Message-ID: <9041253.509.1711725779270.JavaMail.serveradmin@t01app> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_508_25264781.1711725779268" ------=_Part_508_25264781.1711725779268 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html 1.0 Setup Solaris 10 Base Server - 2008

1.0 Setup Solaris 10 Base Server - 2008

=20 =20

Introduction
=20

I wrote these instructions back in Feb 2008 and just dumped this from my= old Google Sites wiki.

=20

This guide describes a stripped down Server Solaris 10 server ideal as a= host for Container technology. You can download Solaris 10 for free online= and you will only need the first, second and fifth disc.

This procedure will outline the steps to be used in the creation of basi= c Sun image. Server images built this way can then be backed up and restore= d to any similar hardware using ufsdump/ufsrestore and the standard Sun sol= aris install boot cd to access a recovery shell running in memory.

Boot Up

Serial Setup

  1. Connect 9 pin serial.
  2. Load Hyper Terminal using 9600 Baud
  3. Boot the Solaris System with the first Install CD-ROM
  4. If there is already a Solaris operating system then interrupt the boot = right after you see Hostname:
    1. Ctrl Break-Key
    2. Then type: boot cdrom

CTRL-L {refresh the shell}

Remote Console Setup
  1. SSH to system which has direct access to the Remote Console device
  2. Telnet to Remote Console device
    1. Use standard password
    2. /C n (where n is your console id)
    3. If there is already a Solaris operating system then interrupt the boot,
      1. CTRL-]
      2. send br (type this)
    4. boot cdrom

Remote Console Setup with the New T300 and U= sing LOM

Things have slightly changed with the= new Solaris T5120 system. First, ILOM has been replaced with ALOM. Think o= f (Lights Out Manager) LOM as an OS that you use even when the SUN system i= s off. It has many features, but for us all that matters is you can still b= oot the system even after it is down with LOM. You can browser the T5120 p= roduct documentation for more d= etails.

  1. SSH to a system which has access to the Remote Console device
  2. Telnet to Remote Console device
    1. Use standard password
    2. /C n (where n is your console id)
    3. If you are in the default preinstalled OS then shut it down.
    4. #. (to get to ALOM)
    5. start /SYS (powers on the server and boots the OS system)
    6. start /SP/console
    7. If there is already a Solaris operating system then interrupt the boot = right after you see Ethernet address [x:x:xx:x], Host ID: [xxxx].: 
      1. CTRL-]
      2. send br (type this)
    8. You should see, Type 'go' to resume
    9. boot cdrom (type this)
    10. Expect to wait a while

 

Note* - When connecting to the remote console, certain editors do not di= splay properly (mainly vi) when the TERM environment variable is not set to= vt100. To rectify this problem, set: TERM=3Dvt100; export TERM

Installation of Sun Solaris 10 8/07

Highlighted below are the tougher questions to answer or standards that = 2Keys developed. Straightforward steps will be denoted with the text <= em>... obvious questions.

  1. ... obvious questions
  2. What type of terminal are you using? =3D DEC VT100
  3. Networked? =3D Yes
  4. Use DHCP? =3D No {we are building servers so= generally it is a}
  5. Host name? =3D Up to you {in this example I = used solaris}
  6. IP Address =3D Up to your network {example 1= 92.168.0.10}
  7. System part of a subnet? =3D Yes
  8. Enable IPv6? =3D No
  9. Default Route for? =3D Detect one upon reboot
  10. ... obvious questions
  11. Configure Kerberos Security? =3D No
  12. Name Service =3D None
  13. ... obvious questions
  14. NFSv4 Domain Configuration =3D Use the NFSv4 domain derive= d by the system
  15. ... obvious questions
  16. Remote services enabled =3D No
  17. Ways to install your Solaris software =3D Standard
  18. Eject CD/DVD Automatically? =3D Given we are using servers choose = manually
  19. Reboot After Installation =3D Auto Reboot
  20. Solaris Interactive Installation =3D For new systems it will give the o= ption of upgrading, we don't want that. Choose Initial
  21. Select Georgraphic/Localization =3D DO NOT SELECT ANYTHING=  {else you will have to deal with unnecessary dependencies ar= ound X Windows and Java}
  22. Select System Locale =3D POSIX C ( C )
  23. Web Start Ready Product scan location: None
  24. File System =3D UFS (for now)
  25. Extra Value Software =3D No
  26. Additional Products =3D None
  27. Select Software =3D Reduced Networking Core System Support= **Select F4 to Customize**
  28. We like to Customize the Reduced Networking Core System Support install= ation up front with F4_Customize to enable SSH which can be tricky to manua= lly install, and some basic packages.
    1. Basic IP Commands (Root) =3D SUNWbipr depends on SUNWbipr
    2. Basic IP Commands (Usr) =3D SUNWbip
    3. GSSAPI CONFIG V2 =3D SUNWgssc
    4. GSSAPI V2 =3D SUNWgss depends on SUNWgssc {required for SSH Server}&nbs= p;
    5. Secure Shell
      1. SSH Client and utilities, (Root) =3D SUNWsshr
      2. SSH Client and utilities, (Usr) =3D SUNWsshu
      3. SSH Common, (Usr) =3D SUNWsshcu
      4. SSH Server, (Root) =3D SUNWsshdr
      5. SSH Server, (Usr) =3D SUNWsshdu
    6. Choosing F2_OK will take you back to the Select Software Screen
  29. Now that things are customized, on the Select software Screen choose, F= 2_Continue
  30. Select Disk
  31. Automatically Layout file systems? =3D Manual
  32. Do you want to mount software from a remote file server? =3D No, just choose to continue

Hard Disk Partitioning Strategy (find my old article)

Aside instructions and this is not part of t= he main document flow... move this out into another section called, adding = a disk drive.

If you get the error message along the lines of,

scsi: WARNING: /pci@0/pci@0/pci@2/scsi@0/sd@2,0 (sd2):
<= code>Feb 17 12:12:08 istur1  Corrupt label; wrong magic number<= /p>

This is because you added a brand new disk.

You need to label the disk,

  1. Login as root

  2. type format

  3. select the disk in question

  4. type label {Solaris is going to label it for you, so you don't= specify anything here}

  5. verify (you should see data instead of an error message)

  6. you are done

Log into your system and create a pla= ce for mounting your cdrom,

=20
cd /mnt
mkdir cdrom
=20

To Prevent Cursing, Swearing and Pulling Out of Hair

Once you have logged in, execute the = following command so that backspace will work,

=20
stty er=
ase '^H'
=20

Setup NIC (true setup only, not demo)

On a true server class machine, the n= etwork card will not be fully working yet so read, get your network card working. On a simple demo vm install it should be already working.

At this point you may should wo= rk remotely using ssh. It's faster than terminal and you will be able to co= py and paste more easily. To do so you must minimally set up the home direc= tory and add your user account. See the section below, Setup of Acco= unt. Just keep in mind that you won'= t have the bash shell yet so do not specify a default shell.

If the system is on the 4th floor at 888 Birchmount the network interfac= e needs to be forced to 100 full as the autodetect doesn't work.On a Solari= s 10 system with an e1000g interface as shown by netstat -in or ifconfig -a= edit the /kernel/drv/e1000g.conf file and add as per the comments:

ForceSpeedDuplex=3D4,4,4,4,4,4,4,4,4,4,4,4,4,4,4,4;

Reboot for the change to take effect. grep -i link /var/adm/messages* af= ter booting to verify the link speed is correct.

