Planning for Operating System Provisioning

Lists the conditions to consider before provisioning.

The following are some of the items to consider before provisioning:

  • Do you need the Enterprise Controller and Proxy Controller installed on Oracle Solaris 11?

  • Do you want to use WAN boot or Dynamic Host Configuration Protocol (DHCP) services to support OS provisioning operations?

  • Do you want to use advanced networking, either IPMP or Link Aggregation, for Oracle Solaris?

  • Do you have OS images available in the library?

  • Do you want to create custom scripts to add to the provisioning job?

    You can create a script to perform a task that is not defined in the OS provisioning or OS Configuration profiles and include it in the OS provisioning job. For example, you might want to change permission levels or disable print capabilities.

  • Do you want to install an Agent Controller on the new operating system for full management capabilities?

  • Do you have networks and IP addresses available for provisioning?

Review the following information to plan for OS provisioning:

  • Enterprise and Proxy Controller Requirements for OS Provisioning

  • Networking for OS Provisioning

  • Using WAN Boot for Oracle Solaris Operating Systems

  • Using Dynamic Host Configuration Protocol (DHCP)

  • Determining the Network Interface to Use

  • Provisioning an OS Using a User-Defined MAC Address

  • Defining IPMP in an OS Configuration Profile

  • Defining Link Aggregation in an OS Configuration Profile

  • Adding Images to Local Software Libraries

  • About NVRAC When Provisioning an OS on a SPARC Platform

  • Creating Custom Scripts

  • Determining Agent Management Mode

Enterprise and Proxy Controller Requirements for OS Provisioning

The operating system that the Enterprise Controller and Proxy Controller are installed on might impact your ability to provision an operating system or Oracle VM Server for SPARC.

If you ever plan on provisioning, patching, or managing Oracle Solaris 11, install the Enterprise Controller and Proxy Controller on systems that are running the Oracle Solaris 11 operating system.

Table 7-2 shows the actions that you can perform based upon which operating system that the Enterprise Controller and Proxy Controller are installed.

Table 7-2 Provisioning Actions Determined by the Operating System on which the Enterprise Controller and Proxy Controller are Installed

Action Enterprise and Proxy Controllers on Oracle Solaris 11 Enterprise and Proxy Controllers on Oracle Solaris 10 Enterprise and Proxy Controllers on Linux

OS Provisioning Oracle Solaris 11

Supported

Not Supported

Not Supported

OS Provisioning Oracle Solaris 11 with JET and DHCP server

JET: Not Supported

Oracle DHCP server: Not Supported

ISC DHCP server: Supported

JET: Not Supported

Oracle DHCP server: Not Supported

JET: Not Supported

Oracle DHCP server: Not Supported

OS Provisioning Oracle Solaris 10

JET Supported

Oracle DHCP server: Not Supported

JET Supported

Oracle DHCP server: Supported

JET: Not Supported

Oracle DHCP server: Not Supported

OS Provisioning Oracle Solaris 10 with JET and DHCP Server

JET: Supported

Oracle DHCP server: Not Supported

JET: Supported

Oracle DHCP server: Supported

JET: Not Supported

Oracle DHCP server: Not Supported

OS Provisioning Linux

Supported

Supported

Supported

Provisioning Oracle VM Server for SPARC

Supported

Supported

Enterprise Controller: Supported

Proxy Controller: Not Supported

Provisioning Oracle VM Server for x86

Supported

Supported

Supported

Note:

To provision Oracle Solaris 10 using JET customization, the Enterprise Controller must be installed on a system that is running an Oracle Solaris operating system.

Networking for OS Provisioning

The target system boots over the network and gets its network configuration and the location of the install server from a DHCP server or WAN boot.

When provisioning an operating system, the Proxy Controller must be attached to the same subnet as the assets that you want to provision. You can use DHCP or WAN boot (Oracle Solaris only). To improve security and bandwidth, consider establishing a provisioning network for OS deployment and a production network for guest management.

When you install a system from the network, you must provide a method of determining the network configuration (IP address and gateway), which server is going to perform the boot and install, and the installation instructions.

