AI install, Clients and zones.

Author: Tim Wort

AI (Automated Installer) acts a network install server for Oracle Solaris 11. The following examines
the configuration of the AI server and the configuration files to install a server and a server install with
a zone.

These examples make the following assumptions:

1. A local package repository has been configured.

2. DNS is configured for name resolution.
3. Three systems are used, the AI server, a desktop system and the client to be installed.
4. The AI server is the DNS server and the repository server.
5. This document is x86 based.

Part 1: Creating a AI server

The first step is to configure a AI server on the system sol11-11-server:

First verify that the server is using static IP address:

root@sol11-11-server:/# netadm list

netadm: DefaultFixed NCP is enabled; automatic network management is not available.
'netadm list' is only supported when automatic network management is active.

root@sol11-11-server:/# ipadm show-addr

ADDROBJ TYPE STATE ADDR
lo0/v4 static ok 127.0.0.1/8
net0/static static ok 192.168.0.200/24
lo0/v6 static ok ::1/128

-----------------------------NOTE -----------------------------

The following is a example of setting a static IP address if needed:

root@sol11-11-server:~# netadm enable -p ncp DefaultFixed

Enabling ncp 'DefaultFixed'

root@sol11-11-server:~# dladm show-link

LINK CLASS MTU STATE OVER
net0 phys 1500 unknown

root@sol11-11-server:~# ipadm create-ip net0

root@sol11-11-server:~# ipadm create-addr -T static -a local=192.168.0.200/24
net0/static

Note:

The IP address can be assigned by hostname if a entry exists in /etc/hosts

root@dexter:~# getent hosts dexter

192.168.0.1 dexter dexter.timwort.org

root@dexter:~# ipadm create-addr -T static -a dexter net0/static

-------------------------------------------------------------------

Verify DNS and enable the DNS multicast service.

tim@sol-11-11-desktop:~$ getent hosts sol11-11-server

192.168.0.200 sol11-11-server.timwort.org

root@sol11-11-server:/# svcadm enable dns/multicast

root@sol11-11-server:/# svcs dns/multicast

STATE STIME FMRI
online 3:42:57 svc:/network/dns/multicast:default

Now create a directory to hold the AI service files:

root@sol11-11-server:/# mkdir -p /export/ai/primay_ai

The next command will install the AI server content and configure a DHCP server to be used by the AI
installation service. If a DHCP service exists remove the -i 192.168.0.205 -c 5 options and entries
to be added to the existing DHCP service will be displayed as part of the commands output. This
commands use the IPS repository to install the pkg:/install-image/solaris-auto-install as
opposed to the AI iso image.
root@sol11-11-server:/# installadm create-service -n primary_ai -i 192.168.0.205 -c
5 -d /export/ai/primary_ai

Creating service from: pkg:/install-image/solaris-auto-install

Download: install-image/solaris-auto-install ... Done
Install Phase ... Done
Package State Update Phase ... Done
Image State Update Phase ... Done
Reading Existing Index ... Done
Indexing Packages ... Done

Creating service: primary_ai

Image path: /export/ai/primary_ai

Starting DHCP server...

Adding IP range to local DHCP configuration

Unable to determine a route for network 192.168.0.0. Setting the route

temporarily to 0.0.0.0; this should be changed to an appropriate value
in the DHCP configuration file. Please see dhcpd(8) for further
information.

Refreshing install services

Creating default-i386 alias.

Setting the default PXE bootfile in the local DHCP configuration to

'default-i386/boot/grub/pxegrub'

Refreshing install services

Part 2a: Installing a client.

Installing a default configuration client.

After the AI server is installed you can install client system by simply using PXE boot. The client
install will use default configuration parameters supplied by the install server. A pkg repository is not
used, the installation data is copied from the booted install image.

The following Screen will be displayed:

Except the default by pressing return or wait until the option is selected automatically.

The following screen is displayed:

Press return to except the default. A set of text install screen are display and the information will need
to be entered interactively. The information required includes the target disk information, a host name,
network configuration options, time zone and date, user account and passwords for the user and root
accounts.

Part 2b: Installing a client hands free.

To install the client hands free three configuration file need to be created.

A manifest file that contains client configuration information similar to the information
provided by the profile file of a jumpstart service.

