dbjag@eddie.mit.edu (David Benjamin x4050) (01/31/89)
What follows are some notes I made up for our sysadmin people after
slogging through a bunch of Sun OS 4.0.1-386i installs/upgrades. We have
a few reasons for not being able to run the 386i's in their optimal
networked mode:
1. Many of our 386i's are in place temporarily for test/development,
and locking them into a YP-domain is inappropriate & inconvenient.
2. Our network as a whole does not run yellow pages and contains
many non-sun machines. I suppose one day we will be dragged
kicking and screaming into using yellow pages, but for now
its benefits do not come close to justifying the hassle the
changeover would bring.
3. SNAP is very convenient and pretty damn neat if you are setting
up a small network with a limited number of users. However,
using it on a network where both /etc/hosts & /etc/passwd are
close to 500 entries long goes beyond brain damage.
If this sounds like your site, perhaps these notes will help you.
Please keep in mind that there are some tweaks that are specific to our
site (eg. mail & home directory tweaks). Also keep in mind that this is
early info, and although it works for us now, who's to say that next week
it might all come down in flames (blanket disclaimer).
I hope this helps. Please let me know if you find anything thats harmful
in my advice. To the best of my knowledge it is the best of my knowledge.
Dave.
__________
These are general notes regarding installing a Sun386i on the net and
trying to keep it from ruining your day.
dbjag 1/20/89
- MULTIPLE YP-MASTERS
It seems that making each 386i a master of its own YP domain is the best
way to allow it to function well in the Interleaf network without crippling
all its newer features. At the current time, though, having multiple
386i-YP masters on the same network is not a configuration Sun recomends
and is just starting to support.
(do this on ALL 386i YP-masters on the net)
- kill "rarpd ie0"
- kill "rpc.pnpd"
- kill "rpc.ipallocd"
- comment out the startup entries for these daemons in /etc/rc.local
- edit /etc/policies to reflect the following
pnp restricted
newlogin restricted
ip_address_allocation none
After doing this, cd to /var/yp and run make to update the yellow pages
database. Reboot should not be necessary.
- NETWORK IS RESTRICTED
386i system installation (as a YP-master) can often be stopped completely
if the system feels that there is another YP-master already on the net.
The error message it gives is "Network is restricted, see your system
administrator" or words to that effect. This is caused by another 386i
system running on the net that has not shut off its automatic system
installation by executing the steps above (killing rpc.pnpd, etc.).
At this time I don't know how to find out exactly *which* 386i is causing
the trouble. You have to check them by hand :-(. I've disabled the
daemons on all the machines I know of, but there are always new ones
and reinstalls, so it could turn out to be a real chase...
- INSTALLING A 386i ON THE NET
1 - Unpack System, connect to network, find a comfortable chair, etc.
2 - Power up system and follow instructions to make
it a YP-master in its own domain.
3 - Login as root, the password is the system's hostid (usually 3100XXXX)
4 - Immediately, do a ps -ax and kill these processes:
rpc.pnpd
rpc.ipallocd
rarpd ie0
5 - Edit the /etc/rc.local file to disable these processes
6 - POLICIES : Edit /etc/policies file to reflect the following:
pnp restricted
newlogin restricted
ip_address_allocation none
mail_delivery home_directory
7 - Add the internet id of a trusted machine to the /etc/hosts file.
8 - => UPDATE THE YP DATABASE <= : "cd /var/yp ; make" to acknowledge the host
9 - HOSTS : Copy over the /etc/hosts file from trusted machine.
=>IMPORTANT<==>Make *SURE* that the /etc/hosts file that you
copy actually has an internet entry for your 386i. If you
get a slightly old host file and your netid is brand spanking
new (hence not in the copied hosts file) you can get
uncomfortably wedged later on. Trust me.
10 - PASSWD : Copy over the /etc/passwd file from trusted machine.
11 - FSTAB : Copy over the /etc/fstab file from trusted machine.
After double checking and editing the /etc/fstab file to make sure its
appropriate for your machine, you'll want to create the appropriate
mount points. Contrary to 386i/OS4.0 wishes, you may want to have
some mount points on /usr, if you must do this then you must do this:
mount -o remount /usr /* remount /usr */
umask 0 /* to make sure mkdir's have rwxrwxrwx */
mkdir ...all the mount points in /etc/fstab on /usr...
12 - => UPDATE THE YP DATABASE <= : cd /var/yp ; make
13 - REBOOT : To unmount the remounts and check out your fstab, doing a
quick "fastboot" seems to be the easiest way, but remember
to update the YP database or you could be hosed!
OK, at this point you should be up and running with reasonably full access to
the network. The following points may or may not be required depending
on a lot of things, but they may prove helpful.
OPTIONAL CLUSTERS
When they come fresh from the box, 386i's are loaded with the minimal system
software required. To load the "optional clusters", such as advanced_admin,
mail_plus, developers tools, etc. you have to either
a. load them using the "load" and/or "loadc" commands
(requiring a lengthy & tiring session of feed-the-floppy)
or
b. nfs mount the clusters from a separate machine.
or
c. tar the clusters over from an existing machine.
The third choice is preferable, since it is faster & easier to have the commands
locally stored as long as you have the space. To do a broad copy of all
the optional clusters of another machine you could do something like this:
% su
# cd /usr/cluster
# rsh <other-machine> tar cf - -C /usr/cluster . | tar xpBf -
This seems to work quite well. Your mileage may vary, but you get the picture.
EXPORTED FILESYSTEMS
The 386i's come with a fairly restrictive /etc/exports file. You may want to
loosen it up. In SunOS 4.0, the procedure is a few steps longer than before:
1. Edit the /etc/exports file to your liking.
This one is pretty permissive:
/
/usr
/files
2. undo the existing export set
% exportfs -ua
3. install the new export set
% exportfs -a
4. check it to make sure
% exportfs
/
/usr
/files
ROOT ACCESS/RLOGINS
A feature of SunOS4.0, and hence a feature of the 386i, is that it gives
you a real hard time if you want to rlogin as root from over the net.
This can be fixed real easy by editing the /etc/ttytab file and adding
the option "secure" after the "/dev/ttyp..." entries, thus making the
machine a little less paranoid:
before : "ttyp0 none network off"
after : "ttyp0 none network off secure"