• Software was more important than hardware.
• Some software ran only under Windows, some had no Windows version at all.
• Of the non-Windows software people cared about, there was always a version for Solaris. There was often a version for most other Unixes, but regardless of the company, they always had a Solaris version.
• Sun’s matching grant program for education was awesome.

And to be fair, for some operations, our Sun Blade 1000 workstations blow the doors off of our Dell Precision Workstations with 3x the clock cycles. We’ve had very little hardware trouble from the Suns, and the aforementioned matching grant program and judicious use of third-party upgrade vendors let us buy two decked out Ultra 80 workstations on a budget that was originally allocated for one decked out workstation and one considerably lower-specced one.

But there’s little to no excuse for the following:

• patchadd rewrites every byte of /var/sadm/install/contents every time you do a file operation. During jumpstarts, I manage to put that file in a tmpfs for faster access, but before that, I couldn’t do a single Solaris-only Jumpstart install in less than half a day.
• Solaris 10 includes Samba. Solaris 10’s Samba includes winbind, which is what I use on my Debian systems to convert Active Directory accounts to Unix ones. But the Solaris 10 winbind doesn’t include the idmap_rid backend for consistently converting an Active Directory RID into a Unix UID, which confuses NFS mightily. I thought blastwave’s or sunfreeware’s Samba packages might be better, but they weren’t. I found these instructions for configuring winbind and idmap_rid for Solaris, but they’re squirreled off in a manual for Sun Cluster Data Services. What reason might they have for not compiling in idmap_rid by default? Am I the only person who uses Active Directory to generate UIDs for a central NFS and Samba server?
• Today, during an attempt to install and test Matlab 7.6, I found that X11 forwarding is broken on recently-patched Solaris systems like mine. A similar bug came up in 2005 and sat unfixed for a few months. The usual fix of telling sshd to only listen on IPv4 interfaces in sshd_config isn’t enough, though. You actually have to add the -4 argument to the sshd service file.

I hate throwing away tens of thousands of dollars of perfectly functional hardware. I could install Debian’s sparc port on them, but why? I’d lose access to Ansys, Matlab, and all the other packages that are the reason I have these systems in the first place. And letting them languish like they did for years before I got into the managed infrastructure business seems a waste. Solaris 10, puppet, and the newer firmware that allows PXE booting is such a vast improvement over earlier versions for what I need to do, but there’s still some distance to go before it’s up to Debian standards.

If we went through the same evaluation process in 2002, I’d probably not have any Solaris sytems at all. Matlab, Maple, Ansys, Abaqus, etc. were all coming out with (or had already come out with) Linux versions. We’d have spent a lot less on hardware, and some jobs just love the extra clock cycles available on an Intel CPU.

The packages

I already use Blastwave and pkg-get to install third-party free software applications, so I figured it would be easiest to use the same tools on my packaging. So for a first example, I installed Maple 11.00 manually into /opt/maple/11 on a Solaris 10 system. Then I made a temporary working folder and build folder, made an opt folder there, and moved the maple folder from the regular opt to my build folder’s opt. I also made a usr/local/bin in my build folder, and made relative symlinks from the main Maple executables to their assumed homes in usr/local/bin. The abridged results from the temporary working folder looked like this:

