Tuesday, December 31, 2013

ubuntu 8.04 upgrade samba process



samba 3.0.28a and windows 7 are having a bad day.
i've done all the usual registry tricks and uninstalled KB2536276.  it is time.

of course, i'm running ubuntu 8.04; so no amount of apt-get updating is going to 
bring samba to higher level.
let's sort of roll our own, shall we?  3.4.4 is a nice, stable rev.

pre-prep system.

# apt-get update ; apt-get upgrade ; apt-get apt-get dist-upgrade

what?!  it is time.  this system does nothing but samba anyway... and yes, i have backups.

# apt-get install libldap2-dev libkrb5-dev uuid-dev libpam0g-dev zlib1g-dev build-essential 
# apt-get build-dep samba

# cd ~/
# apt-get source samba
# cat ~/samba-3.0.28a/debian/rules | less

take note of all the switches, we're going to use them later.

time to download the source.

# mkdir -p /usr/local/src/samba
# cd /usr/local/src/samba
# wget http://samba.org/samba/ftp/stable/samba-3.4.4.tar.gz
# tar zxvf samba-3.4.4.tar.gz
# cd samba-3.4.4/source3

if you're working with windows server 2012, just download the samba-3.6.8.tar.gz 
and follow the same instructions...

now, run configure using the os-specific switches:

./configure -–cache-file=./config.cache \
-–prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--with-privatedir=/etc/samba \
--with-piddir=/var/run/samba \
--with-fhs \
--enable-shared \
--enable-static \
--disable-pie \
--with-rootsbindir=/sbin \
--with-pammodulesdir=/lib/security \
--with-pam \
--with-syslog \
--with-utmp \
--with-readline \
--with-pam_smbpass \
--with-libsmbclient \
--with-winbind \
--with-shared-modules=idmap_rid,idmap_ad \
--with-automount \
--with-ldap \
--with-ads \
--with-dnsupdate \
--with-cifsmount \ <-- is not recognized in samba 3.6.8 (rev compat with win 2012)
--with-acl-support \
--with-quotas

take note:
sometimes in the process of doing configure your system will bark.  in my case, uuid.h .
note apt-get command above only includes my missing packages; your mileage may vary.

# apt-cache search uuid | grep -- -dev
libblkid-dev - block device id library - headers and static libraries
libossp-uuid-dev - OSSP uuid ISO-C and C++ - headers and static libraries
uuid-dev - universally unique id library - headers and static libraries

neat.  it works.

# make

Using CFLAGS = -O -I. -I/root/samba-3.4.3/source3 -I/root/samba-3.4.3/source3/../lib/popt -I/root/samba-3.4.3/source3/iniparser/src -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/talloc -I./../lib/tevent -I./../lib/tdb/include -I./libaddns -I./librpc -I./.. -DHAVE_CONFIG_H -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -Iinclude -I./include -I. -I. -I./../lib/replace -I./../lib/talloc -I./../lib/tevent -I./../lib/tdb/include -I./libaddns -I./librpc -I./.. -I./../lib/popt -DLDAP_DEPRECATED -I/root/samba-3.4.3/source3/lib -I.. -I../source4 -D_SAMBA_BUILD_=3 -D_SAMBA_BUILD_=3

... snip ...

that went okay.

# make install

neat.  i just installed over my old binaries.

take note:
The binaries are installed. You may restore the old binaries (if there
were any) using the command "make revert". You may uninstall the binaries
using the command "make uninstallbin" or "make uninstall" to uninstall
binaries, man pages and shell scripts.

register samba libs.

# echo "/etc/samba" > /etc/ld.so.conf.d/samba.conf
# ldconfig

make sure we've got all the handles for our windows clients set.  to make those permanent, reboot.
otherwise, command-line it.

in "/etc/security/limits.conf" add line: 
* - nofile 16384 

# ulimit -n 16384

then start the daemon.

# /etc/init.d/samba start
* Starting Samba daemons [ OK ]

neat.  it works.

take note:
you may need to re-add the system to your domain; as alluded to in spiffy messages such as the below:

[2013/12/31 10:51:08.876223,  0] auth/auth_domain.c:212(connect_to_domain_password_server)
  connect_to_domain_password_server: could not fetch trust account password for domain 'DOMAIN'
[2013/12/31 10:51:08.876964,  0] auth/auth_domain.c:292(domain_client_validate)
  domain_client_validate: Domain password server not available.

whoops.

Wednesday, December 18, 2013

ssh is offline on my sol11 box. great.

from here http://pg8873.blogspot.com/2011/02/solaris-ssh-is-offline.html
Solaris ssh is offline

I'm sure you must have seen a situation like this, where for some reason ssh died and you cannot login to the server remotely. If you have console access to box, you see the ssh is offline. 

root@app1 # svcs -a | grep ssh
offline 1:40:22 svc:/network/ssh:default

svcs -d will tell us what other services depends on ssh 

root@app1 # svcs -d ssh
STATE STIME FMRI
online 1:40:19 svc:/network/loopback:default
online 1:40:24 svc:/network/physical:default
disable 1:41:04 svc:/system/cryptosvc:default
online 1:41:16 svc:/system/filesystem/local:default
online 1:42:44 svc:/system/filesystem/autofs:default
online 1:42:43 svc:/system/utmp:default

Offline means that the service is enabled, but something it depends on is missing, disable or in maintenance mode

Here in our case crypto is disable. You might have a service with lots of dependencies that are disabled, or you might have dependencies disabled many levels deep.

Do you want to walk through all those services, find out why they're not on, and enable every dependency by hand? Of course you don't. So svcadm has a "recursive enable" option that goes through and enables everything that your service depends on.

# svcadm enable -r network/ssh


#svcs network/ssh
STATE STIME FMRI
online 1:02:23 svc:/network/ssh:default


#svcs -d network/ssh:default
STATE STIME FMRI
online 1:40:19 svc:/network/loopback:default
online 1:40:24 svc:/network/physical:default
disabled 1:41:04 svc:/system/cryptosvc:default
online 1:41:16 svc:/system/filesystem/local:default
online 1:42:44 svc:/system/filesystem/autofs:default
online 1:42:43 svc:/system/utmp:default

As you can see, we recursively enabled not only ssh, but everything it depended on, allowing it to come online.

One last option of note for enable/disable is the "temporary" option. Say that you want to enable/disable a service just for this session, but have it revert to its previous state on reboot, in case there are problems. If ssh is disabled and you issue:

#svcadm enable -t network/ssh
The enable will only be temporary. If you reboot the machine, the service will once again be disabled.

refresh
Refresh serves two purposes. One is if you've changed any of the properties of your service, say that you've added a dependency or changed the timeout for starting, you refresh the service, and the properties become active. The other purpose is that there's an optional method, in addition to "start" and "stop", called "refresh" that you can define. If your daemon can be sent a HUP signal to re-read its configuration file, you put this in the refresh method, and when you refresh the service, this method is called.

restart
Restart is pretty self evident. Restarting a service means that you stop it and start it again. Where in the past you might have issued a

/etc/init.d/sendmail stop followed by /etc/init.d/sendmail start, now you would use:

#svcadm restart network/smtp:sendmail
... which will restart sendmail.

mark (degraded | maintenance)
Mark is used to force a service into a certain state. (The states are here if you've forgotten them) An administrator might want to force a service into the maintenance state to let other administrators know that there's something wrong with it that needs to be addressed before it's started again. You can force a service into either maintenance (which will shut the service down) or degraded (which will leave it running, but let others know that it's running in a degraded state).

Keeping with our earlier example of ssh:

#svcadm mark maintenance network/ssh

#svcs network/ssh
STATE STIME FMRI
maintenance 1:12:47 svc:/network/ssh:default

clear
Clear is used to "reset" the state of a service, and have it be re-evaluated. For example, say that syslog is in maintenance:

#svcs system/system-log
STATE STIME FMRI
maintenance 1:15:33 svc:/system/system-log:default
You debug the problem, and realize that syslog failed to start because someone had accidentally deleted syslog.conf, which syslog needs to start. It attempted to start, saw that the conf file was missing, and fell into maintenance. You repair the file, and issue a clear:

# svcadm clear system/system-log

# svcs system/system-log
STATE STIME FMRI
online 1:25:07 svc:/system/system-log:default

Friday, November 8, 2013

exchange mailbox access change

i would like access to a mailbox, please?


Add-MailboxPermission -Identity targetuser@some.where -User DOMAIN\me -AccessRights FullAccess -InheritanceType All

vmware disk rename

sometimes you need to do this.

yeah

Renaming using the virtual disk using the ESX/ESXi host console interface

To rename the disk and its files using the vmkfstools command in ESX/ESXi host's console interface:

Verify the virtual machine referring to the virtual machine disk is powered off and does not have outstanding snapshots.

