|
|
Global options can be used with all Cli commands in SDM. Those options are used for setting the general behaviour of the CLI.
Some of Cli commands are using table ouput for presenting the results of executed operation. This output can be customized by the following options:
The Admin User List contains the name of the users which have admin privileges on the system. The following commands manages this list:
sdmadm add_admin_user|aau <-au username>
Command description: Adds an admin user to the admin user list
% sdmadm -s mySystem aau -au testuser
Admin user "testuser" added
sdmadm remove_admin_user|rau <-au username>
Command description: Removes an admin user from the admin user list
% sdmadm -s mySystem rau -au testuser
Admin user "testuser" removed
sdmadm show_admin_users|sau
Command description: Show the list of admin users
% sdmadm -s mySystem sau
admin_user
----------
testuser
root
Following commands are used for creating/renewing the certificates for users and daemons (JVMs).
sdmadm add_admin_user_cert|aaucrt <-au username> <-au username> <-cu user_common_name> <-e user_email>
Command description: For passwordless authentication a user needs a valid certificate and private keys in the certificate authority of the sdm system. With this command the certificate and private key of a user is created. The update_keystore command can be used to distribute the keystore onto a remote host.
% sdmadm -s mySystem aaucrt -au testuser -cn user -e user@test.com
Private key and certificate for user, testuser, succesfully created
Note: As a result of execution of this command the certificate is generated. The certificate can be found in the following location: <sdm_local_spool_directory>/security/ca/ca_top/usercerts/<username>/ To install the generated certificate and keystore on host the sdmadm update_keystore command should be used Section 2.3.2.2.3, “Update keystores for the user or daemon on the host ”.
sdmadm add_daemon_cert|adcrt <-j jvmname>
Command description: This command the certificate and private key of a daemon is created. The get_keystore command can be used to distribute the keystore onto a remote host.
% sdmadm -s mySystem adcrt -j r_vm
Private key and certificate for daemon, r_vm, succesfully created
Note: As a result of execution of this command the certificate is generated. The certificate can be found in the following location: <sdm_local_spool_directory>/security/ca/ca_local_top/daemons/<jvmname>/ To install the generated certificate and keystore on host the sdmadm update_keystore command should be used Section 2.3.2.2.3, “Update keystores for the user or daemon on the host ”. This command updates keystores for users of SDM system or deamons (JVMs).
sdmadm update_keystore|uk <-t type> <-n name> <-f file> <-p> <-hex>
Command description: This commands asks the CA component of the grm system for a keystore of a user or a daemon. In the Hedeby system a user name is the unix name of an admin user and the deamon name is the name of a JVM. If the -f option is not specified user keystores are stored in <local_spool>/security/users/<username>.keystore and daemon keystores are stored in <local_spool>/security/<daemons>/<daemonname>.keystore.
% sdmadm -s mySystem uk -t daemon -n r_vm
The specified keystore has been exported to the file
/var/tmp/mySystem/security/daemons/r_vm.keystore
This command is used to renew certificate for a user or daemon for given number of days.
sdmadm renew_cert|rncrt <-t type> <-n name> <-days days>
Command description: With this command a certifcate of a user, daemon or the CA can be renewed. In the Hedeby system a user name is the unix name of an admin user and the deamon name is the name of a JVM. If num_days is a negative number the certificate will be revoked.
% sdmadm -s mySystem rncrt -t daemon -n rp_vm -days 30
The certificate has been renewed
This command is used to print certificate of a user or daemon.
sdmadm show_cert|scrt <-t type> <-n name>
Command description: Show the certificate of a user or a daemon. In the Hedeby system a user name is the unix name of an admin user and the deamon name is the name of a JVM. Needs global option -system
% sdmadm -s mySystem scrt -t daemon -n rp_vm
[
[
Version: V3
Subject: EMAILADDRESS=root@ge5, UID=grm_daemon_root, CN=rp_vm, OU=as, O=as, L=as, ST=as, C=AS
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: SunPKCS11-Solaris RSA public key, 1024 bits (id 16651232, session object)
modulus: 137325738019350309938182504217265967870824148783876468342304406047525690600129818469994105549002117612012904001145292230517841763060407780721010896381750325202464606496936156818066020426515976327116434615706204988304339675217611586478408943263161576453399498006252545501839209835509398611495237555694413452711
public exponent: 65537
Validity: [From: Wed Jan 30 11:41:57 CET 2008,
To: Fri Feb 29 11:41:57 CET 2008]
Issuer: EMAILADDRESS=as, UID=CA, CN=SGE Certificate Authority, OU=as, O=as, L=as, ST=as, C=AS
SerialNumber: [ 09]
Certificate Extensions: 4
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene
0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat
0020: 65 e
[2]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C4 DB 35 CF F6 36 5B A4 1B A7 58 CB 58 35 7C 09 ..5..6[...X.X5..