Oracle Enterprise Manager Ops Center uses DHCP services or WAN boot to support OS provisioning operations. DHCP servers enable you to obtain the IP configuration and the rest of the information needed on the NIC. You must configure DHCP services on the Proxy Controller on the same subnet as the target systems to support OS provisioning. Configure the DHCP services in the Oracle Enterprise Manager Ops Center user interface, not from the command line. Oracle Solaris 10 uses the Oracle DHCP server with a Proxy Controller that is running Oracle Solaris 10. Oracle Solaris 11 uses an ISC DHCP server.

WAN boot enables you to provision Oracle Solaris 10 or 11 on a SPARC platform across the network. With WAN boot, the software explicitly configures the information in the Open Boot PROM (OBP) and uses WAN boot for installation.

WANBoot has a number of benefits over broadcast-based installation:

  • Not restricted to a single subnet

  • Does not require special DHCP configuration or DHCP helpers

  • Uses standard HTTP and HTTPS protocols, which cross firewalls much more easily than NFS-based package installations.

Using WAN Boot for Oracle Solaris Operating Systems

Provides information about using WAN Boot for Oracle Solaris OS.

The following information is in this section:

  • Overview of WAN Boot

  • Requirements for a WAN Boot Connection

  • Checking OBP Support for WAN Boot on the Client

  • Setting Up a WAN Boot Connection

  • Disabling and Enabling WAN Boot

Overview of WAN Boot

The WAN boot installation method enables you to boot and install software over a wide area network (WAN) by using HTTP. By using WAN boot, you can install the Solaris OS on SPARC based systems over a large public network where the network infrastructure might be untrustworthy.

You can use WAN boot with security features to protect data confidentiality and installation image integrity.

WAN boot is the default connection for Oracle Solaris 11 provisioning. Oracle Solaris 11 provisioning does not use a Flash Archive (FLAR) image.

Oracle Solaris 10 provisioning can use a WAN boot or DHCP connection. For Oracle Solaris 10, you need a FLAR to use WAN boot. When you do not use the FLAR, you must enable DHCP before you can provision.With a WAN boot connection, Oracle Solaris 10 provisioning enables you to provision a FLAR image on a SPARC system using an HTTP web server. WAN boot installation is useful when DHCP does not meet your organization's security policies or you have SPARC-based systems that are located in geographically remote areas and you need to install servers or clients that are accessible only over a public network. Because WAN boot uses an HTTP server, it works across your corporate firewall and does not require DHCP or a JumpStart boot server to be on the same network as the client systems.

The WAN boot installation method uses port 5555 and HTTP to boot and install software on SPARC-based ILOM, ALOM, or M-series systems over a wide area network (WAN). For Oracle Solaris 11, you can edit the SMF service to change the default port from 5555 to another port. See the Oracle Enterprise Manager Ops Center Administration Guide for how to reconfigure the default WAN boot port.

The WAN boot security features protect data confidentiality and installation image integrity over a large public network where the network infrastructure might be untrustworthy. You can use private keys to authenticate and encrypt data. You can also transmit your installation data and files over a secure HTTP connection by configuring your systems to use digital certificates. For more information about secure WAN boot installation configuration, see the Security Configurations Supported by WAN Boot section of the Oracle Solaris 10 10/09 Installation Guide: Network-Based Installations document at http://docs.oracle.com/cd/E19253-01/821-0439/wanboottasks2-30/index.html.

Note:

WANBoot is not available on older hardware.

Requirements for a WAN Boot Connection

The following are required to use WAN boot with Oracle Enterprise Manager Ops Center:

  • Oracle Solaris 11

    • The target is a SPARC ALOM-CMT, ILOM-SPARC or M-Series platform that has a supported OBP or XCP. For M-Series, the XSCF Control Package (XCP) file should be at least version 1082. The XCP file contains the hardware's control programs and includes the XSCF firmware and the OpenBoot PROM firmware.

    • The Enterprise Controller is installed on an Oracle Solaris operating system. You can use a SPARC or x86 platform for the Enterprise Controller.

    • WAN boot is enabled for Oracle Solaris 11 in Administration.

    Note:

    When the target does not have the required OBP firmware version, the Oracle Solaris 11 provisioning profiles do not appear in the target list for the server.