# pwd
/root/work/maple11-11.00
# ls -l
total 6
drwxr-xr-x   4 root     root         512 May 22 09:27 build
-rw-r--r--   1 root     root          41 May 21 17:59 copyright
-rw-r--r--   1 root     root           0 May 22 09:36 depend
-rw-r--r--   1 root     root         143 May 22 09:35 pkginfo
# cat copyright
Copyright MapleSoft, All Rights Reserved
# cat pkginfo
PKG=MAPLmaple11
NAME=maple11
VERSION=11.00
ARCH=sun4u
DESC=Interactive computer algebra system
BASEDIR=/
CATEGORY=application
VENDOR=MapleSoft
EMAIL=renfro@tntech.edu
# ls -al build/opt/maple/11
total 504
drwxrwxr-x  17 root     other        512 May 22 08:43 .
drwxrwxr-x   3 root     other        512 May 22 08:42 ..
drwxr-xr-x   2 root     other        512 May 22 08:42 afm
drwxr-xr-x   2 root     other        512 May 22 08:42 bin
drwxr-xr-x   3 root     other       2048 May 22 08:42 bin.SUN_SPARC_SOLARIS
drwxr-xr-x   9 root     other        512 May 22 08:42 data
drwxr-xr-x   2 root     other        512 May 22 08:42 etc
drwxr-xr-x   2 root     other       3072 May 22 08:42 examples
drwxr-xr-x   3 root     other        512 May 22 08:42 extern
-rw-r--r--   1 root     other     153861 May 21 14:12 Install.html
drwxr-xr-x   2 root     other       1536 May 22 08:42 java
drwxrwxr-x   7 root     other        512 May 22 08:42 jre.SUN_SPARC_SOLARIS
drwxr-xr-x   4 root     other       1536 May 22 08:43 lib
drwxr-xr-x   2 root     other        512 May 22 08:43 license
drwxr-xr-x   3 root     other        512 May 22 08:43 man
-rw-rw-r--   1 root     other      60064 May 21 14:15 Maple_11_InstallLog.log
-rw-r--r--   1 root     other      10285 May 21 14:12 readme.txt
drwxr-xr-x   6 root     other        512 May 22 08:43 samples
drwxr-xr-x   2 root     other        512 May 22 08:43 test
drwxr-xr-x   2 root     other        512 May 22 08:42 X11_defaults
# ls -al build/usr/local/bin
total 10
drwxr-xr-x   2 root     root         512 May 22 08:56 .
drwxr-xr-x   3 root     root         512 May 22 08:47 ..
lrwxrwxrwx   1 root     root          31 May 22 08:55 maple11 -> ../../../opt/maple/11/bin/maple
lrwxrwxrwx   1 root     root          30 May 22 08:56 mint11 -> ../../../opt/maple/11/bin/mint
lrwxrwxrwx   1 root     root          32 May 22 08:55 xmaple11 -> ../../../opt/maple/11/bin/xmaple

Now, given that folder structure, I could adapt Blastwave’s package creation instructions to create some workable Solaris packages:

# (echo "i pkginfo"; echo "i copyright" ; echo "i depend" ; cd build ; find . | pkgproto ) > prototype
# pkgmk -b / -a `uname -p`
# filename=maple11-11.00-SunOS`uname -r`-`uname -p`.pkg
# pkgtrans -s /var/spool/pkg /root/$filename MAPLmaple11
# cd /root
# gzip $filename

Once mkpkg is all done with its work, I have a valid maple11-11.00-SunOS5.10-sparc.pkg.gz Solaris package in my /root folder. After testing it with regular pkgadd, I’m ready to put it into a private pkg-get repository.

The pkg-get repository

Compared to a Debian repository, a pkg-get repository is pretty simple. From the top-level folder in the repository on the ftp server:

# find sparc -print
sparc
sparc/5.10
sparc/5.10/maple11-11.00-SunOS5.10-sparc.pkg.gz
sparc/5.10/descriptions
sparc/5.10/catalog

A pkg-get repository’s top-level folders are named by processor type, i.e., the results of uname -p. Each processor type folder contains folders for each OS release level (from uname -r). Each release level folder contains packages for that CPU and OS, plus a descriptions and a catalog file.

The catalog file is created with Phil Brown’s makecontents script. It could potentially handle creating the descriptions, file, too, but I guess he never needed them. But the pkg-get script I got from blastwave.org definitely wants a descriptions file, so I’ll need to create that, too.

