Softpanorama
(slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-)

Google   

Installing endpoints

News

Endpoints

 Recommended Links Reference Troubleshooting endpoints Gateway Troubleshooting
           
Old but useful Redbook Using Log Files to Troubleshoot Tivoli Environment Tivoli lcfd daemon lcfd.sh last.cfg Etc

Tivoli endpoint can be installed in many different ways. First of all you can create a tar file of installed files and use it.

For UNIX remote installation is preferable and Perl script winstlcf is the standard way to install LCF. A file containing a list of targets can be passed to winstlcf if multiple endpoints need to be installed. 

It uses rsh or ssh protocols on target host (rsh is default, ssh requires -j option)

winstlcf requires either rsh or ssh communication with the target host. You need to check connectivity via one of this protocols before using it.

Again, due to the age of the script rsh-based communication is default. To specify ssh communication you should use -j option. In addition it requires a Bourne-compatible shell, and standard UNIX utilities such as grep on the target system but this is given for Unix installs.

For example, if can create a simple one line shell script to install the endpoint of any of the supported flavors of UNIX: 

winstlcf -Y -j -d /opt/tivoli/lcf -L"-Dlcs.login_interfaces=aix5001 -Dbcast_disable=1 -Dlcs.machine_name=$1-ep" $1
Important note: here aix5001 is the name of your Tivoli server (TMR server). 

Client need to be able to resolve hostname aix5001 either via DNS of host file.

If you name the script install_endpoint.sh, then to install endpoint on the server RHEL273 you need to run the command:

 install_endpoint.sh rhel273

You can also install multiple endpoints on set of UNIX servers by creating a list file containing a list (one system per line) of all target endpoints. Let's assume that  you want to use ssh. Then the command: 

# winstlcf -j -f endpoints.txt -P
will install the LCF Endpoint modules on each system in the list. The -f argument specifies an input file and the the -P argument enables you to enter a global password for use on all of the machines being installed. 
# ksh endpoint_install.sh nti244

Trying nti244...
password for root:

locating files in /opt/TMF/bin/lcf_bundle.41100...
locating files in /opt/TMF/bin/lcf_bundle...

Ready to copy files to host nti244:
  destination: nti244:/opt/tivoli/lcf
       source: nti2171:/opt/TMF/bin/lcf_bundle
        files:
               lib/linux-ix86/libmrt.so
               lib/linux-ix86/libcpl.so
               lib/linux-ix86/libdes.so
       source: nti2171:/opt/TMF/bin/lcf_bundle.41100
        files:
               generic/lcfd.sh
               generic/epinst.sh
               generic/as.sh
               generic/lcf_env.sh
               generic/lcf_env.csh
               generic/lcf_env.cmd
               generic/lcf.inv
               bin/linux-ix86/mrt/lcfd
               lib/linux-ix86/libatrc.so
               lib/linux-ix86/libcpl272.so
               lib/linux-ix86/libdes272.so
               lib/linux-ix86/libmd2ep272.so
               lib/linux-ix86/libguid272.so
               lib/linux-ix86/libmrt272.so
               lib/linux-ix86/libtis272.so
               lib/linux-ix86/libtos.so
               lib/linux-ix86/libtthred.so
Tivoli Light Client Framework starting on nti244
Nov 05 15:11:22 1 lcfd Command line argv[0]='/opt/tivoli/lcf/bin/linux-ix86/mrt/lcfd'
Nov 05 15:11:22 1 lcfd Command line argv[1]='-Dlcs.login_interfaces=nti2171'
Nov 05 15:11:22 1 lcfd Command line argv[2]='-Dbcast_disable=1'
Nov 05 15:11:22 1 lcfd Command line argv[3]='-Dlcs.machine_name=nti244-ep'
Nov 05 15:11:22 1 lcfd Command line argv[4]='-Dlib_dir=/opt/tivoli/lcf/lib/linux-ix86'
Nov 05 15:11:22 1 lcfd Command line argv[5]='-Dload_dir=/opt/tivoli/lcf/bin/linux-ix86/mrt'
Nov 05 15:11:22 1 lcfd Command line argv[6]='-C/opt/tivoli/lcf/dat/2'
Nov 05 15:11:22 1 lcfd Command line argv[7]='-Dlcs.machine_name=nti244-2'
Nov 05 15:11:22 1 lcfd Command line argv[8]='-Dlcs.login_interfaces=nti2171'
Nov 05 15:11:22 1 lcfd Command line argv[9]='-Dbcast_disable=1'
Nov 05 15:11:22 1 lcfd Command line argv[10]='-Dlcs.machine_name=nti244-ep'
Nov 05 15:11:22 1 lcfd Starting Unix daemon
Performing auto start configuration
Tivoli LCF daemon master autostart file is /etc/init.d/Tivoli_lcfd2.
Done.

