Mar 12, 2012 - One of the reasons that customers choose to run Solaris 11 Express on. In this entry, I will show you the steps to create a Solaris 10 branded zone on. #zoneadm -z s10-zone install -a /u01/common/images/solaris10 -u. How to Install the solaris10 Branded Zone. A configured solaris10 branded zone is installed by using the zoneadm command with the install subcommand. For information about creating images of Oracle Solaris 10 systems, see Creating the Image for Directly Migrating Oracle Solaris 10 Systems Into Zones.
Note: You can use the 'pkginfo grep CAeAC' command to check which product versions are currently installed. The following diagram shows how to upgrade on Solaris Zones: Follow these steps:. Update Solaris Native Package. source Note: Due to a Solaris 11 limitation, the CA Privileged Identity Manager package is not propagated into non-global zones during installation. We recommend you to install the product in each zone individually using the Solaris native packaging tool (pkgadd). Verify Prerequisites.
You find the Solaris native package for each of the supported Solaris operating systems in the NativePackages directory of the CA ControlMinder Endpoint Components for UNIX DVD. pre.tar.
SolarisPKG.tar.Z. converteacpkg.
customizeeacpkg The SolarisPKG.tar is the native package for Solaris. The pre.tar file is a compressed tar file containing installation messages and the CA ControlMinder license agreement. Follow these steps:.
Copy the installation files from the media to a temporary directory $PACKAGEDIR (readable for group and world). For example, /tmp. Pvs -d /usr/lib/libCstd.so.1 libCstd.so.1; SUNW1.1.1; SUNW1.1; SUNW1.2; SUNW1.3; SUNW1.3.1; Customize the Solaris Native Packages Before you can install CA Privileged Identity Manager using a native package, you must customize the package and specify that you accept the license agreement. You can also specify custom installation settings when you customize a package. To customize a package, extract the installation parameters file from the package, modify the file as required, and load it back into the package. Some commands are available in the customization script so that you do not have to modify the parameters file. Note: Ensure that the parameters for cryptographic options of the DH are the same as those in the environment where installbase is installed customizeeacpkg Command Customize Solaris Native Package The customizeeacpkg command runs the Solaris native package customization script.
Consider the following when using this command:. The script works on any of the available CA Privileged Identity Manager Solaris native packages. To customize a package, the package must be in a read/write directory on your file system. For localized script messages, you need to have pre.tar file in the same directory as the script file. This command has the following format. Note: If you do not specify a file when using the -g option, the installation parameters are directed to the standard output (stdout).g Gets the installation parameters file and places it in the file specified by the -f option.h Displays command usage.
When used in conjunction with the -l option, displays the language code for supported languages.i installloc Sets the installation directory for the package to installloc/AccessControl.k keyfile Defines the full pathname of the root private key file. Note: The default temporary directory is /tmp.w keyword Defines the keyword that specifies that you accept the license agreement. You can find this keyword at the end of the license agreement (inside square brackets). To locate the license agreement file, use the -a option. Upgrade Solaris Native Package on Solaris Zones To manage the product installation with all your other software installations, install the customized CA Privileged Identity Manager Solaris native package.
Make sure you use the same product version in all zones. Solaris native packaging may require user interaction by default, and we recommend to configure the installation as follows to run silently. ls -l /etc/seos.ini /etc/seos.ini - /opt/CA/AccessControl128P0000/seos.ini The installation is complete. You can now start CA Privileged Identity Manager. Install on a Solaris Branded Zone Solaris pkgadd does not support propagation of applications installed in the Solaris 10 global zone into branded zones. CA Privileged Identity Manager requires an ioctl instead of a syscall to communicate with the kernel module. Note: The installation parameter file also lets you install on branded zones automatically when you install on the global zone.
Follow these steps:. Edit the $PACKAGEDIR/paramtemplate file, and change the following setting. If SEOSuseioctl is set to 0, you need to modify CA Privileged Identity Manager to use ioctl for communication in all zones. Once you make this change and reboot all zones, the installation is complete. New Zone Setup If you install CA Privileged Identity Manager using Solaris native packaging on all zones, CA Privileged Identity Manager also automatically installs on any zones you create after the original installation. However, while the product post-installation procedure scripts need to run from within the non-global zone, for new zones, these scripts can only run once the new zone configuration is complete.
![Branded Branded](http://3.bp.blogspot.com/-Cbb0W7WzodM/UijEv5BF27I/AAAAAAAAAc4/zFzm8tgvF_M/s1600/InheritedPackagesZones.png)
Specifically, you must run the 'zlogin -C zonename' command (which, completes the configuration of the name service, the root password, and so on). Note: For more information on setting up a new zone correctly, see Sun's System Administration Guide: Solaris Containers-Resource Management and Solaris Zones, which is available at. Start and Stop CA Privileged Identity Manager in a Zone To start and stop CA Privileged Identity Manager in Solaris 10 zones, use the same process you would use to start and stop the product on any Solaris computer.
The following exceptions apply to starting the product in zones:. Load the product kernel module (SEOSload) from the global zone only. Load the product kernel module in the global zone before you start the product in any non-global zone. Once the product kernel module is loaded in the global zone, you can then start and stop the product in any non-global zone and in any order. The following exceptions apply to stopping the product in zones:. You cannot unload the product kernel module when one or more zones has maintenance mode enabled. You can stop the product in all zones in any order by issuing the secons -s command in each zone.
You can stop the product in all zones at the same time by adding all zones to a GHOST record and then issuing the secons -s ghostname command from the global zone. This is useful, for example, when you want to upgrade CA Privileged Identity Manager across all zones. You should stop the last zone with the secons -sk to disable event interception and prepare the CA Privileged Identity Manager kernel module for unloading. You can unload the product kernel module (SEOSload -u) from the global zone only. Note: The SEOSload -u command ensures that the product is not running on any non-global zone before unloading it. Start CA Privileged Identity Manager in A Non-global Zone You can start the product from any non-global zone just as you would normally, but first load the the product kernel module in the global zone. Follow these steps:.
In the global zone, enter the SEOSload command to load the CA Privileged Identity Manager kernel module. The kernel loads and you can now start the product in any zone. The installer could not unload CA ControlMinder and switch to the new version. The post-install configuration is not complete.
In order to complete the installation process, choose one of the following options: -Shut down and unload CA ControlMinder, then run /opt/CA/AccessControl/lbin/switchver.sh -Reboot the machine. The installation process continues automatically. Solution: Follow the instructions in the message to switch manually. Do one of the following:. Switch manually to the upgraded version without rebooting.
Shut down CA Privileged Identity Manager. Unload CA Privileged Identity Manager.
Run /opt/CA/AccessControl/lbin/switchver.sh in the global zone. Run /opt/CA/AccessControl/lbin/switchver.sh in the internal zones. The upgraded version of CA Privileged Identity Manager starts running. Switch to the upgraded version after rebooting.
Reboot the machine running the global zone. Wait approximately 10 minutes before logging on again. The upgraded version of CA Privileged Identity Manager starts running.