Many things are new in Solaris 11, Autoinstall is one of them. If, like me, you've known Jumpstart for
the last 2 centuries or so, you'll have to start from scratch. Well, almost, as
the concepts are similar, and it's not all that difficult. Just new.
I wanted to have an AI server that I could use for demo purposes, on
the train if need be. That answers
the question of hardware requirements: portable. But let's start at
the beginning.
First, you need an OS image, of course. In
the new world of Solaris 11, it is now called a repository.
The original can be downloaded from
the Solaris 11 page at Oracle. What you want is
the "Oracle Solaris 11 11/11 Repository Image", which comes in two parts that can be combined using cat. MD5 checksums for these (and all other downloads from that page) are available closer to
the top of
the page.
With that, building
the repository is quick and simple:
# zfs create -o mountpoint=/export/repo rpool/ai/repo
# zfs create rpool/ai/repo/s11
# mount -o ro -F hsfs /tmp/sol-11-1111-repo-full.iso /mnt
# rsync -aP /mnt/repo /export/repo/s11
# umount /mnt
# pkgrepo rebuild -s /export/repo/sol11/repo
# zfs snapshot rpool/ai/repo/sol11@fcs
# pkgrepo info -s /export/repo/sol11/repo
PUBLISHER PACKAGES STATUS UPDATED
solaris 4292 online 2012-03-12T20:47:15.378639Z
That's all there's to it. Let's make a snapshot, just to be on
the safe side. You never know when one will come in handy. To use this repository, you could just add it as a file-based publisher:
# pkg set-publisher -g file:///export/repo/sol11/repo solaris
In case I'd want to access this repository through a (virtual) network, i'll now quickly activate
the repository-service:
# svccfg -s application/pkg/server \
setprop pkg/inst_root=/export/repo/sol11/repo
# svccfg -s application/pkg/server setprop pkg/readonly=true
# svcadm refresh application/pkg/server
# svcadm enable application/pkg/server
That's all you need - now point your browser to http://localhost/ to view your beautiful repository-server. Step 1 is done. All of this, by
the way, is nicely documented in
the README file that's contained in
the repository image.
Of course, we already have updates to
the original release. You can find them in MOS in
the Oracle Solaris 11 Support Repository Updates (SRU) Index. You can simply add these to your existing repository or create separate repositories for each SRU.
The individual SRUs are self-sufficient and incremental - SRU4 includes all updates from SRU2 and SRU3. With ZFS, you can also get both: A full repository with all updates and at
the same time incremental ones up to each of
the updates:
# mount -o ro -F hsfs /tmp/sol-11-1111-sru4-05-incr-repo.iso /mnt
# pkgrecv -s /mnt/repo -d /export/repo/sol11/repo '*'
# umount /mnt
# pkgrepo rebuild -s /export/repo/sol11/repo
# zfs snapshot rpool/ai/repo/sol11@sru4
# zfs set snapdir=visible rpool/ai/repo/sol11
# svcadm restart svc:/application/pkg/server:default
The normal repository is now updated to SRU4. Thanks to
the ZFS snapshots, there is also a valid repository of Solaris 11 11/11 without
the update located at /export/repo/sol11/.zfs/snapshot/fcs . If you like, you can also create another repository service for each update, running on a separate port.
But now lets continue with
the AI server. Just a little bit of reading in
the dokumentation makes it clear that we will need to run a DHCP server for this. Since I already have one active (for my SunRay installation) and since it's a good idea to have these kinds of services separate anyway, I decided to create this in a Zone. So, let's create one first:
# zfs create -o mountpoint=/export/install rpool/ai/install
# zfs create -o mountpoint=/zones rpool/zones
# zonecfg -z ai-server
zonecfg:ai-server> create
create: Using system default template 'SYSdefault'
zonecfg:ai-server> set zonepath=/zones/ai-server
zonecfg:ai-server> add dataset
zonecfg:ai-server:dataset> set name=rpool/ai/install
zonecfg:ai-server:dataset> set alias=install
zonecfg:ai-server:dataset> end
zonecfg:ai-server> commit
zonecfg:ai-server> exit
# zoneadm -z ai-server install
# zoneadm -z ai-server boot ; zlogin -C ai-server
Give it a hostname and IP address at first boot, and there's
the Zone. For a publisher for Solaris packages, it will be bound to
the "System Publisher" from
the Global Zone.
