|
Softpanorama
(slightly skeptical)
Open Source Software Educational Society |
May the
source be with you,
but remember the KISS principle ;-)
|
Softpanorama (Slightly Skeptical) Sun Solaris Installation Page
Installation of the Solaris operating system is detailed in the documentation
provided by Sun Microsystems. Here we will present just some highlights
There are several ways to install Solaris.
- Interactive installation
from CD Rom the most widespread way of instllaing/updating Solaris.
- Jumpstart installation -- more advanced
network based installation.
- Flash archives
is an image based installation. This is probably the most interesting was of
installing Solaris.
It permits
installation of different systems based on an image (cpio archive) created on a
reference (master) system and preserve much of the tuning done to the master
system. Flash archive essentially serves as the installation media instead
of standard installation CD/DVD and permit limited customarization You can
create many images of the one system and choose which flash archive to install
on each system. This way you can have many different
OS images installatible on a given server/group of servers. This practice that
is standard in Windows is underutilized in Unix environment and is almost
unique to Solaris administration (Red Hat now copies this technology too,
but it is less widespread). In a way flash archives are similar to
Ghost images in Windows environment.
Before installation from CD/DVD you can need to collect
information about your PC (you
may be even send yourself in a email and print it to document it)
including:
- Code page (usually en_US.ISO8859-15)
- Type of console that will be used. Many Sun servers
(V210, V240, etc) do not have videocard so
serial
console from PC or laptop is your option. In this case
VT100 option and Teraterm works well)
- Which interface you will configure initially (in case of static adress
you need ip-address, ip mask and gateway)
- Name of the system
- Type of name service (usually DNS and optionally addresses of name
servers)
- Disk layout for the book drive.
As I mentioned above a typical install is from CD or DVD. Some general steps are listed below.
- Place the Solaris installation CD in the CD-ROM drive and turn on the
computer. If a previous installation of Solaris or SunOS exists on the
machine, interrupt the boot process (with STOP+A), specify N for new
command mode, and type boot cdrom.
- From this point on, you are in the Solaris installation procedure. The
three major parts of the installation procedure are:
- Machine Identification
- Software Installation
- Post Installation.
The first think to decide during the installation is disk partitioning. Do
not try to create you own partitions scheme, unless you really understand
Solaris. It is important to understand that the second partition in Solaris is a special one
and is not created
automatically if, for example you specify one partition manually, for example:
Installation program usually will recommend more or less reasonable number of
slices and you can change them and provide explicit size for arch slice. Nothing prevents you cutting
just two slices (1 and 2). In this case the
space will be utilized much better. For example for an old Ultra 5 box at home you
might use the simplest partitioning:
1. / -- 9G
For 20G drive typical on Ultra10 that is used as a home server it might make
sense to have separate partitions for major parts of the OS. In this case during
reinstallation you can preserve /export/home directory.
- / -- 8G -- it does not make sense to use / less then 1G as
root directory sometimes is used for packages installation.
- /swap = size of your RAM
- /var -- 4G (var
separation is important as it is used
in installation of recommended patches. )
- /export/home -- everything else
or if you want to control more partitions (and hopefully know the sized of
each more precisely)
- / -- 1G -- it does not make sense to use / less then 1G as
root directory sometimes is used for packages installation.
- /usr -- 6 G
- /opt -- 4 G -- you might benefit from linking
/usr/local to
/opt/sfw
- /swap = size of your RAM
- /var -- 4G (var
separation is important as it is used
in installation of recommended patches. )
- /export/home -- everything else
Solaris 9 is not great in finding the default router during the installation and you will be better
off specifying it yourself.
Notes:
- Those pages are written by people for whom English is not a
native language. Some amount of grammar and spelling errors
should be expected.
- This is a Spartan WHYFF (We Help You For Free) site. It
cannot replace the best teachers and
the
best books.
- The site contain some obsolete pages as it develops like a
living tree... Some links on older pages
are broken. Please
try to use Google, Open directory, etc. to find a replacement link
(see
HOWTO search the WEB for details).
We would appreciate if you can
mail us a correct link.
|
|
It is my hope that this document will encourage
more people to use Sun's Solaris Live Upgrade software. Even though I'm
writing here about the Solaris Operating System, x86 Platform Edition, the
information is applicable to the SPARC Platform Edition as well.
The Solaris Express program is now offered as
an option for Sun's customers to gain early access to the next Solaris
release. This program is updated every month. We highly encourage people to
download and install these early releases so they will have access to new
features coming in the Solaris OS.
When we access early releases, we may start
running into situations where we have two or three different environments that
we might want to either test or develop on. Live Upgrade is a means to boot
between these multiple environments. It upgrades the environment so that it
will be as close as possible to what existed in the environment you copied
from.
The Solaris
Interactive Installation -- chapter from the book that looks like a
re-write of corresponding chapter of SA-299 manual.
In this chapter:
- Solaris 9 Installation—An Overview
- The Solaris WebStart Installation Method
- JumpStart Installation
- The Solaris SunInstall Installation
- WebStart Flash Installation
- Live Upgrade
- Summary
Step 3: Installing Solaris 8
Put in the Solaris installation media and boot. The Solaris installation
sequence should come right up. Run fdisk to establish partition 2 for Solaris.
A catch in this step is the boundary cylinders on the hard drive. Give
yourself a couple of cylinders buffer between the end of the your Windows
partition and where you start the Solaris partition. Also allow some buffer
between the end of your Solaris partition and the start of your Linux
partition. I use a rule of thumb of two cylinders on each side. If you don't
add this buffer, your installation will fail. Install what you want on
partition 2. Note that Solaris will divide partition 2 into partitions 2 and 3
during the install. Late in the install process, you will have a chance to
look at the filesystem layout. Partition 2 will be sliced up into / in
s0, swap in s1, overlap will be in s2, and /export/home
in s7. These four slices are the reason that in Step 2a we added four to
several lines. After the Solaris install, Linux will see hda5 as
hda9. If you use more than four slices in Solaris, you will have to modify
Step 2a as appropriate. Reboot. Study
Listing 3 to see what the partition table looks like after the Solaris
installation, especially the cylinder buffers around the Solaris partitions.
Partitioning and Patching
During the installation process, you will be asked to partition your system.
Partitioning helps security in two ways. First, you can protect critical
patitions, such as '/' partition, from filling up by creating seperate
patitions for logging and mail. Second, partitioning allows you to restrict
which partitions have which capabilities, such as making the '/usr' partition,
for all the system binaries, read only.
Therefore, I recommend a separate partition for both "/var" and "/usr". "/var"
is where all the system and firewall logging and email spoolling goes. By
isolating the /var partition, you protect your root partition from
overfilling. By isoloating the /usr partition, we can create this read-only,
helping to protect system binaries from modification or potential remote
exploit. You may want to consider an seperate partition for "/opt' also, as
this is where the FW-1 NG binaries will be located.
Firewall-1 NG logs and configuration files are located in "/var/opt/CPfw1-50".
Most Solaris systems have two or more drives, such as the Ultra 10 or 2 IDE
drives for an x86. If you are not mirroring the second drive, dedicate the
drive for all the firewall logs and configs. Once again, this protects all the
other partitions from filling up. With such a setup, a 20GB hard drive and
128MB of RAM could look as follows:
/ - everything else
swap - 256MB (or traditionally 2x amount of RAM)
/var - 400MB
/var/opt/CPfw1-50 - 15GB or 2nd drive
/usr - 500MB (if you want separate ReadOnly partition).
Once the system has
rebooted after the installation, be sure to install the
Recommended
and Security patch cluster from Sun. Also, FW-1 NG requires two additional
patches that are not part of the cluster, specifically 108434-02 and
108435-02. You will have to download and install these patches in addition to
the patch cluster. Be sure to use your go between box to get the patches, the
firewall box should always remain on an isolated network. Patches are
CRITICAL to maintaining a secure firewall and should be updated at least
once a week.
http://www.securityfocus.com maintains an excellent vulnerability
database.
docs.sun.com Solaris 8 Advanced Installation Guide
Jumpstart
SecurityFocusJumpStart for Solaris Systems,
-- The JumpStart Architecture and Security Scripts (JASS) toolkit provides a
Solaris system administrator with an easy to use and easy to implement method of
hardening Solaris systems. This toolkit provides the ability to install
identical hardened Solaris operating system images to multiple systems.
JumpStart Architecture and Security Scripts for the Solaris Operating
Environment - Part 2:
Updated for Toolkit version 0.2",
Alex Noordergraaf and Glenn Brunette, Sun Blueprints, November 2000
[JumpStart
Architecture and Security Scripts for the Solaris Operating - Part 3:
Updated for Toolkit version 0.2",
Alex Noordergraaf and Glenn Brunette, Sun Blueprints, November 2000
jumpstart.txt -- practical instructions with Troubleshooting Tips
#! Most errors occur in the sysidcfg file or the
add_install_client. #! syntax.
To avoid troubleshooting headaches, do the following:
-
# cat /dev/null > /etc/bootparams
-
Run the add_install_client again
-
Reboot the client and try again.
#! Common sysidfcg errors occur when network_interface entries
#! are not space delimited.
Closely scrutinize the file. One #! typo will abort the entire
jumpstart.
Solaris
x86 - Documents
As you can see in the Customized column
below, with my 4-gig drive I transferred 1.4 GB to /opt and about 650
MB to each / and /var which left 250 MB for the
/export/home slice.
The Before column below was displayed with the sizes given in Mbytes:
| Before (Default) |
|
Customized |
| / |
c0d0s0 |
43 |
/ |
c0d0s0 |
700 |
| /usr/openwin |
c0d0s1 |
341 |
/usr/openwin |
c0d0s1 |
341 |
| overlap |
c0d0s2 |
4102 |
overlap |
c0d0s2 |
4102 |
| /var |
c0d0s3 |
30 |
/var |
c0d0s3 |
648 |
| swap |
c0d0s4 |
147 |
swap |
c0d0s4 |
147 |
| /opt |
c0d0s5 |
25 |
/opt |
c0d0s5 |
1400 |
| /usr |
c0d0s6 |
535 |
/usr |
c0d0s6 |
535 |
| /export/home |
c0d0s7 |
2977 |
/export/home |
c0d0s7 |
250 |
The Solaris OE software is organized into three components:
To view the names of the cluster configurations, perform the
command:
#
grep METACLUSTER /var/sadm/system/admin/.clustertoc
METACLUSTER=SUNWCXall
METACLUSTER=SUNWCall
METACLUSTER=SUNWCprog
METACLUSTER=SUNWCuser
METACLUSTER=SUNWCreq
METACLUSTER=SUNWCmreq
The metacluster
SUNWCmreq is a
hidden metacluster. It allows you to create a minimal core metacluster by de-selecting packages
from the core metacluster.
To determine which cluster configuration has been installed on
the system, you can use the command:
# cat /var/sadm/system/admin/CLUSTER
CLUSTER=SUNWCXall
Copyright © 1996-2007 by Dr. Nikolai Bezroukov.
www.softpanorama.org was
created as a service to the UN Sustainable Development Networking Programme (SDNP)
in the author free time.
Submit
comments This document is an industrial compilation designed and created
exclusively for educational use and is placed under the copyright of the
Open Content License(OPL).
Original materials copyright belong to respective owners. Quotes are made
for educational purposes only in compliance with the fair use doctrine.
Standard disclaimer: The statements, views and opinions presented on
this web page are those of the author and are not endorsed by, nor do they necessarily
reflect, the opinions of the author present and former employers, SDNP or any other
organization the author may be associated with. We do not warrant the correctness
of the information provided or its fitness for any purpose.
Last modified:
February 28, 2008