opened the ports range in my firewall (port 2121, 135 and 19100 - 19150; I only allow swagent to open this ones that I specified in /etc/rc.config.d/swagent).
When I perform a swinstall from my server to the depot server, I can access the software and install and all goes ok.
I have other servers that I can do this, and the swacl output is different, could be this one the issue? Can anyone tells me how to change the swacl permissions as in the man page I do not see anything clear...
0 Kudos
4 REPLIES 4
Steven E. Protter
Exalted Contributor

‎02-11-2008 04:22 AM

‎02-11-2008 04:22 AM

Re: sd install problem

Shalom,

Remote swinstall requires NFS ports be opened up between the sd/ux server and client.

This means 2049 and a possible range above 16000.

NFS v4 permits you to configure the service to limit port ranges. It is I believe only available on HP-UX 11.31.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
catastro
Super Advisor

‎02-11-2008 06:27 AM

‎02-11-2008 06:27 AM

Re: sd install problem

Hi Steven.
Thanks for the replay. I opened the ports in my firewall and still tells me the same things. My swacl output is this one:

madrid:/root#swacl -l root
#
# swacl Installed Software Access Control List
#
# For host: madrid:/
#
# Date: Lun, 11 Feb 2008 15:22:14
#

# Object Ownership: User= root
# Group=sys
# Realm=madrid.madrid.catastro.minhac.es
#
# default_realm=madrid.madrid.catastro.minhac.es
object_owner:crwit
any_other:-r---

but I guess I should have an entry as well for my depot server (this is the local server where I am trying to install in). How can I modify the acl files and which ones?
0 Kudos
Ivan Krastev
Honored Contributor

‎02-11-2008 07:28 AM

‎02-11-2008 07:28 AM

Re: sd install problem

Check ports TCP/2121 and 2200-2299.
If you can list depots pnly, but can not install check ports 2200-2299.


regards,
ivan
0 Kudos
catastro
Super Advisor

‎02-11-2008 08:33 AM

‎02-11-2008 08:33 AM

Re: sd install problem

I founded a solution for this issue. I had to open these ports on my firewall:

- 135 TCP / UDP
- 2121 TCP / UDP
- 2049 TCP / UDP
- 19100 – 19150 TCP / UDP

It has to be in boths directions in order to the reply of the destination not be stopped by the firewall.
In the servers I had to modify the file
/etc/rc.config.d/swconfig and leave it as follows:

# swconfig
#
# Set environment variables for use by SD and by SD child processes
# at the system startup.
########

########
# SW_DEFERRED_KERNBLD
#
# TRUE: The system's kernel must be built as part of the startup.
# That includes the system file extraction and possible stripping.
# Once the kernel build succeeds, this variable needs to be unset.
#
# : Bypass all kernel build steps.
#
# Default value is unset.

SW_DEFERRED_KERNBLD=

########
# SW_ENABLE_SWAGENTD
#
# 1: Enable the swagentd daemon.
#
# 0: Disable the swagentd daemon.
#
# Default value is 1.

SW_ENABLE_SWAGENTD=1

RPC_RESTRICTED_PORTS=ncacn_ip_tcp[135-135,19100-19150]:ncadg_ip_udp[135-135,1910
0-19150]
export RPC_RESTRICTED_PORTS

And in the detination I had to execute this commands:

swacl -l root -M user:root@:a
swacl -l host -M user:root@:a

Then, I executed this commands:

- /sbin/init.d/swagentd stop
- /sbin/init.d/swagentd start

After all this, I can install in both ways, from my depot server to the destination and from my destination choosing the software is in my depot server.
Thanks for your help.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.