Skip to content

Solaris Jumpstart Installations In An All-Debian Environment

Time to bring the Solaris workstations into our new infrastructure, to discover all the hidden Debian-specific parts in my Puppet manifests, and then fix them to be platform-neutral. First off, I need to be able to ensure a common base installation on my Solaris systems, and to have that base be as hands-off as possible. Alongside this, I need to leverage our existing Debian infrastructure since the only extra Suns I have are very old and slow, and I have nowhere to house them (I will not Jumpstart from a Sparc 20 with a 10 megabit interface when I have a new file server with gigabit ethernet).

The folks over at 5dollarwhitebox.org have this Jumpstart from Debian page, but I had to make a few tweaks to make it coexist with our existing DHCP and PXE setup.

We have a Debian dhcp3 server handling DHCP for our subnet, including Windows clients, Debian and Ubuntu workstations, and Debian servers. Each of these systems needs to PXE-boot at various times, so I had to change the 5dollarwhitebox instructions to keep the Solaris-specific PXE items from conflicting with the Debian ones. Here’s an excerpt from our current dhcpd.conf:

# Basic settings for all subnets
ddns-update-style none;
option domain-name "cae.tntech.edu";
option domain-name-servers 149.149.254.4, 149.149.11.6;
default-lease-time 259200;
max-lease-time 259200;
authoritative;
log-facility local7;
# Variable names and types for all Solaris systems that will use
# 'boot net:dhcp - install'
option space SUNW;
option SUNW.root-mount-options code 1 = text;
option SUNW.root-server-ip-address code 2 = ip-address;
option SUNW.root-server-hostname code 3 = text;
option SUNW.root-path-name code 4 = text;
option SUNW.swap-server-ip-address code 5 = ip-address;
option SUNW.swap-file-path code 6 = text;
option SUNW.boot-file-path code 7 = text;
option SUNW.posix-timezone-string code 8 = text;
option SUNW.boot-read-size code 9 = unsigned integer 16;
option SUNW.install-server-ip-address code 10 = ip-address;
option SUNW.install-server-hostname code 11 = text;
option SUNW.install-path code 12 = text;
option SUNW.sysid-config-file-server code 13 = text;
option SUNW.JumpStart-server code 14 = text;
option SUNW.terminal-name code 15 = text;
# Options specific to this subnet
subnet 149.149.254.0 netmask 255.255.255.0 {
  option broadcast-address 149.149.254.255;
  option routers 149.149.254.4;
  option netbios-name-servers 149.149.254.38, 149.149.11.3;
  option netbios-node-type 4;
  allow booting;
}
# Options specific to Jumpstart Solaris 9 systems
group {
  vendor-option-space SUNW;
  option SUNW.install-server-hostname "jumpstart";
  option SUNW.install-server-ip-address 149.149.254.X;
  option SUNW.install-path "/opt/solaris/jumpstart/9/install";
  option SUNW.JumpStart-server "jumpstart:/opt/solaris/jumpstart/9";
  option SUNW.sysid-config-file-server "jumpstart:/opt/solaris/jumpstart/9/config";
  option SUNW.root-server-hostname "jumpstart";
  option SUNW.root-server-ip-address 149.149.254.X;
  option SUNW.root-path-name "/opt/solaris/jumpstart/9/install/Solaris_9/Tools/Boot";
  # Each Jumpstart Solaris system needs to be assigned a hostname and a kernel.
  # We may also want to assign a fixed address, but this isn't a requirement.
  host ch208m { hardware ethernet a1:b1:c1:d1:e1:f1; fixed-address 149.149.254.13;
    filename "/tftpboot/SUNW.Ultra-80"; option host-name "ch208m"; }
  host ch208n { hardware ethernet a2:b2:c2:d2:e2:f2; fixed-address 149.149.254.14;
    filename "/tftpboot/SUNW.Sun-Blade-1000"; option host-name "ch208n"; }
  host ch208o { hardware ethernet a3:b3:c3:d3:e3:f3; fixed-address 149.149.254.15;
    filename "/tftpboot/SUNW.Sun-Blade-1000"; option host-name "ch208o"; }
  host ch314b { hardware ethernet a4:b4:c4:d4:e4:f4; fixed-address 149.149.254.220;
    filename "/tftpboot/SUNW.Sun-Blade-100"; option host-name "ch314b"; }
}
# Other Windows or Linux entries
host ch208c {hardware ethernet a5:b5:c5:d5:e5:f5; fixed-address 149.149.254.3;}
host ch208r {hardware ethernet a6:b6:c6:d6:e6:f6; fixed-address 149.149.254.18;
  filename "/tftpboot/pxelinux.0";}

The PXE and DHCP server is the one we’ve been using for doing Debian net installs and preseed installations. See Section 4.6.2 of the Debian 4.0 installation manual for instructions.

