Monday, December 17, 2007

solaris---Jumpstart Install

Description Of a Jumpstart Install
Here, roughly, is what goes on during a Solaris 8 jumpstart install, oh but first let's talk about some terms!
Definition of Terms
Client = Machine to Recieve Jumpstart InstallBoot Server = Machine on same subnet/local network/broadcast domain as Client which hands client boot files and informationInstall Server = Machine from which Client will install Solaris OSNotice: The Install server does not have to be on the same subnet as the Client. The Boot Server passes the Client the IP address of its default router which the client then uses as its default router. Not sure if this is documented anywhere in Sun's Doc, but if you snoop -v the traffic between a Boot Server and an Install Client you'll see the bootparam service hand this info to the Client. Also if you are using routed instead of default routers, well good luck!Also Notice: There is nothing stopping the Install server and the Boot server from being the same machine, and in practice it make good sense.
Admin issues the 'boot net - install' command from the 'ok' prompt of the client
Client machine broadcasts a Reverse-ARP request to the local subnet
Boot server's in.rarpd server responds with an ip address from its /etc/hosts file matching the hostname listed for the client's mac address in the server's /etc/ethers file
Client machine requests OS kernel and extras from the Boot server's tftp daemon
The in.tftpd server running on the Boot Server hands the client the requested files
Client downloads and boots the requested kernel image
Client starts bootparams client and requests boot info from Boot Server
rpc.bootparams server on Boot Server responds with the NFS location of a jumpstart-dir, an install-root filesystem, and a sysidcfg dir
Client NFS mounts Boot Server's jumpstart-dir/Solaris_8/Tools/Boot directory as its root filesystem
Client NFS mounts Install server's jumpstart-dir and launches OS install
Client begins "System Indentification" stage of install. If you are familiar with CD installs of Solaris, you will recognize this stage as where the install program asks for host, network, locale, date and time information
Client NFS mounts the sysidcfg directory it was given by the rpc.bootparams daemon on the Boot server
Client reads host configuration information from the text file named 'sysidcfg' inside the sysidcfg directory it has mounted
Client requests manual entry at it's console for any information not contained in this file
Client begins "System Install" stage of install. If you are familiar with CD installs of Solaris, you will recognize this stage as where the install program asks you to choose a parition layout for system and to choose a package cluster/and or individual software packages to install.
Client finds line matching it's own system architechture (Sparc/x86), hostname, ip address, etc. in 'rules.ok' text file in Install server's jumpstart-dir
From this line the Client is told the name of a begin-script, profile, and finish-script. The profile is a text file, the begin and finish scripts bourne shell scripts. All three items are located in the Install server's jumpstart-dir
Client executes the begin-script
Client partitions and formats its disks according to rules laid out in its profile
Client installs software packages according to rules laid out in its profile
Client installs any system patches found in the Install server's jumpstart-dir/Patches directory. It installs these patches in date-wise order (that is to say according to their time-stamps) from oldest to newest
Client execute the finish-script
System is installed, and Client reboots
That's All!!
Network Services Needed for a Jumpstart InstallOn Boot Server
in.rarpd
From The Man Page (man rarpd)RARP is used by machines at boot time to discover their Internet Protocol (IP) address. The booting machine provides its Ethernet address in a RARP request message. Using the ethers and hosts databases, in.rarpd maps this Ethernet address into the corresponding IP address which it returns to the booting machine in an RARP reply message. The booting machine must be listed in both databases for in.rarpd to locate its IP address.Under Solaris 8 in.rarpd is started by the nfs.server init script if the directory /tftpboot exists.
rpc.bootparams
From The Man Page (man bootparamd)rpc.bootparamd is a server process that provides information from a bootparams database to diskless clients at boot time.The bootparams database can either be the flat text file /etc/bootparams (recommended) or an NIS map. Which of these methods to use is controlled by an entry in the /etc/nsswitch.conf file.Under Solaris 8 rpc.bootparamd is started by the nfs.server init script if the directory /tftpboot exists.