  • Oracle Solaris 10

    • The target is a SPARC (ALOM-CMT, ILOM-SPARC or M-Series) and has the minimum OBP or XCP version

    • Use a FLAR image. WAN boot is only supported in Oracle Solaris 10 if you use flash archives. ISO images require DHCP.

    • The Enterprise Controller is installed on an Oracle Solaris operating system. You can use a SPARC or x86 platform for the Enterprise Controller.

    • WAN boot is enabled for Oracle Solaris 10 in Administration.

    • The target has the required OBP firmware installed.

    Note:

    When the target does not have the required OBP firmware version, Oracle Solaris 10 provisioning reverts to a DHCP connection, or OBP/XCP versions + if an ISO is used.

  • Verify that the /opt/SUNWjet/etc/server*interface* file on the Proxy Controller is updated to use the Proxy IP to target the network.

Checking OBP Support for WAN Boot on the Client

To determine if your client system has a WAN boot-enabled PROM, check the client Open Boot PROM (OBP) for WAN boot support.

  1. Log in to a terminal window as root.
  2. Enter the following to check the OBP configuration variables for WAN boot support:

    # eeprom | grep network-boot-arguments

  3. The OBP supports WAN boot installations when the variable network-boot-arguments appears, or when the command returns the output network-boot-arguments: data not available. For example:

    # eeprom | grep network-boot-arguments

    network-boot-arguments: data not available

  4. If the command in Step 2 does not return any output, the OBP does not support WAN boot installations. Use Firmware Provisioning to update the OBP to the required level.

Setting Up a WAN Boot Connection

When Oracle Enterprise Manager Ops Center is installed on an Oracle Solaris operating system, the Enterprise Controller is automatically configured to be a WAN boot server.

Oracle Solaris 11 uses WAN boot. For earlier versions of Oracle Solaris, WAN boot is the default connection for provisioning when the requirements are met and you choose to use a FLAR image. When you launch an OS provisioning on an eligible SPARC-based system and you choose a FLAR image, the software automatically uses WAN boot. If you have a group of systems to provision, the software determines whether to use WAN boot or DHCP for each system.

Disabling and Enabling WAN Boot

WAN boot is automatically installed and enabled when the Enterprise Controller is running on an Oracle Solaris operating system. You can disable or enable WAN boot in the Enterprise Controller configuration file.

Perform the following steps to disable and enable WAN boot:

  1. Expand the Administration section in the Navigation pane, then click Enterprise Controller.
  2. Click the Configuration tab.
  3. Select OS Provisioning from the Subsystem menu.

    Figure 7-2 Enterprise Controller's Configuration Tab

    Description of Figure 7-2 follows
    Description of "Figure 7-2 Enterprise Controller's Configuration Tab"
  4. Scroll down to the WAN boot property:

    • For Oracle Solaris 11, see the following property: usesS11WANBoot.

    • For Oracle Solaris 10, see the following property: usesS10WANBoot.

    When true appears in the value column, WAN boot is enabled, as shown in Figure 7-3.

    Figure 7-3 WAN Boot Configuration

    Description of Figure 7-3 follows
    Description of "Figure 7-3 WAN Boot Configuration"
  5. (Optional) To disable WAN boot, change the value for the property to false.
  6. (Optional) To enable WAN boot, change the value for the property to true.

Using Dynamic Host Configuration Protocol (DHCP)

DHCP dynamically assigns IP addresses to devices on a network. A typical OS provisioning job requires an installation server and a DHCP server on the same subnet as that of the client systems. A JumpStart boot server must be on the same subnet as that of the client systems.

Before you can provision, you must configure DHCP services on the Proxy Controllers. You can use basic DHCP services, with or without defined subnets, or an external DHCP server. See the Oracle Enterprise Manager Ops Center Administration Guide for information about how to configure DHCP and subnets for OS provisioning.

Note:

Oracle Solaris 10 supports an Oracle Solaris DHCP server. The external DHCP-related files are copied only if the Proxy Controller is running on an Oracle Solaris 10 operating system.

Oracle Solaris 11 only supports an ISC DHCP server.

