To use the Web Start Wizard installer using a local DVD-ROM or CD-ROM drive, you need to bring the system to run level 0 so that commands can be entered into the PROM boot monitor (for more information about the boot monitor, see Chapter 3). The following command can be used from a root shell to bring the system to run level 0:
# sync; init 0
Once the system has reached init level 0, the following prompt will be displayed:
Next, you need to place the Solaris 9 Installation CD-ROM or DVD-ROM into the local drive, and type the following command:
ok boot cdrom
Note that the command is the same whether a DVD or CD-ROM is used as the source. If you have a Solaris Intel system, you cannot upgrade from 2.6 and 7 to 9 by using the Web Start Wizard from the CD-ROM: you must use either a DVD-ROM, JumpStart, or net-based installation. In addition, your BIOS and hard disk controller for the boot device must support logical block addressing (LBA) to work with Solaris 9.
Soon after the system has started booting, you will see output similar to the following:
Boot device: /sbus/espdma@e,8400000/esp@e,8800000/sd@6,0:f File and args: SunOS Release 5.9 Version Generic 32-bit Copyright 1983-2001 Sun Microsystems, Inc. All rights reserved. Configuring /dev and /devices Using RPC Bootparams for network configuration information. Solaris Web Start installer English has been selected as the language in which to perform the install. Starting the Web Start Solaris installer Solaris installer is searching the system’s hard disks for a location to place the Solaris installer software. Your system appears to be upgradeable. Do you want to do a Initial Install or Upgrade? 1) Initial Install 2) Upgrade Please Enter 1 or 2 >>
If the following message appears in the boot messages, you may elect to perform an upgrade of the existing Solaris installation. However, most administrators would back up their existing software, perform a fresh install, and then restore their data and applications once their system is operational. In this case, we will choose to perform an Initial Install, which will overwrite the existing operating system.
After you enter 1 and hit ENTER, you will see a message like this:
The default root disk is /dev/dsk/c0t0d0. The Solaris installer needs to format /dev/dsk/c0t0d0 to install Solaris. WARNING: ALL INFORMATION ON THE DISK WILL BE ERASED! Do you want to format /dev/dsk/c0t0d0? [y,n,?,q]
Formatting the hard drive will overwrite all existing data on the drive—you must ensure that if you previously installed an operating system on the target drive (c0t0d0), you have backed up all data that you will need in the future. This includes both user directories and application installations.
After entering y, the following screen will appear:
NOTE: The swap size cannot be changed during filesystem layout. Enter a swap slice size between 384MB and 2027MB, default = 512MB [?]
Just hit the ENTER key to accept the default on 512MB if your system has 256MB physical RAM, as the sample system has. However, as a general rule, you should only allocate twice the amount of physical RAM as swap space; otherwise, system performance will be impaired. The swap partition should be placed at the beginning of the drive, as the following message indicates, so that other slices are not dependent on its physical location:
The Installer prefers that the swap slice is at the beginning of the disk. This will allow the most flexible filesystem partitioning later in the installation. Can the swap slice start at the beginning of the disk [y,n,?,q]
After entering y to this question, you will be asked to confirm the formatting settings:
You have selected the following to be used by the Solaris installer: Disk Slice : /dev/dsk/c0t0d0 Size : 1024 MB Start Cyl. : 0 WARNING: ALL INFORMATION ON THE DISK WILL BE ERASED! Is this OK [y,n,?,q]
If you enter y, the disk will be formatted and the mini root file system will be copied to the disk, after which the system will be rebooted and the Web Start Wizard installation process can begin:
The Solaris installer will use disk slice, /dev/dsk/c0t0d0s1. After files are copied, the system will automatically reboot, and installation will continue. Please Wait... Copying mini-root to local disk....done. Copying platform specific files....done. Preparing to reboot and continue installation. Rebooting to continue the installation. Syncing file systems... 41 done rebooting... Resetting ... SPARCstation 20 (1 X 390Z50), Keyboard Present ROM Rev. 2.4, 256 MB memory installed, Serial #456543 Ethernet address 5:2:12:c:ee:5a HostID 456543 Rebooting with command: boot /sbus@1f,0/espdma@e,8400000/ esp@e,8800000/sd@0,0:b Boot device: /sbus@1f,0/espdma@e,8400000/esp@e,8800000/sd@0,0:b File and args: SunOS Release 5.9 Version Generic 32-bit Copyright 1983-2001 Sun Microsystems, Inc. All rights reserved. Configuring /dev and /devices Using RPC Bootparams for network configuration information.