Remove the virtual disk from the virtual machine's configuration:

Locate the virtual machine in the inventory using the vSphere Client.
Right-click the virtual machine select Edit Settings.
Select the virtual disk in question and take note of virtual device node (eg, SCSI 0:1) and the name of the datastore and directory in the Disk File field at the top-right.
Click the Remove button to disconnect the virtual disk from the virtual machine.

Open a console to the ESX or ESXi host. For more information, see Unable to connect to an ESX host using Secure Shell (SSH) (1003807) or Using Tech Support Mode in ESXi 4.1 (1017910).

Navigate to the virtual machine's directory using a command similar to:

cd "/vmfs/volumes/Datastore Name/Directory Name/"

Obtain a listing of the files within a directory using the command:

ls -l

For example:

total 320
-rw------- 1 root root        8684 Aug 30 10:53 examplevm.nvram
-rw------- 1 root root 21474836480 Aug 30 10:26 examplevm-flat.vmdk
-rw------- 1 root root         482 Aug 30 11:26 examplevm.vmdk
-rw------- 1 root root           0 Aug 30 10:33 examplevm.vmsd
-rwxr-xr-x 1 root root        2724 Aug 30 12:20 examplevm.vmx
-rw------- 1 root root         264 Aug 30 12:20 examplevm.vmxf
-rw-r--r-- 1 root root       39168 Aug 30 10:53 vmware.log

Rename a virtual disk using a command similar to:

vmkfstools -E OldName.vmdk NewName.vmdk

For example:

vmkfstools -E examplevm.vmdk examplevm-renamed.vmdk

Note: Specify the descriptor file; the associated extent file is renamed 
in the process.

Validate the files were renamed by listing the files within the directory 
using the command:

ls -l

For example:

total 320
-rw------- 1 root root        8684 Aug 30 10:53 examplevm.nvram
-rw------- 1 root root 21474836480 Aug 30 10:26 examplevm-renamed-flat.vmdk
-rw------- 1 root root         482 Aug 30 11:26 examplevm-renamed.vmdk
-rw------- 1 root root           0 Aug 30 10:33 examplevm.vmsd
-rwxr-xr-x 1 root root        2724 Aug 30 12:20 examplevm.vmx
-rw------- 1 root root         264 Aug 30 12:20 examplevm.vmxf
-rw-r--r-- 1 root root       39168 Aug 30 10:53 vmware.log

Re-add the virtual machine disk to the virtual machine's configuration.

Using the vSphere Client, select the virtual machine and click Edit Settings.
Click the Add... button above the virtual hardware list.
Select Hard Disk and Use an existing virtual disk.
Select the datastore and disk that was renamed.
Confirm that the same SCSI controller type and Device Node noted in step 2c.
Click the OK button to complete the configuration change.

Wednesday, November 6, 2013

hashed known_hosts

le sigh. by default on my linux boxes, known_hosts are hashed. cool if there's a worm worming around using your ssh known_hosts or there's a cracker that wants access to your pubkeyed stuff. but what do you do when someone leaves? sure you rotate passwords, sure you guard your gateways. but what about all of those pubkeyed systems? 

this is useful:
http://blog.rootshell.be/2010/11/03/bruteforcing-ssh-known_hosts-files/
http://blog.rootshell.be/wp-content/uploads/2010/11/known_hosts_bruteforcer.pl.txt

make sure your path to perl is correct and you've installed those modules (cpan install is your friend)


#!/usr/bin/perl
#
# SSH known_hosts file bruteforcer
#
# v1.0 - Xavier Mertens 
#
# This Perl script read a SSH known_host file containing hashed hosts and try to find hostnames
# or IP addresses
#
# 20101103 : Created
#
# Todo
# ----
# - Support for IPv6 addresses
# - Increase performances
#

use Getopt::Std;
use Digest::HMAC_SHA1;
use MIME::Base64;
use Net::IP;

$MAXLEN = 8;				# Maximum hostnames length to check
$MAXIP  = 4294967296; # 2^32		# The whole IPv4 space

@saltStr   = ();
@base64Str = ();
$idx       = 0;

# Process the arguments
getopts("d:f:l:s:ivh", \%options);

# Some help is sometimes useful
if ($options{h}) {
	print <   Specify a domain name to append to hostnames (default: none)
  -f      Specify the known_hosts file to bruteforce (default: $HOME/.ssh/known_hosts)
  -i            Bruteforce IP addresses (default: hostnames)
  -l   Specify the hostname maximum length (default: 8)
  -s    Specify an initial IP address or password (default: none)
  -v            Verbose output
  -h            Print this help, then exit
EOF
	exit;
}

# SSH Keyfile to process (default: $HOME/.ssh/known_hosts)
$knownhostFile = ($options{f} ne "") ? $options{f} : $ENV{HOME} . "/.ssh/known_hosts";
if (! -r $knownhostFile) {
	print STDERR "Cannot read file $knownhostFile ...\n";
	exit 1;
}

# Max password length (default: 8)
$passwordLen = ($options{l} ne "") ? $options{l} : $MAXLEN;
if ($passwordLen < 1 || $passwordLen > 30) {
	print STDERR "Invalid maximum password length: $passwordLen ...\n";
	exit 1;
}

# Domain name to append
$domainName = $options{d};

# Verbose mode
$verbose = ($options{v}) ? 1 : 0;

# IP address mode
$ipMode = ($options{i}) ? 1 : 0;

# Starting IP or password?
# To increase the speed of run the script across multiple computers,
# an initial hostname or IP address can be given
$initialStr = $options{s};

# First read the known_hosts file and populate the lists
# Only hashed hosts are processed
($verbose) && print STDERR "Reading hashes from $knownhostFile ...\n";
open(HOSTFILE, "$knownhostFile") || die "Cannot open $knownhostFile";
while() {
	($hostHash, $keyType, $publicKey) = split(/ /);
	if ($hostHash =~ m/\|1\|/) {
		($dummy, $one, $saltStr[$idx], $base64Str[$idx]) = split(/\|/, $hostHash);
		$idx++;
	}
}
close(HOSTFILE);

# ---------
# Main Loop
# ---------

$loops=0;
while(1) {
	if ($ipMode) {
		# Generate an IP address using the main loop counter
		# Don't go beyond the IPv4 scope (2^32 addresses)
		if ($loops > $MAXIP) {
			print "Done.\n";
			exit 0;
		}

		# If we have an initial IP, check the syntax and use it
		if ($initialStr ne "") {
			my $ip = new Net::IP($initialStr);
			$initialIP = $ip->intip();
		}
		else {
			$initialIP = 0;
		}
		$tmpHost = sprintf("%vd", pack("N", $loops + $initialIP));
	}
	else {
		# Generate a temporary hostname (starting with an initial value if provided)
		$tmpHost = generateHostname($initialStr);
		if (length($tmpHost) > $passwordLen) {
			print "Done.\n";
			exit 0;
		}

		# Append the domain name if provided
		if ($domainName) {
			$tmpHost = $tmpHost . "." . $domainName;
		}
	}

	# In verbose mode, display a line every 1000 attempts
	($verbose) && (($loops % 1000) == 0) && print STDERR "Testing: $tmpHost ($loops probes) ...\n";
	
	if ($line = searchHash($tmpHost)) {
		printf("*** Found host: %s (line %d) ***\n", $tmpHost, $line + 1);
	}

	$loops++;
}

#
# Generate SHA1 hashes of a hostname/IP and compare it to the available hashes
# Returns the line index of the initial known_hosts file
#
sub searchHash() {
	$host = shift;
	($host) || return 0;

	# Process the list containing our hashes
	# For each one, generate a new hash and compare it
	for ($i = 0; $i < scalar(@saltStr); $i++) {
		$decoded = decode_base64($saltStr[$i]);
		$hmac = Digest::HMAC_SHA1->new($decoded);
		$hmac->add($host);
		$digest = $hmac->b64digest;
		$digest .= "="; # Quick fix ;-)
		if ($digest eq $base64Str[$i]) {
			return $i;
		}
	}
	return 0;
}

#
# Generate a hostname based on a given set of allowed caracters
# This sub-routine is based on:
# bruteforce 0.01 alpha
# Written by Tony Bhimani
# (C) Copyright 2004
# http://www.xenocafe.com
#

sub generateHostname {
	$initialPwd = shift;

	$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789-";
	@tmpPwd = ();
	$firstChar = substr($alphabet, 0, 1);
	$lastChar = substr($alphabet, length($alphabet)-1, 1);