After that you need to subscribe the new endpoint. To do that you need to run the “subscribe-endpoints.pl” script. This subscribes all new endpoints. To check if the endpoint alive and well you can use:

# ./subscribe-endpoints.pl
Subscribing nti244-ep (linux-ix86) to linux-ep.pm and all-unix-ep.pm...

After that you can check if the endpoint is alive and well: 

# wep ls |grep nti244
1034227612.506.522+#TMF_Endpoint::Endpoint# nti244-ep
Other useful command for checking status of endpoint after installation is:

wep <endpoint name> status

Installation using TAR file

If you had to install the client software using just ftp & tar, then you must first modify the file “/opt/tivoli/lcf/dat/1/last.cfg”.

First, change the lcs.machine_name to identify the new system’s endpoint name, then add the “lcs.login_interfaces=your_tmr_server” line.

Another issue is when an endpoint is connected but the lcf is unreachable or distribution shows as unavailable. Could be that the wrong gateway is cached:

Notes:
  • This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Some amount of grammar and spelling errors should be expected.
  • The site contain some broken links as it develops like a living tree... Please try to use Google, Open directory, etc. to find a replacement link (see HOWTO search the WEB for details). We would appreciate if you can mail us a correct link.
Google Search
Open directory
Research Index

Old news ;-)

[Beowulf] passwordless rsh login

Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.

Tyler Simon tasimon at sunset.backbone.olemiss.edu Wed Jul 7 23:22:32 PDT 2004 

Sandeep,

To set up a RedHat 8.0 cluster using a "passwordless" rsh I
always check the that I have the following.

For each child:

1.)In the users home directory make sure there exists a
'.rhosts' file containg a listing of child nodes and the
master node, set the permissions to 644.

masternode
node1
node2
node3

2.) Type 'setup' and from the 'System Services' menu make
sure that rsh, rlogin, and rexec are selected.

3.) Add the following lines to the end of the /etc/securetty
file

rsh
rexec
rlogin

4.) Change directory to /etc/pam.d and modify the rsh,
rlogin, and rexec files as follows. The order is very
important.

rsh file
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh"
must be
# listed in /etc/securetty.
auth       required     /lib/security/pam_rhosts_auth.so
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_nologin.so
auth       required     /lib/security/pam_env.so
account    required     /lib/security/pam_stack.so
service=system-auth
session    required     /lib/security/pam_stack.so
service=system-auth

rlogin file
#%PAM-1.0
# For root login to succeed here with pam_securetty,
"rlogin" must be
# listed in /etc/securetty.
auth       sufficient   /lib/security/pam_rhosts_auth.so
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_nologin.so
auth       required     /lib/security/pam_env.so
auth       required     /lib/security/pam_stack.so
service=system-auth
account    required     /lib/security/pam_stack.so
service=system-auth
password   required     /lib/security/pam_stack.so
service=system-auth
session    required     /lib/security/pam_stack.so
service=system-auth
	
rexec file
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rexec"
must be
# listed in /etc/securetty.
auth       required     /lib/security/pam_nologin.so
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_env.so
auth       required     /lib/security/pam_stack.so
service=system-auth
account    required     /lib/security/pam_stack.so
service=system-auth
session    required     /lib/security/pam_stack.so
service=system-auth

5.) Make sure to have an updated /etc/passwd,/etc/shadow and
/etc/group file on each node.

