Softpanorama (slightly skeptical) Open Source Software Educational Society

May the source be with you, but remember the KISS principle ;-)

Softpanorama (Slightly Skeptical) Sun Solaris Installation Page

Installation of the Solaris operating system is detailed in the documentation provided by Sun Microsystems.  Here we will present just some highlights

There are several ways to install Solaris. 

• Interactive installation from CD Rom the most widespread way of instllaing/updating Solaris.
• Jumpstart  installation -- more advanced network based installation.
• Flash archives is an image based installation. This is probably the most interesting was of installing Solaris.  It permits installation of different systems based on an image (cpio archive) created on a reference (master) system and preserve much of the tuning done to the master system. Flash archive essentially serves as the installation media instead of standard installation CD/DVD and permit limited customarization You can create many images of the one system and choose which flash archive to install on each system. This way you can have many different OS images installatible on a given server/group of servers. This practice that is standard in Windows is underutilized in Unix environment and is almost unique to Solaris administration (Red Hat now copies this technology too, but it is less widespread).  In a way flash archives are  similar to Ghost images in Windows environment.

Before installation from CD/DVD you can need to collect information about your PC (you may be even send yourself in a email and print it  to document it) including:

• Code page (usually en_US.ISO8859-15)
• Type of console that will be used. Many Sun servers
  (V210, V240, etc) do not have videocard so serial console from PC or laptop is your option. In this case VT100 option and Teraterm works well)
• Which interface you will configure initially (in case of static adress you need ip-address, ip mask and gateway)
• Name of the system
• Type of name service (usually DNS and optionally addresses of name servers)
• Disk layout for the book drive. 

As I mentioned above a typical install is from CD or DVD. Some general steps are listed below.

1. Place the Solaris installation CD in the CD-ROM drive and turn on the computer. If a previous installation of Solaris or SunOS exists on the machine, interrupt the boot process (with STOP+A), specify N for new command mode, and type boot cdrom.
2. From this point on, you are in the Solaris installation procedure. The three major parts of the installation procedure are:
   • Machine Identification
   • Software Installation
   • Post Installation.

The first think to decide during the installation is disk partitioning. Do not try to create you own partitions scheme, unless you really understand Solaris. It is important to understand that the second partition in Solaris is a special one and is not created automatically if, for example you specify one partition manually, for example:

Installation program usually will recommend more or less reasonable number of slices and you can change them and provide explicit size for arch slice. Nothing prevents you cutting just two slices (1 and 2). In this case the space will be utilized much better. For example for an old Ultra 5 box at home you might use the simplest partitioning:

1. / -- 9G

For 20G drive typical on Ultra10 that is used as a home server it might make sense to have separate partitions for major parts of the OS. In this case during reinstallation you can preserve /export/home directory.

1. / -- 8G  -- it does not make sense to use / less then 1G as root directory sometimes is used for packages installation.
2. /swap =  size of your RAM
3. /var --   4G  (var separation is important as it is used in installation of recommended patches. )
4. /export/home -- everything else

or if you want to control more partitions (and hopefully know the sized of each more precisely)

1. / -- 1G  -- it does not make sense to use / less then 1G as root directory sometimes is used for packages installation.
2. /usr -- 6 G
3. /opt -- 4 G -- you might benefit from linking /usr/local to /opt/sfw
4. /swap =  size of your RAM
5. /var --   4G  (var separation is important as it is used in installation of recommended patches. )
6. /export/home -- everything else

Solaris 9 is not great in finding the default router during the installation and you will be better off specifying it yourself.

Notes: Those pages are written by people for whom English is not a native language. Some amount of grammar and spelling errors should be expected. This is a Spartan WHYFF (We Help You For Free) site. It cannot replace the best teachers and the best books. The site contain some obsolete pages as it develops like a living tree... Some links on older pages are broken. Please try to use Google, Open directory, etc. to find a replacement link (see HOWTO search the WEB for details). We would appreciate if you can mail us a correct link. Search Amazon by keywords:     Open directory Research Index

News

Sys Admin Magazine

Step 3: Installing Solaris 8

Put in the Solaris installation media and boot. The Solaris installation sequence should come right up. Run fdisk to establish partition 2 for Solaris. A catch in this step is the boundary cylinders on the hard drive. Give yourself a couple of cylinders buffer between the end of the your Windows partition and where you start the Solaris partition. Also allow some buffer between the end of your Solaris partition and the start of your Linux partition. I use a rule of thumb of two cylinders on each side. If you don't add this buffer, your installation will fail. Install what you want on partition 2. Note that Solaris will divide partition 2 into partitions 2 and 3 during the install. Late in the install process, you will have a chance to look at the filesystem layout. Partition 2 will be sliced up into / in s0, swap in s1, overlap will be in s2, and /export/home in s7. These four slices are the reason that in Step 2a we added four to several lines. After the Solaris install, Linux will see hda5 as hda9. If you use more than four slices in Solaris, you will have to modify Step 2a as appropriate. Reboot. Study Listing 3 to see what the partition table looks like after the Solaris installation, especially the cylinder buffers around the Solaris partitions.