0010: E0 8F 66 DC ..f.
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 6E D1 42 8A B7 19 B8 40 51 D5 64 45 AA DD 6C 60 n.B....@Q.dE..l`
0010: 8D 6F A9 39 .o.9
]
[EMAILADDRESS=as, UID=CA, CN=SGE Certificate Authority, OU=as, O=as, L=as, ST=as, C=AS]
SerialNumber: [ c17785b0 7557cad5]
]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
]
Algorithm: [MD5withRSA]
Signature:
0000: 0C BF 6E F7 A1 C9 CB 84 5C 25 E9 DE 6F 0C 6D 97 ..n.....\%..o.m.
0010: 11 5C D0 1E 37 3B C3 EF 34 08 D6 FA 6C 2B 41 2F .\..7;..4...l+A/
0020: 5C 55 16 FC 25 2D 4A 57 9D D5 BE 7D 78 5F 39 6F \U..%-JW....x_9o
0030: 8F 70 FE E3 9A 2E 1B F9 BA 5C 70 73 AC 0C 47 3B .p.......\ps..G;
0040: 4C 62 B6 44 FB A3 B7 D9 B4 75 DC 2B 12 FF C1 42 Lb.D.....u.+...B
0050: BE 36 3F BC 72 DB 08 6D 2B E0 D4 FE 0F 26 FE 9E .6?.r..m+....&..
0060: D1 79 99 C0 26 DF 4D FF 86 54 F7 46 CD 3A A7 27 .y..&.M..T.F.:.'
0070: 8D F0 80 97 64 8C 41 B7 CD D2 55 94 49 DB A8 C7 ....d.A...U.I...
]
This command is used to update CA certificate on local host.
sdmadm update_ca_cert|uccrt
Command description: The update_ca_cert is useful of the CA certificate of a Hedeby system has been renewed. Normally during the installation of a managed host a copy of the CA certificate is stored in the local spool directory. If the CA certificate has been renewed this copy in not longer valid. This command gets the renewed certificate and stores in the local spool dir. The user is asked if the new certificate is trusted.
% sdmadm -s mySystem uccrt
CA certificate updated in /var/tmp/mySystem/security/ca/ca_top/cacert.pem
If the resource is not usable the service sends resource provider a message. The RP sets the state of the resource to UNASSIGNED. The RP stores in it's internal storage that the resource is not usable for this service (Blacklist). Command sdmadm show_blacklist will print out the resources that, are not usable for services. Usage:
smdadm show_blacklist | sb [-s service_name]
Command description: This command allows to monitor resource ids that are ignored by a service(s). It can be specified whether the list of such resource ids is shown for a specified service or for each service service. If blacklist for specified service only should be shown, use -s option and specify service name. Example:
% sdmadm show_blacklist
service resource id
--------------------------
spare_pool foo3
spare_pool2 foo5
% sdmadm sb -s spare_pool
service resource id
--------------------------
spare_pool foo3
This command print out all the configuration, that are installed on the system. By configurations, we meant instances of SDM. Usage:
smdadm show_bootstrap_configs | sbc [-auto] [-nossl] [-names] [-all]
Command description: The command will show the bootstrap configurations of the systems that are defined. The command is looking for bootstrap configurations defined in system and/or user preferences depending on the -prefs switch. Example:
% sdmadm show_bootstrap_config -all
system type host port properties version
-----------------------------------------
some USER foo3 31123 0.1
spool=/var/spool/sdm/some
dist=/opt/sdm
This command print out all the components on JVM on the given hosts. The component type and actual state of the components is also printed. Usage:
smdadm show_component | sc
Command description: The command will show status of all system components. The output is grouped by system, host and JVM. Example:
% sdmadm sc
host jvm component type state
----------------------------------------------------------------
foo executor_vm ca Other STARTED
executor Executor STARTED
rp_vm reporter Other STARTED
resource_provider ResourceProvider STARTED
spare_pool Service STARTED
GEAdpater automatically updates the properties of the assigned host resource. With the "Complex to Resource Property Mapping" the administrator can define what complex values are used. After the installation of the first Grid Engine Service the default mapping is installed. It can be displayed with the sdmadm show_ge_complex_mapping command. Usage:
smdadm show_ge_complex_mapping | sgcm [-match match_name] [-output names|xml|table]
Command description: This command prints out the available complex \ mapping for Grid Engine services Example:
% sdmadm show_ge_complex_mapping
name complex complex value resource property resource value