This should do it, and feel free to contact me if you have
any trouble.

-Tyler Simon

> Hi,
>
> I have a cluster set up with redhat 8.0 in which Fluent is
> being used. The /home of the master is being shared by all
> the nodes on the cluster. For running parallel
> applications with Fluent it requires passwordless "rsh"
> login to all the nodes. As a local user (non root) I am
> able to login from the master to all the nodes with rsh
> without password. But from one node to another it keeps
> asking for the password.
>
> Is there a solution to it?
>
> Thanks in advance.
>
> Sandy.
>
>
> Sandeep Krishnan
> Graduate Student
> Oklahoma State University
>
> ---------------------------------
> Do you Yahoo!?
> New and Improved Yahoo! Mail - Send 10MB messages!
>
> _______________________________________________
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe)
> visit http://www.beowulf.org/mailman/listinfo/beowulf

TMF - Installing endpoint on Red Hat Enterprise Linux 3.0

James,

Try the following that was created and tested under RH7.2 and I assume that
will work under RHE3.0:

Endpoint installation procedure.
This procedure will create a Tivoli endpoint called tivolinux.ep that will be used for the rest of
this workshop.


First, we need to configure RSH service to be used by Tivoli at endpoint installation time. To
accomplish that, some files must be updated.


In file /etc/xinetd.d/rsh
Change the line that contains ‘disable=yes’ to ‘disable=no’
Add a line in the file /etc/securetty with rsh
Add the file /root/.rhosts that must contain the line: 127.0.0.1
Service xinetd restart
The command that creates the endpoint can be executed now. From a terminal
emulation session
execute the following commands:
. /etc/Tivoli/setup_env.sh
winstlcf –e –g tivolinux+9494 –n tivolinux.ep tivolinux

Regards,
_____________________________________
Lic. Javier R. Barabas
Certified Senior IT Specialist
Tivoli Software - Software Group
IBM Argentina S.A.
Phone: 54-11-4319-6129 - T/L 840-6129
E-Mail: barabas@xxxxxxxxxx

RE: [ITM] winstlcf could not determine INTERP

RE: [ITM] winstlcf could not determine INTERP

Have you checked if the Linux has rsh service active in the inetd.conf ? In general Linux distros does not make it active by default, and winstlcf is based on remote commands.

Good luck!

Gerson Koji Saito - Certified IT Specialist
IBM Software Group
Phone : +55-11-2132-3309 Fax: +55-11-2132-5534
Email : saito-xuelUoVDAHHQT0dZR+AlfA@xxxxxxxxxxxxxxxx

"Silvis, Jasper E. (MBS)" <Jasper.Silvis-UUSGX2jyPCJpFjMZrrdVc9BPR1lH4CV8@xxxxxxxxxxxxxxxx>
Sent by: owner-tme10-XtjxT7Vmt5b1ENwx4SLHqw@xxxxxxxxxxxxxxxx

I have had the best luck with Linux endpoint installations using the Brandon
Mitchell approach of tarballing the endpoint image for the linux-ix86 interp
and installing that from the Linux server. I am using LCF v41100 with no
problems.

Let me know if you need guidance. You may already use this solution for DMZ
installations (pre-TMF411, that is).

Best of luck,

Jasper Silvis
Cendant Mortgage

-----Original Message-----
From: owner-tme10-XtjxT7Vmt5b1ENwx4SLHqw@xxxxxxxxxxxxxxxx
[mailto:owner-tme10-XtjxT7Vmt5b1ENwx4SLHqw@xxxxxxxxxxxxxxxx]On Behalf Of
creimer-fYYQp3cRR0E39yzSjRtAkw@xxxxxxxxxxxxxxxx
Sent: Tuesday, April 13, 2004 3:05 PM
To: tme10-XtjxT7Vmt5b1ENwx4SLHqw@xxxxxxxxxxxxxxxx
Subject: Re: [tme10] [ITM] winstlcf could not determine INTERP


Now, at the endpoint we dropped the line inserted before to solve TMR name
and a new entry on the endpoint DNS was made so the TMR name could be
resolved by DNS and not by /etc/hosts at the endpoint.

