In the Trusted Solaris environment, Custom JumpStart procedures are handled by administrative roles. For an explanation of Custom JumpStart, see "Preparing Custom JumpStart Installations" in Solaris 8 Advanced Installation Guide. Prepare to modify Custom JumpStart procedures with Trusted Solaris security requirements, such as device allocation and task allocation by role.
Factory-installed JumpStart may not be supported by Trusted Solaris software.
The following procedures are slightly different in the Trusted Solaris environment.
The Trusted Solaris environment does not support mounting remote file systems during installation.
Custom JumpStart Procedure |
Trusted Solaris Modification |
---|---|
Create a Custom JumpStart diskette |
Users who can assume the roles admin and secadmin should be present. |
Allocate diskette drive |
As admin, at label |
Deallocate diskette drive |
As admin, at label |
Format a diskette |
As admin, at label |
Create a filesystem on a diskette |
As admin, at label |
Create a mount point on a diskette |
As admin, at label |
Mount the directory |
As admin, at label See Example 9-2 at the end of this table for a sample mount command. |
Populate the directory |
As admin, at label |
Create a JumpStart directory on a server |
As admin, at label |
Share the directory |
For details of the procedure, see "How to Share a File System". |
Share the file system |
For details of the procedure, see "How to Share a File System". |
Enable access to JumpStart directory |
As admin, at label |
Check access to JumpStart directory |
On the install server, as role admin at label For details, see "To Locate a Solaris Management Console Tool". |
To create a UFS file system on a diskette to be used for Custom JumpStart, as admin at ADMIN_LOW
:
$ mkdir /ts8_jumpstart $ mount -F ufs /dev/diskette /ts8_jumpstart |
Use the Trusted Solaris information in the following table to modify the procedures in "Creating a Profile" in Solaris 8 Advanced Installation Guide.
Table 9-5 Modified JumpStart Profile Procedures
Solaris Procedure |
Trusted Solaris Modification |
---|---|
Edit a profile file. |
As admin role at label For how to use the Admin Editor, see "To Create or Open a File from the Trusted Editor". The upgrade keyword is not supported in Trusted Solaris 8. |
Use the Trusted Solaris information that follows to modify the procedures in "Testing a Profile" in Solaris 8 Advanced Installation Guide and "pfinstall" in Solaris 8 Advanced Installation Guide.
In the Trusted Solaris environment, testing profiles is handled by the admin role.
On an installed and configured Trusted Solaris host, log in as a user who can assume the admin role.
As admin at label ADMIN_LOW
, launch a terminal and see that the pfinstall(1M) command is available
in the role's profile shell.
$ profiles -l | grep pfinstall |
The name profile shell refers to a shell that recognizes Trusted Solaris execution profiles. It does not refer to the machine profiles being tested here.
If the command is not in the profile, the secadmin role must add it to the admin role's rights, and then the admin role launches a new terminal in which to run the command.
See "How to Modify a Role's Rights" for how to add the pfinstall command to the admin role's rights profile.
Use the Trusted Solaris information in the following table to modify the procedures in "Creating the rules File" in Solaris 8 Advanced Installation Guide.
Table 9-6 Modified JumpStart Rule Procedures
Solaris Procedure |
Trusted Solaris Modification |
---|---|
Edit a rules file |
As role admin at label For how to use the Admin Editor, see "To Create or Open a File from the Trusted Editor". |
Use a Trusted Solaris-specific value for a keyword |
For the installed option, the version keyword. version - A version name, such as Trusted_Solaris_8, or the special word any. If any is used, any Trusted Solaris or SunOS release is matched. |
|
For the osname option, the version keyword. version -- A version of Trusted Solaris the Trusted Solaris environment installed on the workstation: for example, Trusted Solaris 7. |
Validate a rules file | |
Copy a rules file |
As admin at label |