	# If an initial password is provided, start with this one
	if ($initialPwd ne "" && $currentPwd eq "") {
		$currentPwd = $initialPwd;
		return $currentPwd;
	}

	# No password so start with the first character in our alphabet
	if ($currentPwd eq "") {
		$currentPwd= $firstChar;
		return $currentPwd;
	}

	# If the current password is all of the last character in the alphabet
	# then reset it with the first character of the alphabet plus 1 length greater
	if ($currentPwd eq fillString(length($currentPwd), $lastChar)) {
 		$currentPwd = fillString(length($currentPwd) + 1, $firstChar);
		return $currentPwd;
	}
  
	# Convert the password to an array
	@tmpPwd = split(//, $currentPwd);
  
	# Get the length of the password - 1 (zero based index)
	$x = @tmpPwd - 1;

	# This portion adjusts the characters
	# We go through the array starting with the end of the array and work our way backwords
	# if the character is the last one in the alphabet, we change it to the first character
	# then move to the next array character
	# if we aren't looking at the last alphabet character then we change the array character
	# to the next higher value and exit the loop
	while (1) {
		$iTemp = getPos($alphabet, $tmpPwd[$x]);
  
		if ($iTemp == getPos($alphabet, $lastChar)) {
			@tmpPwd[$x] = $firstChar;
			$x--;
		} else {
			@tmpPwd[$x] = substr($alphabet, $iTemp + 1, 1);
			last;
		}
	}
  
	# Convert the array back into a string and return the new password to try
	$currentPwd = join("", @tmpPwd);
    
	return $currentPwd;
}

#
# Fill a string with the same caracter
#

sub fillString {
	my ($len, $char) = (shift, shift);
	$str = "";
	for ($i=0; $i<$len; $i++) {
		$str .= $char;
	}
	return $str;
}

#
# Return the position of a caracter in a string
#

sub getPos {
	my ($alphabet, $char) = (shift, shift);
	for ($i=0; $i
# Eof 

Tuesday, October 15, 2013

likewise registry changes

There are two ways to edit home directory and shell in Likewise:

1.  lwconfig
2.  lwregshell

and no, hacking the xml files do not work.

lwconfig

command line joy.  fun.  sadly, sometimes it has null and cache issues.

/opt/likewise/bin/lwconfig --detail AssumeDefaultDomain
/opt/likewise/bin/lwconfig AssumeDefaultDomain true
/opt/likewise/bin/lwconfig --show AssumeDefaultDomain 
/opt/likewise/bin/lwconfig LoginShellTemplate /bin/bash
/opt/likewise/bin/lwconfig HomeDirPrefix /home
/opt/likewise/bin/lwconfig HomeDirTemplate %H/%U
/opt/likewise/bin/lwconfig CreateHomeDir false
echo 'MYDOMAINS\\domain^admins ALL=(ALL) ALL' >> /etc/sudoers
  
restart the Likewise services"
   
/opt/likewise/bin/lwsm restart lwio
  
  
lwregshell

the registry editing tool.
   
/opt/likewise/bin/lwregshell

In the lsass branch, there are two keys that contain entries for the 
home directory and shell. One is for the Active Directory provider, the other is for
the Local provider. 

to get to the locations:
   
cd HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\ActiveDirectory
set_value LoginShellTemplate /bin/bash
set_value HomeDirTemplate %H/%U
cd HKEY_THIS_MACHINE\Services\lsass\Parameters\Providers\Local
set_value LoginShellTemplate /bin/bash
set_value HomeDirTemplate %H/%U

Refresh configuration without agent restart (unlike with lwconfig):

/opt/likewise/bin/lw-refresh-configuration

show hidden directories osx

osx hides directories in finder.

do an ls -lO and you'll see:
"hidden" 

to make unhiddened:
# chflags unhidden directory

Wednesday, October 9, 2013

adventures in reverse record creation and ms-dns

ms-dns is bind sometimes mostly.

someone not me created a whole bunch of reverse subnets weirdly.

10.x.x.x Subnet with the subdomains 123 and subdomains 11, 12, 13, 14, 15.  pretty in a gui.  but, hey.

however, when I attempt to create a PTR via dnscmd, a la:

dnscmd /RecordAdd 123.10.in-addr.arpa 1.11 PTR system001.elevennetwork.local

i get unhappy zone not existing and other silliness.

dnscmd /enumzones

i see, among others:

10.in-addr.arpa

oh, i see.  nice.  okay.

dnscmd /RecordAdd 1.11.128 PTR system001.elevennetwork.local

works!

but i a zillion of these addresses.  i simply cannot do this by hand.

i create a file with all of my tasty records however i do as such:

2.11.123 system002.elevennetwork.local
3.11.123 system003.elevennetwork.local
24.12.123 system024.twelvenetwork.local
... you get the hint ...

for /f "tokens=1-2" %i in (tastyrecords) do dnscmd %LOGONSERVER% /RecordAdd 10.in-addr.arpa %i PTR %j

and it works.

Monday, October 7, 2013

enable root telnet on gentoo

as the title says...
/etc/securetty

tty0
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
tty12

tts/0
ttyS0 

pts/0
pts/1
pts/2
pts/3
pts/4
pts/5
pts/6
pts/7
pts/8
pts/9
add the above for 10 exciting telnet sessions.

Thursday, October 3, 2013

ssh hopscotch

hot damn my job is fun.
me on system1 is pubkeyed on system2, but not system3.
toor on system2 is pubkeyed on system3.
me needs to run something on system3
ssh magic!

me@system1:~$ ssh toor@system2 "ssh notme@system3 \"ls -la ~\""
and here's a real world example of the excitement from a correspondent we shall call dr. excitement...
scp %1* 10.100.100.117:~/
ssh 10.100.100.117 "ssh 192.168.1.132 \"sudo service tomcat7 stop;sudo rm -v /var/lib/tomcat7/webapps/somethingneat.war\""
ssh 10.100.100.117 "scp %1.war 192.168.1.132:~/"
ssh 10.100.100.117 "ssh 192.168.1.132 \"sudo cp -v ~/%1.war /var/lib/tomcat7/webapps/somethingneat.war; sudo chown -v tomcat7 /var/lib/tomcat7/webapps/somethingneat.war; sudo service tomcat7 start\""
echo woo\!

Thursday, September 12, 2013

live linux p2v

so. vmware sometimes hates me. sometimes i have to do this to p2v a live system. boot from knoppix and off you go. from: http://pleasedonttouchthescreen.blogspot.com/2011/12/live-linux-p2v.html
Live Linux P2V
Here's how to clone a live, powered-on machine to a VMWare VM.

The test case scenario is a conversion from an HP BL460 to a Version 4 ESX VM, with LSI Logic parallel virtual SCSI controller and one e1000 vnic.
Linux version is Red Hat 5.5 x64
UPDATE: I've made some encouraging experiments with 6.2 also

Important: this method does not guarantee data consistency, as the disk will be copied while active, but it's usually good enought to bring up a bootable copy of the source machine where you can later restore a consistent backup.
On the other hand, this procedure gives way less downtime than a cold clone, and you can test the cloning process without halting the source machine.

Onward I will call the source machine "P" and the destination machine "V". 

Take note of the P disk configuration

# fdisk -l /dev/cciss/c0d0

Disk /dev/cciss/c0d0: 146.7 GB, 146778685440 bytes
255 heads, 32 sectors/track, 35132 cylinders
Units = cylinders of 8160 * 512 = 4177920 bytes

           Device Boot      Start         End      Blocks   Id  System
/dev/cciss/c0d0p1               1          25      101984   83  Linux
/dev/cciss/c0d0p2              26       23961    97658880   8e  Linux LVM

This is an HP machine with a SmartArray controller.

Create a new VM, called V, with a disk at least as big a the P one: in this case I've created a 147GB vmdk.
Boot the V VM into rescue mode.

boot: linux rescue

Start the network interface and assign an IP enabled for SSH with the P machine.
Skip searching for existing installations.
All the following commands are to be executed on the V machine.
Now dump the P hard drive to the V vmdk:

# ssh root@P "cat /dev/cciss/c0d0 | gzip -1 | cat" | gzip -d >/dev/sda

note that this compresses the data over the wire, as this usually leads to faster transfers, even more if the disk has many empty sectors.

After completion, an fdisk should display the same partition table of the P machine on the V machine

# fdisk -l /dev/sda

Disk /dev/sda: 157.8 GB, 157840048128 bytes
255 heads, 32 sectors/track, 37779 cylinders
Units = cylinders of 8160 * 512 = 4177920 bytes

           Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1          25      101984   83  Linux
/dev/sda2              26       23961    97658880   8e  Linux LVM


Reboot V into rescue mode again

boot: linux rescue

This time choose to search for existing installations, as it should find the new disk content.