The way I’m creating the descriptions file is with the following script (on a Debian ftp server, so there may be some GNU-isms or bash-isms in the following code):

#!/bin/sh
PKG_GET_DIR=/wherever/has/the/sparc/and/i386/folders
cd ${PKG_GET_DIR}
for name in sparc i386; do
    if [ -d $name ]; then
        cd $name
        for version in 5*; do
            if [ -d $version ]; then
                cd $version
                for package in *.gz; do
                    name=`grep $package catalog | awk '{print $1}'`
                    echo -ne "$name - "
                    zcat $package | head | strings | grep DESC= | cut -d= -f2-
                done > descriptions
                cd ..
            fi
        done
        cd ..
    fi
done

which leaves me with a catalog file containing (so far, since I’ve only made one package):

maple11 11.00 MAPLmaple11 maple11-11.00-SunOS5.10-sparc.pkg.gz

and a descriptions file containing:

maple11 - Interactive computer algebra system

And now I can install them on a second host that’s never seen Maple installed before with:

pkg-get -s ftp://host/path/to/repository/ -U ; pkg-get -s ftp://host/path/to/repository/ install maple11

and afterwards get:

# which maple11
/usr/local/bin/maple11
# maple11
    |\\^/|     Maple 11 (SUN SPARC SOLARIS)
._|\\|   |/|_. Copyright (c) Maplesoft, a division of Waterloo Maple Inc. 2007
 \\  MAPLE  /  All rights reserved. Maple is a trademark of
 <____ ____>  Waterloo Maple Inc.
      |       Type ? for help.
> quit
bytes used=412112, alloc=393144, time=0.07

• Slides for presentation
• Handouts for presentation

Update: So yesterday, I get an email regarding my presentation (well, the slides, at least). No reason to clutter up the main page with it though, so if you’re not happy with the slides and want to express your displeasure, read the rest after the jump and see if I’ve addressed your concerns already.

Hi Mike,

I’ve visited your site before and found your Debian preseeding info to be useful.

That said, I just went through your presentation slides and must say I’m very disappointed. It contains numerous examples of what gives sysadmins a bad name. Egotistical, “I’m right, you’re stupid”, “I did this because I’m way too busy doing more important things than you”, etc. comments abound.

On several occasions your first bullet-point was “just do it”, or “you need this”. Hey Mike, people don’t come to conferences and presentations to listen to a smart-ass.

You mentioned that the people in #puppet gave you useful feedback. Next time you give a presentation, also get feedback from non-geeks. They’ll help you filter out the cruft that makes you look like a spoiled 5-year old talking about his new widget set at show-and-tell.

I hope for the sake of the attendees that your verbal presentation was better than your slideshow.

To respond to the comments more or less in order:

• Sorry you didn’t like my slides. At first, I thought you were an irritated audience member who waited a couple of weeks before emailing me. But since you’re apparently only judging this based off the slides, that’s different.
• “I’m right, you’re stupid” is in the eye of the reader. Though you can’t tell without the soundtrack, it tended to work out more like “I used to do things one way, which probably is the most common way everyone else does it. It didn’t scale for the following reasons, and here’s what I’m doing instead.”
• “I did it this way because I’m way too busy doing more important things than you” is a bit of an exaggerated inference. Am I busy? Sure. Am I busy doing things that most sysadmins don’t have to deal with? As far as I can tell, yes; most of the sysadmins in my immediate vicinity (and from past experience over the last 15-20 years) don’t have major duties outside systems administration, just like most of the engineers don’t have major duties outside their specialty or lab. These non-sysadmin tasks aren’t necessarily more important per se, but they’re important in my particular job description. The hours these other tasks take up in my week force me to find more efficient methods to do the systems administration tasks; others will possibly hit the same walls I have at different times — maybe when they have to keep track of 300 servers in 10 different roles, where all servers in a particular role have to be interchangeable. Maybe when they get a 1000 node cluster where a particular application has to be installed identically on every node, and on every node to be purchased in the future. My belief is that as time goes on, we’re all going to be managing more systems, not fewer, and that methods we use for managing a few systems relatively well don’t scale to larger groups of computers.
• “Just do it” or “You need this” shows up in three places: using version control, using NTP for time synchronization, and using SMTP for email. I stand by each of those points, being entirely convinced by the verbiage at infrastructures.org that was my primary source material. I cannot fathom why someone would use something other than SMTP for sending email, why they wouldn’t want version control of some form as the code that automates their systems administration tasks grows more complicated, or why they’d use a different protocol to synchronize their system clocks. To me, each of those is as self-evident as “your SAN should have redundant power supplies” and “racks are a good way to house a bunch of servers in a small space”. You may have counterexamples, but since you didn’t provide any, I’m left in the dark.
• The folks on #puppet did give me some useful feedback. As for other feedback, I did ask a coworker to look at the slides, and he saw no problems with them. However, he’s a full-time Windows systems administrator, so his opinion may be suspect. As for non-geeks, they’re really not the intended audience, were generally absent from the conference, and aren’t too likely to be interested in systems administration techniques.
• Cruft in the verbal presentation? Guilty, but some might call it illustrative anecdotes. Personally, I’ve always tried to work in Sidney Harris‘ “I think you should be more explicit here in step two” joke into at least one over-equationed lecture per semester. The students seem to enjoy it:
  
