HP Ignite-UX Administrator's Guide

Ignite-UX Administration Guide

for HP-UX 11i
Abstract
This guide describes installing, configuring, and using Ignite-UX to install and recover HP-UX. It is intended for administrators with in-depth knowledge of HP-UX operating system concepts, commands, and configuration; HP computer hardware and software; upgrading software, applying patches, and troubleshooting problems; and knowledge of TCP/IP networking concepts and network configuration.
HP Part Number: B3921-90077 Published: March 2013 Edition: 38
© Copyright 1999, 2013 Hewlett-Packard Development Company, L.P.
Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.
Acknowledgements
Intel® Itanium® Logo, Intel, Intel Inside and Itanium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United
States and other countries.
Microsoft® and Windows® are U.S. registered trademarks of Microsoft Corporation.
Java® is a US trademark of Sun Microsystems, Inc.
UNIX® is a registered trademark of The Open Group.
Revision History
Table 1 Revision History
Number
Operating Systems SupportedDocument Manufacturing Part
Edition No.
Publication Date
March 201338HP-UX 11i v1, 11i v2, 11i v3B3921-90077
March 201338HP-UX 11i v1, 11i v2, 11i v3B3921-90073
March 201238HP-UX 11i v1, 11i v2, 11i v3B3921–90070
September 201137HP-UX 11i v1, 11i v2, 11i v3B3921-90066
March 201136HP-UX 11i v1, 11i v2, 11i v3B3921-90050
September 201035HP-UX 11i v1, 11i v2, 11i v3B3921–90032
March 201034HP-UX 11i v1, 11i v2, 11i v3B3921–90006
September 200933HP-UX 11i v1, 11i v2, 11i v35992–6584
November 200832HP-UX 11i v1, 11i v2, 11i v35992-5309
September 200831HP-UX 11i v1, 11i v2, 11i v35992–4731
March 200830HP-UX 11i v1, 11i v2, 11i v35992–3336
December 200729HP-UX 11i v1, 11i v2, 11i v35992–1959
September 200728HP-UX 11i v1, 11i v2, 11i v35992–0602
June 200727HP-UX 11.00, 11i v1, 11i v2, 11i v35991–7999
February 200726HP-UX 11.00, 11i v1, 11i v2, 11i v35991-6440
December 200625HP-UX 11.00, 11i v1, 11i v2B2355-91049
September 200624HP-UX 11.00, 11i v1, 11i v2B2355-90997
June 200623HP-UX 11.00, 11i v1, 11i v2B2355-90970
March 200622HP-UX 11.00, 11i v1, 11i v2B2355-90959
December 200521HP-UX 11.00, 11i v1, 11i v2B2355-90941
September 200520HP-UX 11.00, 11i v1, 11i v1.6, 11i v2B2355-90893
June 200519HP-UX 11.00, 11i v1, 11i v1.6, 11i v2B2355-90875
December 200418HP-UX 11.00, 11i v1, 11i v1.6, 11i v2B2355-90872
September 200417HP-UX 11.00, 11i v1, 11i v1.6, 11i v2B2355-90849
Table 1 Revision History (continued)
Number
Operating Systems SupportedDocument Manufacturing Part
Edition No.
Publication Date
June 200416HP-UX 11.00, 11i v1, 11i v1.6, 11i v2B2355-90837
March 200415HP-UX 11.00, 11i v1, 11i v1.6, 11i v2B2355-90834
December 200314HP-UX 11.00, 11i v1, 11i v1.6, 11i v2B2355-90831
September 200313HP-UX 11.00, 11i v1, 11i v1.6, 11i v2B2355-90788
September 200312HP-UX 11.00, 11i v1, 11i v1.6B2355-90829
June 200311HP-UX 11.00, 11i v1, 11i v1.5, 11i v1.6B2355-90810
March 200310HP-UX 10.x, 11.00, 11i v1 , 11i v1.5, 11i v1.6B2355-90772
December 20029HP-UX 10.x, 11.00, 11i v1, 11i v1.5, 11i v1.6B2355-90767
October 20028HP-UX 10.x, 11.00, 11i v1, 11i v1.5, 11i v1.6B2355-90770
September 20027HP-UX 10.x, 11.00, 11i v1, 11i v1.5, 11i v1.6B2355-90765
September 20026HP-UX 10.x, 11.00, 11i v1, 11i v1.5B2355-90758
June 20025HP-UX 10.x, 11.00, 11i v1, 11i v1.5B2355-90750
March 20024HP-UX 10.x, 11.00, 11i v1, 11i v1.5B2355-90749
June 20013HP-UX 10.x, 11.00, 11i v1, 11i v1.5B2355-90738
December 20002HP-UX 10.x, 11.00, 11i v1B2355-90704
March 19991HP-UX 10.x, 11.00, 11i v1B2355-90677

Contents

1 Ignite-UX Overview...................................................................................10
Ignite-UX Features...................................................................................................................10
Getting the Ignite-UX Software ................................................................................................12
Ignite-UX Commands and Manpages........................................................................................13
Introduction to the Ignite-UX Graphical User Interface..................................................................14
How Ignite Works...................................................................................................................17
The Ignite-UX Install Environment..........................................................................................18
Boot Sources.....................................................................................................................18
Installation Versus Recovery.................................................................................................18
Network Booting and IP Addresses......................................................................................18
Phases of Operation...........................................................................................................19
Startup........................................................................................................................19
Phase 1.......................................................................................................................20
Phase 2.......................................................................................................................20
Phase 3.......................................................................................................................21
Ignite-UX Server Requirements..................................................................................................21
Supported Peripherals ............................................................................................................23
Disks and Other I/O..........................................................................................................23
Firmware..........................................................................................................................23
Disk Arrays.......................................................................................................................23
Client Terminals.................................................................................................................23
2 Making Configuration Decisions for Ignite Servers........................................24
Boot and Install Client from Media............................................................................................24
Simple Network Solutions........................................................................................................24
Alternate Boot with Network Server Installation...........................................................................26
Complex Networks.................................................................................................................27
Diagnosing Network Boot Issues...............................................................................................27
HP-UX Diagnosing and Debugging......................................................................................28
Simple Network Debugging...........................................................................................28
Logging to syslog.log.....................................................................................................28
Using bootpquery.........................................................................................................28
RDP Diagnosing and Debugging.........................................................................................29
3 Simple Network: Creating a Server for Registered Clients..............................30
Configuring the Ignite-UX Server for PA-RISC Clients....................................................................30
Launch Ignite-UX................................................................................................................30
Launch the Server Setup Wizard..........................................................................................31
Register the PA-RISC Clients with the Server...........................................................................33
Skip DHCP Setup...............................................................................................................34
Go to the Software Setup Section.........................................................................................34
Configuring the Ignite-UX Server for Itanium-Based Clients............................................................34
Register the Itanium-based Clients with the Server...................................................................34
Use the Server Setup Wizard to Proceed to Software Depot Setup............................................35
Setting Up Software from OE Depots.........................................................................................35
More Server Setup Options......................................................................................................36
Configuring Server Options.................................................................................................36
Configuring Session Options...............................................................................................38
Setting Up Additional Software on the Server.............................................................................40
SD Software......................................................................................................................40
Non-SD Software...............................................................................................................40
4 Contents
4 Simple Network: Creating a Server for Anonymous Clients............................42
Overview of Anonymous Clients...............................................................................................42
Configuring an Ignite Server to Boot Anonymous PA-RISC Clients..................................................42
Using the Server Setup Wizard............................................................................................42
Editing the instl_boottab file................................................................................................42
Configuring an Ignite Server to Boot Anonymous Itanium-Based Clients..........................................43
Working With DHCP..........................................................................................................43
Understanding PXE Booting of Itanium-Based Systems........................................................43
Ignite-UX Server and Boot Helper Setup for DHCP.............................................................43
Isolating Ignite-UX From Noncontrollable DHCP Servers ....................................................45
5 Complex Networks: Challenges and Solutions..............................................47
How To Use This Chapter........................................................................................................47
Complex Network Challenges..................................................................................................47
Multiple Subnets................................................................................................................48
Remote Systems.................................................................................................................48
Multiple Boot Servers..........................................................................................................49
Avoiding Complex Network Issues............................................................................................49
An Ignite-UX Server for Each Subnet.....................................................................................50
A Multi-Capable Server for Each Subnet...............................................................................50
Extend the Local Subnet......................................................................................................50
Using Virtual LANs Properly for Ignite-UX..............................................................................50
Complex Network Solutions.....................................................................................................51
Automating HP-UX OS Version Selection...............................................................................51
Limit Network Response by System Class...............................................................................52
Directed Boot....................................................................................................................52
Server Selection.................................................................................................................52
Limit Network Boot Response by Network Interface Address....................................................52
Control Network Boot via Response Timing...........................................................................53
Install Remote Clients Through a Network Router....................................................................53
Multiple NICs Attach the Ignite Server to Multiple Subnets.......................................................54
Getting the Client the Correct Networking Information........................................................54
Having the Client Contact the Correct Server....................................................................55
Ignite-UX bootp Boot Helper................................................................................................55
HP-UX DHCP PXE Next Server Boot Helper for Integrity Systems...........................................56
Configuring a Next Server Boot Helper for Integrity systems...........................................56
Forwarding Boot Requests via bootp Relay.......................................................................57
Multi-Capable Subnet Boot Server........................................................................................59
Non-HP-UX Next Server Boot Helper................................................................................59
Non-HP-UX bootp Boot Helper........................................................................................59
6 Complex Networks: Multi-Capable Servers..................................................61
Configuring an RDP Server for Specific MAC Addresses..............................................................61
Configuring an RDP Server to Delay PXE Response......................................................................61
Configuring an RDP Server to Initiate HP-UX Installation...............................................................62
Setting up RDP MenuOptions via Windows Commands..........................................................62
Setting up RDP MenuOptions via Interactive UI......................................................................63
Using an RDP MenuOption for HP-UX...................................................................................66
Linux DHCP PXE Next Server Boot Helper for HP-UX Installation....................................................66
Configuring an HP-UX Server to Support Linux Boot and Installation...............................................67
RedHat Installation From an HP-UX Server.............................................................................69
SuSE Installation From an HP-UX Server.................................................................................70
Configuring an HP-UX Server to Support Windows Installation......................................................70
7 Managing I/O for Installation and Recovery................................................71
Introducing Multipathing..........................................................................................................71
Contents 5
Agile View Concepts...............................................................................................................71
Practical Considerations..........................................................................................................73
System Installation Configuration..........................................................................................73
Support for >2 TB boot disk................................................................................................77
Identifying Devices for Other Tasks.......................................................................................78
Important Characteristics of the Agile View............................................................................78
Recovery and the Agile View...................................................................................................80
Legacy DSFs and Device Matching.......................................................................................80
Persistent DSFs and Device Matching....................................................................................80
Controlling the I/O Configuration Process..................................................................................81
Agile View Questions and Answers...........................................................................................82
8 Security...................................................................................................84
Ignite-UX Server Ports..............................................................................................................84
Modifying a Bastille-Hardened System to Operate with Ignite-UX..................................................89
Enabling Ignite-UX Server Requirements................................................................................90
Enabling Ignite-UX Client Requirements.................................................................................91
Configuring Ignite to Replace TFTP with NFS..............................................................................92
Overview..........................................................................................................................92
Procedure.........................................................................................................................92
9 Booting and Installing HP-UX From the Server Using the Client Console............95
Preparing the Client for Installation ...........................................................................................95
Making Boot Decisions When Using the Client Console...............................................................96
Boot Using the Network......................................................................................................96
Boot Using Media..............................................................................................................97
Using bootsys on the Client Console..........................................................................................98
Booting PA-RISC Clients from the Console .................................................................................99
Booting Itanium-Based Clients using the Network......................................................................100
Direct Boot Profiles for Itanium-Based Systems...........................................................................102
The dbprofile Command...................................................................................................103
The lanboot Command.....................................................................................................104
Installing HP-UX From the Client Console..................................................................................105
Managing Speed and Duplexing of LAN Interfaces Executing Network Boots...............................108
Examples........................................................................................................................108
10 Booting and Installing HP-UX on Clients Using the Server...........................110
Methods of Installing Client Systems........................................................................................110
Installation Using bootsys.......................................................................................................110
Installation Using the Ignite-UX GUI.........................................................................................112
Prepare the Client for Installation........................................................................................112
Starting Ignite-UX.............................................................................................................112
Adding Clients................................................................................................................112
Booting a Client..............................................................................................................113
Configuring the Installation....................................................................................................116
New Installation..............................................................................................................116
Initializing the Installation.............................................................................................117
The Client Installation Configuration Interface..................................................................117
Basic Tab..............................................................................................................118
Software Tab ........................................................................................................125
System Tab ...........................................................................................................130
File System Tab .....................................................................................................137
Advanced Tab.......................................................................................................144
Repeat an Installation.......................................................................................................145
Executing the Installation.......................................................................................................146
Viewing and Printing a Manifest ............................................................................................149
6 Contents
11 Golden Images.....................................................................................151
Advantages of Golden Images...............................................................................................151
Creating a Golden Image......................................................................................................151
Installing the HP-UX Operating System ...............................................................................152
Installing Critical Patches onto the Operating System.............................................................152
Installing Optional Software..............................................................................................153
Customizing the System ...................................................................................................153
Creating the Golden Archive.............................................................................................153
Configuring the Ignite-UX Server to Recognize the Golden Image................................................154
Enabling the Client...............................................................................................................157
Installing the Golden Image on the Client................................................................................157
12 Customizing Your Installation..................................................................158
Using Configuration Files.......................................................................................................158
Classes of Configuration Files............................................................................................158
Combining Configuration Files Using INDEX Entries..............................................................161
Example Configuration Files..............................................................................................163
Customizations Based on the Client Hardware.....................................................................165
Customizations Based on User Selection..............................................................................166
Avoid Archiving Patch Files ...................................................................................................167
Debugging Configuration Files...............................................................................................168
Using Post-Installation Scripts..................................................................................................168
How the Installation Functions............................................................................................169
Adding a Post-Installation Script.........................................................................................169
13 Automating Installations.........................................................................171
Starting a Noninteractive Installation with bootsys.....................................................................171
Using a Saved Configuration.................................................................................................171
Specifying Defaults in the config.local File................................................................................172
Setting Defaults with instl_adm...............................................................................................172
Using the Per-Client Configuration File.....................................................................................172
Scheduling Installations.........................................................................................................174
Setting Installation Parameters Dynamically..............................................................................174
Checking Modified Files for Errors......................................................................................176
14 Creating Your Own Boot and Installation Media.......................................177
Why Use Custom Boot and Installation Media?........................................................................177
Building PA-RISC Boot and Installation Tape.............................................................................177
Possible Tape Contents.....................................................................................................177
Logical Interchange Format...........................................................................................178
Archives and Depots....................................................................................................179
Creating and Modifying an Archive Configuration File for Tape.............................................179
Creating and Modifying a Serial Depot and its Configuration File for Tape..............................180
PA-RISC Installation Tape Creation Example.........................................................................180
Assumptions...............................................................................................................180
Example PA-RISC Installation Tape Creation....................................................................181
Creating a Boot CD/DVD or an Installation DVD......................................................................182
Assumptions....................................................................................................................182
File and ISO Image Size Considerations.............................................................................182
Boot and Archive-Based CD/DVDs.....................................................................................182
Boot CD/DVD Examples..............................................................................................183
Create HP-UX 11i v3 bootable CD/DVD media for two-step media recovery...................183
Create HP-UX 11i v2 bootable media on USB DVD drive for two-step media recovery......183
Installation Archive-Based DVD Examples.......................................................................183
Put an Itanium-based HP-UX 11i v3 golden archive on a DVD.......................................183
Put a PA-RISC HP-UX 11i v2 golden archive on a DVD..................................................184
Contents 7
Put two HP-UX 11i v2 golden archives, one Itanium-based and one PA-RISC, on a DVD....184
Create a recovery DVD...........................................................................................184
Create an HP-UX 11i v2 Itanium-based recovery DVD using an existing network recovery
image...................................................................................................................184
Error messages...........................................................................................................184
No DVD available..................................................................................................184
No DVD special files...............................................................................................185
Missing -c argument on HP-UX 11i v2 USB DVD drive..................................................185
Depot-Based DVDs...........................................................................................................185
HP-UX 11i v2 Depot-Based Installation DVDs...................................................................185
HP-UX 11i v3 Depot-Based Installation DVDs...................................................................187
15 Recovery..............................................................................................188
Overview............................................................................................................................188
System Recovery...................................................................................................................188
System Recovery Tools......................................................................................................189
Recovery Tool Comparison...........................................................................................189
Considerations When Using Veritas Volume Manager from Symantec................................190
Recovery Image Contents..................................................................................................190
Recovery Image Configuration Policies................................................................................191
Reconciling Client and Server Ignite-UX Versions for Recovery................................................191
Recovery Image Creation Process.......................................................................................192
Examining Recovery Image Contents.............................................................................194
Verifying Recovery Image Results...................................................................................196
Creating and Using Recovery Tapes...................................................................................197
Recovery Tape Creation Examples.................................................................................197
Tape Recovery for PA-RISC Systems................................................................................198
Tape Recovery for Itanium-Based Systems.......................................................................199
Tape Recovery for Integrity Blade Systems.......................................................................204
Creating and Using Network Recovery Images....................................................................205
Adding Clients for Recovery ........................................................................................206
Examples of Network Recovery Image Creation..............................................................208
Recovering using the Network for PA-RISC Clients............................................................208
Recovering using the Network for Itanium-Based Clients...................................................209
Retaining Recovery Images................................................................................................210
Making Recovery Configuration File Additions.....................................................................212
Using the recovery config.local file................................................................................212
Adding a depot..........................................................................................................212
Selecting File Systems During Recovery...............................................................................212
Tape Recovery With No Tape Boot Support — Two-Step Media Recovery...............................213
Notes on Cloning Systems.................................................................................................214
Cloning a System Using make_net_recovery...................................................................215
System Recovery Questions and Answers............................................................................216
16 Support and Other Resources.................................................................220
Contacting HP......................................................................................................................220
Before you contact HP......................................................................................................220
HP contact information.....................................................................................................220
Documentation feedback..................................................................................................220
Related information...............................................................................................................220
Documents......................................................................................................................220
Websites........................................................................................................................221
Typographic Conventions.......................................................................................................222
A Troubleshooting ....................................................................................224
Errors and Warnings.............................................................................................................224
8 Contents
Ignite-UX Server Problems .....................................................................................................224
Installing Systems with Ignite-UX..............................................................................................224
Installing from Media............................................................................................................229
Installing from Golden Images................................................................................................229
Common Network Booting Errors............................................................................................230
B Configuring DHCP Services ....................................................................232
Overview of DHCP Services ..................................................................................................232
DHCP Usage Examples.........................................................................................................233
Manage Clients That Will Use DHCP During and After Installation.........................................233
Manage Clients with Temporary IP Addresses During Installation............................................233
Using bootptab as an Alternative to DHCP ..............................................................................234
Background Information on DHCP Design ..........................................................................234
C LIF Volume Contents...............................................................................235
A Description of the Files in the LIF Volume...............................................................................235
D Using Integrated Lights Out Virtual Media with Ignite-UX.............................238
E Expert Recovery......................................................................................245
Expert Recovery Preparation..................................................................................................245
The Expert Recovery Procedure...............................................................................................245
F Terminal Keyboard Shortcuts....................................................................251
Basic Keyboard Shortcuts.......................................................................................................251
Advanced Keyboard Navigation.............................................................................................251
HP Terminals...................................................................................................................251
vt100 Terminals...............................................................................................................252
Glossary..................................................................................................254
Index.......................................................................................................263
Contents 9

