test

Trusted Solaris Installation and Configuration

Chapter 3 Installing a Workstation

This chapter provides procedures to boot and install a workstation. The procedures cover booting and installing -

The procedures in this chapter should be done on the workstation that is being installed.

Who Does What

Trusted Solaris software is designed to be installed and configured by two people with distinct responsibilities. However, the installation program cannot enforce two-role task division. Task division is enforced by users who can assume Trusted Solaris roles. Since users are not created until after installation, we recommend that an install team of at least two persons be present during the installation of a workstation.

System Installation Step by Step

IA: Boot from Diskette and Install

  1. Insert the Trusted Solaris Device Assistant diskette into the floppy drive.

  2. Choose the install choice of booting from a CDROM.

  3. Insert the Trusted Solaris CDROM in the CD drive.

SPARC: If Solaris workstation is off:

  1. Turn on the system components in the order recommended in the hardware guide.

    Caution - Caution -

    If the workstation starts booting, press L1-A or Stop-A.

  2. If the screen displays the > prompt, enter n and press Return to display the ok prompt.

SPARC: If Solaris workstation is on:

  1. Enter the following commands:


    $ su root
# halt

  2. If the screen displays the > prompt, enter n and press Return to display the ok prompt.

SPARC: If Trusted Solaris workstation is on:

  1. Shut Down the workstation from the TP menu.

  2. If the screen displays the > prompt, enter n and press Return to display the ok prompt.

See "Plan Workstation Hardware and Capacity." for hardware, disk space, and memory requirements.

SPARC: Install from a CDROM

See your hardware manual, such as the Solaris 7 8/99 Sun Hardware Platform Guide for instructions.

To Boot from CDROM

  1. Place the Trusted Solaris CD in the workstation's CDROM drive.

  2. Boot the workstation: 


    boot cdrom

    Note -

    Use the command 


    boot sd(0,6,2)
    for SPARCstation 1 (4/60), SPARCstation 1+ (4/65), SPARCstation SLCTM (4/20), and SPARCstation IPCTM (4/40).

  3. If you are booting from CDROM and with a custom JumpStart diskette, enter: 


     
boot cdrom - install

    Note -

    A space is required between the minus sign and install.

SPARC: Install over the Network

To Boot over the Network

  1. To install from a server on the network, enter: 


     
boot net

  2. To install from a server on the network for a custom JumpStart installation, enter: 


     boot net - install

    Note -

    A space is required between the minus sign and install.

Read Booting Messages

After you type the boot command, the workstation goes through a booting phase where hardware and system components are checked. The following screen provides an example of what you see.


Type b (boot), c (continue), or n (new command mode)
>n
Type help for more information
ok boot cdromRebooting with command: cdrom
Boot device: /sbus/esp@0, 8000000/sd@6, 0:c
File and args:
SunOS Release 5.7 Version Trusted_Solaris_7 [UNIX(R) System V Release
4.0]
Copyright (c) 1983-1999, Sun Microsystems, Inc.
WARNING: clock gained 35 days -- CHECK AND RESET THE DATE!
Configuring the /devices directory
Configuring the /dev directory
Starting OpenWindows...

The following screen provides an example of a custom JumpStart booting sequence. 


Type b (boot), c (continue), or n (new command mode)
>n
Type help for more information
ok boot net - installBooting from: le(0,0,0) - install
2bc00 hostname: sora
domainname: aviary.eco.org
root server: grebe
root directory:
/export/install/trusted_solaris_7_sparc/s0/export/exec/kvm/sparc.sun4c.Trust
ed Solaris_7
SunOS Release 5.7 Version Trusted_Solaris_7 [UNIX(R) System V Release 4.0]
Copyright (c) 1983-1999, Sun Microsystems, Inc.
Configuring the /devices directory
Configuring the /dev directory
Searching for JumpStart directory...using heron:/jumpstart
Starting OpenWindows...
Note -

The booting phase will last for a few minutes.

Answer Installation Questions

The Welcome to Trusted Solaris screen briefly appears, then the screen turns blue-gray and a Trusted Solaris Install Console is displayed in the upper left corner. Messages display in the console during installation.

The Trusted Solaris installation program is running.

See Appendix D, Example Worksheets for sample answers.