But the problem was not solved and winstlcf still complaining.

>
> Can you resolve both hostnames and the ip addresses using nslookup on both
> servers (TMR and Endpoint) ?
>
> John F. Mostler
> Certified Tivoli Consultant
> New York Life
> john_mostler-H66Kdd6cy6IQQYfiE9goCw@xxxxxxxxxxxxxxxx
> (908) 236-3262
>
 

Reference

winstlcf (Tivoli Management Framework, Reference Manual)

Installs an endpoint on all operating systems except AS/400, and OS/2.

Syntax

winstlcf [-a] [-C locale_name] [-D] [-d dir_name] [-e] [-f file_name] [-g machine[+port][:machine[+port]] [-i] [-j] [-L config_options] [-l endpoint_port] [-N endpoint] [-n endpoint_label] [-P] [-R] [-r policy_region] [-S share_name] [-s dir_name] [-T account] [-v] [-x TCPIP | IPX] [-Y] host [user_account password]...

Description

The winstlcf command installs and starts the endpoint service (lcfd) on one or more workstations. This command can be used to install an endpoint on all operating systems except AS/400 and OS/2 operating systems. For AS/400 operating systems, use the w4inslcf.pl command or Tivoli Software Installation Service. For OS/2 operating systems, use the provided InstallShield program or Tivoli Software Installation Service.
Notes
 
  • Before installing Linux endpoints, make sure that the the access method used (exec or shell) is enabled on the target. The exec access method is the default installation option; the shell access method is specified using the -e option.
  • For UNIX opeM] winstlcf could not determine INTERP systems, the login shell of the root user cannot be the C shell.
  • To install Windows endpoints using the winstlcf command, you must first install one Windows endpoint in the domain or trust manually using the InstallShield image. This endpoint is used as a proxy to remotely install all additional Windows endpoints in the domain or trust. After you have installed the proxy endpoint, install all additional Windows endpoints in that domain or trust using the winstlcf command and -N option.

By default, the endpoint service starts after installation. You can install endpoints to multiple workstations by listing the machine names on the command line or using the -f option to specify a file that contains a list of machine names.

If you run the winstlcf command on a machine more than once, you have more than one instance of lcfd service running on that machine.

After you specify an installation password with the winstlcf command, that password becomes the default for all subsequent installations. To change the password, follow these steps:

  1. Explicitly specify another password.
  2. Attempt an installation on an unsupported operating system, which erases the global variable containing the password.
  3. Specify the -P option.

Options

-a
Specifies that endpoints be installed asynchronously. Without this option,the command waits for the endpoint to log in to its gateway before installing the next endpoint.
-C locale_name
For Linux and UNIX operating systems only, specifies the language locale for the target endpoint. If the -C option is not specified, the language is inherited from the lcfd environment.
-d dir_name
Specifies the target directory in which to install the endpoint software. The default location is the /opt/Tivoli/lcf directory for UNIX operating systems and the c:\Program Files\Tivoli\lcf directory for Windows operating systems. When installing a Windows endpoint from a Linux or UNIX Tivoli server, forward slashes in path names are also supported.
-D
For Windows operating systems, indicates that the lcfep program is not installed. When installing in a Windows Terminal Server environment, this is the default behavior and cannot be overridden. In other words, the lcfep program cannot be installed in this environment.
-e
For UNIX operating systems only, specifies to use trusted host access instead of exec.
-f file_name
Specifies the name of a file that contains a list of machine where an endpoint needs to be installed. The file must contain one machine name per line. Each line can contain the machine name, the user ID, the password, the policy region, and the label that is used to install the endpoint. The following is the format of a line: 
host_name user_ID password policy_region endpoint_label

where:

host_name
The host name of the machine where the endpoint is to be installed.
user_ID
The user ID of the system administrator performing the installation.
password
The password associated with the user_ID.
policy_region
Optional. The name of the policy region where the endpoint is moved.
Note
If you specify endpoint_label and you do not want the endpoint moved to a policy region, you must specify policy_region as a null string ("").
endpoint_label
Optional. The label of the endpoint.

