Web Administration package for
* © Copyright International Business
Machines Corp. 2004,2013
* All Rights Reserved
* Licensed Material - Property of
*
* US Government Users Restricted Rights
- Use, duplication or
* disclosure restricted by GSA
Table of Contents
-----------------
0. Third-party
license terms and conditions, notices, and information
1. About this release
1.1 Package compatibility
1.2 Package configuration requirements
1.2.2 Package dependencies
2.0 Installation process
2.1 Configuration process
3. Uninstall information
4. Known limitations and problems
5. Documentation updates
6. Notices and trademarks
SUBJECT TO ANY STATUTORY WARRANTIES WHICH CAN NOT BE
EXCLUDED,
WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE,
SUPPORT, IF ANY.
The Communications Server for Linux Web Administration
package is a tool designed to
provide remote web connectivity for managing a CS Linux server installation. A
full range
of remote query and status information is provided in general and specific
functional areas.
Some start and stop functions for node, port (new), connection and host
resources are also provided.
Diagnostic tools for examining logs, taking traces and capturing problem
determination data should be very useful.
Use this tool for most normal operations and not for large query operations.
If you need to query results for more than several hundred LUs
or connections, use direct
Telnet or SSH connections.
STEPs for assistance:
Throughout this README file there are STEP:
items. These steps are numbered
to help show the order in which to perform operations. These steps are
checkpoints which
are provided to assist in the installation and configuration tasks. Depending
on the skill
level of the reader, these steps may be followed in part or in whole.
7.0.0.0 Information:
This release is designed to run with the Communications Server for
Linux V6.2.3, V6.4.0, and Communications Server for Data Center Deployment v7.0 (Linux) server.
This release contains the following new features:
If you have a Web Admin V6.2.2, V6.2.2.1 or v6.2.3 package already installed,
perform the following steps to update
the software:
rpm -U ibm-commserver-webadmin-7.0.0.0-1.noarch.rpm
You should not have to modify any configuration files, unless you renamed
the 'snauser' to some other name
(see "Changing
the
The package depends on Common Gateway Interface (
package for Linux. You must have an Red Hat Enterprise Linux (RHEL) or SuSE Enterprise Linux (SLES) Web serverinstalled, and the
perl-
CS Linux products:
- SUSE Linux Enterprise
Server 10 and 11 (i686,x84_64,ppc64,s390,s390x).
- Red Hat Enterprise Linux 5 and 6
(i686,x84_64,ppc64,s390x)
This package requires the administrator of a Linux system to
perform configuration.
You must copy the Web Server configuration file, sna.conf into the /etc/httpd/conf.d
(on RHEL)
or /etc/apache2/conf.d (on SLES) directory (as appropriate).
For secure access,
use visudo to update the /etc/sudoer file. The package uses full path specification
for execution of snaadmin, sna
and snagetpd executables using a 'sna' group user.
You must create a 'snauser' user ID in the 'sna' group and then assign the web
server the authority to run under that user. This will prevent vulnerable
attacks by
insertion of rogue execution files in the paths executed by a 'root' user. It
is assumed
that the administrator is familiar with the procedures described to configure
the Web
Server so that the proper security and performance requirements are met.
This package can be installed with the
for Data Center
Deployment (P/N 5725-H32). These do not need to be installed for this package to load successfully.
A Web Server is required to use the Web Admin package. On RHEL, the
standard Web Server process is "httpd".
To verify if Web Server is running on RHEL, issue "ps -ef | grep
http" to see if the Web Server is running.
On SLES, the standard Web Server is "apache2". To verify if Web Server is running on SLES,
issue "ps -ef | grep
http" to see if the Web Server is running.
The package was tested with the following Web Servers:
- Apache2 - 2.2.3 ( apache2-2.2.3 or later on SLES)
- HTTP Server 2.2 ( httpd-2.2 or later on RHEL)
Most web browsers that support
with this package. The Communications Server for Linux, Communications
Server for
Linux on System z and Communications Server for Data Center Deployment have been tested with this
Communications Server Web Administration package.
STEP 1: Download the CS Linux Web Admin package from the website:
Search for "WebAdmin" to find the link to the Web Admin package. Download the package from:
http://www.ibm.com/support/entry/portal/Overview/Software/Other_Software/Communications_Server_for_Linux
The package search on the support page should provide a link like this:
http://www-01.ibm.com/support/docview.wss?uid=swg24008320
STEP 2: Install the Web Administration package by using the following
rpm -U ibm-commserver-webadmin-version.rpm
The ibm-commserver-webadmin-version.rpm file
installs into the /opt/ibm/sna/web
directory. This
directory contains this README and the following three sub-directories that the
web server should
reference:
/opt/ibm/sna/web/cscdoc
/opt/ibm/sna/web/cscbin
/opt/ibm/sna/web/cscicons
These files will all have user 'bin' and group 'sna' access rights.
Follow the instructions in the Configuration
process to reference these directories.
NOTE: Perform all installation instructions under the 'root' system ID.
These instructions for configuring the Web Server are
designed to have
http://server_name/cscdoc/cslinuxweb.html as the main page for
the Web Administration package.
Add a link to this main page somewhere on the Web Server for easier access.
STEP 3: Copy the sna.conf file found at /opt/ibm/sna/web into
the Web Server configuration directory.
This is /etc/httpd/conf.d on RHEL,
and /etc/apache2/conf.d on SLES.
For secure access, it is recommended you use the htpasswd tool shipped with RHEL
or htpasswd2
tool shipped with SLES to set a user and password access.
The Web Server uses one of the following configuration files to define access and location of webpages:
If using Apache2, the following text can be inserted into a "webadmin.conf" file.
Otherwise, the http.conf file must be updated.
