Make sure all the hardware is installed properly
- Power on, hit Stop-A (L1-A) to stop boot process.
You can do this when using the portmaster by hitting
Control-] (a.k.a. ^])
and then at the "telnet>" prompt, type
"send brk"
To prevent the machine from booting automatically, type:
ok printenv
ok setenv auto-boot? false
- Now reset the machine, so the SCSI bus is not active
ok reset-all
- After the machine has reset, type:
ok probe-scsi-all
take note of which disks are installed
(make SURE all disks/tape drives are present)
- Now, turn the OpenBoot "auto-boot?" flag back on.
ok setenv auto-boot? true
- Insert the Solaris 2.6 5/98 Server Edition CD-Rom and type:
ok boot cdrom -v
Install Solaris 2.6 ()
- Pre-install options
Language - English
Locale - 0) USA - English (ASCII only)
Terminal - [choose wisely - try "3) DEC VT100" if you don't know]
- System Identification
NOTE: if F2 doesn't work, try Esc then 2
Host name: this is "machine" (NOT "machine.women.net")
Networked: Yes
IP address: next one in DNS (ask if you don't know)
Name service: Other
Subnet: Yes
Netmask:
For the Exodus network:
255.255.255.0
For ALL networks at 417 Fifth Ave.
255.255.255.192
Region: United States
Time Zone: Eastern
Date and Time: set accurately
- Solaris Install
NOTE: (Choose "Continue" unless otherwise specified)
- Solaris Interactive Installation: F4_Initial (Esc then 4)
- Select Software: Entire Distribution ................... 708.00 MB
Do NOT install OEM CRAP (first option)
- Select Disks: c0t0d0
Note:You NEED c0t0d0. Other disks can be added if you know what you are doing,
otherwise they can be added post-installation
- Automatically Layout File Systems?: F4_Manual Layout (Esc then 4)
- Partition Table Layout:
0 - /
1 - swap
2 - backup [DO NOT TOUCH]
3 - /usr/local
4 - /var
5 - /opt
6 - /usr
7 - metadb's
Sample partition table from a 2GB disk (sizes approximated):
Part Tag Flag Size
0 root wm 100.20MB (/)
1 swap wu 256.05MB (swap)
2 backup wm 1.98GB [DO NOT TOUCH]
3 usr wm 660.00MB (/usr/local)
4 var wm 200.39MB (/var)
5 unassigned wm 200.20MB (/opt)
6 usr wm 600.43MB (/usr)
7 unassigned wm 11.13MB (or ~15 clusters)
Sample partition table from a 4GB disk (sizes approximated):
Part Tag Flag Size
0 root wm 100.20MB (/)
1 swap wu 1.00GB (swap)
2 backup wm 4.00GB [DO NOT TOUCH]
3 usr wm 1850.00MB (/usr/local)
4 var wm 200.39MB (/var)
5 unassigned wm 300.20MB (/opt)
6 usr wm 600.12MB (/usr)
7 unassigned wm 11.60MB (or ~15 clusters)
Sample partition table from a 9GB disk (sizes approximated):
Part Tag Flag Size
0 root wm 100.20MB (/)
1 swap wu 2.00GB (swap)
2 backup wm 9.00GB [DO NOT TOUCH]
3 usr wm 5.00GB (/usr/local)
4 var wm 650MB (/var)
5 unassigned wm 650MB (/opt)
6 usr wm 600.12MB (/usr)
7 unassigned wm 11.60MB (or ~15 clusters)
- Configure for auto-reboot after install.
- Post installation Solaris 2.6 config
- Set default root password (ask a senior systems administrator)
- APM (advanced power management) setup:
****************************************************************
This system is configured to conserve energy.
After 30 minutes without activity, the system state will be
saved to disk and the system will be powered off automatically.
A system that has been suspended in this way can be restored
back to exactly where it was by pressing the power key.
The definition of inactivity and the timeout are user
configurable. The dtpower(1M) man page has more information.
****************************************************************
Do you wish to accept this default configuration, allowing
your system to save its state then power off automatically
when it has been idle for 30 minutes? (If this system is used
as a server, answer n. By default autoshutdown is
enabled.) [y,n,?]
Answer: n
Autoshutdown has been disabled.