  Cruft in the slides? Matter of opinion, I guess. I did run out of time, but I honestly hadn’t done enough practice runs to see how long it would actually take.
• As for the spoiled five-year-old showing off his new widget set at show-and-tell, I have trouble understanding the issue. Lots of the talks at these conferences are basically a show-and-tell: other talks included “Software Deployment Using Ghost”, “Virtualizing Business Continuity — Getting Your Systems Back Online,” “DBA Task Automation II: Extending the Basics, Best Practices, Processes and Icing,” etc. When I submit an abstract saying that I’m going to give a talk about what goes into a “managed infrastructure,” its benefits over regular administration methods, and talk about a particular tool we use to accomplish some of these tasks, exactly what do I change in material? What do I change in delivery (that you didn’t see)? You’ve never told coworkers “holy crap, this Linux thing is awesome! It’s like Unix, but free and runs on regular PCs!” or similar? Nothing about using PHP to format stuff out of a database for some dynamic web pages? Nothing about a CMS or blogging platform that lets you do all the things a CMS or blog is supposed to do? Nothing about rrdtool, Nagios, cacti, apt-get, Perl/Python/Ruby or some other tool that you didn’t write, but by gosh it’s going to make all of your lives easier?

We have a Debian dhcp3 server handling DHCP for our subnet, including Windows clients, Debian and Ubuntu workstations, and Debian servers. Each of these systems needs to PXE-boot at various times, so I had to change the 5dollarwhitebox instructions to keep the Solaris-specific PXE items from conflicting with the Debian ones. Here’s an excerpt from our current dhcpd.conf:

# Basic settings for all subnets
ddns-update-style none;
option domain-name "cae.tntech.edu";
option domain-name-servers 149.149.254.4, 149.149.11.6;
default-lease-time 259200;
max-lease-time 259200;
authoritative;
log-facility local7;
# Variable names and types for all Solaris systems that will use
# 'boot net:dhcp - install'
option space SUNW;
option SUNW.root-mount-options code 1 = text;
option SUNW.root-server-ip-address code 2 = ip-address;
option SUNW.root-server-hostname code 3 = text;
option SUNW.root-path-name code 4 = text;
option SUNW.swap-server-ip-address code 5 = ip-address;
option SUNW.swap-file-path code 6 = text;
option SUNW.boot-file-path code 7 = text;
option SUNW.posix-timezone-string code 8 = text;
option SUNW.boot-read-size code 9 = unsigned integer 16;
option SUNW.install-server-ip-address code 10 = ip-address;
option SUNW.install-server-hostname code 11 = text;
option SUNW.install-path code 12 = text;
option SUNW.sysid-config-file-server code 13 = text;
option SUNW.JumpStart-server code 14 = text;
option SUNW.terminal-name code 15 = text;
# Options specific to this subnet
subnet 149.149.254.0 netmask 255.255.255.0 {
  option broadcast-address 149.149.254.255;
  option routers 149.149.254.4;
  option netbios-name-servers 149.149.254.38, 149.149.11.3;
  option netbios-node-type 4;
  allow booting;
}
# Options specific to Jumpstart Solaris 9 systems
group {
  vendor-option-space SUNW;
  option SUNW.install-server-hostname "jumpstart";
  option SUNW.install-server-ip-address 149.149.254.X;
  option SUNW.install-path "/opt/solaris/jumpstart/9/install";
  option SUNW.JumpStart-server "jumpstart:/opt/solaris/jumpstart/9";
  option SUNW.sysid-config-file-server "jumpstart:/opt/solaris/jumpstart/9/config";
  option SUNW.root-server-hostname "jumpstart";
  option SUNW.root-server-ip-address 149.149.254.X;
  option SUNW.root-path-name "/opt/solaris/jumpstart/9/install/Solaris_9/Tools/Boot";
  # Each Jumpstart Solaris system needs to be assigned a hostname and a kernel.
  # We may also want to assign a fixed address, but this isn't a requirement.
  host ch208m { hardware ethernet a1:b1:c1:d1:e1:f1; fixed-address 149.149.254.13;
    filename "/tftpboot/SUNW.Ultra-80"; option host-name "ch208m"; }
  host ch208n { hardware ethernet a2:b2:c2:d2:e2:f2; fixed-address 149.149.254.14;
    filename "/tftpboot/SUNW.Sun-Blade-1000"; option host-name "ch208n"; }
  host ch208o { hardware ethernet a3:b3:c3:d3:e3:f3; fixed-address 149.149.254.15;
    filename "/tftpboot/SUNW.Sun-Blade-1000"; option host-name "ch208o"; }
  host ch314b { hardware ethernet a4:b4:c4:d4:e4:f4; fixed-address 149.149.254.220;
    filename "/tftpboot/SUNW.Sun-Blade-100"; option host-name "ch314b"; }
}
# Other Windows or Linux entries
host ch208c {hardware ethernet a5:b5:c5:d5:e5:f5; fixed-address 149.149.254.3;}
host ch208r {hardware ethernet a6:b6:c6:d6:e6:f6; fixed-address 149.149.254.18;
  filename "/tftpboot/pxelinux.0";}

The PXE and DHCP server is the one we’ve been using for doing Debian net installs and preseed installations. See Section 4.6.2 of the Debian 4.0 installation manual for instructions.

As for populating the jumpstart and DHCP servers, I started by doing a default installation of Solaris 9 onto my office Blade 100. Once that was installed, I could copy the Solaris installation, software, and language CDs onto a local jumpstart tree using the standard Sun scripts, and then copy that tree to the jumpstart server itself.

ch314b# mkdir -p /local_jumpstart/9/install
# Insert Solaris 9 Software CD 1 of 2
ch314b# /cdrom/cdrom0/s0/Solaris_9/Tools/setup_install_server /local_jumpstart/9/install
# Eject CD, insert Solaris 9 Software CD 2 of 2
ch314b# /cdrom/cdrom0/Solaris_9/Tools/add_to_install_server /local_jumpstart/9/install
# Eject CD, insert Solaris 9 Languages CD
ch314b# /cdrom/cdrom0/Languages/Tools/add_to_install_server /local_jumpstart/9/install
# Mount central Jumpstart directory, then copy local_jumpstart folder there:
ch314b# mkdir /mnt/jumpstart
ch314b# mount jumpstart:/opt/solaris/jumpstart /mnt/jumpstart
ch314b# cd /local_jumpstart ; tar -cf - . | ( cd /mnt/jumpstart && tar -xvpf - )

On the jumpstart server, I copied the required Solaris netboot kernels to the DHCP server’s /tftpboot directory:

jumpstart# cd /opt/solaris/jumpstart/9/install/Solaris_9/Tools/Boot/usr/platform
jumpstart# scp SUNW,Sun-Blade-100/lib/fs/nfs/inetboot dhcp:/tftpboot/SUNW.Sun-Blade-100
jumpstart# scp SUNW,Sun-Blade-1000/lib/fs/nfs/inetboot dhcp:/tftpboot/SUNW.Sun-Blade-1000
jumpstart# scp SUNW,Ultra-80/lib/fs/nfs/inetboot dhcp:/tftpboot/SUNW.Ultra-80

Finally, I copied some of the sample Jumpstart configurations into the version-specific folders:

jumpstart# cd /opt/solaris/jumpstart/9
jumpstart# cp -a install/Solaris_9/Misc/jumpstart_sample/* .