Installation Program Questions

--------- System identification starts here---------

  1. Name of workstation

  2. Is it networked?

    1. Its primary network interface

    2. Its IP address

    3. Its Name Service [None for the NIS+ root master] [NIS+ for clients]

    Caution - Caution -

    Do not choose the options Other or NIS; they do not work in the Trusted Solaris environment.

  3. On a subnet?

    1. Its subnet mask

  4. Time zone

  5. Date and time

--------- System identification completed ---------

--------- Searches for JumpStart scripts appear in the upper left console window ---------

  1. Initial Install

    Upgrade is not supported.

  2. Allocate client services?

    Allocate client services if the workstation will serve diskless clients.

    Note -

  3. Select the languages that can be displayed onscreen.

  4. Software group

    1. The groups Core and End User are identical in the Trusted Solaris environment.

    2. Select To Include Solaris 64-bit support

      Note -

      The 64-bit system will be installed, but your system will boot 32-bit if the Flash PROM needs to be upgraded.

      • See "Updating the Flash PROM on the Ultra 1, Ultra 2, Ultra 450, and Sun Enterprise 450 Systems" in Solaris 7 8/99 Sun Hardware Platform Guide for how to upgrade the Flash PROM. You do not need to install the Solaris 7 environment for the PROM upgrade; install the Trusted Solaris 7 environment.

  5. Customize the installation?

  6. Disks to use.

    1. Preserve the format of any of the disks?

    2. Auto-layout file system?

      1. Which file systems to auto-layout?

    3. Customize the size of the partitions? YES, see "Disk Partitioning Hints".

  7. Begin installation.

  8. Reboot?

    After you provide the requested information to the installation program, the actual installation takes from 30 to 60 minutes. The speed of your medium: CDROM, diskette, or net, determines the installation time.

Disk Partitioning Hints

On all workstations, for audit records...

-- Create at least one audit partition named /etc/security/audit/workstation_name.

On all workstations, for users who can assume a role...

-- Create sufficient swap space.

-- Swap space that is double the size of the workstation's memory is a good rule of thumb.

On a standalone system that will be the home directory server...

-- Create an /export/home partition large enough for the users' home directories.

On a standalone system that will not be a home directory server...

-- Create a small /export partition to hold some temporary configuration files. It also serves as a mount point.

On an OS server...

-- Allocate enough space for the clients' root and swap. See the sample worksheet, "OS Server Installation Program Example"

Note -

When you install an OS server, you allocate the disk space that is required for the clients that that server will support. Then, after the OS server is installed, you configure the clients (Chapter 10, Configuring Diskless Clients).

Read the Log

Before reboot, the install log is in /tmp/install_log. After reboot, the install log is in /var/sadm/system/logs/install_log.

  1. Look for successful installation of packages.

  2. Ignore messages of the form:

    WARNING: quick verify of filename; wrong mod time.

Enter a root Password

Caution - Caution -

The workstation must have a root password in order for the root role to work. The root role is required for successful configuration.

    Choose a root password by answering the password prompts. 


    Root password: rootpassword
Re-enter your root password: rootpassword
    Caution - Caution -

    Do not forget the root password. The software cannot be configured without it.

    If you manually reboot your system, type: 


    # 	halt
ok 	boot disk

    Then enter a root password at the prompt.

    Note -

    Users must not disclose their passwords to another person, as that person may then have access to the data of the user and will not be uniquely identified or accountable. Note that disclosure can be direct, through the user deliberately disclosing her/his password to another person, or indirect, e.g. through writing it down, or choosing an insecure password. Trusted Solaris provides protection against insecure passwords, but cannot prevent a user disclosing her/his password or writing it down.

Troubleshooting

Errors you encounter during installation are described and debugged in the Troubleshooting section of the Solaris 7 Installation Collection (see http://docs.sun.com/ab2/coll.241.4).

Complete OS Server Installation

If you installed an OS Server system type, allocated space for diskless clients, and selected the initial installation option, you are not finished.

To Set up Diskless Clients

    Use the Host Manager to complete the setup of these clients, as described in Chapter 10, Configuring Diskless Clients.

    The Trusted Solaris installation program only allocates space for clients during an initial installation. The Host Manager completes client setup by providing their required directories.

Complete Network and JumpStart Installations

For pointers to administration books, see Chapter 11, Where to Find....

To Complete Network Installation

  1. Check that all Trusted Solaris configuration tasks are complete.

    For an overview of individual workstation configuration tasks, see Chapter 6, Configuring a NIS+ Client.