[University of Arkansas][Computing Services]

Disaster Recovery Plan
Solaris 2.5 Install Procedures
(DRPCX050)

Last update: Tuesday, 21-Mar-2000 10:31:41 CST

Created, modified by Roy Hallquist
Kevin Allen
Updated March 27, 1996
by Peter Laws
Last updated: Thursday, 17-Oct-96 09:11:05



IF THE HOST YOU ARE WORKING ON IS CURRENTLY IN SERVICE, YOU MUST MAKE SURE THAT ALL APPROPRIATE FILESYSTEMS ARE BACKED UP TO TAPE OR VIA ADSTAR!!!!!!

If this machine has an OS on it already, the following files should be saved:

/etc/passwd
/etc/shadow
/etc/mail/aliases (if any)
/etc/vfstab (if any)
/etc/dfs/dfstab (if any)
user's mail files in /var/mail
/.../adsm/inclexcl.def (if ADSTAR installed)
/etc/adsm/<HOST>
/etc/hosts.allow (if tcpd installed)
/var/spool/calendar/callog (if any)

Move these files to one of the slices that will be preserved.


Minimum Solaris Installation

  1. Shut the system down:

    1. SunOS 4.1.x users should login as root and type:

      		shutdown -h now
      		
    2. Solaris 2.x users should login as root and type:

      		shutdown -g60 -i0 -y
      		

      init 0 or pressing <Stop> + <A> may also be used, but shutdown is the preferred method.

  2. Boot from the CD-ROM

    1. Insert the CD disk into the caddy and put the caddy into the drive.

    2. If the prompt looks like a ">", you will probably have to type new to get to the new command mode of the PROM monitor. You should then get an "ok" prompt.

    3. At the "ok" prompt type:

      		boot cdrom
      		

      The system should boot from the CD-ROM drive. Depending on the PROM version installed, it may be necessary to type:

      		boot sd(0,6,2)
      		

      The system may say something like WARNING: clock gained 184 days - CHECK AND RESET THE DATE! Ignore this message (the number reflects the number of days since the Solaris code was frozen).

    4. When prompted to choose whether or not to automatically reboot after installation, choose "yes".

Install Solaris 2.5

Beginning with Solaris 2.4, the installation program uses an Open Windows interface. These instructions were written for the older, text-based install procedures, but the information is the same.

  1. Network Information

    1. You will be asked for the hostname of the machine. Type it in:

      		Hostname: ajax
      		

      Warning: Do not use a fully qualified domain name (like ajax.uark.edu), but rather just use the first part of the name (like ajax). Entering a fully qualified domain name could render the computer unusable later in the install process and require an OS reinstall.

    2. Will this system be connected to a network?

      		 No
      		>Yes
      		
    3. What is your Internet Protocol (IP) address?

      		IP address: 130.184.75.23
      		
    4. You will be asked if the information is correct. Answer yes if it is, or say no and go back and fix it.

    5. Do you want to configure this system as a client of a name server? If so, which name service do you want to use?

      		--  NIS+ Client
      		--  NIS (formerly yp) Client
      		XX  Other
      		--  None
      		

      Note: Of the Sun workstations on our campus that we support, the majority are set up for a single user (though they are capable of supporting many). Consequently, most hosts are not set up with NIS or NIS+. Workstations are set up with DNS so that hosts can use electronic mail and other services that require knowledge of host names.

    6. Is this system part of a subnet?

      		>Yes
      		 No
      		
    7. You will then be asked for the netmask value. The default netmask is correct.

      		Netmask: 255.255.255.0
      		
    8. Now you get the chance to review the information you entered and to go back and change it if you need to.

  2. Setting the Time

    1. Specify Time Zone by:

      		XX  Geographic Region
      		--  Offset from GMT
      		--  Time zone file
      		
    2. The U of A is in US, Central

    3. What is the current date and time?

         		Year (4 digits)     1996
             		Month (1-12)        3
             		Day (1-31)          4
             		Hour (0-23)         16
             		Minute (0-59)       09
      		
    4. You will get a chance to review the information you have typed in.

  3. You will be asked to choose between upgrade and installation. Currently, DUST policy is to choose installation, though this may change.

    1. Type of System

      		XX  Standalone
      		--  Server
      		--  Dataless Client
      		
    2. Software Group

      Make appropriate choice. On a system with limited disk space, choose End User. On a system with more than 1 Gb of storage, choose Entire Distribution.

    3. Disk Selection

      Solaris allows you to decide which disks to use for installation. Make appropriate choice. Solaris will warn you if you choose an external disk as the boot device. Solaris allows this but it requires changes at the boot PROM level.

    4. Preservation of existing data during upgrade/ installation.

      Follow prompts as necessary. Note: '/', '/var', and '/usr' can not be preserved (well, they can, but they'll be mounted as their own slices just with different names).

    5. Auto Layout

      Auto Layout will give default sizes for the various slices. Use these defaults rather than trying to start from scratch. However, please note the following exceptions take needed Mb from home):

      • "/"- root should be >20 MB.
      • "/opt"- is usually too small - should be in the 200 Mb range (more if the disk is >2 Gb) since this is where all OPTional packages go in addition to /opt/local/.
      • "/var", where all the VARiable files, like mail spools and print spools live, is usually too small. Add some more is NeWSprint is being installed.

    6. Mounting of remote file systems

      Follow prompts to automatically mount file systems on remote hosts. For example, /opt1/pub on comp.uark.edu contains many useful utilities, including pine. This can be mounted as /opt1/pub on the local host. Note: experience has shown that the remote mount test may fail even though the mount works correctly.

  4. The OS will now install itself and the machine will reboot if that option was chosen. The procedure will take from 40 minutes to 2 hours depending on options chosen and CD-ROM drive speed.

    WARNING: If a fully qualified domain name was typed in for the hostname of the machine, the computer may hang when it reboots. Usually, you will see warnings that look like:

    	le0: bad address
    	

    during the boot procedure if you typed in a fully qualified domain name.

Configure Solaris 2.5

  1. When the computer finishes booting, you will be asked:

    	What is your root password?
    	

    Pick a good one and type it in. The login: prompt will appear.

  2. Login as root and start Openwindows:

    	/usr/openwin/bin/openwin
    	

    If you are not going to patch from the CD (patches on the CD are usually out of date by the time the CD ships!), you may wish to eject the CD-ROM. This can be done at any time provided that your present working directory is not on the CD (i.e. /cdrom/cdrom0), by typing:

    	eject cd
    	
  3. Setup for domain name service. Edit the /etc/nsswitch.conf file and make changes so that DNS will be consulted (copy nsswitch.files to nsswitch.conf if nsswitch.conf does not exist) this file. Add the word dns after the word files on the hosts: line.

    	hosts:	files 	dns
    	
  4. Create the /etc/defaultrouter file. The existence of this file prevents routed from running. The file should contain only the IP address of the router the host's subnet (the subnet is the second-to-last octet in the host's IP address). Most, but not all, routers on this campus have an 130.184.subnet.5 address.

    Example:

    	130.184.75.5
    	
  5. Edit the /etc/hosts file (this file is not writeable - use :wq! to force a write and quit). It should contain entries for localhost and the host on which you are working, as well as the domainname or IP of any hosts which were mounted remotely during initial configuration.

    Example:

    	#
    	# Internet host table
    	#
    	127.0.0.1       localhost
    	130.184.75.20   babo.uark.edu	babo	loghost
    	130.184.253.197 comp.uark.edu	comp	timehost
    	
  6. Check the /etc/netmasks file. It should already be set up correctly and should contain a line that looks like this:

    	130.184.0.0    255.255.255.0
    	
  7. Create the /etc/resolv.conf file. An OS installation does not create this file, so it must be generated manually. It should contain the following lines:

    	domain uark.edu
    	nameserver 130.184.7.103
    	

    Some system administrators choose to add other name servers to the list like this:

    	nameserver 130.184.7.93
    	nameserver 130.184.64.233
    	nameserver 192.35.82.2
    	
  8. Reboot the machine.

    	shutdown -g60 -i6 -y
    	

That's the end of the absolute minimum Solaris install. Over the years, DUST has come up with a Standardized Solaris Environment that is considered the minimum configuration for Suns attached to the campus network.


Standardized Solaris Environment

Created August, 1995
by Peter Laws
Updated June 28, 1996
by Peter Laws

  1. Purpose

    The purpose of the SSE is to 1) attempt to make all Solaris workstations "look the same", while allowing users/sysadmins the ability to change things; 2) give system support personnel a way to make global changes easily; 3) provide a minimum level of security; 4) provide usage statistics to aid future planning.

  2. Overview

    Berkeley Sendmail will be installed to enhance security.

    TCPD, aka "tcp wrappers" will be used to enhance security and allow system support personnel to monitor and restrict access to Solaris workstations. A replacement for rpcbind that allows tcpd-style control will also be installed.

    The ADSTAR network backup client will be installed to provide data security.

    The default .cshrc will be modified to allow the system administrator to easily add paths and the .login will be modified to use qterm to correctly set the terminal environment variable.

    Additions will be made to the crontab file to keep the system's clock up to date and to report disk usage statistics.

    Current Sun-recommended patches will be installed.

Retrieve SSE files

  1. cd /opt

  2. ftp to babo and retrieve the following in binary mode:

    /opt/local/SSE/SSE-2.5-patches.tar.Z
    /opt/local/SSE/SSE.files.tar.Z
    /opt/local/SSE/webstuff.tar.Z
    
  3. untar:

    zcat SSE.files.tar.Z | tar xvf -
    

    SSE.files.tar will expand into /opt/install and contain the following files:

    ADSTAR.tar.Z
    etc.default.login
    gunzip
    gzcat
    gzip
    hosts.allow
    in.identd
    local.cshrc
    local.login
    local.newsrc
    pico
    pilot
    pine
    qterm
    qtermtab
    rpcbind
    screenblank
    screenblank.sh
    sendmail-VERSION.tar.Z
    sendmail.install.sh
    tcpd
    

    ADSTAR.tar.Z contains all files necessary for installation of ADSTAR backup client. etc.default.login is /etc/default/login. sendmail-VERSION.tar.Z contains the latest version of Berkeley sendmail (v8.7.5 as of Thursday, 17-Oct-96 09:11:05) and subsidiary files.

  4. Create the following directories and links:

    mkdir -p /opt/local/bin
    mkdir -p /opt/local/lib/netscape
    chmod -R 755 /opt/local/*
    ln -s /opt/local /usr/local
    	(anything that goes in /usr/local actually goes in /opt/local)
    ln -s /var/mail /var/spool/mail  
    	(the mailboxes have moved since 4.1.x)
    

Installation

  1. Setup Berkeley Sendmail

    1. Setup your NIS domain name. Sendmail uses this to create the return address on electronic mail.

      	domainname .uark.edu
      	domainname > /etc/defaultdomain
      	
    2. Run sendmail.install.sh script ('sh sendmail.install.sh') and skip to number 3 below.

      If script not available:

      1. Kill the old sendmail daemon

        		sh /etc/init.d/sendmail stop 
        		
      2. Setup host to use the Berkeley version of sendmail (v8.7.5 as of 4/5/1996).

        		mv /usr/lib/sendmail /usr/lib/sendmail.dist
        		chmod 400 !$
        		mv /etc/mail/sendmail.cf /etc/mail/sendmail.cf.dist 
        		mv /etc/mail/sendmail.hf /etc/mail/sendmail.hf.dist 
        		chmod 400 /etc/mail/*.dist
        		
      3. Install new sendmail:

        		zcat /opt/install/sendmail.tar.Z | tar -xvf -
        		

        Files will install with correct ownership, mode (sendmail 4511).

      4. Mail won't work until you restart the sendmail daemon, either by rebooting the machine or by restarting it manually (preferred):

         
        		sh /etc/init.d/sendmail start
        		

      All cases:

    3. Test mail delivery, both sending and receiving. Also, tests that sendmail.cf is causing addresses to be parsed correctly:

      	host# /usr/lib/sendmail -bt
      	>3,0 address_to_be_tested
      	

      Sendmail will parse the address and display the result.

  2. .login/.cshrc

    1. Copy the following files from /opt/install to /etc/skel and make them mode 644:

      	local.cshrc
      	local.login
      	

      On a 2.5 installation, these files should be named local.cshrc and local.login. Solaris will rename them when creating a new user with admintool (but not useradd). Add a softlink from .cshrc to local.cshrc if admin uses useradd routinely.

    2. Copy /opt/install/etc.default.login to /etc/default/login. The PATH= statement is the default path if no other exists and allows sysadmins to control users paths to an extent. Its value is assigned to 'dpath' in the .cshrc.

  3. Qterm

    1. Copy qterm from /opt/install to /opt/local/bin and qtermtab from /opt/install to /opt/local/lib. Make them mode 755.

    2. Test by typing /opt/local/bin/qterm. It should return the correct terminal type.

  4. IDENT.D / TCPD

    Ident.d - transmits the userid when connecting to other machines. If every host ran this daemon, it would cut way down on net.mischief. Known as a "good neighbor" protocol. TCPD, a.k.a. TCP wrappers allow control of which hosts and even which users on a host can connect to various network services.

    1. Copy /opt/install/in.identd and /opt/install/tcpd to /usr/sbin and make them mode 755.

    2. Copy /opt/install/hosts.allow to /etc .

    3. Create the TCPD log file:

      	touch /var/adm/tcpd_log
      	
    4. Edit /etc/services. It's not writable, so do a :wq! when editing is complete. Add the following line in the correct numerical spot in the 'host specific functions' section:

      ident           113/tcp         auth tap        # Identd - RFC931 
      
    5. Reconfigure /etc/inetd.conf to use wrappers and identd.

      1. The following services must be wrapped: ftp, telnet, shell, login, exec, finger. Find each entry in /etc/inetd.conf and change each service's entry from this (using in.fingerd as an example):

        finger	stream	tcp	nowait	nobody	/usr/sbin/in.fingerd	in.fingerd
        

        to this (use tabs to align columns):

        finger	stream	tcp	nowait	nobody	/usr/sbin/tcpd		in.fingerd 	
        
      2. Add the following line below the 'name' line and use tabs to align columns:

        ident	stream	tcp	nowait	root	/usr/sbin/in.identd	in.identd
        
      3. Comment out lines for UUCP, tftp, and sprayd, if not already done. These services are not needed. /etc/inetd.conf isn't writable. Use :wq! when editing is complete.

      4. Force inetd to re-read /etc/inetd.conf:

        		kill -HUP <PID of inetd>
        		
    6. Test identd:

      	telnet 130.236.254.1 114
      	

      This will return your userid if identd is working correctly.

    7. Enable system logging

      1. Shutdown syslogd:

        		sh /etc/init.d/syslog stop
        		
      2. Edit /etc/syslog.conf and add an entry for local2.debug (under mail.debug) as follows (must use tabs between):

        local2.debug						/var/adm/tcpd_log
        
      3. Restart syslogd:

        		sh /etc/init.d/syslog start
        		
    8. Replace rpcbind

      1. Kill the old rpcbind and (allegedly) save its state:

        		kill -TERM <PID of rpcbind>
        		
      2. Make backup of /usr/sbin/rpcbind and make it mode 400. Copy new version from /opt/install and make it mode 555.

      3. "Warmstart" the new rpcbind:.

        		/usr/sbin/rpcbind -w
        		

        The -w will supposedly keep the preserved state. If it doesn't, the machine needs to be restarted.

    9. Query the host's admin regarding from which hosts s/he expects to be connecting and which services will likely be used. Modify /etc/hosts.allow to suit local conditions. Make sure that ajax & babo have access.

  5. ADSTAR Client

    Note: ADSTAR server must be made aware of the new host's requirements before the system can be enabled. Install client, but comment out dsmc line in crontab file if a workorder has not been started.

    1. Copy /opt/install/ADSTAR.tar.Z to /opt/local

    2. Untar ADSTAR.tar.Z

      	zcat ADSTAR.tar.Z | tar -xvf -
      	
    3. Edit /opt/local/adsm/dsm.sys and /opt/adsm/dsm.opt, changing 'ajax' to name of host.

    4. Review inclexcl.def and modify to taste.

    5. Install by typing ./dsm.install. Answer y, /usr/bin, y, n to the questions that the script asks you.

  6. Additions to crontab

    1. setenv EDITOR vi

    2. crontab -e (this allows editing of the crontab file)

      Add the following lines to the file:

      # Local Additions
      0 0 * * * /usr/bin/rdate timehost >/dev/null 2>&1
      0 23 * * * /opt/local/adsm/dsmc I -TAPEPROMPT=no
      0 0 1 * * df -k | mail service@babo.uark.edu
      0 1 * * 6 find / -type f -name core -print -exec rm -f {} \;
      

      Note: Line 1 sets system time to comp's system time every 12 hours. Comp's clock is synced to the NBS' atomic clock. Line 2 causes the ADSTAR client to do an incremental backup everyday at about 11 pm. Also make sure that backups are not done between 0000 and 0600 hours. Comment out line enabling ADSTAR (dsmc I) unless server has been set up! Line 3 sends a report of disk usage to the DUST office on the first of each month. Line 4 removes all core files at 1 am every Saturday. The first column is minutes. To spread the load on various servers, the minutes column should be set to the last octet of the host's IP number mod 60 (i.e. IP is 130.184.253.197 = minute 17).

    3. crontab -e uucp

      Comment out all commands as UUCP is seldom, if ever used.

  7. Patches

    1. (Assuming the host has 1 GB or more ...) Move the /opt/2.5_Recommended.tar.Z file to /tmp. Untar the the patch cluster. It will create it's own subdirectory.

      	mv /opt/SSE-2.5-patches.tar.Z /tmp
      	zcat SSE-2.5-patches.tar.Z | tar xvf -
      	
    2. Install the cluster

      	cd /tmp/2.5_Recommended
      	./install_cluster
      	

      Note: This may take a while. Also, the sendmail and rpcbind patches should have been removed from the 2.5_Recommended.tar.Z file long before this point was reached.

    3. Reboot when script is complete.

      	shutdown -g60 -i6 -y
      	
  8. demouser

    1. Use admintool to create demouser account. Use uid 911.

    2. Logout once account is created and login as demouser.

    3. Openwindows (or CDE) should start, all commands should function normally.

    4. Specifically, test Pine and Netscape.


Optional packages

  1. WEBSTUFF

    1. Untar webstuff.tar.Z

      	zcat webstuff.tar.Z | tar -xvf -
      	

      A directory named www-install should be created containing the following files:

      	XKeysymDB
      	moz2_0x.zip
      	netscape
      	raplayer
      	xanim
      	xplay
      	xv
      	
    2. Copy the following files into /opt/local/bin and make them all mode 755:

      	lynx
      	moz2_0x.zip
      	netscape
      	raplayer
      	xanim
      	xplay
      	xv
      	
    3. For Netscape to support Java applets:

      	mv moz2_0x.zip /usr/local/lib/netscape
      	
    4. Eliminate keyboard problems while using Netscape:

      	mv /usr/openwin/lib/X11/XKeysymDB /usr/openwin/lib/X11/XKeysymDB.dist
      	mv /opt/install/www-install/XKeysymDB /usr/openwin/lib/X11
      	
    5. Allow users to take advantage of helper apps:

      	cp /opt/install/local.mailcap /opt/local/lib
      	mv /opt/install/local.mailcap /etc/skel
      	
  2. SunOS-style screenblanker

    Note: This screen saver is only needed on hosts that do not run CDE and are not left logged into Openwindows. CDE provides it's own screen saver when no one is logged in, when a user lets the console sit idle for x number of minutes or when the screen locking feature is used.

