Projects Linux Jumpstart Installer

From 5dollarwhitebox.org Media Wiki

Contents 1 Summary 2 Overview and Preparation 2.1 The System 2.2 Filesystem Diagram 2.3 Linux Packages required 2.4 Solaris Software Media Used 3 Linux Server Configuration Files 3.1 DHCP3: /etc/dhcp3/dhcpd.conf 3.2 DHCP3: /etc/default/dhcp3-server 3.3 NFS: /etc/exports 3.4 Bind9: Generic Configuration 4 Copying the Solaris Software 4.1 Solaris 8 4.2 Solaris 9: 4.3 Copy Files To The Linux NFS Server 5 Jumpstart Configuration Files 5.1 Netboot Kernels 5.2 Jumpstart Sample Configuration 5.3 The Rules File: /jumpstart/XX/rules 5.4 The rules.ok File: /jumpstart/XX/rules.ok 5.5 The Profile: /jumpstart/XX/any_machine 5.6 The Config File: /jumpstart/XX/config/sysidcfg 6 Post Install Config 6.1 Solaris Software Companion Packages 7 How It All Works 8 Known Problems 8.1 Differences in TCP/IP Stack 8.2 Transfer Speeds 9 Suggestions 9.1 Native Solaris Jumpstart 9.2 Web Interface to Prep for Install 9.3 FreeBSD Jumpstart Server 10 Resources

Summary

This document lays out how to configure and automate Solaris Jumpstart installations from a Linux Server. For our demonstration, we have used Debian Sarge 3.1, however any other distro should work similarly. The goal is to provide a completely automated and standardized Solaris installations.

Why not create a Jumpstart Solution from a Solaris server? Well, the standard jumpstart is based on a one time install where you must use the “add_install_client” and “rm_install_client” scripts to add the servers IP and MAC address to perform an install (uses RARP/Bootparamd). Using Linux we pass all the install options by way of DHCP which enables us to plug in a server, type “boot net:dhcp – install” and watch it go without making any changes on the Jumpstart server.

Alot of this work was handed on to me from my good friend Ed... thank you thank you.

• Author: BJ Dierkes
• Last Updated: December 2nd, 2005
• Contact: wdierkes [at] 5dollarwhitebox [dot] org

Overview and Preparation

The System

• Debian Stable 3.1 (Sarge)

• 1 Public NIC
  • 10.1.101.x for our example

• 1 Private NIC for each Solaris Distribution served
  • 192.168.1.254 – Solaris 8 distribution NIC
  • 192.168.2.254 – Solaris 9 distribution NIC

Filesystem Diagram

The following is a brief layout of the files involved here. As we have both Solaris 8 and Solaris 9, please substitute "X" with either "8" or "9":

/jumpstart/X	Holds all Solaris X jumpstart install, post install, and companion cd files
rules	File used to determine machine type, and is read by the ‘check’ script.
rules.ok	File created by the ‘check’ script, and read by the installer to determine the profile file, and pre/post scripts to use.
check	Script that is ran to read the ‘rules’ file, and create the ‘rules.ok’ file.
any_machine	Generic profile file, used to automate the installer.
install	Data from Solaris X Software CD’s 1 and 2
config/sysidcfg	Config file to automate installation
post_install/ccd_install.pl	Custom Post Install script to install the Companion CD
post_install/companioncd/Packages	Copied from Companion CD

Linux Packages required

The following Debian packages will need to be installed:

atftpd	TFTP Server Daemon provides the Solaris Netboot Kernel
pdksh	Shell required to execute certain Solaris scripts off the CD’s
tcpdump	Useful for debugging
nfs-kernel-server	Serves the Installation files
nfs-common	Additional NFS package
dhcp3-server	Provides boot parameters needed for Solaris Jumpstart install
bind9	Required during install to provide reverse lookup on the private network (192.168.x.x)

Solaris Software Media Used

• Solaris 8 2/04 Software CD 1 of 2
• Solaris 8 2/04 Software CD 2 of 2
• Solaris 8 2/02 Software Companion CD

• Solaris 9 7/04 Software CD 1 of 2
• Solaris 9 7/04 Software CD 2 of 2
• Solaris 9 7/04 Software Companion CD

Linux Server Configuration Files

DHCP3: /etc/dhcp3/dhcpd.conf

Because the DHCP boot parameters determine where the installation and sysidcfg files are, each distribution requires its own NIC and network. As you see below, any box DHCP booting to the 192.168.1.0 network will perform a Solaris 8 Jumpstart installation, and any box on the 192.168.2.0 network will perform a Solaris 9 Jumpstart installation. There is most likely a cleaner way to do this, but I have not been able to determine it.