Verify that the Dynamic Host Configuration Protocol (DHCP) services are enabled on Proxy Controllers. You cannot create a profile or assign any network if the DHCP services are not enabled. The Install Server option to provision an OS on a server is not enabled if the DHCP is not enabled on any of the interfaces.

Determining the Network Interface to Use

The OS Configuration profile lets you define all network interfaces you want to use on the operating system. As part of the OS Configuration profile for Oracle Solaris, you have the option to establish Link Aggregation or IPMP network interfaces that the target system will use after the operating system is configured.

The OS Configuration profile lets you define all network interfaces you want to use on the operating system. When you use an on board interface for the provisioning network, you can pair the network with option card interfaces for Link Aggregation. Before you provision, you must know your network architecture. For example, the PCIe slot and Netn connection. Figure 7-4 is an example of the PCIe slots on a T4-4 server.

Figure 7-4 PCIe Slots on a T4-4 Server

Description of Figure 7-4 follows
Description of "Figure 7-4 PCIe Slots on a T4-4 Server"

You can use a built-in network interface or a network that is connected to a specific port on a network interface card (NIC). This information is not available from the Oracle Enterprise Manager Ops Center UI. You must contact your network administrator for the details.

The OS Configuration profile lets you define one or more interfaces. When you specify the network interfaces, you select an interface for the controller from a list of 32 interfaces. The 32 interfaces that appear in the wizard are all possible network interfaces, not available interfaces. Your network administrator can give you the list of available networks and interfaces. As shown in Figure 7-5, the primary interface is net_0 and is the boot interface in the OS Configuration profile. Always define the first interface that appears in the table as the boot interface. You can change the primary interface to a different network when you apply the plan.

Figure 7-5 Specify Network Interfaces in the OS Configuration Profile

Description of Figure 7-5 follows
Description of "Figure 7-5 Specify Network Interfaces in the OS Configuration Profile"

The Boot Interface Resources Assignments page in the OS Configuration profile lets you provide the network resources and host name for each target. By default, the first network listed is the IP address and host name for the primary boot interface. If you do not enter a host name, your DNS server provides the name.

As shown in Figure 7-6, you specify the network resources for the boot interface of each target when you apply the plan, including assigning the network and the IP address for each target. Instead of using the network interface (NIC) to perform an OS provisioning job, you can provide a MAC address for the service processor. When you provide the MAC address, the DNS server provides the host name.

Figure 7-6 Assign Boot Interface Resources in the Deployment Plan

Description of Figure 7-6 follows
Description of "Figure 7-6 Assign Boot Interface Resources in the Deployment Plan"

Note:

When you apply the plan, the OS Configuration provides a list of available tagged and untagged networks for the boot interface. However, OS provisioning cannot boot from a tagged network and the networks will only be configured in untagged mode.

You can change the networking when you apply a plan that includes OS provisioning, including changing the primary interface to a different interface for a specific target. The flexibility in defining networking is useful when you want to perform OS provisioning and boot on a backup or provisioning network, but you need the host name to match the primary interface. The first listed interface in the OS Configuration profile is the primary interface and is the interface to use when setting the system host name. You can set a second network interface to be the boot interface.

As shown in Figure 7-7, the deployment plan gives you the opportunity to define which network is the primary network when you have multiple network interfaces.

Figure 7-7 Network Resource Assignments in the Deployment Plan

Description of Figure 7-7 follows
Description of "Figure 7-7 Network Resource Assignments in the Deployment Plan"

Refreshing the Oracle Solaris 11 Service

Oracle Enterprise Manager Ops Center creates an Oracle Solaris 11 installadm Automated Installer service when you first configure the Proxy Controller.

If the service is not created during configuration, the software creates the service when you run the first Oracle Solaris 11 OS provisioning job. The service creates and updates the Oracle Solaris 11 Image Packaging System (IPS), which contains the packages that you need to install, provision, and update your Oracle Solaris 11 operating system.

The Oracle Solaris 11 installadm service creates and adds the existing network interfaces in the /var/ai/ai-webserver/listen-addresses.conf. When you add a new network interface, you must refresh the installadm service to enable Oracle Solaris 11 AI service access on that interface.