Should the system save your answer so it won't need to ask
the question again when you next reboot? (By default the
question will not be asked again.) [y,n,?]
Answer: y
Network Configuration
- DNS Setup
# vi /etc/resolv.conf
If host is at Exodus:
domain women.net
nameserver 216.33.32.129
search women.net women.com homearts.com wwire.net
If host is at 417 Fifth Ave:
domain women.net
nameserver 209.67.63.76
nameserver 216.33.32.129
search women.net women.com homearts.com wwire.net
# vi /etc/nsswitch.conf
add "dns" at the end of hosts line
hosts: files dns
- Configure default gateway
NOTE: this is VERY different, depending on location
# vi /etc/hosts
If the host is at Exodus, add this after the last line:
216.33.32.10 fwall1-qfe0
If the host is at 417 Fifth Ave - on the OPS network, add this after the last line:
209.67.63.193 gateway
If the host is at 417 Fifth Ave - on the OPSDMZ network, add this after the last line:
209.67.63.65 gateway
# vi /etc/defaultrouter
If the host is at Exodus:
fwall1-qfe0
If the host is on the OPS and OPSDMZ subnets at 417 5th Avenue:
gateway
- reboot the machine (init 6) and check the routes
# netstat -rn
You should see a line like:
default 216.33.32.10 UG 0 57
This is the default route to the default gateway.
Install Patches
- Download Patches from SunSolve
cd /tmp
ftp sunsolve.sun.com
log in as ftp, passwd is your email address
ftp> bin
ftp> hash
ftp> prompt
ftp> cd /pub/patches
ftp> mget 2.6_R* 2.6_y*
when download is complete,
ftp> bye
- Install Patch Clusters
zcat 2.6_Recommended.tar.Z | tar xf -
cd 2.6_Recommended
./install_cluster
cd ..
zcat 2.6_y2000_ALL.tar.Z | tar xf -
cd 2.6_y2000_ALL
./install_cluster
cd ..
- reboot the sever to complete patch installation
Setup the Environment
# vi /etc/profile
add this before the "trap" line:
PATH=/usr/sbin:/sbin:/usr/bin:/usr/ucb:/usr/local/bin:/usr/etc:/usr/kvm:/usr/ccs/bin:/usr/openwin/bin:/usr/dt/bin:/usr/proc/bin:/usr/opt/SUNWmd/sbin
MANPATH=/usr/share/man:/usr/local/man:/usr/openwin/man:/usr/dt/man:/usr/proc/man:/usr/opt/SUNWmd/man
On the "export" line, add MANPATH to the end of the line
export LOGNAME PATH MANPATH
Logout and login again
Elementary Security Setup
- Disable unecessary services
- stop each of the rc scripts for these
services and rename the file so it does not start at boot
Example:
stop it
# ./S80lp stop
rename file with "S" to "s"
# mv S80lp s80lp
So, in /etc/rc2.d disable all these services:
S73nfs.client
S74autofs
S80lp
S85power
S88sendmail
S99dtlogin
NOTE: S99dtlogin should remain for desktop machines, but NOT servers.
in /etc/rc3.d, disable all these services:
S15nfs.server
S76snmpdx
S77dmi
- Re-enable sendmail to dequeue outgoing email via cron
# TERM=vt100
or whatever your terminal is (dtterm if under CDE)
# EDITOR=vi
# export TERM EDITOR
# stty rows 24 cols 80
or whatever your terminal size is
configure the fully qualified domain name (FQDN)
# vi /etc/hosts
REPLACE the line
209.67.63.199 pain
with the line
209.67.63.199 pain pain.women.net
# crontab -e root
add at the end of the file
#
0,15,30,45 * * * * /usr/lib/sendmail -q > /dev/null 2>&1
- Disable every thing in /etc/inetd.conf except "time"
# vi /etc/inetd.conf
:%s/^/#/g
:%s/^##/#/g
:%s/^#time/time/g
# ps -aef | grep inetd
# kill -1 PID
where "PID" is the process id of inetd.
Add to DNS
- Log onto util1.women.net and become root
# cd /usr/local/named/master
# vi db.women.net
- Add an forward lookup entry for your host:
bliss IN A 209.67.63.200
- Change the serial number "yyyymmddXX" where "XX" starts at "00", and continutes
to count up (00,01,02,03,etc.) until the next day.
