Creating Finish Scripts
A finish script is a user-defined Bourne shell script that you specify in
the rules file. A finish script performs tasks after the Solaris software is
installed on a system, but before the system reboots. You can use finish
scripts only when using custom JumpStart to install Solaris.
Tasks that you can perform with a finish script include the following:
Adding files
Adding individual packages or patches in addition to the ones that are installed in a particular software group
Customizing the root environment
Setting the system's root password
Installing additional software
Important Information About Finish Scripts
The Solaris installation program mounts the system's file systems on /a. The file systems remain mounted on /a until the system reboots. You can use the finish script to add, change, or remove files from the newly installed file system hierarchy by modifying the file systems that are respective to /a.
During the installation, output from the finish script is deposited in /tmp/finish.log. After the installation is completed, the log file is redirected to /var/sadm/system/logs/finish.log.
Ensure that root owns the finish script and that the permissions are set to 644.
You can use custom JumpStart environment variables in your finish scripts. For a list of environment variables, see Custom JumpStart Environment Variables.
Save finish scripts in the JumpStart directory.
To Add Files With a Finish Script
Through a finish script, you can add files from the JumpStart directory to
an already installed system. You can add the files because the JumpStart directory
is mounted on the directory that is specified by the SI_CONFIG_DIR variable.
The directory is set to /tmp/install_config by default.
Note - You can also replace files by copying files from the JumpStart directory to
already existing files on the installed system.
- Copy all of the files that you are adding to the installed
system to the JumpStart directory.
- Insert the following line in the finish script for each file that you
want to be copied to the newly installed file system hierarchy:
cp ${SI_CONFIG_DIR}/file_name /a/path_name
Example 4-2 Adding a File With a Finish Script
For example, assume you have a special application, site_prog, developed for all users
at your site. If you place a copy of site_prog into the JumpStart
directory, the following line in a finish script copies site_prog from the
JumpStart directory into a system's /usr/bin directory:
cp ${SI_CONFIG_DIR}/site_prog /a/usr/bin
Adding Packages or Patches With a Finish Script
You can create a finish script to automatically add packages or patches after
the Solaris software is installed on a system. By adding packages with a
finish script, you reduce time and ensure consistency in which packages and patches
are installed on different systems at your site.
When you use the pkgadd(1M) or patchadd(1M) commands in finish scripts, use the -R
option to specify /a as the root path.
Example 4-3 Adding Packages With a Finish Script
#!/bin/sh
BASE=/a
MNT=/a/mnt
ADMIN_FILE=/a/tmp/admin
mkdir ${MNT}
mount -f nfs sherlock:/export/package ${MNT}
cat >${ADMIN_FILE} <<DONT_ASK
mail=root
instance=overwrite
partial=nocheck
runlevel=nocheck
idepend=nocheck
rdepend=nocheck
space=ask
setuid=nocheck
conflict=nocheck
action=nocheck
basedir=default
DONT_ASK
/usr/sbin/pkgadd -a ${ADMIN_FILE} -d ${MNT} -R ${BASE} SUNWxyz
umount ${MNT}
rmdir ${MNT}The following describes some commands for this example.
The following command mounts a directory on a server that contains the package to install.
mount -f nfs sherlock:/export/package ${MNT}The following command creates a temporary package administration file, admin, to force the pkgadd(1M) command not to perform checks or prompt for questions when installing a package. Use the temporary package administration file to maintain a hands-off installation when you are adding packages.
cat >${ADMIN_FILE} <<DONT_ASKThe following pkgadd command adds the package by using the -a option, specifying the package administration file, and the -R option, specifying the root path.
/usr/sbin/pkgadd -a ${ADMIN_FILE} -d ${MNT} -R ${BASE} SUNWxyz
Example 4-4 Adding Patches With a Finish Script
#!/bin/sh
########
#
# USER-CONFIGURABLE OPTIONS
#
########
# The location of the patches to add to the system after it's installed.
# The OS rev (5.x) and the architecture (`mach`) will be added to the
# root. For example, /foo on a 8 SPARC would turn into /foo/5.8/sparc
LUPATCHHOST=ins3525-svr
LUPATCHPATHROOT=/export/solaris/patchdb
#########
#
# NO USER-SERVICEABLE PARTS PAST THIS POINT
#
#########
BASEDIR=/a
# Figure out the source and target OS versions
echo Determining OS revisions...
SRCREV=`uname -r`
echo Source $SRCREV
LUPATCHPATH=$LUPATCHPATHROOT/$SRCREV/`mach`
#
# Add the patches needed
#
echo Adding OS patches
mount $LUPATCHHOST:$LUPATCHPATH /mnt >/dev/null 2>&1
if [ $? = 0 ] ; then
for patch in `cat /mnt/*Recommended/patch_order` ; do
(cd /mnt/*Recommended/$patch ; echo yes | patchadd -u -d -R $BASEDIR .)
done
cd /tmp
umount /mnt
else
echo "No patches found"
if
Note - In the past, the chroot(1M) command was used with the pkgadd and patchadd
commands in the finish script environment. In rare instances, some packages or patches do
not work with the -R option. You must create a dummy /etc/mnttab
file in the /a root path before issuing the chroot command.
To create a dummy /etc/mnttab file, add the following line to your finish
script:
cp /etc/mnttab /a/etc/mnttab
Customizing the Root Environment With a Finish Script
You can also use finish scripts to customize files that are already installed
on a system. For example, the finish script in Example 4-5 customizes the root environment
by appending information to the .cshrc file in the root (/) directory.
Example 4-5 Customizing the Root Environment With a Finish Script
#!/bin/sh
#
# Customize root's environment
#
echo "***adding customizations in /.cshrc"
test -f a/.cshrc || {
cat >> a/.cshrc <<EOF
set history=100 savehist=200 filec ignoreeof prompt="\$user@`uname -n`> "
alias cp cp -i
alias mv mv -i
alias rm rm -i
alias ls ls -FC
alias h history
alias c clear
unset autologout
EOF
}
Setting a System's Root Password With a Finish Script
After the Solaris software is installed on a system, the system reboots. Before
the boot process is completed, the system prompts for the root password. Until
someone types a password, the system cannot finish booting.
A finish script that is named set_root_pw is saved in the auto_install_sample directory.
The finish script shows how to set the root password automatically, without
prompting. set_root_pw is shown in Example 4-6.
Note - If you set the system's root password with a finish script, users might
attempt to discover the root password from the encrypted password in your finish
script. Ensure that you safeguard against users who might try to determine
the root password.
Example 4-6 Setting the System's Root Password With a Finish Script
#!/bin/sh
#
# @(#)set_root_pw 1.4 93/12/23 SMI
#
# This is an example Bourne shell script to be run after installation.
# It sets the system's root password to the entry defined in PASSWD.
# The encrypted password is obtained from an existing root password entry
# in /etc/shadow from an installed machine.
echo "setting password for root"
# set the root password
PASSWD=dKO5IBkSF42lw
#create a temporary input file
cp /a/etc/shadow /a/etc/shadow.orig
mv /a/etc/shadow /a/etc/shadow.orig
nawk -F: '{
if ( $1 == "root" )
printf"%s:%s:%s:%s:%s:%s:%s:%s:%s\n",$1,passwd,$3,$4,$5,$6,$7,$8,$9
else
printf"%s:%s:%s:%s:%s:%s:%s:%s:%s\n",$1,$2,$3,$4,$5,$6,$7,$8,$9
}' passwd="$PASSWD" /a/etc/shadow.orig > /a/etc/shadow
#remove the temporary file
rm -f /a/etc/shadow.orig
# set the flag so sysidroot won't prompt for the root password
sed -e 's/0 # root/1 # root/' ${SI_SYS_STATE} > /tmp/state.$$
mv /tmp/state.$$ ${SI_SYS_STATE}The following describes some of the commands in this example.
The following command sets the variable PASSWD to an encrypted root password that is obtained from an existing entry in a system's /etc/shadow file.
#create a temporary input file
The following command creates a temporary input file of /a/etc/shadow.
cp /a/etc/shadow /a/etc/shadow.orig
The following command changes the root entry in the /etc/shadow file for the newly installed system by using $PASSWD as the password field.
if ( $1 == "root" )
The following command removes the temporary /a/etc/shadow file.
rm -f /a/etc/shadow.orig
The following command changes the entry from 0 to a 1 in the state file so that the user is not prompted for the root password. The state file is accessed by using the variable SI_SYS_STATE, which has a value currently of /a/etc/.sysIDtool.state. To avoid problems with your scripts if this value changes, always reference this file by using $SI_SYS_STATE. The sed command that is shown here contains a tab character after the 0 and after the 1.
sed -e 's/0 # root/1 # root/' ${SI_SYS_STATE} > /tmp/state.$$
Non-Interactive Installations With Finish Scripts
You can use finish scripts to install additional software after the Solaris OS
is installed. The Solaris installation program prompts you to enter information
during the installation. To maintain a hands-off installation, you can run the Solaris
installation program with the -nodisplay or -noconsole options.
Table 4-1 Solaris Installation Options
Option |
Description |
|---|
-nodisplay |
Runs the installer without a
graphic user interface. Use the default product installation unless the
installation was modified by the -locales option. |
-noconsole |
Runs the installation without any interactive
text console device. Useful when paired with -nodisplay for UNIX
script use. |
For more information, see the man page installer(1M).
