JumpStart Concepts
The JumpStart software enables you to automatically install or upgrade the Solaris operating environment on several systems, and to perform pre-install and post-install tasks that can include installation and setup of additional software such as Sun Management Center.
The Solaris JumpStart software is a client-server application that consists of the following components:
-
Boot server – Provides a mini-root Solaris operating system kernel to the install client using trivial file transfer protocol (tftp). The kernel is architecture-neutral, and provides base services to all hardware supported by the Solaris version running on the boot server.
-
Install server – Provides the software packages, such as the Sun Management Center 4.0 base agent, that are to be installed on the target systems or install clients.
-
Install clients – The target systems on which Solaris and specified software packages, such as the Sun Management Center 4.0 base agent, are to be installed.
-
Profile or configuration server – Provides JumpStart profiles.
A JumpStart profile is a text file that defines how the Solaris operating environment software is to be installed on each install client in a group. The JumpStart profile can be used to specify which software groups to install, and the partition specifications, space allocations, and backup media to be used during software upgrades.
You can create more than one JumpStart profile, such as one for a fresh install of the Solaris operating environment, and another for an upgrade install of the Solaris operating environment. Each JumpStart profile is assigned to one or more install clients using the JumpStart rules file.
For detailed information about creating a JumpStart profile, see “Creating a Profile” in Solaris 9 9/04 Installation Guide.
-
Rules file – Specifies the tasks that are to be performed on an install client, or on a group of install clients. Each rule within the rules file specifies the following items:
-
An install client or group of install clients, consisting of a rule keyword or general system attribute, and a rule value or specific system attribute.
-
An optional begin script, which performs specific tasks before the Solaris operating environment is installed or upgraded
-
The JumpStart profile that is to be applied to each install client or group of install clients.
-
An optional finish script, which performs specific tasks after the Solaris operating environment has been installed or upgraded. A finish script is required to install the Sun Management Center base agent using the JumpStart software.
All install clients on which the Sun Management Center base agent is installed using a specific JumpStart rule will have an identical Sun Management Center configuration. The Sun Management Center root directory, server context, security seed, and SMNPv1 community string are identical.
-
You also need a separate machine, referred to as the prototype machine, on which to generate the Sun Management Center install and setup response files required by the JumpStart finish script.
For detailed information about the JumpStart software, see Solaris 9 9/04 Installation Guide.
System Services Needed
The JumpStart software requires the following system services.
Table 6–1 System Services Required for the JumpStart Software|
Service |
Used for |
|---|---|
|
Network File System (NFS) daemons mountd and nfsd |
Sharing the Solaris operating system image files |
|
rarp |
IP address discovery |
|
bootp |
Host definition and location of shared file systems |
|
tftp |
Transfer of the Solaris initial boot kernel from the boot server to the install client |
JumpStart Process Overview
Deployment of the Sun Management Center 4.0 base agent is performed by the JumpStart finish script, which is run on the install clients. After JumpStart installs the specified Solaris operating environment, the JumpStart finish script installs the base agent on the install client based on the contents of the Sun Management Center install response file.
The finish script also prepares the install client to set up the base agent after the install client reboots, based on the contents of the Sun Management Center setup response file.
The Sun Management Center response files are generated during the Sun Management Center 4.0 command-line installation and setup process on a separate or prototype system. The response files are then copied to the JumpStart profile directory. If needed, you can manually create the install and setup response files directly in the JumpStart profile directory.
JumpStart mounts the install client's file systems on the /a partition. The JumpStart finish script then installs the Sun Management Center base agent by running the Sun Management Center command es-inst -R /a -T /a/target-directory, where target-directory is the name of the directory on the install client in which the agent is installed. For information about the es-inst command and parameters, see es-inst Options
The finish script also creates an rc3.d file that runs after the install client reboots. The rc3.d file sets up the Sun Management Center base agent using the setup response file. When the base agent is set up, the rc3.d file is deleted. Output from the finish script is stored in /var/sadm/system/logs/finish.log.
Security Considerations for Finish Scripts
During Sun Management Center setup, you provided a password to generate the security key, and you provided an SNMP community string. To ensure security, the security key and community string are not stored in the Sun Management Center setup response file.
To successfully install and set up the Sun Management Center base agent on an install client, you must provide the same password that was used to generate the security key in Setting Up Sun Management Center, Step b. You must also provide the same SNMP community string that you specified in Setting Up Sun Management Center, Step c. This can be performed using either of the following two methods.
-
Hard-code the password seed and community string in the JumpStart finish script.
This method presents a security risk because the security password seed and the community string are visible in the finish script. The security risk can be reduced, but not eliminated, by setting the finish script file permission to 400.
-
Configure the JumpStart finish script so that the password seed and community string are manually entered on the install client during base agent setup.
The finish script can be configured to prompt for the security password seed and SNMP community string responses on the install client. The answers are stored as variables in a temporary finish script. When the install client is rebooted, the rc3.d script executes the temporary finish script, and then restores the original finish script.
This method requires you to manually enter the security password seed and community string at each install client.
Caution – This method does not validate the password seed or the community string. Communication between the agent and server will fail if you enter the wrong password seed or community string. If base agent setup fails on any install client, or if the agent fails to communicate with the Sun Management Center server, you have to run es-setup -F individually on each install client.
Examples of JumpStart finish scripts for both methods are provided in To Create the JumpStart Finish Script.
- © 2010, Oracle Corporation and/or its affiliates