--------------------------------------------------------------------
default hardwareCpuArchitecture amd64
ia64
sparcv9
x86
operatingSystemName Linux
Solaris
Windows
operatingSystemRelease 24
26
This command print out all the components on JVM on the given hosts. The component type and actual state of the components is also printed. Usage:
smdadm show_module | sm Command description: Show all available modules in the system Example:
% sdmadm show_module
module version vendor
-------------------------------------------
gridengine-adapter 1.0 Sun Microsystems
security 1.0 Sun Microsystems
This command print out all the information that were stored by Reporter component. More information about Reporter component you can find here Section 2.4.3.2, “Reporter” or to Section 1.1.4, “Reporter”. Usage:
smdadm show_history | shist [-sd date_string] [-ed date_string] [-r resource] [-s service] [-t event_type] [-f advanced_filter]
Command description: Gets the data stored by reporter component. This command allows to monitor the system. You can specify the exact resource name or service name or just event type or combine them together. By specifing service name you will see all messages that were sent by this service. By specifing the resource name you will se all the messages related to this resource. You can also look for messages with the event type. Additionally you can define a reporter filter expression with the -f switch, regular expressions are allowed here. If you don't specify anything all messageses in the system will be printed. Using -sd (start date) and -ed (end date) switches you can specify exact date and get only the messages that were sent in the given time period. Example: sdmadm shist -sd 12:03 -ed 12:06 -f 'service=\"spare_pool\" && resource=\"foo\"' It will print out all the messages that are related to service with the name "spare_pool", resource with the name "foo" and the time period between 12:03 and 12:06 of present day. Output example:
% sdmadm show_history
time_stamp type service_name resource_id description
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
16/01/2008 11:28:07.888 SERVICE_ADDED spare_pool Service [spare_pool] has been added.
16/01/2008 11:28:08.073 CS_OBJECT_ADDED cs Configuration object [resource_provider@foo] was added under [active_component] context to the CS.
16/01/2008 11:28:08.303 CS_OBJECT_ADDED cs Configuration object [reporter@foo] was added under [active_component] context to the CS.
16/01/2008 11:28:34.855 RESOURCE_ADD resource_provider foo@resource_provider Resource is going to be added to temporary storage
16/01/2008 11:28:34.869 RESOURCE_ADDED resource_provider foo@resource_provider Resource has been added to temporary storage
16/01/2008 11:28:34.878 RESOURCE_ADD resource_provider foo@spare_pool Resource is going to be added to temporary storage
16/01/2008 11:28:34.887 RESOURCE_ADDED resource_provider foo@spare_pool Resource has been added to temporary storage
16/01/2008 11:28:35.092 RESOURCE_ADD spare_pool foo Resource [foo] is going to be added to spare pool service [spare_pool].
16/01/2008 11:28:35.122 RESOURCE_ADDED spare_pool foo Resource [foo] has been added to spare pool service [spare_pool].
16/01/2008 11:28:35.129 RESOURCE_REQUEST spare_pool Service [spare_pool] sent resource request that was triggered by [PermanentRequestSLO] SLO.
16/01/2008 11:28:35.135 RESOURCE_REMOVE resource_provider foo@resource_provider Resource is going to be removed from temporary storage
16/01/2008 11:28:35.136 RESOURCE_REMOVED resource_provider foo@resource_provider Resource has been removed from temporary storage
16/01/2008 11:28:35.172 RESOURCE_PROPERTIES_CHANGED resource_provider foo@spare_pool Resource in temporary storage has been updated
16/01/2008 11:28:35.173 RESOURCE_REMOVE resource_provider foo@spare_pool Resource is going to be removed from temporary storage
RESOURCE_REMOVED resource_provider foo@spare_pool Resource has been removed from temporary storage
16/01/2008 11:28:35.174 REQUEST_QUEUED spare_pool Request queued in resource provider.
REQUEST_PROCESS spare_pool Request is being processed in resource provider.
16/01/2008 11:28:35.175 REQUEST_PENDING spare_pool Request is pending in resource provider to be processed.
REQUEST_PROCESSED spare_pool Request was processed by resource provider.
