JET/Jumpstart x86 pxe notes

by Mads
September 20, 2006 at 23:43 | categories: sun, solaris

This is just a quick note, probably most useful for myself that I've gathered while setting up a pile of X4100s.

  • Download and install JumpStart Enterprise Toolkit 4.3.2. You don't need to install all of it, but is is small enough that I did. I'll assume it goes to /opt/SUNWjet
  • # export PATH=$PATH:/opt/SUNWjet/bin
  • I'll assume the following:
    • Solaris 10 update 2
    • You've got the dvd iso sol-10-u2-ga-x86-dvd.iso in /export
    • You're putting your files in /export/install
  • # copy_solaris_media -d /export/install/s10u2 -n s10u2 -i /export sol-10-u2-ga-x86-dvd.iso
  • Created loopback device /dev/lofi/1 for /export/sol-10-u2-ga-x86-dvd.iso
    mounted /export/sol-10-u2-ga-x86-dvd.iso at /export/install/1389/slices/s0 (of type hsfs)
    Copying Solaris image....
    Verifying target directory...
    Calculating the required disk space for the Solaris_10 product
    Calculating space required for the installation boot image
    Copying the CD image to disk...
    Copying Install Boot Image hierarchy...
    Copying /boot x86 netboot hierarchy...
    Install Server setup complete
     
    Added Solaris image s10u2 at the following location:
            Media:          /export/install/s10u2
     
    Unmounting /export/install/1389/slices/s0
    removing device /dev/lofi/1
    removing directory /export/install/1389
    
  • Install a dhcp server:
  • # pkgadd -d /export/install/s10u2/Solaris_10/Product SUNWdhcsr SUNWdhcsu SUNWdhcm SUNWdhcsb
  • # dhcpconfig -D -r SUNWfiles -p /var/dhcp
  • Created DHCP configuration file.
    Created dhcptab.
    Added "Locale" macro to dhcptab.
    Added server macro to dhcptab - n1master.
    DHCP server started.
    
  • Set up dhcp - assuming:
    • NETWORK: 192.168.1.0
    • NETMASK: 255.255.255.0
    • ROUTER: 192.168.1.1
  • # dhcpconfig -N 192.168.1.0 -m 255.255.255.0 -t 192.168.1.1
  • # make_template x4100
  • Adding product configuration information for 
            + base_config
            + custom
            + sds
            + vts
            + explo
            + flash
            + san
            + jass
            + zones
    Updating base_config template specifics
    Client template created in /opt/SUNWjet/Templates
    
  • At this point JET automatically adds nfs shares - I had to tweak mine so that I have:
  • # share -F nfs -o ro,anon=0 -d "JET Framework" /opt/SUNWjet
  • # share -F nfs -o ro,anon=0 /export/install/
  • # cd /opt/SUNWjet/Templates
  • Edit the template to fit your needs - at the bare minimum, you need to set:
    • base_config_ClientArch=
    • base_config_ClientOS=
    • base_config_client_allocation=
    • base_config_ClientEther=
    • base_config_sysidcfg_network_interface=
    • base_config_sysidcfg_netmask=
    • base_config_sysidcfg_default_route
    • base_config_sysidcfg_ip_address
  • This could look something like:
  • base_config_ClientArch=i86pc
    base_config_ClientEther=00:14:4F:2A:XX:XX
    base_config_ClientOS=s10u2
    base_config_client_allocation="grub"
    base_config_sysidcfg_network_interface=e1000g0
    base_config_sysidcfg_ip_address=192.168.1.3
    base_config_sysidcfg_netmask=255.255.255.0
    base_config_sysidcfg_default_route=192.168.1.1
    
  • Other common things to change would be the root passwd (see comment in the profile), disk layout and what cluster to use.An example diff for the interesting bits of the disk layout could look like this:
  •  ########################################
     # X86, X64 specific settings. If this is an x86 client, then you may need
    @@ -242,8 +242,8 @@
     
     base_config_profile_dontuse=""
     
    -base_config_profile_root=free 
    -base_config_profile_swap=256
    +base_config_profile_root=8192
    +base_config_profile_swap=4096
     
     #
     # If you are using VxVM and want your boot disk to look like the mirror, then
    @@ -261,9 +261,9 @@
     base_config_profile_s4_size=""
     
     base_config_profile_s5_mtpt="/var"
    -base_config_profile_s5_size=""
    +base_config_profile_s5_size="8192"
     
    -base_config_profile_s6_mtpt="/usr"
    +base_config_profile_s6_mtpt=""
     base_config_profile_s6_size=""
     
     #
    @@ -273,7 +273,7 @@
     #
     
     base_config_profile_s7_mtpt="/opt"
    -base_config_profile_s7_size=""
    +base_config_profile_s7_size="8192M"
     #
     ############
    