/etc/dhcp3/dhcpd.conf

# option definitions common to all supported networks...
ddns-update-style ad-hoc;
option domain-name "jumpstart.mydomain.com";
option domain-name-servers 192.168.1.254;

option subnet-mask 255.255.255.0;
default-lease-time 600;
max-lease-time 7200;

# Jumpstart Support
option space SUNW;
option SUNW.root-mount-options code 1 = text;
option SUNW.root-server-ip-address code 2 = ip-address;
option SUNW.root-server-hostname code 3 = text;
option SUNW.root-path-name code 4 = text;
option SUNW.swap-server-ip-address code 5 = ip-address;
option SUNW.swap-file-path code 6 = text;
option SUNW.boot-file-path code 7 = text;
option SUNW.posix-timezone-string code 8 = text;
option SUNW.boot-read-size code 9 = unsigned integer 16;
option SUNW.install-server-ip-address code 10 = ip-address;
option SUNW.install-server-hostname code 11 = text;
option SUNW.install-path code 12 = text;
option SUNW.sysid-config-file-server code 13 = text;
option SUNW.JumpStart-server code 14 = text;
option SUNW.terminal-name code 15 = text;


subnet 192.168.1.0 netmask 255.255.255.0 {
        range 192.168.1.1 192.168.1.100;
        option broadcast-address 192.168.1.255; 
        option routers 192.168.1.254; 

        option host-name "sol8-jumper1";
        vendor-option-space SUNW;          
        option SUNW.sysid-config-file-server "sol8-installer:/jumpstart/8/config";
        option SUNW.JumpStart-server "sol8-installer:/jumpstart/8";
        option SUNW.install-server-hostname "sol8-installer";
        option SUNW.install-server-ip-address 192.168.1.254;
        option SUNW.install-path "/jumpstart/8/install";
        option SUNW.root-server-hostname "sol8-installer";
        option SUNW.root-server-ip-address 192.168.1.254; 
        option SUNW.root-path-name "/jumpstart/8/install/Solaris_8/Tools/Boot";
}

subnet 192.168.2.0 netmask 255.255.255.0 {
        range 192.168.2.1 192.168.2.100;
        option broadcast-address 192.168.2.255; 
        option routers 192.168.2.254; 

        option host-name "sol9-jumper1";
        vendor-option-space SUNW;          
        option SUNW.sysid-config-file-server "sol9-installer:/jumpstart/9/config";
        option SUNW.JumpStart-server "sol9-installer:/jumpstart/9";
        option SUNW.install-server-hostname "sol9-installer";
        option SUNW.install-server-ip-address 192.168.2.254;
        option SUNW.install-path "/jumpstart/9/install";
        option SUNW.root-server-hostname "sol9-installer";
        option SUNW.root-server-ip-address 192.168.2.254; 
        option SUNW.root-path-name "/jumpstart/9/install/Solaris_9/Tools/Boot";
}

DHCP3: /etc/default/dhcp3-server

/etc/default/dhcp3-server

INTERFACES="eth1 eth2"

NFS: /etc/exports

/etc/exports

/jumpstart              192.168.1.0/255.255.255.0(ro,sync,no_root_squash)
/jumpstart              192.168.2.0/255.255.255.0(ro,sync,no_root_squash)

NOTE: I’ve had problems installing Solaris 8 with the NFS shared as “ro”. For some reason it needs to write something on the share (which is all together a bad deal). I haven’t figured that out yet, however the issue doesn’t seem to happen on a Solaris 9 Jumpstart.

Bind9: Generic Configuration

Bind9 DNS Server was required for reverse DNS lookups during Jumpstart. Multiple times throughout the install, Jumpstart hangs if it cannot locate the specified DNS Server and hostname. Therefore, I setup a generic Bind9 configuration for the 192.168.x.x networks. I am no Bind guru by any means, but it seemed to fix the glitch.