16/01/2008 11:28:35.199 RESOURCE_PROPERTIES_CHANGED spare_pool foo Resource [foo] has been modified in spare pool service [spare_pool].
16/01/2008 11:28:35.201 REQUEST_QUEUED spare_pool Request queued in resource provider.
16/01/2008 11:28:35.202 REQUEST_PROCESS spare_pool Request is being processed in resource provider.
16/01/2008 11:28:35.203 REQUEST_PENDING spare_pool Request is pending in resource provider to be processed.
16/01/2008 11:28:35.204 REQUEST_PROCESSED spare_pool Request was processed by resource provider.
16/01/2008 11:28:35.225 REQUEST_QUEUED spare_pool Request queued in resource provider.
16/01/2008 11:28:35.226 REQUEST_PROCESS spare_pool Request is being processed in resource provider.
16/01/2008 11:28:35.227 REQUEST_PENDING spare_pool Request is pending in resource provider to be processed.
REQUEST_PROCESSED spare_pool Request was processed by resource provider.
This command print out all the JVM that are running in the system along with their status. Usage:
smdadm show_jvm | sj [-j jvm_name] [-h host_name]
Command description: Show runninng Jvms in Hedeby System. There could be Jvms which dont have running components and this command will show them. Example:
% sdmadm show_jvm
name host state
------------------------
cs_vm foo STARTED
executor_vm foo STARTED
rp_vm foo STARTED
This command print out all the resources that are recognizable by the system. Usage:
smdadm show_resource | sr [-all] [-cached] [-r resource_id] [-s service] [-rf resource_filter] [-se] [-o res_ids|table]
Command description: This command allows to monitor resource(s) state(s) in the system. You can specify the exact resource name that you want to check the status. By specifying service name you will see all resource states for the given service. If you don't specify anything all resources in the system will be printed. If you want to see full description of resource like type, annotation and its properties use -all option. If you want to see information about the cached resources, use -c option. Example:
% sdmadm sr -all -rf 'hardwareCpuCount > 2'
service id state type flags usage annotation
-------------------------------------------------------------------------------------------------
resource_provider foo@spare33 INPROCESS host 1
resourceHostname=foo
hardwareCpuCount=4
resourceIPAddress=xx.xx.xxx.xx
spare3 foo ASSIGNED host A 1 Resource is used by two or more services
resourceHostname=foo
hardwareCpuCount=4
resourceIPAddress=xx.xx.xxx.xx
spare33 n/a n/a n/a n/a n/a n/a
Move all not static resourcs of a service into spare_pool:
% sdmadm mvr -r `sdmadm sr -s sge1 -rf 'static = false' -o res_ids` -s spare_pool
resource message
-----------------------------------------------
foo Resource move triggered
foo1 Resource move triggered
Shows information about all known resource types of a SDM system. Usage:
show_resource_types | srt The exit value of this command is always 0. The exit value may change in future (once the definition of resource types is stored in configuration service). With SDM version 1.0 only the host resource type is supported. For future releases it is planned that users can modify the resource types. Command description: Shows all known resource types and its predefined resource property type in a table. Example:
% sdmadm srt
name property flags type
---------------------------------------------
host ambiguous M Boolean
annotation String
hardwareCpuArchitecture String
hardwareCpuCount Integer
hardwareCpuFrequency String
operatingSystemName String
operatingSystemPatchlevel String
operatingSystemRelease String
operatingSystemVendor String
resourceHostname Hostname
resourceIPAddress String
static M Boolean
usage M Usage
Show registered resource requests at Resource Provider. Usage:
smdadm show_resource_request | srr [-all] [-pp] [-pq] [-s service_name] [-slo slo_name]
Command description: This command allows to monitor request(s) that are registered by Resource Provider. It can be specified whether the queued (waiting to be processed) or pending (already processed, waiting to be queued). If no type filter (or both of them) are specfied, requests of both types are printed. If full description of request type is needed, use -all option. Example:
% sdmadm srr -all
type service slo urgency quantity
--------------------------------------
pending spare55 null 49 1
annotation=
type=host
usage=1
ambiguous=false
static=false
spare557 null 49 1
annotation=
type=host
usage=1
ambiguous=false
static=false
This command print out all the services registered in the system along with their component and service status. Usage:
smdadm show_service | ss Command description: The command will show services managed by system. Example:
% sdmadm show_service
host service cstate sstate
-------------------------------
foo spare3 STARTED RUNNING
spare33 STARTED RUNNING
spare55 STARTED RUNNING
spare557 STARTED RUNNING
spare_pool STARTED RUNNING
