Trusted Solaris Installation and Configuration

Creating a Profile

A profile is a text file used as a template by the custom JumpStart installation software. It defines how to install the Trusted Solaris software on a workstation (for example, system type, disk partitioning, software group), and it is named in the rules file.

A profile consists of one or more profile keywords and their values. Each profile keyword is a command that controls one aspect of how the Trusted Solaris installation program will install the Trusted Solaris software on a workstation. For example, the following profile keyword and value indicate to the Trusted Solaris installation program to install the workstation as a server.

system_type server

Note -

If you created the JumpStart directory by using the procedures on "Creating a JumpStart Directory on a Diskette " or "Creating a JumpStart Directory on a Server", example profiles have been placed in the JumpStart directory.

Requirements for Profiles

The following are requirements when creating a profile:

The install_type profile keyword is required.

Only one profile keyword can be on a line.

Recommendations for Trusted Solaris Profiles

Every Trusted Solaris rule should call a finish script. In the script, you can accomplish the following task:

Automatically reboot the workstation. See the example in "Rebooting the Workstation with a Finish Script".

For an example of a rule that calls a finish script, see "Recommendations for Trusted Solaris Rules".

How to Create a Profile

Overview - The procedure to create a profile involves:

Editing a file
Selecting profile keywords and profile values to define how to install the Trusted Solaris software on a workstation

Follow this procedure to create as many profiles as you need for your site.

As root, at label admin_low, open the Admin Editor.

Enter a file name (the profile) to be edited.

You can create a new file or edit one of the sample profiles in the JumpStart directory you created. For example,

File to Edit: /jumpstart/basic_install_profile

The name of a profile should reflect how it will install the Trusted Solaris software on a workstation (for example, basic_install_profile, eng_profile, or mktg_profile).

Add profile keywords and profile values to the profile.

Be aware of these things as you edit the profile:
- "Profile Examples" provides some examples of profiles.
- "Profile Keyword and Profile Value Descriptions" provides the list of valid profile keywords and values.
- You can have as many lines in the profile as necessary to define how to install the Trusted Solaris software on a workstation.
- You can add a comment after the pound sign (#) anywhere on a line. If a line begins with a #, the entire line is a comment line. If a # is specified in the middle of a line, everything after the # is considered a comment. Blank lines are also allowed in a profile.
- The profile keywords and their values are case sensitive.
- Profiles should be owned by root and have permissions equal to 644.
Note -
See "Using pfinstall to Test Profiles" for detailed information about testing profiles.

This completes the procedure to create a profile. To continue setting up for a custom JumpStart installation, see "How to Create the rules File".

Profile Examples

The following profile examples describe how you can use different profile keywords and profile values to control how the Trusted Solaris software is installed on a workstation. See "Profile Keyword and Profile Value Descriptions" for the list of profile keywords and profile values.

# profile keywords     profile values
# ----------------     -------------------
   install_type        initial_install
   system_type         standalone
   partitioning        default
   filesys             any 80 swap   # specify size of /swap
   cluster             SUNWCprog
   package             SUNWman delete
   package             SUNWolman delete
   package             SUNWxwman delete
   package             SUNWxwdem add
   package             SUNWxwdim add

This profile keyword is required in every profile.
This profile keyword defines that the workstation will be installed as a standalone workstation.
The file system slices are determined by the software to be installed (default value); however, the size of swap is set to 80 Mbytes and it is installed on any disk (any value).
The developer software group (SUNWCprog) is installed on the workstation.
Because the man pages will be mounted remotely, those packages are selected not to be installed on the workstation; however, the packages containing the X Windows demo programs and images are selected to be installed on the workstation.

# profile keywords     profile values
# ----------------     -------------------
install_type           initial_install
system_type            standalone

partitioning           default
filesys                c0t0d0s0 auto /
filesys                c0t3d0s1 64 swap
cluster                SUNWCall

The file system slices are determined by the software to be installed (default value). However, the size of root is based on the selected software (auto value) and it is installed on c0t0d0s0, and the size of swap is set to 64 Mbytes and it is installed on c0t3d0s1.
The entire distribution software group (SUNWCall) is installed on the workstation.

# profile keywords      profile values
# ----------------      -------------------
install_type            initial_install
system_type             standalone

fdisk                   c0t0d0 0x04 delete
fdisk                   c0t0d0 solaris maxfree
cluster                 SUNWCall
cluster                 SUNWCacc delete

All fdisk partitions of type DOSOS16 (04 hexadecimal) are deleted from the c0t0d0 disk.
A Trusted Solaris fdisk partition is created on the largest contiguous free space on the c0t0d0 disk.
The entire distribution software group (SUNWCall) is installed on the workstation.
The system accounting utilities (SUNWCacc) are selected not to be installed on the workstation.