  • I usually choose either the full or the restricted net install:
  • base_config_profile_cluster=SUNWCXall
    base_config_profile_cluster=SUNWCreq
    
  • make_client -f x4100
  • Gathering network information..
            Client: 192.168.1.175 (192.168.1.0/255.255.255.0)
            Server: 192.168.1.170 (192.168.1.0/255.255.255.0, SunOS)
    Solaris: client_prevalidate
    Solaris: client_build
    Creating sysidcfg
    WARNING: no base_config_sysidcfg_timeserver specified using JumpStart server
    Creating profile
    Adding base_config specifics to client configuration
    Solaris: Configuring JumpStart boot for x4100
             Starting SMF services for JumpStart
    Solaris: Configure PXE/grub build
             Adding install client
            Doing a TEXT based install
             Leaving the graphical device as the primary console
             Configuring x4100 macro
             Using local dhcp server
             PXE/grub configuration complete
    Running '/opt/SUNWjet/bin/check_client  x4100'
    
    ...
    --------------------------------------------------------------
    Check of client x4100 
    -> Passed....
    
  • And that's all there is to it - for the X4100, you'll have to press F12 during startup to force a network install. On a local net, the install time for SUNWCreq is about 15 minutes on an X4100

Next installments could be to use flash install, setting up JASS and zones, adding patches and extra packages.


DTrace chosen as the Gold winner in The Wall Street Journal

by Mads
September 19, 2006 at 21:32 | categories: sun, solaris

Very cool and well deserved.

Bryan Cantrill and a team of engineers at Sun Microsystems Inc. have devised 
a way to diagnose misbehaving software quickly and while it's still doing its 
work. While traditional trouble-shooting programs can take several days of 
testing to locate a problem, the new technology, called DTrace, is able to 
track down problems quickly and relatively easily, even if the cause is 
buried deep in a complex computer system.

The DTrace trouble-shooting software from Sun was chosen as the Gold winner 
in The Wall Street Journal's 2006 Technology Innovation Awards contest, the 
second time in three years that a Sun entry has won the top award.

Root free httpd on Solaris

by Mads
September 19, 2006 at 21:21 | categories: httpd, security, solaris

As I was playing around with Sun Studio 11 and trying out different compile options on httpd I bumped into the old problem of not being allowed to bind port 80. In usual circumstances I'd just switch to a port above 1024, but why not use Solaris privileges instead?

The usual error:
(13)Permission denied: make_sock: could not bind to address 0.0.0.0:80

Finding the missing privilege:
# ppriv -eD ./httpd -k start

httpd[12474]: missing privilege "net_privaddr" (euid = 100, syscall = 232) needed at tcp_bind+0x631

As root add the missing privilege:
# usermod -K defaultpriv=basic,net_privaddr apache
# grep apache /etc/user_attr
apache::::type=normal;defaultpriv=basic,net_privaddr

Start httpd as the apache user and you're done.

Of course there's a lot more to it than just handing out privileges, but you can find much more in the Roles, Rights Profiles, and Privileges section of the System Administration Guide: Security Services

ApacheCon 2006 US - httpd on OpenSolaris.

by Mads
August 10, 2006 at 12:27 | categories: apache, httpd, solaris

Much to my surprise, I've had my proposed talk accepted for ApacheCon 2006/US.
This time I'll be speaking about running httpd on OpenSolaris. I'm still a bit unsure about the final content, but I hope to cover:

  • SMF for httpd
  • Least Privileges
  • "zoning httpd"
  • dtracing httpd
  • kssl

The list is bound to evolve as I find the time to actually work on these things.


Opensolaris turns one

by Mads
June 14, 2006 at 23:37 | categories: solaris

First time I heard about the OpenSolaris plans was at ApacheCon in 2004, and at that time it sounded like nothing more than a cunning marketing strategy.
Then we got Solaris 10 and I was really surprised when I saw OpenSolaris becomming reality only a couple of months lateri (one day too late to share my birthday). Congratulations to Sun for pulling off what many of us thought impossible half a year earlier.
For me personally, OpenSolaris has also brought many insights into the internals of Solaris, that I never would have gotten without OpenSolaris and especially the community around it. The Sun engineers blogging, turning up at conferences like LISA and ApacheCon, helping out on #opensolaris and sharing the development process on opensolaris mailinglist - it has been absolutely amazing.

Sun has also been very generous to the ASF where I've had the joy of running our Sun v40z and really should be working on bringing our new and shiny T2000 up to speed, but we're still looking for some storage to add because the 4 internal drives are pretty much useless for anything we could think of doing with it. (I'll try to blog a bit more about that box during ApacheCon EU where I'm hoping to get a small break from work ;).

On a personal note: I quit working for ... on may 1st because I got a offer to join some really great people in a startup and I was happy to accept because working full time on Solaris isn't exactly the best career move when you're working for one of Suns largest competitors.


« Previous Page -- Next Page »