test

Trusted Solaris Installation and Configuration

Creating the rules File

The rules file is a text file used to create the rules.ok file. The rules file is a lookup table consisting of one or more rules that define matches between workstation attributes and profiles. For example, the rule

karch sun4c - basic_prof -

matches a workstation with a sun4c platform name to the basic_prof profile, which the Trusted Solaris installation program would use to install the workstation.

Note -

If you set up the JumpStart directory by using the procedures "Creating a JumpStart Directory on a Diskette " or "Creating a JumpStart Directory on a Server", an example rules file should already be in the JumpStart directory; the example rules file contains documentation and some example rules. If you use the example rules file, make sure you comment out the example rules that you will not use.

When Does a System Match a Rule

During a custom JumpStart installation, the Trusted Solaris installation program attempts to match the rules in the rules.ok file in order, first rule through the last rule. A rule match occurs when the workstation being installed matches any of the rule values in the rule (as defined in "Rule Keyword and Rule Value Descriptions"). As soon as a workstation matches a rule, the Trusted Solaris installation program stops reading the rules.ok file and begins to install the workstation as defined by the matched rule's profile.

Recommendations for Trusted Solaris Rules

Since a workstation installed with custom JumpStart does not automatically reboot, create a rules file whose entries include a finish script that automatically reboots the workstation. An example finish script is in "Rebooting the Workstation with a Finish Script". A sample rules file:

hostname wren - basic_prof finish.sh

matches a workstation whose hostname is wren to the basic_prof profile, which the Trusted Solaris installation program would use to install the workstation. After installation, the finish.sh script would be executed to reboot the workstation.

How to Create the rules File

Overview - The procedure to create a rules file involves:

  1. As secadmin, at label admin_low, open the Admin Editor.

    See "To Create or Open a File from the Trusted Editor" if you are unfamiliar with the steps.

  2. To edit the sample rules file:

    File to Edit: /jumpstart/rules

  3. To create a rules file in /export/tmp:

    File to Edit: /export/tmp/rules

  4. Add a rule in the rules file for each group of workstations you want to install using custom JumpStart.

    Be aware of these things as you add rules to the rules file:

    An individual rule in the rules file must have the following syntax: 

    [!]rule_keyword rule_value [&& [!]rule_keyword rule_value]...   begin   profile   finish

    The fields of a rule are described below:

    Field Descriptions of a Rule
    !

    A symbol used before a rule keyword to indicate negation.

    [ ]

    A symbol used to indicate an optional expression or field.

    ...

    A symbol used to indicate the preceding expression may be repeated.

    &&

    A symbol that must be used to join (logically AND) rule keyword and rule value pairs together in the same rule. During a custom JumpStart installation, a workstation must match every pair in the rule before the rule matches.

    rule_keyword

    A predefined keyword that describes a general system attribute, such as host name (hostname) or memory size (memsize). It is used with the rule value to match a workstation with the same attribute to a profile. See "Rule Keyword and Rule Value Descriptions" for the list of rule keywords.

    rule_value

    A value that provides the specific system attribute for the corresponding rule keyword. See "Rule Keyword and Rule Value Descriptions" for the list of rule values.

    begin

    A name of an optional Bourne shell script that can be executed before the installation begins. If no begin script exists, you must enter a minus sign (-) in this field. All begin scripts must reside in the JumpStart directory.

    See "Creating Begin Scripts" for detailed information on how to create begin scripts.

    profile

    A name of a text file used as a template that defines how to install Trusted Solaris on a workstation. The information in a profile consists of profile keywords and their corresponding profile values. All profiles must reside in the JumpStart directory.

    Note - There are optional ways to use the profile field, which are described in "Using a Site-Specific Installation Program" and "Creating Derived Profiles With Begin Scripts".

    finish

    A name of an optional Bourne shell script that can be executed after the installation completes. If no finish script exists, you must enter a minus sign (-) in this field. All finish scripts must reside in the JumpStart directory.

    See "Creating Finish Scripts" for detailed information on how to create finish scripts.

    This completes the procedure to create a rules file. To validate the rules file, see "How to Use check to Validate the rules File".

Rule Examples

The following illustration shows several example rules in a rules file. Each line has a rule keyword and a valid value for that keyword. The Trusted Solaris installation program scans the rules file from top to bottom. When the Trusted Solaris installation program matches a rule keyword and value with a known workstation, it installs the Trusted Solaris software specified by the profile listed in the profile field. 