Configuring SSHD for Remote Access

In the event SSHD is installed manual= ly after the base installation, post-installation configuration is required= . SSHD host keys need to be generated to allow ssh connections to the syste= m. To achieve this, run the following:

=20
/lib/sv=
c/method/sshd -c
svcadm restart ssh
=20

Set= up Time Synchronization

Ensure time stays correct on your server,

=20
# Creat=
e the ntp.conf file in /etc/inet/ntp.conf
# Note - zones use NTP off the global zone. The following configuration is =
not necessary for zones.
su - root
vi /etc/inet/ntp.conf
driftfile /etc/ntp.drift
server 10.0.44.74
server 10.234.2.6
Stop and start the ntp service to enable.
svcadm enable network/ntp
Check that ntp is working,
ntpq
ntpq> peers=20
ntpq> quit


# You should see something similiar to below.

     remote           refid      st t when poll reach   delay   offset    d=
isp
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D
+10.0.44.74      .GPS.            1 u  812 1024  377     9.80    1.406    1=
.11
*10.234.2.6      .GPS.            1 u  860 1024  377     6.56   -0.546    0=
.52
=20

Ins= tall Essential Packages

There are other packages that we will now install. We choose to install = these package manually rather than during the initial server setup step. We= do this to remove unnecessary dependencies (extra packages being installed= ) and also because the interface during that step is really really slow.(It= appears that the Reduced Networking Core System Support doesn't list SSH)<= /p>

There are other packages that we will= now install. We choose to install these package manually rather than durin= g the initial server setup step. We do this to remove unnecessary dependenc= ies (extra packages being installed) and also because the interface during = that step is really really slow.(It appears that the Reduced Networking Cor= e System Support doesn't list SSH)

Manually install packages as follows and in the outlined order. If you d= o not want to use the order provided, make sure to check package dependenci= es with the command, pkginfo. Package list details can be found at, http://docs.sun.com/app/docs/doc/817-0545/sparcpackagelist= -tbl-1?a=3Dview

 

=20

Convenience Package

I still have to make this. With Solaris10.ConveniencePackage.BonsaiFrame= work.zip using pkgadd -s /var/spool/pkg -d . [package name] which would contain all the packages you would need to install.= This saves time of putting in CDs and then installing packages one at a ti= me.

=20

Mound yo= ur CD and then use the following command to install packages,

=20
cd /mnt=
/cdrom/Solaris_10/Product
pkgadd -d . [package name] # command to install packages
=20

Initial = Base Packages

Core of what you need minimally,

Disc1

  1. SUNWlibC (libc is required for a variety of other packages)
  2. SUNWmdu (volume manager disk mirroring)
  3. SUNWtnetc (Telnet client)

Disc 2

  1. SUNWbash (bash command shell) depends on SUNWlibC
  2. SUNWdoc (man page utilities)
  3. SUNWntpr SUNWntpu (Network Time Protocol)

Proven to be useful and required for day to day maintenance

  1. SUNWgzip (gzip utility)
  2. SUNWzip (zip utility)
  3. SUNWsshr SUNWsshu (ssh c= lient) Already8 installed if you choose packages during initial= ly install as instructed.

Disc 5

  1. SUNWtcpd (tcp_wrappers for network services)
  2. SUNWman (man pages)

Zone Packages

Since ~ Jan 2007 - Feb 2008 we've had production proven use of container= technology. Before we used to hack "cloning" but since becoming a feature = in build 33 (date?), I would say we are not cutting edge (rather than = bleeding edge).

Note we've are comfortable with other types of zone, but our enterprise = production proven use case has been sparse zones. As of this article, the t= echnology is brand new so here is a quick excerpt,

The default zone filesystem model is called sparse-root. T= his model emphasizes efficiency at the cost of some configuration flexibili= ty. Sparse-root zones optimize physical memory and disk space usage by shar= ing some directories, like /usr and /lib. Any updates and programs installe= d in the global zone (where all the other zones site) for the most part aff= ect the sparse-root zones. Further, sparse-root zones have their own privat= e file areas for directories like /etc and /var (this is where your service= software like Apache Web Server go).

Whole-root zones increase configuration flexibility but increase resourc= e usage. They do not use shared filesystems for /usr, /lib, and a few other= s. http://opensolaris.org/os/community/zones/faq/#basic_zonety= pes. We do not use Whole-root zones as it increaes maintenance (more sy= stems to update).

This lists the required packages to allow use of Zones. The initial list= is from Tony. I spent some time slimming things down. I believe this list = may be even further stripped down and will try given time.

Disc 2

  1. SUNWadmfr SUNWadmfw (Tin: I do not think these packages are = needed.)
  2. SUNWlucfg SUNWlur SUNWluu SUNWluzone (installed due to SUNWzoner and SU= NWzoneu)
  3. SUNWxwplr (already installed if you added X-Windows s= upport)

Disc 1

  1. SUNWctpls SUNWdtcor (already installed if you ad= ded X-Windows support) SUNWmfrun (required for SUNWj= 5rt)
  2. SUNWj5rt (Note: you can safely ignore the X = windows prerequisites if you want only support for zones and not X-Windows.= This is fixed in Open Solaris as of Feb 1, 2008 but not in Sun Solaris 10.= This looks to be fixed in Solaris 11.)
  3. SUNWpoolr SUNWpool
  4. SUNWzoner SUNWzoneu (requires SUNWluu, SUNWluzone on Disc 2 so install = them first)

Why can we ignore the X-Windows dependencies? Turns out this is a known = issue and a bug (as of Tin looking Feb 1, 2008). The = kernel developer Gary Pennington explains why here. Basic= ally SUNWzoneu depends on SUNWpool which depends on Java which asks for X s= tuff. In the fix, they took the parts of SUNWpool that depend on Java and s= plit it into its own package called SUNWpoold.

SUNWxcu4 (XCU4 Utilities) (look like we do not need this)
(Required f= or native Java runtime and GID)

Make the base zone directory,

=20
su - ro=
ot
cd /var
mkdir zones
=20

Packages to Allow IHS 6.x Running Inside of Zones

In order to run IHS (IBM HTTP Server) 6.x on zones you must have GSKit w= hich is packaged with IHS.

Check if GSKit is installed on the global zone.

 

=20
cd /usr=
/bin
ls gsk7*
=20

If you do not see gsk7 files then you must install it.

GSKit must be installed using root on the global zone,

=20
su -
 
# unpackage
mkdir tmp
cd tmp
tar -xvpf ./ihs.6020.solaris.sparc.tar
 
# run installer
./IHS/gskit.sh
# Expect the following ERROR message,
SunOS
This is an SPARC Series machine.
We are moving appropriate library into place.
exec failed. errno=3D2.
Installation of <gsk7bas> was successful.
=20

Misc Package

SUNWsndmr SUNsndmu (sendmail used for alerting verify if this is needed = in the global zone)

Package Installation - Freeware

Our packages are taken from Sunfreeware. Use the versions of package on this wiki unless:

  • There is a security issue resolved in the newer version (but you must s= till go through testing)
  • You really want the new features and you are building a system there wi= ll be extensive testing

Any freeware new packages or updated packages must be approved by Di= ckson or Tony.

Here is the l= ist of Freeware packages we use,

  1. Top - top-3.6.1-sol10-sparc-local.gz
  2. GNU Grep - to provide install instructions

Example of Freeware In= stall - Top

The top program gives a high level vi= ew of the system.

Download top-3.6.1-sol10-sparc-local.gz=  to the global zone.

Wh= en running the command to install, do NOT put ., ./, or the directory name in front of the f= ile name in pkgadd,

 

=20
su -
gunzip top-3.6.1-sol10-sparc-local.gz
pkgadd -Gd top-3.6.1-sol10-sparc-local # notice no . ./ or directory name=20

References

Found this article in 2016 which has similar practice - http://deer-run.com/~hal/SolarisWebcast.pdf and given t= ime compare to see if they covered anything we missed here.

 

------=_Part_508_25264781.1711725779268--