This short documentation should give an overview of the concept used at ISG for the installation and administration of Unix servers and workstations. This concept main goal is providing a system where most things are automated, such as to minimize the administration costs (time spent).
AutoClient is used for the workstations, so that the administration cost is kept to a minimum and doesn't increase linearly with the number of machines. The root file-system of each host is installed in a sub-directory called after the host name in a common directory of a server.
ISG-Note: The root file-systems are stored in drwho:/export/root. So, for example, the tardis-a1 root file-system is in drwho:/export/root/tardis-a1.
The installation is done through a `boot net' at the command line of the client, which will then ask someone to tell who it is (IP address) based on his Ethernet MAC address. The table containing the mapping between Ethernet and IP addresses is stored in the file /etc/ethers of the server. The new client has to be registered in that file. /etc/hosts of the server has to be extended too.
The make_hosts script is used to automate the process of adding a AutoClient. It does use a configuration file called autoclients.tab, which is a list of the AutoClients. It does contain for example:
tardis-a1 129.132.3.11 8:0:20:88:d0:f6 sparc.sun4u.Solaris_2.6 # tardis-a1 tardis-a2 129.132.3.12 8:0:20:89:14:9 sparc.sun4u.Solaris_2.6 # tardis-a2 tardis-a3 129.132.3.13 8:0:20:88:cf:66 sparc.sun4u.Solaris_2.6 # tardis-a3 tardis-a4 129.132.3.14 8:0:20:89:a:af sparc.sun4u.Solaris_2.6 # tardis-a4
First column is host-name, second is IP address, third is Ethernet address and fourth is platform. The # denotes a comment.
The script does the following for each host listed in autoclients.tab:
The script will only work with updated /etc/hosts and /etc/ethers.
ISG-Note: The make_hosts script is drwho:/export/tools/make_ee_hosts.
Every modification made to the standard installation of the Unix vendor can result to very high cost of administration because of the manual installation of the differences and the lack of documentation of the modifications.
Since modifications are needed and to keep the accompanying costs to a minimum, a system was developed to automate the installation of such modifications. All the modified files of every host are installed with the same path from the root directory in a special tree (called template_tree) and a mechanism is used to select the appropriate files for every host and modify their file-systems.
The template_tree structure is the same as the target file-system structure. The selection of modifications is done through filesets, which do specify the appartenance to certain groups. For example each tardis machine should be configured with the filesets sol26, tardis, EE and client. The grouping of hosts is what makes this configuration method very powerful and easy for the administration.
Filesets can be specified for every file in the template_tree by adding to the filename the filesets pertinent to that file, preceded (each one) by a # and separated by commas. For example:
mail,#drwho,#jabba,#eeclient
The filename shown above means that this file will be copied to the target only if one of the tags drwho, jabba or eeclient are specified. Think of it as an incremental selection process. first all files without filesets get selected, then they get replaced by files matching the last tag on the fileset line, then by files matching the second last and so on...
The default action is to copy the files that are in the specified fileset, but files can be also deleted, modified with perl or just the modes can be changed. This happens with the usage of modifiers, which should be written also in the filename before the filesets. Modifiers are prepended with a @: @D is for delete, @P for perl (the file in the template is a perl script which does process the file in the target as standard-input and outputs what should be written) and @M for fixmode. For example:
vfstab,@P,#eeclient
Note that the selection process with filesets can happen on every level of the directory structure, including the directories themselves. As an example, this is the current template_tree directory (root) used at the ISG:
/net/drwho/export/template-tree: afs,#afs etc,#drwho,#tardis,#client,#lktserver,#jabba home,#lktserver kernel,#client,#staff local-home,#tardis,#drwho,#staff,#LKT rplboot,#no_x86_support rplboot,@D usr,#drwho,#tardis,#usr251,#lktserver,#jabba var vlsi,#EE
A tool called fixtree is used to modify a tree according to the template_tree. fixtree is called on the destination tree that should be modified with the tags as a parameter (to -f) that select the appropriate modification. For example:
./fixtree --source=/export/template_tree --target=/export/root/tardis-a1 \
-f nosunset,sol26,afs,afs26,eeclient,EE,client,j61,2gb,atm,zipc0
ISG-Note: fixtree is installed in /net/drwho/export/tools.
It is practical to have a script, which does call the fix_tree with the appropriate arguments for each host. We call this script fix_hosts (fix_ee_hosts at ISG).