Note:

When you add a new network interface, run the svcadm refresh system/install/server command to refresh the service to enable Oracle Solaris 11 AI service access on that interface. Use the installadm list and the other options for installadm to check the status. See the Oracle Enterprise Manager Ops Center Command Line Interface Guide for more details.

You cannot use new interfaces to provision or update Oracle Solaris 11 until you refresh the service.

Provisioning an OS Using a User-Defined MAC Address

Instead of using the IP address and NIC to perform an OS provisioning job, you can provide a MAC address for the service processor.

To view the MAC address, expand Assets in the Navigation pane, then select the service processor. The MAC address appears on the right side of the Summary section of the Dashboard tab, as shown in Figure 7-8.

Figure 7-8 Dashboard Page Showing MAC Address

Description of Figure 7-8 follows
Description of "Figure 7-8 Dashboard Page Showing MAC Address"

Special OS Provisioning and OS Configuration profiles are not required to use a MAC address for provisioning an operating system When you apply a plan that includes the OS Provisioning and OS Configuration profiles, you step through the plan to verify the configuration and provide final information before starting the job.

The Boot Interface Resources Assignments page lets you provide the network resources and host name for each target. By default, the first network listed is the IP address and host name for the primary boot interface. Alternatively, you can choose to provide the MAC address. Click Identify Network Interface by MAC Address to display the MAC Address field, as shown in Figure 7-9. Enter the MAC Address and the IP Address. When you provide the MAC address, the DNS server provides the host name.

Figure 7-9 Boot Interface Resource Assignments Using MAC Address

Description of Figure 7-9 follows
Description of "Figure 7-9 Boot Interface Resource Assignments Using MAC Address"

Defining IPMP in an OS Configuration Profile

IP multipathing (IPMP) groups provide network failover for your Oracle Solaris operating system, Oracle VM Server for SPARC system, and guests. Use IPMP to improve overall network performance by automatically spreading out outbound network traffic across the set of interfaces in the IPMP group.

You can configure one or more physical interfaces into an IPMP group. After configuring the IPMP group, the system monitors the interfaces in the IPMP group for failure. If an interface in the group fails or is removed for maintenance, IPMP migrates, or fails over, the failed interface's IP addresses. The failover feature of IPMP preserves connectivity and prevents disruption of any existing connections. The network access changes from the failed interface to the standby interface in the IPMP group and the data address of the failed interface migrates to the standby interface. See IP Multipathing Groups and Creating IPMP Groups for more information about IPMP groups.

Defining Link Aggregation in an OS Configuration Profile

Link aggregation, as defined in the IEEE802.3ad standard, is an Oracle Solaris feature that enables you to pool several datalink resources into a single logical link to improve network performance and availability.

Figure 7-10 is an example of a link aggregation configured on a system. The aggregation, aggr1, has three underlying datalinks, net0, net1, and net2. The datalinks are dedicated to serving the traffic that traverses the system through the aggregation.

Figure 7-10 Link Aggregation

Description of Figure 7-10 follows
Description of "Figure 7-10 Link Aggregation"

In an aggregated link, two or more NICs form a group and all members of the link aggregation provide network access at the same time. In addition to the high availability and load balancing that an IPMP group provides, an aggregated link can provide increased throughput when the network ports are also aggregated.

Link aggregation has the following features:

  • Increased bandwidth: The capacity of multiple links is combined into one logical link.

  • Automatic failover and failback: By supporting link-based failure detection, traffic from a failed link is failed over to other working links in the aggregation.

  • Improved administration: All underlying links are administered as a single unit.

  • Less drain on the network address pool: The entire aggregation can be assigned one IP address.

  • Link protection: You can configure the datalink property that enables link protection for packets flowing through the aggregation.Resource management: Datalink properties for network resources as well as flow definitions enable you to regulate applications' use of network resources.

When you create an OS Configuration profile, link aggregation is a networking option that is available for Oracle Solaris and Oracle VM Server for SPARC. To define link aggregation networking, you must define a load balancing policy and a MAC address policy.

Aggregated interfaces are treated as a single network interface. Oracle Enterprise Manager Ops Center includes any link aggregations in the list of available NICs, as if the link aggregation were an individual interface. To assign a network with a link aggregation to an Oracle VM Server or global zone, select the link aggregation from the NIC list. You can view the link aggregation details on the Oracle VM Server's or global zone's Network tab.