The /export/install filesystem, of course, is intended to be used by
the AI server. Let's configure it now:
#zlogin ai-server
root@ai-server:~# pkg install install/installadm
root@ai-server:~# installadm create-service -n x86-fcs -a i386 \
-s pkg://solaris/install-image/
[email protected],5.11-0.175.0.0.0.2.1482 \
-d /export/install/fcs -i 192.168.2.20 -c 3
With that,
the core AI server is already done. What happened here? First, I installed
the AI server software. IPS makes that nice and easy. If necessary, it'll also pull in
the required DHCP-Server and anything else that might be missing. Watch out for that DHCP server software. In Solaris 11, there are two different versions. There's
the one you might know from Solaris 10 and earlier, and then there's a new one from ISC.
The latter is
the one we need for AI.
The SMF service names of both are very similar.
The "old" one is "svc:/network/dhcp-server:default".
The ISC-server comes with several SMF-services. We at least need "svc:/network/dhcp/server:ipv4".
The command "installadm create-service" creates
the installation-service. It's called "x86-fcs", serves
the "i386" architecture and gets its boot image from
the repository of
the system publisher, using version 5.11,5.11-0.175.0.0.0.2.1482, which is Solaris 11 11/11. (The option "-a i386" in this example is optional, since
the installserver itself runs on a x86 machine.)
The boot-environment for clients is created in /export/install/fcs and
the DHCP-server is configured for 3 IP-addresses starting at 192.168.2.20. This configuration is stored in a very human readable form in /etc/inet/dhcpd4.conf. An AI-service for SPARC systems could be created in
the very same way, using "-a sparc" as
the architecture option.
Now we would be ready to register and install
the first client. It would be installed with
the default "solaris-large-server" using
the publisher "http://pkg.oracle.com/solaris/release" and would query it's configuration interactively at first boot. This makes it very clear that an AI-server is really only a boot-server.
The true source of packets to install can be different. Since I don't like these defaults for my demo setup, I did some extra config work for my clients.
The configuration of a client is controlled by manifests and profiles.
The manifest controls which packets are installed and how
the filesystems are layed out. In that, it's very much like
the old "rules.ok" file in Jumpstart. Profiles contain additional configuration like root passwords, primary user account, IP addresses, keyboard layout etc. Hence, profiles are very similar to
the old sysid.cfg file.
The easiest way to get your hands on a manifest is to ask
the AI server we just created to give us it's default one. Then modify that to our liking and give it back to
the installserver to use:
root@ai-server:~# mkdir -p /export/install/configs/manifests
root@ai-server:~# cd /export/install/configs/manifests
root@ai-server:~# installadm export -n x86-fcs -m orig_default \
-o orig_default.xml
root@ai-server:~# cp orig_default.xml s11-fcs.small.local.xml
root@ai-server:~# vi s11-fcs.small.local.xml
root@ai-server:~# more s11-fcs.small.local.xml
<!DOCTYPE auto_install SYSTEM "file:///usr/share/install/ai.dtd.1">
<auto_install>
<ai_instance name="S11 Small fcs local">
<target>
<logical>
<zpool name="rpool" is_root="true">
<filesystem name="export" mountpoint="/export"/>
<filesystem name="export/home"/>
<be name="solaris"/>
</zpool>
</logical>
</target>
<software type="IPS">
<destination>
<image>
<!-- Specify locales to install -->
<facet set="false">facet.locale.*</facet>
<facet set="true">facet.locale.de</facet>
<facet set="true">facet.locale.de_DE</facet>
<facet set="true">facet.locale.en</facet>
<facet set="true">facet.locale.en_US</facet>
</image>
</destination>
<source>
<publisher name="solaris">
<origin name="http://192.168.2.12/"/>
</publisher>
</source>
<!--
By default
the latest build available, in
the specified IPS
repository, is installed. If another build is required,
the
build number has to be appended to
the 'entire' package in
the
following form:
<name>pkg:/
[email protected]#</name>
-->
<software_data action="install">
<name>pkg:/
[email protected],5.11-0.175.0.0.0.2.0</name>
<name>pkg:/group/system/solaris-small-server</name>
</software_data>
</software>
</ai_instance>
</auto_install>
root@ai-server:~# installadm create-manifest -n x86-fcs -d \
-f ./s11-fcs.small.local.xml
root@ai-server:~# installadm list -m -n x86-fcs
Manifest Status Criteria
-------- ------ --------
S11 Small fcs local Default None
orig_default Inactive None
The major points in this new manifest are:
Install "solaris-small-server"
Install a few locales less than
the default. I'm not that fluid in French or Japanese...