For example, the following could be three lines in a file:

red root mstr_Key
orange chris d1n0mite "" orange-ep
yellow root mstr_Key NYC_PR yellow-ep
-g machine[+port][:machine[+port]]...
Specifies the Internet Protocol (IP) address or host name and, optionally, the port number of the gateway to which the endpoint logs in. Multiple gateway entries must be separated by colons (:). You must specify the port number if it is other than 9494, the default. If the -g option is omitted, the endpoint broadcasts to all gateways.
Note
In a network address translation (NAT) environment, gateways must be specified as fully qualified domain names and not as IP addresses. Direct specification of gateway IP addresses fails in a NAT environment.
-i
Turns off auto-start configuration for a Linux or UNIX endpoint after installation. By default, Windows endpoints always start automatically after installation.
-j
Causes the command to use an encrypted secure shell (SSH) connection when connecting to the machine to install the endpoint.
Notes:
  1. You cannot use SSH to perform installations on Windows targets.
     
  2. When you use this option to install an endpoint from a Windows system, you must use a trusted host access method. Because trusted host access methods do not use passwords, you cannot use the -j option with winstlcf options that require a password.
     
  3. To install an endpoint from a Windows system using the winstlcf command and -j option, you must launch a Cygwin command prompt and then run the winstlcf command from the version of Perl provided by Cygwin, as shown in the following example: 
    /usr/bin/perl -S winstlcf -j options
    For more information, see the chapter about SSH in the Tivoli Enterprise Installation Guide.
-l endpoint_port
Specifies the port number for the endpoint. The default port number is 9495.
-L config_options
Passes configuration options to the lcfd command for starting the endpoint. If you specify multiple options or have spaces in a single option, you must enclose the text in double quotation marks ("). See the lcfd command for a list of valid options.
-n endpoint_label
Specifies an endpoint label provided by a user.
Note
If you omit the -n option, the endpoint label is generated automatically. If you do not specify the endpoint port number, the label is the host name of the endpoint. If you specify the endpoint port number (for example, using the -l option), the endpoint label is generated as follows:
  • On Windows operating systems, the label has the format host-port.
  • On Linux and UNIX operating systems, the label has the format host-instance, if the instance number is greater than 1. The value of instance matches the instance number used in the $LCFROOT/dat/instance directory.
-N endpoint
Specifies an existing Windows endpoint in the domain or trust to be used as a proxy to remotely install all other Windows endpoints.
Note
To install Windows endpoints using the winstlcf command, you must first install one Windows endpoint in the domain or trust manually using the InstallShield image. This endpoint is used as a proxy to remotely install all additional Windows endpoints in the domain or trust. After you have installed the proxy endpoint, install all additional Windows endpoints in that domain or trust using the winstlcf command and -N option. When you use this option, all endpoints to be installed are assumed to be Windows clients. Installing the Tivoli Remote Execution Service is not necessary.
-P
Prompts for a password for each machine. This option is useful only when installing on remote hosts with different passwords. If each machine has the same password or if you do not use this option, the command prompts for a global password to use for each machine.
-r policy_region
Specifies a policy region to install the endpoint to.
-R
Requires the Windows endpoint to restart after installation without prompting the user. This option is only needed if the Tivoli Authentication Package, TivoliAP.dll, was not previously installed on the endpoint or an older version of the Tivoli Authentication Package is being replaced.
-s dir_name
Specifies the source directory containing the endpoint installation image.
-S share_name
Specifies a destination share name (default = C$).
-T account
Specifies the Tivoli remote access account fn class="pk">-v
Lists verbose installation information and error messages.
-x [TCPIP | IPX]
For Internetwork Packet Exchange (IPX) endpoints only. Specifies the protocol used by the endpoint. If you do not specify this option, the endpoint uses TCP/IP. Supported protocols are TCP/IP and IPX. To specify both TCP/IP and IPX, specify the option as -x=TCPIP,IPX. You cannot turn off the TCP/IP protocol for a gateway.
-Y
Installs the endpoint without confirmation. By default, this command identifies the actions that must be taken to perform the installation and requests confirmation before continuing. Using this option, the command identifies the actions and performs the installation without requesting confirmation.
host [user_account password]
Specifies the name of the machine on which the endpoint is installed. If you specify only the host name, the root or Administrator account is used. You are prompted for the password. You can specify a different user account and password by enclosing the three entries in single quotation marks. For example, you might enter the following: 
winstlcf 'vernon DOMAIN-NT\chris d1n0mite'