Load Balancing Policy

Load balancing policy determines the outgoing link by hashing the header of each packet.

  • L2: Determines the outgoing link by hashing the MAC (L2) header of each packet

  • L3: Determines the outgoing link by hashing the IP (L3) header of each packet

  • L4: Determines the outgoing link by hashing the TCP, UDP, or other ULP (L4) header of each packet

Link Aggregation Control Domain (LACP)

If the aggregation topology involves a connection through a switch, determine whether the switch supports LACP. When the switch supports LACP, you must configure LACP for the switch and the aggregation.

  • LACP Mode: Select No when the switch does not support LACP. When the aggregation topology involves a connection through a switch that supports LACP, configure LACP for the switch and the aggregation and define whether LACP runs in Active or Passive mode.

  • LACP Timer: Define the timer as either Short or Long.

MAC Address Policy

You can use Auto or Fixed MAC address of any network interface in the Link Aggregation

  • Auto: Use MAC address of any network interface in the Link Aggregation

  • Fixed: Use MAC address of a specific network interface. Select the network interface to use in the next step.

Link aggregations perform similar functions as IPMP to improve network performance and availability.

When interfaces are aggregated, they are treated as a single network interface. Oracle Enterprise Manager Ops Center displays the link aggregation in the list of available NICs as if it were an individual interface. You can assign a network with a link aggregation to a non-global zone, and select the link aggregation from the NIC list.

Adding Images to Local Software Libraries

You can add images and supporting metadata using Upload ISO Image, Import Image, and Download OS Image.

The images and supporting metadata that you use to provision and update operating systems are stored in software libraries, as shown in Figure 7-11.

Figure 7-11 Software Libraries

Description of Figure 7-11 follows
Description of "Figure 7-11 Software Libraries"

The software libraries shown in Figure 7-11 are created when you install Enterprise Manager Ops Center:

  • Oracle Solaris 11 Software Library: Acts as a local copy of the Oracle Solaris 11 Image Packaging System (IPS) repository. This library contains the packages to install, provision, and update Oracle Solaris 11 operating systems.

  • Linux, Oracle Solaris 8-10 Software Library: Contains Knowledge Base metadata, operating system package and patch content for Linux and Oracle Solaris and operating systems.

  • Initial EC Library: Stores the operating system (and firmware) images that you download.

You can use the following methods to add images:

  • Upload ISO Image: Copies the ISO image from a system's web browser to the library.

  • Import Image: Copies the ISO or FLAR from a file system location on the Enterprise Controller system to the library.

  • Download OS Image: Downloads the OS image from My Oracle Support to the library.

About NVRAC When Provisioning an OS on a SPARC Platform

When you run an OS provisioning job on a SPARC machine, Oracle Enterprise Manager Ops Center resets the configuration to the factory default configuration and removes the user-defined commands that are executed during start-up and that are stored in the NVRAMRC file in the non-volatile RAM (NVRAM).

The Control Domain OS Provisioning profile does give you the option to preserve the information in the NVRAMRC file.

Creating Custom Scripts

You can create a script and reference the script in the OS Provisioning profile. When the script is saved in a directory that the Enterprise Controller can access, Oracle Enterprise Manager Ops Center deploys the script as part of the provisioning job.

You can save scripts in a local directory of the Enterprise Controller, or in a directory that the Enterprise Controller mounts using NFS.

You cannot use custom scripts when provisioning Oracle Solaris 11.

Determining Agent Management Mode

You can manage an operating system in one of two modes: agent managed or agentless managed. The management mode determines the features that are enabled for your operating system.

When you choose the agent managed mode, you can perform software updates and create operating system reports. When you choose agentlessly managed, SSH credentials are required to monitor the operating system. You can change the management mode after the OS is provisioned.

Agent managed is the more robust management mode because the Agent Controller enables a greater level of communication with the Proxy Controller and Enterprise Controller than the agentless managed operating systems. You can use the features and perform the actions described in this chapter with an agentless managed operating system, but OS update functionality requires an agent managed operating system. You can manage your operating systems by installing an Agent Controller on the OS or by using SSH to perform tasks.