So this:
@ IN SOA ns1.women.net. dnstech.women.com. (
1998123100 ; serial number
gets changed to
@ IN SOA ns1.women.net. dnstech.women.com. (
1999010100 ; serial number
- Add a reverse lookup entry for your host:
# vi db.63.67.209
200 IN PTR bliss.women.net.
@ IN SOA ns1.women.net. dnstech.women.com. (
1999010100 ; serial number
- Process the changes and restart the daemon
# cd /usr/local/named
# make
admin/check_in.sh master/db.63.67.209
master/RCS/db.63.67.209,v <-- master/db.63.67.209
new revision: 1.4; previous revision: 1.5
enter log message, terminated with single '.' or end of file:
>> added bliss
>> .
done
admin/check_in.sh master/db.women.net
master/RCS/db.women.net,v <-- master/db.women.net
new revision: 1.4; previous revision: 1.3
enter log message, terminated with single '.' or end of file:
>> added bliss
>> .
done
reloading nameserver... done.
Install standard packages and software
- FTP to the master package server and get everything
# mkdir -p /usr/local/src
# cd /usr/local/src
# ftp hearst-1000.women.net
ftp> cd /usr/local/src/build
ftp> bin
ftp> hash
ftp> prom
ftp> mget *
ftp> bye
- First, install gzip so you can unpack all of the packages
# pkgadd -d gzip-1.2.4-sol26-sparc-local
- Now decompress the rest of the packages
# gunzip *.gz
- Now you can use a 'for loop' and the admin file to automagically
install the remainder of the standard packages
# for i in `ls *local` SUNWmd; do pkgadd -a admin -d $i; done
This should install the following packages:
- bash-2.02
- gcc-2.8.1
- libstdc++-2.8.1
- lsof-4.33
- make-3.76.1
- screen-3.7.4
- tar-1.12
- top-3.5beta8
- traceroute-1.4a5
- unzip-5.32
- zip-2.2
- SUNWmd
- Build Perl with NFS locking option
# tar xvf perl-5.005_03.tar
# cd perl5.005_03
# ./Configure -d -Ud_flock -Dcc=gcc
# make test
NOTE: If 'make test' doesn't succeed, DO NOT perform the next step!!!
# make install
- Create a directory called DONE. Then recompress/move everything there
# cd /usr/local/src
# mkdir DONE
# mv gzip-1.2.4-sol26-sparc-local DONE
# gzip *.tar
# gzip *local
# gzip SUNWmd
# mv *.gz DONE
- Install ssh and generate host key
# cd /
# unzip /usr/local/src/ssh_1_2_27_Solaris_2_6.zip
# tar xvf ssh_1_2_27_Solaris_2_6.tar
# gzip ssh_1_2_27_Solaris_2_6.tar
# mv ssh_1_2_27_Solaris_2_6.tar.gz /usr/local/src/DONE
# mkdir -p /usr/local/etc
This MUST be done or sshd will never start
# /usr/local/bin/ssh-keygen -f /usr/local/etc/ssh_host_key -N ""
Now start the ssh daemon.
# cd /etc/rc2.d
# ./S81sshd start
Clean up the ssh install zipfile.
# rm /usr/local/src/ssh_1_2_27_Solaris_2_6.zip
Final OS installation tweaks
- Setup /home correctly
# cd /
# umount /home
# rmdir /home
# mkdir -p /usr/local/home
# ln -s /usr/local/home /home
- Set the time with NTP
echo "# NTP config file" > /etc/inet/ntp.conf
echo "# Women.com stratum 4 config file" >> /etc/inet/ntp.conf
If the machine is at Exodus, use this:
echo "server util1.women.net" >> /etc/inet/ntp.conf
echo "server ops1.women.net" >> /etc/inet/ntp.conf
If the machine will ALWAYS be at 417 (dev box, stage box, etc.) use this:
echo "server apathy.women.net" >> /etc/inet/ntp.conf
echo "driftfile /etc/ntp.drift" >> /etc/inet/ntp.conf
/etc/rc2.d/S74xntpd start