 Bootable
SolarisTM Installation CD: Part II
Rytis Sileika
In last month's issue, I looked at the basic setup for a custom
Solaris installation CD. This month, I'll show you several different
tricks for creating local customizations from the base install.
Customize the Environment
Implement Security Policy Using JASS
JASS is the Solaris Security Toolkit developed by Sun Microsystems
to harden and minimize a system. Detailed information about the
installation and configuration of JASS toolkit is beyond the scope
of this guide, therefore only rough guidelines are provided here:
1. Obtain the latest JASS toolkit from Sun Microsystems Web site
(this manual assumes version 4.0.1; http://www.sun.com/software/security/jass/)
and unpack it to a temporary location:
# cd /var/tmp
# gunzip SUNWjass-4.0.1.pkg.Z
2. Extract the package contents from the package datastream:
# pkgtrans SUNWjass-4.0.1.pkg . SUNWjass
3. Copy JASS toolkit package tree to Software Product tree, so it
will be accessible for the Solaris Installer:
# cp -r SUNWjass /var/bootcd/s0/Solaris_8/Product
4. Add information about the JASS toolkit to the .packagetoc file.
The Solaris Installer needs this to find all necessary configuration
details.
Append the following text to the .packagetoc file, which can be
found in /var/bootcd/s0/Solaris_8/Product/:
PKG=SUNWjass
PKGDIR=SUNWjass
CLASSES=none
BASEDIR=/opt/SUNWjass
NAME=Solaris Security Toolkit 4.0.1
DESC=The Solaris Security Toolkit is collection of tools and
scripts used to automate the security hardening and verification
of a system running the Solaris OE.
ARCH=sparc
VERSION=4.0.1
CATEGORY=application
VENDOR=Sun Microsystems, Inc.
ROOTSIZE=0
VARSIZE=0
OPTSIZE=1094656
EXPORTSIZE=0
USRSIZE=0
USROWNSIZE=0
SPOOLEDSIZE=1094656
5. The most secure way to access the system remotely is to use SSL
for IP communication.
Install OpenSSL and OpenSSH
To install OpenSSL and OpenSSH, the following packages are necessary
and can be downloaded from the Sun Freeware site at http://www.sunfreeware.com:
libgcc-3.3-sol8-sparc-local.gz
openssh-3.8.1p1-sol8-sparc-local.gz
openssl-0.9.7d-sol8-sparc-local.gz
tcp_wrappers-7.6-sol8-sparc-local.gz
zlib-1.2.1-sol8-sparc-local.gz
1. Unpack all packages to a temporary directory (here /var/tmp/openssh
is used).
2. Extract the package contents from the package data streams
and copy to Solaris Product directory:
# cd /var/tmp/openssh
# for i in 'ls'
> do
> pkg='pkginfo -d ${i} | awk '{print $2}''
> pkgtrans ${i} . ${pkg}
> cp -r ${pkg} /var/bootcd/s0/Solaris_8/Product
> done
3. Add information about the packages to .packagetoc file. The Solaris
Installer needs this in order to find all necessary configuration
details. Append the following text to the .packagetoc file, which
can be found in /var/bootcd/s0/Solaris_8/Product/:
PKG=SMClibgcc
PKGDIR=SMClibgcc
NAME=lgcc
ARCH=sparc
VERSION=3.3
CATEGORY=application
VENDOR=Free Software Foundation
EMAIL=steve@smc.vnet.net
PSTAMP=Steve Christensen
BASEDIR=/usr/local/lib
CLASSES=none
OPTSIZE=30991360
SPOOLEDSIZE=30991360
PKG=SMCossh
PKGDIR=SMCossh
NAME=openssh
ARCH=sparc
VERSION=3.8.1p1
CATEGORY=application
VENDOR=The OpenSSH Group
EMAIL=steve@smc.vnet.net
PSTAMP=Steve Christensen
BASEDIR=/usr/local
CLASSES=none
OPTSIZE=1685504
SPOOLEDSIZE=1685504
PKG=SMCossld
PKGDIR=SMCossld
NAME=openssl
ARCH=sparc
VERSION=0.9.7d
CATEGORY=application
VENDOR=The OpenSSL Group
EMAIL=steve@smc.vnet.net
PSTAMP=Steve Christensen
BASEDIR=/usr/local
CLASSES=none
OPTSIZE=10656768
SPOOLEDSIZE=10656768
PKG=SMCtcpwr
PKGDIR=SMCtcpwr
NAME=tcp_wrappers
ARCH=sparc
VERSION=7.6
CATEGORY=application
VENDOR=Wietse Venema
EMAIL=steve@smc.vnet.net
PSTAMP=Steve Christensen
BASEDIR=/usr/local
CLASSES=none
OPTSIZE=371712
SPOOLEDSIZE=371712
PKG=SMCzlib
PKGDIR=SMCzlib
NAME=zlib
ARCH=sparc
VERSION=1.2.1
CATEGORY=application
VENDOR=Greg Roelofs and Jean-loup Gaillt
EMAIL=steve@smc.vnet.net
PSTAMP=Steve Christensen
BASEDIR=/usr/local
CLASSES=none
OPTSIZE=327680
SPOOLEDSIZE=327680
4. Define a package installation order by appending the following
lines to /var/bootcd/s0/Solaris_8/Product/.order file:
SMCossh
SMCossld
SMCzlib
SMClibgcc
SMCtcpwr
Note that in the same (or very similar) way, you can add any other
package that is not defined in the default .packagetoc/.clustertoc
configuration files. Sometimes it is useful to integrate any third-party
package closely into your Solaris installation because this allows
you to keep things tidy.