To simplify the mounting of NFS drives between different labs each lab has its range of UID and GID numbers:
| Lab | UID ranges |
GID ranges |
| isg | 500-549, 18000-18999 | 50-54, 18000-18999 |
| isg-mac | 550-550 | 55-55 |
| id | 580-599 | 58-59 |
| ee | 600-619 | 60-61 |
| dz | 700-759, 19000-19999 | 70-75, 19000-19999 |
| iis | 1000-1499, 20000-21999 | 100-149, 20000-21999 |
| ife | 1500-1999, 22000-23999 | 150-199, 22000-23999 |
| ibt | 2000-2499, 24000-25999 | 200-249, 24000-25999 |
| pzt | 2500-2999, 26000-27999 | 250-299, 26000-27999 |
| biwi | 3000-3499, 28000-29999 | 300-349, 28000-29999 |
| ifh | 3500-3999, 30000-31999 | 350-399, 30000-31999 |
| ims | 4000-4499, 32000-33999 | 400-449, 32000-33999 |
| nari | 4500-4999, 34000-35999 | 450-499, 34000-35999 |
| isi | 5000-5499, 36000-37999 | 500-549, 36000-37999 |
| ifa | 6000-6499, 38000-39999 | 600-649, 38000-39999 |
| lem | 6500-6999, 40000-41999 | 650-699, 40000-41999 |
| eeh | 7000-7499, 42000-43999 | 700-749, 42000-43999 |
| iem | 7500-7999, 44000-45999 | 750-799, 44000-45999 |
| eek | 8000-8500, 46000-47999 | 800-849, 46000-47999 |
| tik | 9000-9999, 48000-49999 | 900-999, 9000-9999, 48000-49999 |
| delek | 11000-17999 | 1100-1799, 11000-17999 |
When mounting a remote disk, it is convenient to mount it under the same name as it was exported, because this will ensure that all programs which use absolute pathnames will continue to work. Therefore the ISG and several of the labs implemented the following naming strategy for mount-points:
/usr/server-name/disk-name
This method ensures that remote mounting will always be possible under the original name of the disk. On the departmental server drwho we have the following file systems
Filesystem kbytes used avail capacity Mounted on /dev/dsk/c0t0d0s0 48023 25267 17956 59% / /dev/dsk/c0t0d0s3 577695 384066 135869 74% /usr /dev/dsk/c0t0d0s4 240055 120101 95954 56% /var /dev/dsk/c0t0d0s5 480919 349392 83437 81% /opt /dev/dsk/c0t0d0s6 130327 33623 83674 29% /tmp /dev/vx/dsk/export-a 1548649 1185737 208052 86% /export /dev/vx/dsk/export-b 1548649 1013429 380360 73% /export-b /dev/vx/dsk/local-a 1548553 1028217 365486 74% /usr/drwho/local /dev/vx/dsk/eehome-a 3862496 2413361 1062895 70% /usr/drwho/eehome-a /dev/vx/dsk/eehome-b 3862496 1978864 1497392 57% /usr/drwho/eehome-b /dev/vx/dsk/eehome-c 3862496 734649 2741607 22% /usr/drwho/eehome-c /dev/vx/dsk/pack-a 3862496 3004239 472017 87% /usr/drwho/pack-a /dev/vx/dsk/pack-b 1548553 1108785 284918 80% /usr/drwho/pack-b /dev/vx/dsk/pack-c 1548553 1053335 340368 76% /usr/drwho/pack-c /dev/vx/dsk/pack-d 1548553 1223145 170558 88% /usr/drwho/pack-d /dev/vx/dsk/pack-e 3862496 3039571 436685 88% /usr/drwho/pack-e /dev/vx/dsk/netvar 1548553 432231 961472 32% /usr/drwho/netvar /dev/vx/dsk/proxy 1946504 1728298 23556 99% /usr/drwho/proxy /dev/vx/dsk/vault-a 3863392 1459169 2017893 42% /usr/drwho/vault /dev/vx/dsk/ifh-b 1966056 672791 1096665 39% /usr/drwho/ifh-b /dev/vx/dsk/ifh-a 3863392 2838642 638420 82% /usr/drwho/ifh-a
all the partitions which are for export are mounted under /usr/drwho which is a unique name within the DELEK. When mounting these partitions via NFS on another system, the same name can be used ...
Efficient NFS filesharing requires netgroups with the names of the hosts which are entitled to access the exported filesystems.
Every system manager of the department has an admin account on Jabba where she can setup netgroups for the Jabba filesystems. To simplify filesharing among the labs, an additional netgroup called lab-acronym_trusted is provided. Every system manager should update her group to include the names of her trusted machines.Trusted machines are managed machines where only the systemmanager(s) of the lab have administrative privileges. Trusted systems are secure as far as their actions on the network are concerned (no network snooping and no access to ports below 1024 for normal users). This is generally only true for managed Unix boxes.
The data stored in theses 'trusted' netgroups can be accessed via http://jabba/hosts/lab-acronym/trusted. They can be used as a source for building local netgroup files.
A well maintained Unix system comes with a lot of applications. Installing and configuring applications can be quite time consuming. It is therefore sensible to cooperate in this area. The IT Support Group of the Department has developed a system called SEPP for exactly this purpose. For information about how to participate in SEPP, check the ISG Sepp page.