Use my own package service as publisher, running on IP address 192.168.2.12
Install
the initial release of Solaris 11: pkg:/
[email protected],5.11-0.175.0.0.0.2.0
Using a similar approach, I'll create a default profile interactively and use it as a template for a few customized building blocks, each defining a part of
the overall system configuration.
The modular approach makes it easy to configure numerous clients later on:
root@ai-server:~# mkdir -p /export/install/configs/profiles
root@ai-server:~# cd /export/install/configs/profiles
root@ai-server:~# sysconfig create-profile -o default.xml
root@ai-server:~# cp default.xml general.xml; cp default.xml mars.xml
root@ai-server:~# cp default.xml user.xml
root@ai-server:~# vi general.xml mars.xml user.xml
root@ai-server:~# more general.xml mars.xml user.xml
::::::::::::::
general.xml
::::::::::::::
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<service version="1" type="service" name="system/timezone">
<instance enabled="true" name="default">
<property_group type="application" name="timezone">
<propval type="astring" name="localtime" value="Europe/Berlin"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/environment">
<instance enabled="true" name="init">
<property_group type="application" name="environment">
<propval type="astring" name="LANG" value="C"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/keymap">
<instance enabled="true" name="default">
<property_group type="system" name="keymap">
<propval type="astring" name="layout" value="US-English"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/console-login">
<instance enabled="true" name="default">
<property_group type="application" name="ttymon">
<propval type="astring" name="terminal_type" value="vt100"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="network/physical">
<instance enabled="true" name="default">
<property_group type="application" name="netcfg">
<propval type="astring" name="active_ncp" value="DefaultFixed"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/name-service/switch">
<property_group type="application" name="config">
<propval type="astring" name="default" value="files"/>
<propval type="astring" name="host" value="files dns"/>
<propval type="astring" name="printer" value="user files"/>
</property_group>
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="system/name-service/cache">
<instance enabled="true" name="default"/>
</service>
<service version="1" type="service" name="network/dns/client">
<property_group type="application" name="config">
<property type="net_address" name="nameserver">
<net_address_list>
<value_node value="192.168.2.1"/>
</net_address_list>
</property>
</property_group>
<instance enabled="true" name="default"/>
</service>
</service_bundle>
::::::::::::::
mars.xml
::::::::::::::
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<service version="1" type="service" name="network/install">
<instance enabled="true" name="default">
<property_group type="application" name="install_ipv4_interface">
<propval type="astring" name="address_type" value="static"/>
<propval type="net_address_v4" name="static_address"
value="192.168.2.100/24"/>
<propval type="astring" name="name" value="net0/v4"/>
<propval type="net_address_v4" name="default_route"
value="192.168.2.1"/>
</property_group>
<property_group type="application" name="install_ipv6_interface">
<propval type="astring" name="stateful" value="yes"/>
<propval type="astring" name="stateless" value="yes"/>
<propval type="astring" name="address_type" value="addrconf"/>
<propval type="astring" name="name" value="net0/v6"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/identity">
<instance enabled="true" name="node">
<property_group type="application" name="config">
<propval type="astring" name="nodename" value="mars"/>
</property_group>
</instance>
</service>
</service_bundle>
::::::::::::::
user.xml
::::::::::::::
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<service_bundle type="profile" name="sysconfig">
<service version="1" type="service" name="system/config-user">
<instance enabled="true" name="default">
<property_group type="application" name="root_account">
