Web Administration package for
* © Copyright International Business
Machines Corp. 2004,2017
* All Rights Reserved
* Licensed Material - Property of
*
* US Government Users Restricted Rights
- Use, duplication or
* disclosure restricted by GSA
Table of Contents
-----------------
0. Third-party
license terms and conditions, notices, and information
1. About this release
1.1 Package compatibility
1.2 Package configuration requirements
1.2.2 Package dependencies
2.0 Installation process
2.1 Configuration process
2.2 Install script
3. Uninstall information
4. Known limitations and problems
5. Documentation updates
6. Notices and trademarks
SUBJECT TO ANY STATUTORY WARRANTIES WHICH CAN NOT BE
EXCLUDED,
WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE,
SUPPORT, IF ANY.
The Communications Server for Linux Web Administration
package is a tool designed to
provide remote web browser administration for managing a CS Linux server installation. A
full range
of SNA query and status information is provided for the local server. With this release, a new Domain
panel has been provided to display SNA resources across a domain of servers sharing SNA resources.
Local operation to start and stop SNA resources for node, port, connections (links) and SNA PUs
are also provided. Some additional diagnostic displays for examining Provision Manager logs have
been added. Be careful to use this tool for most normal operations and not for very large query operations.
STEPs for assistance:
Throughout this README file there are STEP:
items. These steps are numbered
to help show the order in which to perform operations. These steps are
checkpoints which
are provided to assist in the installation and configuration tasks. Depending
on the skill
level of the reader, these steps may be followed in part or in whole.
7.0.0.2 Information:
This release is designed to run with the Communications Server for
Linux V6.2.3, V6.4.0, and
Communications Server for Data Center Deployment v7.0 (Linux) server.
This release contains the following new features:
If you have a Web Admin V6.2.3 or V7.0.0.0 package already installed, perform the following steps to update
the software:
rpm -U ibm-commserver-webadmin-7.0.0.2-1.noarch.rpm
You should not have to modify any configuration files, unless you renamed
the 'snauser' to some other name
(see "Changing
the
The package depends on Common Gateway Interface (
package for Linux. You must have an Red Hat Enterprise Linux (RHEL) or SuSE Enterprise Linux (SLES) Web
server installed, and the perl-
CS Linux products:
- SUSE Linux Enterprise
Server 11 and 12 (i686,x84_64,ppc64,s390x).
- Red Hat Enterprise Linux 6 and 7
(i686,x84_64,ppc64,s390x)
This package requires the administrator of a Linux system to
perform configuration.
You must copy the Web Server configuration file, sna.conf(web server version 2.4)
or sna.conf.apache22(web server version 2.2) as sna.conf
into the /etc/httpd/conf.d(on RHEL)
or /etc/apache2/conf.d (on SLES) directory (as appropriate).
For secure access,
use visudo to update the /etc/sudoer file. The package uses full path specification
for execution of snaadmin, sna, snagetpd and snawhat executables using a 'sna' group user.
You must create a 'snauser' user ID in the 'sna' group and then assign the web
server the authority to run under that user. This will prevent vulnerable
attacks by
insertion of rogue execution files in the paths executed by a 'root' user. It
is assumed
that the administrator is familiar with the procedures described to configure
the Web
Server so that the proper security and performance requirements are met.
This package can be installed with the
for Data Center
Deployment (P/N 5725-H32). These do not need to be installed for this package to load successfully.
A Web Server is required to use the Web Admin package. On RHEL, the
standard Web Server process is "httpd".
To verify if Web Server is running on RHEL, issue "ps -ef | grep
httpd" to see if the Web Server is running.
On SLES, the standard Web Server is "apache2". To verify if Web Server is running on SLES,
issue "ps -ef | grep
httpd" to see if the Web Server is running.
The package was tested with the following Web Servers:
- Apache2 - 2.2.3 ( apache2-2.2.3 or later on SLES)
- HTTP Server 2.2 ( httpd-2.2 or later on RHEL)
- Apache2 - 2.4.6 ( apache2-2.4.6 or later on SLES)
- HTTP Server 2.4 ( httpd-2.4 or later on RHEL)
Most web browsers that support
Communications
Server for
Linux on System z and Communications Server for Data Center Deployment
have been tested with this
Communications Server Web Admin package.