# chroot /mnt/sysimage

Make sure the LVM has seen the new disk

# pvscan

PV /dev/sda2       VG VolGroup00   lvm2 [93.13 GB / 59.13 GB free]

If you don't see the PV, check /etc/lvm/lvm.conf for any filter other than the default one.

Modify the boot modules list taking as an example those of another identically configured VM.
This is the modprobe.conf of a tipical ESX VM.

# vi /etc/modprobe.conf

alias eth0 e1000
alias scsi_hostadapter mptbase
alias scsi_hostadapter1 mptspi
alias scsi_hostadapter2 ata_piix

Rebuild the initial ram disk, as referenced in the grub.conf

# mkinitrd -v -f /boot/initrd-2.6.18-194.el5.img 2.6.18-194.el5

Reinstall grub, just to be safe (it should be already there from the disk cloning process).

# grub-install /dev/sda

Now note that, after reboot, the V machine will start with the same IP address of the original P one.
If it doesn't suit your need, change the IP address in /etc/sysconfig/network-scripts/ifcfg-eth0 
Now you can reboot the V machine. 

If the M machine was at runlevel 5, the V machine may start with corrupted graphics because of the different video driver of the VM.
Switch to runlevel 3 and reconfigure X with

# system-config-display --reconfig

Now you can proceed with vmware-tools installation as usual on VMs.

is it or is it not x64?

yes.
root@here:/root# getconf LONG_BIT
64
root@here:/root# uname -m
x86_64
no.
root@here:/root# getconf LONG_BIT
32
root@here:/root# uname -m
i686

Wednesday, September 4, 2013

openstack cloud in the cloud

from: http://devstack.org/guides/single-vm.html works fine with ubuntu 12 lts on vmware esx 5.1
Running a Cloud in a VM
Use the cloud to build the cloud! Use your cloud to launch new versions of OpenStack in about 5 minutes. When you break it, start over! The VMs launched in the cloud will be slow as they are running in QEMU (emulation), but their primary use is testing OpenStack development and operation. Speed not required.

Prerequisites Cloud & Image
Virtual Machine
DevStack should run in any virtual machine running a supported Linux release. It will perform best with 2Gb or more of RAM.

OpenStack Deployment & cloud-init
If the cloud service has an image with cloud-init pre-installed, use it. You can get one from Ubuntu's Daily Build site if necessary. This will enable you to launch VMs with userdata that installs everything at boot time.

If you are directly using a hypervisor like Xen, kvm or VirtualBox you can manually kick off the script below in a bare-bones server installation.

Installation shake and bake
Launching with using Userdata
The userdata script grabs the latest version of DevStack via git, creates a minimal localrc file and kicks off stack.sh.

#!/bin/sh
apt-get update || yum update -y
apt-get install -qqy git || yum install -y git
git clone https://github.com/openstack-dev/devstack.git
cd devstack
echo ADMIN_PASSWORD=password > localrc
echo MYSQL_PASSWORD=password >> localrc
echo RABBIT_PASSWORD=password >> localrc
echo SERVICE_PASSWORD=password >> localrc
echo SERVICE_TOKEN=tokentoken >> localrc
./stack.sh
Launching By Hand
Using a hypervisor directly, launch the VM and either manually perform the steps in the script above or copy it into the VM.

Using OpenStack
At this point you should be able to access the dashboard. Launch VMs and if you give them floating IPs access those VMs from other machines on your network.

One interesting use case is for developers working on a VM on their laptop. Once stack.sh has completed once, all of the pre-requisite packages are installed in the VM and the source trees checked out. Setting OFFLINE=True in localrc enables stack.sh to run multiple times without an Internet connection. DevStack, making hacking at the lake possible since 2012!

Tuesday, August 27, 2013

sparc & netboot

from: http://ben.timby.com/?p=46
SPARC and netboot.

I have never used a SPARC system before tonight. I attempted to install my favorite distro Gentoo onto an old Sun Netra X1 server. This server has no disk drives nor does it have video or keyboard (serial only). My usual mode of installation is via PXE boot, so I set off to perform a network boot install on this machine.

Well right off I went awry. Sun uses OpenBoot, which does not perform PXE, it does a different type of netboot involving RARP. Here is a run-down of how to get it working.

1. Install RARPD, it is part of iputils, or rarpd. iputils is part of the base system, so you likely already have it.

# emerge -av iputils
2. RARPD works by listening for ARP request from a MAC address specified in /etc/ethers. /etc/ethers has a mac address/host name combo one per line. It then answers the ARP request with an IP address configured in /etc/hosts corresponding to the host name. This lets the client know that someone is listening (and cares). The Sun box assumes this special someone is the boot server, and attempts to download a bootable image via tftp from them. You configure and execute RARPD as follows.

# echo "00:00:00:00:00:00 myhostname" >> /etc/ethers
# echo "192.168.1.148 myhostname" >> /etc/hosts
# rarpd -ve eth0
3. Now you need tftpd listening ready to deliver a bootable image. This is where I had the most difficulty. I tried various images with little or no success.

a. I tried the official Gentoo image, I could not use chroot as the kernel was apparently too old.
b. I tried an unofficial Gentoo image, this one did not setup the kernel to use the serial console, thus, no output.
c. I finally settled on the ubuntu 6.10 image. I booted it, ran the installer to the point that I had configured the network and partitioned my disks, then I backed out and ran a shell. This dropped me into busybox, where I then did a Gentoo install :-).
Once you have an image, place it into your tftpd root. Start tftpd. You the have two options for finding what to name your image.

a. Do what I did and boot your client, tail /var/log/messages for the file name.
b. Convert the IP address you put into /etc/hosts for your client into the hex equivalent.

Link your boot image to the proper name:

# mv boot.img ubuntu-6.10.boot.img
# ln -sf ubuntu-6.10.boot.img C0A8FE02
4. Now to boot the client. This was tricky since I had never used Sun gear before. This box has a serial interface, which hooks to the LOM. This is the Lights Out Management interface. It is a simple command line interface. It allows you to do some very basic stuff like power the box up or down. Once the system powers up, you enter the system console. You can get back to the LOM using an escape sequence “#.” while the system is running. Further if the system is running, you can send a break to the LOM to enter an ok prompt. This is where you can manage the boot settings. I used the following commands to get my net boot working.

lom> poweron
console> #.
lom> ^C
ok> printenv
ok> set boot-device net
ok> set diag-switch? false
ok> boot net
* ^C is a break, I used minicom to send a break: cntrl+a Z F

alom & booting from cdrom

serial null-modem cable between the RJ45 serial port on the
back of the v210/v240/v440 server and your PC laptop COM1 serial port.

  Set the MS windows Hyperterminal program
  in your laptop to run to COM1 8 bits 1 stop bit
  no parity 9600 Bps.

  start hyperterminal

   press Enter to get a prompt


  Logon to the servers  ALOM software

        You may need to read this manual If you have never used ALOM

         http://docs.sun.com/app/docs/doc/817-1960-10



   sc >  poweroff      ( wait 2-3 minutes until it says it has
                         powered off. )

   sc >  poweron

   sc > console

     Normal machine startup appears .
     as soon as you see the OBP banner
     exit the console by typing

      #.       ( Hashmark dot )   Then quickly issue the command.

   sc > break -y

   sc > console


    and you should see the OPB  prompt

   Ok >

    then  do


   setenv auto-boot? false

   to prevent autoboot until you have fixed the system by
   reinstalling or whatever.

Thursday, August 22, 2013

convert ip to hex

because i need to to this for sparc jumpstart.
#!/bin/bash

echo "type in four octets to convert to hex"

read IP_ADDR

printf '%02X' ${IP_ADDR//./ }; echo

collection of sol net boot & jumpstart stuff

http://gdwarner.blogspot.com/2010/02/solaris10-sparc-jumpstart-from-linux.html
Solaris10 (sparc) jumpstart from Linux

This got me started:

Intro

Where I work, we have several Sun T1000s. These machines lack usb ports and cdrom drives, so installing Solaris on them is a pain. The process involves using another machine to jumpstart the target machine. Most instructions on the web tell you how to do this using Solaris as the jumpstart server.

One of the great benefits of jumpstarting, is you can completely configure the install process using configuration files. You can set root passwords, specify packages to be installed, run custom shell commands, add users, etc.

I needed a way to be able to manage all of these configurations in CM (perforce) and then reliably and consistently build my jumpstart server. Previously this involved following written instructions that went something like this: 1) Create Solaris VM 2) Move this files over 3) Configure this, that, etc. It was highly error prone and many times a little step here or there would get skipped.

Enter Linux.

Besides the fact that I really dislike Solaris, I saw many advantages to trying to make a Linux jumpstart server. Primarly was the fact that I could programatically make a Linux jumsptart server by making a Live CD (maybe more on this in another blog post). Also, Linux for me, is easier to manage, debug, configure, etc.

In the sections that follow, I'll try to explain the steps I took to create a Linux jumpstart server on a RHEL 5.4 system. As alluded to before, I eventually ported this to an ArchLinux livecd, so I could pop the live cd in a x86 PC, boot, and serve Solaris installs!

And lastly, I should note that this post is mostly a collection of notes. I don't expect a newbie to jumpstart to understand anything by reading this. This will be mostly helpful to someone who is already familiar with the basics of jumpstart, has probably already tried to get it to work on Linux, but just needs a few hints.

Install a minimal RHEL 5.4

Add dhcpd and tftp-server packages, if necessary

Configure dhcpd
Here is my config file. My server's ip is 192.168.1.1.

ddns-update-style interim;
ignore client-updates;
option routers 192.168.1.1;
option subnet-mask 255.255.255.0;

default-lease-time 600;
max-lease-time 7200;

next-server 192.168.1.1;

# Jumpstart Support
option space SUNW;
option SUNW.root-mount-options code 1 = text;
option SUNW.root-server-ip-address code 2 = ip-address;
option SUNW.root-server-hostname code 3 = text;
option SUNW.root-path-name code 4 = text;
option SUNW.swap-server-ip-address code 5 = ip-address;
option SUNW.swap-file-path code 6 = text;
option SUNW.boot-file-path code 7 = text;
option SUNW.posix-timezone-string code 8 = text;
option SUNW.boot-read-size code 9 = unsigned integer 16;
option SUNW.install-server-ip-address code 10 = ip-address;
option SUNW.install-server-hostname code 11 = text;
option SUNW.install-path code 12 = text;
option SUNW.sysid-config-file-server code 13 = text;
option SUNW.JumpStart-server code 14 = text;
option SUNW.terminal-name code 15 = text;


subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.10 192.168.1.100;
option broadcast-address 192.168.1.255;
#option routers 192.168.1.1;

option host-name "solaris10-jumper1";
vendor-option-space SUNW;
option SUNW.sysid-config-file-server "jumpstartserver:/home/jumpstart/config";
option SUNW.JumpStart-server "jumpstartserver:/home/jumpstart/config";
option SUNW.install-server-hostname "jumpstartserver";
option SUNW.install-server-ip-address 192.168.1.1;
option SUNW.install-path "/home/jumpstart/install";
option SUNW.root-server-hostname "jumpstartserver";
option SUNW.root-server-ip-address 192.168.1.1;
option SUNW.root-path-name "/home/jumpstart/install/Solaris_10/Tools/Boot";
}



Configure NFS

For some reason, you have to disable NFSv4 on the server. See this page:

http://www.jroller.com/jasonf/entry/solaris_10_nfs_client_connecting
Pay special attention to the comment left by Lars Rohrbach.

My /etc/exports file looks like this:


/home/jumpstart/install 192.168.1.0/255.255.255.0(ro,sync,no_root_squash)
/home/jumpstart/config 192.168.1.0/255.255.255.0(ro,sync,no_root_squash)

TFTP

Enable tftp by editing the /etc/xinet.d/tftp file.

Tftp files (at least with RHEL5) are served by default from /tftpboot. The Solaris sparc bootloader(?) needs to be copied to this directory. In my situation, I copied /install/Solaris_10/Tools/Boot/platform/sun4v/inetboot from the Solaris10 install dvd and renamed it SUNW.Sun-Fire-T1000. If you're not installing a T1000, you will rename it to something different. Also, the folder that inetboot was in, sun4v, may change too. I deduced the filename, SUNW.Sun-Fire-T1000, by looking at tcpdump output and I figured out the architecture(?), sun4v, by googling.

DVD Contents

For simplicity, I mounted (instead of copying) the Solaris 10 sparc dvd at /home/jumpstart/install.

Configuration

/home/jumpstart/config/any_machine:


install_type initial_install
system_type server
partitioning explicit
filesys rootdisk.s0 10000 /
filesys rootdisk.s1 1000 swap
filesys rootdisk.s4 10000 /home
filesys rootdisk.s5 free /var

cluster SUNWCreq

/home/jumpstart/config/sysidcfg:


system_locale=en_US
timezone=US/Pacific
terminal=vt100
timeserver=localhost
network_interface=e1000g0 {hostname=client1
netmask=255.255.255.0
protocol_ipv6=no
default_route=192.168.1.1}
name_service=NONE
security_policy=NONE
nfs4_domain=dynamic

/home/jumpstart/config/rules:


#
# The following rule matches any system:

any - - any_machine -

/home/jumpstart/config/rules.ok:


any - - any_machine -
# version=2 checksum=num

Start the Install

From the Solaris ">" prompt, issue a "boot net:dhcp - install"

That's it!




http://web.archive.org/web/20100407085448/http://www.5dollarwhitebox.org/wiki/index.php?title=Projects_Linux_Jumpstart_Installer&printable=yes

Summary

This document lays out how to configure and automate Solaris Jumpstart installations from a Linux Server. For our demonstration, we have used Debian Sarge 3.1, however any other distro should work similarly. The goal is to provide a completely automated and standardized Solaris installations.
Why not create a Jumpstart Solution from a Solaris server? Well, the standard jumpstart is based on a one time install where you must use the “add_install_client” and “rm_install_client” scripts to add the servers IP and MAC address to perform an install (uses RARP/Bootparamd). Using Linux we pass all the install options by way of DHCP which enables us to plug in a server, type “boot net:dhcp – install” and watch it go without making any changes on the Jumpstart server.
Alot of this work was handed on to me from my good friend Ed... thank you thank you.

  • Author: BJ Dierkes
  • Last Updated: December 2nd, 2005
  • Contact: wdierkes [at] 5dollarwhitebox [dot] org


Overview and Preparation

The System

  • Debian Stable 3.1 (Sarge)
  • 1 Public NIC
    • 10.1.101.x for our example
  • 1 Private NIC for each Solaris Distribution served
    • 192.168.1.254 – Solaris 8 distribution NIC
    • 192.168.2.254 – Solaris 9 distribution NIC

Filesystem Diagram

The following is a brief layout of the files involved here. As we have both Solaris 8 and Solaris 9, please substitute "X" with either "8" or "9":
/jumpstart/XHolds all Solaris X jumpstart install, post install, and companion cd files
rulesFile used to determine machine type, and is read by the ‘check’ script.
rules.okFile created by the ‘check’ script, and read by the installer to determine the profile file, and pre/post scripts to use.
checkScript that is ran to read the ‘rules’ file, and create the ‘rules.ok’ file.
any_machineGeneric profile file, used to automate the installer.
installData from Solaris X Software CD’s 1 and 2
config/sysidcfgConfig file to automate installation
post_install/ccd_install.plCustom Post Install script to install the Companion CD
post_install/companioncd/PackagesCopied from Companion CD

Linux Packages required

The following Debian packages will need to be installed:
atftpdTFTP Server Daemon provides the Solaris Netboot Kernel
pdkshShell required to execute certain Solaris scripts off the CD’s
tcpdumpUseful for debugging
nfs-kernel-serverServes the Installation files
nfs-commonAdditional NFS package
dhcp3-serverProvides boot parameters needed for Solaris Jumpstart install
bind9Required during install to provide reverse lookup on the private network (192.168.x.x)

Solaris Software Media Used

  • Solaris 8 2/04 Software CD 1 of 2
  • Solaris 8 2/04 Software CD 2 of 2
  • Solaris 8 2/02 Software Companion CD
  • Solaris 9 7/04 Software CD 1 of 2
  • Solaris 9 7/04 Software CD 2 of 2
  • Solaris 9 7/04 Software Companion CD

Linux Server Configuration Files

DHCP3: /etc/dhcp3/dhcpd.conf

Because the DHCP boot parameters determine where the installation and sysidcfg files are, each distribution requires its own NIC and network. As you see below, any box DHCP booting to the 192.168.1.0 network will perform a Solaris 8 Jumpstart installation, and any box on the 192.168.2.0 network will perform a Solaris 9 Jumpstart installation. There is most likely a cleaner way to do this, but I have not been able to determine it.

/etc/dhcp3/dhcpd.conf
# option definitions common to all supported networks...
ddns-update-style ad-hoc;
option domain-name "jumpstart.mydomain.com";
option domain-name-servers 192.168.1.254;

option subnet-mask 255.255.255.0;
default-lease-time 600;
max-lease-time 7200;

# Jumpstart Support
option space SUNW;
option SUNW.root-mount-options code 1 = text;
option SUNW.root-server-ip-address code 2 = ip-address;
option SUNW.root-server-hostname code 3 = text;
option SUNW.root-path-name code 4 = text;
option SUNW.swap-server-ip-address code 5 = ip-address;
option SUNW.swap-file-path code 6 = text;
option SUNW.boot-file-path code 7 = text;
option SUNW.posix-timezone-string code 8 = text;
option SUNW.boot-read-size code 9 = unsigned integer 16;
option SUNW.install-server-ip-address code 10 = ip-address;
option SUNW.install-server-hostname code 11 = text;
option SUNW.install-path code 12 = text;
option SUNW.sysid-config-file-server code 13 = text;
option SUNW.JumpStart-server code 14 = text;
option SUNW.terminal-name code 15 = text;


subnet 192.168.1.0 netmask 255.255.255.0 {
        range 192.168.1.1 192.168.1.100;
        option broadcast-address 192.168.1.255; 
        option routers 192.168.1.254; 

        option host-name "sol8-jumper1";
        vendor-option-space SUNW;          
        option SUNW.sysid-config-file-server "sol8-installer:/jumpstart/8/config";
        option SUNW.JumpStart-server "sol8-installer:/jumpstart/8";
        option SUNW.install-server-hostname "sol8-installer";
        option SUNW.install-server-ip-address 192.168.1.254;
        option SUNW.install-path "/jumpstart/8/install";
        option SUNW.root-server-hostname "sol8-installer";
        option SUNW.root-server-ip-address 192.168.1.254; 
        option SUNW.root-path-name "/jumpstart/8/install/Solaris_8/Tools/Boot";
}

subnet 192.168.2.0 netmask 255.255.255.0 {
        range 192.168.2.1 192.168.2.100;
        option broadcast-address 192.168.2.255; 
        option routers 192.168.2.254; 

        option host-name "sol9-jumper1";
        vendor-option-space SUNW;          
        option SUNW.sysid-config-file-server "sol9-installer:/jumpstart/9/config";
        option SUNW.JumpStart-server "sol9-installer:/jumpstart/9";
        option SUNW.install-server-hostname "sol9-installer";
        option SUNW.install-server-ip-address 192.168.2.254;
        option SUNW.install-path "/jumpstart/9/install";
        option SUNW.root-server-hostname "sol9-installer";
        option SUNW.root-server-ip-address 192.168.2.254; 
        option SUNW.root-path-name "/jumpstart/9/install/Solaris_9/Tools/Boot";
}


DHCP3: /etc/default/dhcp3-server

/etc/default/dhcp3-server
INTERFACES="eth1 eth2"

NFS: /etc/exports

/etc/exports
/jumpstart              192.168.1.0/255.255.255.0(ro,sync,no_root_squash)
/jumpstart              192.168.2.0/255.255.255.0(ro,sync,no_root_squash)

NOTE: I’ve had problems installing Solaris 8 with the NFS shared as “ro”. For some reason it needs to write something on the share (which is all together a bad deal). I haven’t figured that out yet, however the issue doesn’t seem to happen on a Solaris 9 Jumpstart.

Bind9: Generic Configuration

Bind9 DNS Server was required for reverse DNS lookups during Jumpstart. Multiple times throughout the install, Jumpstart hangs if it cannot locate the specified DNS Server and hostname. Therefore, I setup a generic Bind9 configuration for the 192.168.x.x networks. I am no Bind guru by any means, but it seemed to fix the glitch.

Copying the Solaris Software

Since Sun uses partitions on some of there installation media… its not always as simple as copying directories off of a CD. There are different ways that this can be done; however the easiest way I found was to use the “install_jumpstart_server” and “add_to_jumpstart_server” scripts off of the CD’s.
These commands are performed on an installed Sun Solaris Server. The idea is to use the jumpstart install scripts from the installation media, and then copy those directories across the network to the Linux NFS server. The scripts will not allow install across the network directly to the NFS share.
# mkdir –p /local_jumpstart/8/install
# mkdir –p /local_jumpstart/9/install

Solaris 8

All commands are on the Solaris box.
Solaris 8 2/04 Software CD 1 of 2:
# /cdrom/sol_8_204_sparc/Solaris_8/Tools/setup_install_server /local_jumpstart/8/install

Solaris 8 2/04 Software CD 2 of 2:
# /cdrom/sol_8_204_sparc_2/Solaris_8/Tools/add_to_install_server /local_jumpstart/8/install

Solaris 8 2/02 Companion CD:
# cp –R /cdrom/s8_software_companion/components/sparc/Packages /local_jumpstart/8/companioncd.orig

Solaris 9:

All commands are on the Solaris box.
Solaris 9 7/04 Software CD 1 of 2:
# /cdrom/sol_9_704_sparc/Solaris_9/Tools/setup_install_server /local_jumpstart/9/install

Solaris 9 7/04 Software CD 2 of 2:
# /cdrom/sol_9_704_sparc_2/Solaris_9/Tools/add_to_install_server /local_jumpstart/9/install

Solaris 9 7/04 Companion CD:
# cp –a /cdrom/s9_software_companion/components/sparc/Packages /local_jumpstart/8/companioncd.orig

Copy Files To The Linux NFS Server

From the Solaris box:
# mount –F nfs linux-jumpstart-server:/jumpstart /mnt/jumpstart
# cp -a /local_jumpstart/* /mnt/jumpstart
There may be a better was to do this… like with ‘tar’, however I had an issue copying one of the CD’s with ‘tar’ so I just stuck with the easy option, ‘cp’.

Jumpstart Configuration Files

All commands are on the Linux server.

Netboot Kernels

There is a specific Netboot kernel for each type of Sun Box. The kernels seem to work for Solaris 8 and Solaris 9 the same, and were copied from the Solaris 8 media.
# cd /jumpstart/8/install/Solaris_8/Tools/Boot/usr/platform

Sun 280R 4U Server Inetboot Kernel:
# cp SUNW,Sun-Fire-280R/lib/fs/nfs/inetboot /tftpboot/SUNW.Sun-Fire-280R

Sun v120 1U Server Inetboot Kernel:
# cp SUNW,UltraAX-i2/lib/fs/nfs/inetboot /tftpboot/SUNW.UltraAX-i2

These are the only two servers that I am working with at the moment, but the other kernels are there.

Jumpstart Sample Configuration

The files that I have here were built from the Solaris sample files in the Solaris 8 Media. The files appear to be the same for Solaris 8 and Solaris 9 (and maybe even 10).
# cp –a /jumpstart/8/install/Misc/jumpstart_sample/* /jumpstart/8
# cp –a /jumpstart/9/install/Misc/jumpstart_sample/* /jumpstart/9

From there, the main configuration files are described next.

The Rules File: /jumpstart/XX/rules

This file contains rules so that you can control how Jumpstart runs on different types of machines. For my needs, all installs are generally going to be the same. Therefore, I setup up one single configuration that should work on all hardware that I have available.

/jumpstart/XX/rules
any -   pre-install.sh   any_machine post-install.sh

There can be multiple lines, with multiple ‘rules’. The idea is to ‘match’ a box to a rule set, and then proceed accordingly.
anyDescribes the type of hardware architecture that the current machine has.
-The next field I believe describes the Kernel architecture??? But ‘-‘ is all you need.
pre-install.shThis script is executed before the OS is installed
any_machineThis is the name of the file that is used if this rule matches.
post-install.shThis script is executed after the OS is installed

The rules.ok File: /jumpstart/XX/rules.ok

This file is created by the ‘check’ script in the same directory ‘/jumpstart/XX’ after copying the sample_jumpstart files. The ‘check’ script reads the ‘rules’ file, and then creates ‘rules.ok’ which is read by the installer.

/jumpstart/XX/rules.ok
any -   pre-install.sh   any_machine post-install.sh 
# version=2 checksum=4738

It obviously just adds a checksum that is used to “verify” the rules file for the installer. To run the ‘check’ script, you may need to mount the NFS share, and run the script from an installed Solaris box (at least I had to, but I don’t remember if I really needed to or not).

The Profile: /jumpstart/XX/any_machine

The Profile holds a little bit of information in order to automate the installer. This file tells it how to partition the disk, which packages to install, the type of install, etc.

/jumpstart/XX/any_machine
install_type    initial_install
system_type     standalone
partitioning    explicit
filesys any free /
filesys any 1024 swap
filesys any 32
geo N_America
cluster         SUNWCall

This profile basically performs an Initial Install on a standalone system. The partitioning looks like the following:
Slice 0Free space left on disk (mounted on ‘/’)
Slice 11024M (swap)
Slice 2Reserved
Slice 332M (no mount point. Used for Software mirroring)

The line “cluster SUNWCall” tells Jumpstart to install the “Entire Distribution”. You could substitute this line with “cluster SUNWreq” to only install the CORE OS, and then add specific packages with additional lines like “package SUNWbash”. The packages are found in ‘/jumpstart/XX/install/Solaris_XX/Product’.

The Config File: /jumpstart/XX/config/sysidcfg

The ‘sysidcfg’ file provides answers to questions in the installer. Without this file, and the profile ‘any_machine’ the installer is not automated and will prompt for answers.

/jumpstart/XX/config/sysidcfg
name_service=NONE
network_interface=PRIMARY{dhcp protocol_ipv6=no}
root_password=15y8hPKSuXZ6A
security_policy=NONE
system_locale=en_US
terminal=vt100
timezone=US/Central
timeserver=localhost

These answers are obvious if you are familiar with performing CD based installs. The encrypted ‘root_password’ is ‘password’. Setting the ‘timeserver’ to ‘localhost’ assumes that the system time is accurate. The smart thing to do would be to setup a time server on the jumpstart installer, and then this line will change to ‘timeserver=192.168.1.254’ or whatever the IP of the Jumpstart server is. I haven’t gotten to that point yet.

Post Install Config

Solaris Software Companion Packages


Because there is no feasible way to add the Solaris Software Companion to the installation, it needs to be added by way of custom scripts. To do this, the ‘components/sparc/Packages’ directory was copied off of the Solaris Software Companion CD. The script I wrote that handles these packages is ‘post_install/ccd_install.pl’, and installs the packages from ‘post_install/companioncd/Packages’. You can add/remove packages from the Companion CD and the script should not need to be edited.

Additionally, the original Companion CD’s ‘Packages’ directory was copied to ‘/jumpstart/8/companioncd.orig’ and ‘/jumpstart/9/companioncd.orig’. This directory exists so you can pull packages and place them back into the ‘post_install/companioncd/Packages’ directory for the post install script to install them.

For documentations sake, I have removed the following packages ‘post_install/companioncd/Packages’:
SFWcdrec
SFWxmms
SFWxeyes
SFWethrl
SFWsnort
SFWxfce
SFWkde
SFWsamba
SFWgimp
SFWesd
SFWfvwm
SFWfnlib
SFWgnome
SFWgtk
SFWgtken
SFWgv
SFWimlib
SFWolvwm
SFWqt
SFWtdmp
SFWtk
SFWxaw3d
SFWxcpus
SFWxmacs
SFWxmcd
SFWxmp
SFWxterm
SFWgphto
SFWgplot
SFWnmap

How It All Works

sol-jumperServer being jumped (192.168.1.1)
jumpstart-devLinux Jumpstart Server (192.168.1.254)

The new Sun server is connected to a specific Jumpstart VLANs. For this type of setup, There needs to be a separate VLAN for each version of Solaris. (Crossover cable directly in our example).

From the Open Boot Prompt (“ prompt”) type:
 boot net:dhcp – install
  • sol-jumper calls for a DHCP Address, and boot parameters. The DHCP Server provides the IP, and Jumpstart Server information. (this part takes place of RARP/Bootparamd in a typical Jumpstart environment)
  • sol-jumper mounts the NFS share ‘jumpstart-dev:/jumpstart/8’ and finds the configuration files, notably the sysidcfg file.
  • Jumpstart read the ‘rules.ok’ file to find a match, then read the corresponding config files and scripts that are attached to it.
  • Jumpstart executes the ‘pre-install.sh’ script that is specified in the ‘rules.ok’ file
  • Jumpstart runs several other scripts as well (not specified by our files).
  • Jumpstart then begins to partition the disk, and then install whatever packages are specified in our profile ‘any_machine’.
  • After the OS is installed, Jumpstart installs any patches that are located in ‘/jumpstart/XX/install/Solaris_X/Patches’.
  • Jumpstart then executes the ‘post-install.sh’ script which was specified in our ‘rules.ok’ file.
  • In my config, the ‘post-install.sh’ script then executes ‘post_config/ccd_install.pl’ which is a custom perl script I wrote to install the Solaris Companion CD.
  • The box will then reboot, and you’ll have a login. Root password is ‘password’ as specified in the sysidcfg file.

At this point you could then implement a custom post install script to config the system to your liking.
That is basically it.

Known Problems

Differences in TCP/IP Stack

It appears that there may be differences between the Solaris and Linux TCP stacks. This problem hasn’t quite been researched completely, however throughout the install the following NFS data transfer error is continuous: “reply ERR 1460”. I am not completely sure how this effects the installation, or if it just delays it slightly. There doesn’t appear to be any problems with the installation after it is complete.

I have found comments in Solaris Forums that suggest the Linux NFS Servers sends data “backwards” compared to how Solaris reads it.

Transfer Speeds

Even with 10/100 NICs connected with a direct Cross-over cable, the Jumpstart install appears very sluggish. I believe this may be a minor adjustment, such as enable Full Duplex on the Sun box or something similar to that. I haven’t had time to look into this yet. This may also be because of the Difference in TCP/IP stack.

Suggestions

Native Solaris Jumpstart

Personally, I am thinking that the best Solaris solution is to setup a solid Solaris Jumpstart server utilizing the Solaris Security Toolkit (very advanced). This would take extensive configuration, which I have not looked into. This would require setting up an environment that did not require the use of “add_install_client” and “rm_install_client” as our main focus is automation.

Web Interface to Prep for Install

One Idea I had was to setup a Web Interface that displayed the detected MAC address’s. You could then select the MAC of the server, and then select which version of Solaris to install. The web interface would then use that information to execute a custom script in place of the “add_install_client” script. The main thing that ‘add_install_client’ does is adds info to ‘/etc/hosts’, ‘/etc/ethers’, and ‘/etc/bootparams’.

This is a shaky idea, but it had run across my mind. Haven’t thought it out, or if it would work. Would need to customize the config to have a DHCP Server regardless.

FreeBSD Jumpstart Server

The procedures in this document could be tested on a FreeBSD system. This may resolve the issues that are being seen during the NFS reads, as the FreeBSD TCP stack may be more compatible with Solaris.

Resources

Jumpstart HowTo’s:

How to create a Raid 1 during installation. (Didn’t quite get to try this)

Custom Jumpstart Environment Variables:

Solaris 8 Package Lists:

Solaris 8 Advanced Installation Guide:

Solaris 8 Companion CD Package Dependency List:

Advanced Solaris Jumpstart Configs (For Sun Jumpstart Server, not Linux)








Solaris Network Install from Linux

I was able to successfully install Solaris 8 on my SPARCstation 10 using my Red Hat 7.3 Linux machine as a boot server. I downloaded the Solaris 8 CD images from Sun. I don't have a SCSI CD-ROM for the SS 10. But I do have CD-RW drive on my Linux machine and a network to connect them together. I connected to the serial console on the SS10.

Network Boot

The Solaris Install CD isn't needed for the install; it is for booting from the CD drive and doing a graphical install. The Software 1 CD CD contains the root filesystem and core packages. The Software 2 CD contains optional packages that can be copied over for the main install, or installed later.
The Solaris_8/Tools directory contains some shell scripts that are used on Solaris machine to setup a boot server. These don't work under Linux but inspecting them shows how a boot server can be setup on other Unix machines.
Setup network booting as described in my Network Boot Server for SPARC article.