Copying the Solaris Software

Since Sun uses partitions on some of there installation media… its not always as simple as copying directories off of a CD. There are different ways that this can be done; however the easiest way I found was to use the “install_jumpstart_server” and “add_to_jumpstart_server” scripts off of the CD’s.

These commands are performed on an installed Sun Solaris Server. The idea is to use the jumpstart install scripts from the installation media, and then copy those directories across the network to the Linux NFS server. The scripts will not allow install across the network directly to the NFS share.

# mkdir –p /local_jumpstart/8/install
# mkdir –p /local_jumpstart/9/install

Solaris 8

All commands are on the Solaris box.

Solaris 8 2/04 Software CD 1 of 2:

# /cdrom/sol_8_204_sparc/Solaris_8/Tools/setup_install_server /local_jumpstart/8/install

Solaris 8 2/04 Software CD 2 of 2:

# /cdrom/sol_8_204_sparc_2/Solaris_8/Tools/add_to_install_server /local_jumpstart/8/install

Solaris 8 2/02 Companion CD:

# cp –R /cdrom/s8_software_companion/components/sparc/Packages /local_jumpstart/8/companioncd.orig

Solaris 9:

All commands are on the Solaris box.

Solaris 9 7/04 Software CD 1 of 2:

# /cdrom/sol_9_704_sparc/Solaris_9/Tools/setup_install_server /local_jumpstart/9/install

Solaris 9 7/04 Software CD 2 of 2:

# /cdrom/sol_9_704_sparc_2/Solaris_9/Tools/add_to_install_server /local_jumpstart/9/install

Solaris 9 7/04 Companion CD:

# cp –a /cdrom/s9_software_companion/components/sparc/Packages /local_jumpstart/8/companioncd.orig

Copy Files To The Linux NFS Server

From the Solaris box:

# mount –F nfs linux-jumpstart-server:/jumpstart /mnt/jumpstart
# cp -a /local_jumpstart/* /mnt/jumpstart

There may be a better was to do this… like with ‘tar’, however I had an issue copying one of the CD’s with ‘tar’ so I just stuck with the easy option, ‘cp’.

Jumpstart Configuration Files

All commands are on the Linux server.

Netboot Kernels

There is a specific Netboot kernel for each type of Sun Box. The kernels seem to work for Solaris 8 and Solaris 9 the same, and were copied from the Solaris 8 media.

# cd /jumpstart/8/install/Solaris_8/Tools/Boot/usr/platform

Sun 280R 4U Server Inetboot Kernel:

# cp SUNW,Sun-Fire-280R/lib/fs/nfs/inetboot /tftpboot/SUNW.Sun-Fire-280R

Sun v120 1U Server Inetboot Kernel:

# cp SUNW,UltraAX-i2/lib/fs/nfs/inetboot /tftpboot/SUNW.UltraAX-i2

These are the only two servers that I am working with at the moment, but the other kernels are there.

Jumpstart Sample Configuration

The files that I have here were built from the Solaris sample files in the Solaris 8 Media. The files appear to be the same for Solaris 8 and Solaris 9 (and maybe even 10).

# cp –a /jumpstart/8/install/Misc/jumpstart_sample/* /jumpstart/8
# cp –a /jumpstart/9/install/Misc/jumpstart_sample/* /jumpstart/9

From there, the main configuration files are described next.

The Rules File: /jumpstart/XX/rules

This file contains rules so that you can control how Jumpstart runs on different types of machines. For my needs, all installs are generally going to be the same. Therefore, I setup up one single configuration that should work on all hardware that I have available.

/jumpstart/XX/rules

any -   pre-install.sh   any_machine post-install.sh

There can be multiple lines, with multiple ‘rules’. The idea is to ‘match’ a box to a rule set, and then proceed accordingly.

any	Describes the type of hardware architecture that the current machine has.
-	The next field I believe describes the Kernel architecture??? But ‘-‘ is all you need.
pre-install.sh	This script is executed before the OS is installed
any_machine	This is the name of the file that is used if this rule matches.
post-install.sh	This script is executed after the OS is installed

The rules.ok File: /jumpstart/XX/rules.ok

This file is created by the ‘check’ script in the same directory ‘/jumpstart/XX’ after copying the sample_jumpstart files. The ‘check’ script reads the ‘rules’ file, and then creates ‘rules.ok’ which is read by the installer.

