Time to bring the Solaris workstations into our new infrastructure, to discover all the hidden Debian-specific parts in my Puppet manifests, and then fix them to be platform-neutral. First off, I need to be able to ensure a common base installation on my Solaris systems, and to have that base be as hands-off as possible. Alongside this, I need to leverage our existing Debian infrastructure since the only extra Suns I have are very old and slow, and I have nowhere to house them (I will not Jumpstart from a Sparc 20 with a 10 megabit interface when I have a new file server with gigabit ethernet).
The folks over at 5dollarwhitebox.org have this Jumpstart from Debian page, but I had to make a few tweaks to make it coexist with our existing DHCP and PXE setup.
We have a Debian dhcp3 server handling DHCP for our subnet, including Windows clients, Debian and Ubuntu workstations, and Debian servers. Each of these systems needs to PXE-boot at various times, so I had to change the 5dollarwhitebox instructions to keep the Solaris-specific PXE items from conflicting with the Debian ones. Here’s an excerpt from our current dhcpd.conf:
# Basic settings for all subnets
ddns-update-style none;
option domain-name "cae.tntech.edu";
option domain-name-servers 149.149.254.4, 149.149.11.6;
default-lease-time 259200;
max-lease-time 259200;
authoritative;
log-facility local7;
# Variable names and types for all Solaris systems that will use
# 'boot net:dhcp - install'
option space SUNW;
option SUNW.root-mount-options code 1 = text;
option SUNW.root-server-ip-address code 2 = ip-address;
option SUNW.root-server-hostname code 3 = text;
option SUNW.root-path-name code 4 = text;
option SUNW.swap-server-ip-address code 5 = ip-address;
option SUNW.swap-file-path code 6 = text;
option SUNW.boot-file-path code 7 = text;
option SUNW.posix-timezone-string code 8 = text;
option SUNW.boot-read-size code 9 = unsigned integer 16;
option SUNW.install-server-ip-address code 10 = ip-address;
option SUNW.install-server-hostname code 11 = text;
option SUNW.install-path code 12 = text;
option SUNW.sysid-config-file-server code 13 = text;
option SUNW.JumpStart-server code 14 = text;
option SUNW.terminal-name code 15 = text;
# Options specific to this subnet
subnet 149.149.254.0 netmask 255.255.255.0 {
option broadcast-address 149.149.254.255;
option routers 149.149.254.4;
option netbios-name-servers 149.149.254.38, 149.149.11.3;
option netbios-node-type 4;
allow booting;
}
# Options specific to Jumpstart Solaris 9 systems
group {
vendor-option-space SUNW;
option SUNW.install-server-hostname "jumpstart";
option SUNW.install-server-ip-address 149.149.254.X;
option SUNW.install-path "/opt/solaris/jumpstart/9/install";
option SUNW.JumpStart-server "jumpstart:/opt/solaris/jumpstart/9";
option SUNW.sysid-config-file-server "jumpstart:/opt/solaris/jumpstart/9/config";
option SUNW.root-server-hostname "jumpstart";
option SUNW.root-server-ip-address 149.149.254.X;
option SUNW.root-path-name "/opt/solaris/jumpstart/9/install/Solaris_9/Tools/Boot";
# Each Jumpstart Solaris system needs to be assigned a hostname and a kernel.
# We may also want to assign a fixed address, but this isn't a requirement.
host ch208m { hardware ethernet a1:b1:c1:d1:e1:f1; fixed-address 149.149.254.13;
filename "/tftpboot/SUNW.Ultra-80"; option host-name "ch208m"; }
host ch208n { hardware ethernet a2:b2:c2:d2:e2:f2; fixed-address 149.149.254.14;
filename "/tftpboot/SUNW.Sun-Blade-1000"; option host-name "ch208n"; }
host ch208o { hardware ethernet a3:b3:c3:d3:e3:f3; fixed-address 149.149.254.15;
filename "/tftpboot/SUNW.Sun-Blade-1000"; option host-name "ch208o"; }
host ch314b { hardware ethernet a4:b4:c4:d4:e4:f4; fixed-address 149.149.254.220;
filename "/tftpboot/SUNW.Sun-Blade-100"; option host-name "ch314b"; }
}
# Other Windows or Linux entries
host ch208c {hardware ethernet a5:b5:c5:d5:e5:f5; fixed-address 149.149.254.3;}
host ch208r {hardware ethernet a6:b6:c6:d6:e6:f6; fixed-address 149.149.254.18;
filename "/tftpboot/pxelinux.0";}
The PXE and DHCP server is the one we’ve been using for doing Debian net installs and preseed installations. See Section 4.6.2 of the Debian 4.0 installation manual for instructions.
