Web Administration package for
* © Copyright International Business
Machines Corp. 2004,2007
* All Rights Reserved
* Licensed Material - Property of
*
* US Government Users Restricted Rights
- Use, duplication or
* disclosure restricted by GSA
Table of Contents
-----------------
0. Third-party
license terms and conditions, notices, and information
1. About this release
1.1 Package compatibility
1.2 Package configuration requirements
1.2.2 Package dependencies
2.0 Installation process
2.1 Configuration process
3. Uninstall information
4. Known limitations and problems
5. Documentation updates
6. Notices and trademarks
SUBJECT TO ANY STATUTORY WARRANTIES WHICH CAN NOT BE
EXCLUDED,
WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A
PARTICULAR PURPOSE,
SUPPORT, IF ANY.
The Communications Server for Linux Web Administration
package is a tool designed to
provide remote web connectivity for managing a CS Linux server installation. A
full range
of remote query and status information is provided in general and specific
functional areas.
Some start and stop functions for node, port (new), connection and host
resources are also provided.
Diagnostic tools for examining logs, taking traces and capturing problem
determination data should be very useful.
Use this tool for most normal operations and not for large query operations.
If you need to query results for more than several hundred LUs
or connections, use direct
Telnet or SSH connections.
STEPs for assistance:
Throughout this README file there are STEP:
items. These steps are numbered
to help show the order in which to perform operations. These steps are
checkpoints which
are provided to assist in the installation and configuration tasks. Depending
on the skill
level of the reader, these steps may be followed in part or in whole.
6.2.3.0 Information:
This release is designed to run with the Communications Server for
Linux V6.2.3.0 server or the download trial version (ibm-commserver-6.2.2.99).
If the Webadmin package is installed with any previous version of the server, not all
the display functions will work.
This release contains the following
new features:
If you have a Web Admin V6.2.2 or V6.2.2.1 package already installed,
perform the following steps to update
the software:
rpm -U ibm-commserver-webadmin-6.2.3.0-1.noarch.rpm
You should not have to modify any configuration files, unless you renamed
the 'snauser' to some other name
(see "Changing
the
The package depends on Common Gateway Interface (
package for Linux. You must have an Apache server or
perl-
CS Linux products:
- Red Hat Enterprise Linux
3 (i686,s390,s390x)
- SUSE Linux Enterprise
Server 8 (i686,s390,s390x).
- Red Hat Enterprise Linux 4
(i686,x84_64,ppc64,s390,s390x)
- SUSE Linux Enterprise
Server 9 and 10 (i686,x84_64,ppc64,s390,s390x).
- Red Hat Enterprise Linux 5
(i686,x84_64,ppc64,s390x)
This package requires the administrator of a Linux system to
perform configuration.
You must update the Web Server configuration file, httpd.conf.
For secure access,
use visudo to update the /etc/sudoer file. The package uses full path specification
for execution of snaadmin, sna
and snagetpd executables using a 'sna' group user.
You must create a 'snauser' user ID in the 'sna' group and then assign the web
server the authority to run under that user. This will prevent vulnerable
attacks by
insertion of rogue execution files in the paths executed by a 'root' user. It
is assumed
that the administrator is familiar with the procedures described to configure
the Web
Server so that the proper security and performance requirements are met.
This package can be installed with the
or
be installed for this package to load successfully.
A Web Server is required to use the Web Admin package. On Linux, the
standard Web Server is Apache.
To verify if Apache is running on your system, issue "ps -ef | grep
http" to see if the Web Server is running.
The package was tested with the following
Web Servers:
- Apache - 1.3.26 and later
- Apache2 - 2.2.3
-
Most web browsers that support
with this package. The Communications Server for Linux and Communications
Server for
Linux on System z products have been tested with this Communications Server Web
Administration package. For RHEL3-s390 and SLES8-s390 Linux on zSeries systems, the
perl-
http://www.novell.com/linux/
to get the appropriate packages. Perl-
in our testing. For security purposes, you must also install the sudo package. This allows
specific access to CS Linux Administration commands for specific users.
