Jass - Jumpstart Installation

Customizing Jumpstart and JASS, an Introduction

by Harry Hoffman <hhoffman@ip-solutions.net>

Introduction:

I started looking for automated server build tools when the number of servers I looked after went into the double digits.
Since a good bit of the places I've worked at use Sun Solaris as their Unix of choice it seemed like a good idea to see what tools were available for Solaris. With versions of Solaris, from 2.6 on, Sun provides access to a build environment called Jumpstart. Essentially jumpstart can allow for a completely unattended OS install onto the client machine (Solaris only).

The other tool that Sun offers, although doesn't support, is JASS. A good deal of Sun's best practices are taken and written up in documents called Sun Blueprints. JASS takes into account the blueprints on security and turns them into shell scripts used to both harden and tighten the machines they are installed on.

While both of these tools get me a bit further on down the line they still lack a good bit of automated systems administration. When I install a new machine with Solaris I also do things like setup disk mirroring with SDS, create a default route entry, install various pieces of software (patch checking, system reporting), enable cron jobs, and many other things.

Jumpstart doesn't directly come with all of these scripts however it does allow for writing any number of shell scripts to get you to that automated haven.
In the pages ahead we'll have a more detailed look at the "Finish" scripts, those that allow for untold customizations (Well as far as you can go with Shell Scripts).

Server:

The server is in many ways like any other machine running Solaris. I tend to run very lean machines in terms of packages installed, so my jumpstart server was installed with the SUNWreq cluster, which is the bare minimal of all the clusters. I then add the following packages after the install is completed to enable other services I need to run:

CD Disk 1	CD Disk 2	CD Disk 2 (EA)
SUNWlibC(x) - To support commonly needed libraries SUNWntpr, SUNWntpu - To support the use of ntp for setting client time SUNWxcu4(x), SUNWxwplt(x), SUNWxwrtl(x), SUNWswmt - To support ssh X-tunneling SUNWxwice - To support SSH (don't install dependencies) SUNWfns - To support snoop SUNWadmc, SUNWadmfw - To support showrev SUNWbzip(x) – To support compression SUNWtoo(x) - To support truss & friends SUNWdoc - To support documentation	SUNWpd, SUNWpdu - To support PCI devices SUNWaccr, SUNWaccu - To support sar (system activity reporter) SUNWgzip – To support compression SUNWzip, SUNWzlib - To support compression SUNWbash - Because I'm a bash fan SUNWman - To support man pages	SUNWmdr, SUNWmdu, SUNWmdx – To support DiskSuite-4.2.1

The disk setup for the jumpstart server usually reserves a total of 4GB of disk space for the jumpstart directory, 500MB for the /var filesystem, 2000MB for the / filesystem, and the rest of the system disk for swap. The reason I create the slices in this manner is that resizing swap is trivial and then taking that extra swap and making it into something like /usr/local will alleviate disk usage on /. The actual jumpstart data (OS/scripts) will reside on its own disks.

To setup disk mirroring use Solstice DiskSuite follow these instructions: Disk Suite setup

Since our jumpstart server will also function as an NFS server it's a good idea to decide before the install what your jumpstart directory structure will look like. I tend to like using the directory (make sure it's set to mount at boot):

/export/install/jumpstart

to house the Solaris OS images and all other directories relavant to client installation.

For the most part setting up the jumpstart environment is fairly easy. Once you have the directories created for housing the various portions on jumpstart/jass the following steps will be needed:

From disk 1 of the Solaris CD's run the command setup_install_server:

/cdrom/Solaris_8/Tools/setup_install_server  /export/install/jumpstart/OS/Solaris_8_2002-02

From disk 2 of the Solaris CD's run the command add_to_install_server:

/cdrom/Solaris_8/Tools/add_to_install_server  /export/install/jumpstart/OS/Solaris_8_2002-02

After setting up the jumpstart environment I then add the JASS package. JASS allows for a good bit of interaction with Jumpstart so if you planning on using both together I would suggest following the scripting conventions set out in the JASS documentation.

Once JASS is installed the hardening-jumpstart.driver can be run from JASS root dir. Something like the following:

 cd /opt/SUNWjass

./jass-execute -d hardening-jumpstart.driver [return]

To setup a client for jumpstart installation the following steps should be taken:

Edit /etc/ethers, on the jumpstart server, and insert the MAC address and FQDN of the client
Edit /etc/hosts, on the jumpstart server, and insert the IP, FQDN, and short name of the client
Edit /export/install/jumpstart/rules, on the jumpstart server, and add the client hostname, profile, and finish script (see examples)
If you plan on using the DiskSuite Finish script edit the file /export/install/jumpstart/custom_probes, on the jumpstart server, and add your client (see examples)
Run the script /export/install/jumpstart/add-client, on the jumpstart server, with the arguments of client FQDN, OS, machine type, Jumpstart server (run the add-client script w/o arguments to see other parameters)
From the client; get into the OBP (open boot prompt) and type: "boot net - install" without the quotes (remember that your client will need to be on the same subnet since we are using the jumpstart server as our bootp server)
Sit back and have a beverage of your choice