As for populating the jumpstart and DHCP servers, I started by doing a default installation of Solaris 9 onto my office Blade 100. Once that was installed, I could copy the Solaris installation, software, and language CDs onto a local jumpstart tree using the standard Sun scripts, and then copy that tree to the jumpstart server itself.

ch314b# mkdir -p /local_jumpstart/9/install
# Insert Solaris 9 Software CD 1 of 2
ch314b# /cdrom/cdrom0/s0/Solaris_9/Tools/setup_install_server /local_jumpstart/9/install
# Eject CD, insert Solaris 9 Software CD 2 of 2
ch314b# /cdrom/cdrom0/Solaris_9/Tools/add_to_install_server /local_jumpstart/9/install
# Eject CD, insert Solaris 9 Languages CD
ch314b# /cdrom/cdrom0/Languages/Tools/add_to_install_server /local_jumpstart/9/install
# Mount central Jumpstart directory, then copy local_jumpstart folder there:
ch314b# mkdir /mnt/jumpstart
ch314b# mount jumpstart:/opt/solaris/jumpstart /mnt/jumpstart
ch314b# cd /local_jumpstart ; tar -cf - . | ( cd /mnt/jumpstart && tar -xvpf - )

On the jumpstart server, I copied the required Solaris netboot kernels to the DHCP server’s /tftpboot directory:

jumpstart# cd /opt/solaris/jumpstart/9/install/Solaris_9/Tools/Boot/usr/platform
jumpstart# scp SUNW,Sun-Blade-100/lib/fs/nfs/inetboot dhcp:/tftpboot/SUNW.Sun-Blade-100
jumpstart# scp SUNW,Sun-Blade-1000/lib/fs/nfs/inetboot dhcp:/tftpboot/SUNW.Sun-Blade-1000
jumpstart# scp SUNW,Ultra-80/lib/fs/nfs/inetboot dhcp:/tftpboot/SUNW.Ultra-80

Finally, I copied some of the sample Jumpstart configurations into the version-specific folders:

jumpstart# cd /opt/solaris/jumpstart/9
jumpstart# cp -a install/Solaris_9/Misc/jumpstart_sample/* .

Final configuration files on the jumpstart server:

/opt/solaris/jumpstart/9/config/sysidcfg defines site policies for timezone, network setup, and other things that aren’t strictly system-specific:

name_service=DNS{domain_name=cae.tntech.edu name_server=149.149.254.4,149.149.11.6}
network_interface=PRIMARY{dhcp protocol_ipv6=no}
root_password=CRYPTEDROOTPASSWORDGOESHERE
security_policy=NONE
system_locale=en_US
terminal=vt100
timezone=US/Central
timeserver=localhost

/opt/solaris/jumpstart/9/rules maps system types to particular installation scripts and profiles. Ours is very simple, and sets all our systems to the same setup:

any     -       pre-install.sh  any_machine     post-install.sh

/opt/solaris/jumpstart/9/rules.ok is the rules file with a Sun-generated checksum added. There’s a check script in /opt/solaris/jumpstart/9 that you run to convert the rules file into a rules.ok file — as far as I can tell, this has to be run from a Solaris box:

any     -       pre-install.sh  any_machine     post-install.sh
# version=2 checksum=4486

/opt/solaris/jumpstart/9/any_machine defines the installation type, disk partitioning, and the basic Sun software load. This one divides a single drive into 32 MB for system upgrades (no mount point defined), 1 GB for swap, and the rest of the disk for the root partition.

install_type    initial_install
system_type     standalone
partitioning    explicit
filesys any free /
filesys any 1024 swap
filesys any 32
geo             N_America
locale          C
cluster         SUNWCall

/opt/solaris/jumpstart/9/pre-install.sh exists, but is entirely empty.

jumpstart# ls -l pre-install.sh
-rwxr-xr-x 1 root bin 0 2007-10-10 13:32 pre-install.sh

/opt/solaris/jumpstart/9/post-install.sh takes care of installing pkg-get, facter, puppet, and getting the system ready for Sun’s JASS scripts:

#!/bin/sh

###
echo "Preparation"
###
mkdir /a/jumpstart
mount files.cae.tntech.edu:/opt/solaris/jumpstart /a/jumpstart

###
echo "JASS"
###
cd /a/jumpstart
for addon_pkg in SUNBEfixm.pkg SUNBEmd5.pkg
do
  echo all | pkgadd -n -d ${addon_pkg} -R /a
done
pkgadd -a admin.jumpstart -d . -R /a SUNWjass
cp finish.init /a/opt/SUNWjass/Drivers
cp hardening.driver /a/opt/SUNWjass/Drivers
cp root.profile /a/opt/SUNWjass/Files/.profile
mkdir -p /a/opt/SUNWjass/Patches
cp /a/jumpstart/9/9_Recommended.zip /a/opt/SUNWjass/Patches
cd /a/opt/SUNWjass/Patches
unzip 9_Recommended.zip
cp /a/jumpstart/S21jass.sh /a/etc/rc2.d

###
echo "Blastwave support"
###
cd /a/jumpstart
mkdir -p /a/usr/local/bin
cp wget-sparc.bin /a/usr/local/bin/wget
chmod 755 /a/usr/local/bin/wget
mkdir -p /a/opt/csw
echo all | pkgadd -a admin.jumpstart -d pkg_get-3.8.1-all-CSW.pkg -R /a
cp /a/jumpstart/pkg-get.conf /a/opt/csw/etc
cp /a/var/pkg-get/admin-fullauto /a/var/pkg-get/admin