/jumpstart/XX/rules.ok

any -   pre-install.sh   any_machine post-install.sh 
# version=2 checksum=4738

It obviously just adds a checksum that is used to “verify” the rules file for the installer. To run the ‘check’ script, you may need to mount the NFS share, and run the script from an installed Solaris box (at least I had to, but I don’t remember if I really needed to or not).

The Profile: /jumpstart/XX/any_machine

The Profile holds a little bit of information in order to automate the installer. This file tells it how to partition the disk, which packages to install, the type of install, etc.

/jumpstart/XX/any_machine

install_type    initial_install
system_type     standalone
partitioning    explicit
filesys any free /
filesys any 1024 swap
filesys any 32
geo N_America
cluster         SUNWCall

This profile basically performs an Initial Install on a standalone system. The partitioning looks like the following:

Slice 0	Free space left on disk (mounted on ‘/’)
Slice 1	1024M (swap)
Slice 2	Reserved
Slice 3	32M (no mount point. Used for Software mirroring)

The line “cluster SUNWCall” tells Jumpstart to install the “Entire Distribution”. You could substitute this line with “cluster SUNWreq” to only install the CORE OS, and then add specific packages with additional lines like “package SUNWbash”. The packages are found in ‘/jumpstart/XX/install/Solaris_XX/Product’.

The Config File: /jumpstart/XX/config/sysidcfg

The ‘sysidcfg’ file provides answers to questions in the installer. Without this file, and the profile ‘any_machine’ the installer is not automated and will prompt for answers.

/jumpstart/XX/config/sysidcfg

name_service=NONE
network_interface=PRIMARY{dhcp protocol_ipv6=no}
root_password=15y8hPKSuXZ6A
security_policy=NONE
system_locale=en_US
terminal=vt100
timezone=US/Central
timeserver=localhost

These answers are obvious if you are familiar with performing CD based installs. The encrypted ‘root_password’ is ‘password’. Setting the ‘timeserver’ to ‘localhost’ assumes that the system time is accurate. The smart thing to do would be to setup a time server on the jumpstart installer, and then this line will change to ‘timeserver=192.168.1.254’ or whatever the IP of the Jumpstart server is. I haven’t gotten to that point yet.

Post Install Config

Solaris Software Companion Packages

Related Project: Solaris Companion CD Installer Script

Because there is no feasible way to add the Solaris Software Companion to the installation, it needs to be added by way of custom scripts. To do this, the ‘components/sparc/Packages’ directory was copied off of the Solaris Software Companion CD. The script I wrote that handles these packages is ‘post_install/ccd_install.pl’, and installs the packages from ‘post_install/companioncd/Packages’. You can add/remove packages from the Companion CD and the script should not need to be edited.

Additionally, the original Companion CD’s ‘Packages’ directory was copied to ‘/jumpstart/8/companioncd.orig’ and ‘/jumpstart/9/companioncd.orig’. This directory exists so you can pull packages and place them back into the ‘post_install/companioncd/Packages’ directory for the post install script to install them.

For documentations sake, I have removed the following packages ‘post_install/companioncd/Packages’:

SFWcdrec
SFWxmms
SFWxeyes
SFWethrl
SFWsnort
SFWxfce
SFWkde
SFWsamba
SFWgimp
SFWesd
SFWfvwm
SFWfnlib
SFWgnome
SFWgtk
SFWgtken
SFWgv
SFWimlib
SFWolvwm
SFWqt
SFWtdmp
SFWtk
SFWxaw3d
SFWxcpus
SFWxmacs
SFWxmcd
SFWxmp
SFWxterm
SFWgphto
SFWgplot
SFWnmap

How It All Works

sol-jumper	Server being jumped (192.168.1.1)
jumpstart-dev	Linux Jumpstart Server (192.168.1.254)

The new Sun server is connected to a specific Jumpstart VLANs. For this type of setup, There needs to be a separate VLAN for each version of Solaris. (Crossover cable directly in our example).

From the Open Boot Prompt (“<ok> prompt”) type:

<ok> boot net:dhcp – install

• sol-jumper calls for a DHCP Address, and boot parameters. The DHCP Server provides the IP, and Jumpstart Server information. (this part takes place of RARP/Bootparamd in a typical Jumpstart environment)

• sol-jumper mounts the NFS share ‘jumpstart-dev:/jumpstart/8’ and finds the configuration files, notably the sysidcfg file.