The Web Start Wizard proceeds by asking a number of configuration questions that are used to determine which files are copied to the target drive, and how the new system’s key parameters will be set. Many of the questions involve network and software configuration, because these are the two foundations of the Solaris installation. In the following sections, we will review each of the configuration options and cover examples of appropriate settings.
The Network Support screen gives users the option to select a networked or non- networked system. Some examples of non-networked systems include stand-alone workstations and offline archives. If you don’t want or need to install network support, however, you will still need a unique hostname to identify the localhost.
Network users must first identify how their system is identified using the IP. One possibility is that the system will use Dynamic Host Configuration Protocol (DHCP), which is useful when IP addresses are becoming scarce on a class C network. DHCP allows individual systems to be allocated only for the period during which they are “up.” Thus, if a client machine is only operated between 9:00 A.M. and 5:00 P.M. every day, it is only “leased” an IP address for that period of time.
When an IP address is not leased to a specific host, it can be reused by another host. Solaris DHCP servers can service Solaris clients, as well as Microsoft Windows and Linux clients.
A hostname is used to uniquely identify a host on the local network, and when combined with a domain name it allows a host to be uniquely identified on the Internet. Solaris administrators often devise related sets of hostnames that form part of a single domain. For example, names of the planets, minerals, and jewels are commonly used. Alternatively, a descriptive name, such as “mail,” can be used to describe systems with a single purpose, such as mail servers.
If your network does not provide DHCP, you will need to enter the IP address assigned to this system by the network administrator. It is important not to use an IP address that is currently being used by another host, because packets may be misrouted. Like a hostname, the IP address needs to be unique to the local system.
You will next need to enter the netmask for the system, which will be 255.0.0.0 (class A), 255.255.0.0 (class B), or 255.255.255.0 (class C). If you’re not sure, ask your network administrator.
Next, you need to indicate whether IPv6 needs to be supported by this system. The decision to use or not to use DHCP will depend on whether your network is part of the mbone, the IP-v6-enabled version of the Internet. As proposed in RFC 2471, IPv6 will replace IPv4 in the years to come, as it provides for many more IP addresses than IPv4. Once IPv6 is adopted worldwide, there will be less reliance on stopgap measures like DHCP. However, IPv6 also incorporates a number of innovations above and beyond the addition of more IP addresses for the Internet—enhanced security provided by authenticating header information, for example, will reduce the risk of IP spoofing and denial of service attacks succeeding. Since IPv6 support does not interfere with existing IPv4 support, most administrators will want to support it.
Kerberos is a network authentication protocol that is designed to provide centralized authentication for client/server applications by using secret-key cryptography, which is based around tickets. Once a ticket has expired, the trust relationship between two hosts is broken. In order to use Kerberos, you’ll need to identify the name of the local KDC.
A name service allows your system to find other hosts on the Internet or on the local-area network. Solaris supports several different naming servers, including the Network Information Service (NIS/NIS+), the Domain Name Service (DNS), or file-based name resolution. Solaris supports the concurrent operation of different naming services, so it’s possible to select NIS/NIS+ at this point, and set up DNS manually later. However, since most hosts are now connected to the Internet, it may be more appropriate to install DNS first, and install NIS/NIS+ after installation.
The Domain Name Service maps IP addresses to hostnames. If you select DNS as a naming service, you will be asked to enter a domain name for the local system. This should be the fully qualified domain name (for example, cassowary.net). If you selected DNS, you will either need to search the local subnet for a DNS server or enter the IP address of the primary DNS server that is authoritative for your domain. You may also enter up to two secondary DNS servers that have records of your domain. This can be a useful backup if your primary DNS server goes down. It is also possible that, when searching for hosts with a hostname rather than a fully qualified domain name, you would want to search multiple local domains. For example, the host www.buychapters.com belongs to the buychapters.com domain. However, your users may wish to locate other hosts within the broader cassowary.net domain by using the simple hostname, in which case you can add the cassowary.net domain to a list of domains to be searched for hosts.
NIS/NIS+ is a network information service that is used to manage large domains by creating maps or tables of hosts, services, and resources that are shared between hosts. NIS/NIS+ centrally manages the naming and logical organization of these entities. If you choose NIS or NIS+ as a naming service, you will need to enter the IP address of the local NIS or NIS+, respectively.
LDAP is the Lightweight Directory Access Protocol, which provides a “white pages” service that supersedes existing X.500 systems and runs directly over TCP/IP. The LDAP server is used for managing directory information for entire organizations, using a centralized repository. If you wish to use an LDAP server, you will need to provide both the name of your profile and the IP address of the LDAP server.