Final configuration files on the jumpstart server:

/opt/solaris/jumpstart/9/config/sysidcfg defines site policies for timezone, network setup, and other things that aren’t strictly system-specific:

name_service=DNS{domain_name=cae.tntech.edu name_server=149.149.254.4,149.149.11.6}
network_interface=PRIMARY{dhcp protocol_ipv6=no}
root_password=CRYPTEDROOTPASSWORDGOESHERE
security_policy=NONE
system_locale=en_US
terminal=vt100
timezone=US/Central
timeserver=localhost

/opt/solaris/jumpstart/9/rules maps system types to particular installation scripts and profiles. Ours is very simple, and sets all our systems to the same setup:

any     -       pre-install.sh  any_machine     post-install.sh

/opt/solaris/jumpstart/9/rules.ok is the rules file with a Sun-generated checksum added. There’s a check script in /opt/solaris/jumpstart/9 that you run to convert the rules file into a rules.ok file — as far as I can tell, this has to be run from a Solaris box:

any     -       pre-install.sh  any_machine     post-install.sh
# version=2 checksum=4486

/opt/solaris/jumpstart/9/any_machine defines the installation type, disk partitioning, and the basic Sun software load. This one divides a single drive into 32 MB for system upgrades (no mount point defined), 1 GB for swap, and the rest of the disk for the root partition.

install_type    initial_install
system_type     standalone
partitioning    explicit
filesys any free /
filesys any 1024 swap
filesys any 32
geo             N_America
locale          C
cluster         SUNWCall

/opt/solaris/jumpstart/9/pre-install.sh exists, but is entirely empty.

jumpstart# ls -l pre-install.sh
-rwxr-xr-x 1 root bin 0 2007-10-10 13:32 pre-install.sh

/opt/solaris/jumpstart/9/post-install.sh takes care of installing pkg-get, facter, puppet, and getting the system ready for Sun’s JASS scripts:

#!/bin/sh

###
echo "Preparation"
###
mkdir /a/jumpstart
mount files.cae.tntech.edu:/opt/solaris/jumpstart /a/jumpstart

###
echo "JASS"
###
cd /a/jumpstart
for addon_pkg in SUNBEfixm.pkg SUNBEmd5.pkg
do
  echo all | pkgadd -n -d ${addon_pkg} -R /a
done
pkgadd -a admin.jumpstart -d . -R /a SUNWjass
cp finish.init /a/opt/SUNWjass/Drivers
cp hardening.driver /a/opt/SUNWjass/Drivers
cp root.profile /a/opt/SUNWjass/Files/.profile
mkdir -p /a/opt/SUNWjass/Patches
cp /a/jumpstart/9/9_Recommended.zip /a/opt/SUNWjass/Patches
cd /a/opt/SUNWjass/Patches
unzip 9_Recommended.zip
cp /a/jumpstart/S21jass.sh /a/etc/rc2.d

###
echo "Blastwave support"
###
cd /a/jumpstart
mkdir -p /a/usr/local/bin
cp wget-sparc.bin /a/usr/local/bin/wget
chmod 755 /a/usr/local/bin/wget
mkdir -p /a/opt/csw
echo all | pkgadd -a admin.jumpstart -d pkg_get-3.8.1-all-CSW.pkg -R /a
cp /a/jumpstart/pkg-get.conf /a/opt/csw/etc
cp /a/var/pkg-get/admin-fullauto /a/var/pkg-get/admin

###
echo "Puppet"
###
cd /a/jumpstart
echo all | pkgadd -a admin.jumpstart -d \\
    facter-1.3.8,REV=2007.09.23-SunOS5.8-all-CSW.pkg -R /a
echo all | pkgadd -a admin.jumpstart -d \\
    puppet-0.23.2,REV=2007.09.23-SunOS5.8-all-CSW.pkg -R /a
cp S98puppetd /a/etc/rc2.d