• Jumpstart read the ‘rules.ok’ file to find a match, then read the corresponding config files and scripts that are attached to it.

• Jumpstart executes the ‘pre-install.sh’ script that is specified in the ‘rules.ok’ file

• Jumpstart runs several other scripts as well (not specified by our files).

• Jumpstart then begins to partition the disk, and then install whatever packages are specified in our profile ‘any_machine’.

• After the OS is installed, Jumpstart installs any patches that are located in ‘/jumpstart/XX/install/Solaris_X/Patches’.

• Jumpstart then executes the ‘post-install.sh’ script which was specified in our ‘rules.ok’ file.

• In my config, the ‘post-install.sh’ script then executes ‘post_config/ccd_install.pl’ which is a custom perl script I wrote to install the Solaris Companion CD.

• The box will then reboot, and you’ll have a login. Root password is ‘password’ as specified in the sysidcfg file.

At this point you could then implement a custom post install script to config the system to your liking.

That is basically it.

Known Problems

Differences in TCP/IP Stack

It appears that there may be differences between the Solaris and Linux TCP stacks. This problem hasn’t quite been researched completely, however throughout the install the following NFS data transfer error is continuous: “reply ERR 1460”. I am not completely sure how this effects the installation, or if it just delays it slightly. There doesn’t appear to be any problems with the installation after it is complete.

I have found comments in Solaris Forums that suggest the Linux NFS Servers sends data “backwards” compared to how Solaris reads it.

Transfer Speeds

Even with 10/100 NICs connected with a direct Cross-over cable, the Jumpstart install appears very sluggish. I believe this may be a minor adjustment, such as enable Full Duplex on the Sun box or something similar to that. I haven’t had time to look into this yet. This may also be because of the Difference in TCP/IP stack.

Suggestions

Native Solaris Jumpstart

Personally, I am thinking that the best Solaris solution is to setup a solid Solaris Jumpstart server utilizing the Solaris Security Toolkit (very advanced). This would take extensive configuration, which I have not looked into. This would require setting up an environment that did not require the use of “add_install_client” and “rm_install_client” as our main focus is automation.

Web Interface to Prep for Install

One Idea I had was to setup a Web Interface that displayed the detected MAC address’s. You could then select the MAC of the server, and then select which version of Solaris to install. The web interface would then use that information to execute a custom script in place of the “add_install_client” script. The main thing that ‘add_install_client’ does is adds info to ‘/etc/hosts’, ‘/etc/ethers’, and ‘/etc/bootparams’.

This is a shaky idea, but it had run across my mind. Haven’t thought it out, or if it would work. Would need to customize the config to have a DHCP Server regardless.

FreeBSD Jumpstart Server

The procedures in this document could be tested on a FreeBSD system. This may resolve the issues that are being seen during the NFS reads, as the FreeBSD TCP stack may be more compatible with Solaris.

Resources

Jumpstart HowTo’s:

• http://www.docbert.org/Solaris/Jumpstart/linux.htm
• http://www.transposed.org/techstuff/linux-jumpstart.html
• http://www.pimpworks.org/sun/jumpstart-howto.html
• http://www.amorin.org/professional/jumpstart.php

How to create a Raid 1 during installation. (Didn’t quite get to try this)

• http://docs.sun.com/app/docs/doc/817-5506/6mkv6ki9v?a=view

Custom Jumpstart Environment Variables:

• http://docs.sun.com/app/docs/doc/817-5506/6mkv6ki9t?a=view

Solaris 8 Package Lists:

• http://www.sun.com/bigadmin/content/packagelist/s8PkgList/p2.html
• http://www.geo.lsa.umich.edu/IT/os/sol8/sfw.html

Solaris 8 Advanced Installation Guide:

• http://docs.sun.com/app/docs/doc/806-0957?q=solaris+8+advanced+installation

Solaris 8 Companion CD Package Dependency List:

• http://www.sun.com/software/solaris/freeware/s9u7dependencies.xml

Advanced Solaris Jumpstart Configs (For Sun Jumpstart Server, not Linux)

• http://www.sun.com/software/security/jass/