STEP 1: Download the CS Linux Web Admin package from the website:
Search for "WebAdmin" to find the link to the Web Admin package. Download the package from:
http://www.ibm.com/software/network/commserver/datacenter
The package search on the support page should provide a link like this:
http://www-01.ibm.com/support/docview.wss?uid=swg24008320
NOTE: For STEP 2 to STEP 5, an automation install script, installibmcsweb, is provided with the installation package
to perform the process of installation and configuration automatically.
STEP 2: Install the Web Admin package by using the following
rpm -U ibm-commserver-webadmin-version.noarch.rpm
The ibm-commserver-webadmin-version.rpm file
installs into the /opt/ibm/sna/web
directory. This
directory contains this README and the following three sub-directories that the
web server should
reference:
/opt/ibm/sna/web/cscdoc
/opt/ibm/sna/web/cscbin
/opt/ibm/sna/web/cscicons
These files will all have user 'bin' and group 'sna' access rights.
Follow the instructions in the Configuration
process to reference these directories.
NOTE: Perform all installation instructions under the 'root' system ID.
These instructions for configuring the Web Server are
designed to have
http://server_name/cscdoc/cslinuxweb.html as the main page for
the Web Administration package.
Add a link to this main page somewhere on the Web Server for easier access.
STEP 3: If the version of web server is 2.4, Copy the sna.conf file found at /opt/ibm/sna/web into
the Web Server configuration directory, otherwise if the version of web server is 2.2,
copy the sna.conf.apache22 file as sna.conf file into
the Web Server configuration directory.
This is /etc/httpd/conf.d on RHEL,
and /etc/apache2/conf.d on SLES.
In the Directory statements listed above for the Web
Administration 'sna.conf' documents
and
requires a authentication. To set this security access, use the htpasswd command
to create and set the password file.
STEP 4: Issue the following command on RHEL to set UserID and Password for access to the CS Linux Web Admin pages:
htpasswd -bc /opt/ibm/sna/.webpasswd admin passw0rd
On SLES, the command is htpasswd2.This command creates /opt/ibm/sna/.webpasswd with
a user of 'admin' and a password
of 'passw0rd'. Any reference to the http://server/cscdoc/ will prompt
the initial access to
request the proper user ID and password.
The permissions for CS Linux command line executables are
set to the 'sna' group.
Specific configuration allows Web clients proper access to the CS Linux
commands.
Before setting access to allow execution by the Web client, you must create a
dummy user
in the 'sna' group.
STEP 5: Using root authority, execute /usr/sbin/useradd
-g sna snauser. This
will create a 'snauser' ID in the 'sna' group.
The visudo command in Linux allows the
system administrator to give specific access to an
application to run as a specific user for specific executables. Care must be
taken that the
paths are fully provided so rogue execution will not be possible.
STEP 6: Using visudo, add the
following statement to the bottom of the /etc/sudoers
file,
where interface matches the Linux hostname (as reported using the hostname
command):
wwwrun interface = (snauser) NOPASSWD: /opt/ibm/sna/bin/snaadmin,/opt/ibm/sna/bin/snagetpd,/opt/ibm/sna/bin/snawhat, /opt/ibm/sna/bin/sna
where wwwrun is the Apache user ID on SLES (use apache
for RHEL systems),
the interface is the interface that the Web Server is allowing
access over. The (snauser) is required for the
web client to run as 'snauser', a member of the
'sna' group. Use the NOPASSWD option so the
system will not prompt for root password
when the web server executes the script. View the /var/log/httpd/error_logs
for messages if
pages are not properly invoked.