1 Ignite-UX Overview

Welcome to Ignite-UX! This chapter contains information for new and experienced users alike. Introductory information:
“Ignite-UX Features” (page 10)
“Getting the Ignite-UX Software ” (page 12)
“Ignite-UX Commands and Manpages” (page 13)
“Introduction to the Ignite-UX Graphical User Interface” (page 14)
Details about Ignite-UX:
“How Ignite Works” (page 17)
“Ignite-UX Server Requirements” (page 21)
“Supported Peripherals ” (page 23)

Ignite-UX Features

Client and Server Control
The installation sessions for multiple targets can be controlled from a single Ignite-UX server in a true client/server model. A GUI is provided to run on the server and manage multiple simultaneous client installation sessions. Alternatively, a single installation session can be controlled from the client machine. A single Ignite-UX installation server can serve multiple releases of HP-UX for different clients.
Easy-to-Use GUI
The Ignite-UX GUI uses tabs and dialog boxes for task navigation. The Ignite-UX GUI only runs on an Ignite-UX server.
Terminal User Interface
Ignite-UX uses a terminal user interface (TUI) with keyboard navigation when run from a client. Ignite may also be run in TUI mode from the server.
Command Line Interface
Commands that power Ignite-UX can be executed directly from the operating system's command shell on an Ignite-UX server or client. For the list of commands, see “Ignite-UX Commands and
Manpages” (page 13).
Multi-Sourced Installations
Installations can use multiple Software Distributor (SD) depots in a single installation session. For
example, you could install your base OS from one SD depot, a set of patches from another SD depot, and the applications you want from a third SD depot; all in one session.
Multiple Archive Formats
Ignite-UX supports tar, cpio, and pax format archives. (To use the pax format with 11i v2, you must have the PAX-Enh™ product installed. The pax format is not available for 11i v1.) Tools are
provided to help you create a golden image if you wish to install from an archive. You can use one archive along with one or more depots containing patches or additional software.
10 Ignite-UX Overview
One-Step Installation
Once you configure a system with a common configuration you want replicated to other systems, use Ignite-UX to either manually or automatically install each client system. This common configuration can include any supported HP-UX 11i operating system, and you can add any required patches and applications.
Custom Installations
It is easy to create a system that is ready to go as soon as the installation session completes. Many of the tasks that are typically done as separate steps after an installation have been incorporated into the installation process. Ignite-UX allows you to specify kernel parameters you want set and user-supplied scripts you would like to run as part of the session. In addition, the host and networking information normally supplied at first boot can be specified at install time.
Golden Images
A system that has been installed and tuned may be used to create an image. That image may be used as a custom configuration that may be applied in installations to other systems.
Automated Installations
Set up a configuration and then install it on a client with no further user interaction. This is possible for both the initial installation and the reinstallation cases.
Create a System Manifest
Scan a system and produce a report detailing what hardware is present, how the disks are used, what kernel modifications have been made, and what software has been installed. This report can be customized to meet your needs.
Create Custom Installation Media
Construct your own customized, bootable installation media. An example script, make_media_install, is provided that can help you create bootable media (tapes, CDs, and DVDs) with or without golden archives and SD depots. The example script can be found at /opt/ ignite/data/scripts/examples/make_media_install.
System Recovery
Ignite-UX provides consistent, reliable recovery in the event of catastrophic hardware or software failure by creating recovery images on tape (with client access to a tape drive) or on any Ignite-UX
server in your environment (with client access to the network).
Support for Multiple Architectures
Ignite-UX supports both the Precision Architecture Reduced Instruction Set Computing (PA-RISC) and the Intel®Itanium® (Itanium®-based) hardware architectures.
Support for HP Servicecontrol Manager
Ignite-UX supports installing HP-UX clients in the HP Servicecontrol Manager environment. For details, see the HP Servicecontrol Manager 3.0 User's Guide.
Support for New Hardware
Each new release of the Ignite-UX product supports the new hardware included in the corresponding release of HP-UX.
Ignite-UX Features 11

Getting the Ignite-UX Software

Ignite-UX-11-11_C.7x.xx_ HP_-UX_B.11.11_32+64.depot
Ignite-UX-11-23_C.7x.xx_ HP_-UX_B.11.11_32+64.depot
Ignite-UX-11-31_C.7x.xx_ HP_-UX_B.11.11_32+64.depot
Ignite-UX-11-ALL_C.7x.xx.depot (Complete Ignite-UX product)
IGNITE
Depot Name
Bundle Name
HP-UX versions the bundle can install/recover on client
11iv1
11iv2
11iv3
Ignite-UX-11-11
Ignite-UX-11-23
Ignite-UX-11-31
Ignite-UX is available in standard SD (Software Distributor) depot format from OE and AR media, and from the HP Software Depot Website.
Any Ignite-UX bundle is safe to install at any time. None of the filesets in Ignite-UX bundles will cause a reboot to occur.
OE and AR Media
Ignite-UX released on OE or AR media can only be installed on a server running the HP-UX version supported by the OE or AR media.
This Ignite-UX is the complete product. (The Ignite complete product is capable of installing and recovering all supported versions of HP-UX.)
If you require a version of Ignite-UX that can be installed onto any supported version of HP-UX, read the next section about downloading Ignite-UX from the HP Software Depot Website.
HP Software Depot Website
Follow this link for Ignite-UX on HP Software Depot: http://www.hp.com/go/
ignite-ux-download
The Ignite-UX depots available at Software Depot contain the latest Ignite-UX version and can be installed on servers running any supported version of HP-UX.
Support for Installation and Recovery of all Supported HP-UX Operating System Versions
Each Ignite-UX bundle contains the Ignite-UX tools, plus the data files required to install and recover the particular HP-UX operating systems indicated by the bundle name.
See the figure below for a list of available bundles and the HP-UX versions the bundles can install and recover.
NOTE: As of Ignite-UX version C.7.1, the name of the Ignite-UX complete product bundle that
installs all supported versions of HP-UX has changed from B5725AA to IGNITE.
Each bundle can be installed on a server running any version of HP-UX. For example, Ignite-UX-11-23 can be installed on a server running HP-UX 11i v1 (B.11.11). You can install one or more of the individual Ignite-UX-11-xx bundles onto your system.
HP recommends you install the complete Ignite-UX product (IGNITE) unless you want to block the
12 Ignite-UX Overview
use of a specific version of HP-UX, increase the download speed from the Software Depot website, or conserve disk space on the server.
As a best practice, do not swremove Ignite-UX before updating to a new version. Doing so will cause some files to be reset, including the INDEX file, thus you will lose any customizations.
Figure 1 Ignite-UX Bundles Available in the Ignite-UX Product
IMPORTANT: Installing individual bundles instead of the complete product might cause problems
for Ignite-UX if the complete product was installed previously. Refer to the Installing and Updating Ignite-UX white paper if you are unsure of what to install to upgrade Ignite-UX. Links to the Ignite-UX
white papers are found at http://www.hp.com/go/ignite-ux-docs.

Ignite-UX Commands and Manpages

The manual pages (manpages) associated with Ignite-UX commands are in the /opt/ignite/ share/doc/ directory, are available in the HP-UX Reference at http://www.hp.com/go/
ignite-ux-docs, and are listed in Table 2 according to the directory the commands are in.
Table 2 Ignite-UX Command Manpages
DescriptionIgnite-UX Command Manpages
Commands in /opt/ignite/bin :
add_new_client(1M)
auto_adm(4)
check_net_recovery(1M)
check_tape_recovery(1M)
Add a client to an Ignite-UX server without requiring a client boot from the Ignite-UX server.
Manage logical interchange format (LIF) AUTO configuration files.auto_adm(1M) Description of auto_adm file formats
Reboot and install systems using Ignite-UX.bootsys(1M)
Compare the files on a running system with a recovery archive made with make_net_recovery.
Compare the files on a running system with a recovery archive made with make_tape_recovery.
Replicate a PA-RISC boot tape.copy_boot_tape(1M)
Configure, install, and recover HP-UX systems.ignite(5)
Manage Ignite-UX configuration files.instl_adm(1M) Description of configuration file syntax.instl_adm(4)
Parse and debug a client's configuration files.instl_dbg(1M)
Create a boot tape for a PA-RISC system.make_boot_tape(1M)
Create Software Distributor (SD) bundles in a depot.make_bundles(1M)
Generate a configuration file for software in an SD depot.make_config(1M)
Commands in /opt/ignite/lbin:
ansitape(1M) ansitape(5)
Create SD depots from SD bundles for use by Ignite-UX.make_depots(1M)
Create a bootable ANSI labeled tape for Itanium-based systems.make_ipf_tape(1M)
Create bootable Ignite-UX LIFmedia image file.make_medialif(1M)
Create recovery images and store them on a network system.make_net_recovery(1M)
Create recovery images and store them on tape.make_tape_recovery(1M)
Manage Ignite-UX INDEX files without directly editing them.manage_index(1M)
Print a system manifest.print_manifest(1M)
Create hardware configuration file.save_config(1M)
Read and write magnetic tapes conforming to the ANSI standard for magnetic tape labelling.
Description of ANSI-labeled tape format.
Ignite-UX Commands and Manpages 13
Table 2 Ignite-UX Command Manpages (continued)
DescriptionIgnite-UX Command Manpages
archive_impact(1M)
instl_combine(1M)
Commands in /opt/ignite/data/scripts:
Calculate the per file system disk space for tar, cpio, and tar archives, and create the impacts statements for use in configuration files.
Boot protocol server for Ignite-UX clients.instl_bootd(1M)
Combine a LIF volume and file system for use on CD/DVD. This command is used to construct custom, bootable, installation media. An example script, /opt/ignite/data/scripts/examples/ make_media_install, is provided that can help you create bootable media (PA-RISC tapes, CDs, and DVDs) with or without
golden archives and/or SD depots included.
Create a depot containing Ignite-UX recovery filesets.pkg_rec_depot(1M)
Perform some administration tasks for an Ignite-UX server.setup_server(1M)
Create an archive of a client.make_sys_image(1M)

Introduction to the Ignite-UX Graphical User Interface

The Ignite-UX GUI workspace provides access to all management tasks using the menu bar and context-sensitive menus.
Figure 2 Ignite-UX GUI
The Ignite-UX GUI workspace graphically represents clients as icons labeled with the clients’ hostnames. You can:
Click a client icon to select it for further actions.
Double-click the client icon to display the Client Status dialog box.
Right-click to activate the Actions menu. You must select the client before right-clicking; any
selections made from the Actions menu apply to the selected client.
For more information about these actions, see Chapter 10: “Booting and Installing HP-UX on Clients
Using the Server” (page 110), or click Help.
14 Ignite-UX Overview
Each client’s installation status is indicated by the colored border around its icon, and the installation gauge shows the relative progress:
Green: The operating system is completely installed, booted, and running with no errors or
warnings.
Yellow: A warning condition exists and should be investigated.
Red: An error condition is present. The operating system is partially installed, or the installation
has stopped.
No color: Installation has not yet started or the client has been stopped.
Client icons are shown for all booted clients and those that can be used as recovery systems. These systems are known to Ignite-UX by their existence in the /var/opt/ignite/clients file.
File Menu
The File menu contains basic Ignite-UX functionality:
Search - Find clients that match a text string.
Print - To print a listing of systems, the display must be set with View->By Properties
Exit - Quit Ignite-UX.
View Menu
Use the View menu to customize the Ignite-UX GUI display:
Columns - Choose which client attributes to display in which column. These selections are
apparent only when the object list is displayed by properties.
Filter - View a subset of clients by selected criteria.
Sort - Orders the displayed clients by sort criteria.
By Name and Icon - Displays clients graphically.
By Properties - Displays clients in a text format rather than in the default graphical
representation.
TIP: Using the By Properties view and sorting the list makes it easier to scan for clients that
have finished installing. For example, to view the clients by the percentage of completion, select View->Sort->% Complete: Descending. The list of clients will then appear with the clients closest to completion first, as shown in Figure 3.
Introduction to the Ignite-UX Graphical User Interface 15
Figure 3 Ignite-UX GUI By Properties View
Save View as Default - Saves the current Ignite-UX GUI View settings.
Options Menu
Use the Options menu to set server configuration variables and to control the refresh rate of the Ignite-UX display.
Server Configuration - Identify and set up your installation server. The selections here are
covered in detail in “More Server Setup Options” (page 36).
Change Refresh Interval - Select how frequently you want the client display updated.
Refresh List - Update the client display immediately.
Actions Menu
To view available actions for a client, select its icon, then select the Actions menu. The actions displayed are dependent on the status of the client, so all actions may not be available. You can use the following actions to manage clients:
View Install History... - Lists details of all successfully installed clients.
Boot Client... - Boots the selected client. If no client is selected, one will be prompted for.
Add New Client for Recovery... - Selects a client to be recovered. For more information, see
“Adding Clients for Recovery ” (page 206).
Run Tutorial/Server Setup... - Displays the Welcome dialog box. From there, you can run the
Tutorial and Demo, or click Server Setup... to launch the Server Setup Wizard.
Client Status... - The status of the selected client is polled and displayed, as in Figure 4 (page 17).
16 Ignite-UX Overview
Figure 4 Client Status Dialog Box
Install Client - Starts the HP-UX installation process for the selected client. This process is
explained in Chapter 10: “Booting and Installing HP-UX on Clients Using the Server” (page 110).
Stop Install... - Stops the installation process on the selected client. After stopping an install,
you can reboot or halt the client.
Create Network Recovery Archive - Creates a network recovery image using the
make_net_recovery command. See Chapter 15: “Recovery” (page 188) for more information.
Create Tape Recovery Archive - Creates a recovery image using the make_tape_recovery
command. See Chapter 15: “Recovery” (page 188) for more information.
Move to History... - Saves critical files for the client, adds them to the history file, and removes
the client. The client installation must successfully complete for the configuration to be moved to the history file.
Remove Client... - Deletes the selected client configuration. All client data, except for the
recovery image, is removed. Recovery information in the client’s directories will be removed.
View Hardware... - Lists the hardware associated with the selected client.
View/Print Manifest... - Allows you to view and print the manifest for the selected client. The
manifest file details the client’s installation and is available on the client and Ignite-UX server after the installation. For more information, see “Viewing and Printing a Manifest ” (page 149).
Change Icon Name... - Launches a dialog box for renaming the selected icon.

How Ignite Works

When deciding the best way to use Ignite in your data center, it might be useful to understand the structure of Ignite – how it gets started on the client and the functional steps it performs. This section
How Ignite Works 17
describes the major components of Ignite and where they come from. Ignite installation and recovery is described in terms of phases, with each phase described in detail.

The Ignite-UX Install Environment

HP-UX installation and recovery is accomplished using the Ignite-UX install environment. The Ignite install environment is a small subset of the HP-UX operating system that allows HP-UX to
install itself onto a system. During the initial phases of installation and recovery, the install environment runs in client memory without any disk-based storage. A memory-based RAM disk holds the initial root file system needed for HP-UX operation. While operating with a memory-based root disk file system, file system space is very limited. On smaller memory systems, memory for the HP-UX kernel and processes might also be limited. Command libraries and other files must be loaded and removed as needed. (Increasing the size of the memory-based root disk to make more space would result in insufficient memory being available for the processes that accomplish installation and recovery.) Once the correct disks are identified, volumes and file systems are created. The install environment then switches to a disk-based file system. When that is completed, some of the RAM disk space is freed.
The Ignite install environment consists of:
[W|V|I]INSTALL – The HP-UX install kernel, which is statically linked and includes a wide
variety of I/O and other modules so it is able to run on all supported systems.
[W|V|I]INSTALLFS – The initial HP-UX install file system, which is copied into the root RAM
disk during boot. The first 8 KB can contain Ignite-UX configuration content.
INSTCMDS or INSTCMDSIA, SYSCMDS or SYSCMDSIA, and RECCMDS or RECCMDSIA –
Archives of commands, libraries, and other files needed to accomplish installation and recovery,
but are not needed to initially get the install environment running. These are loaded as needed during installation and recovery.
The Ignite-UX install kernel and install file system are loaded into system memory by the standard HP-UX boot loader or virtual system boot loader software. Note that there are a number of boot sources where the Ignite install environment may reside. Also, the details of booting vary according to your Ignite data center configuration.

Boot Sources

Ignite always retrieves the install kernel and install file system from the boot source. By default, Ignite retrieves INSTCMDS[IA], SYSCMDS[IA], and RECCMDS[IA] from that same boot source, but can get these command archives from a different source if requested to. Ignite can determine the boot source by querying the HP-UX kernel.
Ignite can switch its source for command archives and depots if configuration information in the install file system instructs it to, or if instructed to by the Ignite user interface.
Ignite will operate in the same manner, regardless of the boot source.

Installation Versus Recovery

Ignite internally uses the same approach, regardless of whether you are performing an installation or recovery. The terms “installation” and “recovery” are valuable to describe intended use, but Ignite's internal operation make it possible to blur the distinction between the two, such as when you use golden images.
This design is quite powerful, and allows Ignite to handle significant system differences during recovery by adapting as needed and regressing to more install-like behavior if required.

Network Booting and IP Addresses

When a system boots HP-UX from an Ignite-UX server, it needs an IP address to get the operating system kernel. This first IP address is not necessarily the same IP address the system will be assigned
18 Ignite-UX Overview
for networking when its kernel is up and running. The mechanisms for distributing the first and second IP addresses are sometimes different.
PA-RISC Systems
When a PA-RISC system boots from an Ignite-UX server, the first IP address request is answered by the instl_bootd daemon. This communication uses ports 1067 and 1068. The file /etc/ opt/ignite/instl_boottab is referenced to assign the first IP address to the booting system whether it is registered or anonymous.
After HP-UX is running on a PA-RISC system, it requests a second IP address for networking. This request is answered by bootpd using ports 67 and 68. The /etc/bootptab file is referenced for registered clients; DHCP services are used for anonymous clients.
Itanium-Based Systems
When an Itanium-based system boots from an Ignite-UX server, the first IP address request is answered by the bootpd daemon. This communication uses ports 67 and 68. The file /etc/ bootptab is referenced to assign the first IP address to a registered booting system. If the system is not registered, and you are running HP-UX 11i v2 or HP-UX 11i v3 on the Ignite-UX server, DHCP is used to assign the booting IP address.
When Itanium-based systems request a second IP address for networking, it uses the same daemon, file and ports described above. Configuring DHCP for booting is separate from configuring DHCP for assigning network IP addresses. See “Configuring an Ignite Server to Boot Anonymous
Itanium-Based Clients” (page 43) for information about how to configure DHCP for assigning first
(boot) and second (networking) IP addresses without conflict.

Phases of Operation

Ignite uses the sequence of high-level phases outlined below to accomplish installation and recovery. Depending on configuration information, some steps within these phases might be skipped. At a very high level, Ignite operates in four phases:
Startup – The install environment is loaded from the boot source to the client memory. Ignite
runs in client memory. The operation is configured and launched. If the installation or recovery is interactive, the user interface is run to create a configuration.
Phase 1 – Storage is set up and Ignite moves to the client disk.
Phase 2 – HP-UX archives and depot software are installed. The HP-UX kernel is built. A reboot
is required to start the final HP-UX kernel and make the new file system the root file system.
Phase 3 – Software is configured. The system is now fully installed or recovered after a reboot
or halt.
Startup
Ignite-UX software is started and the Ignite user interface is run to select, create, or modify the configuration that will be used to control installation or recovery. The result of this phase is a detailed system configuration to be used for installation or recovery. Processing for this phase is done on a RAM file system.
1. The install kernel and install file system are loaded from the boot source to the client memory via boot loader functionality. The HP-UX install kernel is started.
2. The Ignite software is started by the install kernel as an application process running on the install file system.
3. Additional RAM file systems are created to allow enough file system space for loading system setup content.
4. If the system has SAS disks, the I/O configuration is modified as needed to make the mapping between bays and HW paths consistent. This aids consistent installation and recovery.
How Ignite Works 19
(Improved agile device selection and recovery has eliminated the need for this feature and might result in this step being removed in the future.)
5. Configuration content from the install file system is loaded to determine if the Ignite TUI should be started and if special inventory control is needed. (The Ignite TUI is started by default.)
6. A system I/O inventory is performed. This identifies devices where HP-UX may be installed, and identifies devices and networks used to accomplish installation. Install file system configuration and boot loader option content may be used to control inventory. The boot source is also determined.
7. Unless configuration information directs otherwise, the Ignite TUI is launched on the client.
The operation to be performed is set. (Advanced Install is the default operation.)
Networking configuration information is determined, if the installation requires the network.
The complete set of Ignite configuration files is read and parsed. Note that changing the
Configuration or Environment will result in rereading and parsing config content, since these changes generally result in changes to the set of config files.
System, software, file system, and other configuration changes are gathered via the
interface.
When Go! is selected from the user interface, the requested installation or recovery is
launched.
Configuration sanity checking is performed. If there are problems, you are returned to
the TUI.
Phase 1
The modified configuration is saved to control installation or recovery processing.
8. If the TUI was not selected to launch, sanity checking is done on the selected config.
Storage is set up and Ignite relocates to the new disk file system. The result of this phase is the install or recovery functionality running on what appears to be a normal disk-based file system, and if recovery, an I/O configuration that appears to be restored. Some aspects of the configuration cannot be fully restored until reboot. Processing for this phase is done on a RAM file system.
1. During a recovery, the original I/O configuration is restored if I/O instance data is present in the config. Some aspects of the configuration might be instantly changed. Some aspects are temporarily changed and will be finalized during reboot. If the current system is different, some aspects of the I/O configuration will be impossible to restore.
2. Create disk partitions if needed (Integrity systems only).
3. Create volume manager volumes as needed.
4. Create and mount file systems.
5. Determine software sources and selections.
6. Run pre-config control scripts.
7. Set boot path.
8. Set up and enable swap space.
9. Save final volume configuration data to disk file system.
10. Set locale.
11. Move needed content from RAM file system to disk file system. Load the complete set of commands, libraries, and other files required to accomplish installation and recovery from Ignite command archives to the new disk file system (SYSCMDS or SYSCMDSIA).
12. Change the root directory to the disk file system with chroot.
Phase 2
File content is installed or restored. The result of this phase is the final disk file system and content. Some cleanup and processing that must be done after system reboot is still required. For the HP-UX
20 Ignite-UX Overview
Phase 3
install kernel, the RAM file system is still the root disk. For the commands in this phase, the new
disk file systems is the root file system. A reboot is required to change the HP-UX kernel root disk from the RAM disk to the final disk.
1. Release RAM disk space to accommodate software installation and kernel build processes to be done later.
2. Load the archive if indicated in the config (for recovery and golden image installation).
3. Update mnttab so it appears to be correct during installation and kernel build.
4. Create device special files.
5. If needed, rename device files to make the I/O configuration appear fully restored.
6. Update bootconf.
7. Change I/O configuration files to match final instance config using ioinit and ioscan
-M.
8. Load depot-based software if indicated in the configuration.
9. Save configuration so it is available for reuse.
10. Build final system kernel.
11. Set up the inittab file so final Ignite-UX processing will be done after reboot.
12. Reboot system.
Software is configured and final installation or recovery cleanup is done. The result of this phase is a fully installed or recovered system, ready for use after reboot. If configuration has been deferred, the system will be set up to run FIRST-BOOT set_parms on initial boot so you may choose the hostname, IP address, and other settings. Processing for this phase is done using the final disk-based file system.
1. Update the AUTO boot file.
2. Configure software.
3. Configure final networking.
4. Generate a system manifest.
5. Save the installation information for deferred configuration.
6. Perform final cleanup.
7. Reboot or halt system.

Ignite-UX Server Requirements

Hardware Requirements
An Ignite-UX server supporting boot, installation and recovery for clients requires the following hardware:
Computer: An HP 9000 (PA-RISC) system running HP-UX 11i v1, HP-UX 11i v2, or HP-UX 11i
v3; or an Itanium®-based system running HP-UX 11i v2 or HP-UX 11i v3 is required.
Memory: Client installation and recovery performance is typically limited by network throughput.
Normally, no special consideration for system memory is needed.
DVD drive: A DVD device is recommended to simplify copying HP-UX release depots directly
from installation media to the Ignite-UX server.
Tape device: As part of your overall disaster recovery plan, you should consider how the
Ignite-UX server itself would be recovered. A tape drive allows the Ignite-UX server to use tape media to save the server’s own recovery archive. Note that depots, saved client recovery archives, and other client-specific content typically should not be included in the recovery archive saved to tape. This client content should be saved using backup software. Not all systems support tape boot and so require two-step media recovery. See “Tape Recovery With
Ignite-UX Server Requirements 21
No Tape Boot Support — Two-Step Media Recovery” (page 213) and the Ignite-UX Installation
Booting white paper available at http://www.hp.com/go/ignite-ux-docs for more information.
Network interface: One or more network adapters to support network boot and installation
is required. A network adapter directly connected to each supported subnet is preferred. Note that multiple simultaneous network installations and recovery operations can create significant network traffic.
Disk space: An Ignite-UX server might need considerable disk space.
Ignite-UX servers must have at least 2 GB of free disk space available in /opt/ignite
to support installation of all HP-UX releases (B.11.11, B.11.23, and B.11.31). To save space, you can support only those HP-UX releases you plan to install or recover.
Ignite-UX servers might require significant space in /var/opt/ignite to support clients’
systems, store software depots, and save recovery archives. Default HP-UX file system sizes are unlikely to be sufficient for an Ignite-UX server. You should consider the number of client systems you intend to support and the maximum number of recovery archives to be saved for each client.
The size of a recovery archive depends on the content being saved. A recovery archive will normally include at least a full set of HP-UX operating system software.
File system space is needed to hold depots required for installation. You should consider
how many different OS releases the server might need to support. Note that you might also want to support different OE versions of each HP-UX revision on your Ignite server, such as the HP-UX 11i v2 September 2004 OE release and the 11i v2 September 2006 OE release, or the 11i v3 Base OE (BOE) and the 11i v3 Virtual Server OE (VSE-OE) of a particular release. Space will also be needed to store additional application and patch depots.
If you use golden images, file system space is needed to hold them. Consider the size
and number of images you will require.
See the HP-UX Installation and Update Guide available from http://www.hp.com/
go/hpux-core-docs for a detailed description of the disk space required for all
Operating Environments for your version of HP-UX.
Other Considerations
An Ignite-UX server might also require software, utilities, and configuration:
Use of TFTP: Ignite-UX transfers some files using TFTP. A list of the minimum directories needed
for file transfer is kept in the /etc/inetd.conf file. You might need to add directories to the list if you place configuration scripts in nonstandard locations.
For example, the Ignite server must have the following entry in its /etc/inetd.conf file.
tftp dgram udp wait root /usr/lbin/tftpd\ tftpd /opt/ignite /var/opt/ignite
If you are using HP Serviceguard clusters or systems with multiple IP addresses on a LAN interface, use the -s option with tftp and install the patch PHNE_28762 11.11.
Use of ssh: With Ignite-UX version C.6.8 and later, bootsys can use ssh, and ignite can
use ssh for make_[tape|net]_recovery. With Ignite-UX version C.7.1 and later, the ignite command can use ssh when calling bootsys. To use ssh, it must be available on the Ignite server and on the client, and you must have an existing public/private key pair.
Optional use of an X11 display server: An X11 display server allows you to use the GUI to
configure and start Ignite. Your Ignite-UX server can use an X server to display the Ignite GUI, or you can redirect the display to another X terminal by entering the following command:
22 Ignite-UX Overview
export DISPLAY=system_name:0.0
If DISPLAY is not set on the server, the Ignite TUI will run.
Software: Get Ignite-UX and any software depots you plan to distribute to clients from the
product media (CD or DVD). Ignite-UX can also be downloaded from the web; see “Getting
the Ignite-UX Software ” (page 12) for more information.
Client access to server: There are multiple methods of having clients contact the Ignite server,
each suited to a different environment. See Chapter 2 (page 24) for more details.

Supported Peripherals

Disks and Other I/O

If a disk device is visible, it does not mean it is supported for installation. It is important to verify that the disk is supported by the system, the host bus adaptor (HBA), the firmware, the HP-UX release, and the volume manager to be used.
Computer system hardware documentation should be consulted for supported I/O configurations. See the HP Business Support Center http://www.hp.com/bizsupport for HP computer system hardware documentation.
VxVM support is provided for a specific set of devices. The list of supported devices should be consulted – see http://www.hp.com/go/hpux-core-docs. Look for the section Support Matrixes, and the document entitled Device Support Information for Veritas Products on HP-UX.
LVM supports all the devices HP-UX supports. See the HP-UX Supported Mass Storage Devices
Matrix for a table of I/O devices supported for each version of HP-UX.

Firmware

At times you might need new firmware to support a new device or HBA. Ensure that the client’s firmware supports the devices and HBAs to be used for boot and root. For example, after the HP9000 rp8400 system was first released, firmware changes enabled the system to boot from disks connected to Ultra 160 HBAs. Check the Installation and Update Guide for your HP-UX release, available at http://www.hp.com/go/hpux-core-docs, for instructions on finding firmware information.
Additionally, firmware support for Fibre Channel, tape devices, and LAN cards might vary. In some cases, devices are supported for data use, but device boot is not supported.

Disk Arrays

You can install disk arrays using HP-UX, but Ignite-UX does not directly support configuring an array. The disk array must be configured first; see your array documentation for configuration instructions. In some cases, system firmware may be used to set up disk arrays. The Ignite-UX install
environment contains tools that are also used to help configure disk arrays. To use these tools in
the install environment, you will need to use the expert recovery functionality to start an install environment shell. It might also be necessary to load files that are not normally included in the install environment by using the Ignite-UX loadfile command. When array configuration is complete, it is necessary to reboot the system in order to use the newly configured disk LUNs during install.

Client Terminals

The Ignite-UX client-side operating system installation tools support VT100 and Wyse 60 terminals, compatible terminal emulators, and all HP terminals. Additional information regarding how to navigate within the Ignite-UX GUI with the keyboard is found in Appendix F (page 251).
Supported Peripherals 23

2 Making Configuration Decisions for Ignite Servers

Ignite is flexible when configuring networking options and even allows options that don't require networking. Also, you can switch to a source other than the boot source for install content. These features allow you to choose from a variety of installation and recovery solutions.
Below are installation solutions, starting with the most simple and progressing to those more complex. This chapter finishes with network booting debugging techniques.

Boot and Install Client from Media

These options do not require a network:
Cold install or update a single system directly from media kit DVDs
You can use the HP-UX 11i media kit DVDs with Ignite-UX to cold install or update a system. For more information, see the HP-UX Installation and Update Guide for your version of HP-UX, available at http://www.hp.com/go/hpux-core-docs.
Cold install from custom media
This option assumes you have already created custom installation media. Custom installation media can be a tape or DVD with either a golden image or a recovery image on it. All
installation media are bootable. After you boot from media, choose Media only installation
as a Source Location Option from the Ignite-UX User Interface and Media Options screen. For more information, see Chapter 14 (page 177).
Recovery from tape
This option assumes you have already created a recovery tape. For more information, see
“Creating and Using Recovery Tapes” (page 197).

Simple Network Solutions

These solutions use a single Ignite server that supports network boot, installation, and recovery. The Ignite server and the client systems must be on the same subnet, and no other boot or installation servers can be on that subnet.
Questions you will have to answer when configuring a simple network are:
Are my clients PA-RISC or Itanium-based?
Do I want to network boot all my clients?
Do I want my clients to have their MAC addresses registered with the server to always boot
to the same assigned IP address (registered clients), or do I want an available IP address assigned to them when they boot (anonymous clients) ?
Do I want the booting IP address to be the same IP address used for networking after installation
is complete?
Do I have DHCP running on my subnet?
Decision trees for Ignite-UX server configuration follow. Do not treat them as strictly yes-or-no exercises. Your environment may require choosing multiple methods from the decision trees, and although you may be able to use an option, you might reject it because it is not the best answer for your environment. Also, keep in mind that these decision trees cover booting, so only the initial IP address is affected. For more information, see “Network Booting and IP Addresses” (page 18).
A decision tree for network booting PA-RISC systems is shown in Figure 5. A decision tree for network booting Itanium-based systems is shown in Figure 6 (page 26). The decision trees assume the network boot clients are on the same subnet as the Ignite-UX server, and that you will always use the install option to the boot console handler (BCH) boot command for PA-RISC systems.
24 Making Configuration Decisions for Ignite Servers
Further, the decision tree for network booting Itanium-based systems assumes there is only one
YES
NO
NO
Network
booting
support ?
YES
Registered
clients ?
PA-RISC
Configure
instl_boottab
for registered clients
Configure
instl_boottab
for anonymous clients
See the decision tree
for booting stand alone
systems
DHCP server on your subnet configured to answer boot requests, and that it is running HP-UX. If you want to boot a system without using the network and your Ignite-UX server, see the decision
tree shown in Figure 34 (page 98).
NOTE: A lot of clients can only be booted using their built-in LAN interfaces. Other LAN interfaces
might not be supported for boot. For more information about LAN interface boot support, consult the hardware documentation for the system or the add-in LAN card.
Use the following decision tree when configuring an Ignite-UX server for PA-RISC clients:
Figure 5 Decision Tree When Configuring a Server for Booting PA-RISC Systems
Configure instl_boottab for registered clients - To network boot registered PA-RISC clients, the
server uses the instl_bootd daemon to answer boot requests, and has clients’ IP addresses and LAN addresses registered in /etc/opt/ignite/instl_boottab. The process of configuring an Ignite-UX server for registered PA-RISC clients is described in “Configuring the Ignite-UX Server
for PA-RISC Clients” (page 30). See the Ignite-UX Quick Start Guide available at http:// www.hp.com/go/ignite-ux-docs if you are new to HP-UX.
Configure instl_boottab for anonymous clients - Network booting anonymous PA-RISC clients is similar to booting registered PA-RISC clients; the difference is that some IPs in the /etc/opt/ ignite/instl_boottab file are not associated with any clients’ MAC addresses, and so may be assigned to clients as requests come in. See “Configuring an Ignite Server to Boot Anonymous
PA-RISC Clients” (page 42) for more information.
See the decision tree for booting stand alone systems - This decision tree can be found in Figure 34. Use the decision tree below when configuring an Ignite-UX server for Itanium-based clients.
Simple Network Solutions 25
Figure 6 Decision Tree When Configuring a Server for Booting Itanium-Based Systems
Configure individual entries in bootptab To network boot registered Itanium-based clients, the
server uses the bootpd daemon to answer boot requests, and has clients’ IP addresses and LAN addresses registered in /etc/bootptab. One drawback to this option is that you must configure an entry for every system that needs to boot. The advantage of this method is that it works on all versions of HP-UX. See “Configuring the Ignite-UX Server for Itanium-Based Clients” (page 34) for details. See the Ignite-UX Quick Start Guide available at http://www.hp.com/go/ignite-ux-docs if you are new to HP-UX.
Configure a DHCP device group for anonymous clients - Configuring an Ignite-UX server to boot anonymous Itanium-based clients requires sophisticated considerations; see “Configuring an Ignite
Server to Boot Anonymous Itanium-Based Clients” (page 43). This option is only available for Ignite
servers running HP-UX 11i v2 and later. See the decision tree for booting stand alone systems - This decision tree can be found in Figure 34.

Alternate Boot with Network Server Installation

A simple way to avoid boot issues in complex network configurations is to avoid network boot. Network installation may be started via non-network boot. The Ignite install environment may be
26 Making Configuration Decisions for Ignite Servers
booted from a source local to the client system. Regardless of how Ignite-UX is started, it has the same network capabilities once it is running.
Use bootsys to boot a system already running HP-UX
If the client system is already running HP-UX, the Ignite-UX bootsys command may be used to copy the install kernel and install file system to the client system's HP-UX file system. After reboot, the HP-UX boot loader can boot for installation using that copied content. Ignite config content in the install file system may be used to cause Ignite to automatically switch to use the master Ignite server. Because the initial install environment is copied from the Ignite server, you can be confident the Ignite versions of the initial boot content and software on the Ignite server have the same versions. See “Using bootsys on the Client Console” (page 98).
Use DVD media to boot a system for network installation
Ignite supports booting for network installation using standard HP installation media or custom boot media. The version of the Ignite on the media must match the version of Ignite running on the master Ignite server. The simplest way to ensure the versions match is to use make_media_install on the Ignite server to create custom boot media. This custom boot media may be constructed to include [W|V|I]INSTALLFS config content, which automatically switches to using the Ignite server on startup. Standard HP-UX installation media may also be used to boot the system, as long as the Ignite version on the media matches the master server Ignite version. Standard HP-UX media config content cannot be modified to automatically switch to your Ignite server. See “Creating a Boot CD/DVD or an Installation DVD” (page 182) and “Tape Recovery With No Tape Boot Support — Two-Step Media Recovery” (page 213).
Use vMedia USB DVD to boot a system for network installation
Many Integrity systems support Integrated Lights Out (iLO) Virtual Media (vMedia). This feature must be enabled using a license key. Once enabled, a DVD device or an ISO DVD image on a remote system, such as a PC, may be used. In either case, the client system will appear to have a local USB DVD device.
For more information, see Appendix D (page 238) and the HP Integrity iLO 2 MP Operations Guide available at http://www.hp.com/bizsupport.
Boot your Integrity system from a USB memory stick device
It is possible to configure your Integrity system and a USB flash drive in order to boot HP-UX directly from a memory stick device. Once the system is booted to the HP-UX Ignite-UX install environment, you can perform a variety of installation or recovery actions. See the Ignite-UX USB Memory Stick Boot white paper, available at http://www.hp.com/go/ignite-ux-docs, for more information.

Complex Networks

Setting up an Ignite server on a simple network assumes there is a single subnet with only one Ignite server that supports network boot and installation. Often, real network environments are significantly more complex. Configuring an Ignite server to operate correctly while avoiding interference with other boot and installation servers on the network requires special consideration.
For a detailed discussion, see Chapter 5 (page 47).

Diagnosing Network Boot Issues

When configuring a network, sometimes boot and installation will not work at all or will not work as expected. Especially when configuring a complex network, you should expect to spend time diagnosing and resolving issues due to the complexity of the network and interactions between servers. You should also expect that problems might occur in the future as the complex network changes.
This section includes suggested tools and techniques for diagnosing problems.
Complex Networks 27

HP-UX Diagnosing and Debugging

Simple Network Debugging
If network boot is used on a local subnet and the Ignite-UX server is not found, check these items:
Verify the client is on the same subnet as the Ignite-UX server or boot helper.
Investigate instl_bootd errors in /var/adm/syslog/syslog.log.
In the /var/adm/inetd.sec file, ensure the service instl_boots exists, and that the IP
address 0.0.0.0 is allowed. (Normally, all addresses are allowed via 0.0.0.0.) The entry should look like:
instl_boots allow 0.0.0.0
If /etc/services comes from NIS, make sure the NIS server has instl_boot* entries.
Logging to syslog.log
The bootpd and tftpd daemons have the ability to log requests and responses. The /etc/ inetd.conf file may be modified to enable logging. The bootpd -d option and tftpd -l option control logging. For example:
# tftp dgram udp wait root /usr/lbin/tftpd tftpd \
-l /opt/ignite /var/opt/ignite # bootps dgram udp wait root /usr/lbin/bootpd bootpd -d 9
The daemons log to the HP-UX syslog file located at /var/adm/syslog/syslog.log.
NOTE: Logging should normally be disabled since it can consume a significant amount of disk
space.
If the boot configuration includes multiple boot servers (for bootp relay, for example) it is often useful to enable logging on all servers.
Using bootpquery
To save time when configuring an HP-UX system boot, the bootpquery command may be used to simulate a network boot request by requesting bootpd to indicate how it would respond to boot requests for a specific MAC address. This is normally much faster and simpler than attempting to boot using a real client system.
To use bootpquery, add the ba option to the appropriate entries in the /etc/bootptab file. Without this option, bootpd will send responses only to the client system making the boot request. The ba option requests the response be broadcast on the subnet, so any system is able to see the response, including the system where you are using bootpquery. For more information, see bootpquery(1M).
NOTE: The ba option should be removed once testing is completed.
The bootpquery output includes valuable debug information:
# bootpquery 0011855F549E Received BOOTREPLY from hpignite.xyzco.com (10.1.1.11)
Hardware Address: 00:11:85:5f:54:9e Hardware Type: Ethernet IP Address: 10.1.1.110
Boot file: /opt/ignite/boot/nbp.efi
RFC 1048 Vendor Information: Subnet Mask: 255.255.255.0 Gateway: 10.1.1.1 Bootfile Size: 24576 512 byte blocks
28 Making Configuration Decisions for Ignite Servers
Domain Name Server: 10.1.1.1 Host Name: hpuxsys1 Domain Name: xyzco.com

RDP Diagnosing and Debugging

An RDP server can be configured to log PXE boot and TFTP activity. The PXE Configuration Utility may be used to control logging. Logging should be disabled when you are finished diagnosing and debugging.
Diagnosing Network Boot Issues 29

3 Simple Network: Creating a Server for Registered Clients

This chapter describes how to install a basic Ignite-UX server configuration for network booting and installing HP-UX on clients registered with the server. This chapter does not discuss support for
anonymous clients. For information about how to set up anonymous clients, see Chapter 4 (page 42).
See the Ignite-UX Quick Start Guide available at http://www.hp.com/go/ignite-ux-docs if you are new to HP-UX.
For PA-RISC clients, a basic server setup will use the instl_bootd daemon to answer boot requests, will not use DHCP for initial system boot, and will register clients’ IP addresses and LAN addresses in /etc/opt/ignite/instl_boottab.
For Itanium-based clients, a basic server setup will use the bootpd daemon to answer boot requests, will not use DHCP for initial system boot, and will have clients’ IP addresses and LAN addresses registered in /etc/bootptab.
For more information on how systems get IP addresses for booting, see “Network Booting and IP
Addresses” (page 18).
Setting up software depots is the same for PA-RISC and Itanium-based systems.

Configuring the Ignite-UX Server for PA-RISC Clients

Launch Ignite-UX

As superuser, start Ignite-UX by entering the following command:
ignite
Because this is the first time Ignite-UX is launched, there are no clients and the message in Figure 7 appears. You must boot a client before it can be recognized and managed by Ignite-UX. Acknowledge the message by clicking OK.
Figure 7 Ignite-UX First Launch Message
The Ignite-UX Welcome dialog box is displayed, as shown in Figure 8.
30 Simple Network: Creating a Server for Registered Clients
Figure 8 Ignite-UX GUI Welcome Dialog Box
To learn more about the Ignite-UX GUI now, click Tutorial and Demo... Once the Ignite server is configured, you can access the tutorial by selecting ActionsRun Tutorial/Server SetupTutorial and Demo from the Ignite-UX interface.
To bypass this welcome the next time you start Ignite-UX, click the Do not show this screen again check box.

Launch the Server Setup Wizard

To begin configuring your Ignite-UX server, click Server Setup... to launch the Server Setup Wizard, as shown in Figure 9.
Configuring the Ignite-UX Server for PA-RISC Clients 31
Figure 9 Server Setup Wizard
To set up an Ignite-UX server for PA-RISC clients, complete step 1 (Set up IP addresses), skip step 2 (Set up DHCP addresses), and complete step 3 (Set up software).
Click Next to advance to the Server Setup: IP Addresses dialog box (Figure 10).
NOTE: To end the setup process at any time and leave the system unchanged, click Cancel.
Figure 10 Server Setup: IP Addresses
32 Simple Network: Creating a Server for Registered Clients

Register the PA-RISC Clients with the Server

Select Configure Booting IP Addresses Now from the Server Setup: IP Addresses dialog box (Figure 10 (page 32)), then click Next to proceed to the Configure Booting IP Addresses dialog box shown in Figure 11 (page 33).
Figure 11 Configure Booting IP Addresses
Use the Configure Booting IP Addresses dialog box to register client IP addresses with their physical MAC addresses. The IP addresses and corresponding reserved MAC addresses are read from the /etc/opt/ignite/instl_boottab file on the server to display in the Booting IP Addresses window. IP addresses with blank reserved MAC addresses are not currently reserved for any client.
If you want to add a new IP address to reserve for a client, click in the IP text box and enter the IP address intended for your client. Then click in the reserved for: 0x text box and enter the client’s MAC address. Click Add to enter the IP address/MAC address pair into the Booting IP Addresses window. The MAC address given here must be the MAC address of the network interface to be used to boot the system over the network.
If the IP address you want to reserve for a client is already listed in the Booting IP Addresses window, select that line. The IP address will appear in the IP text box, and the current MAC address it is reserved for, if there is one, will appear in the reserved for: 0x box. Enter the client MAC address in the reserved for: 0x box, then click Modify. The IP address will then appear in the Booting IP Addresses window with the client MAC you just entered.
You can remove sets of IP addresses/MACs from the Booting IP Addresses window by selecting the line and then clicking Remove.
Continue assigning IP addresses to clients’ MACs until all the clients to be booted from the Ignite-UX server are registered. You can modify this information in the future by editing the /etc/opt/ ignite/instl_boottab file, or via the Ignite-UX GUI under OptionsServer Configuration.
When you have completed registering clients, click OK to write the contents of the Booting IP Addresses window to the /etc/opt/ignite/instl_boottab file.
Configuring the Ignite-UX Server for PA-RISC Clients 33
Once you exit the Configure Booting IP Addresses dialog box, a registered client’s boot request is answered by instl_bootd, and the client will boot to the reserved IP address listed in the Booting IP Addresses window.
NOTE: No intervention is required to have instl_bootd pick up changes to the /etc/opt/
ignite/instl_boottab file. When a boot request is received, instl_bootd always checks
whether the file was modified since last read, and rereads it before answering any boot request. Care should be taken if you edit the /etc/opt/ignite/instl_boottab file manually. For the correct procedure see instl_bootd(1M).

Skip DHCP Setup

After exiting the Configure Booting IP Addresses dialog box, the Server Setup: DHCP (optional) dialog box appears. Select Skip DHCP Setup, then click Next.
A dialog box is displayed to tell you how to configure DHCP services later. Click OK. The Server Setup: Software Depot Setup dialog box is then displayed (Figure 12 (page 36)).

Go to the Software Setup Section

Proceed to “Setting Up Software from OE Depots” (page 35) to complete the Ignite-UX server setup.

Configuring the Ignite-UX Server for Itanium-Based Clients

Register the Itanium-based Clients with the Server

Registered Itanium-based clients must be entered in the /etc/bootptab file manually; they cannot be registered using the Server Setup Wizard. The /etc/bootptab file acts as the database for the bootpd daemon on the Ignite-UX server. All registered clients you intend to boot from the Ignite-UX server must be entered in the bootptab file.
A typical bootptab file has a generic, default client specification defined. The individual clients use this default definition and make their specific modifications to it, such as the IP address and the hardware address (MAC address). In the following example, IADEF is the default configuration for Itanium-based clients on the subnet, and iuxclient1 is the specific entry for that particular client.
IADEF:\ ht=ethernet:\ hn:\ dn=domain_name.com gw=190.1.48.1:\ sm=255.255.248.0:\ ds=190.1.48.11 190.1.48.12:\ vm=rfc1048:\ bf=/opt/ignite/boot/nbp.efi:\ bs=48:
iuxclient1:\ tc=IADEF:\ ip=15.1.52.204:\ ha=00306E4A3391
The tc tag indicates the use of a template for common defaults, so all the values from IADEF are assumed for iuxclient1 unless specifically overridden in the client’s definition. The ip tag indicates the client’s IP address, and the ha tag indicates the MAC address. For more information on the bootptab file syntax, see bootpd(1m).
For each client you intend to boot from the Ignite-UX server, enter their respective IPs and MAC addresses in the bootptab file.
34 Simple Network: Creating a Server for Registered Clients
From now on, when a registered client’s boot request is answered by bootpd, it will boot to the reserved IP address you entered in the /etc/bootptab file. You can make changes to the bootptab file at any time.
IMPORTANT: The server that sends the response to the boot request is the same system from
which the client will attempt to tftp the boot file. If you are not using an HP-UX system to reply to a request, you must make the required boot files available and current with new releases of Ignite-UX. HP does not provide support for this kind of configuration.

Use the Server Setup Wizard to Proceed to Software Depot Setup

Follow the steps outlined in the section “Configuring the Ignite-UX Server for PA-RISC Clients”
(page 30) from “Launch Ignite-UX” (page 30) through “Launch the Server Setup Wizard” (page 31).
When you get to the Server Setup: IP Addresses dialog box (Figure 10) select Skip Booting IP Setup, and then click Next.
A note appears instructing you how to configure IP addresses in the future. Click OK, and the Server Setup: DHCP (optional) dialog box is displayed. Select Skip DHCP Setup, then click Next.
A dialog box is displayed to tell you how to configure DHCP services later. Click OK. The Server Setup: Software Depot Setup dialog box now appears (Figure 12 (page 36)).

Setting Up Software from OE Depots

Before starting the software depot installation, you should have on hand either a set of OE media or information about a remote system that contains a previously installed OE depot.
If you are using media, you will need a locally attached optical drive: a DVD-ROM for DVD or CD media, or a CD-ROM drive for CD media. The media should not be mounted before starting if you are planning to create a local depot. The media can be mounted before starting if you are planning to install directly from the media. For performance reasons, HP does not recommend installing directly from media when more than one system will be attempting to access the media.
If you are using a previously installed OE depot, it should have been installed using the process described below, or by using the make_depots command.
Regardless of the source of the OE depot, the full OE should be installed, not a subset.
Setting Up Software from OE Depots 35
Figure 12 Software Depot Setup Page
Select the depot source (media or installed depot) and then click Next. For media, you are prompted to insert the media and select a device. For an installed depot, you are prompted for the hostname of the system containing the operating
system depots. Enter the hostname, then click Show Depots.... Select a depot containing a core
operating system from the list, and then click OK. You are then asked to confirm your choices. A Server Setup Logfile dialog box is then displayed
so you can monitor the depot installation progress. This process is lengthy and can take up to two hours. During this time this dialog box remains active and is updated when new information is written to the log file.
Upon completion, either click OK to continue installing additional depots by repeating this process, or click Finish to complete the server setup.
NOTE: To install additional software depots once the server is set up, see “Setting Up Additional
Software on the Server” (page 40).

More Server Setup Options

Once your Ignite server is up and running, you can set general options by accessing the Server Configuration dialog box from OptionsServer Configuration.

Configuring Server Options

General server settings are available on the Server Options tab.
36 Simple Network: Creating a Server for Registered Clients
Figure 13 Ignite-UX Server Configuration Tabs
The following options are available:
Default Configuration – Click the button next to Default Configuration to select from the list of
available configurations. The selected configuration is the default that will be used when installing clients. You can override this default setting on a per-client basis with Ignite-UX.
Default Printer – Click the button next to Default Printer, then select one of the available
(configured) printers. This is the printer used for printing a manifest or installation history. The printer IP address is verified by Ignite-UX before a job is sent.
Client Timeout(minutes) – Click the button next to Client Timeout (minutes):, then select the
number of minutes or off. Status information is written into the client’s install.log file during the installation, and this log is actively monitored by Ignite-UX on the server. Setting this value configures Ignite-UX to display a warning message if the install.log file has not been updated in the selected number of minutes. HP recommends you use the default value.
Setting Client Timeout to off disables this notification and does not affect the outcome of the installation.
Run client installation UI on – Use the Run client installation UI on: menu to designate where
you want to run the client UI for this installation. If you have an Ignite-UX server configured, you can run the client installation interface from the target system using a terminal user interface (TUI), or from the server using whatever UI is set up there (the Ignite-UX GUI or TUI). If the client installation is to be noninteractive (no user intervention), select none.
The default is for the UI to be displayed on the Ignite-UX server.
Use ssh to gather client data – For all clients, ssh will be used instead of remsh, rlogin,
and rcp.
More Server Setup Options 37
The Configure Booting IP Addresses... button gives you access to the Configure Booting IP
Addresses dialog previously described in “Register the PA-RISC Clients with the Server”
(page 33).
Add DHCP Addresses... –
The assignment of DHCP IP addresses for booting is only used for anonymous clients. See
Chapter 4 (page 42) for more information.
The IP addresses you provide here are used during boot and installation. These addresses are in use for most of the Ignite-UX download to a client. One address is required for each simultaneous download. For more information see “Network Booting and IP Addresses”
(page 18).
Figure 14 Add DHCP Addresses Dialog Box
This provision of DHCP capability is for the boot and installation only. You will have to coordinate with the administrator of regular DHCP services, which distributes networking IP addresses, to make sure you use a set of available IP addresses that will not cause a conflict with regular DHCP services. See Appendix B (page 232) for information on configuring regular DHCP services on your Ignite-UX server. Unless you are familiar with DHCP services, do not modify the DHCP Class ID field or the DHCP Addresses are temporary check box.
Provide a range of available IP addresses in the DHCP Addresses fields from lowest number to highest:
10.2.73.21 10.2.73.40
Other ways to set these IP address values are: when prompted by Ignite when it's first run are instl_adm, and SMH or SAM.
For more information about setting up DHCP functions, addresses, and class IDs, see “Ignite-UX
Server and Boot Helper Setup for DHCP” (page 43), setup_server(1M), and instl_adm(4).