###
echo "Teardown"
###
cd /
umount /a/jumpstart
rmdir /a/jumpstart

admin.jumpstart prevents pkgadd from asking most of its regular installation questions:

mail=
instance=unique
partial=nocheck
runlevel=nocheck
idepend=nocheck
rdepend=nocheck
space=nocheck
setuid=nocheck
conflict=nocheck
action=nocheck
basedir=default

S21jass.sh is a basic one-time JASS installer:

#!/bin/sh
echo "Running Jumpstart Security:"
if [ ! -f /etc/jass.done ]; then
    cd /opt/SUNWjass
    JASS_NOVICE_USER=0 ./bin/jass-execute -d secure.driver
    touch /etc/jass.done
    echo "...done"
    sync
    sync
    echo "Rebooting..."
    reboot
else
    echo "...JASS already run."
fi

The facter and puppet Solaris packages come from Gary Law. The S98puppetd file is slightly edited to make it run under Solaris versions earlier than 10:

#!/bin/sh
# This is the /etc/init.d file for puppetd
# Modified for CSW
#
# description: puppetd - Puppet Automation Client
#

#. /lib/svc/share/smf_include.sh

prefix=/opt/csw
exec_prefix=/opt/csw
sysconfdir=/opt/csw/etc
sbindir=/opt/csw/bin

PATH=$PATH:/usr/local/bin:/usr/local/sbin:/opt/csw/bin:/opt/csw/sbin
export PATH

pidfile=/var/puppet/run/puppetd.pid

if [ ! -f /opt/csw/bin/ruby ]; then
    /opt/csw/bin/pkg-get -f install ruby
fi

case "$1" in
start)
    cd /
    # Start daemons.

    printf "Starting Puppet client services:"

    /opt/csw/bin/puppetd --factsync --server gold.cae.tntech.edu

    printf " puppetd"
    echo ""
    ;;
stop)
    printf "Stopping Puppet client services:"
    kill `cat $pidfile`

    printf " puppetd"
    echo ""
    ;;
restart)
    printf "Restarting Puppet client services:"
    kill -HUP `cat $pidfile`

    printf " puppetd"
    echo ""
    ;;
reload)
    printf "Reloading Puppet client services:"

    kill -HUP `cat $pidfile`

        printf " puppetd"
        echo ""
    ;;
status)
    if [ -f $pidfile ]; then
        pid=`cat $pidfile`
        curpid=`pgrep puppetd`
        if [ "$pid" -eq "$curpid" ]; then
            exit 0
        else
            exit 1
        fi
    else
        exit 1
    fi
esac
exit 0

# $Id: svc-puppetd 1796 2006-10-17 06:09:41Z luke $

UPDATE 2007/11/16: Solaris 10 addendum.

Solaris 10 introduces a few new wrinkles into the setup.

1. On first netbooting Solaris 10, I got an error cannot open kernel/sparcv9/unix. There are tons of possible causes for this error, and lots of possible solutions. The cause in this particular case is that the Solaris NFSv4 implementation isn’t compatible with the Linux one (at least the one in Debian’s nfs-kernel-server package). Dickon Hood worked around it by using nfs-user-server, while vnull just reconfigured his nfs-kernel-server to only offer NFSv2. Like one of vnull’s commenters, I managed to get things to cooperate by offering NFSv2 and NFSv3. Since I’m working from a central file server with lots of NFSv3 clients, I couldn’t just drop back to exclusively NFSv2.
2. After fixing the boot problem, I finally get the installation GUI running, and it immediately starts asking questions. I thought, “Crap, how’d I screw up sysidcfg this time?” As it turns out, the only question it couldn’t answer from sysidcfg was about its NFSv4 domain. No surprise, since this wasn’t an issue in Solaris 8 or 9. Adding nfs4_domain=cae.tntech.edu to sysidcfg took care of that question. nfs4_domain=dynamic may have worked fine, too.
3. Solaris 10 means I can use SMF, so I can uncomment the SMF line in the puppetd init script.