in.tftpd
Trivial File Transfer Protocol Daemon. A stripped down version of ftp, used to transfer Solaris 8 kernel plus some extra goodies to the boot clients.The tftp daemon needs to be configured to share the /tftpboot directory (which you may have to create)The tftp daemon included with Solaris 8 (there are many others you could use if you prefer) is run from inetd. It is turned on in a default Solaris 8 install and hence recieves no mention (at least not that I saw...) in Sun's own Jumpstart documentation even though it is essential to the jumpstart process(!?!) Anyhow, if you have disabled the service, adding a line such as this to the file /etc/inet/inetd.conf and restarting the inetd daemon (use /etc/init.d/inetsvc {startstop}) should start it up again:tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboottftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot
rpcbind, nfsd, mountd
RPC (Remote Procedure Call) plus the standard NFS Server suite. These services are required to serve out parts of the boot server's filesystem via NFS. The parts that need to be served are the Boot sub-directory of jumpstart-dir. On an Install/Boot server combo machine this is just a sub-directory of the jumpstart-dir which you will already be sharing via NFS. On a stand-alone Boot server this directory is wherever you told the Solaris 8 Jumpstart install scripts to install the boot-only portion of the Jumpstart files. (Basically what you will be serving is the directory tree used as the root filesystem on the install client) Under Solaris 8 these services are started by the rpc and nfs.server init scripts.On Install Server
rpcbind, nfsd, mountd
RPC (Remote Procedure Call) plus the standard NFS Server suite. These services are required to serve out parts of the Install server's filesystem via NFS. What needs to be shared is the jumpstart-dir, ie. where you tell the Solaris 8 Jumpstart install scripts to install to. You must also NFS share the sysidcfg directories where you put the sysidcfg files for your hosts.(One approach is to simply make the sysidcfg dir a subdirectory of the jumpstart-dir so that it is shared along with the jumpstart-dir and thus does not need a seperate dfstab entry, this also serves to put all of your jumpstart files under one directory tree rather than having them all spread out.)Under Solaris 8 these services are started by the rpc and nfs.server init scripts.
Key Files Needed for a Jumpstart InstallOn Boot Server
/etc/ethers, /etc/hosts
in.rarpd uses these files to give out an IP address to the Install Client, hence the install Client must have a valid entry in both of these files for things to work.ethers is a MAC Address to Hostname tablehosts is an IP Address to Hostname tableIn theory it maybe possible to use NIS for these purposes instead of the local flat files but if you want to do things like that you are on your own.
/etc/bootparams
rpc.bootparams uses this file to tell an Install Client where to NFS mount various install directories from. In particular, it tells where the Client should look to mount the 1) root filesystem used during the install, 2) jumpstart directory, 3) sysidcfg directorybootparams is a flat text file which can be edited by hand, there is an extensive manpage describing it's format. Alternately Sun provides two tools called add_install_client and rm_install_client (located in jumpstart-dir/Solaris_8/Tools) which can be used to add and remove entries from /etc/bootparams. I recommend this method becuase it also copies the right files into /tftpboot for the system. See further down for a sample usage of these scripts.
/etc/inet/inetd.conf
The tftp server that comes with Solaris is started from inetd, hence in order to run the in.tftpd daemon (which you need to transfer a boot kernel to the install client) you need to make sure it has a line in the inetd.conf file. The folowing two lines should do the trick if you don't already have any: tftp dgram udp wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboottftp dgram udp6 wait root /usr/sbin/in.tftpd in.tftpd -s /tftpboot
/tftpboot/*
There are a handful of files that go in here including a kernel for the Install Client boot. I don't know the specifics of these files because Sun's add_install_client and rm_install_client scripts (located in jumpstart-dir/Solaris_8/Tools) will take care of creating them for you. If any of you ambitious youngsters want crack the code and figure out what all these files are be sure to let me know what you find out!