# profile keywords      profile values
# ----------------      -------------------
install_type            upgrade

   package              SUNWbcp delete
   package              SUNWolman add
   package              SUNWxwman add
   cluster              SUNWCumux add
   locale               de

This profile upgrades a system (SPARC only).
The binary compatibility package (SUNWbcp) is selected to be deleted from the system or prevented from being installed.
This code ensures that the OpenLook and X Windows man pages and the universal multiplexor software are selected to be installed if they are not installed on the system. (All packages already on the system are automatically upgraded.)
The German localization packages are selected to be installed on the system.

Profile Keyword and Profile Value Descriptions

Profile keywords and profile values that you can use in a profile are listed and described below.

Profile Keyword and Profile Value Descriptions

client_arch

karch_value

client_arch defines that the server will support a different platform group than it uses. If you do not specify client_arch, any diskless client must have the same platform group as the server. You must specify client_arch once for each platform group.

Valid values for karch_value are sun4d, sun4c, sun4m, and sun4u. (See Solaris 7 Sun Hardware Platform Guide for a detailed list of the platform names of various workstations.)

Restriction: client_arch can be used only when system_type is specified as server.

client_root

root_size

client_root defines the amount of root space (root_size in Mbytes) to allocate for each client. If you do not specify client_root in a server's profile, the installation software will automatically allocate 15 Mbytes of root space per client. The size of the client root area is used in combination with the num_clients keyword to determine how much space to reserve for the /export/root file system.

Restriction: client_root can be used only when system_type is specified as server.

client_swap

swap_size

client_swap defines the amount of swap space (swap_size in Mbytes) to allocate for each diskless client. If you do not specify client_swap, 24 Mbytes of swap space is allocated.

Example: client_swap 64

The example defines that each diskless client will have a swap space of 64 Mbytes.

Restriction: client_swap can be used only when system_type is specified as server.

cluster

group_name

Use for software groups. cluster designates what software group to add to the workstation. The cluster names for the software groups are:

End user system support: SUNWCuser
Developer system support: SUNWCprog
Entire distribution: SUNWCall

You can specify only one software group in a profile, and it must be specified before other cluster and package entries. If you do not specify a software group with cluster, the end user software group (SUNWCuser) is installed on the workstation by default.

cluster

cluster_name [add | delete]

Use for clusters.

cluster designates whether a cluster should be added or deleted from the software group that will be installed on the workstation. add or delete indicates whether the cluster should be added or deleted. If you do not specify add or delete, the cluster is added by default.

cluster_name must be in the form SUNWCname.

For Upgrade (not supported for Trusted Solaris 7):

All clusters already on the system are automatically upgraded.
If you specify cluster_name add, and cluster_name is not installed on the system, the cluster is installed.
If you specify cluster_name delete, and cluster_name is installed on the system, the package is deleted before the upgrade begins.

dontuse

disk_name

dontuse designates a disk that the Trusted Solaris installation program should not use when partitioning default is specified. You can specify dontuse once for each disk, and disk_name must be specified in the form cxtydz or cydz, for example, c0t0d0.

By default, the Trusted Solaris installation program uses all the operational disks on the workstation.

Restriction: You cannot specify the dontuse keyword and the usedisk keyword in the same profile.

filesys

slice size [file_system] [optional_parameters]

Use for creating local file systems.

This instance of filesys creates local file systems during the installation. You can specify filesys more than once.

slice - Choose one of the following:

any

The Trusted Solaris installation program places the file system on any disk.

Restriction: any cannot be specified when size is existing, all, free, start:size, or ignore.

cwtxdysz or cwdysz

The disk slice where the Trusted Solaris installation program places the file system, for example, c0t0d0s0.

rootdisk.sn

The logical name of the disk where the installation program places the root file system. The .sn suffix indicates a specific slice on the disk.

size - Choose one of the following:

num

The size of the file system is set to num (in Mbytes).

existing

The current size of the existing file system is used.

Note: When using this value, you can change the name of an existing slice by specifying file_system as a different mount_pt_name.

auto

The size the file system is automatically determined depending on the selected software.

all

The specified slice uses the entire disk for the file system. When you specify this value, no other file systems can reside on the specified disk.

free

The remaining unused space on the disk is used for the file system.

Restriction: If free is used as the value to filesys, it must by the last filesys entry in a profile.

start:size

The file system is explicitly partitioned: start is the cylinder where the slice begins; size is the number of cylinders for the slice.

file_system - You can use this optional value when slice is specified as any or cwtxdysz. If file_system is not specified, unnamed is set by default, but then you cannot specify the optional_parameters value. Choose one of the following:

mount_pt_name

The file system's mount point name, for example, /var.

swap

The specified slice is used as swap.

overlap

The specified slice is defined as a representation of a disk region (VTOC value is V_BACKUP). By default, slice 2 is an overlap slice that is a representation of the whole disk.