<propval type="astring" name="login" value="root"/>
<propval type="astring" name="password"
value="noIWillNotTellYouMyPasswordNotEvenEncrypted"/>
<propval type="astring" name="type" value="role"/>
</property_group>
<property_group type="application" name="user_account">
<propval type="astring" name="login" value="stefan"/>
<propval type="astring" name="password"
value="noIWillNotTellYouMyPasswordNotEvenEncrypted"/>
<propval type="astring" name="type" value="normal"/>
<propval type="astring" name="description" value="Stefan Hinker"/>
<propval type="count" name="uid" value="12345"/>
<propval type="count" name="gid" value="10"/>
<propval type="astring" name="shell" value="/usr/bin/bash"/>
<propval type="astring" name="roles" value="root"/>
<propval type="astring" name="profiles" value="System Administrator"/>
<propval type="astring" name="sudoers" value="ALL=(ALL) ALL"/>
</property_group>
</instance>
</service>
</service_bundle>
root@ai-server:~# installadm create-profile -n x86-fcs -f general.xml
root@ai-server:~# installadm create-profile -n x86-fcs -f user.xml
root@ai-server:~# installadm create-profile -n x86-fcs -f mars.xml \
-c ipv4=192.168.2.100
root@ai-server:~# installadm list -p
Service Name Profile
------------ -------
x86-fcs general.xml
mars.xml
user.xml
root@ai-server:~# installadm list -n x86-fcs -p
Profile Criteria
------- --------
general.xml None
mars.xml ipv4 = 192.168.2.100
user.xml None
Here's
the idea behind these files:
"general.xml" contains settings valid for all my clients. Stuff like DNS servers, for example, which in my case will always be
the same.
"user.xml" only contains user definitions. That is, a root password and a primary user.Both of these profiles will be valid for all clients (for now).
"mars.xml" defines network settings for an individual client. This profile is associated with an IP-Address. For this to work, I'll have to tweak
the DHCP-settings in
the next step:
root@ai-server:~# installadm create-client -e 08:00:27:AA:3D:B1 -n x86-fcs
root@ai-server:~# vi /etc/inet/dhcpd4.conf
root@ai-server:~# tail -5 /etc/inet/dhcpd4.conf
host 080027AA3DB1 {
hardware ethernet 08:00:27:AA:3D:B1;
fixed-address 192.168.2.100;
filename "01080027AA3DB1";
}
This completes
the client preparations. I manually added
the IP-Address for mars to /etc/inet/dhcpd4.conf. This is needed for
the "mars.xml" profile. Disabling arbitrary DHCP-replies will shut up this DHCP server, making my life in a shared environment a lot more peaceful ;-)Now, I of course want this installation to be completely hands-off. For this to work, I'll need to modify
the grub boot menu for this client slightly. You can find it in /etc/netboot. "installadm create-client" will create a new boot menu for every client, identified by
the client's MAC address.
The template for this can be found in a subdirectory with
the name of
the install service, /etc/netboot/x86-fcs in our case. If you don't want to change this manually for every client, modify that template to your liking instead.
root@ai-server:~# cd /etc/netboot
root@ai-server:~# cp menu.lst.01080027AA3DB1 menu.lst.01080027AA3DB1.org
root@ai-server:~# vi menu.lst.01080027AA3DB1
root@ai-server:~# diff menu.lst.01080027AA3DB1 menu.lst.01080027AA3DB1.org
1,2c1,2
< default=1
< timeout=10
---
> default=0
> timeout=30
root@ai-server:~# more menu.lst.01080027AA3DB1
default=1
timeout=10
min_mem64=0
title Oracle Solaris 11 11/11 Text Installer and command line
kernel$ /x86-fcs/platform/i86pc/kernel/$ISADIR/unix -B install_media=htt
p://$serverIP:5555//export/install/fcs,install_service=x86-fcs,install_svc_addre
ss=$serverIP:5555
module$ /x86-fcs/platform/i86pc/$ISADIR/boot_archive
title Oracle Solaris 11 11/11 Automated Install
kernel$ /x86-fcs/platform/i86pc/kernel/$ISADIR/unix -B install=true,inst
all_media=http://$serverIP:5555//export/install/fcs,install_service=x86-fcs,inst
all_svc_address=$serverIP:5555,livemode=text
module$ /x86-fcs/platform/i86pc/$ISADIR/boot_archive
Now just boot
the client off
the network using PXE-boot. For my demo purposes, that's a client from VirtualBox, of course. That's all there's to it. And despite
the fact that this blog entry is a little longer - that wasn't that hard now, was it?