These definitions list Aliases for .../cscdoc, .../cscbin,
and .../cscicons. Secure access should be
imposed using a htpasswd
file.
In the Directory statements listed above for the Web
Administration 'html' documents
and
to create and set the file.
STEP 4: Issue the following command on RHEL to set UserID and Password for access to the CS Linux Web Admin pages:
htpasswd -bc /opt/ibm/sna/.webpasswd admin passw0rd
On SLES, the command is htpasswd2.This command creates /opt/ibm/sna/.webpasswd with
a user of 'admin' and a password
of 'passw0rd'. Any reference to the http://server/cscdoc/ will prompt
the initial access to
request the proper user ID and password.
The permissions for CS Linux command line executables are
set to the 'sna' group.
Specific configuration allows Web clients proper access to the CS Linux
commands.
Before setting access to allow execution by the Web client, you must create a
dummy user
in the 'sna' group.
STEP 5: Using root authority, execute /usr/sbin/useradd
-g sna snauser. This
will create a 'snauser' ID in the 'sna' group.
The visudo command in Linux allows the
system administrator to give specific access to an
application to run as a specific user for specific executables. Care must be
taken that the
paths are fully provided so rogue execution will not be possible.
STEP 6: Using visudo, add the
following statement to the bottom of the /etc/sudoers
file,
where interface matches the Linux hostname (as reported using the hostname
command):
wwwrun interface = (snauser) NOPASSWD: /opt/ibm/sna/bin/snaadmin,/opt/ibm/sna/bin/snagetpd, /opt/ibm/sna/bin/sna
where wwwrun is the Apache user ID on SLES (use apache
for RHEL systems),
the interface is the interface that the Web Server is allowing
access over. The (snauser) is required for the
web client to run as 'snauser', a member of the
'sna' group. Use the NOPASSWD option so the
system will not prompt for root password
when the web server executes the script. View the /var/log/httpd/error_logs
for messages if
pages are not properly invoked.
To provide a link to the Web Admin pages, you will need to update the Web Server pages with following:
STEP 7: Update a file found in the /var/www/html
(RHEL path), or /srv/www/htdocs (SLES path), with the
following statement somewhere on a web page:
<a
ref="http://hostname/cscdoc/cslinuxweb.html" > <img SRC="/icons/link.gif"
STEP 8: Issue the following command, depending on the level of Apache
or Apache2 code installed,
to make these changes take effect on the Web Server:
/usr/sbin/apachectl restart or /usr/sbin/apache2ctl restart
If the user ID, 'snauser', is not an ID you wish
to use, you can rename the user ID in the Web
Admin files by running the /opt/ibm/sna/web/rename_user.pl script. This
will prompt for
the new ID to use. You should backup the /opt/ibm/sna/web/cscbin directory first. This
directory contains the files where the 'snauser' ID
is defined in the Web Admin scripts.
3.0 Uninstall information:
Perform the following steps to remove the CS Linux Web Administration package:
1) Remove references to the Web Admin tool from the Web Server
configuration.
Delete the sna.conf
file that was copied to the /etc/httpd/conf.d directory (or /etc/apache2/conf.d directory)
to remove any references to .../cscdoc,
.../cscbin
and .../cscicons.
2) Execute visudo tool to
update the /etc/sudoers file to remove the
access permission
for the Web Server from the /opt/ibm/sna/bin/... files.
3) Remove the CS Linux Web Administration package by using the
following rpm
command:
rpm -e ibm-commserver-webadmin
4.0 Known limitations and problems:
FORMS
Forms presented by this package to allow action on
or stopping the node, do not prompt for confirmation. The assumption is that
selected
options are the chosen action as submitted on the forms.
Errors that occur due to Web Server invocation problems are logged in the
/var/log/httpd/error_log or /opt/log/apache2/error_log file.
WARNINGS
You will see these warnings when you start the RHEL or SLES Web Server:
[warn] The Alias directive in /etc/httpd/conf.d/sna.conf at line 21 will probably never match because it overlaps an earlier Alias.
[warn] The Alias directive in /etc/httpd/conf.d/sna.conf at line 39 will probably never match because it overlaps an earlier Alias.
This indicates that the alias for the paths overlap. This is just a warning and
also means that the Web server has actively read the Web Admin configuration settings.
5.0 Notices and trademarks:
This information
was developed for products
and services offered
in the U.S.A.
SUBJECT TO ANY
STATUTORY WARRANTIES WHICH CANNOT BE EXCLUDED,
INCLUDING BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OR
CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE,
TECHNICAL SUPPORT, IF
ANY.
The exclusion also
applies to any of
developers and
suppliers.
Manufacturers,
suppliers, or publishers of non-
may provide their own
warranties.
specifies otherwise.
Trademarks
----------
The following terms
are trademarks of the
in the United States
or other countries or both:
Advanced Peer-to-Peer
Networking
AIX
Application System/400
AS/400
CICS
MQSeries
MVS
MVS/ESA
MVS/XA
NetView
OpenPower
OS/2
Power5
pSeries
S/390
SP
System p
System p5
System x
System z
System/370
System/390
Systems Application Architecture
VSE/ESA
VTAM
WebSphere
z/OS
z9
zSeries
The following terms
are trademarks or registered trademarks of other
companies:
Java and all Java-based
trademarks are trademarks of Sun Microsystems,
Inc., in the
UNIX is a
registered trademark in the
licensed exclusively
through The Open Group.
Intel and Pentium are trademarks of Intel Corporation.
Linux is a trademark of Linus Torvalds.
Microsoft, Windows,
Windows NT, Windows XP, Windows 2003, and the
Windows logo are
trademarks of Microsoft Corporation in the
RedHat and
SUSE is a trademark of Novell, Inc.
Other company,
product, and service names may be trademarks or service
marks of others.