test

Trusted Solaris Installation and Configuration

Chapter 7 Preparing to Install Trusted Solaris Over a Network

A typical way to install Trusted Solaris software is to use the installation program to copy the Trusted Solaris CD to the workstation's disk. However, it is uncommon at most sites for every workstation to have its own local CDROM drive.

When a workstation does not have a local CDROM drive, you can perform a network installation. Network installation means that you install software over the network -- from a workstation with the Trusted Solaris CD image on its hard drive to a workstation without a CDROM drive.

Servers Required for Network Installation

Workstations that install Trusted Solaris software over the network require the following servers:

Diskless clients that boot Trusted Solaris software over the network also require:

Setting up Network Installation

To set up your site to install Trusted Solaris software over the network with little user intervention requires the following procedures:

  1. Before configuring servers for network installation, finish the procedure:

    Result: The NIS+ root master has the IP address and name of every workstation to be installed in its hosts file and their IP address and host type in its tnrhdb.

  2. Copy the Trusted Solaris CD image to an install server:

    Result: The Trusted Solaris 7 image and booting software is available for network install.

  3. Add client information such as timezone, and platform group to a network server:

    Result: The Trusted Solaris 7 installation program system identification questions can be answered without user interaction.

  4. Create a boot server for any subnets:

    Result: Clients on the boot server's subnet can be installed from the install server, and get important client information from the boot server.

To set up your site to install Trusted Solaris software on workstations over the network with no user intervention, you add JumpStart information:

Commands You Should Know About

The following commands and actions enable network installation.

setup_install_server

A script that copies all or part of the Trusted Solaris CD onto a server's local disk. This enables you to perform network installations from the install server's disk. See the setup_install_server(1M) man page for more information.

add_install_client

A script that adds client information to a boot server. See the man page add_install_client(1M) for details.

Host Manager

A graphical user interface that is available from the Solstice_Apps folder. You can use Host Manager to specify client information for network installation.

mount

A command that shows mounted file systems, including the Trusted Solaris CD file system. See the mount(1M) page for more information.

uname -m

A command for determining a workstation's platform group (for example, sun4m). This information is required during network installation. See the uname(1) man page for more information.

reset

A command for resetting the terminal settings and display. It is sometimes useful to use reset before booting. Or, if you boot and see a series of error messages about I/O interrupts, press the L1 or STOP and A keys at the same time, and then enter reset at the ok or > PROM prompt.

banner

A command for displaying workstation information, such as model name, Ethernet address, or memory installed. Available only from the ok or > PROM prompt.

Create an Install Server

To install workstations over the network, you must have an install server -- a workstation with Trusted Solaris software copied to its local disk. Users who can assume the roles admin, secadmin, and root should be present.

A workstation configured as a NIS+ client can be made into an install server. It must have a local CDROM drive.

Prerequisites:

  1. Log in as a user who can assume the role root and assume it.

  2. As root, at label admin_low, allocate the CDROM drive, and mount it:


    Do you want cdrom_n mounted: (y,n)? y

    See "To Allocate a Device" if you are unsure of the steps.

  3. As secadmin, at label admin_low, add the /cdrom/cdrom0/setup_install_server command to the root role's profile.

    For the full procedure, see "To Add a Command to a Role's Profile".

  4. As root, at label admin_low, verify that the command is available to you.

    For the full procedure, see "To Verify That a Command is in a Role's Profile".

  5. As root, in the same terminal where the setup_install_server command was verified, change to the cdrom0 directory.


    # cd /cdrom/cdrom0

  6. Use the setup_install_server command to copy the contents of the CDROM to a permanent location on the install server.


    # ./setup_install_server install_dir_path

    In this command,

    install_dir_path

    Specifies the directory where the Trusted Solaris CD image will be copied. You can substitute any directory path.

    For example, the following command copies the Trusted Solaris CD image from the Trusted Solaris CD to the /export/install/ts7_sparc directory on the local disk:


    ./setup_install_server /export/install/ts7_sparc

    The copying takes approximately 30 minutes, depending on the speed of your CDROM drive.

    Note -

    The setup_install_server command indicates if there is not enough disk space for the Trusted Solaris CD image. Use the df -kl command to determine available disk space.

  7. If there are no boot servers to install, as secadmin at label admin_low, remove the /cdrom/cdrom0/setup_install_server script from the Custom Root Role.

    For the procedure, see "To Remove a Command from a Role's Profile".

  8. As root, at label admin_low, deallocate the drive and remove the CDROM.

    See "To Deallocate a Device" if you are unsure of the steps.

Result: The workstation now has the Trusted Solaris CD image on its local disk.

Set the Default Date and Time

Note -

This procedure is optional for network install, but required for custom JumpStart.

  1. Log in to a Trusted Solaris workstation as a user who can assume the role admin.

  2. As role admin, at label admin_low, open the Hosts database using the NIS+ naming service.

    See "To Open and Modify a Solstice_Apps Database" if you are unfamiliar with the steps.

  3. Select the NIS+ root master and press the Return key.

  4. Add timehost as a value of the NIS+ root master's Aliases field.

    The entry will look like:


      
NIS+_master_host_name IP_address  loghost timehost

  5. Exit the database.

    Result: The date and time will be automatically set during install.

  6. Continue with "Add Client Information for a Network Install".

Add Client Information for a Network Install

Once you have an install server set up, you then provide basic system information about the workstations (hosts) that you are going to install. You also add the Trusted Solaris configuration information.

You have a choice of two methods for entering the information:

Add Client Information Using the Host Manager

  1. On the install server, log in as a user who can assume the role admin.

  2. As role admin, at label admin_low, launch the Host Manager using the NIS+ naming service.

    See "To Open and Modify a Solstice_Apps Database" if you are unfamiliar with the steps.

  3. If the workstation already exists, select it in the Host Manager main window, choose Edit > Convert > Standalone.

  4. If the workstation does not already exist, add it by choosing Edit > Add.

  5. For each workstation, fill out the host information.

    1. Enable remote install.

    2. Complete all fields up to the Boot Server.

    3. Click the OK button.

      Table 7-1 Adding Host Information in Host Manager

      Entry 

      Value 

      Host Name 

       

      IP Address 

       

      Ethernet Address 

       

      System Type 

       

      Timezone Region 

       

      Timezone  

       

      Remote Install 

      4 Enable Remote Install

      Install Server 

      install_server_name (entered for you)

      Set Path 

      /export/install/ts7_sparc (sample)

      OS release 

      Choose client's platform group and software cluster

      Boot Server 

       

      boot_server_name (if separate server)

      path to boot file

       

      Profile Server 

      Enter JumpStart directory (for Custom JumpStart).

  6. If the Ethernet address field was not filled in, choose the workstation, choose Edit > Modify, and enter the Ethernet address.

  7. Choose File > Save Changes.

    The window prints "All changes successful" when finished.

  8. Repeat for all hosts to be installed over the network.

  9. Exit the Host Manager.

  10. Go to "Check Client Information".

Add Client Information with the add_install_client Command

Note -

If you added hosts with the Host Manager, do not add information locally, as this command does.

  1. On the install server, as secadmin at label admin_low, add the add_install_client and rm_install_client commands to the root role's profile.

    The path to the commands is install_dir_path. For the continuing example, the path is /export/install/ts7_sparc.

    See "To Add a Command to a Role's Profile" for the full procedure.

  2. On the install server, as root at label admin_low, launch the Name Service Switch action.

  3. Ensure that the value of ethers and bootparams is files nisplus, as in:

    ethers: 			files nisplus dns
netmasks: 			files nisplus dns
bootparams: files nisplus dns

  4. As root, verify that the commands add_install_client and rm_install_client are in your profile.


    # clist -p | grep install_client
It should display:
/export/install/ts7_sparc/add_install_client: all
/export/install/ts7_sparc/rm_install_client: all

    See "To Verify That a Command is in a Role's Profile" for the full procedure.

  5. Change to the Trusted Solaris boot information directory. 


    # cd boot_dir_path

    For example, if the boot server is also the install server: 


    # cd /export/install/ts7_sparc

  6. Run the add_install_client(1M) command for every client you plan to install over the network. 


    # ./add_install_client [ -e ethernet_address ] \
-s install_server:install_dir_path    host_name    platform_group

    In this command,

    -e

    Specifies the ethernet address.

    -s

    Specifies the install server.

    install_server:install_dir_path

    install_server is the host name of the install server. install_dir_path is the absolute path name of the directory that has the copy of the Trusted Solaris CD image.

    host_name

    Is the host name of the standalone workstation or the server receiving the network installation. The host must be in the NIS+ name service for this command to work.

    platform group

    Is the platform group (sun4c, sun4m, sun4u) of the host being installed. (For a detailed list of platform groups, see Solaris 7 Sun Hardware Platform Guide.)

    For example, issuing the command: 


    # ./add_install_client -e 8:0:20:17:22:a4 \
-s heron:/export/install/ts7_sparc willet sun4m

    • Creates (if necessary) and copies boot information to the boot server's local bootparams database.