Guide to armoring Solaris 8

Partitioning and Patching
During the installation process, you will be asked to partition your system. Partitioning helps security in two ways. First, you can protect critical patitions, such as '/' partition, from filling up by creating seperate patitions for logging and mail. Second, partitioning allows you to restrict which partitions have which capabilities, such as making the '/usr' partition, for all the system binaries, read only.

Therefore, I recommend a separate partition for both "/var" and "/usr". "/var" is where all the system and firewall logging and email spoolling goes. By isolating the /var partition, you protect your root partition from overfilling. By isoloating the /usr partition, we can create this read-only, helping to protect system binaries from modification or potential remote exploit. You may want to consider an seperate partition for "/opt' also, as this is where the FW-1 NG binaries will be located.

Firewall-1 NG logs and configuration files are located in "/var/opt/CPfw1-50". Most Solaris systems have two or more drives, such as the Ultra 10 or 2 IDE drives for an x86. If you are not mirroring the second drive, dedicate the drive for all the firewall logs and configs. Once again, this protects all the other partitions from filling up. With such a setup, a 20GB hard drive and 128MB of RAM could look as follows:

/                 - everything else
swap              - 256MB (or traditionally 2x amount of RAM)
/var              - 400MB
/var/opt/CPfw1-50 - 15GB or 2nd drive
/usr              - 500MB (if you want separate ReadOnly partition).

Once the system has rebooted after the installation, be sure to install the Recommended and Security patch cluster from Sun. Also, FW-1 NG requires two additional patches that are not part of the cluster, specifically 108434-02 and 108435-02. You will have to download and install these patches in addition to the patch cluster. Be sure to use your go between box to get the patches, the firewall box should always remain on an isolated network. Patches are CRITICAL to maintaining a secure firewall and should be updated at least once a week. http://www.securityfocus.com maintains an excellent vulnerability database.

Recommended Links

docs.sun.com Solaris 8 Advanced Installation Guide

• Preparing Custom JumpStart Installations

Jumpstart

SecurityFocusJumpStart for Solaris Systems, -- The JumpStart Architecture and Security Scripts (JASS) toolkit provides a Solaris system administrator with an easy to use and easy to implement method of hardening Solaris systems. This toolkit provides the ability to install identical hardened Solaris operating system images to multiple systems.

• Part 1

• Part 2

JumpStart Architecture and Security Scripts for the Solaris Operating Environment - Part 2:
Updated for Toolkit version 0.2",
Alex Noordergraaf and Glenn Brunette, Sun Blueprints, November 2000

[JumpStart Architecture and Security Scripts for the Solaris Operating - Part 3:
Updated for Toolkit version 0.2",
Alex Noordergraaf and Glenn Brunette, Sun Blueprints, November 2000

jumpstart.txt -- practical instructions with Troubleshooting Tips

 #! Most errors occur in the sysidcfg file or the add_install_client. #! syntax. 

To avoid troubleshooting headaches, do the following: 

1.  # cat /dev/null > /etc/bootparams 

2. Run the add_install_client again 

3. Reboot the client and try again. 

#! Common sysidfcg errors occur when network_interface entries #! are not space delimited. 

Closely scrutinize the file. One #! typo will abort the entire jumpstart.

Disk partitioning

Solaris x86 - Documents

As you can see in the Customized column below, with my 4-gig drive I transferred 1.4 GB to /opt and about 650 MB to each / and /var which left 250 MB for the /export/home slice.

The Before column below was displayed with the sizes given in Mbytes:

• Software packages

• Software clusters

• Software groups. Software groups are collections of Solaris OE software packages. Each software group includes support for different functions and hardware drivers. The Solaris OE is made up of five software groups:

  • Core (SUNWCreq)contains the minimum software required to boot and run the Solaris OE in a minimum configuration, without the support to run many server applications. It includes:

    • a minimum of networking software, including Telnet, File Transfer Protocol (FTP), Network File System (NFS), Network Information Service (NIS) clients, and Domain Name Service (DNS).

    • The drivers required to run the Common Desktop Environment (CDE), but does not include the CDE software.

    • The Core software group also does not include online manual pages.

  • End User System Support (SUNWCuser) Includes the Core software group plus "end user software" plus the CDE.

  • Developer System Support (SUNWCprog). this is End User System Support software group. plus the libraries, the include files, the online manual pages, and the programming tools.

  • Entire Distribution (SUNWCall) this is a Developer System Support software group plus additional software needed for servers. Other way to think about it is the entire Solaris OE software release minus OEM support.

  • Entire Distribution Plus Original Equipment Manufacturers (OEM). This is "install everything option". This software group might be useful in case of non-Sun servers.

# grep METACLUSTER /var/sadm/system/admin/.clustertoc

METACLUSTER=SUNWCXall

METACLUSTER=SUNWCall

METACLUSTER=SUNWCprog

METACLUSTER=SUNWCuser

METACLUSTER=SUNWCreq

METACLUSTER=SUNWCmreq

The metacluster SUNWCmreq is a hidden metacluster. It allows you to create a minimal core metacluster by de-selecting packages from the core metacluster.

# cat /var/sadm/system/admin/CLUSTER

CLUSTER=SUNWCXall

Last modified: February 28, 2008