Installing Solaris using LCFG

Author: Craig Strachan
Updated and transferred to wiki by Chris Cooke in July 2007

We now have the ability within Informatics to configure workstations running the Solaris 9 operating system through LCFG, the mechanism used to configure the school's linux based workstations. This document describes the steps which need to be followed in installing a Solaris workstation configured via LCFG.

Description of the Process

A bare-bones version of Solaris 9 is installed using Solaris' jumpstart mechanism. As part of this install, an lcfg install script is copied to the new machine's disk and is run after the newly installed machine is rebooted. This lcfg install script installs the LCFG and Informatics specific parts of the operating system. At the end of the scripts run, the script is deleted, and the workstation is rebooted, hopefully coming up as a fully LCFG configured workstation.

Where Everything is

The main install server is roc and it sits on wire-at1 (the Appleton Tower Infrastructure wire, 129.215.202). If the workstation to be installed is sitting on a different subnet, jumpstart requires that a boot server be installed on that subnet. So far, boot servers have been installed for wire-144 (BP infrastructure, 129.215.144) on hippocampus and for wire-s (129.215.216, KB infrastructure) on sphinx. Though it is theoretically possible for a linux workstation to act as a boot server, this theory has not as yet been put to the test. The procedure for installing a new boot server is detailed below.

All of the files necessary for the purely Solaris part of the installation are held in roc's /export directory tree. The important elements of this tree are /export/install/Solaris_9 which contains the Solaris 9 distribution, and jumpstart which contains the jumpstart related files.

The LCFG related files are held on the software master server pezenas in /disk/rpms/master/packages. This directory is automounted as /repository on all LCFG Suns. There are three directories, SUNW for packages provided by Sun but which are not part of the initial install, SFW for packages which support LCFG but are not part of the LCFG system (the name stands for Sun FreeWare, the site where many (but not all) of these packages comes from) and LCFG for packages which are part of the LCFG system.

Step 1 - The LCFG Profile

The LCFG profile should include dice/os/solaris9.h and a hardware header such as dice/hw/sun_blade_100.h. After this, the LCFG profile is pretty much like any Linux one.

An example LCFG profile follows:

#include <dice/os/solaris9.h>
#include <dice/hw/sun_blade_100.h>

/* include option headers here if desired
#include <dice/options/server.h>
#include <dice/options/nfs-server.h>
#include <dice/options/quotas.h>
#include <dice/options/rmirror.h>
#include <dice/options/rsync.h>
*/

/* include the correct wire header for your network */
#include <live/wire_s.h>

dhclient.mac       0:3:ba:8:7c:12

/* Disk layout information */

!fstab.disks         mSET(c0t0d0)
fstab.partitions_c0t0d0      c0t0d0s0 c0t0d0s1
fstab.mpt_c0t0d0s0      /
fstab.mntopts_c0t0d0s0      logging
fstab.size_c0t0d0s0      free
fstab.mpt_c0t0d0s1      swap
fstab.size_c0t0d0s1      256

/* Inventory information */

inv.sno         TT12425318
inv.allocated      cc
inv.location      JCMB-2420
!inv.manager      mSET(cc)

/* End of file */

Note that the fstab component does not actually run on Solaris workstations. The fstab tags are used to generate a jumpstart profile for the workstation before the install begins.

Step 2 - Add an Entry to the Rules File

Log onto roc and become root. cd to /export/install/jumpstart. Edit the file named rules and add the following:

hostname troll                        \
scripts/start.lcfg         =       scripts/finish.lcfg

hostname troll.inf.ed.ac.uk                        \
scripts/start.lcfg         =       scripts/finish.lcfg

This assumes of course that the workstation you are installing is called troll. The '=' tells jumpstart to use a profile generated by the start.lcfg script. After editing the rules file, run the script check (no arguments are needed) in the same directory. Assuming that no errors are detected, we can move onto the next stage.

Step 3 - Various Files

We have not yet reached the stage where all configuration files on Solaris machines are generated via LCFG and so it is necessary to install some of these files via jumpstart. The files in question are /etc/defaultdomain, /etc/nsswitch.conf, /etc/krb5/krb5.conf, /etc/pam.conf and /etc/krb5/krb.keytab. In addition, a temporary nsswitch.conf used for initialising LDAP is also needed. We also need to modify the /etc/hosts file.

A brief description of the mechanism the Informatics jumpstart setup uses for modifying files is probably in order at this point. The /export/install/jumpstart/install directory contains 8 directories, append.conf, copy.conf, link.conf, mkdir.conf, mv.conf rm.conf, scripts.conf and slink.conf. Each of these directories permits certain actions to be carried out on the file system of the workstation being installed, for instance append.conf allows text to be appended to files on the target workstation and copy.conf allows files to be copied to the target machine. If a file in a .conf directory has the same name as the workstation being installed, then that file is used to control operations carried out on that machine. If no file matching the machine name is found but a file named common exists in the directory, then that file is used instead. For LCFG installations, we are only concerned with append.conf and copy.conf. Normally, the common file in both directories will do for our purposes, you will only need to create a machine specific file in exceptional circumstances.

The copy.conf/common file looks like this:-

#
#source         destdir         owner   group   mode    comment
#
defaultdomain   /etc            root    other   755     Set NIS domain
nsswitch.conf   /etc            root    other   755
nsswitch.ldap   /etc            root    other   755     Needed for ldap init
krb5.conf       /etc/krb5       root    other   644
pam.conf        /etc            root    other   644     for kerberos
krb5.keytab     /etc/krb5       root    other   600     insecure
system          /etc            root    sys     644     so ntp will work
gsed            /usr/bin        root    other   755     needed for LCFGboot

and should be fairly self explanatory. The only aspect which may not be self evident is where the jumpstart mechanism finds the files which act as the sources for the copy. The answer is /export/install/jumpstart/install/files.