To provide a link to the Web Admin pages, you will need to update the Web Server pages with following:
STEP 7: Update a file found in the /var/www/html
(RHEL path), or /srv/www/htdocs (SLES path), with the
following statement somewhere on a web page (Note, the hostname is the interface name for the Web server):
<a
ref="http://hostname/cscdoc/cslinuxweb.html" > <img SRC="/icons/link.gif"
STEP 8: Issue the following command, depending on the level of Apache
or Apache2 code installed,
to make these changes take effect on the Web Server:
/usr/sbin/apachectl restart or /usr/sbin/apache2ctl restart
If the user ID, 'snauser', is not an ID you wish
to use, you can rename the user ID in the Web
Admin files by running the /opt/ibm/sna/web/rename_user.pl script. This
will prompt for
the new ID to use. You should backup the /opt/ibm/sna/web/cscbin directory first. This
directory contains the files where the 'snauser' ID
is defined in the Web Admin scripts.
The install script installibmcsweb assists the administrator of a Linux system with configuration of the Web Admin.
The script will prompt for configuring the Web Admin, Query Admin, or both automatically. It will perform Steps 2 thru 5 listed above.
1) The script will prompt for which component to install: 1 for Web Admin, 2 for Query, 3 for both,
Other values are invalid and will fail. Based on the user selection, the corresponding user account will be created.
2) The script will install Web Admin package per Step 2. Any install error will cause the script exit.
3) Based on the version of the web server(2.2 or 2.4), the corresponding Web Server configuration file
will be copied to the web server directory. See detail in Step 3.
4) Based on the user selection, the user account will be configured for Web Admin, Web Query or both.
You will be prompt to input user account and password. See detail in Step 4.
5) 'snauser' ID in the 'sna' group will be created if not existed. See detail in Step 5.
Other Steps like 6,7 and 8, you should configure manually
3.0 Uninstall information:
Perform the following steps to remove the CS Linux Web Administration package:
1) Remove references to the Web Admin tool from the Web Server
configuration.
Delete the sna.conf
file that was copied to the /etc/httpd/conf.d directory (or /etc/apache2/conf.d directory)
to remove any references to .../cscdoc,
.../cscbin
and .../cscicons.
2) Execute visudo tool to
update the /etc/sudoers file to remove the
access permission
for the Web Server from the /opt/ibm/sna/bin/... files.
3) Remove the CS Linux Web Administration package by using the
following rpm
command:
rpm -e ibm-commserver-webadmin
4.0 Known limitations and problems:
FORMS
Forms presented by this package to allow action on
or stopping the node, do not prompt for confirmation. The assumption is that
selected
options are the chosen action as submitted on the forms.
Errors that occur due to Web Server invocation problems are logged in the
/var/log/httpd/error_log or /opt/log/apache2/error_log file.
5.0 Notices and trademarks:
This information
was developed for products
and services offered
in the U.S.A.
SUBJECT TO ANY
STATUTORY WARRANTIES WHICH CANNOT BE EXCLUDED,
INCLUDING BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OR
CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE,
TECHNICAL SUPPORT, IF
ANY.
The exclusion also
applies to any of
developers and
suppliers.
Manufacturers,
suppliers, or publishers of non-
may provide their own
warranties.
specifies otherwise.
Trademarks
----------
The following terms
are trademarks of the
in the United States
or other countries or both:
Advanced Peer-to-Peer
Networking
AIX
Application System/400
AS/400
CICS
MQSeries
MVS
MVS/ESA
MVS/XA
NetView
OpenPower
OS/2
Power5
pSeries
S/390
SP
System p
System p5
System x
System z
System/370
System/390
Systems Application Architecture
VSE/ESA
VTAM
WebSphere
z/OS
z9
zSeries
The following terms
are trademarks or registered trademarks of other
companies:
Java and all Java-based
trademarks are trademarks of Sun Microsystems,
Inc., in the
UNIX is a
registered trademark in the
licensed exclusively
through The Open Group.
Intel and Pentium are trademarks of Intel Corporation.
Linux is a trademark of Linus Torvalds.
Microsoft, Windows,
Windows NT, Windows XP, Windows 2003, and the
Windows logo are
trademarks of Microsoft Corporation in the
RedHat and
SUSE is a trademark of Novell, Inc.
Other company,
product, and service names may be trademarks or service
marks of others.