Root Files

The root filesystem is on the Software 1 CD in the Solaris_8/Tools/Boot directory. It needs to be copied to the boot server using either tar or cpio commands to preserve all the file attributes.
# cd /mnt/cdrom/Solaris_8/Tools
# find . -depth -print | cpio -pdmu /pub/solaris/Solaris_8/Tools

TFTP

The network boot file for loading over TFTP is the usr/platform/platform/lib/fs/nfs/inetboot file in Solaris_8/Tools/Boot. Copy the file for your platform to the /tftpboot directory and symlink it to the file for the client.
# cd /pub/solaris/Solaris_8/Tools/Boot
# cp usr/platform/sun4m/lib/fs/nfs/inetboot /tftpboot
# cd /tftpboot
# ln -sf inetboot C0A8010C.SUN4M

Product Files

The core packages are also on the Software 1 CD in the Solaris_8/Product directory. This directory must be available over NFS. It can be copied from the CD-ROM to the hard drive. If you want to install the packages from the Software 2 CD, also copy them to the same location onto the hard disk with the same command.
# cd /mnt/cdrom/Solaris_8 
# find Product -depth -print | cpio -pdmu
# /pub/solaris/Solaris_8
Alternatively, the CD-ROM can be exported directly over NFS. One snag with this is that you won't be able to unmount or eject the CD while it is exported. The solution is to not add a line to the/etc/exportfs file, but use the exportfs -i command to export it and then do exportfs -r to remove it.
# exportfs -v -i -o ro,no_root_squash 192.168.1.0/24:/mnt/cdrom

Bootparams

All the locations for directories above needed to be exported through NFS. They also need to be transmitted to the client with the bootparamd file. Add the configuration for the client to the/etc/bootparams file.
# cat >> /etc/bootparams
balrog root=kraken:/pub/solaris/Solaris_8/Tools/Boot \
        install=kraken:/pub/solaris \
        rootopts=:rsize=32768 boottype=:in 

Problems

Some people have reported problems with interaction between the Linux NFS daemon and Solaris. I didn't have any trouble with the Linux 2.4.18 kernel so this may have been fixed in more recent kernels. You can try changing the rsize option to 8192 if you run into problems.
The first couple of times that I tried booting Solaris, the boot process would hang after loading the kernel but before loading the installer. After some investigation of the scripts in /sbin in the root filesystem, I discovered that the /sbin/get_netmask program was handing. Since it didn't seem to be doing anything important (the interface has already been properly configured), I moved it out the way.
# cd /pub/solaris/Solaris_8/Tools/Boot
# cd sbin
# mv get_netmask get_netmask.boot

Booting

Now you are ready to boot the Solaris installer over the network. Enter the boot command from the OpenPROM prompt.
ok boot net-tpe - install

Install

If everything is working correctly, the Solaris interactive installer should appear on the console. Most of the questions it asks are pretty straightforward and I didn't have any trouble installing Solaris once I got it to boot.
It should be possible to automate the installation using Jumpstart. Jumpstart uses a couple of files to configure the install. These are also exported through NFS and parameters added to the bootparams file. The scripts used to set this up automatically won't work on Linux but it should be possible to do it manually.







Network Boot Server for SPARC

It is pretty easy to a Linux machine to act as a boot server for a Sun SPARC machine. I used a Red Hat 7.3 Linux machine to boot a SPARCstation 10 for installing various operating systems. Other Unix operating systems should be pretty similar. Obviously, you should change the hostnames, addresses, and paths to fit your configuration.
The server needs to have the rarpd, tftpd, bootparamd, and nfsd servers installed. The boot process follows the following steps: discoveres the IP address through RARP; fetches the boot-loader through TFTP; determines the root filesystem with bootparams; and mounts the root filesystem through NFS.

RARP

The Sun machine gets its IP address using RARP from the rarpd server. The /etc/ethers file lists the mapping between Ethernet address and hostname.
# cat >> /etc/ethers
08:00:20:12:81:71  192.168.1.12
# /etc/init.d/rarpd start

TFTP

The boot process downloads the boot loader or kernel through TFTP. The TFTP server looks in /tftpboot by default. The boot file is named with the client as the client IP address in hex followed by a period and the architecture. For example, the boot file for the SS10 at 192.168.1.12 is C0A8010C.SUN4M. This is normally a symlink to the boot loader for each operating system.
# cd /tftpboot
# ln -sf inetboot C0A8010C.SUN4M

Bootparamd

Bootparamd is used to convey boot parameters to the boot loader or kernel. The most of important of these is the root filesystem. This is normally mounted over NFS. The /etc/bootparams is used to configure this. Hostnames can be used in this file as long as they are listed in the server's /etc/hosts file.
# cat >> /etc/bootparams
balrog root=kraken:/pub/solaris/Solaris_8/Tools/Boot
# /etc/init.d/bootparamd start
# cat >> /etc/hosts
192.168.1.10    kraken
192.168.1.12    balrog

NFS

The root filesystem needs to be exported through NFS. For most operating systems, it can be read-only and needs to have the no_root_squash option.
# cat > /etc/exports
/pub 192.168.1.0/24(ro,no_root_squash)
# /etc/init.d/nfs start

Related




Jumpstart server for Solaris 10 x86

1. Standard Preparation
To be able to install Solaris 10 for x86 architecture, the Jumpstart server is requiring help from DHCP/PXE service.
This procedure is well documented on Sun BigAdmin
Follow the BigAdmin documentation to set the directories to be exported using NFS…
# cd /cdrom/cdrom0/Solaris_10/Tools
# ./setup_install_server /export/install/10_x86_u4
and so on…
2. Some tunning
2.1. Why this tunning?
Once the DVD has been copied to the hard drive, and exported, here are some settings i’ve used, mainly due to the fact the DHCP server in my network is not running on the Jumpstart server.
Note that TFTP and NFS services are running on the Jumpstart server (let’s call itjmpsvr)
The DHCP server will be named dhcpserver.
The PXE configuration needs to be set, e.g. the TFTP server configuration is to be updated, as well as the DHCP server.
Here are the modification that have been done:
2.2. TFTP settings
Create of a specific folder under the /tftpboot directory to store Solaris bootloader:
root@jmpsvr:/# mkdir /tftpboot/sol10-x86-u4
Copy the Solaris bootloader files to the previously created folder:
root@jmpsvr:/# cp -rf /export/install/10_x86_u4/boot* /tftpboot/sol10-x86-u4/
Create the required files under /tftpboot:
root@jmpsvr:/tftpboot# cp sol10-x86-u4/grub/pxegrub pxegrub.sol10-x86-u4
root@jmpsvr:/tftpboot# vi menu-sol10-x86-u4.lst
The menu.lst file is used by PXE grub to know what to boot.
Here is the content:
default=0
timeout=10
title Solaris 10 x86 U4 Jumpstart
  kernel /sol10-x86-u4/multiboot kernel/unix - install dhcp -B \ 
         install_config=jmpsvrIP:/export/config/config-sol10-x86-u4/,\
         sysid_config=jmpsvrIP:/export/config/sysidcfg-sol10-x86-u4/,\
         install_media=jmpsvrIP:/export/install/10_x86_u4/,\
         install_boot=jmpsvrIP:/export/install/10_x86_u4/boot
  module /sol10-x86-u4/x86.miniroot
where jmpsvrIP needs to be replaced by the IP address of jmpsvr.

...
2.3. Jumpstart configuration
Specific directories have been created under /export/config to store the sysidcfg andconfig files for x86 machines:
root@jmpsvr:/# mkdir /export/config/sysidcfg-sol10-x86-u4/
root@jmpsvr:/# mkdir /export/config/config-sol10-x86-u4/
The following files have been created here:
root@jmpsvr:/# ls -l /export/config/sysidcfg-sol10-x86-u4/
total 2
-rw-r--r--   1 root     root         392 Mar 12 07:35 sysidcfg
root@jmpsvr:/# ls -l /export/config/config-sol10-x86-u4/
total 144
drwxr-xr-x   4 root     root         512 Mar 12 08:01 .
drwxr-xr-x  13 root     root        1536 Mar 12 07:02 ..
-r-xr-xr-x   1 root     root       59701 Mar 11 14:06 check
drwxr-xr-x   6 root     root         512 Mar 12 07:06 config
-rw-r--r--   1 root     root         575 Mar 11 18:00 hdd30gb
drwxr-xr-x   2 root     root         512 Mar 12 07:05 patches
-rw-r--r--   1 root     root          43 Mar 12 07:53 rules
-rw-r--r--   1 root     root          69 Mar 12 07:53 rules.ok
-rwxr-xr-x   1 root     root          54 Mar 11 15:13 client_begin
-rwxr-xr-x   1 root     root        3484 Mar 12 07:10 client_finish
The rules file is to be updated for each server you want to add, by adding a new line with the name of the server to install. However, it is also possible to have a rule matching any machine.
If you want to use specific profile, beginning and finishing scripts for each server, you can use the following syntax for the rules file
hostname mytarget client_begin client_profile client_finish
Here is how to match any x86 target:
karch i86pc client_begin client_profile client_finish
A remark regarding the profile syntax is available in this post.

3. DHCP configuration
The dhcpd.conf file needs to be configured so that the target server to install is given a PXE instruction.
        host targetserver {
                hardware ethernet XX:XX:XX:XX:XX:XX;
                fixed-address www.xxx.yyy.zzz;
                next-server jmpsvrIP;
                filename "/pxegrub.sol10-x86-u4";
        }
On the jmpsvr server, in /tftpboot, create a link between menu-sol10-x86-u4.lstand menu.lst.XXXXXXXXXXXX (This is required as the pxegrub from Solaris is lookinf for this file) where XXXXXXXXXXXX is the MAC address of the target server.
root@jmpsvr:/tftpboot# ln -sf menu-sol10-x86-u4.lst menu.lst.01XXXXXXXXXXXX
You are now ready to boot the client on the LAN and proceed with the installation.