427.org.uk

Random musings and out of date things

Installing Solaris 10 from a Debian Server

03 Jun 2009

I recently rescued an old Netra T1 105 from work, and initially installed Debian on it, without much trouble. However, I’m a contrary type so I thought, why not install Solaris 10 on it instead?

Now installing Solaris is pretty easy, as long as you already have a Solaris server in your network, or a DVD drive. As this Netra doesn’t have a CD let alone a DVD drive, I always knew I would have to install it over the network. And as I didn’t have a Solaris box in my network, I would have to install it from Debian. Now this took some trial and error, and a LOT of googling, but I finally got it done.

Firstly, I already had RARP and DHCP on my box, so I thought I’d set them up first. If you’ve not got them, you’ll need to apt-get them:

apt-get install rarpd dhcp3-server bootparamd

##RARP

RARP is very simple, and just assigns an IP to a given MAC address. Once installed you just need to put the MAC and ip in /etc/ethers, e.g. de:ad:be:ef:f0:0f 192.168.0.10

##DHCP

Now in the DHCP config at /etc/dhcpd.conf I added:

host greenmachine {
	hardware ethernet de:ad:be:ef:f0:0f;
	fixed-address 192.168.0.10;
	option host-name "greenmachine";
}

Then just restart dhcpd.

##Installer script

Now it gets a little bit fiddlier, as we need to run the solaris setup script on the debian box to prepare it for the net install. Get hold of a Solaris ISO image (or physical DVD if you are old fashioned) and mount it on /media/cdrom. Before we run the script we need to do some fudges so the script runs OK on debian. I found this site really useful for getting the script running and sorting out bootparamd, which comes in a bit later.

First a couple of symlinks. Needless to say, you need to be root for this. In fact you should be root for all of this.

ln -s /bin/tar /bin/bar
ln -s /bin/sed /usr/bin/sed

Next we need to write a couple of dummy scripts that the installer uses:

cat <<EOF > /bin/adb
#!/bin/bash
read HEX
HEX=0x${HEX%%=d}
printf "%d\n" $HEX
EOF
cat <<EOF > /bin/mach
#!/bin/bash
uname -p
EOF
chmod +x /bin/adb /bin/mach

Now to create the target for the installation media. On my box at the time I had a large /share, so that’s what I used:

mkdir -p /share/jumpstart/{installer,config}

Now run the installer:

cd /media/cdrom/Solaris_10/Tools
./setup_install_server /share/jumpstart/installer

It’ll take a while to run but should complete successfully. Now we will remove our scripts/symlinks from before so we’re not leaving mess around the system.

rm /usr/bin/sed /bin/adb /bin/mach /bin/bar

##NFS

Next comes NFS, as our target server will need to be able to get to the files. Now first of all, the Sun box will try to use nfsv4 to connect, however it’s unlikely you’re going to have v4 set up, so if you don’t use v4 you should disable it. This is fairly simple, edit /etc/init.d/nfs-kernel-server and add “–no-nfs-version” to the “–exec $PREFIX/sbin/rpc.nfsd” line, so it looks like this:

--exec $PREFIX/sbin/rpc.nfsd -- --no-nfs-version 4 $RPCNFSDCOUNT

Now we need the exports to /etc/exports for our target. Here I’ve allowed my whole subnet but it’s up to you to decide how to do it.

/share/jumpstart/install 192.168.0.0/24(ro,no_root_squash,async,no_subtree_check)
/share/jumpstart/config 192.168.0.0/24(ro,no_root_squash,async,no_subtree_check)

Now restart nfs-kernel-server:

/etc/init.d/nfs-kernel-server restart

##BOOTPARAMD

Bootparamd is used to give the installer information about where to get it’s files from and stuff like that, my config is below. Once you change anything in the config you need to restart the bootparamd process with /etc/init.d/bootparamd restart.

# /etc/bootparams
greenmachine    root=192.168.0.1:/share/jumpstart/install/Solaris_10/Tools/Boot/ \
                install=192.168.0.1:/share/jumpstart/install \
                boottype=:in \
                rootopts=192.168.0.1:rsize=8192,wsize=8192

##Boot image

Now we just need to put the boot image into the tftp directory, which from checking /var/log/daemon.log seems to be /srv/tftp by default.

cp Tools/Boot/platform/sun4u/inetboot /srv/tftp

Now the target will request a file with the same name as it’s IP address, but there’s a catch, it needs to be in hex. It’s pretty simple to work out though, and easily scripted:

cd /srv/tftp
IP=192.168.0.10
HEXIP=$(echo $IP | tr . ' ' | xargs printf %02x | tr a-z A-Z)
ln -s inetboot $HEXIP

##config.tar

One last and important thing to do, is to set up our config tarball. This tells the target system how to use it’s disks and what packages etc should be installed. This comprises of several files.

