XHiering Host

Before setting up

Ensure that /etc/hosts, /etc/hosts.equiv, and /.rhosts are set up appropriately. You will need to ensure that root access is allowed from the arch/admin master. (Solaris 8: you will also have to edit /etc/default/login to allow root to log in from other than the console. this may apply to other versions of Solaris as well.)

Basic XHier Services

Setup the Xhier Tree using csh

mkdir -p /vendor /xhbin
mkdir -p /.software/regional /fsys/.software/{admin,arch,local,share,spool}
ln -s /fsys/.software/* /.software
ln -s /.software/share /software

Create home mount point directories plus /u (where the link tree into u# lives).

mkdir /u{,1,2,3,4,5}

Also want to support kludge from when home directories where on pythagoras:/fsys2 and everyone use to reference them via /fsys2/u*.

mkdir /fsys2
ln -s /u{,1,2,3,4,5} /fsys2

Setup NFS Mount of regional information and while you're at it also add all the NFS mounts. Append to the "/etc/vfstab" file the following lines (remember to update the lines to correspond to your file server setup):

#
# NFS Mounts from mail and home directory file servers.
#
<Home File Server>:/vol/vol2/dotsoftware/regional - /.software/regional nfs - yes rw,hard,grpid
<Mail File Server>:/.../mail   - /var/mail   nfs     -       yes     rw,hard,grpid,actimeo=0
<Home File Server>:/.../u1     - /u1         nfs     -       yes     rw,hard,grpid
<Home File Server>:/.../u2     - /u2         nfs     -       yes     rw,hard,grpid
<Home File Server>:/.../u3     - /u3         nfs     -       yes     rw,hard,grpid
<Home File Server>:/.../u4     - /u4         nfs     -       yes     rw,hard,grpid
<Home File Server>:/.../u5     - /u5         nfs     -       yes     rw,hard,grpid

Mount the regional information which is used by xh-first-time.

mount /.software/regional
mount /var/mail

Setup the Xhier on the hosts that will be distributing to the new host.

On the ultimate xhier admin master(s) for each of the xhier masters that will be distributing to the new host. ( ie currently mfcf.uwaterloo.ca for MFCF xhier admin, pythagoras.math.uwaterloo.ca for MFCF sun560 xhier {arch,share}, [soon to be] math.uwaterloo.ca for MFCF sun580 xhier {arch,share} , cnoc-dcs for distributions for other (IST xhier {arch,share}) ) you need to setup the permissions for who should send what branches of the /.software tree to the new host. ie edit "/.software/admin/xhier/data/access-rights" on one of the above hosts and distribute it to the host that will be ditributing to the new host.
You can find the ultimate admin master by tracing it back through the access-rights file or just hope the comment at the top of the access-rights file is correct.
use "xh-distribute -t admin -h ..." to distribute xhier package from the ultimate admin master to the admin master for this new host.
repeat above steps for the arch master (could also potentially be share but this usually comes from the arch master). In some cases it can be the same as the admin master so you don't have to do anything.

Add host to appropriate groups

on the ultimate source master (capo), cd to "/software/mfcf-basics/export/hosts" and choose the appropriate group that the new host should belong to. "mfcf_clients" if it's a regional client, "mfcf_accounts" if it's a regional master.
remember to distribute the updates to the {regional,admin} masters that will be serving the new host.

Initializing Minimum Xhier Services on the New Host.

We need some additional passwd/group entries so either copy the passwd, shadow and group files from a regional sibling of the same arch or manually setup them up (need to doc minimal xhier accounts and groups).
From the xhier share master run xh-first-time
<arch master># xh-first-time -v <new host>
On <new host>, fix /.software/local/xhier/config/local/xhier_maintainer to be your email address until your happy with the way the host is working.
Still on <new host>, fix /.software/admin/xhier/config/admin/xhier_maintainer to send its mail to the appropriate administration alias (xhier_math_admin@math.uwaterloo.ca)
Create /software/os-extras/data/gateway by adding the IP address of this hosts gateway (use the first three octets of the IP address followed by a ".1").
<new host># echo "129.97.NNN.1" > /software/os-extras/data/gateway
If the entire operating system was installed on one partition "/". You need to inform xhier that this is what you wanted.
<new host># echo "AllowPathOnRoot=yes" >> /software/os-extras/config/local/config.d
Until the host is ready to go into service, we don't want chkdumpdates to be complaining.
<new host># echo "CheckDumpDates=no" >> /software/os-extras/config/local/config.d
If the xhier admin master is different than the xhier share master then you need to "<admin master># xh-transfer-requests <new host>" and "<admin master># xh-dist-maintenance -h <new host>" from the xhier admin master.
Send mfcf-basics and os-extras again (xh-first-time set these the first time).
pythagoras.math# xh-distribute -h <new host> mfcf-basics
pythagoras.math# xh-distribute -h <new host> os-extras
repeated the above xh-distribute's until there are no errors, only a couple of warnings:
special: os-extras Install warning: Many vendor sendmail daemons are known
special: os-extras Install warning: known to have security holes.
special: os-extras Install warning: So you might want to install a
special: os-extras Install warning: recent sendmail package instead.
and/or
special: xh-register: Can't find registrar host 'xh-registrar.uwaterloo.ca': Error 0
which is because sendmail package has not been installed yet and routing is not yet working.

Installing Basic Services Packages.

Most (all) of the xhier commands in this section will complain about "xh-register: Can't find registrar host 'xh-registrar.uwaterloo.ca': Error 0" This error goes away after the reboot that occurs a little further along.

This may need a "<arch master># xh-transfer-requests <new host>" to start things off.
"<arch master># xh-distribute -h <new host> rcs-5.7
/etc/hosts and /etc/networks config-files
"<arch master># xh-distribute -h <new host> config-files
After this is done; save the vendor files and copy /usr/tmp/config-files*/* to /etc
<new host> cd /; tar cf - etc/{,inet}/{hosts,networks} | (cd /vendor; tar vxfBp -)
<new host> cp /tmp/config-files-Install_*/* /etc
(If you've done the "quick network education" (see OS install notes) then the /tmp/... files weren't created.)
<arch master># xh-distribute -h <new host> mfcf-misc
<arch master># rcp /etc/resolv.conf <new host>
(Note: check that resolv.conf is for a caching name server.)
<arch master># xh-distribute -h <new host> nsdata
(Note: this program install is very verbose.)
<arch master># xh-distribute -h <new host> bind-8.2
plus manual xh-install
<arch master># xh-distribute -h <new host> qi-2.3
plus manual xh-install
<arch master># xh-distribute -h <new host> nameserver
<arch master># xh-distribute -h <new host> mailers-1
<arch master># xh-distribute -h <new host> sendmail-8.9
(with manual install, /software/xhier/maintenance/xh-install). Remember to add this host to /software/sendmail-8.9/config/regional/clients.
<arch master># xh-distribute -h <new host> procmail-3.13
<arch master># xh-distribute -h <new host> imap-4.6
plus manual xh-install
sunos5 will complain unless there's an xhiered version of perl on the system. Solaris 8 ships with perl-5.005, but the sunos5 package will not recognise this. Need to do an xh-dist2 of one of the perl packages (perl-5 works).
<arch master># xh-dist2 <new host> sunos5
On the <new host> update the RCS'd file /.software/local/sunos5/config/local/config.d
- RootRlogin=yes
- StartAccounting=no
  Ray says StartAccouting should be "no" until IST fixes their log rolling bug (see ToDo items 17629 and 22217)
- HmeTune=hme[0,1],100fdx
  This locks the networking to fast ethernet full duplex, other options are fast ethernet half duplex (100hdx) or 10 Mb (10{fdx,hdx}). You can tell which NIC cards are active with the "ifconfig -a" command. Note: IST currently only checks for hme network devices so if you don't have one, don't worry about this setting.
and re-install the package "<new host># xh-install sunos5"
sunos5 package will install sunos5-1.0_patches. If you want to install the patches right away, do a
/software/sunos5-1.0_patches/maintenance/uw.patch_install -recommended yes -security yes
on the new machine.
<arch master># xh-distribute -h <new host> batch
Then iff this is a solaris host, comment out rlimitrss in /software/batch/spool/*/profile
reboot -- -rv
<admin master># xh-dist-maintenance -h <new host>
<arch master># xh-dist-maintenance -h <new host>

Sometime around now ask /software/lpr/.admin/Maintainer to setup a printcap file on this host.

