 | |
Solaris Live Transcripts Index
Chat Title: JumpStart Technology: Effective Use in the Solaris Operating Environment This is a moderated chat. adele: Wecome to today's Solaris Live! chat session on JumpStart Technology. Our guests are John S. Howard and Alex Noordergraaff, engineers and authors of JumpStart Technology: Effective Use in the Solaris Operating Environment. We are ready to answer your questions. So, let's begin -- go ahead and send your questions in. galvan: What about making a bootable Solaris 8 CD-ROM for system installation or recovery? Alex Noordergraaf: Galvan: Chapter 9 of the book explains the details of creating a JumpStart installation CD. This customer CD can then be used for hands-free JumpStart installations. (cont) Alex Noordergraaf: Galvan (cont): Another optin is to use the "Software Installation". Alex Noordergraaf: Galvan (cont): "Software Installation" CD (aka CD0) to boot the system and then specify a Flash archive on CD, DVD, or tape. Fred Brier: Real basic - What is it? Is JumpStart a method for building an installation image or a suite of OE and Java tools? Alex Noordergraaf: Fred: JumpStart is basically a set of tools to automate the installation of Solaris from the network, CD, DVD, etc. It also provides capabilities to perform actions before and after installation by running scripts. Alex Noordergraaf: Fred: One other point - you mention 'building an installation image'. JumpStart installs can be done on a package by package basis other than by a image created from a pre-installed system. Does that answer your question? gilbert: What is Web Start Flash? Alex Noordergraaf: Gilbert: Flash provides an alternative method of Solaris and unbundled (or 3rd party) software installation. The 'classic' JumpStart installation is package based. Flash lays down an archive which is a snapshot or system image take from a master machine (cont). Alex Noordergraaf: Gilbert (cont): This archive is called a 'Flash Archive' (flar) and it contains all of the software that was installed on the master machine (cont). Alex Noordergraaf: Gilbert (cont): This is especially useful for installing complex server configurations, such as database servers. Fred Brier: So if I were setting up a web server farm made up of machines running Solaris and some 3rd party software, I could create a bootable install CD that would cookie-cutter the process of setting new machines up? Alex Noordergraaf: Fred: Correct. You could do the installs either from a network-based JumpStart (using Flash, for example) or with a custom Solaris CD (cont). Alex Noordergraaf: Fred: When I design web farms I typically treat a web server as an FRU and just re-JumpStart it when something goes wrong. Simplifies maintenance quite a bit. Patches can also just be installed by re-JumpStarting. Alex Noordergraaf: Fred: Flash is really ideally suited for this type of deployment. Not only does it give you an exact snapshot of the master system it is also must faster to download/install then regular JumpStart installs. Fred Brier: All very cool. What is a FRU? Alex Noordergraaf: Fred: whoops - FRU stands for Field Replacable Unit (i.e., - the lowest common denominator that gets replaced when the system is broken). BrianD: Can you explain what the advantages are of the Web Start Boot? Alex Noordergraaf: BrianD: Two major benefits. The first is that it allows the 'boot net...' OBP command to specifiy the profile and sysidcfg directly. With Web Start Boot you don't need to use add_install_client (cont). Alex Noordergraaf: BrianD (cont): The second (and most useful feature) is that it allows JumpStarts to be performed across WAN boundaries and not just on the local subnet. This avoids the age-old problem of RARP that JumpStart has always had. Web Start Book only uses DHCP. See chapter 5 for details on DHCP usage. Alex Noordergraaf: BrianD(cont): One other thing I should mention is that Web Start Boot was released with Solaris 8 7/01. Fred Brier: Is JumpStart a separate product or part of Solaris OE 8? When you are using JumpStart over the network, how is the process initiated on the target machine? Alex Noordergraaf: Fred Brier: JumpStart is part of Solaris (both SPARC and X86) OE. Actually its been a part of Solaris since 2.0 was released in the early 90's. (cont) Alex Noordergraaf: Fred Brier (cont): A classic JumpStart installation is initiated by entering 'boot net - install' from OBP on a SPARC system. When the system processes this command it will look for a JumpStart server and start the installation process (cont). Alex Noordergraaf: Fred Brier: Web Start Flash and Web Start Boot add additional capabilities onto the classic JumpStart command that I mentioned above. gilbert: Can a JumpStart server have multiple Solaris versions for installation? Alex Noordergraaf: Gilbert: Yes, a JumpStart server may have any number of Solaris versions available for installation (cont). Alex Noordergraaf: Gilbert (cont): The only limitation is disk space on your JumpStart Server. I typically have 2.5.1 through 9 in addition to various Trusted Solaris releases on my JumpStart servers. gilbert: When would I use Web Start Flash over a classic web start install? Alex Noordergraaf: Gilbert: Flash is best for systems where either there is a lot of configuration requirements on the client or when many systems must be created with the same configuration. Flash also is very efficient from a network bandwidth perspective and typically faster the classic JumpStart installs. (cont) Alex Noordergraaf: Gilbert (cont): Classic JumpStart installs provides the most flexibility for installations as the installs are done on a per-package basis. Most of my installs are JumpStart classic - except when I have a master system to clone and then I use WebStart. Fred Brier: What would need to occur to cause an X86 box to look for and load from a JumpStart server? I take it that if you determine a server is damaged, but you can still log in to it, then you can initiate the JumpStart reloading process? BTW, my experience being SysAdmin on Solaris is limited to installing it on an old PC. jsh: Fred Brier: To JumpStart a Solaris OE x86 client you need one of the following: an already installed Solaris OE for Intel, a Solaris OE cdrom (and BIOS capable of booting off cdrom), or a Solaris Device Configuration Assistant (DCA) boot floppy. The installation is begun by booting off of the appropriate device and media. The DCA is responsible for probing and configuring the devices. During an Intel-based installation, the installation program automatically runs the 'kdmconfig' command. kdmconfig determines the type of keyboard, display and mouse attached to the the system. kdmconfig can determine this information interactively from the user or can be given its configuration information from the JumpStart server or from a file. Appendix A of our book gives an example of using a SPARC JumpStart server to install an intel based client. Alex Noordergraaf: Fred Brier: Also - I should mention that an X86 machine can be JumpStarted from SPARC and visa-versa. See Appendix A for details. Alex Noordergraaf: One interesting way Sun field personnel re-installs machines at customers sites is by travelling with an X86 based laptop. By using that as a JumpStart server they don't have to search for media or depend on systems that have working CDROM drives. The laptop also becomes a very useful recovery platform as well. gilbert: I need to identically install many similar systems that may differ in minor ways. For example, systems with different sized boot disks or systems with and without frame buffers. Is there any way that I can do this? jsh: Gilbert; Yes, you can either use Web Start Boot (if your systems are Solaris 8 7/01 or later) or you can use a "derived profile." A derived profile is a profile that is dynamically generated from a begin script. The Solaris 8 Ad vanced Installation Guide (available at http://docs.sun.com) explains in detail how to create a derived profile. Fred Brier: Very cool idea with the laptop. Security thoughts: Can a JumpStart server cause another machine to reload its image? You mentioned "Trusted Solaris"; what is it and how does it differ from the standard 8 OE? What are the security implications of using JumpStart on a web server farm? Could all your machines be compromised quickly if the JumpStart server was hacked? Or if any machine was hacked, could it pretend to be a JumpStart server? Does the OBP process (a program in the SPARC BIOS?) ask for which is the JumpStart server? Alex Noordergraaf: Fred Brier: You have a couple of questions there. First off - Trusted Solaris is the Solaris version which complies with government standards specified by the NSA. (cont) Alex Noordergraaf: Fred Brier (cont): A JumpStart server cannot force a client to re-install its OS. The client must request that its OS be re-installed. (cont). Alex Noordergraaf: Fred Brier (cont): Considering the security implications of JumpStart is a good idea. We talk about them some in chapter 7 of the book. Typically one should at least use a separate network for the JumpStart traffic (cont). Alex Noordergraaf: Fred Brier (cont): Obviously the JumpStart server itself should be carefully secured as well. Yes - a hacked machine could pretend to be a JumpStart server if it could offer those services on the appropriate networks. But only if the client requested re-insallation (cont). jsh: Fred Brier; As for the OBP asking for the JumpStart server, the OBP is actually a control program in EEPROM which probes the system hardware and initiates the boot (similar to the BIOS of an intel based machine) (cont). jsh: Fred Brier (cont); the JumpStart server that is used is determined either by RARP (Reverse Address Resolution Protocol) from the installation client's MAC address or by DHCP in the case of Web Start Boot. adele: We are nearing the end of today's chat session. If you have any more questions, send them in now. Alex Noordergraaf: Fred Brier: One thing to add is that by using Web Start Boot the client could also specify the JumpStart servers IP address/hostname. Fred Brier: Can you specify in the BIOS the IP or MAC address of the JumpStart server? This is all VERY useful. I will have to buy your book. Implementing a scalable web site requires the approach JumpStart provides. Can we get a copy of this session? Copy/Paste does not seem to work. Fred Brier: From these profile questions I take it you could set up a profile for DB server, another for Java App server, and another for Apache servers, yes? Thank you for your time!! jsh: Fred Brier; No, you can not save or store the IP or MAC address in the OBP. That information is all stored and controlled on the JumpStart server (in the /etc/ethers and /etc/bootparams files). Alex Noordergraaf: Fred Brier: Correct. Profiles allow many different types of machines to be created by one JumpStart server. Flash extends this concept as well. The Solaris Security Toolkit comes with several different profiles out of the box as an example... Alex Noordergraaf: Fred Brier (cont): More information on the Solaris Security Toolkit is available from http://sun.com/security/jass. jsh: Fred Brier; A transcript of this session will be available on http://soldc.sun.com/developer/chat within a week. adele: We have quickly come to the end of our chat session. We'd like to thank everyone who participated. A special thank you goes to both John and Alex for being our guests today. If you have any further questions and would like to contact either John or Alex, you may send email to j.s.howard@sun.com or alex.noordergraaf@sun.com You will also have an opportunity to converse with John and Alex again during their Online Discussion Forum between the dates of 11-27-01 and 12-3-01. Go to http://www.sun.com/presents/discussions/disc-112701/ for details. John and Alex, any closing comments that you'd like to add? jsh: Thanks to everyone for the great questions. Feel free to send email directly if you have any additional questions or comments. Alex Noordergraaf: Thanks to everyone who participated. Always appreciate comments and feedback on the topics we discuss. Thanks again. | ||||||||
| |
| ||||||||||||
Print-friendly Version