  # rule keywords and rule values  begin script  profile    finish script
  # -----------------------------  ------------  -------    -------------
  hostname eng-1                     -           basic_prof     -
  network 192.43.34.0 && !model \
  'SUNW,Sun 4_50'                    -           net_prof       -
  model SUNW,SPARCstation-LX         -           lx_prof    complete
  network 193.144.2.0 && karch sparc  setup      ultra_prof done
  any  -                             -           generic_prof   -

  1. This rule matches if the workstation's host name is eng-1. The basic_prof profile is used to install the Trusted Solaris software on the workstation that matches this rule.

  2. The rule matches if the workstation is on subnet 192.43.34.0 and it is not a SPARCstation IPXTM(SUNW,Sun 4_50). The net_prof profile is used to install the Trusted Solaris software on workstations that match this rule.

  3. The rule matches if the workstation is a SPARCstation LX. The lx_prof profile and the complete finish script are used to install the Trusted Solaris software on workstations that match this rule. This rule also provides an example of rule wrap, which is defined on "Important Information About the rules File".

  4. This rule matches if the workstation is on subnet 193.144.2.0 and the workstation is a Sun Ultra. The setup begin script, the ultra_prof profile, and the done finish script are used to install the Trusted Solaris software on workstations that match this rule.

  5. This rule matches any workstation that did not match the previous rules. The generic_prof profile is used to install the Trusted Solaris software on workstations that match this rule. If used, -any should always be in the last rule.

Important Information About the rules File

The following information is important to know about the rules file:

Name

The rules file must have the file name, rules.

rules.ok file

The rules.ok file is a generated version of the rules file, and it is required by the custom JumpStart installation software to match a workstation to a profile. You must run the check script to create the rules.ok file, and the rules.ok file should be owned by root and have permissions equal to 644.

Comments

You can add a comment after the pound sign (#) anywhere on a line. If a line begins with a #, the entire line is a comment line. If a # is specified in the middle of a line, everything after the # is considered a comment. Blank lines are also allowed in the rules file.

Note -

When creating the rules.ok file, the check script removes all the comment lines, comments at the end of a rule, and blank lines.

Rule wrap

When a rule spans multiple lines, you can let a rule to wrap to a new line, or you can continue a rule on a new line by using a backslash (\) before the carriage return.

Rule fields

The rule_value, begin, and finish fields must have a valid entry or a minus sign (-) to specify that there is no entry.

Rule Keyword and Rule Value Descriptions

The rule keywords and rule values that you can use in the rules file are listed and described below.

Rule Keyword and Rule Value Descriptions
any

minus sign (-)

Match always succeeds.

arch

processor_type

Matches a workstation's processor type. The uname -p command reports the workstation's processor type.

For example, SPARC is a platform; sparc is a processor_type.

domainname

domain_name

Matches a workstation's domain name, which controls how a name service determines information.

If you have a workstation already installed, the domainname(1M) command reports the workstation's domain name.

disksize

disk_name size_range

  • disk_name -- A disk name in the form cxtydz, such as c0t3d0, or the special word rootdisk. rootdisk should be used only when trying to match workstations that contain the factory-installed JumpStart software. rootdisk is described on Table 8-3.

  • size_range -- The size of the disk, which must be specified as a range of Mbytes (xx-xx).

Matches a workstation's disk (in Mbytes).

Example: disksize c0t3d0 250-300

The example tries to match a workstation with a c0t3d0 disk that is between 250 and 300 Mbytes.

Note -

When calculating size_range, remember that a Mbyte equals 1,048,576 bytes. A disk may be advertised as a "207 Mbyte" disk, but it may have less than 207 million bytes of disk space. The Trusted Solaris installation program will actually view the "207 Mbyte" disk as a 197 Mbyte disk because 207,000,000 / 1,048,576 = 197. So, a "207 Mbyte" disk would not match a size_range equal to 200-210.

hostaddress

IP_address

Matches a workstation's IP address.

hostname

host_name

Matches a workstation's host name.

If you have a workstation already installed, the uname -n command reports the host name.

installed

slice version

  • slice - A disk slice name in the form cwtxdysz, such as c0t3d0s5, or the special words any or rootdisk. If -any is used, any disk attached to the workstation attempts to match. rootdisk should be used only when trying to match workstations that contain the factory-installed JumpStart software.rootdisk is described on Table 8-3.

  • version - A version name, such as Trusted_Solaris_7, or the special word any. If any is used, any Trusted Solaris or SunOS release is matched.

Matches a disk that has a root file system corresponding to a particular version of Trusted Solaris software.

Note -

Factory-installed JumpStart may not be supported by Trusted Solaris software.

karch

platform_group

Matches a workstation's platform name.

Valid values are sun4d, sun4c, sun4m, and sun4u. (See Solaris 7 Sun Hardware Platform Guide.)

If you have a workstation already installed, the arch -k command or the uname -m command reports the workstation's platform group.

memsize

physical_mem

Matches a workstation's physical memory size (in Mbytes). The value must be a range of Mbytes (xx-xx) or a single Mbyte value.

Example: memsize 32-64

The example tries to match a workstation with a physical memory size between 32 and 64 Mbytes.

If you have a workstation already installed, the prtconf(1M) command reports the workstation's physical memory size in line 2. Run the command in the role admin.

model

model_name

Matches a workstation's model number, which is workstation-dependent and varies by the manufacturer. The list shown is not complete.

If you have a workstation already installed, the prtconf command reports the workstation's model number in line 5.

If you have a workstation already installed, the uname -i command reports the workstation's model name.

For example, a system name is different from a model_name:

System Name

Model Name

SPARCstation 1 (4/60)

Sun 4_60

SPARCstation IPX (4/50)

SUNW,Sun_4_50

SPARCstation 10

SUNW,SPARCstation-10

SPARCclassicTM (4/15)

SUNW,SPARCclassic

SPARCstation LX (4/30)

SUNW,SPARCstation-LX

SPARCserver 1000

SUNW,SPARCserver-1000

SPARCcenterTM 2000

SUNW,SPARCcenter-2000

SPARCstation 10 SX

SUNW,SPARCstation-10,SX

SPARCstation 20

SUNW,SPARCstation-20

SPARCstation Voyager

SUNW,S240

Sun UltraTM 1

SUNW,Ultra-1

Sun UltraServer 1

SUNW,Ultra-1

Sun UltraServer 2

SUNW,Ultra-2

Sun UltraEnterprise

SUNW,Ultra-Enterprise

Note: If the model_name contains spaces, the model_name must be inside a pair of single quotes ('). For example: 'SUNW,Sun 4_60'

network

network_num

Matches a workstation's network number, which the Trusted Solaris installation program determines by performing a logical AND between the workstation's IP address and the subnet mask.

Example: network 193.144.2.0

The example would match a workstation with a 193.144.2.8 IP address (if the subnet mask were 255.255.255.0).

osname

Trusted_Solaris_version

Matches a version of Trusted Solaris software already installed on a workstation. Trusted_Solaris_version is the version of the Trusted Solaris environment installed on the workstation: for example, Trusted Solaris 2.5.1.

totaldisk

size_range

Matches the total disk space on a workstation (in Mbytes). The total disk space includes all the operational disks attached to a workstation. The value must be specified as a range of Mbytes (xx-xx).

Example: totaldisk 300-500

The example tries to match a workstation with a total disk space between 300 and 500 Mbytes.

Note -

When calculating size_range, remember that a Mbyte equals 1048576 bytes. A disk may be advertised as a "207 Mbyte" disk, but it may have only 207 million bytes of disk space. The Trusted Solaris installation program will actually view the "207 Mbyte" disk as a 197 Mbyte disk because 207000000 / 1048576 = 197. So, a "207 Mbyte" disk would not match a size_range equal to 200-210.

How the Installation Program Sets the Value of rootdisk

rootdisk is the logical name of the disk where the root file system is placed during an installation. During a custom JumpStart installation, the Trusted Solaris installation program sets the value of rootdisk (that is, the actual disk it represents) depending on various situations; this is described in the following table.

Table 8-3 How the Trusted Solaris Installation Program Sets rootdisk

Situation 

What Happens 

A system contains the factory-installed JumpStart software. (This applies to some SPARC systems only).  

rootdisk is set to the disk that contains the factory-installed JumpStart software before the system tries to match any rules.

rootdisk has not been set and a workstation tries to match the following rule:

 

disksize rootdisk size_range

or 

installed rootdisk version

 

rootdisk is set to c0t3d0 or the first available disk attached to the workstation.

 

After rootdisk is set, the workstation tries to match the rule.

If rootdisk has been set and the workstation tries to match the following rule.

 

disksize rootdisk size_range

or 

installed rootdisk version

 

The workstation tries to match the rule. 

A workstation tries to match the following rule: 

 

installed disk version

If disk is found on the workstation with a root file system that matches the specified version, the rule matches and rootdisk is set to disk.

A workstation tries to match the following rule:

 

installed any version

If any disk is found on the workstation with a root file system that matches the specified version, the rule matches and rootdisk is set to the found disk. (If there is more than one disk on the workstation that can match, the workstation will match the first disk that is found.)

rootdisk has not been set after a system matches a rule and the system is going to be upgraded (which is defined in the profile).

rootdisk is set to the first disk found with a root file system that matches an upgradable version of Trusted Solaris software. If no disk is found, the system proceeds with an interactive installation.

rootdisk has not been set after a workstation matches a rule.

rootdisk is set to c0t3d0 or the first available disk attached to the workstation.

For the Trusted Solaris installation program to use the value of rootdisk, the following conditions must be true in the profile specified for the workstation: