Trusted Solaris Installation and Configuration

Chapter 10 Configuring Diskless Clients

Configuring a diskless client for Trusted Solaris software is similar to configuring them for the Solaris 7 environment. The Solstice AdminSuite 2.3 Administration Guide lists the procedures. The clients boot from an OS server configured with services for the clients' architecture, plus disk space for their files.

Prerequisites for Diskless Clients

In order to boot, a diskless client requires:

Access to a Trusted Solaris CD image on a hard disk
An OS server
Solstice AdminSuite databases mounted on /opt

Install and Configure an OS Server

An OS server is a system type. When you choose the OS server system type during installation, you are prompted to allocate disk space for its diskless clients.

When an OS server is installed over the network rather than interactively, the Host Manager records that it is an OS server.

Path 1 - Create OS Server during Installation

Choose the OS server system type during installation, and configure disk space for diskless clients.

"System Installation Step by Step"

Path 2 - Convert Standalone to OS Server

The workstation must have disk space for clients. When partitioning the disks, provide at least 30MB disk space per client in /export/root, and 24MB of swap space per client in /export/swap.

Choose the Standalone system type during installation and leave room (or add disks) for diskless clients.

Add the (still Standalone) workstation to the NIS+ network:
- Chapter 6, Configuring a NIS+ Client

Access a Trusted Solaris CD Image on a File System

The OS server needs access to the Trusted Solaris CD image on hard disk. You can mount an existing install server's Trusted Solaris CD image, or you can copy the Trusted Solaris CD image to the OS server.

On the workstation that is going to be the OS server, log in as a user who can assume the root role, and assume it.

Either:

Follow the procedure "Create an Install Server".

This will copy the Trusted Solaris CD image to one of the OS server's hard disks.

Or:

As root, at label admin_low, mount a Trusted Solaris CD image that has been copied to an install server:

Add the file systems to be mounted to the file /etc/vfstab.

For example,

heron:/export/install/ts7_sparc - /export/install/ts7_sparc nfs - yes bg,intr,soft

As role admin, at label admin_low, create a mount point for the file system to be mounted.
$ mkdir -p /export/install/ts7_sparc

Mount the file system.
# mount /export/install/ts7_sparc

Add OS Services

On the workstation that is going to be the OS server, as role admin at label admin_low, open the Host Manager with the NIS+ Naming Service.

If there is already an entry for the OS Server and its Type is OS Server:
1. Select the entry and choose Edit > Modify.
2. Click Add... under OS Services and go to Step 4.

If there is an entry for the OS Server, but its Type is not OS Server:
1. Select the host.
2. Choose Edit > Convert > to OS Server.
3. Click Add... under OS Services and go to Step 4.

If there is no Host Manager entry for the OS server, choose Edit > Add.

Note -

In the Host Manager, the word Solaris stands for Trusted Solaris.

Fill in the following information about the OS server:

Table 10-1 Adding an OS Server to Host Manager


Entry	Value
Host Name
IP Address
Ethernet Address
System Type	OS server
Timezone Region
Timezone
Remote Install	Do not select unless you plan to re-install the OS server over the network.
OS Services	Add...

In the Add OS Services dialog, fill in the information:

Table 10-2 Adding OS Services to an OS Server in Host Manager


Entry	Value
Set Media Path	`/export/install/ts7_sparc`
Software Groups	Per platform, choose what software cluster to run. Note that Core and End User are equivalent.
Platforms	Choose a platform.

Create a Boot Server

The boot server provides boot information for the diskless clients. If you want a boot server separate from the install server, create it. The boot server must be on the same subnet as the diskless clients:

"Create a Boot Server on a Subnet"

Reboot the OS Server

Choose Shut Down from the Trusted Path menu, confirm, then boot the server when the prompt appears.

Configuring Diskless Clients

Each diskless client requires an entry in the Host Manager. Use NIS+ to centrally administer the diskless clients.

Add Diskless Clients

On the workstation that is going to be the OS server, log on as a user who can assume the admin role.

As role admin at label admin_low, open the Host Manager with the NIS+ Naming Service.

Add each diskless client as an entry in the Host Manager.

If the client exists already, delete it and re-create it. A diskfull client cannot be converted to diskless.

Table 10-3 Diskless Client Information in Host Manager


Entry	Value
Host Name
IP Address
Ethernet Address
System Type	Diskless
Timezone Region
Timezone
File Server	(OS server is already entered for you.)
OS Release	Select the platform for the client.
Root Path	/export/root
Swap Path	/export/swap
Swap Size	> 64 MB

Save the changes.

Files for the client will be created in /export/root/clientname. Adding a diskless client takes from 15 to 30 minutes per client.

Ensure that the Client is Known to the NIS+ Master

As root, at label admin_low, make sure that the client information in the kernel cache and the tnrhdb table is correct.
1. Launch a terminal.
2. Look for the client's IP address or a fallback address in the kernel cache.
  # tninfo -h
3. Check that the information is in the tnrhdb NIS+ table.
  # niscat tnrhdb.org_dir | more

If the client is in the tnrhdb file correctly, but is not in the kernel cache, update the kernel.
# cd /etc/security/tsol # tnctl -T tnrhtp # tnctl -H tnrhdb
1. Then check the kernel cache and run the command nistntime.
  # tninfo -h # /usr/lib/nis/nistntime tnrhtp # /usr/lib/nis/nistntime tnrhdb

If the client is not in the tnrhdb file correctly, open the Database Manager with the NIS+ naming service, choose tnrhdb, and enter the client or the fallback mechanism for the client's subnet.

When you exit the Database Manager, the tnrhdb and the kernel cache are updated.

Set up Each Client's Mounts

On the OS server, as root at label admin_low, open the Admin Editor from the System_Admin folder, with the file /export/root/clientname/etc/vfstab.

You will do this once per client.

Create an /opt entry in the vfstab file.

The /opt mount point enables the client to run Solstice AdminSuite. You can add other mount points as well.

For example,
```
<server>:/export/opt - /export/opt nfs - yes     bg,intr,soft
squirrel:/export/tools - /export/tools nfs - yes   bg,intr,soft
```

Write the file and exit the editor.

As root, at label admin_low, create the mount points in the client's root directory.

# cd /export/root/clientname
# mkdir -p export/opt
# mkdir -p export/tools

Verify Each Client's tnrhdb Entries

On the OS server, as root at label admin_low, open the Admin Editor from the System_Admin folder, with the file /export/root/clientname/etc/security/tsol/tnrhdb.

You will do this once per client.

Correct any entries in the file that are not in the following format:
```
ip_address:template
nnn.nnn.nnn.nnn:template
```
For example, the following is a correctly formatted sample entry:

129.150.129.7:tsol

Boot a Diskless Client

When booting for the first time, provide the client with a root password.

At the ok prompt, type boot net.

When booting for the first time, provide and confirm a root password.

Result: The diskless client is ready for use by a normal user.

See Trusted Solaris Administrator's Procedures for the procedure to remove a diskless client.