Tuesday, May 2, 2017

AI install server using a https IPS repo

AI install server using a https IPS repo

Last time we created a local IPS repository (see https://crc32c.blogspot.de/2017/04/https-ips-repository-using-pkgdepotd.html) and added the latest SRU to it (see https://crc32c.blogspot.de/2017/04/how-to-add-sru-to-local-ips-repository.html).

Now it's time to create an AI install server, add some customizations and netboot/netinstall our first server.

# zfs create tank/install/auto_install
# zfs create tank/install/webserver_files

# pkg install --no-backup-be install/installadm

# cp /etc/certs/CA/UNIX_Dep_CA.pem /install/webserver_files/
# chown webservd:webservd /install/webserver_files/UNIX_Dep_CA.pem

# svccfg -s svc:/system/install/server:default
svc:/system/install/server:default> setprop all_services/default_imagepath_basedir = /install/auto_install
svc:/system/install/server:default> setprop all_services/enable_webui = false
svc:/system/install/server:default> setprop all_services/manage_dhcp = false
svc:/system/install/server:default> setprop all_services/webserver_files_dir = /install/webserver_files
svc:/system/install/server:default> refresh
svc:/system/install/server:default> ^D

# svcadm enable svc:/system/install/server:default

# installadm create-service -n solaris11_3-sparc -p solaris=https://pkg.mycompany.com/solaris/
OK to use subdir of /install/auto_install to store image? [y|N]: y
...
100% : Created Service: 'solaris11_3-sparc'
...

Good, now let's edit/create the manifest and system configuration profile.

The AI_HOSTNAME, AI_IPV4, etc. variables are resolved using data supplied by our dhcpd server we'll setup in a few.

# installadm export -n solaris11_3-sparc -m orig_default -o orig_default
# cat orig_default
...
      <source>
        <publisher name="solaris">
          <origin name="https://pkg.mycompany.com/solaris/"/>
          <credentials>
            <ca_cert src="http://pkg.mycompany.com:5555/files/UNIX_Dep_CA.pem"/>
          </credentials>
        </publisher>
      </source>
...

# installadm update-manifest -n solaris11_3-sparc -f ./orig_default
Changed Manifest: 'orig_default'

# sysconfig create-profile -o sc
# cat sc/sc_profile.xml
...
  <service version="1" type="service" name="system/identity">
    <instance enabled="true" name="node">
      <property_group type="application" name="config">
        <propval type="astring" name="nodename" value="{{AI_HOSTNAME}}"/>
      </property_group>
    </instance>
  </service>

  <service version="1" type="service" name="network/install">
    <instance enabled="true" name="default">
      <property_group type="application" name="install_ipv4_interface">
        <propval type="net_address_v4" name="static_address" value="{{AI_IPV4}}/{{AI_IPV4_PREFIXLEN}}"/>
        <propval type="astring" name="name" value="{{AI_NETLINK_VANITY}}/v4"/>
        <propval type="astring" name="address_type" value="static"/>
        <propval type="net_address_v4" name="default_route" value="{{AI_ROUTER}}"/>
      </property_group>
    </instance>
  </service>
...
  <service version="1" type="service" name="system/ocm">
    <instance enabled="false" name="default">
      <property_group type="application" name="reg">
        <propval type="astring" name="opt_out" value="true"/>
      </property_group>
    </instance>
  </service>
...

# installadm create-profile -n solaris11_3-sparc -f sc/sc_profile.xml -p custom

Almost done with the AI part. Let's create our first client.

# installadm create-client -e 00:11:22:33:44:55 -n solaris11_3-sparc

And that's it. Now we need an DHCP server to assign hostnames, DNS server, IP addresses, etc. for netbooting.

# cat << EOF > /etc/inet/dhcpd4.conf
authoritative;
log-facility local7;

option domain-name "mycompany.com";
option domain-name-servers 10.74.0.53, 10.74.5.3, 10.74.53.53;
option domain-search "mycompany.com", "lab.mycompany.com";

deny unknown-clients;

class "SPARC" {
  match if substring (option vendor-class-identifier, 0, 5) = "SUNW.";
  filename "http://pkg.mycompany.com:5555/cgi-bin/wanboot-cgi";
}

subnet 10.79.85.0 netmask 255.255.255.128 {
  option routers 10.79.85.1;
  option broadcast-address 10.79.85.127;
  option ntp-servers 10.79.85.1;
  next-server pkg.mycompany.com;
  use-host-decl-names on;
}

host ldg1 {
  hardware ethernet 00:11:22:33:44:55;
  fixed-address 10.79.85.101;
}
EOF

# chgrp sys /etc/inet/dhcpd4.conf
# /usr/lib/inet/dhcpd -t -cf /etc/inet/dhcpd4.conf

# printf "local7.debug\t\t\t\t\t/var/log/dhcpd.log\n" >> /etc/syslog.conf
# touch /var/log/dhcpd.log
# chgrp sys /var/log/dhcpd.log
# svcadm restart svc:/system/system-log:default

# echo "/var/log/dhcpd.log -C 4 -a '/usr/sbin/svccfg -s svc:/system/system-log:default refresh'" > /etc/logadm.d/dhcpd.logadm.conf
# chmod 444 /etc/logadm.d/dhcpd.logadm.conf
# chgrp sys /etc/logadm.d/dhcpd.logadm.conf
# svcadm refresh svc:/system/logadm-upgrade:default

# svcadm enable svc:/network/dhcp/server:ipv4

Time to install our first client.

{0} ok boot net:dhcp - install
...
13:13:33    Saving credential file UNIX_Dep_CA.pem
13:13:34    Creating the CA certificate symbolic link(s)
...
13:14:23    Installing packages from:
13:14:23        solaris
13:14:23            origin:  https://pkg.mycompany.com/solaris/
...
Automated Installation finished successfully

Good bye text-install ISOs...

Links

No comments:

Post a Comment

389 Directory Server 1.3.x LDAP client authentication

389 Directory Server 1.3.x LDAP client authentication Last time we did a multi-master replication setup, see 389 Directory Server 1.3.x Repl...