Thursday, March 29, 2007

LDOM Installation

Before you begin, the following is required:

  • sun4v based server (SunFire T1000/T2000, Sun Netra T2000, or Sun Netra CP3060 Blade).
  • Solaris 10 Update 3 (HW 11/06) or Solaris Express (Build 57 or higher) installed.
  • Logical Domains 1.0 Early Access
The first step is into install the firmware included with the LDOM software bundle. The firmware will contain the ALOM CMT, Post, OBP, and hypervisor updates. You must load the corresponding firmware for your platform. There are two methods for doing this. You can download the firmware to the ALOM CMT using FTP or you can upload it from your currently installed Solaris instance. The later is much simpler:)

# cd Firmware/tools # ./sysfwdownload ../Sun_System_Firmware-6_4_0_build_07-Sun_Fire_T2000.bin

.......... (10%).......... (20%).......... (30%).......... (40%).......... (51%)
.......... (61%).......... (71%).......... (81%).......... (92%)........ (100%)

Download completed successfully.

This will upload the firmware to your ALOM CMT. Make sure that you upload the corresponding firmware for your platform. Now you need to shutdown your Solaris instance:

# shutdown -y -g0 -i5

Now you can upgrade the firmware from the ALOM CMT console:

sc> showkeyswitch
Keyswitch is in the NORMAL position.
sc>
SC Alert: Host system has shut down.
flashupdate -s 127.0.0.1

SC Alert: System poweron is disabled.
................................................................................
................................................................................
......

Update complete. Reset device to use new software.

SC Alert: SC firmware was reloaded
sc> resetsc
Are you sure you want to reset the SC [y/n]? y

The firmware is now updated and the SC has been reset. Once it is done resetting, verify the version of the firmware:

sc> showhost
Sun-Fire-T2000 System Firmware 6.4.0_build_07 2007/02/14 22:07

Host flash versions:
Hypervisor 1.4.0_build_07 2007/02/14 21:52
OBP 4.26.0.build_07 2007/02/14 19:20
POST 4.26.0.build_07 2007/02/14 19:51

The version should match the version info in the firmware bin file name. Now you can power on your server and proceed to the installation of the LDOM software. Depending on the OS you are running, you may have to apply the patches that are included in the Patches directory first.

For example, if you are running Solaris 10 Update 3, you will need to install 118833-36 and reboot. Then you'll have to install patches 125043-01 and T124921-02, then reboot. This is not required if you are running build 57 or higher of Nevada (OpenSolaris, Solaris Express, etc.).

Now it's time to install the LDOM software for what will become the control domain. The software package includes JASS to secure the control domain. Remember, the control domain is similar to the SC on a Sun Fire 15K. You don't want it to be used for anything other than administering the platform. You can install the SUNWjass and SUNWldm package with the install-ldm script under the Install directory. Or you can install them manually. If you already have secured the control domain, you may not need JASS, it's up to you:)

# Install/install-ldm
Welcome to the LDoms installer.

You are about to install the domain manager package that will enable
you to create, destroy and control other domains on your system. Given the capabilities of the domain manager, you can now change the security configuration of this Solaris instance using the Solaris Security Toolkit.
Select a security profile from this list:
a) Hardened Solaris configuration for LDoms (recommended)
b) Standard Solaris configuration
c) Your custom-defined Solaris security configuration profile
Enter a, b, or c [a]: a
The changes made by selecting this option can be undone through the
Solaris Security Toolkit’s undo feature. This can be done with the
’/opt/SUNWjass/bin/jass-execute -u’ command.
Installing LDoms and Solaris Security Toolkit packages.

Installation of was successful.
...
Verifying that all packages are fully installed. OK.
Enabling services: svc:/ldoms/ldmd:default
Running Solaris Security Toolkit 4.2.0 driver ldm_control-secure.driver.
...
Solaris Security Toolkit hardening executed successfully; log file
/var/opt/SUNWjass/run//jass-install-log.txt. It will not
take effect until the next reboot. Before rebooting, make sure SSH or
the serial line is setup for use after the reboot.

Then reboot your control domain. Once you come backup. It's time to start setting things up! We'll visit that in my next post!

Disclaimer: This post only covers the Early Access RC3 of the LDOM technology, which is in pre-release.

No comments: