[TriLUG] Sun Jumpstart experts?

Ben Pitzer uncleben at mindspring.com
Sat Aug 17 21:01:09 EDT 2002


On Fri, 2002-08-16 at 10:54, Michael Alan Dorman wrote:
> "Ben Pitzer" <uncleben at mindspring.com> writes:
> 
> > Actually, they do have to be on the same subnet.
> 
> That is not a real requirement at all.  period.

I realize that this is not an actual requirement, however the problems
that you detail below seem to make it on to my mind.  The extra hoops
that one has to jump through to get this to work otherwise (dhcp, etc)
seem to be more trouble than they're worth.  Plus, it can make for some
other configuration issues on a network that might have been working
previously.  No guarantee that those issues will occur, but they are
possible.
 
> Really, a jumpstart is nothing but a net-boot, plus an nfs-root.
> 
> Sun provides a couple of tools to perform a couple of tasks that are
> peculiar to setup (partitioning and the like), and seems to go to
> great lengths to establish this mystique around jumpstart, but there
> is really *no* magic involved.  I wrote *all* my own scripts for
> things, and didn't use any of the standard sun scaffolding.
> 
> Heck, there's a guy who's implemented a tool called FAI for Debian
> that bears a painful resemblance to jumpstart.  I felt all too at home
> when I started using it.
> 
> In fact, for reasons that escape me, he's looking to extend it to
> doing Solaris installs as well!  I suspect it's just perversity.
> 
> So, anyway, the only requirement is that you be able to net-boot and
> mount an nfs-root.  Because of the requirements of net-booting---that
> every net-booting method in the universe (at least that I am aware of)
> relies on broadcasts, which *are* segment-specific---it is often
> believed that Jumpstart requires boxes to be on their own segments,
> but that really isn't the case; you just have to work around your
> net-boothing requirements.  DHCP is an effective solution, and, in my
> experiments, a little faster.
> 
> > We use them here at RR, and must build all boxes on one subnet, then
> > reconfigure the network info to put it on another.  I prefer it that
> > way, because we can segregate that subnet from the world so that if
> > for some odd reason we have to leave a box unpatched to go work on
> > another issue or emergency, it isn't out where the world could
> > potentially see it and crack it.
> 
> Now these are some good reasons for having a special jumpstart
> segment---though I always just patched boxes as start of my
> jumpstarts.  Also related is the issue of jumpstart requiring NFS,
> which is to network security what leaving your fly down is to being
> suave and debonaire...

Yeah, the security thing is a BIG thing with me.  I've been trying to
work on some potential security issues (no, folks, I'm not going to tell
you about any of them) at work, and having this segregated subnet makes
me feel a whole lot better about jumpstarting servers.

> Mike.
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html





More information about the TriLUG mailing list