    1. The only screen saver that comes with Solaris - other than CDE - is the one that runs under X. You may wish to install one that works even in the "whitescreen" command line mode.

    2. Put files in their correct places.

      	mv /opt/install/screenblank /opt/local/bin
        	mv /opt/install/screenblank.sh /etc/init.d/screenblank
      	ln -s /etc/init.d/screenblank /etc/rc2.d/S95screenblank
      	

      The file /etc/init.d/screenblank looks like this:

      	#! /bin/sh
      
      	# Start a screenblank process for each framebuffer
      
      	# screenblank from jef@acme.com
      	SCREENBLANK='/opt/local/bin/screenblank -delay 300'
      
      	if [ -x $SCREENBLANK ]; then
           	   for FRAMEBUFFER in /dev/fbs/*
      	        do
      	                echo "Starting screenblank for $FRAMEBUFFER"
      	                $SCREENBLANK -f $FRAMEBUFFER
      	        done
      	fi
      	

      The delay may be changed as necessary.

  3. Users

    1. Use the useradd command:

      useradd -c "First Lastname" -u uid -m -k /etc/skel -s /bin/csh -d /export/home/dir -g group loginid

      Note: useradd will not copy /etc/skel/local.cshrc (and others) to $HOME/.cshrc. This is a bug.

    2. Use User Account Manager from Admintool

  4. Man pages

    Man pages don't normally get installed with the End User installation that's specified for the IPC. If they are needed, they will have to be added manually. Man pages take about 9 megabytes.

    1. Insert the Solaris 2.5 CD-ROM in a local CD drive, or mount one locally over the net. If Solaris doesn't automount the cd, type volcheck.

    2. Change to the directory with the operating system packages. There are about 100 separate packages, each name starting with SUNW.

      cd /cdrom/Solaris_2.5/s0/Solaris_2.5

      Add the package. Type:

      pkgadd -d `pwd` SUNWman

  5. Setup printing

    1. Setup the printers. This example shows how to setup remote printing to the mainframe laser. Always use bsd.

      1. Define the remote system to Solaris

        lpsystem -t bsd uafsysb.uark.edu

      2. Add the printer

        lpadmin -p p31dbp -s uafsysb.uark.edu\!p31dbp -f allow:all -I any -T unknown

      3. One of the printers on the system should be defined as the default printer.

        lpadmin -d p31dbp

      4. Start up the printer

        accept p31dpb
        enable p31dbp

    2. Sometimes the print queue must be "cleaned out". Try some of these methods.

      1. Stop the print service:

        sh /etc/init.d/lp stop

      2. Clean out the print queue:

        cd /var/spool/lp/tmp
        rm -r */*

      3. Restart the print service and clean out its internal queue:

        sh /etc/init.d/lp start
        lpc
        clean all
        quit

  6. NFS Mount a remote file system

    Dan Martin opened up a trial (note the word trial, please, but understand that it has been there since about 1993!) period for sharing of /opt1/pub off of comp.uark.edu. The directory is currently shareable read-only to all. To set up a machine to access /opt1/pub, there are two options:

    1. For either option, create a mount point /opt1/pub on the local host. Permissions for /opt1 need to be set to mode 755, owned by root, group other.

    2. To mount manually:

      	mount -o soft comp.uark.edu:/opt1/pub /opt1/pub
      	
    3. To mount automagically at boot, modify /etc/vfstab on the local host. Add a line that looks like:

      	comp.uark.edu:/opt1/pub  - /opt1/pub  nfs  -  yes ro,soft
      	

      /opt1/pub will then be mounted "read only" when booted. Mounting this way ensures that there are no path surprises. If you are NFS-literate and comfy with the idea, mount wherever you'd like.



[Home Page] [Table of Contents] [Send Mail]
Copyright © 1997 University of Arkansas
All rights reserved