solaris11 integrated load balancer (1)

How to Enable ILB

Before You Begin

Make sure that the system's role-based access control (RBAC) attribute files have the following entries. If the entries are not present, add them manually.

File name: /etc/security/auth_attr

solaris.network.ilb.config:::Network ILB Configuration::help=NetworkILBconf.html

solaris.network.ilb.enable:::Network ILB Enable Configuration::help=NetworkILBenable.html

solaris.smf.manage.ilb:::Manage Integrated Load Balancer Service States::help=SmfILBStates.html

File name: /etc/security/prof_attr

Network ILB:::Manage ILB configuration via ilbadm:auths=solaris.network.ilb.config,solaris.network.ilb.enable;help=RtNetILB.html

Network Management entry in the file must include solaris.smf.manage.ilb.

File name: /etc/user_attr

daemon::::auths=solaris.smf.manage.ilb,solaris.smf.modify.application

You must set up user authorization for ILB configuration subcommands. You must have the solaris.network.ilb.config RBAC authorization to execute the ILB configuration subcommands listed in ILB Command and Subcommands.

To assign the authorization to an existing user, see Chapter 9, Using Role-Based Access Control (Tasks), in Oracle Solaris 11.1 Administration: Security Services.

You can also provide the authorization when creating a new user account on the system.

The following example creates a user ilbadm with group ID 10, user ID 1210 and with the authorization to administer ILB in the system.

# useradd -g 10 -u 1210 -A solaris.network.ilb.config ilbadmin
The useradd command adds a new user to the /etc/passwd, /etc/shadow, and /etc/user_attr files. The -A option assigns the authorization to the user.

Assume a role that includes the ILB Management rights profile, or become superuser.
You can assign the ILB Management rights profile to a role that you create. To create the role and assign the role to a user, see Initially Configuring RBAC (Task Map) in Oracle Solaris 11.1 Administration: Security Services.

Enable the appropriate forwarding service either IPv4 or IPv6 or both of them.
This command produces no output when successful.

# ipadm set-prop -p forwarding=on ipv4
# ipadm set-prop -p forwarding=on ipv6
Enable the ILB service.
# svcadm enable ilb
Verify that the ILB service is enabled.
# svcs ilb

This entry was posted in Uncategorized. Bookmark the permalink.

Comments are closed.