A client criteria file that uniquely identifies the client system to the AI server, this file is similar
to the jumpstart servers rules file.

Finally, a system configuration file or profile that describe configuration information similar to
the jumpstart servers sysidcfg file.

Add the information for the client to be installed, this will associate the client with this instance of the
AI service and update the DHCP service, this client has a mac address of 08:00:27:18:98:DF.

root@sol11-11-server:/# installadm create-client -e 08:00:27:18:98:df -n primary_ai

Adding host entry for 08:00:27:18:98:DF to local DHCP configuration.

Verify the AI server and client:

root@sol11-11-server:/# installadm list
Service Name Alias Of Status Arch Image Path
------------ -------- ------ ---- ----------
default-i386 primary_ai on x86 /export/ai/primary_ai
primary_ai - on x86 /export/ai/primary_ai

root@sol11-11-server:/# installadm list -c

Service Name Client Address Arch Image Path

------------ -------------- ---- ----------
primary_ai 08:00:27:18:98:DF i386 /export/ai/primary_ai

Create a directory to store the manifests:

root@sol11-11-server:/# mkdir /var/tmp/manifests

First create a manifest for the client, a default manifest is located in the AI directory and can be used as
a template for the client AI manifest to be created. Copy the manifest to a new name and modify it:
root@sol11-11-server:/# cp /export/ai/primary_ai/auto_install/default.xml
/var/tmp/manifests/client_ai.xml

root@sol11-11-server:/# cd /var/tmp/manifests

The following is a listing of the modified client_ai.xml file with changes in bold:

root@sol11-11-server:/var/tmp/manifests# more client_ai.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--

Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.

-->
<!DOCTYPE auto_install SYSTEM "file:///usr/share/install/ai.dtd.1">
<auto_install>
<ai_instance name="client_ai" auto_reboot="true" >
<target>
<logical>
<zpool name="rpool" is_root="true">
<filesystem name="export" mountpoint="/export"/>
<filesystem name="export/home"/>
<be name="solaris"/>
</zpool>
</logical>
</target>
<software type="IPS">
<source>
<publisher name="solaris">
<origin name="http://sol11-11-server.timwort.org"/>
</publisher>
</source>
<!--
By default the latest build available, in the specified IPS
repository, is installed. If another build is required, the
build number has to be appended to the 'entire' package in the
following form:
 <name>pkg:/entire</name>
-->
<software_data action="install">
<name>pkg://solaris/entire</name>
<name>pkg://solaris/group/system/solaris-large-server</name>
</software_data>
</software>
</ai_instance>
</auto_install>

Add the client_ai.xml manifest to the primary_ai server:

root@sol11-11-server:/var/tmp/manifests# installadm create-manifest -m client_ai -f
/var/tmp/manifests/client_ai.xml -n primary_ai

Create a criteria manifest to match the client to the install process:

root@sol11-11-server:/var/tmp/manifests# vi client_criteria.xml
<ai_criteria_manifest>
<ai_criteria name="mac">
<value>
08:00:27:18:98:df
</value>
</ai_criteria>
</ai_criteria_manifest>

Add the criteria to the primary_ai server:

root@sol11-11-server:/var/tmp/manifests# installadm set-criteria -m client_ai -C
/var/tmp/manifests/client_criteria.xml -n primary_ai
Criteria updated for manifest client_ai.

Verify the changes:

root@sol11-11-server:/# installadm list -c -m

Service Name Client Address Arch Image Path

------------ -------------- ---- ----------
primary_ai 08:00:27:18:98:DF i386 /export/ai/primary_ai

Service Name Manifest Status

------------ -------- ------
default-i386 orig_default Default
primary_ai client_ai
orig_default Default

Create a system configuration profile for the install client using the sysconfig(1M) command:

root@sol11-11-server:/# sysconfig create-profile -o

/var/tmp/manifests/client_sc.xml
Exiting System Configuration Tool. Log is available at:
/var/tmp/install/sysconfig.log

Note: If the IPS repository name is a uri (http://sol11-11-server.timwort.org) rather than a IP address
(http://192.168.0.200) then DNS must be configured on the install client in order to install the zone.