/etc/dfs/dfstab
Solaris's NFS server config file. Really just a list of share commands that are executed when you run the 'shareall'.This is hardly the place for an NFS tutorial, but here's enough to get you started...On the Boot server you need to share out the Boot subdirectory of the the directory where you told the Solaris 8 Jumpstart install scripts to install to.The directory should be shared read-only with the anon=0 option set (meaning unknown users are given UID=0, sounds dangerous but you are share the FS as read only so it's not so bad) To accomplish this add a line such as this to the /etc/dfstabshare -F nfs -o ro,anon=0 /jumpstart-dir/BootI like to limit access to my local subnet, to do this use a line like this:share -F nfs -o ro=@192.168.1.0,anon=0 /jumpstart-dir/Boot Where 192.168.1.0 is the network address of your subnet. After changing the dfstab run /usr/sbin/unshareall, followed by /usr/sbin/shareall, to share the directories. You can run /usr/sbin/share to see what directories you are currently sharing via NFS.The nfs.server init script can also be used to restart the NFS server daemons and thus propgate your dfstab changes. On Install Server
/etc/dfst/dfstab
Solaris's NFS server config file. Really just a list of share commands that are executed when you run the 'shareall'.This is hardly the place for an NFS tutorial, but here's enough to get you started...On the Install server you need to share out the jumpstart directory, ie the directory where you told the Solaris 8 Jumpstart install scripts to install to.The directory should be shared read-only with the anon=0 option set (meaning unknown users are given UID=0, sounds dangerous but you are share the FS as read only so it's not so bad) To accomplish this add a line such as this to the /etc/dfstabshare -F nfs -o ro,anon=0 /jumpstart-dirI like to limit access to my local subnet, to do this use a line like this:share -F nfs -o ro=@192.168.1.0,anon=0 /jumpstart-dir Where 192.168.1.0 is the network address of your subnet. You also must share out your sysidcfg directory. I recommend making the sysidcfg directory a subdir of the jumpstart-dir, in which case the above lines would export this directory as well (so long as you do not cross filesystems, exporting a parent dir automatically exports all of it's sub-directories. Hence if I NFS export /export/home, a client can legally mount /export/home/scott or even /export/home/scott/Mail) But if you want to put your sysidcfg file somewhere else, you will need another line in the same format as the above sharing this directory as well.After changing the dfstab run /usr/sbin/unshareall, followed by /usr/sbin/shareall, to share the directories. You can run /usr/sbin/share to see what directories you are currently sharing via NFS.The nfs.server init script can also be used to restart the NFS server daemons and thus propgate your dfstab changes.
/jumpstart-dir/rules, /jumpstart-dir/rules.ok
/jumpstart-dir meaning wherever you told the Solaris 8 Jumpstart install scripts to install to. rules is a flat text file containing 'rules' for the install client to use when installing itself. Basically the client looks in the rules file for a rule which matches it's particular hostname, ip address, system architechture (SPARC/x86), etc. When it finds a match it then uses the begin-script, profile, and finish-script listed for that rule to do the system install. The sample rules file that is installed into the /jumpstart-dir by the Jumpstart Server Install scripts documents the options for this file and provides several useful examples. These options are also thoroughly documented in the Sun Solaris 8 Advanced Installation Guide (available online at docs.sun.com or try this direct link)Here's a quick sample rules entry to get you started:any - custom-start.sh core.profile custom-finish.shThis line matches any machine and will install it using the custom-start.sh pre-install script, the profile core.profile and the finish script custom-finish.shrules.ok is the file that is actually used, it is created by first creating a rules file and then running the supplied check script which will varify that all your rules and associated profiles make sense and then produce the rules.ok file. The check script is installed along with the rest of the jumpstart software by the Jumpstart Server Install Scripts and lives directly in the /jumpstart-dir, it takes no arguments and is simply run in the same directory as the rukes and profile files.
/jumpstart-dir/*.profile
The install profiles. These are flat text files that don't actually have to be named by any particular convention, although for sanity's sake '.profile' is my recommended extension.These files are named in the rules.ok file and tell the installer what packages/package clusters to install/remove from the install client, how to format the install client's disks, and what locale to install on the install client. The format of the profile file is pretty straight forward, it is thoroughly documented in the Sun Solaris 8 Advanced Installation Guide (available online at docs.sun.com or try this direct link).Here's a sample profile file to get you started:install_type initial_installsystem_type serverpartitioning explicitfilesys any 2000 /filesys any 1500 swapfilesys any 1500 /varfilesys any 2000 /optgeo N_Americacluster SUNWCreqpackage SUNWgzip addpackage SUNWless addpackage SUNWman addpackage SUNWbash addpackage SUNWtcsh addpackage SUNWzsh add
/sysidcfg-dir/hostname, /sysidcfg-dir/hostname/sysidcfg