This command print out all the current slos that services have with their decription. Right now we have following SLO:
Usage:
smdadm show_slo | sslo [-s service_name] [-u]
Command description: The command print information about SLOs of services. Example:
% sdmadm -s hhe3 show_slo
service slo quantity urgency request
--------------------------------------------------------------------------------------------------
spare_pool PermanentRequestSLO 1 1 host->[]
Show all installed smf services for this system. Command will print error message if SMF is not supported on host. Usage:
smdadm show_smf_support | ssmf Command description: Show all installed smf services for this system. Command will print message if SMF is not supported on host. Example:
% sdmadm ssmf
jvm name service name
------------------------------------------------------------------
cs_vm svc:/application/management/sdm/smfnew/cs_vm:default
executor_vm svc:/application/management/sdm/smfnew/jvm:executor_vm
rp_vm svc:/application/management/sdm/smfnew/jvm:rp_vm
This command will add a bootstrap config of the new the system. This configuration can be stored on the host which is neither master nor managed host. Security doesnt have to be bootstraped. User can use user/password authentication. Usage:
smdadm add_bootstrap_config | abc -cs host:port [-l local_spool] [-d dist_dir]
Command description: This command adds the entries for a Hedeby system bootstrap configuration into the user or system preferences. This command requires the global -s and -p options. Example:
% sdmadm -p USER -s test abc -cs foo:45321
Using default local spool directory: /var/spool/sdm/test
Using default distribution directory: /net/foo.foo/SGE_ROOT
A configuration for system, "test", has been added
With this command you can add your own resource mappings to adjust them to SDM properties. After executing this command VI editor will show up with the xml template of the file, You can adjust it to your needs. Usage:
smdadm add_ge_complex_mapping | agcm [-t mapping_name] [-f file_name] -m mapping_name
Command description: Grid Engine services needs a mapping for building the resource properties of autodiscovered exec daemons. With this command a new mapping for complex values can be added. Example:
% sdmadm -s test agcm new_mapping
With this command you can install managed host. CAUTION to install it properly you must specify security global option. Keystore and cacert or -ppw to be prompt for user/password authentication. Usage:
smdadm (-keystore keystore_file -cacert cacert_file | -ppw)
install_managed_host|imgdh
[-autostart] [-nossl] -au admin_user -cs_url cs_url
[-l local_spool_dir] [-d dist_dir]
Command description: This command is used to install the Hedeby managed host components on the local host. Example:
% sdmadm -k <username.keystore path> -cc <cacert.pem path> -s test -p USER imsth -au user_name -cs_url foo:4546
With this command you can install master host. With the master installation there will be 3 JVMs installed: cs_vm which is JVM with the Configuration Service running on it, executor_vm with the executor component on it and rp_vm with the Resource Provider, Reporter and Spare Pool component on it. Usage:
install_master_host|imsth [-autostart] [-nossl] -au admin_user
-ca_admin_mail mail_adress -ca_country country -ca_location location -ca_org organization
-ca_org_unit unit -ca_state state -cs_port port [-l local_spool_dir] -sge_root sge_root
[-d dist_dir] [-al] [-nost]
Command description: This command is used to install the Hedeby master host components on the local host. Example:
% sdmadm -s test -p USER imsth -au johndoe
-ca_admin_mail johndoe@foo.com -ca_country US -ca_location Nevada -ca_org SUN
-ca_org_unit GE -ca_state ok -cs_port 23456 -sge_root <SGE_ROOT_DIR>
This command allow modyfing of the component configuration. After executing this command VI editor will show up with the xml template of the file, You can adjust it to your needs. Usage:
mod_component|mc -c component_name
Command description: This command opens the Component configuration in an editor. Example:
% sdmadm -s test mc -c reporter
This command allow modyfing of the ge complex mapping. After executing this command VI editor will show up with the xml template of the file, You can adjust it to your needs. Usage:
mod_ge_complex_mapping|mgcm -m mapping_name
Command description: Grid Engine services needs a mapping for building the resource properties of autodiscovered exec daemons. With this command a existing mapping for complex values can be modified. Example:
% sdmadm -s test mgcm -m default
This command allow modyfing of the system global configuration. After executing this command VI editor will show up with the xml template of the file, You can adjust it to your needs. Usage: mod_global_config | mgc Command description: This command opens the global configuration in an editor. Example:
% sdmadm -s test mgc
|