On the xhier regional master [you can find the hostname from any host already in region with "cat /software/xhier/config/local/allowed-types"]

For each host in the region that the new host will be joining (ie the new hosts regional siblings) add the new host name to their /etc/hosts.equiv
- update /etc/hosts.equiv
- distribute to all hosts listed in hosts.equiv file.
  foreach host ( `decomment /etc/hosts.equiv` )
  scp /etc/hosts.equiv ${host}:/etc
  end

Quick blasting of packages (Needs to be sorted by functional groups) (Actually this whole list needs to be re-thought and maybe done in the "/software/mfcf-specific/data/requests/*" files which are then just added to "/software/xhier/config/local/requests")
If (when!) ssh-openssh is installed, you may have to first install the solaris-random package, as ssh-openssh has no hard dependency on this package but it will not work under Solaris 8 without this package. If you get messages about the PRNG being uninitialised, this is why.

pythagoras.math# xh-dist2 <new host> aceclient-2.1uw acetools-2.1uw
pythagoras.math# xh-dist2 <new host> groff-1.15
pythagoras.math# xh-dist2 <new host> acrobat-4.0
pythagoras.math# xh-dist2 <new host> ghostscript-6 ghostview-1
pythagoras.math# xh-dist2 <new host> lynx-2.8.2 communicator-4.61
<new host># xh-install communicator-4.61
pythagoras.math# xh-dist2 <new host> pine-4 elm-2.5
pythagoras.math# xh-dist2 <new host> emacs-20.4 emacs-contrib
pythagoras.math# xh-dist2 <new host> auctex auctex-emacs19 auctex-lemacs
pythagoras.math# xh-dist2 <new host> top-3.5
pythagoras.math# xh-dist2 <new host> gcc-2.95.2
pythagoras.math# xh-dist2 <new host> calendar
pythagoras.math# xh-dist2 <new host> users
pythagoras.math# xh-dist2 <new host> jqpublic
pythagoras.math# xh-dist2 <new host> sc
pythagoras.math# xh-dist2 <new host> console
pythagoras.math# xh-dist2 <new host> x11,minimal x11,network
pythagoras.math# xh-dist2 <new host> x11_minimal x11_netbasics x11_network2
pythagoras.math# xh-dist2 <new host> x11,network x11,contrib
pythagoras.math# xh-dist2 <new host> x11r5_demos x11r5_fontstuff
pythagoras.math# xh-dist2 <new host> tetex-1.0
pythagoras.math# xh-dist2 <new host> xfig-3.2
pythagoras.math# xh-dist2 <new host> xemacs-20.4
pythagoras.math# xh-dist2 <new host> xpm-3.4f

Manual Package Cleanups

Use "xh-packages -I" to find out which packages where distributed to the new host but did not end up being installed for what ever reason.

xh-install setpw
xh-install accounts
xh-install accounts_client
xh-install accounts_special
xh-install mfcf-accounting
xh-install mail
xh-install jqpublic
- edit /.software/local/jqpublic/home/commands
xh-install nsdata
xh-install bind-X.X
xh-install networker-5_client
/software/networker-5_client/maintenance/nw.set.server backup.math
see "http://www.math/mfcf/internal/procedures/installation/networker.html"

If the host is to be backed up
change line in "/software/os-extras/config/local/config.d" to "CheckDumpDates=yes". (In MFCF admin this line is already in "/software/os-extras/config/admin/config.d" so it can just be removed from "/software/os-extras/config/local/config.d"
else if host is not to be backed up
then edit /software/os-extras/config/local/config.d to add a comment to say who says the system should not be backed up and make sure that a "CheckDumpDates=no" line exists in one of the "/software/os-extras/config/*/config.d" files, likely "config/local/config.d".

Final Tweaking

rcs initial /etc/vfstab and /etc/dfs/dfstab

Turn off dtlogin with "chmod a-x /usr/dt/bin/dtlogin"

<new host># xh-local-maintenance
and check the output that everything is clean

Adding User Accounts

Add host to setpw setup only if it's a regional client.

On the regional server, cd /software/setpw/data/config and add the IP address of client to setpw.config. (This allows user on this new client to change their passwd entries.)
Still in /software/setpw/data/config. cd hosts and add your hostname to hosts.*.rdist if the regional master is the same arch type, else add it to hosts.*.rebuild. hosts/hosts.< comment > . < disttype >
Run "/software/setpw/maintenance/spread_passwd -mp 50" [ie the command in the "/software/setpw/export/crontab" file.] to update the setpw package, passwd, and shadow files on the new host.