/sysidcfg-dir being wherever you decided to put your sysidcfg directories. hostname being the hostname of the install client. One of the bootparams options will point an install client to /sysidcfg-dir/hostname and install client will then use look in this directory for a file named sysidcfg which it will use to complete the System Identification stage of the install.The /sysidcfg-dir must be nfs exported! You can actually use any name you want for the subdirectory, I chose to use the install client's hostname as a convention, and I recommend you do so as well. The important point is that in the bootparams file you point the install client at a directory and it then looks for a file named sysidcfg in that directory, hence you can not simply have a seperate file for each host, you must have a seperate directory containing a unique sysidcfg file for each host. (of course you can use the same sysidcfg file for multiple hosts, but read on to see why you may not want to do that.) The sysidcfg file is a flat text file containing hostname, ip address, name service, locale, IPv6, kerberos, netmask, root password hash, terminal and time service information. It's format and syntax are thoroughly documented in the Sun Solaris 8 Advanced Installation Guide (available online at docs.sun.com or try this direct link).Here's a sample sysidcfg file to get you started:system_locale=en_UStimezone=US/Centralterminal=xtermsname_service=NONEtimeserver=192.168.1.2security_policy=NONEroot_password=PpZsmNrUdbsGknetwork_interface=primary{ hostname=js-testip_address=192.168.1.5netmask=255.255.255.0protocol_ipv6=yes}
How To Setup a Jumpstart ServerStep 1) Install Jumpstart Software
All of the servers and whatnot (eg. nfsd, tftpd, etc) should already be on your system as they are part of the core Solaris 8 system.What's left to install then is the Jumpstart Server software from the Sun Install CD's. At minimum you'll need Solaris 8 Software CD 1 from the Solaris 8 install media kit.Insert the Solaris 8 Software CD 1 into the to-be Install Server and mount it.cd to /mount-point/Solaris_8/ToolsHere you will find the first Solaris 8 Jumpstart Server Install script, it's called: setup_install_serverRun the script with the directory into which you wish to install the Jumpstart Software as it's only argument, eg:./setup_install_server /jumpstart-dirThe destination directory should be empty and should have > 1 gigabyte of freespace available to it.This script basically just copies the contents of the install CD over to your Install Server. If you only want to create a Boot Server you can use the -b option which will only copy over the files required by a Boot Server.To add the contents of the other install CD's to your to-be Install Server (Software CD 2 is HIGHLY recommended, it contains the man page packages!) follow these steps for each CD:Insert the CD into the to-be Install Server and mount itcd to /mount-point/Solaris_8/ToolsHere you will find the secondary Solaris 8 Jumpstart Server Install script, it's called: add_to_install_serverRun this script with the directory into which you wish to install the Jumpstart Software as it's only argument, eg:./add_to_install_server /jumpstart-dir Again this script simple copies over the contents of the CD to your to-be Install Server.Now you need to copy over the check script and the sample profile and rules files into your /jumpstart-dir (actually these files can go in their own directory but that directory would also have to be NFS exported) One nice offshoot of the Jumpstart Server Install scripts just dumping the install CD's onto your Install Server's harddrive is that these files are now already on your Install Server, you've simply got to put copies in the root of your /jumpstart-dir. To do so use cp like this:cp /jumpstart-dir/sparc_8/Solaris_8/Misc/jumpstart_sample/* /jumpstart-dir/.Finally you'll need to setup your sysidcfg directory. To do so, simply choose where you want to put it (I recommend making it a sub-dir of your /jumpstart-dir) and create it, eg.mkdir -p /jumpstart-dir/sysidcfg-dir Step 2) Setup All the Required Server Daemons
Following the directions given above you'll need to make sure your to-be Install Server is running in.tftpd, in.rarpd and nfs sharing it's /jumpstart-dir and /sysidcfg-dir directories.Here's a checklist of what needs to be done to help out
/etc/dfstab must be set to share your jumpstart-dir and sysidcfg-dir
/etc/inet/inetd.conf should be setup to start in.tftpd
/tftpboot should be created
/etc/bootparams should be created (leave empty for now)
rpc services should be (re-)started
nfs server services should be (re-)started When you are done with all of this the following processes should show up in a ps -e:
in.rarpd
rpc.bootparams
rpcbind
nfsd
mountd
inetdStep 3) Setup Install Client
Your install server is more or less good to go now, all that's left is to flesh it out with rules, sysidcfg files, and profiles for your various hosts.Here's a sample walkthrough of adding a dummy Install Client named js-test.Add entries for js-test in the /etc/ethers and /etc/hosts files.Create a sysidcfg directory and file for js-test.Add js-test to /etc/bootparams and install boot files for it in /tftpboot.To do this using the provided add_install_client script follow these stepscd /jumpstart-dir/Solaris_8/Tools./add_install_client -c jumpstart-server:/jumpstart_dir -p jumpstart-server:/sysidcfg-dir/js-test js-test sun4uHere jumpstart-server is the hostname of your Install Server, /jumpstart-dir is your jumpstart-dir, /sysidcfg-dir/js-test is wherever you put the sysidcfg file for the install client, and sun4u is the platform group of the install client (Sparc, UltraSparc, x86)add_install_client has an extensive man page which details all it's options and is well worth reading. Next, you must make sure there is a matching rule in the rules and rules.ok files as well as a corresponding profile for your host.The installer simply uses the first line in rules.ok that matches for your host so be careful with the order of lines in that file.Now drop js-test to the 'ok' prompt, type 'boot net - install' and watch the magic happen!!




That's all folks!!

No comments: