for the x86 solaris we're still using jumpstart, so we're still going to use a solaris boot image, not the gentoo image. the only difference is that it pxe boots to get the solaris boot image.
the bmisolaris-x86 is actually in the 'external files' zip, not the 'provision files'. (i know, it's confusing).
that provision-files zip is for building boot images, which you don't need to do for solaris.
I got past my first issue by following the instructions in the "JumpStart Setup" of the install guide. Now when I provision my system package, I get this.
savitha:SuperUsers: You must be root to run ./add_install_client
savitha:SuperUsers: add install client failed
I've attached the appserver.log file. Here's the agentinfo for my JumpStart server:
blserver% agentinfo Sol10x86JSS
Agent Release : 184.108.40.2060
Hostname : Sol10x86JSS
Operating System: SunOS 5.10
User Permissions: 0/0 (root/root)
Security : Protocol=5, Encryption=TLS1
Host ID : 148642B7
of Processors : 1
License Status : Licensed for NSH/CM - Expires Tue Oct 6 16:42:34 2009 blserver%
As you can see, the "Administrator" user on my BladeLogic app server is mapped to the "root" user on the Solaris machine. So why am I seeing this failure?
when you did the 'agentinfo' were you logged in as 'savitha:SuperUsers' to BladeLogic?
can you send the rscd.log from the jumpstart box? (/usr/nsh/log/rscd.log)
Yes, I ran the agentinfo command from NSH logged in as the savitha:SuperUsers user. The SuperUsers role has all the Authorizations (Profiles, Systems, Commands) that exist in the system granted to it. I provisioned the Solaris system package logged in from Provisioning Manager as the same user. I've attached the rscd.log file from the JumpStart server.
rscd.log 6.6 K
i think the problem is here:
04/07/09 17:11:21.156 INFO1 rscd - 10.5.103.49 1469 60001/60001 (SuperUsers:savitha
you're getting mapped to nobody (60001/60001)
So should I add savitha:SuperUsers to the users.local file? If so, how? This user is just a BladeLogic user and is not an actual windows local user. This is the contents of my users.local file and the RSCD is running as root. "Administrator" is the user I'm logged in as into my BladeLogic server that is running on Windows Server 2003.
$ cat /usr/lib/rsc/users.local
Copyright (c) 2001-2007 BladeLogic, Inc.
-- All Rights Reserved --
This file contains a list of user permission overrides. The permissions
defined in this file will override any associated permissions defined in the
"exports" or "users" file.
Please read the BladeLogicAdministration.pdf for details on how to use this
$ ps -ef | grep rsc
root 2849 1299 0 17:06:22 pts/4 0:00 grep rsc
root 1366 1365 0 Apr 07 ? 0:00 bin/rscd
root 1367 1365 0 Apr 07 ? 0:00 bin/rscd
root 1365 1 0 Apr 07 ? 0:00 bin/rscd
What's interesting is, I ran nexec to reboot the machine with the following command and it worked. Notice how the command got mapped to 0/0 and you need to be root to reboot a Solaris machine.
blserver% nexec Sol10x86JSS reboot
04/08/09 17:12:22.525 INFO rscd - 10.5.103.49 2880 0/0 (Administrator): nexec: nexec Sol10x86JSS reboot
04/08/09 17:12:22.537 INFO1 rscd - 10.5.103.49 2880 0/0 (Administrator): nexec: > 01010 Execute remote command: reboot
When you run the provision job, it's going to try and write the files as the BladeLogic user that ran the job, so that 'role:user' combo needs to be in either the users (from an acl push) or the users.local file (done manually)
for now, put:
in the users.local file on the jumpstart box.
if you have the permissions for that role set, just push acls and that entry should get in the users file, which would be the preferable way to do it.
I suppose as an alternative, I can run the BladeLogic Application Server as local "Administrator", instead of "Local System Account". Is there any harm in doing that?
and you're logged into the system you are running NSH from as 'Administrator' ?
what happens is that if you run nsh from the cmd line or start menu, you don't pickup and BladeLogic credentials, so it sends over 'Administrator', and since you have a mapping for that, it maps you to root.
but when you run the job through bladelogic it's sending over your bladelogic creds (SuperUsers:savitha), which doesn't seem to have a mapping.
that still won't work because it will still send your bladelogic creds over.
you shouldn't have to run the appserver as 'Administrator', it should run fine under 'Local System', I'm not sure if there would be issues if you had it run as 'Administrator'
OK. Mapping SuperUsers:savitha got me past my current issue, but I have other questions regarding Solaris provisioning on x86, for which I'll start another thread. Thank you for your help with this!