Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

masfcnv(1m) [sunos man page]

masfcnv(1M)						  System Administration Commands					       masfcnv(1M)

NAME
masfcnv - SNMP configuration migration script SYNOPSIS
/usr/sfw/lib/sma_snmp/masfcnv [-cimnrs] [-l agentmaster] [-p enabledisableerror] [-t noneadd] [-u agentmastererror] [-y agentmaster- error] masfcnv [-V] masfcnv [-?] DESCRIPTION
The masfcnv script is used to assist the system administrator in migrating an existing set of configuration files for the Sun SNMP Manage- ment Agent for Sun Fire and Netra Systems (MASF) to the Systems Management Agent (SMA). The script accepts as input the currently installed set of MASF and SMA configuration files and outputs a new set of SMA configuration files. Existing SMA configuration files are backed up by appending .bak to the filename. The administrator can choose to output the new configuration to standard output, instead of replacing the current configuration, by specifying the -n option. The migration script must be run as the superuser. Failure to do so causes the script to exit with an error message. Before running the script you should ensure that both the SMA and MASF agents are not running. If the agents are running they will be shut down by the script. The migration script installs a new startup script for the MASF agent in /etc/init.d, as well as a backup of the old script. During migra- tion, MASF will be configured as an AgentX subagent of SMA. All migration settings will be migrated to the SMA configuration file. The migration script aborts if any unrecognized directives are found in either the MASF configuration files or the SMA configuration files. This can be overridden with the -i option. If this option is selected, the behavior is to retain unrecognized directives that were present in the SMA configuration, but remove those present in the MASF configuration. The migration script then proceeds to migrate access control and trap configuration. As a side effect of running the migration script, the following directives might be expanded by the script into multiple directives with an equivalent interpretation: o rwcommunity o rocommunity o rwuser o rouser o trapcommunity o trapsink o trap2sink o informsink Access Control Migration Access control directives are expanded into the equivalent com2sec, group, access and view directives. Existing group names are renamed by prepending a prefix to avoid conflict with any which may already be defined in SMA. When migrating SNMPv1 or v2c access control, a conflict can occur if both MASF and SMA configuration files have defined access permissions for the same community and source address. The default behavior is to abort with a message, unless a use of the -y option specifies other- wise. If -y agent is specified then the MASF configuration takes precedence. If -y master is specified then the SMA configuration is retained. When migrating USM configuration (SNMPv3), a conflict can occur if both SMA and MASF configurations define a user with the same security- Name. If this occurs, the behavior of the script is determined by the -u option. If -u agent is specified, the configuration of the user defined in the MASF configuration files is the one that is retained. Otherwise, if the -u master option is specified, the use defined in the SMA configuration files is retained. By default, the migration script attempts to migrate USM users from MASF to SMA. The script determines whether there are any SNMPv3 users present in the SMA configuration and whether the default engineID has been overridden in the SMA configuration files. If neither of these conditions obtain, then the any usmUser statements containing localized authentication keys can be migrated to SMA, along with the MASF engineID. This results in the engineID of the SMA master agent changing. If the script determines that there are existing SNMPv3 users or a manually configured engineID present in the SMA configuration, only those users defined in createUser statements are transferred. Those users that were defined in usmUser statements are transferred but will have their passwords reset to a random value. You should notify your users of their new password or reset the password yourself by editing the newly-generated configuration file. Trap/Inform Migration The migration script performs a check to determine whether a trap destination defined for MASF is already specified in an existing SMA trapsink, trap2sink or informsink directive. If this is the case, then the directive in the MASF configuration will be discarded to avoid duplicate traps/informs being received. trapsink, trap2sink and informsink directives specified in the existing SMA configuration are considered valid destinations for MASF traps/informs and will receive them from the MASF subagent after migration. If the -t none option was specified on the command line, the migration script carries over any remaining MASF trap/inform directives with- out modification. If the -t add option was specified (the default), the migration script expands any trapsink, trap2sink, or informsink directives to use the TARGET-MIB and NOTIFICATION-MIB. The TARGET-MIB specifies targets using IP addresses, so it might be desirable to use the -t none option if, for example, the network allocates IP addresses to hostnames dynamically by means of DHCP. The expanded directives defines filters specific to the MASF agent so that traps from other subagents will not be received by migrated trap destinations. Existing filters present in the SMA configuration are, by default, not modified and might or might not receive MASF traps, depending upon the filters that were originally defined for them. If the -l option is specified, any filters already defined in the TARGET-MIB and the NOTIFICATION-MIB for SMA are extended to include traps from MASF. In the event that a trap destination is already configured in the TARGET-MIB with the same target address and community as an existing MASF trap/inform sink, a conflict will arise. If -l agent was specified and a conflict arises, the migration script uses the target SNMP parameters (that is, the SNMP version and choice of trap/inform) defined by the MASF trap/informsink directive to send traps to this destination. Otherwise, if the -l master option was specified, the conflict will be resolved using the target SNMP parameters specified in the SMA configuration. Miscellaneous If the migration script encounters in the MASF configuration file any of the directives listed below and the directives are either not present or differ from the SMA configuration, the script will log a warning message. o syslocation o syscontact o sysname o sysservices o agentgroup o agentuser o authtrapenable OPTIONS
The following options are supported: -? --help Displays usage information. -c --no-community Do not transfer v1/v2c communities. -i --ignore-unrecognized-directives Continue processing if unrecognized directives are present. -l agent | master --master-trap-target=agent | master If agent is specified, the existing SMA trap targets will be configured to receive traps that were previously sent to destinations for the Sun Fire SNMP agent. If master is specified, the targets will be configured to receive Sun Fire SNMP traps, but existing SNMP tar- get parameters will be used. -m --no-usmuser Do not transfer usm (v3) users. -n --dry-run Run the migration without modifying any files. If an error arises, continue processing. This can be used to determine the likely migra- tion issues. -p enable | disable | error --use-agent-port=enable | disable | error Indicates whether the port originally used by the Sun Fire SNMP agent should be used by the SMA agent after migration (if the two agents are using different ports). If enable is specified, then the port used by the Sun Fire SNMP agent will also be used by the SMA agent after migration. If disable is specified, the ports used by SMA will not be updated by the migration tool. If the error option is specified and the SMA agent is not already using the same ports as those used by the original Sun Fire SNMP agent, an error is reported and the migration process is terminated. If no option is specified the default behavior is equivalent to the error flag. -r --no-trap Do not transfer trap destinations. -s --skip-user If a user is found in the MASF configuration file that cannot be created in the new configuration because of a change in the engine ID, then output a message indicating that the user could not be migrated (needs to be manually recreated) and continue processing. If this option is not present, the migration tool will consider such a situation as an error and abort. -t none | add --trap-filter=none | add If none is specified then the script will copy trap directives directly. The administrator might need to manually update the configura- tion file to ensure traps are only delivered to their intended destinations. If add is specifed, trap filters will be constructed so that traps originating from the original Sun Fire SNMP agent are delivered only to the destinations that originally received them. The default behavior is add. -u agent | master | error --select-user=agent | master | error Specifies that if a user with the same name is found in both configuration files that the conflict is to be resolved using the speci- fied configuration file as input. Selecting a user from a particular will also cause the group declaration for that user to be taken from the same file. If agent is specified then the user will be taken from the configuration file for the Sun Fire SNMP Agent. If mas- ter is specified, the user will be taken from the SMA configuration. Otherwise, if error is given, the script will terminate. If this option is not present, the default behavior is equivalent to the error flag. -V --version Display the version of this script. -y agent | master | error --select-community=agent | master | error EXAMPLES
Example 1: Simplest Case The command shown below is appropriate for a simple migration. The migration fails if there are any potential conflicts. # masfcnv Example 2: Migrating Such That MASF Settings Override To migrate the MASF configuration such that it will always succeed, that MASF settings will override in the event of a conflict with SMA, and that access will still be provided on the original MASF port, enter: # masfcnv -is -l agent -p enable -u agent -y agent Example 3: Dry Run, Retaining SMA Settings To attempt a dry run and migrate the configuration such that any conflicts will be resolved by retaining existing SMA settings, enter: masfcnv -l master -u master -y master EXIT STATUS
0 Success. non-zero A problem occurred during migration. FILES
/etc/sma/snmp/snmpd.conf /var/sma_snmp/snmpd.conf SMA configuration files /etc/opt/SUNWmasf/conf/snmpd.conf /var/opt/SUNWmasf/snmpd.dat MASF configuration files /tmp/sma_migration.log masfcnv log file ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWsmcmd | +-----------------------------+-----------------------------+ |Interface Stability |Stable | +-----------------------------+-----------------------------+ SEE ALSO
attributes(5) SunOS 5.10 15 Jan 2004 masfcnv(1M)
Man Page