###
echo "Puppet"
###
cd /a/jumpstart
echo all | pkgadd -a admin.jumpstart -d \\
    facter-1.3.8,REV=2007.09.23-SunOS5.8-all-CSW.pkg -R /a
echo all | pkgadd -a admin.jumpstart -d \\
    puppet-0.23.2,REV=2007.09.23-SunOS5.8-all-CSW.pkg -R /a
cp S98puppetd /a/etc/rc2.d

###
echo "Teardown"
###
cd /
umount /a/jumpstart
rmdir /a/jumpstart

admin.jumpstart prevents pkgadd from asking most of its regular installation questions:

mail=
instance=unique
partial=nocheck
runlevel=nocheck
idepend=nocheck
rdepend=nocheck
space=nocheck
setuid=nocheck
conflict=nocheck
action=nocheck
basedir=default

S21jass.sh is a basic one-time JASS installer:

#!/bin/sh
echo "Running Jumpstart Security:"
if [ ! -f /etc/jass.done ]; then
    cd /opt/SUNWjass
    JASS_NOVICE_USER=0 ./bin/jass-execute -d secure.driver
    touch /etc/jass.done
    echo "...done"
    sync
    sync
    echo "Rebooting..."
    reboot
else
    echo "...JASS already run."
fi

The facter and puppet Solaris packages come from Gary Law. The S98puppetd file is slightly edited to make it run under Solaris versions earlier than 10:

#!/bin/sh
# This is the /etc/init.d file for puppetd
# Modified for CSW
#
# description: puppetd - Puppet Automation Client
#

#. /lib/svc/share/smf_include.sh

prefix=/opt/csw
exec_prefix=/opt/csw
sysconfdir=/opt/csw/etc
sbindir=/opt/csw/bin

PATH=$PATH:/usr/local/bin:/usr/local/sbin:/opt/csw/bin:/opt/csw/sbin
export PATH

pidfile=/var/puppet/run/puppetd.pid

if [ ! -f /opt/csw/bin/ruby ]; then
    /opt/csw/bin/pkg-get -f install ruby
fi

case "$1" in
start)
    cd /
    # Start daemons.

    printf "Starting Puppet client services:"

    /opt/csw/bin/puppetd --factsync --server gold.cae.tntech.edu

    printf " puppetd"
    echo ""
    ;;
stop)
    printf "Stopping Puppet client services:"
    kill `cat $pidfile`

    printf " puppetd"
    echo ""
    ;;
restart)
    printf "Restarting Puppet client services:"
    kill -HUP `cat $pidfile`

    printf " puppetd"
    echo ""
    ;;
reload)
    printf "Reloading Puppet client services:"

    kill -HUP `cat $pidfile`

        printf " puppetd"
        echo ""
    ;;
status)
    if [ -f $pidfile ]; then
        pid=`cat $pidfile`
        curpid=`pgrep puppetd`
        if [ "$pid" -eq "$curpid" ]; then
            exit 0
        else
            exit 1
        fi
    else
        exit 1
    fi
esac
exit 0

# $Id: svc-puppetd 1796 2006-10-17 06:09:41Z luke $

UPDATE 2007/11/16: Solaris 10 addendum.

Solaris 10 introduces a few new wrinkles into the setup.

  1. On first netbooting Solaris 10, I got an error cannot open kernel/sparcv9/unix. There are tons of possible causes for this error, and lots of possible solutions. The cause in this particular case is that the Solaris NFSv4 implementation isn’t compatible with the Linux one (at least the one in Debian’s nfs-kernel-server package). Dickon Hood worked around it by using nfs-user-server, while vnull just reconfigured his nfs-kernel-server to only offer NFSv2. Like one of vnull’s commenters, I managed to get things to cooperate by offering NFSv2 and NFSv3. Since I’m working from a central file server with lots of NFSv3 clients, I couldn’t just drop back to exclusively NFSv2.
  2. After fixing the boot problem, I finally get the installation GUI running, and it immediately starts asking questions. I thought, “Crap, how’d I screw up sysidcfg this time?” As it turns out, the only question it couldn’t answer from sysidcfg was about its NFSv4 domain. No surprise, since this wasn’t an issue in Solaris 8 or 9. Adding nfs4_domain=cae.tntech.edu to sysidcfg took care of that question. nfs4_domain=dynamic may have worked fine, too.
  3. Solaris 10 means I can use SMF, so I can uncomment the SMF line in the puppetd init script.

{ 1 } Trackback

  1. jumpstart - StartTags.com | January 26, 2010 at 11:47 am | Permalink

    […] and configuration of Nagios, a powerful open source monitoring solution for host and services. I.Mike Renfro's Blog : Solaris Jumpstart Installations In An …Solaris Jumpstart Installations In An All-Debian Environment … jumpstart# cd […]

Post a Comment

Your email is never published nor shared. Required fields are marked *