To access the local area network and the Internet, you will need to supply the IP address of the default router for the system. A router is a multihomed host that is responsible for passing packets between subnets. More information about routers is provided in Chapter 35.
The next section requires that you enter your time zone, as specified by geographic region, the number of hours beyond or before Greenwich Mean Time (GMT), or by time zone file. Using the geographic region is the easiest method, although if you already know the GMT offset and/or the name of the time zone file, you may enter that instead. Next, you are required to enter the current time and date, with a four-digit year, a month, day, hour, and minute. In addition, you will need to specify support for a specific geographic region in terms of locales, if required.
Do you want your system to switch off automatically after 30 minutes of inactivity? If you can honestly answer yes to this question (for example, because you have a workstation that does not run services), then you should enable power management, because it can save costly power bills. However, if you’re administering a server, you’ll definitely want to turn power management off. A case in point: once your server has shut down in the middle of the night, and your clients cannot access data, you’ll understand why disabling power management is so important.
A proxy server acts as a buffer between hosts on a local network and the rest of the Internet. A proxy server passes connections back and forth between local hosts and any other host on the Internet. It usually acts in conjunction with a firewall to block access to internal systems, thereby protecting sensitive data. One of the most popular firewalls is squid, which also acts as a caching server. To enable access to the Internet through a proxy server, you need to enter the hostname of the proxy server and the port on which the proxy operates.
Solaris 9 provides support for 64-bit kernels for the SPARC platform. By default, only a 32-bit kernel will be installed. For superior performance, a 64-bit kernel is preferred because it can natively compute much larger numbers than the 32-bit kernel. In the 64-bit environment, 32-bit applications run in compatibility mode. The installation program will automatically select the appropriate kernel for your system.
If you are performing an upgrade or installing a new system, you will need to decide whether or not to preserve any preexisting data on your target drives. For example, you may have five SCSI disks attached, only one of which contains slices used for a previous version of Solaris. Obviously, you will want to preserve the data on the four nonboot disks. However, partitions on the boot disk will be overwritten during installation, so it’s important to back up and/or relocate files that need to be preserved. Fortunately, if you choose to perform an upgrade rather than a fresh installation, many system configuration files will be preserved.
The Web Start Wizard will also ask you if you want to autolayout the boot disk slices, or if you want to manually configure them. You should be aware that the settings supplied by the installation program are very conservative, and trying to recover a system that has a full root file system can be time-consuming, especially given the low cost of disk space. It’s usually necessary to increase the size of the / and /var partitions by at least 50 percent over what the installer recommends. If you have two identical disks installed, and you have more space than you need, you can always set up volume management to ensure high availability through root partition mirroring—thus, if your primary boot disk fails, the system can continue to work uninterrupted until the hardware issue is resolved.
Finally, some client systems use NFS to remotely mount disks on central servers. While this can be a useful way of accessing a centralized home directory from a number of remote clients (by using the automounter), database partitions should never be remotely mounted. If you need to access remote partitions via NFS, you can nominate these partitions during the installation program.
An important stage of the installation process involves selecting the root password for the superuser. The root user has the same powers as the root user on Linux, or the administrator account on Windows NT. If an intruder gains root access, he or she is free to roam the system, deleting or stealing data, removing or adding user accounts, or installing Trojan horses that transparently modify the way that your system operates.
One way to protect against an authorized user gaining root access is to use a difficult-to-guess root password. This makes it difficult for a cracker to use a password-cracking program to guess your password to be successful. The optimal password is a completely random string of alphanumeric and punctuation characters.
In addition, the root password should never be written down, unless it is locked in the company safe, nor should it be told to anyone who doesn’t need to know it. If users require levels of access that are typically privileged (such as mounting CD-ROMs), it is better to use the sudo utility to limit the access of each user to specific applications for execution as the superuser, rather than giving out the root password to everyone who asks for it. Role-based access control (RBAC) can also be used for this purpose.
The root password must be entered twice—just in case you should happen to make a typographical error, as the characters that you type are masked on the screen.
After all of the configuration settings have been entered, the following message will be seen on the screen:
Please wait while the system is configured with your settings...
The installation kiosk will then appear on the screen. The kiosk is primarily used to select the type of installation that you wish to perform. To begin the software selection process, you need to eject the Web Start CD-ROM, and insert the Software (1) CD-ROM. Next, you have the option of installing all Solaris software using the default options or customizing your selection before copying the files from the CD-ROM. Obviously, if you have a lot of disk space and a fast system, you may prefer to install the entire distribution, and delete packages after installation that you no longer require. This is definitely the fastest method. Alternatively, you can elect to perform a customized installation.