The files directory contains a number of directories and files, each named for an entry in the source field of the *.conf config files. If the entry in the files directory is a file, then that is used as the source for all workstation being installed. If however the entry in the files directory is a directory, then the file with the same name as the workstation being installed is used or failing that, the file named default.

For standard installations, the default entry will serve us in every case but one. The exception is krb5.keytab where an entry for each individual machine must be created. The procedure for doing so is as follows (<hostname> is the host name of the workstation you are installing):

On a DICE machine run the following command:

/usr/kerberos/sbin/kadmin

After typing in your kerberos admin principle, you'll be at the kinit prompt. Type the following:

addprinc -e des-cbc-crc:normal -randkey
host/<hostname>.inf.ed.ac.uk

addprinc -e des-cbc-crc:normal -randkey
hostclient/<hostname>.inf.ed.ac.uk

This creates the workstation's host principle. You'll get a warning about no policy being specified: this can be ignored.

Now you can create the keytab. Type:

ktadd -k /tmp/<hostname>.kt -e des-cbc-crc:normal \
host/<hostname>.inf.ed.ac.uk

ktadd -k /tmp/<hostname>.kt -e des-cbc-crc:normal \
hostclient/<hostname>.inf.ed.ac.uk

Copy /tmp/<hostname>.kt across to harpy and rename it /export/install/jumpstart/install/files/krb5.keytab/<hostname>.

Having the keytab file generally readable is extremely insecure. It is important to delete /tmp/<hostname> as soon as it has been copied across to roc and /export/install/jumpstart/install/files/krb5.keytab/<hostname> as soon as the workstation has installed.

Step 4 - DNS

We now need to put the machine into the DNS tables. This is done as for any other informatics host, i.e. rfe dns/inf and make the appropriate entry.

Step 5 - Check the sysidcfg File

Each bootserver has a file called sysidcfg in its /export/install/jumpstart directory. This file controls such matters as which nameserver and default router the installed machine will use. It also sets the root password. If you are using a newly installed boot server, you will have to make sure that the sysidcfg file contains the proper entries. A typical sysidcfg file looks like this:

name_service=DNS
{domain_name=inf.ed.ac.uk
name_server=129.215.202.253}
network_interface=PRIMARY {protocol_ipv6=no
default_route=129.215.202.245
netmask=255.255.255.0}
security_policy=NONE
root_password=<Encrypted root password goes here>
system_locale=en_GB.ISO8859-1
terminal=vt100
timezone=GB
timeserver=localhost

Step 5 - Adding the Workstation to the Boot Server

The final step is to set up the boot server to recognise the workstation which is to be installed. The first step is to add an entry for the workstations MAC address in the boot server's /etc/ethers file. It's advisable to add entries for both the short and full name of the workstation. Finally cd to /export/install/Solaris_9/Tools on the boot server and as root run the following command:

./add_install_client -s <install_server>:/export/install -c <install_server>:/export/install/jumpstart -p <bootserver>:/export/install/jumpstart <hostname> sun4u

Where <hostname> is the name of the workstation you are installing. sun4u is the architecture of the workstation, it seems unlikely that you will be installing a workstation which isn't a sun4u.

To check that all has gone well, take a look at the contents of the /etc/bootparams file on the boot server. It should contain an entry for your workstation which looks like this:

<workstation_name>.inf.ed.ac.uk
root=<boot_server>:/export/install/Solaris_9/Tools/Boot \ 
install=<install_server>.inf.ed.ac.uk:/export/install boottype=:in \ 
sysid_config=<boot_server>:/export/install/jumpstart \ 
install_config=<install_server>.inf.ed.ac.uk:/export/install/jumpstart \ 
rootopts=:rsize=32768

Step 6 - Install the Workstation!

Power up the workstation and at the PROM prompt type boot net - install. Your workstation should now install! This may take some time (upwards of three hours for a SunBlade 100 for example) since the Sun recommended patch cluster is now installed as the final part of the install.

Appendix 1 - Creating a Boot Server

Should you need to create a boot server on a new subnet, this is the procedure to follow:
  • Mount roc:/export/install on the machine which is to be the new boot server.
    mount roc:/export/install <mntpoint>
    
  • cd <mntpoint>/Solaris_9/Tools
  • ./setup_install_server -b /export/install

You should now be able to use the workstation as a boot server. Remember to create a suitable sysidcfg file.

Appendix 2 - Installation Checklist

This is an abbreviated checklist of the steps needed to install a Solaris machine using LCFG. See above for more details:

  • Create a suitable LCFG profile. Remember to include soldefs.h
  • Add a suitable entry to the /export/install/jumpstart/rules file on the install server. Remember to run the check script.
  • Create the host principle and the keytab for the host on a DICE workstation. Copy the keytab file to /export/install/jumpstart/install/files on the install server. Remember to delete the original.
  • Check that the other files in the /export/install/jumpstart/install/files directory are suitable.
  • Add an entry for the machine you are installing into the boot server's /etc/ethers file.
  • Add the workstation you are installing to the DNS. Give the changes time to propagate.
  • On the bootserver run /export/install/Solaris_9/Tools/add_install_client with suitable arguments.
  • type boot net - install at the boot prompt of the workstation you wish to install.
  • If desired, install the Solstice Backup client. Set the clock to agree with the Kerberos server. Delete the copy of the keytab on the install server.
Topic revision: r2 - 05 Jul 2007 - 08:42:58 - ChrisCooke
 
This site is powered by the TWiki collaboration platformCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
This Wiki uses Cookies