Restriction: overlap can be specified only when size is existing, all, or start:size.

unnamed

The specified slice is defined as a raw slice, so slice will not have a mount point name. If file_system is not specified, unnamed is set by default.

ignore

The specified slice is not used or recognized by the Trusted Solaris installation program. This could be used to ignore a file system on a disk during an installation, so the Trusted Solaris installation program can create a new file system on the same disk with the same name.

optional_parameters - Choose one of the following:

preserve

The file system on the specified slice is preserved.

Restriction: preserve can be specified only when size is existing and slice is cwtxdysz.

mount_options

One or more mount options (-o option of the mount(1M) command) that are added to the /etc/vfstab entry for the specified mount_pt_name.

Note: If you need to specify more than one mount option, the mount options must be separated by commas and no spaces. For example: ro,nodev.

install_type

initial_install | upgrade

install_type defines whether to perform the initial installation option or upgrade option on the system. (Upgrade is not supported for Trusted Solaris 7).

Restriction: install_type must be the first profile keyword in every profile.

locale

locale_name

locale designates that the localization packages associated with the selected software should be installed (or added for upgrade) for the specified locale_name. The locale_name values are the same as the values used for the $LANG environment variable.

The English localization packages are installed by default. You can specify locale once for each localization you need to support.

num_clients

client_num

When a server is installed, space is allocated for each diskless client's root (/) and swap file systems. num_clients defines the number of diskless clients (client_num) that a server will support. If you do not specify num_clients, five diskless clients are allocated.

Restriction: num_clients can be used only when system_type is specified as server.

package

package_name [add | delete]

package designates whether a package should be added to or deleted from the software group that will be installed on the workstation. add or delete indicates whether the package should be added or deleted. If you do not specify add | delete, the package is added.

package_name must be in the form SUNWname. Use the pkginfo -l command on an installed workstation to view detailed information about packages and their names.

For Upgrade (not supported for Trusted Solaris 7):

All packages already on the system are automatically upgraded.
If you specify package_name add, and package_name is not installed on the system, the package is installed.
If you specify package_name delete, and package_name is installed on the system, the package is deleted before the upgrade begins.
If you specify package_name delete, and package_name is not installed on the system, the package is prevented from being installed if it is part of a cluster that is designated to be installed.

partitioning

default | existing | explicit

partitioning defines how the disks are divided into slices for file systems during the installation. If you do not specify partitioning, default is set.

default - The Trusted Solaris installation program selects the disks and creates the file systems on which to install the specified software, except for any file systems specified by the filesys keyword. rootdisk is selected first; additional disks are used if the specified software does not fit on rootdisk.

existing - The Trusted Solaris installation program uses the existing file systems on the workstation's disks. All file systems except /, /usr, /usr/openwin, /opt, and /var are preserved. The installation program uses the last mount point field from the file system superblock to determine which file system mount point the slice represents.

Restriction: When specifying the filesys profile keyword with partitioning existing, size must be existing.

explicit - The Trusted Solaris installation program uses the disks and creates the file systems specified by the filesys keywords. If you specify only the root (/) file system with the filesys keyword, all theTrusted Solaris software will be installed in the root file system.

Restriction: When you use the explicit profile value, you must use the filesys profile keyword to specify which disks to use and what file systems to create.

system_type

standalone | server

system_type defines the type of workstation being installed. If you do not specify system_type in a profile, standalone is set by default.

usedisk

disk_name

usedisk designates a disk that the Trusted Solaris installation program will use when partitioning default is specified. You can specify usedisk once for each disk, and disk_name must be specified in the form cwtxdyor cwdy, for example, c0t0d0.

If you specify the usedisk profile keyword in a profile, the Trusted Solaris installation program will only use the disks that you specify with the usedisk profile keyword.

Restriction: You cannot specify the usedisk keyword and the dontuse keyword in the same profile.

How the Size of Swap Is Determined

If a profile does not explicitly specify the size of swap, the Trusted Solaris installation program determines the maximum size that swap can be, based on the workstation's physical memory. The following table shows how the maximum size of swap is determined during a custom JumpStart installation.

Table 8-2 How the Maximum Size of Swap Is Determined


Physical Memory (in Mbytes)	Maximum Size of Swap (in Mbytes)
32 - 64	64
64 - 128	64
128 - 512	128
512 >	256

The Trusted Solaris installation program will make the size of swap no more than 20% of the disk where it resides, unless there is free space left on the disk after laying out the other file systems. If free space exists, the Trusted Solaris installation program will allocate the free space to swap up to the maximum size shown in Table 8-2.

Note -

Physical memory plus swap space must be a minimum of 64 Mbytes.