###rules

There is an example rules file on the Solaris DVD, in Solaris_10/Misc/jumpstart_sample. I just copied it to my config location (/share/jumpstart/config) and added the following line:

any - - profile -

Now I’m not even sure the rules file is strictly necessary, however it is normally used to generate the rules.ok file, which is what I will do next.

###rules.ok

This is pretty simple, just run the following:

cd /share/jumpstart/config
sed -e '/#/d' -e '/^\s*$/d' rules > rules.ok
chksum=$(sum rules.ok | awk '{print $1}');
echo "# version=2 checksum=${chksum}" >> rules.ok

###profile Next we write the profile, which says what should be installed and how the disks should be used etc. Here is a minimal one below:

install_type    initial_install
cluster         SUNWCrnet
cluster         SUNWCssh add
package         SUNWgss add
package         SUNWgssc add
package         SUNWbash add
package         SUNWwgetr add
package         SUNWwgetu add
partitioning    explicit
filesys         mirror c0t0d0s0 c0t1d0s0 5120 /
filesys         mirror c0t0d0s1 c0t1d0s1 512 swap
filesys         mirror c0t0d0s3 c0t1d0s3 5120 /opt
filesys         mirror c0t0d0s6 c0t1d0s6 5120 /usr
filesys         mirror c0t0d0s7 c0t1d0s7 5120 /home
metadb          c0t0d0s4 size 8192 count 4
metadb          c0t1d0s4 size 8192 count 4
filesys         mirror c0t0d0s5 c0t1d0s5 free /share

This will install a very basic installation with SSH, bash and wget. It will use both disks as a RAID1 device, with 5GB /, /usr, /opt and /home slices, and the remaining free space in /share.

###sysidcfg This file has some other config options, such as DNS servers, network and user config. Mine is below:

name_service=DNS{domain_name=kyussnet.local name_server=192.168.0.254 search=kyussnet.local}
network_interface=hme0{dhcp protocol_ipv6=no}
system_locale=en_GB
timezone=Europe/London
root_password=kFkZmCjlJFIz6
nfs4_domain=dynamic
timeserver=localhost
security_policy=NONE
terminal=vt100

The root password there is the 3DES hashed form of “letmein”. Of course I have changed it since ;)

Now tar all these files up and put them somewhere your target can get to it via http. I used an apache instance running on the Debian server for this, so it was pretty simple:

tar -cf /var/www/config.tar .

##Installation

Now on to the actual installation. You need to be able to connect to the target via serial. I used my KeySpan USB to Serial adapter that I have from work, and a Cisco RS-232 to RJ-45 rollover cable, which I connected to the LOM port on the back of the netra. After powering up the netra, I sent it a break so I got the OpenBoot “ok>” prompt.

At the “ok> ” prompt, type in the following:

boot net -v - install http://192.168.0.1/config.tar

Now the URI at the end is for the tarball we made earlier, it might be different on your network. The important thing is that you use the IP address and NOT a DNS hostname, as DNS will not be configured at the time it fetches the tarball. Now just sit back and relax, within an hour or so you should have a fully installed system you can SSH to.

##Additional Notes

###Disk labels Solaris systems recognise two different disk labels, SMI and EFI. Unfortunately you can’t install to EFI disks, but you can relabel them to be SMI. The first time I tried this installation it bombed out when it got to dealing with the disks and left me at a sh prompt. To fix it I ran:

format -e

Choose each disk in turn and the option to label it. This should work fine, it will warn about data loss but we don’t care do we? Nothing’s on there yet.

Once you’ve done that you can re-run the installer without having to reboot with:

/usr/sbin/install.d/pfinstall /tmp/install_config/profile

###Duplex By default it seems that the network devices were set to half duplex, or Solaris is just terrible at autonegotiation. To force it into full duplex, run the following and reboot:

cat <<EOF>>/etc/system
set hme:hme_adv_100fdx_cap=1
set hme:hme_adv_100hdx_cap=0
set hme:hme_adv_10fdx_cap=0
set hme:hme_adv_10hdx_cap=0
set hme:hme_adv_autoneg_cap=0
EOF

###MD5 passwords By default Solaris 10 uses 3DES to encrypt passwords, which is old, crusty and insecure. To beef up the security a bit you can use MD5, which is a better choice. Open up /etc/security/policy.conf and change the “CRYPT_DEFAULT=__unix__” line to “CRYPT_DEFAULT=1”.

Once you’ve done that, then you’ll want to change the passwords for any users you’ve set up with the “passwd” command.