Install Java JR package
Create a directory /var/bootcd/s0/Solaris_8/Product/packages and
copy Java RE installer j2re-1.4.2.04-sol-sparc-CUSTOMISED.sh to
it. This file is a modified version of the original Java RE installer
available from java.sun.com. This installation script can be modified
by replacing its header with that shown in Listing 1.
This header is a modified version of the original one. Because
the original header script displays the license agreement text and
asks some question about the installation directories, it is not
very convenient to use in an automated manner. Before you actually
replace the original header with this one, carefully read the Sun
license agreement. This header script should be immediately followed
by the package binary (starting from the line 131. Use the Unix
tail command to extract the binary from the original file.
Create Post-Install Network Configuration Script
A system installed from the CD is not configured as a network
server. Therefore, after the installation, a simple network configuration
must be performed. Create the following two files in the /var/bootcd/s0/Solaris_8/Product/packages
directory (see Listing 2).
Network configuration script -- This script reads a configuration
file and sets up all system files accordingly. Note that the changes
are applied immediately; there is no need to restart the system.
The reason for creating this script is to have a centralized way
of configuring your system; you don't have to manually change things
in multiple locations and run multiple commands each time you want
to configure your system. This approach would also allow you to
create a set of configuration files for your systems even before
you actually install them.
At the moment, this is just a network configuration script, but
the possibilities here are not limited just to that. You could extend
it and make it perform more complicated configuration tasks, such
as connecting to a preconfigured server that holds configuration
data, retrieve it from there and configure the system by downloading
and installing appropriate packages.
Create an ISO Image of a Bootable CD
Once the configuration tasks are finished, an ISO image of the
installation CD must be created. Use the following command to create
an ISO image:
# mkisofs -R -D -d -L -l -sparc-boot \
sol.8.s1,sol.8.s2,sol.8.s3,sol.8.s4,sol.8.s5 > -o solaris_8.iso ./s0
Ignore the warning message that "filesystem does not confirm to ISO-9660",
and all file re-mapping messages.
Burn the Installation CD with any CD-burning software that is
capable of creating CDs from ISO images.
Installing from the CD
Follow these steps to install the system from the CD:
1. Connect to the system console using serial RS-232 cable.
2. Make sure that the system is at the OBP prompt and you can
get an 'ok' prompt Refer to the hardware installation and configuration
manual for the instructions.
3. Issue the following commands at the OBP prompt:
ok setenv auto-boot? false
ok setenv local-mac-address? true
ok reset-all
4. Insert the CD into the CD-ROM drive of the server.
5. Boot and install from the CD:
ok boot cdrom - install
Installation from the CD takes about 100 minutes to complete.
Conclusion
You can now create and test your "do-it-all-for-me" CD. It is
probably perfect (there might be some special packages missing),
but you also have a procedure and description on hand explaining
how to add and remove things from the CD. There should be approximately
150 MB free, so you can even add Apache for your Web servers, or
maybe MySQL for your database servers.
Rytis Sileika has worked in the IT industry for more than nine
years. For the past four years, he has specialized in system installation
and integration as a senior system integrator and platform architect
in the telecommunication industry. He also has experience in planning
and designing the configuration and installation of a wide variety
of operating systems, clustering software, database software, and
storage and networking subsystems. | 