If the Windows domain and the local computer use the same user_account name (such as Administrator), you must specify the fully qualified name for the account, as in the preceding example. Quotation marks are necessary when specifying fully qualified user accounts.

Authorization

No Tivoli authorization role is required except when the -N option is specified. To use the winstlcf command and -N option, you must have the super, senior, or admin role.

Examples

  1. The following example installs the endpoint software on a UNIX workstation vernon, sets the locale to French, and starts the endpoint daemon (lcfd). The winstlcf command uses the root account and prompts for the root password on vernon. The installation image is placed in the default directory. The endpoint starts with the default configuration. 
    winstlcf -C fr vernon
  2. The following example installs the endpoint software on a Windows workstation olympus and starts the endpoint service. The winstlcf command uses the Administrator account and prompts for the Administrator password on olympus. The installation image is taken from a Windows proxy fuji (a previously installed endpoint in the Windows domain). The software is installed in the default directory on olympus. The endpoint starts with the default configuration. 
    winstlcf -N fuji olympus
  3. The following example installs the endpoint on a Windows workstation in a directory other than the default directory. In this example, the endpoint is installed on workstation bonnell on drive D with the share name steve. For instances where the share name of the destination drive is not the default name (D:\ = D$), use the -d to specify the directory (D:\tivoli\lcf), and use the -S to specify the share name (steve). 
    winstlcf -N pctmp107 -d D:\tivoli\lcf -S steve bonnell
  4. The following example installs the endpoint software on workstation myoung. The endpoint performs its initial login through IP address 123.45.1.12. 
    winstlcf -g 123.45.1.12 myoung
  5. The following example installs the endpoint on workstation bbunny and passes configuration options to the lcfd command to use when it starts the endpoint. In the example, -g cedar+1616 specifies the gateway and port that the endpoint contacts for initial login, and -Dlcs.machine_name=bbunny-ep assigns a specific name to the endpoint. 
    winstlcf -L "-g cedar+1616 \
-Dlcs.machine_name=bbunny-ep" bbunny
  6. The following example installs machines cedar and mahogany as endpoints. The installation process prompts for a global root password, but does not prompt for confirmation before installing. 
    winstlcf -P -Y cedar mahogany
  7. The following example installs multiple endpoints from the endpt.txt file. The installation process does not prompt for password or installation confirmation. The software is installed in the /usr/lcf directory. 
    winstlcf -f endpt.txt -Y -d /usr/lcf
  8. The following example installs the Windows endpoint antonella on the computer system agodino using IPX to connect to the NetWare gateway lux using the endpoint vernon as a proxy. 
    winstlcf -x IPX -N vernon -g LUX+7787 -n antonella agodino
  9. The following example installs an endpoint on machine oak using an encrypted SSH connection from a Windows managed node . 
    /usr/bin/perl -S winstlcf -j oak
    Note
    To install an endpoint from a Windows managed node using the winstlcf command and -j option, you must launch a Cygwin command prompt and then run the winstlcf command from the version of Perl provided by Cygwin.

See Also

lcfd.sh, wdelep

Copyright © 1996-2008 by Dr. Nikolai Bezroukov. www.softpanorama.org was created as a service to the UN Sustainable Development Networking Programme (SDNP) in the author free time. Submit comments This document is an industrial compilation designed and created exclusively for educational use and is placed under the copyright of the Open Content License(OPL). Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

Standard disclaimer: The statements, views and opinions presented on this web page are those of the author and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

Last modified: October 24, 2008