You are then presented with a screen of all the available software groups. Here, you may select or deselect individual package groups, or package clusters, depending on your requirements. For example, you may decide to install the Netscape Navigator software, but not install the NIS/NIS+ server for Solaris. After choosing the packages that you wish to install, you are then required to enter your locale based on geographic region (the U.S. entry is selected by default). You may also elect to install third-party software during the Solaris installation process—this is particularly useful if you have a standard operating environment that consists of using the Oracle database server in conjunction with the Solaris operating environment, for example. You would need to insert the product CD-ROM at this point so that it could be identified.
After selecting your software, you will need to lay out the disks. This involves defining disk slices that will store the different kinds of data on your system. The fastest configuration option involves selecting the boot disk and allowing the installer to automatically lay out the partitions according to the software selection that you have chosen. For example, you may wish to expand the size of the /var partition to allow for large print jobs to be spooled, or web server logs to be recorded.
Finally, you will be asked to confirm your software selections and proceed with installation. All of the packages will then be installed to your system. A progress bar displayed on the screen indicates which packages have been installed at any particular point, and how many remain to be installed. After you have installed all of the software, you will have to reboot the system. After restarting, your system should boot directly into Solaris unless you have a dual-booting system, in which case you will need to select the Solaris boot partition from the Solaris boot manager.
After installation, the system will reboot and display a status message when starting up, which is printed on the console. A sample console display during booting will look something like this:
ok boot Resetting ... SPARCstation 20 (1 X 390Z50), Keyboard Present ROM Rev. 2.4, 256 MB memory installed, Serial #456543 Ethernet address 5:2:12:c:ee:5a HostID 456543 Boot device: /iommu/sbus/espdma@f,400000/esp@f,800000/sd@1,0 File and args: SunOS Release 5.9 Version generic [UNIX(R) System V Release 4.0] Copyright (c) 1983-2001, Sun Microsystems, Inc. configuring network interfaces: le0. Hostname: server The system is coming up. Please wait. add net default: gateway 22.214.171.124 NIS domainname is paulwatters.net starting rpc services: rpcbind keyserv ypbind done. Setting netmask of le0 to 255.255.255.0 Setting default interface for multicast: add net 126.96.36.199: gateway client syslog service starting. Print services started. volume management starting. The system is ready. client console login:
By default, the CDE login screen is displayed.
Although we’ve looked in detail at CD-ROM and DVD-ROM installation from a local drive, it’s actually possible to set up a single install server from which installation clients read all of their data. This approach is quite useful where a number of different clients will be using the same disk to install from, and/or if installation is concurrent. Thus, it’s possible for a number of users to install Solaris from a single server, which can be very useful when a new release of Solaris is made. For example, the Solaris 9 beta was distributed in a form suitable for network installation, allowing multiple developers to get their systems running as quickly as possible. For existing install servers, this reduces administration overhead, because different versions of Solaris (Solaris 8 and 9, for example) can be distributed from the same server.
The install server reads copies of the installation CD-ROMs and DVD-ROMs and creates a distributable image, which can then be downloaded by remote clients. In addition, it’s possible to create images for both SPARC and Intel versions that can be distributed from a single system; thus, a high-end SPARC install server could distribute images to many Intel clients. The install server uses DHCP to allocate IP addresses dynamically to all install clients. Alternatively, a name server can be installed and used for allocating permanent IP addresses to install clients.
To create SPARC disk images on the install server, the setup_install_server command is used. For a SPARC DVD-ROM or CD-ROM, this command is located in /cdrom/cdrom0/s0/Solaris_9/Tools. For an Intel DVD-ROM or CD-ROM, this command is located in /cdrom/cdrom0/Solaris_9/Tools. The only parameter that needs to be supplied to the command is the path where the disk images should be installed. You should ensure that the path can be exported to clients, and that the partition selected has sufficient disk space to store the images.
When creating Intel disk images, the same command is used, but the path is different: for a SPARC DVD-ROM or CD-ROM, the command is located in /cdrom/cdrom0/ Solaris_9/Tools, while for an Intel DVD-ROM or CD-ROM, the command is located in /cdrom/cdrom0/s2/Solaris_9/Tools.
To set up individual clients, the add_install_client command must be executed on the install server—once for each client. You need to specify the name of the client to be installed, as well as its architecture. For a sun4m system named pink, you would use the following command:
# /export/install/boot/Solaris_9/Tools/add_install_client pink sun4m
On the client side, instead of using boot cdrom at the ok prompt, you will need to enter the following command:
ok boot net