    • Creates (if necessary) and copies ethernet information to the boot server's local ethers file.

    • Creates (if necessary) and sets up the /tftpboot directory on the boot server with an entry for willet, whose platform group is sun4m.

    • Points the client to platform information on the install server's (heron's) file system, /export/install/ts7_sparc.

    Result: The client willet can be installed over the network.

  7. As secadmin, at label admin_low, remove the add_install_client script from the Custom Root Role.

    See "To Remove a Command from a Role's Profile" for the full procedure.

  8. Go to "Check Client Information".

Remove Client Information with the rm_install_client Command

  1. As root, at label admin_low, verify that rm_install_client is in the root profile shell.


    # clist -p | grep rm_install_client
It should display:
/export/install/ts7_sparc/rm_install_client: all

  2. Change to the Trusted Solaris boot information directory. 


    # cd boot_dir_path

  3. As root, at label admin_low, run the rm_install_client command for every client you plan to remove from the network install. 


    # ./rm_install_client host_name

  4. Once all clients are removed, assume the role secadmin and remove the rm_install_client script from the Custom Root Role.

    See "To Remove a Command from a Role's Profile" for the full procedure.

Check Client Information

Follow this procedure to verify that the bootparams file contains the required information.

  1. As role admin, at label admin_low, open the Database Manager, and choose the appropriate naming service before loading the bootparams database.

  2. Scroll through a host's entry to locate the keyword=value pair: 

    install_server=server:install_dir_path

    Network installation is now ready on network servers that have one network interface.

  3. If there are subnets, continue with "Create a Boot Server on a Subnet".

  4. Otherwise, go to "Reboot the Install Server".

Create a Boot Server on a Subnet

You can install Trusted Solaris software over the network from any install server on the network. However, a workstation using an install server on another subnet requires a separate boot server on its own subnet.

Note -

If the boot server and the install server are the same workstation, skip this procedure. The install server is the boot server. Go to "Reboot the Install Server".

  1. Follow Step 1 in "Create an Install Server".

  2. Determine your next step based on whether the boot server uses a local CDROM drive or an NFS mount of a Trusted Solaris CD image.

    If the Boot Server Uses ... 

    Then ... 

    Local CDROM drive 

    1. Insert the Trusted Solaris CD into the drive.

    2. Go to Step Step 3.

    NFS mount of a Trusted Solaris CD image 

    1. As root, mount -F nfs -o ro server_name:path /mnt

      where server_name:path is the host name and absolute path to the Trusted Solaris CD image.

    2. cd /mnt

    3. Go to Step Step 6.

  3. As root, at label admin_low, allocate the CDROM drive.

    The device should be allocated at the label admin_low and mounted.


    Do you want cdrom_n mounted: (y,n)? y

  4. Check that the setup_install_server command is in the profile shell.


    # clist -p | grep setup_install_server
It should display: /cdrom/cdrom0/setup_install_server: all

    If the command is not available, place the command in the profile before continuing. See "To Add a Command to a Role's Profile" and "To Verify That a Command is in a Role's Profile" for the full procedure.

  5. Change directory to the Trusted Solaris image.


    # cd /cdrom/cdrom0

  6. As root, at label admin_low, use the setup_install_server command with the -b option to set up a separate boot server for the subnet.

    The setup_install_server -b command copies all supported platform information to the local disk.


    # ./setup_install_server -b boot_dir_path

    In this command,

    -b

    Specifies that the workstation will be set up as a boot server.

    boot_dir_path

    Specifies the directory where the platform information will be copied. You can substitute any directory path.

    For example, the following command copies platform information from the mounted Trusted Solaris CD to the /export/bootdir/ts7_sparc directory on the boot server:


    # ./setup_install_server -b /export/bootdir/ts7_sparc

    The workstation is now configured as a boot server.

  7. After all boot servers are installed, as secadmin at label admin_low, remove the /cdrom/cdrom0/setup_install_server script from the Custom Root Role.

    For the procedure, see "To Remove a Command from a Role's Profile".

Reboot the Install Server

Before installing clients across the network, you must reboot the server.

  1. Shut down the install server from the TP (Trusted Path) menu.

    If you are unfamiliar with rebooting a Trusted Solaris workstation, see "To Reboot the Workstation".

    Result: The rpc.tbootparamd (Trusted bootparams daemon) can now start.

  2. Follow the network installation procedure, "SPARC: Install over the Network" in Chapter 3, Installing a Workstation.

    Clients will get platform, ethernet, and other system identification information from network files.

    The installation program will prompt for information that is not on the install or boot server, such as how to partition the disks.