Add the client configuration profile to the AI service:

root@sol11-11-server:~# installadm create-profile -f

/var/tmp/manifests/client_sc.xml -p client_sc -C
/var/tmp/manifests/client_criteria.xml -n primary_ai
Profile client_sc added to database.

PXE boot the client and select Automated Install from the GRUB menu:
Part 2c: Installing a client and a zone.

Now the client has been configured for a hands free install using AI. The next step it to configure the
zone installation files and the server to store the zonecfg(1M) command file.

First create a zonecfg(1M) command file, this can be done with the export subcommand from a
existing zone or it can be created by hand:

root@sol-11-11-desktop:/var/apache2/2.2/htdocs# cat ozone.cfg

create -b
set zonepath=/zones/ozone
set brand=solaris
set autoboot=true
set ip-type=shared
add net
set physical=net0
set address=192.168.0.204/24
end

The configuration file can be made available to install client in one of two ways, as a file accessible via
a NFS server or as a file accessible via a web server.

Use one of the two examples that follow.

The first example, creating a web server.

Configure and enable a web server to supply the zone configuration file:

root@sol-11-11-desktop:/# cd /etc/apache2/2.2/

Modify the httpd.conf file and set the ServerName property to the IP address or resolvable host name
of the system.

Add the ozone.cfg to the /var/apache2/2.2/htdocs directory.

root@sol-11-11-desktop:/var/apache2/2.2/htdocs# ls
favicon.gif favicon.ico index.html oaone.cfg

Enable the apache2 server:

root@sol-11-11-desktop:/var/apache2/2.2/htdocs# svcadm enable apache22

The second example:

The alternate method is to share a file system via NFS and add the file to that file system:

root@Sol-11-11-desktop:~# zfs create -p -o atime=off -o compression=on

rpool/zones/config

root@Sol-11-11-desktop:~# zfs set

share=name=zcfg,path=/rpool/zones/config,prot=nfs,ro rpool/zones/config
name=zcfg,path=/rpool/zones/config,prot=nfs,sec=sys,ro=*

root@Sol-11-11-desktop:~# zfs set sharenfs=on rpool/zones/config

root@Sol-11-11-desktop:~# cp /var/tmp/ozone.cfg /rpool/zones/config/

The zone command file is referenced by the configuration tag in the client_ai.xml file:

...
</software>
<configuration type="zone" name="ozone" source="http://192.168.0.250/ozone.cfg" />
</ai_instance>
</auto_install>

Or, for a NFS file:

...
</software>
<configuration type="zone" name="ozone"
source="file:///net/192.168.0.250/ozone.cfg" />
</ai_instance>
</auto_install>

Update the primary_ai server with the modified client_ai manifest:

root@sol11-11-server:/var/tmp/manifests# installadm update-manifest -n primary_ai

-f /var/tmp/manifests/client_ai.xml

Note: The client can be installed at this point and the zone will also be installed at the clients first boot,
however, the zone will have to be configured after it boots by using zlogin -C ozone and filling out
the sysconfig screens. Also, the client must be configured as a DNS client via the profile so that
during the zone install the repository server name can be resolved.

To have a hands free zone installation a zone manifest and zone profile are used. A example zone
manifest can be fount in the /export/ai/primary_ai/auto_install/manifest directory called
zone_default.xml.

The following manifest has been modified for the install of the zone named ozone.

Create a zone manifest file:

root@sol11-11-server:/var/tmp/manifests# cat zone_ozone.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--

Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.

-->
<!DOCTYPE auto_install SYSTEM "file:///usr/share/install/ai.dtd.1">

<auto_install>
<ai_instance name="zone_ozone">
<target>
<logical>
<zpool name="rpool">
<filesystem name="export" mountpoint="/export"/>
<filesystem name="export/home"/>
<be name="ozone">
<options>
<option name="compression" value="on"/>
</options>
</be>
</zpool>
</logical>
</target>

<software type="IPS">
<destination>
<image>
<property val="true">flush-content-cache-on-success</property>
 </image>
</destination>
<software_data action="install">
<name>pkg:/group/system/solaris-small-server</name>
</software_data>
</software>
</ai_instance>
</auto_install>

Create a system configuration profile for the zone.

The system configuration profile can be create by using the sysconfig command in a existing zone or
can be created by modifying the sample profile found on the AI server.

The example file can be found in the /export/ai/primary_ai/auto_install/sc_profiles

directory called sc_sample.xml.

root@sol11-11-server:/var/tmp/manifests# cat sc_ozone.xml

<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">

<service_bundle type="profile" name="sysconfig">
<service version="1" type="service" name="system/config-user">
<instance enabled="true" name="default">
<property_group type="application" name="root_account">
<propval type="astring" name="login" value="root"/>
<propval type="astring" name="password"
value="$5$DcZWdPZM$jHFjwIAaeU8oheCI5sA8DiPMeUKEpmfoSZ2.k5HHcf8"/>
<propval type="astring" name="type" value="role"/>
</property_group>
<property_group type="application" name="user_account">
<propval type="astring" name="login" value="admin"/>
<propval type="astring" name="password"
value="$5$YeZ4ZnDq$zKpAFWuUCq3m4d14ResHsvbDCW5PZjzfmvVps67Nug6"/>
<propval type="astring" name="type" value="normal"/>
<propval type="astring" name="description" value="Administrator"/>
<propval type="count" name="gid" value="10"/>
<propval type="astring" name="shell" value="/usr/bin/bash"/>
<propval type="astring" name="roles" value="root"/>
<propval type="astring" name="profiles" value="System Administrator"/>
<propval type="astring" name="sudoers" value="ALL=(ALL) ALL"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/timezone">
<instance enabled="true" name="default">
<property_group type="application" name="timezone">
<propval type="astring" name="localtime" value="US/Mountain"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/environment">
<instance enabled="true" name="init">
<property_group type="application" name="environment">
<propval type="astring" name="LANG" value="C"/>
 </property_group>
</instance>
</service>
<service version="1" type="service" name="system/identity">
<instance enabled="true" name="node">
<property_group type="application" name="config">
<propval type="astring" name="nodename" value="ozone"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/keymap">
<instance enabled="true" name="default">
<property_group type="system" name="keymap">
<propval type="astring" name="layout" value="US-English"/>
</property_group>
</instance>
</service>
<service version="1" type="service" name="system/console-login">
<instance enabled="true" name="default">
<property_group type="application" name="ttymon">
<propval type="astring" name="terminal_type" value="vt100"/>
</property_group>
</instance>
</service>
</service_bundle>

Add the zone manifest and zone profile to the primary_ai instance.

root@sol11-11-server:~# installadm create-manifest -n primary_ai -f

/var/tmp/manifests/zone_ozone.xml -m zone_ozone -c zonename=ozone

root@sol11-11-server:~# installadm create-profile -n primary_ai -f

/var/tmp/manifests/sc_ozone.xml -p sc_ozone -c zonename=ozone
Profile sc_ozone added to database.

PXE boot the client system, after a few seconds you should see a boot screen, arrow down and select
the Oracle Solaris 11 11/11 Automated Install menu selection, press enter:
When the install completes and the client reboots you can verify the zone is being installed.

The zone will be in the incomplete state until the install completes:

root@sol11-client:~# zoneadm list -cv

ID NAME STATUS PATH BRAND IP
0 global running / solaris shared
- ozone incomplete /zones/ozone solaris shared

Listing the svc:/system/zones-install:default service:

root@sol11-client:~# svcs zones-install

offline* 14:03:58 svc:/system/zones-install:default

The svc:/system/zones-install:default service will remain in offline* state until the install
completes.

You can verify the install is in progress by examining the zoneadm install process:

root@sol11-client:~# ps -ef | grep zoneadm

root 1850 1689 0 14:04:05 ? 0:00 zoneadm -z ozone install -m
/var/zones/install/ozone/ai_manifest.xml -c /var/zo

The log file for the svc:/system/zones-install:default service will show the install progress:

root@sol11-client:~# tail -f /var/svc/log/system-zones-install:default.log

Download: x11/xvidtune ...
Download: release/name ...
Download: library/security/libassuan ...
Download: developer/build/make ...
Download: library/pth ...
Download: shell/expect ...
Download: image/viewer/eog ...
Download: network/rsync ...
Download: package/pkg/package-manager ...
Download: x11/library/libxtst ...