STEP 1: Download the CS Linux Web Admin package from the website:
http://www-306.ibm.com/software/network/commserver/linux/support/
STEP 2: Install the Web Administration package by using the following
rpm -U ibm-commserver-webadmin-version.rpm
The ibm-commserver-webadmin-version.rpm file
installs into the /opt/ibm/sna/web
directory. This
directory contains this README and the following three sub-directories that the
web server should
reference:
/opt/ibm/sna/web/cscdoc
/opt/ibm/sna/web/cscbin
/opt/ibm/sna/web/cscicons
These files will all have user 'bin' and group 'sna' access rights.
Follow the instructions in the Configuration
process to reference these directories.
NOTE: Perform all installation instructions under the 'root' system ID.
These instructions for configuring the Web Server are
designed to have
http://server_name/cscdoc/cslinuxweb.html as the main page for
the Web Administration package.
Add a link to this main page somewhere on the Web Server for easier access.
Update the Web Server configuration file, usually httpd.conf,
with
Alias and Directory information. For secure access, it is recommended
you use the htpasswd tool shipped with Apache
or IHS to set a user and password access.
The Web Server uses one of the following configuration files to define access and location of webpages:
If using Apache2, the following text can be inserted into a "webadmin.conf" file.
Otherwise, the http.conf file must be updated.
These definitions list Aliases for .../cscdoc, .../cscbin,
and .../cscicons. Secure access should be
imposed using a htpasswd
file.
STEP 3: Add the following definitions to the httpd.conf,
or create a webadmin.conf file, to provide Web Server
access for the Web Administration tool:
- Add to ScriptAlias section:
ScriptAlias /cscbin/
"/opt/ibm/sna/web/cscbin/"
- Add to Directory section:
# For CS Linux Web Administration
<Directory "/opt/ibm/sna/web/cscbin">
AuthName cslinux
# type of
authentication
AuthType Basic
# the
path of the password file, here in the same directory as httpd.conf
AuthUserFile /opt/ibm/sna/.webpasswd
# the
valid users
require valid-user
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
# For
CS Linux Web Administration Document directory
Alias /cscdoc "/opt/ibm/sna/web/cscdoc/"
Alias /cscdoc/ "/opt/ibm/sna/web/cscdoc/"
<Directory "/opt/ibm/sna/web/cscdoc">
AuthName cslinux
# type of
authentication
AuthType Basic
# the
path of the password file, here in the same directory as httpd.conf
AuthUserFile /opt/ibm/sna/.webpasswd
# the
valid users
require valid-user
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
# For
CS Linux Web Administration Icon directory
Alias /cscicons "/opt/ibm/sna/web/cscicons/"
Alias /cscicons/ "/opt/ibm/sna/web/cscicons/"
<Directory "/opt/ibm/sna/web/cscicons">
Options Indexes MultiViews
AllowOverride None
Order allow,deny
Allow from all
</Directory>
In the Directory statements listed above for the Web
Administration 'html' documents
and
to create and set the file.
STEP 4: Issue the following command to set UserID and Password for access to the CS Linux Web Admin pages:
htpasswd -bc /opt/ibm/sna/.webpasswd admin passw0rd
This command creates /opt/ibm/sna/.webpasswd with
a user of 'admin' and a password
of 'passw0rd'. Any reference to the http://server/cscdoc/ will prompt
the initial access to
request the proper user ID and password.
The permissions for CS Linux command line executables are
set to the 'sna' group.
Specific configuration allows Web clients proper access to the CS Linux
commands.
Before setting access to allow execution by the Web client, you must create a
dummy user
in the 'sna' group.
STEP 5: Using root authority, execute /usr/sbin/useradd
-g sna snauser. This
will create a 'snauser' ID in the 'sna' group.
The visudo command in Linux allows the
system administrator to give specific access to an
application to run as a specific user for specific executables. Care must be
taken that the
paths are fully provided so rogue execution will not be possible.
STEP 6: Using visudo, add the
following statement to the bottom of the /etc/sudoers
file,
where interface matches the Linux hostname (as reported using the hostname
command):
wwwrun interface = (snauser) NOPASSWD: /opt/ibm/sna/bin/snaadmin,/opt/ibm/sna/bin/snagetpd, /opt/ibm/sna/bin/sna
where wwwrun is the Apache user ID on SLES8 (use apache
for RHEL Apache systems,
use nobody for IHS systems), the interface is the
interface that the Web Server is allowing
access over. The (snauser) is required for the
web client to run as 'snauser', a member of the
'sna' group. Use the NOPASSWD option so the
system will not prompt for root password
when the web server executes the script. View the /var/log/httpd/error_logs
for messages if
pages are not properly invoked.
To provide a link to the Web Admin pages, you will need to update the Web Server pages with following:
STEP 7: Update a file found in the /var/www/html
(RHEL path), or /srv/www/htdocs (SUSE path), with the
following statement somewhere on a web page:
<a
ref="http://hostname/cscdoc/cslinuxweb.html" > <img SRC="/icons/link.gif"
STEP 8: Issue the following command, depending on the level of Apache
or Apache2 code installed,
to make these changes take effect on the Web Server:
/usr/sbin/apachectl restart or /usr/sbin/apache2ctl restart
If the user ID, 'snauser', is not an ID you wish
to use, you can rename the user ID in the Web
Admin files by running the /opt/ibm/sna/web/rename_user.pl script. This
will prompt for
the new ID to use. You should backup the /opt/ibm/sna/web/cscbin directory first. This
directory contains the files where the 'snauser' ID
is defined in the Web Admin scripts.
3.0 Uninstall information:
Perform the following steps to remove the CS Linux Web Administration package:
1) Remove references to the Web Admin tool from the Web Server
configuration.
Edit the httpd.conf
file and remove any references to .../cscdoc,
.../cscbin
and .../cscicons.
2) Execute visudo tool to
update the /etc/sudoers file to remove the
access permission
for the Web Server from the /opt/ibm/sna/bin/... files.
3) Remove the CS Linux Web Administration package by using the
following rpm
command:
rpm -e ibm-commserver-webadmin
4.0 Known limitations and problems:
Forms presented by this package to allow action on
or stopping the node, do not prompt for confirmation. The assumption is that
selected
options are the chosen action as submitted on the forms.
Errors that occur due to Web Server invocation problems are logged in the
/var/log/httpd/error_log or /opt/IHS-version/logs/error_log file.
5.0 Notices and trademarks:
This information
was developed for products
and services offered
in the U.S.A.
SUBJECT TO ANY
STATUTORY WARRANTIES WHICH CANNOT BE EXCLUDED,
INCLUDING BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OR
CONDITIONS OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE,
TECHNICAL SUPPORT, IF
ANY.
The exclusion also
applies to any of
developers and
suppliers.
Manufacturers,
suppliers, or publishers of non-
may provide their own
warranties.
specifies otherwise.
Trademarks
----------
The following terms
are trademarks of the
in the United States
or other countries or both:
Advanced Peer-to-Peer
Networking
AIX
Application System/400
AS/400
CICS
MQSeries
MVS
MVS/ESA
MVS/XA
NetView
OpenPower
OS/2
Power5
pSeries
S/390
SP
System p
System p5
System x
System z
System/370
System/390
Systems Application Architecture
VSE/ESA
VTAM
WebSphere
z/OS
z9
zSeries
The following terms
are trademarks or registered trademarks of other
companies:
Java and all Java-based
trademarks are trademarks of Sun Microsystems,
Inc., in the
UNIX is a
registered trademark in the
licensed exclusively
through The Open Group.
Intel and Pentium are trademarks of Intel Corporation.
Linux is a trademark of Linus Torvalds.
Microsoft, Windows,
Windows NT, Windows XP, Windows 2003, and the
Windows logo are
trademarks of Microsoft Corporation in the
RedHat and
SUSE is a trademark of Novell, Inc.
Other company,
product, and service names may be trademarks or service
marks of others.