As for populating the jumpstart and DHCP servers, I started by doing a default installation of Solaris 9 onto my office Blade 100. Once that was installed, I could copy the Solaris installation, software, and language CDs onto a local jumpstart tree using the standard Sun scripts, and then copy that tree to the jumpstart server itself.
ch314b# mkdir -p /local_jumpstart/9/install # Insert Solaris 9 Software CD 1 of 2 ch314b# /cdrom/cdrom0/s0/Solaris_9/Tools/setup_install_server /local_jumpstart/9/install # Eject CD, insert Solaris 9 Software CD 2 of 2 ch314b# /cdrom/cdrom0/Solaris_9/Tools/add_to_install_server /local_jumpstart/9/install # Eject CD, insert Solaris 9 Languages CD ch314b# /cdrom/cdrom0/Languages/Tools/add_to_install_server /local_jumpstart/9/install # Mount central Jumpstart directory, then copy local_jumpstart folder there: ch314b# mkdir /mnt/jumpstart ch314b# mount jumpstart:/opt/solaris/jumpstart /mnt/jumpstart ch314b# cd /local_jumpstart ; tar -cf - . | ( cd /mnt/jumpstart && tar -xvpf - )
On the jumpstart server, I copied the required Solaris netboot kernels to the DHCP server’s /tftpboot directory:
jumpstart# cd /opt/solaris/jumpstart/9/install/Solaris_9/Tools/Boot/usr/platform jumpstart# scp SUNW,Sun-Blade-100/lib/fs/nfs/inetboot dhcp:/tftpboot/SUNW.Sun-Blade-100 jumpstart# scp SUNW,Sun-Blade-1000/lib/fs/nfs/inetboot dhcp:/tftpboot/SUNW.Sun-Blade-1000 jumpstart# scp SUNW,Ultra-80/lib/fs/nfs/inetboot dhcp:/tftpboot/SUNW.Ultra-80
Finally, I copied some of the sample Jumpstart configurations into the version-specific folders:
jumpstart# cd /opt/solaris/jumpstart/9 jumpstart# cp -a install/Solaris_9/Misc/jumpstart_sample/* .
Final configuration files on the jumpstart server:
/opt/solaris/jumpstart/9/config/sysidcfg defines site policies for timezone, network setup, and other things that aren’t strictly system-specific:
name_service=DNS{domain_name=cae.tntech.edu name_server=149.149.254.4,149.149.11.6}
network_interface=PRIMARY{dhcp protocol_ipv6=no}
root_password=CRYPTEDROOTPASSWORDGOESHERE
security_policy=NONE
system_locale=en_US
terminal=vt100
timezone=US/Central
timeserver=localhost
/opt/solaris/jumpstart/9/rules maps system types to particular installation scripts and profiles. Ours is very simple, and sets all our systems to the same setup:
any - pre-install.sh any_machine post-install.sh
/opt/solaris/jumpstart/9/rules.ok is the rules file with a Sun-generated checksum added. There’s a check script in /opt/solaris/jumpstart/9 that you run to convert the rules file into a rules.ok file — as far as I can tell, this has to be run from a Solaris box:
any - pre-install.sh any_machine post-install.sh # version=2 checksum=4486
/opt/solaris/jumpstart/9/any_machine defines the installation type, disk partitioning, and the basic Sun software load. This one divides a single drive into 32 MB for system upgrades (no mount point defined), 1 GB for swap, and the rest of the disk for the root partition.
install_type initial_install system_type standalone partitioning explicit filesys any free / filesys any 1024 swap filesys any 32 geo N_America locale C cluster SUNWCall
/opt/solaris/jumpstart/9/pre-install.sh exists, but is entirely empty.
jumpstart# ls -l pre-install.sh -rwxr-xr-x 1 root bin 0 2007-10-10 13:32 pre-install.sh
/opt/solaris/jumpstart/9/post-install.sh takes care of installing pkg-get, facter, puppet, and getting the system ready for Sun’s JASS scripts:
#!/bin/sh
###
echo "Preparation"
###
mkdir /a/jumpstart
mount files.cae.tntech.edu:/opt/solaris/jumpstart /a/jumpstart
###
echo "JASS"
###
cd /a/jumpstart
for addon_pkg in SUNBEfixm.pkg SUNBEmd5.pkg
do
echo all | pkgadd -n -d ${addon_pkg} -R /a
done
pkgadd -a admin.jumpstart -d . -R /a SUNWjass
cp finish.init /a/opt/SUNWjass/Drivers
cp hardening.driver /a/opt/SUNWjass/Drivers
cp root.profile /a/opt/SUNWjass/Files/.profile
mkdir -p /a/opt/SUNWjass/Patches
cp /a/jumpstart/9/9_Recommended.zip /a/opt/SUNWjass/Patches
cd /a/opt/SUNWjass/Patches
unzip 9_Recommended.zip
cp /a/jumpstart/S21jass.sh /a/etc/rc2.d
###
echo "Blastwave support"
###
cd /a/jumpstart
mkdir -p /a/usr/local/bin
cp wget-sparc.bin /a/usr/local/bin/wget
chmod 755 /a/usr/local/bin/wget
mkdir -p /a/opt/csw
echo all | pkgadd -a admin.jumpstart -d pkg_get-3.8.1-all-CSW.pkg -R /a
cp /a/jumpstart/pkg-get.conf /a/opt/csw/etc
cp /a/var/pkg-get/admin-fullauto /a/var/pkg-get/admin
###
echo "Puppet"
###
cd /a/jumpstart
echo all | pkgadd -a admin.jumpstart -d \\
facter-1.3.8,REV=2007.09.23-SunOS5.8-all-CSW.pkg -R /a
echo all | pkgadd -a admin.jumpstart -d \\
puppet-0.23.2,REV=2007.09.23-SunOS5.8-all-CSW.pkg -R /a
cp S98puppetd /a/etc/rc2.d
###
echo "Teardown"
###
cd /
umount /a/jumpstart
rmdir /a/jumpstart
admin.jumpstart prevents pkgadd from asking most of its regular installation questions:
mail= instance=unique partial=nocheck runlevel=nocheck idepend=nocheck rdepend=nocheck space=nocheck setuid=nocheck conflict=nocheck action=nocheck basedir=default
S21jass.sh is a basic one-time JASS installer:
#!/bin/sh
echo "Running Jumpstart Security:"
if [ ! -f /etc/jass.done ]; then
cd /opt/SUNWjass
JASS_NOVICE_USER=0 ./bin/jass-execute -d secure.driver
touch /etc/jass.done
echo "...done"
sync
sync
echo "Rebooting..."
reboot
else
echo "...JASS already run."
fi
The facter and puppet Solaris packages come from Gary Law. The S98puppetd file is slightly edited to make it run under Solaris versions earlier than 10:
#!/bin/sh
# This is the /etc/init.d file for puppetd
# Modified for CSW
#
# description: puppetd - Puppet Automation Client
#
#. /lib/svc/share/smf_include.sh
prefix=/opt/csw
exec_prefix=/opt/csw
sysconfdir=/opt/csw/etc
sbindir=/opt/csw/bin
PATH=$PATH:/usr/local/bin:/usr/local/sbin:/opt/csw/bin:/opt/csw/sbin
export PATH
pidfile=/var/puppet/run/puppetd.pid
if [ ! -f /opt/csw/bin/ruby ]; then
/opt/csw/bin/pkg-get -f install ruby
fi
case "$1" in
start)
cd /
# Start daemons.
printf "Starting Puppet client services:"
/opt/csw/bin/puppetd --factsync --server gold.cae.tntech.edu
printf " puppetd"
echo ""
;;
stop)
printf "Stopping Puppet client services:"
kill `cat $pidfile`
printf " puppetd"
echo ""
;;
restart)
printf "Restarting Puppet client services:"
kill -HUP `cat $pidfile`
printf " puppetd"
echo ""
;;
reload)
printf "Reloading Puppet client services:"
kill -HUP `cat $pidfile`
printf " puppetd"
echo ""
;;
status)
if [ -f $pidfile ]; then
pid=`cat $pidfile`
curpid=`pgrep puppetd`
if [ "$pid" -eq "$curpid" ]; then
exit 0
else
exit 1
fi
else
exit 1
fi
esac
exit 0
# $Id: svc-puppetd 1796 2006-10-17 06:09:41Z luke $
UPDATE 2007/11/16: Solaris 10 addendum.
Solaris 10 introduces a few new wrinkles into the setup.
- On first netbooting Solaris 10, I got an error
cannot open kernel/sparcv9/unix. There are tons of possible causes for this error, and lots of possible solutions. The cause in this particular case is that the Solaris NFSv4 implementation isn’t compatible with the Linux one (at least the one in Debian’s nfs-kernel-server package). Dickon Hood worked around it by using nfs-user-server, while vnull just reconfigured his nfs-kernel-server to only offer NFSv2. Like one of vnull’s commenters, I managed to get things to cooperate by offering NFSv2 and NFSv3. Since I’m working from a central file server with lots of NFSv3 clients, I couldn’t just drop back to exclusively NFSv2. - After fixing the boot problem, I finally get the installation GUI running, and it immediately starts asking questions. I thought, “Crap, how’d I screw up sysidcfg this time?” As it turns out, the only question it couldn’t answer from sysidcfg was about its NFSv4 domain. No surprise, since this wasn’t an issue in Solaris 8 or 9. Adding
nfs4_domain=cae.tntech.eduto sysidcfg took care of that question.nfs4_domain=dynamicmay have worked fine, too. - Solaris 10 means I can use SMF, so I can uncomment the SMF line in the puppetd init script.
Leave a comment