Configuring Session Options

Ignite-UX allows you to choose how client installation sessions behave. For example, you can decide whether or not to display the Welcome dialog each time you start Ignite-UX, and whether clients are halted on completion of the installation.
The following options are accessible from the Server Configuration dialog box (OptionsServer Configuration) Session Options tab.
38 Simple Network: Creating a Server for Registered Clients
Figure 15 Session Options Tab
The options you can configure on this tab are explained as follows:
Confirm new clients – Controls whether a confirmation dialog box appears each time a new
client is booted from the Ignite-UX server.
Ask for customer information during client installation – Controls whether an input window
appears to enable entry of customer name, system serial number, and order number. This information is stored in the manifest.seed file in the /var/opt/ignite/local/ manifest directory. It is used when you are viewing and printing a manifest (see “Viewing
and Printing a Manifest ” (page 149)) with print_manifest(1M). The information entered has no
effect on the outcome of an installation.
Show the welcome screen for the install server – Controls whether the WELCOME TO IGNITE
UX dialog box appears. The default behavior is to display this dialog box.
Halt the client after installation – Controls whether the client system is halted (rather than
rebooted, the default) after installation.
Automatically move completed clients to history – Controls whether completed clients are
automatically added to the end of the history log, /var/opt/ignite/clients/history/ history.log. As part of this action, client configuration and manifest files are automatically moved to the history directory on the Ignite-UX server for future reference. The client icon is removed from the GUI workspace. The client must be COMPLETE (fully installed) for this to take place.
Show all the information for network recovery image creation – Controls the amount of
information that appears during network recovery image creation and installation. The default behavior is to hide this information.
Show all the information for tape recovery image creation – Controls the amount of information
that appears during tape recovery image creation and installation. The default behavior is to hide this information.
More Server Setup Options 39

Setting Up Additional Software on the Server

After you have successfully installed and configured your Ignite-UX server, you might want to set up additional software on the server for installation on clients. Commands written for this task handle Software Distributor (SD) depots and bundles, but it is possible to configure Ignite to install non-SD software.
The commands that make SD software available for Ignite are capable of sweeping actions, such as packaging an entire software CD/DVD and then making additions to all configuration clauses of a specified release. These commands may also be used to fine tune a single configuration clause with a single software addition. Care must be taken when using these commands to get the results you want.
This section is limited in scope and does not attempt to fully address what can quickly become a complex task.
For a complete discussion, see Ignite-UX Custom Configuration Files available on http://
www.hp.com/go/ignite-ux-docs. Look for the sections “Configuration for software to be installed”
and “Installation configurations using Software Distributor depots.”

SD Software

Generally speaking, all software supplied by HP for HP-UX is packaged in SD form. Use the steps below to make SD software available to Ignite-UX for installation on clients.
1. If the software is not in a depot, put it in one. The make_depots command copies SD bundles to a depot for use by Ignite-UX. See make_depots(1M) for more information. For ease of maintenance, HP recommends copying the depots to disk rather than using CD/DVD drives as the source for installation.
2. Run make_config on all the depots you plan to use. The make_config command creates
configuration files for software in a depot. See make_config(1M). You must run make_config
each time you add or modify software in your depot. Be aware that any customizations you've made to a configuration file are lost when you recreate a configuration file with make_config.
NOTE: Make sure to invoke the make_config command on registered depots only. Users
need to run swreg command explicitly to register a depot when the automatic behavior of swcopy, swinstall, and swpackage do not suffice.
3. Use manage_index to add configuration files to configuration clauses in the INDEX file. See manage_index(1M).
Example: Create a configuration for compiler software
Given an SD depot of complier software on another server, this example creates a configuration file for that software and adds it to all configuration clauses for the B.11.31 release.
# make_config -s server:/depots/compiler \
-c /var/opt/ignite/data/Rel_B.11.31/compiler_cfg
# manage_index -a -f /var/opt/ignite/data/Rel_B.11.31/compiler_cfg
IMPORTANT: Inclusion of multiple versions of Veritas Volume Manager from Symantec (VxVM)
in the same installation depot, or in separate depots that are used together in a single cold-installation session, is not supported. Doing so generates errors when attempting to use the installation depot or during reboot when using non-SD depots. For more information, see
“Considerations When Using Veritas Volume Manager from Symantec” (page 190).

Non-SD Software

To make non-SD software sources (tar, cpio, or pax archives) available to Ignite-UX, use the example configuration file /var/opt/data/examples/noncore.cfg.
40 Simple Network: Creating a Server for Registered Clients
1. Make a copy of the /var/opt/data/examples/noncore.cfg file and edit it for your particular software. The file contains extensive comments to help you make the changes you need.
2. Use manage_index to add configuration files to configuration clauses in the INDEX file. See manage_index(1M).
IMPORTANT: Do not use archives with files in /var/adm/sw/* as software sources. Delivering
files to /var/adm/sw/* can corrupt the SD Installed Product Database.
Setting Up Additional Software on the Server 41

4 Simple Network: Creating a Server for Anonymous Clients

This chapter describes how to configure your server to network boot and install HP-UX on anonymous
clients.

Overview of Anonymous Clients

When booting registered PA-RISC clients, the clients’ IP addresses and MAC addresses were entered in the /etc/opt/ignite/instl_boottab file. If the clients were Itanium®-based,
they were registered in the /etc/bootptab file. An anonymous client can be booted from an Ignite-UX server without an IP address previously
mapped to its MAC address. Anonymous clients boot using an IP address provided by the server. Using anonymous client booting on a network is useful when you have many different systems that
must be booted, installed, or recovered. It relieves you from the task of configuring for each specific system and eliminates the errors inherent in typing IP addresses and MAC addresses. Such an error could cause IP addresses to be accidentally assigned to more than one computer at a time.
The /etc/opt/ignite/instl_boottab file is used to provide PA-RISC systems with anonymous client booting. Within the instl_boottab file, if there are IP addresses not assigned to any MAC address, those IP addresses are available to lease to requesting anonymous clients.
Itanium-based clients use DHCP to boot anonymously.

Configuring an Ignite Server to Boot Anonymous PA-RISC Clients

Using the Server Setup Wizard

If you know you want to use anonymous client boot when you start up your Ignite-UX server, you can set it up that way using the Server Setup Wizard.
Start Ignite-UX and the Server Setup Wizard as described in “Configuring the Ignite-UX Server for
PA-RISC Clients” (page 30) until you get to the Configure Booting IP Addresses dialog box as
shown in Figure 11 (page 33). Enter individual or a range of valid IP addresses. Instead of entering a MAC address in the reserved
for: 0x box, leave it blank. When the instl_bootd daemon requests an IP address for your anonymous PA-RISC client to boot from, it will be given an IP address not registered with any specific MAC address.

Editing the instl_boottab file

You can enter IP addresses in the instl_boottab file for anonymous PA-RISC client booting. The instl_boottab file contains comments with instructions on syntax. To add an IP address for anonymous PA-RISC booting, simply add that IP address to the file on its own line. Since the IP address is not explicitly marked as reserved or assigned to a MAC address, it is usable by any client. For more information, see instl_bootd(1M).
NOTE: No intervention is required to have instl_bootd pick up changes to the /etc/opt/
ignite/instl_boottab file. When a boot request is received, instl_bootd always checks
whether the file was modified since last read, and rereads it before answering any boot request.
42 Simple Network: Creating a Server for Anonymous Clients

Configuring an Ignite Server to Boot Anonymous Itanium-Based Clients

Working With DHCP

Even on a simple network, there could be devices such as printers requesting network boot. This section describes the challenges involved and solutions for DHCP booting and then acquiring IP addresses for networking.
NOTE: If you are using your Ignite-UX server for DHCP booting, you can set DHCP boot IP
addresses from the Ignite-UX GUI by selecting OptionsServer Configuration as described in
“Configuring Server Options” (page 36).
Understanding PXE Booting of Itanium-Based Systems
When an Itanium-based system boots over the network, it sends out a PXE boot request. The PXE protocol is built on top of DHCP. This can cause confusion if there is more than one DHCP server configured to respond to PXE boot requests.
It is not possible for an Itanium-based system to specify the server from which to accept DHCP boot services, ignoring boot offers from all other servers. In other words, there is not an Itanium-based equivalent for the PA-RISC boot command, boot lan.192.10.10.10 install, which causes the system to ignore any response except from the IP address 192.10.10.10. This functionality is known as server selection.
It is possible for many Itanium-based systems to perform directed boot, where server and client networking information is stored in client firmware and DHCP is not used. For more information on directed boot, see “Direct Boot Profiles for Itanium-Based Systems” (page 102).
When an Itanium-based system sends out a PXE boot request, it tries to boot from the first PXE response it gets. If no PXE responses are received within a certain time, the system uses the first DHCP response it gets. If any of these responses are inadequate for network booting, the PXE boot attempt fails and an error message is displayed on the console of the requesting system. The information displayed with PXE errors is usually not explicit enough to determine the cause of the problem (see “Common Network Booting Errors” (page 230)).
For any network where there will be PXE boot requests from Itanium-based systems, only DHCP servers that can supply enough information for a successful boot should be configured to respond. If you have a DHCP server that responds to every DHCP request, regardless of whether it is a PXE request or not, it almost definitely interferes with PXE boot requests from Itanium-based servers. The boot request fails when a normal DHCP response is received in response to a PXE boot request.
In addition to boot failure, the inability to select a boot server can lead to installation of the wrong operating system. Having PXE servers that respond with different boot content on the same network can cause confusion. For example, if there is a system supporting Linux boot and a system supporting HP-UX boot on the same network, they can each send a response to a PXE boot request, and the first server to respond will be used. It is not predictable which server would be used for boot.
Interference with a PXE request from a DHCP server is a configuration issue on the DHCP server side. This issue is not specific to HP-UX or Ignite-UX, but rather is related to the way firmware performs a PXE boot.
IMPORTANT: When you configure DHCP servers, make sure there is only one DHCP server on
the network that is configured to respond to Itanium-based system PXE boot requests, and that the server is running HP-UX if you want to install HP-UX.
Ignite-UX Server and Boot Helper Setup for DHCP
HP-UX 11i v3 and 11i v2 supports dhcp_device_group options that improve anonymous client DHCP booting for Itanium-based clients. The two configuration keywords re and ncid are used in a DHCP device pool group for this purpose.
Configuring an Ignite Server to Boot Anonymous Itanium-Based Clients 43
Make sure that at a minimum, HP-UX 11i v2 is installed on your Ignite-UX server or boot helper
system.
Add your device pool group entry to the /etc/dhcptab file on your Ignite-UX server or boot helper system.
You should not need to restart bootpd if it is already running. When a new bootp DHCP request is received, bootp checks to see whether it must reread any configuration files. If you want to force bootp to reread the configuration file, send it the SIGHUP signal.
The following example DHCP device group is the best way to support anonymous Itanium-based clients:
dhcp_device_group:\ re:\ ncid:\ class-id="PXEClient:Arch:00002":\ lease-time=300:\ subnet-mask=255.255.255.0:\ addr-pool-start-address=192.168.1.10:\ addr-pool-last-address=192.168.1.20:\ bf=/opt/ignite/boot/nbp.efi
The options in the dhcp_device_group clause are: dhcp_device_group Starts a DHCP device pool group for allocating a range of
IP addresses to assign to clients with a matching class-id in their boot requests.
re A binary option that sets regular expression matching on the
class-id rather than a default literal match. This is a new option for HP-UX 11i v2.
ncid A binary option that sets removal of the class-id from
message responses. Since bootpd does not support the full Intel Preboot Execution Environment (PXE) protocol, it must not send back a class-id in the response. This is a new option for HP-UX 11i v2.
class-id Different kinds of systems may make PXE boot requests. For
example, Itanium-based systems and industry standard servers such as HP ProLiant servers may each make a PXE boot request. It is unlikely the same configuration could be used for these different requests. The class-id may be used to respond to PXE requests from the correct clients, while ignoring the wrong ones.
All Itanium-based servers send a 32 character PXE boot request in the following format:
PXEClient:Arch:00002:UNDI:xxxyyy
where xxxyyy are major and minor numbers for the Universal Network Device Interface revision.
An industry standard server, such as an HP ProLiant server, sends a PXE boot request in this format:
PXEClient:Arch:00000:UNDI:xxxyyy
where xxxyyy are the same as described above. The class-id in the dhcp_device_group example above
tells the bootpd daemon to respond only to clients with a boot request containing PXEClient:Arch:00002. Requests from industry standard servers are ignored.
44 Simple Network: Creating a Server for Anonymous Clients
A DHCP server or boot helper system configured to respond to any DHCP boot request containing PXEClient will respond to both Itanium-based servers and industry standard servers. A PXE response suitable for an industry standard server is unlikely to allow an Itanium-based system to boot.
lease-time How long in seconds the IP address may be used to boot a
system. The example value is 300 seconds (5 minutes) but you may need more time if your network is a busy one. Booting on high-traffic networks may take 10 or 15 minutes since the install kernel and install file system must be downloaded. The problem with increasing the lease-time is the possibility of running out of IP addresses to use for booting. If you increase this number, make sure you have enough IP addresses in the pool to accommodate systems
that might boot simultaneously. subnet-mask The subnet mask used by clients. addr-pool-start-address The first IP address for this address pool. addr-pool-last-address The last IP address for this address pool.
IMPORTANT: The use of the ncid option is critical because it instructs the DHCP server to exclude
the DHCP class-id in the response to the client’s boot request. If a DHCP server responds to a PXE boot request with the DHCP class-id in the response, the booting PXE client attempts to communicate with a PXE proxy server on the same host. Since HP-UX does not supply a PXE proxy server, the boot fails. The ncid option resolves this issue.
With the device pool group added to the /etc/dhcptab file, your HP-UX 11i v2 or 11i v3 Ignite-UX server is now configured to respond to anonymous Itanium-based clients.
IMPORTANT: The server that sends the response to the PXE boot request is the system that the
PXE client will attempt to tftp the boot file from. If you are not using an HP-UX system to reply to an Itanium-based PXE request, you must make the required boot files available and current with new releases of Ignite-UX. HP does not provide support for this kind of configuration.
Isolating Ignite-UX From Noncontrollable DHCP Servers
Once Ignite-UX starts running, a DHCP request will be used to obtain an IP address used for installation or recovery if needed. Ignite-UX can be configured to specify a class-id for this request.
For more information see Appendix B and bootpd(1M). If you have DHCP servers on your network that you have no control over, it is possible to completely
isolate Ignite-UX from them. This is done by adding a class-id to the dhcp_class_id keyword in the install file system. See instl_adm(1M) and instl_adm(4) for additional information.
When the network boot process completes and the install kernel is running, Ignite-UX will use DHCP again to obtain an IP address. This is done because Ignite-UX has no way to determine the IP address used by firmware.
If you are running HP-UX 11i v2 or 11i v3 and have configured a DHCP device group for Itanium-based server PXE requests, you can reuse this device group for isolation purposes. If you added the following into the install file system:
dhcp_class_id="IgniteDHCPDeviceGroup", you can change the class-id in the DHCP device group that responds to anonymous
Itanium–based PXE boot requests to read:
class-id="PXEClient:Arch00002|IgniteDHCPDeviceGroup"
Configuring an Ignite Server to Boot Anonymous Itanium-Based Clients 45
IMPORTANT:
The class-id entry above is a regular expression designed to allow a response to a class-id of an Itanium-based system performing a network boot or an IgniteDHCPDeviceGroup in /etc/dhcptab. This is not a valid class-id for use in an Ignite-UX install file system. Systems using a DHCP device group for installing anonymous Itanium-based systems should have is_net_info_temporary set to TRUE to prevent systems from using the IP address gained via DHCP after installation.
Since regular expression matching is used, | means "or" and allows response to an incoming class-id that matches either expression. This example entry would support responding to the initial Itanium-based system boot request as well as subsequent DHCP requests during Ignite-UX operation.
The DHCP servers that respond to any DHCP class-id must be reconfigured or isolated to a different subnet.
The information in this section will not help you isolate a system booting Ignite-UX from other DHCP or PXE boot servers when attempting to network boot from EFI. This information does help you stop other DHCP servers from communicating with the installed system after it has already performed a network boot and downloaded an install kernel and install file system.
If you wish to only accept DHCP offers from a specific server after the install kernel and file system loads, consider using the dhcp_server keyword in the install file system. The use of the dhcp_server keyword has no effect on the EFI/PXE boot process.
46 Simple Network: Creating a Server for Anonymous Clients

5 Complex Networks: Challenges and Solutions

Most information about Ignite server set up assumes a simple network consisting of one subnet where the server supports network boot and installation. This simple network configuration is assumed so documentation can be clear and concise.
Often, real network environments are significantly more complex. Configuring an Ignite server to operate correctly in a complex network configuration requires special consideration of network topology.
This chapter identifies some types of complex network challenges and approaches to handle these challenges.
This chapter focuses on Integrity systems only.

How To Use This Chapter

Data centers have unique requirements, constraints, and network topology. It is likely you will have multiple challenges when creating a total solution for system installation and recovery, which will require you to implement multiple solutions for your site.
To help explain network topology, an example complex network diagram will be used that presents multiple challenges. This example network will be referenced throughout the complex networking chapters.
Knowledge of network boot and OS installation steps will help you understand this chapter. Most often, boot and installation is performed by one server. When considering complex network solutions, it sometimes make sense to use separate systems for boot and installation, or to switch servers during the boot process. See the “How Ignite Works” (page 17) section for network boot and OS installation steps information.
Network boot and installation relies on several protocols that are not detailed here. See “Ignite-UX
Server Ports” (page 84) for protocol and port information related to Ignite phases of operation.
It is assumed you have a working knowledge of DHCP, PXE, bootp, and TFTP.

Complex Network Challenges

In a complex network configuration, it is often preferable to manage one master Ignite server and use that server to support installation for all subnets. A central server simplifies administration and helps ensure all systems are managed with consistent installation and recovery. The challenge is to have a central Ignite server support network boot for all your required subnets, handle installation, and coexist with any other network boot servers.
The following diagram illustrates a complex network with multiple subnets (10.1.1 and 10.2.1) connected to the Ignite server (hpignite), remote systems (hpuxsysa and hpuxsysb) that use a boot
helper system (iuxboot), a system (hpuxsysz) on a separate subnet without a boot helper, and
another boot server (sysrdp) on the same subnet as the Ignite server. Systems on the same subnet (10.1.1 or 10.2.1) as the Ignite server are HP-UX systems (hpuxsys1, hpuxsys2, and hpuxsysx), a Linux system (linuxsys2) and a Windows system (winsys1). This diagram will be used as an example network configuration throughout the complex network chapters.
How To Use This Chapter 47

Multiple Subnets

The challenge with an Ignite server connected to multiple subnets is ensuring the server is correctly configured to handle client network interfaces for boot and installation on the different subnets. If subnets are isolated or performance is a concern, you will need to ensure that installation traffic is correctly routed to the Ignite server.
The following diagram shows the example systems used when outlining solutions for a complex network with multiple subnets.

Remote Systems

Network boot is based on broadcast protocols. These broadcasts are normally constrained to one subnet. When client systems are on a subnet that is not directly connected to an Ignite server broadcast network, packets used for boot will not be able to reach the Ignite server. If there are remote systems on other subnets (hpuxsysa and hpuxsysb), you must determine how network boot will be supported on each subnet for these systems. You will also need to ensure that installation traffic is correctly routed.
The following diagram shows the systems that will be referenced when solutions for remote systems are discussed.
48 Complex Networks: Challenges and Solutions

Multiple Boot Servers

If there are multiple servers that support boot and installation on a subnet (sysrdp and hpignite), these systems are very likely to interfere with each other. This is common when systems running different operating systems coexist on the same subnet and network installation is used to manage these systems.
Network boot and installation servers are typically designed with the assumption that they are the only such server on the subnet. Product documentation generally does not include details on how to have multiple servers coexist.
Note that PXE has been designed to assume multiple boot servers provide redundant, identical functionality. The first server to respond to a boot request will be used for system boot. In general, it is not possible to predict which server will respond first.
Often, an administrator wants separate boot and installation servers to provide, for example, different operating systems. In this case, using the correct server is important. As a result, some means of selecting the correct boot and installation server is vital. There is not a simple solution using basic DHCP PXE functionality.
Great care is required to properly set up a network configuration where there are multiple boot servers on a subnet. Each boot server must be configured to correctly coexist with other boot servers and support the desired overall administration solution.

Avoiding Complex Network Issues

The purpose of this section is to provide solutions that avoid the inherent issues in a complex network configuration by modifying the network topology or using boot techniques that avoid boot protocol issues.
Avoiding Complex Network Issues 49

An Ignite-UX Server for Each Subnet

If your organization has separate groups that have distinct needs and compute resources, the simplest approach to deal with complex networks might in fact be to manage distinct subnets rather than set up a central Ignite server.
An Ignite server can be placed on each subnet. You may manage each server separately. This avoids the complexities of multiple subnets. Similarly, boot servers for other operating systems can have their own subnets.
Note that newer Integrity systems support HP Virtual Connect technology that permits the remote “rewiring” of network connectivity. This allows systems to be “moved” between subnets via VC profiles, which include network switch configurations. These may be used to avoid issues with managing multiple Ignite servers and subnets.
For information on configuring an Ignite server for a simple subnet, see Chapter 3 (page 30) and
Chapter 4 (page 42).

A Multi-Capable Server for Each Subnet

Issues with multiple boot servers on a subnet might be avoided or resolved by having only one boot server on each subnet. Normally, that implies the subnet would have limited boot and installation support for one operating system instead of the ability to support various types of installations.
Depending on the boot server ability for nonstandard configuration, it might be possible to configure a single boot server to initiate or even fully support the installation of a variety of operating systems including HP-UX. Such a configuration is clearly complex and requires expertise in the details of boot and installation support for all the systems and operating systems involved. For more information, see “Multi-Capable Subnet Boot Server” (page 59).

Extend the Local Subnet

In some cases, it is possible to avoid multiple subnet issues by changing the network topology related to network boot functionality. It might be possible to use network tunneling or configure routers to forward some broadcast packets beyond the local subnet.
This results in a larger, single subnet instead of multiple subnets and very effectively avoids issues with multiple subnets. Changing the network topology might work well if data center policies allow and one group manages this larger subnet.
Take care to consider how any network products change network performance and timing, as they might cause boot and installation issues in some cases.
This guide does not include details regarding network infrastructure hardware and software products, and their use. Consult network hardware and software products' information used to extend the local subnet.

Using Virtual LANs Properly for Ignite-UX

If you use Virtual Local Area Networks (VLANs) and you encounter problems during network boot, you need to discover how the VLANs are configured between your Ignite server and client. It is possible to configure VLANs in multiple ways, and some methods might cause issues for Ignite-UX.
The simplest, and possibly the most common, configuration is a single VLAN presented to a single LAN interface where all traffic, including any untagged traffic, travels on the one VLAN. (This method of configuring VLANs is often used to limit the size of a broadcast domain.) This type of configuration does not cause any problems for Ignite-UX because it logically appears as if the client and Ignite server were connected via a switch. The Ignite server will have access to all the network traffic that originates with the client.
A slightly less common, but equally valid, configuration has multiple VLANs configured on a network switch port. Untagged traffic can be presented to only one VLAN, often called the native VLAN.
50 Complex Networks: Challenges and Solutions
The native VLAN is defined in the configuration of the switch. In this situation, the Ignite server might not have access to the native VLAN of the client.
If the Ignite server does not have access to the native VLAN, it will not have access to any of the untagged traffic from the client. This becomes a problem, since during an Ignite-UX installation or recovery, no network traffic is tagged until the session is complete and the final system is running. This includes two-step media recovery.
Problems with VLAN configuration can be difficult to detect, since a system could be configured to use a nonnative VLAN when the operating system is running. This would, for example, allow you to create a recovery archive for the client on an Ignite server, but not allow you to recover the client from that same Ignite server.
To remedy this problem, you must provide routing between the VLANs for systems that use nonnative VLANs.

Complex Network Solutions

The approaches outlined in this section can be used to resolve the challenges outlined previously. In some cases, one solution will resolve multiple challenges. Other challenges might require multiple solutions.

Automating HP-UX OS Version Selection

During HP-UX boot for installation, it is necessary to select the HP-UX OS version to be installed. It might be desirable to set up an Ignite server or boot helper to provide different default settings for client systems in order to help automate installation.
The boot loader AUTO file controls the menu of HP-UX OS versions and the default selection. The Ignite server may be configured to use separate AUTO files for each HP-UX OS release, as shown below.
ln -s /opt/ignite/boot/nbp.efi \ /opt/ignite/boot/Rel_B.11.23/nbp.efi ln -s /opt/ignite/boot/hpux.efi \ /opt/ignite/boot/Rel_B.11.23/hpux.efi ln -s /opt/ignite/boot/fpswa.efi \ /opt/ignite/boot/Rel_B.11.23/fpswa.efi ln -s /opt/ignite/boot/IINSTALL \ /opt/ignite/boot/Rel_B.11.23/IINSTALL ln -s /opt/ignite/boot/IINSTALLFS \ /opt/ignite/boot/Rel_B.11.23/IINSTALLFS cp /opt/ignite/boot/AUTO \ /opt/ignite/boot/Rel_B.11.23/AUTO
ln -s /opt/ignite/boot/nbp.efi \ /opt/ignite/boot/Rel_B.11.31/nbp.efi ln -s /opt/ignite/boot/hpux.efi \ /opt/ignite/boot/Rel_B.11.31/hpux.efi ln -s /opt/ignite/boot/fpswa.efi \ /opt/ignite/boot/Rel_B.11.31/fpswa.efi ln -s /opt/ignite/boot/IINSTALL \ /opt/ignite/boot/Rel_B.11.31/IINSTALL ln -s /opt/ignite/boot/IINSTALLFS \ /opt/ignite/boot/Rel_B.11.31/IINSTALLFS cp /opt/ignite/boot/AUTO \ /opt/ignite/boot/Rel_B.11.31/AUTO
The B.11.23 and B.11.31 AUTO files should be edited to have different boot defaults. It is recommended you keep the other boot menu entries so users have the ability to interactively select their desired HP-UX OS version during boot. Alternatively, it is possible to constrain boot options via this approach.
Complex Network Solutions 51
To use this approach, modify bootptab entries to use the appropriate boot loader. The boot loader will use the AUTO file in the same directory where nbp.efi is located.
Ignite requires the HP-UX version of the install kernel and install file system to match the HP-UX OS version to be installed. By having different defaults in the AUTO files, the correct install kernel and file system will be automatically selected.

Limit Network Response by System Class

A subnet might include a variety of systems and devices. Systems that cannot run HP-UX, such as x86 systems and printers, might request network boot. If the subnet includes various systems and devices, HP-UX boot servers should be configured to respond only to device classes they can support.
Note that this approach does not resolve issues with handling client systems that are able to successfully boot and install from different boot servers. The device class is a constant attribute of the system. Thus, this approach will not help resolve issues with multiple boot and installations servers intended to support Integrity systems, since all Integrity systems report the same device class.
For information on how to configure this solution for booting, see “Ignite-UX Server and Boot Helper
Setup for DHCP” (page 43).
For information on how to configure this solution for networking IP address allocation, see “Isolating
Ignite-UX From Noncontrollable DHCP Servers ” (page 45).

Directed Boot

If client system firmware supports directed network boot, that is a simple way to avoid complex network boot issues. Directed boot support is not available in some older Integrity systems. Also, directed boot requires interaction with the system console. Finally, directed boot requires specifying the network configuration. In most cases, this configuration needs to be consistent with DHCP or boot server configuration for the client.
Directed boot is provided by the EFI commands dbprofile and lanboot. These commands make it possible to specify the network configuration to be used for boot (IP address, netmask,
gateway, etc.). For convenience, a dbprofile may be associated with one or more EFI boot
menu options so subsequent boot for installation from the master Ignite server is simplified. Because the direct boot profile may include a gateway, it is possible to directly boot from an Ignite server on a separate subnet without using a local subnet boot helper.
For detailed information on directed boot, see “Direct Boot Profiles for Itanium-Based Systems”
(page 102).

Server Selection

PA-RISC clients can specify the boot server to use for DHCP/bootp services and ignore all other boot offers. The client system network configuration is supplied by the boot helper or Ignite server located on the same subnet. It is also possible for PA-RISC systems to “search” for network boot options and build a list that may be used to select the desired boot server. For more information, see “Booting PA-RISC Clients from the Console ” (page 99).

Limit Network Boot Response by Network Interface Address

When a system broadcasts a request for boot, the request includes the NIC network address (also known as the MAC address).
Boot servers are often configured to respond to all systems that broadcast a boot request since that approach simplifies administration. However, most boot servers have the ability to selectively respond to boot requests.
52 Complex Networks: Challenges and Solutions
You can typically configure boot servers to use the network address to decide whether to respond to the client system or not. If the server responds, the network address is typically used to determine the correct client-specific network configuration (IP address, netmask, gateway, etc.).
When using this approach, boot servers typically have configuration content that allows them to respond to a set of MAC addresses. For HP-UX servers, the /etc/bootptab file is used to identify the clients to respond to. Listed MAC addresses will receive a response using the client-specific details in the bootptab file. For more information, see Chapter 3 (page 30).
Some non-HP-UX boot servers may be configured to ignore a set of network addresses and respond to others. Note that HP-UX does not support this capability.
NOTE: HP Virtual Connect (VC) network technology allows MAC addresses to be changed via
profiles. It is possible to allocate a range of MAC addresses for different boot servers, configure an HP-UX server to manage that block of MAC addresses, and then use profiles to select the boot server. Thus, instead of changing the boot server configuration content, the MAC addresses of a system could be changed with VC profiles to effectively choose the correct boot server.

Control Network Boot via Response Timing

Since a client system uses the first network boot response it receives, response timing may be used to help select the boot server. One boot server that responds to any MAC address may be configured to respond only after a delay, while all other servers are configured to respond to specific MAC addresses.
Because a number of factors might influence network boot response timing, and servers might respond more slowly in some cases, this approach has a risk of intermittent failures caused when the delayed server responds first because the delay is set too short.
Care is required in deciding the appropriate response delay. Note that a one-to-two second delay for other boot server responses might be large enough to cause an HP-UX server responding to a specific MAC address to normally win. However, a larger delay of eight seconds or more is recommended. You will need to decide the correct delay for your subnets and servers. These recommendations are intended to emphasize that the delay should not be set to “just large enough to work” based on limited testing.

Install Remote Clients Through a Network Router

By default, Ignite configures IINSTALLFS configuration content without network routing information. If the Ignite server and depot server are on a remote subnet accessed via gateway, and registered IP addresses are used instead of DHCP, the IINSTALLFS configuration content should include network routing information.
Complex Network Solutions 53
The server keyword specifies the IP address for your Ignite-UX server. It refers to a specific LAN interface on the Ignite-UX server. The same is true for the sd_server keyword that specifies the depot server IP address for any depots needed for installation.
server = "10.2.1.11" sd_server = "10.2.1.11" netmask[] = "255.255.255.0" route_gateway[0] = "10.3.1.1" route_destination[0] = "default" disable_dhcp = "true"
If DHCP is used, this should not be needed since the DHCP server should provide appropriate routing information.
IMPORTANT: The sd_server IP address setting in the installation file system will be overridden
by sd_server settings in configuration files created by make_config. To use IINSTALLFS to control the sd_server setting you must comment-out or remove the sd_server settings within each sw_source clause in the affected configuration files.
For more information about changing IINSTALLFS content, see instl_adm(1M) and instl_adm(4).

Multiple NICs Attach the Ignite Server to Multiple Subnets

It is possible to connect one Ignite server to multiple subnets using multiple network interface cards (NICs). The Ignite server can then be used to support network boot and installation on each of these separate subnets. The following diagram is an example of a multiple subnet complex network.
There are some special Ignite configuration considerations for supporting multiple subnets from one server. You must be careful to configure the server so it sends the client correct networking information for its subnet, and you must configure the client so it contacts the correct Ignite-UX server.
Getting the Client the Correct Networking Information
The HP-UX Ignite server needs to be configured so the client receives a response from the server with the correct network configuration for its subnet.
The bootptab content for each MAC address needs to have correct networking configuration for the system's subnet. In particular, IP addresses, netmasks, and gateways need to be valid from the client system's perspective. Thus, bootptab will need to include information for all the different subnets used by clients supported by the master Ignite server.
If anonymous network boot is used, care is needed to ensure boot responses are correct. See
Chapter 4 (page 42) for more information.
54 Complex Networks: Challenges and Solutions
Having the Client Contact the Correct Server
The server keyword in the IINSTALLFS configuration information specifies the IP address for your Ignite-UX server. It refers to a specific LAN interface on the Ignite-UX server. The same is true for the sd_server keyword that specifies the depot server IP address for any depots needed for installation.
If a client is on a subnet that does not have a route to the IP address specified by server, then it will not be able to contact the server after it boots.
For performance reasons, you might want to use the IP address of the Ignite-UX server LAN interface directly connected to the same subnet as the client.
If packets are not routed between different subnets connected to the Ignite-UX server, the client must use the IP address of the Ignite-UX server LAN interface on the same subnet.
Individual clients might use different IP addresses to access the Ignite server due to performance reasons or routing reasons as described in “Install Remote Clients Through a Network Router”
(page 53). To customize the IP address used to access the Ignite server on a per client basis, use
the LLA keyword as described below. Workarounds to specify the IP address of the Ignite server are:
Correct the server's IP address on the Ignite-UX network setup screen that appears on the client
console when you boot the client.
Change the configuration content in IINSTALLFS to select the Ignite-UX server and depot server
IP addresses connected to their local subnet.
server = "10.1.1.11" sd_server = "10.1.1.11" LLA[] == "00306E4A03C2" {server = "10.1.1.11" sd_server = "10.1.1.11"} LLA[] == "00306E4A03C3" {server = "10.2.1.11" sd_server = "10.2.1.11"}
IMPORTANT: The sd_server IP address setting in the installation file system will be overridden
by sd_server settings in configuration files created by make_config. To use IINSTALLFS to control the sd_server setting you must comment-out or remove the sd_server settings within each sw_source clause in the affected configuration files.
For more information about changing IINSTALLFS content, see instl_adm(1M) and instl_adm(4).

Ignite-UX bootp Boot Helper

An HP-UX server may be used as a boot helper to support boot on a subnet while installation is accomplished via a master Ignite server connected to a different subnet.
A system with Ignite software installed may be located on each subnet to support initial boot. This subnet-local Ignite server may be set up with IINSTALLFS configuration content to specify the single Ignite master server.
Using this approach, all the HP-UX installation and recovery content may be managed on one system. However, each local subnet Ignite boot helper server must be configured to support network boot for all the clients on that subnet. The boot helper server may be configured for promiscuous network boot or via selective MAC address response.
The advantage of this approach is there can be a single Ignite server that handles all HP-UX installation and recovery content. A significant disadvantage of this approach is that Ignite software must be installed on each boot helper. The version of Ignite installed on these boot helpers must always match the version installed on the master Ignite server.
The Ignite product content located in /opt/ignite/boot must be present on the Ignite boot helper so it may be used to accomplish network boot.
Follow these steps to set up an Ignite-UX boot helper system on the local subnet:
Complex Network Solutions 55
1. Install the Ignite-UX minimum core functionality onto the helper system. The Ignite-UX_server:/depot is the same Ignite product software depot or media used to set up the master Ignite server.
# swinstall -s Ignite-UX_server:/depot Ignite-UX.MinimumRuntime
2. On the boot helper system, set the default Ignite-UX server. Make sure the correct server is set and any network routing is configured as described in “Having the Client Contact the Correct
Server” (page 55) and “Install Remote Clients Through a Network Router” (page 53). This
changes the configuration content in [W|V|I]INSTALLFS. For more information, see instl_adm(1M).
# instl_adm -t Ignite-UX_server_IP
3. Verify that the server is set to the correct Ignite-UX server and gateway for your subnet.
# instl_adm -d
4. If the gateway value is incorrect, you can use instl_adm -g yourgatewayIP to correct it. This value is set by swinstall when the Ignite-UX product is installed.
5. On the boot helper system, configure the /etc/opt/ignite/instl_boottab file as described in “Getting the Client the Correct Networking Information” (page 54).
For more information, see /etc/opt/ignite/instl_boottab on your Ignite-UX server.
HP-UX DHCP PXE Next Server Boot Helper for Integrity Systems
To support Integrity systems, a lightweight Next Server boot helper may be set up on each subnet. A DHCP PXE response includes a Server Address (SiAddr) field that indicates where to get additional network boot content. Normally, the value in a response informs the client to get subsequent boot content from the same boot server. The /etc/bootptab file can be configured to inform the client to switch to the master Ignite server for other boot content. The bootptab sa option is used to indicate the value. This is commonly described as a Next Server value, since the Server Address value is typically only given when the value differs from the initial boot server. The master Ignite server IP address should be used.
In this approach, each subnet must have a DHCP PXE server, but Ignite does not need to be installed on that system. Therefore, there is no need to have multiple systems with the same Ignite software version installed on them. The HP-UX bootp server may use the Next Server field to direct the client system to get the HP-UX OS content from an Ignite server on a different subnet.
Using this approach, all the HP-UX installation and recovery content may be managed on one system. However, each local subnet Next Server DHCP PXE boot helper must be configured to support network boot for all the clients on that subnet. The boot helper server may be configured for promiscuous network boot or selective response using client-specific network configurations.
Note that this Next Server boot helper does not have to be an HP-UX system. If it's not an HP-UX system, care must be taken to make sure the PXE response is consistent with the Ignite server. In particular, the boottab bf option provided from the Next Server boot helper must be consistent with where the boot content is located on the master Ignite server. Symbolic links may be used to allow a nonstandard location to be supported on the master Ignite server, if needed.
Configuring a Next Server Boot Helper for Integrity systems
A Next Server boot helper does not require Ignite-UX software. If the DHCP PXE server is an HP-UX system, it must be running 11i v2 (B.11.23) or later. If 11i v2
is used, PHNE_36209 or a superseding bootpd patch must be used to enable the configuration of Next Server response.
The nbp.efi boot loader file must be present on the Next Server boot helper:
# cp /usr/lib/efi/EFI/HPUX/nbp.efi /opt/ignite/boot/nbp.efi
56 Complex Networks: Challenges and Solutions
If the Next Server boot helper is a PA-RISC system, this boot loader file will have to be copied from an Integrity system. Note that the Ignite-UX product may be installed instead of copying this file in place.
The Next Server response is configured in /etc/bootptab using the sa option. The IP address given with the sa option should be the DHCP PXE Next Server (SiAddr) IP address for additional boot content.
This example configuration is for the following complex network diagram.
A sample /etc/bootptab for Next Server boot helper configuration follows:
next-server:\ bf=/opt/ignite/boot/nbp.efi:\ ht=ethernet:\ hn=:\ bs=48:\ dn=xyzco.com:\ gw=15.1.128.1:\ sm=255.255.255.0:\ ds=10.2.1.11
hpuxsysa:\ tc=next-server:\ ha=00306E4A03C2:\ ip=10.4.1.140:\ sa=10.2.1.11:
During DHCP PXE boot, the boot helper server provides the network configuration (IP address, netmask, gateway, etc.). The boot helper also provides the initial boot loader (nbp.efi ). All other boot content is taken from the master Ignite-UX server. Thus, this boot helper server requires no Ignite-UX product content.
Note that the bf option path must match the path where other boot content is located on the master Ignite server. The bf path must be valid on the boot helper and the Ignite master server.
Make sure the correct server is set and any network routing is configured as described in “Having
the Client Contact the Correct Server” (page 55) and “Install Remote Clients Through a Network Router” (page 53).
Forwarding Boot Requests via bootp Relay
The HP-UX bootp server has the ability to forward boot requests. With this approach, each subnet must have a bootp relay boot helper, but that system does not need to have Ignite software installed. Therefore, there is no need to have multiple systems with the same Ignite software version on them.
Complex Network Solutions 57
When a client system broadcasts a request for network boot, the bootp relay boot helper will forward the request to the master bootp server indicated in the bootptab. The master bootp server will respond to the bootp relay boot helper, which will then forward the response back to the client system. The master Ignite boot server and master bootp server should be the same system.
The bp option must be specified in the bootp relay boot helper's /etc/bootptab file to forward boot requests to the master bootp server. The bp value should be the IP address of the master bootp server. The ip option must not be specified since that value will be provided from the master bootp server. Often an hm option is also specified so a single bootptab relay configuration may be used for many or any clients. The hm option is a MAC address mask used to determine if the MAC address of the requestor matches the MAC address of the ha bootptab option.
ha=000000000000:\ hm=000000000000:\ bp=10.2.1.11
Note that care is needed if the system is connected to multiple subnets, since the bootp relay helper will respond to boot requests detected on any NIC. Make sure the correct server is set and any network routing is configured as described in “Having the Client Contact the Correct Server”
(page 55) and “Install Remote Clients Through a Network Router” (page 53)
See bootpd(1M) for details of configuration. Note that this approach works for PA-RISC systems but might not work for Integrity systems. For
Integrity systems, the HP-UX boot loader configures the bootp relay boot helper as a gateway system for network configuration. If that system does not route packets between subnets, this might impede successful use of this approach. If the system routes packets, it will be attached to multiple subnets and therefore respond to boot requests detected on multiple subnets.
Ignite-UX software does not have to be installed on the bootp boot helper. The following is an example of a local bootp relay boot helper /etc/bootptab content to
respond to any client MAC address:
bootp-relay:\ ht=ether:\ ha=000000000000:\ hm=000000000000:\ bp=15.2.1.11
The following is an example of selective, MAC-specific /etc/bootptab content:
hpfcixa: ht=ether:\ ha=001083352de5:\ bp=15.2.1.11
A block of MAC addresses may be specified using the ha and hm options. This approach might be very useful with HP systems supporting HP Virtual Connect technology.
The master Ignite server needs to have entries for the client system boot requests forwarded from the bootp forward boot helper:
ignite-defaults:\ bf=/opt/ignite/boot/nbp.efi:\ ht=ethernet:\ hn:\ bs=48:\ dn=xyzco.com:\ gw=10.4.1.1:\ sm=255.255.255.0:\ ds=10.2.1.11
hpfcixa:\ ht=ignite-defaults:\ ha=001083352de5:\
58 Complex Networks: Challenges and Solutions
ip=10.4.1.100:\ bp=10.2.1.11
To use the bootp relay boot helper with PA-RISC systems, boot using standard ports, such as:
boot lan.10.2.1.11
The installation option to use HP-UX specific network ports might not work:
boot lan.10.2.1.11 install

Multi-Capable Subnet Boot Server

It is possible to set up a boot server that supports boot for multiple operating systems, including HP-UX. The multi-capable boot server may be an HP-UX system or a non-HP-UX system. If this boot server is an HP-UX system, the challenge becomes: how do I configure the HP-UX boot server to support non-HP-UX boot and installation. If the system is not an HP-UX system, the challenge becomes: how do I set up HP-UX boot and installation on the non-HP-UX system.
The information in this section is intended to provide general information to assist those setting-up a multi-capable boot server to initiate or fully support the installation of a variety of systems, including HP-UX installation. There is no general recipe for configuring these systems. In all cases, expertise is required to adapt these approaches to practical solutions.
For more detailed information about setting up specific types of boot/installation servers to support specific operating systems, see Chapter 6 (page 61).
Non-HP-UX Next Server Boot Helper
If the non-HP-UX boot server supports configuration of the DHCP PXE Server Address (SiAddr) response data, the simplest approach is to have the response specify the master Ignite server (Next Server) to be used for all additional boot content. The non-HP-UX boot server will still need to be configured to determine when boot control should be passed to the Ignite server for HP-UX installation, and when control should be retained to perform other installations. This can be accomplished by using MAC addresses or with a menu of boot options, for example.
Note that the directory where the nbp.efi boot loader is located must match the location of other HP-UX boot content on the Ignite master server. If necessary, a symbolic link may be used from the directory path matching the non-HP-UX server location to the standard HP-UX location for boot content.
For more information, see “HP-UX DHCP PXE Next Server Boot Helper for Integrity Systems”
(page 56).
Non-HP-UX bootp Boot Helper
If the non-HP-UX boot server cannot be configured to support a custom DHCP PXE Server Address value, it is necessary for the server to provide the initial Ignite install environment content. To make this approach work, copy content in the /opt/ignite/boot directory to the non-HP-UX boot server.
While best practice might be to use the same directory path, there is no particular need for the path to be the same. The path where the Ignite install environment is located on the non-HP-UX boot server must match the DHCP PXE Boot File response value, but does not need to match the default location on an Ignite server. The initial install environment will be entirely taken from the non-HP-UX bootp boot helper system.
Note that the version of any Ignite content copied to a non-HP-UX boot server must match the version of the content on the Ignite master server; it will have to be updated when a new version of Ignite is installed.
Also, note that the AUTO file and IINSTALLFS files include Ignite-UX configuration content. It is important to keep this configuration content consistent with the Ignite-UX server.
Complex Network Solutions 59
Keeping versions and configuration content consistent between these servers can be difficult. If these servers are managed by different groups, ongoing administration might make this approach impractical.
60 Complex Networks: Challenges and Solutions

6 Complex Networks: Multi-Capable Servers

This chapter presents a variety of ideas for using servers in a complex network. There is no one solution when configuring servers in a complex environment – look for the solutions that work in your data center.
This chapter focuses on Integrity systems only.

Configuring an RDP Server for Specific MAC Addresses

Conflicts between multiple boot servers on a subnet may be avoided if each boot server only responds to the MAC addresses of client systems it should manage. The RDP PXE server may be configured to selectively respond to network boot requests based on the MAC addresses of client systems. If there are more Windows and Linux systems than HP-UX systems, it makes more sense to configure the RDP server to ignore the MAC addresses of HP-UX systems instead of configuring the RDP server to respond to the MAC addresses of its client systems.
To do this, use the MAC Filter tab on the PXE Configuration Utility as shown in the figure below. The Interactive UI may be started using the Windows Start Menu:
StartAll ProgramsAltirisPXE ServicesPXE Configuration Utility
It may also be started from the RDP Deployment Solutions Console.

Configuring an RDP Server to Delay PXE Response

The RDP PXE server may be configured to delay responding to network boot requests. This gives a chance for an HP-UX network boot server to consistently respond first. The HP-UX boot server should be configured to only respond to specific MAC addresses via bootptab content, allowing the RDP server to manage the non-HP-UX systems.
The PXE Configuration Utility on the RDP server may be used to specify the response delay. Use the PXE Server tab as shown in the figure below.
The Interactive UI may be started using the Windows Start Menu:
Configuring an RDP Server for Specific MAC Addresses 61
StartAll ProgramsAltirisPXE ServicesPXE Configuration Utility
It may also be started from the RDP Deployment Solutions Console.
IMPORTANT: The recommended Minimum delay is 9 seconds and the Maximum delay is 10
seconds. These values should be large enough to provide predictable results considering some possibility of HP-UX boot server delays due to the server being busy and possible network congestion.

Configuring an RDP Server to Initiate HP-UX Installation

An HP ProLiant Essentials Rapid Deployment Pack (RDP) boot server may be configured to act as an HP-UX boot helper. You can do this by adding RDP MenuOptions for the initiation of HP-UX boot for install and placing the Ignite install environment on the RDP server. The RDP server may then be used to initiate an Ignite-UX installation of HP-UX.
To set up boot for HP-UX installation, use the PXE Configuration Utility to create the necessary MenuOptions and copy the Ignite install environment content into the proper locations on the RDP server.
The PXE Configuration Utility program is typically located on the RDP server at
C:\Program Files\Altiris\eXpress\Deployment Server\PXE\PxeConfig.exe

Setting up RDP MenuOptions via Windows Commands

A Windows command line may be used to automate Ignite support set up. To create a MenuOption on an RDP server for HP-UX installation, or to update it with new Ignite install environment content, the following command line arguments may be used:
PxeConfig.exe -create -other "HP-UX Managed" -ia64 \
-pathia64 <ignite_content_dir> -save
The ignite_content_dir directory needs to contain the following HP-UX boot and Ignite install environment files:
.\MenuOption160.0 (nbp.efi renamed as required by the RDP server)
.\MenuOption161.0 (nbp.efi renamed as required by the RDP server)
62 Complex Networks: Multi-Capable Servers
.\MenuOption162.0 (nbp.efi renamed as required by the RDP server)
.\MenuOption163.0 (nbp.efi renamed as required by the RDP server)
.\Rel_B.11.23
.\Rel_B.11.23\IINSTALLFS
.\Rel_B.11.23\IINSTALL
.\Rel_B.11.31
.\Rel_B.11.31\IINSTALL
.\Rel_B.11.31\IINSTALLFS
.\fpswa.efi
.\hpux.efi
.\AUTO
The RDP server requires the file name of the initial boot loader file and the name of the MenuOption to match. Normally, MenuOption160 will be used by the RDP server. However, if there are existing custom MenuOptions, another file name might be required. Copying the small nbp.efi boot loader to the first few custom MenuOption names the PXE Configuration Utility uses for MenuOptions should simplify the automatic set up of the RDP server. For HP-UX, this file is actually the nbp.efi network boot loader.
The Ignite-UX version for this content on the RDP server must be kept consistent with the Ignite-UX product version on the Ignite server. Note that IINSTALLFS includes config file content typically modified via use of instl_adm. Since these files will reside on the RDP server, a data center administration process for updating these files should be created to keep the RDP files consistent with the Ignite server.
The Ignite install environment on the RDP server needs to be updated when:
The IINSTALLFS config content is changed
A new version of Ignite software is installed on the Ignite server
Changes are made to the AUTO file boot menu
The HP-UX boot loader is patched

Setting up RDP MenuOptions via Interactive UI

The RDP server PXE Configuration Utility may be used to interactively create a MenuOption for HP-UX boot and Ignite installation.
Before starting the interactive UI, put the Ignite-UX boot and install environment files in a directory as specified in “Setting up RDP MenuOptions via Windows Commands” (page 62). Any convenient method may be used to transfer the required content from the Ignite server to the RDP server (FTP, Samba share, key chain drive, etc.). You should consider how this content will be updated in the future to stay consistent with the Ignite server.
The Interactive UI may be started using the Windows Start Menu:
StartAll ProgramsAltirisPXE ServicesPXE Configuration Utility
It may also be started from the RDP Deployment Solutions Console. Once started, the PXE Configuration Utility will display a window similar to the following:
Configuring an RDP Server to Initiate HP-UX Installation 63
On the Boot Menu tab, select the New... button to create a MenuOption for HP-UX boot and installation.
You should validate that the selected MenuOption number in the Final Location on PXE Server text box is consistent with the HP-UX Ignite content provided.
Configure the MenuOption as follows:
64 Complex Networks: Multi-Capable Servers
1. Enter the name of the MenuOption to be created in the Name: text box.
For HP-UX, the name “HP-UX Managed” is recommended. If HP-UX release-specific MenuOptions are created by using different AUTO content, a name such as “HP-UX 11.31 Managed” is recommended.
2. Configure the Pre-boot Image Properties.
Select Operating System type Other.
Select only the ia64 Processor Option, since HP-UX only supports ia64 systems. Make
sure x86 and x64 are unselected.
Select User supplied for the Image Creation Method, and then select Manual Boot Image.
In the PXE Boot Files text box, enter the directory containing the Ignite-UX boot and install
environment files, then select OK.
3. Select OK from the New Shared Menu Option dialog box.
4. Select Save on the Boot Menu tab of the PXE Configuration Utility – Shared Configuration
menu.
IMPORTANT: You must select Save to enable the new boot menu option before selecting
OK to exit.
Once set up is complete, the PXE Configuration Utility will show the new MenuOption for HP-UX.
Configuring an RDP Server to Initiate HP-UX Installation 65

Using an RDP MenuOption for HP-UX

Once the HP-UX MenuOption is set up using either the PXE Configuration Utility command or UI, the RDP PXE server will include “HP-UX Managed” as an option during network boot of ia64 client systems.
When a client system is booted from an RDP PXE server, the system will prompt you to “Press [F8] to select a boot option.” When booting on a serial console, function keys are typically not available. The m key may be used to bring up the boot menu instead of the F8 function key.
Loading.: Core LAN Gb A Running LoadFile()
CLIENT MAC ADDR: 00 30 6E 4C AA A5 CLIENT IP: 10.1.1.100 MASK: 255.255.255.0 DHCP IP: 10.1.1.22 PROXY IP: 10.1.1.22 GATEWAY IP: 10.1.1.1 Press [F8] to Select a boot option: iuxrdp (9) Linux Managed Next Device (BIOS/EFI) HP-UX Managed

Linux DHCP PXE Next Server Boot Helper for HP-UX Installation

A Linux boot server, such as an HP Insight Control Environment for Linux (ICE-Linux) server, may be configured to act as an HP-UX boot helper. The Linux server's dhcpd daemon may be configured to selectively respond to client network requests and to provide a PXE Next Server value that indicates the Ignite server's IP address. This Next Server value will cause boot to switch to the master Ignite server. Additional HP-UX boot loader and install content will be accessed from this Ignite Next Server.
NOTE: DHCP or this PXE boot server is responsible for providing complete network configuration
for boot and installation for the client system, including gateway, etc.
The dhcp.conf file controls dhcpd daemon operation. The next-server value is typically associated with specific MAC addresses. For example:
allow booting; allow bootp; ddns-update-style none; subnet 10.1.1.0 netmask 255.255.255.0 { option routers 10.1.1.1; option subnet-mask 255.255.255.0;
option domain-name "xyzco.com"; option broadcast-address 10.1.1.255;
option domain-name-servers 10.1.1.11;
group { host linuxsys2 { hardware ethernet 00:0C:29:A1:E9:E5; fixed-address 10.1.1.221; next-server 10.1.1.11; filename "/opt/ignite/boot/nbp.efi"; } } }
Linux server DHCP and PXE boot configuration details for your Linux distribution need to be consulted for correct set up.
Note that the HP-UX network boot loader needs to be copied to the Linux system. This file may be obtained from the Ignite-UX server at /opt/ignite/boot/nbp.efi.
66 Complex Networks: Multi-Capable Servers
This file should be located on the Linux system at /opt/ignite/boot/nbp.efi. This file needs to be accessible via TFTP.

Configuring an HP-UX Server to Support Linux Boot and Installation

By using HP-UX network services configuration files, an HP-UX server can be set up to support Linux network boot and installation if you place Linux boot and install content on the HP-UX server. You must acquire the boot and install content from a Linux distribution or Open Source website. Ignite-UX software does not include any Linux support. The information in this section describes use of HP-UX features not directly related to Ignite-UX.
It is not possible to provide all the details for setting up Linux installations here, due to differences between Linux releases. Documentation for network installation for the specific Linux releases being enabled must be consulted for the correct setup.
To enable network boot for Linux installation, proper boot content must be placed on the HP-UX server. The elilo boot loader may be obtained from a Linux distribution or the Open Source elilo website at http://sourceforge.net/projects/elilo/. The IA64 binary is needed for HP-UX Integrity systems.
Linux install kernels and install file system images must be obtained from the appropriate Linux distributions.
The message file hplinux.msg controls the appearance of the Linux boot menu. This file must be created with Linux tools.
The boot content may be placed anywhere on the HP-UX system, provided TFTP access is enabled. The location must be consistent with /etc/bootptab content. In this example, the Linux boot content is located in the same directory as the HP-UX Ignite boot content.
/opt/ignite/boot/LINUX/elilo-ia64.conf /opt/ignite/boot/LINUX/elilo-ia64.efi /opt/ignite/boot/LINUX/hpuxlinux.msg /opt/ignite/boot/LINUX/images/SLES9/initrd /opt/ignite/boot/LINUX/images/SLES9/Linux /opt/ignite/boot/LINUX/images/RHEL5UP1 /opt/ignite/boot/LINUX/images/RHEL5UP1/initrd-rhel5.1.img /opt/ignite/boot/LINUX/images/RHEL5UP1/vmlinuz-rhel5.1
The elilo-ia64.conf configuration file specifies the set of Linux installation menu options that are provided during network boot. In this example, SuSE 9 and RedHat 5 Update 1 are enabled:
chooser=textmenu message=hplinux.msg prompt
image=images/SLES9/Linux label=SLES9 description="Install SLES9" initrd=images/SLES9/initrd append="install=nfs://10.1.1.11/ISOimages/SLES9" read-only
image=images/RHEL5UP1/vmlinuz-rhel5.1 label=RHEL5UP1 description="Install RHEL5 Update 1" initrd=images/RHEL5UP1/initrd-rhel5.1.img read-only
The Linux distribution content must be made available via NFS or FTP. In this example, the same HP-UX server is used for both boot and installation. Alternatively, Linux install content may be located on another server.
SuSE Linux expects distribution install content to be unpacked as if the distribution media were mounted, and the media contents copied via the file system and made available for NFS or FTP access. RedHat expects ISO images to be available as if the distribution media were downloaded
Configuring an HP-UX Server to Support Linux Boot and Installation 67
or copied to the server from media via dd(1) and then made available for NFS or FTP access. For example:
RedHat:
/ISOimages/RHEL5UP1 /ISOimages/RHEL5UP1/RHEL5.1-Server-20071017.0-ia64-disc1-ftp.iso /ISOimages/RHEL5UP1/RHEL5.1-Server-20071017.0-ia64-disc2-ftp.iso /ISOImages/RHEL5UP1/RHEL5.1-Server-20071017.0-ia64-disc3.ftp-iso /ISOImages/RHEL5UP1/RHEL5.1-Server-20071017.0-ia64-disc4.ftp-iso /ISOImages/RHEL5UP1/RHEL5.1-Server-20071017.0-ia64-disc5.ftp-iso /ISOImages/RHEL5UP1/RHEL5.1-Server-20071017.0-ia64-disc6.ftp-iso
SuSE:
/ISOimages/SLES9 /ISOimages/SLES9/ARCHIVES.gz /ISOimages/SLES9/autorun.inf /ISOimages/SLES9/boot /ISOimages/SLES9/boot/directory.yast /ISOimages/SLES9/boot/image /ISOimages/SLES9/boot/initdisk.gz /ISOimages/SLES9/boot/rescue /ISOimages/SLES9/boot/rescuefloppy /ISOimages/SLES9/boot/root /ISOimages/SLES9/boot/ChangeLog /ISOimages/SLES9/boot/content /ISOimages/SLES9/boot/control.xml . . .
The information presented here gives some general guidance on Linux installation set up. Specific Linux release information must be consulted for getting boot and install content, setting up content on an installation server, and required options in the EFI boot configuration file.
The /etc/bootptab content to enable Linux boot for installation might look like the following.
linuxsys2:\ ht:=ether:\ ha=001560045A4A:\ ip=10.1.1.221:\ hn:\ sm=255.255.255.0:\ gw=10.1.1.1:\ nt=10.1.1.11:\ ds=10.1.1.11:\ bf=/opt/ignite/boot/LINUX/elilo-ia64.efi:\ bp=10.1.1.11
Once all the content has been set up, the HP-UX server should have Linux boot and installation enabled.
Use EFI network boot to start the boot and installation process. Installation options specified in the elilo-ia64.conf file will be displayed as formatted by the
hplinux.msg file.
IMPORTANT: If the message file is missing or incorrect, the system might display a blank screen
when elilo boots. If this happens, you should be able to use CTRL-c to exit the boot loader and return to the EFI boot menu.
Select the desired distribution for boot and installation.
/-------------------| Linux Install from an HP-UX Server |-------------------\ | | | This image enables Linux installation from an HP-UX system. Select a | | menu option, enter kernel options at the prompt if desired, and press |
68 Complex Networks: Multi-Capable Servers
| <return>. USE AT YOUR OWN RISK! ^C to go back to EFI; ESC does nothing. | | | | /------------------------------------------------\ | | | Install SLES9 | | | | Install RHEL5 Update 1 | | | | | | | | | | | | | | | | | | | | | | | | | | | \------------------------------------------------/ | | | | Kernel Options: ________________________________________________________ | | | | ^C now to go back to EFI; ESC does nothing. Once started, there's no | | turning back (i.e. you have to reboot to get back to EFI). | \----------------------------------------------------------------------------/

RedHat Installation From an HP-UX Server

The RedHat installation process normally starts with language selection.
Welcome to Red Hat Enterprise Linux Server
+---------+ Choose a Language +---------+ | | | What language would you like to use | | during the installation process? | | | | Catalan ^ | | Chinese (Simplified) : | | Chinese (Traditional) # | | Croation : | | Czech : | | Danish : | | Dutch : | | English v | | | | +----+ | | | OK | | | +----+ | | | +---------------------------------------+
<Tab>/<Alt-Tab> between elements | <Space> selects | <F12> next screen
Next, the source and method of transport must be selected. In this example, NFS network installation is used.
Welcome to Red Hat Enterprise Linux Server
+------+ Installation Method +-----­ | | | What type of media contains the | | packages to be installed? | | | | Local CDROM | | Hard drive | | NFS image | | FTP | | HTTP | | | | +----+ +------+ | | | OK | | Back | | | +----+ +------+ | | |
Configuring an HP-UX Server to Support Linux Boot and Installation 69
| | +-----------------------------------|
<Tab>/<Alt-Tab> between elements | <Space> selects | <F12> next screen
Then you must specify the location of Linux install content.
Welcome to Red Hat Enterprise Linux Server
+----------------------------+ NFS Setup +----------------------------+ | | | Please enter the following information: | | | | o the name or IP number of your NFS server | | o the directory on that server containing | | Red Hat Enterprise Linux Server for your architecture | | | | NFS server name: 10.1.1.11_______________ | | Red Hat Enterprise Linux Server directory: /ISOimages/RHEL5UP1_____ | | | | +----+ +------+ | | | OK | | Back | | | +----+ +------+ | | | | | +---------------------------------------------------------------------+
<Tab>/<Alt-Tab> / between elements | <Space> selects | <F12> next screen
RedHat installation continues presenting additional configuration screens specific to the distribution. Documentation regarding RedHat installation and configuration for client system set up should be consulted.

SuSE Installation From an HP-UX Server

The SuSE installation process normally starts with terminal selection.
What type of terminal do you have ?
1) VT100
2) VT102
3) VT220
4) X Terminal Emulator (xterm)
5) X Terminal Emulator (xterm-vt220)
6) X Terminal Emulator (xterm-sun)
7) screen session
8) Linux VGA or Framebuffer Console
9) Other
Type the number of your choice and press Return:
The installation continues to present additional configuration screens specific to the distribution. In this case, the location of install content was specified in the elilo configuration file. Documentation regarding SuSE installation and configuration for client system set up should be consulted.

Configuring an HP-UX Server to Support Windows Installation

In theory, it might be possible to configure an HP-UX server to enable Windows installation. However, Windows installation from an HP-UX server has not been investigated. One of the possible challenges for enabling installation is to provide Boot Information Negotiation Layer (BINL) from the server. A solution for Linux servers that might be adaptable is provided via Windows Remote Installation Service (RIS).
70 Complex Networks: Multi-Capable Servers

7 Managing I/O for Installation and Recovery

LUN
Legacy DSFs Legacy Hardware Paths
/dev/dsk/c9t0d1
0/0/6/0/0.1.18.73.0.0.1
/dev/dsk/c11t0d1
0/0/6/0/0.1.19.75.0.0.1
/dev/dsk/c17t0d1
0/0/10/0/0.1.18.73.0.0.1
/dev/dsk/c19t0d1
0/0/10/0/0.1.19.75.0.0.1
/dev/dsk/c29t0d1
1/0/2/0/0.1.19.75.0.0.1
/dev/dsk/c27t0d1
1/0/2/0/0.1.18.73.0.0.1
/dev/dsk/c37t0d1
1/0/14/0/0.1.18.73.0.0.1
/dev/dsk/c33t0d1
1/0/14/0/0.1.19.75.0.0.1
This chapter introduces Ignite-UX I/O concepts and describes how multi-path concepts enhance Ignite-UX. This chapter also assists the user moving from the legacy naming model to the agile naming model by touching on changes found in multi-path aware Ignite.

Introducing Multipathing

In its current implementation, beginning with C.7.1.x, Ignite-UX is aware of multiple paths to I/O devices. Ignite-UX now supports agile view on HP-UX 11i v3.
One of the features of HP-UX 11i v3 and later is the ability to tolerate I/O path changes. For HP-UX 11i v2 and earlier releases of HP-UX, Ignite-UX is aware that multiple device special files (DSFs) and hardware paths may refer to the same device logical unit (LUN).
Previous to HP-UX 11i v3, I/O addressing looks like Figure 16, where a DSF is specific to one hardware path, which in turn points to an I/O device’s LUN.
Figure 16 Legacy I/O Stack Addressing Model
Any of the legacy DSFs can be used to access the I/O device. Care must be taken to prevent the simultaneous use of multiple DSFs for conflicting purposes. For example, two DSFs for the same LUN might be used for different volume or disk groups. Ignite-UX will detect such an invalid configuration created with the Ignite user interface and prevent installation. A final validation is

Agile View Concepts

also done during sanity checking, which takes place after starting an installation.
Starting with HP-UX 11i v3, HP-UX is aware of multiple paths to devices and provides multipathing functionality automatically. Important new concepts related to this functionality are: persistent DSF,
LUN hardware path, lunpath hardware path, device identifier, and agile addressing. Agile view I/O addressing logic looks like Figure 17.
Introducing Multipathing 71
Figure 17 Agile Multiple Path I/O Stack Addressing Model
Persistent DSF
Lunpath hardware path
Lunpath hardware path
Lunpath hardware path
Lunpath hardware path
Legacy DSF
Hardware path
Legacy DSF
Hardware path
LUN hardware path
LUN
64000/0xfa00/0x6
LUN: WWID 0x50060b000015330f0001000000000032
Persistent DSF
Legacy DSFs Legacy Hardware Paths
LUN Hard- ware Path
Lunpath Hardware Path
/dev/dsk/c9t0d1
/dev/disk/disk55
0/0/6/0/0.1.18.73.0.0.1
0/0/6/0
0.0x50060b000019bc98.0x4001
0/0/6/0
0.0x50060b000019c8a6.0x4001
0/0/10/0
0.0x50060b000019bc98.0x40010
0/0/10/0
0.0x50060b000019c8a6.0x40010
1/0/2/0
0.0x50060b000019c8a6.0x4001
1/0/2/0
0.0x50060b000019bc98.0x4001
1/0/14/0
0.0x50060b000019c8a6.0x40010
1/0/14/0
0.0x50060b000019bc98.0x40010
/dev/dsk/c11t0d1
0/0/6/0/0.1.19.75.0.0.1
/dev/dsk/c17t0d1
0/0/10/0/0.1.18.73.0.0.1
/dev/dsk/c19t0d1
0/0/10/0/0.1.19.75.0.0.1
/dev/dsk/c29t0d1
1/0/2/0/0.1.19.75.0.0.1
/dev/dsk/c27t0d1
1/0/2/0/0.1.18.73.0.0.1
/dev/dsk/c37t0d1
1/0/14/0/0.1.18.73.0.0.1
/dev/dsk/c33t0d1
1/0/14/0/0.1.19.75.0.0.1
The persistent DSF represents the device, regardless of its location in the I/O configuration. With the new model, legacy DSFs and hardware paths enjoy multi-path capabilities because after device open, I/Os use every path associated with the I/O device.
The LUN hardware path is virtualized, representing all the lunpath hardware paths to a device. The lunpath hardware path is the path typically displayed in the Ignite user interface. Lunpath hardware paths do not have device special files - they are associated with a LUN hardware path and are accessed via the persistent DSF associated with a LUN hardware path. The Ignite user interface displays the lunpath hardware path so the actual device can be discerned from it; you cannot identify the physical device from looking at the LUN hardware path or the persistent DSF.
Sample agile addressing model values for the DSFs and paths are shown below.
Figure 18 Agile Naming Example
72 Managing I/O for Installation and Recovery
Identification of devices in a multiple path I/O configuration can be challenging. The I/O stack (driver) identifies devices using unique LUN IDs. Often this is a WWID value.
By identifying a device using the unique LUN ID, any of its hardware paths could be used to access it, and agile addressing is supported.
The unique LUN ID might be difficult for a user to associate with a specific physical or logical device. For example, often the device WWID is on a device label (e.g. on a sticker) or available via storage management software used to set up a virtual LUN – those values are difficult to remember and type correctly. It might be easier to select a device using one of its hardware paths.
However, if you can remember part of the WWID, you can use the Ignite user interface Disk Selection dialog box Filter text box to limit displayed devices to those with WWIDs containing the text you can remember.
Agile addressing means the hardware path actually used by the system to access a device is
independent of the path used to select the device. Selecting a disk via one hardware path might result in the system choosing some other, better hardware path. For example, this can happen when selecting a disk for boot, and when volume managers determine the appropriate set of paths to use for device access.
NOTE: For HP-UX 11i v3, the one hardware path used for selection has no special significance
in most Ignite-UX user interfaces. Ignite-UX will allow HP-UX system software to select the best path when a particular path is needed. For example, boot paths will be selected by system software when the boot device is selected.
A more user-friendly approach is to identify I/O devices with a device identifier. A device identifier is a human-readable device ID defined by the user. It can be written to the device and read back. Data centers may want to create some standard policy for device IDs (e.g. LAB2CAB23LUN15).
In the current implementation, the device ID can be set, checked, and read at installation. The device identifier is stored on the device, so it remains available if the disk is moved to a different system or connected to multiple systems. Not all devices support the use of a device identifier.
See the scsimgr(1M) command for more information on how to set and read a device identifier. When identifying I/O hardware for Ignite-UX configuration files, see Table 5 (page 81) for the
format of I/O variables.
NOTE: Your data center may use separate processes or groups to administer systems and storage.
It is important to record WWID, Device ID, and other details of LUNs assigned to your systems. Access control or protection zones may be used to control the systems permitted to use a LUN; it is important to record which systems have access to LUNs.
For more details on agile view HP-UX, see the white paper Overview: The Next Generation Mass Storage Stack available at http://www.hp.com/go/hpux-core-docs.

Practical Considerations

Ignite-UX uses hardware paths to help you identify I/O devices such as disks, CD/DVD drives and tape drives during installation and recovery. The format of the hardware path used to identify I/O devices will depend on the version of HP-UX you are using and other factors. Also, depending on your configuration, multiple paths might be displayed for a single device.
For HP-UX 11i v3, Ignite-UX will allow HP-UX system software to select the best path when a particular path is needed. For example, boot paths will be selected by system software when the boot device is selected.
Note that horizontal scrolling might be required to read the entire hardware path and associated data in Ignite-UX GUI screens.
IMPORTANT: Due to application dependencies, HP-UX software deployment tools such as Ignite-UX
expect legacy DSFs to be present and the legacy naming model to be enabled. Therefore, HP recommends only partial migration be performed, as detailed in the HP-UX 11i v3 Persistent DSF Migration Guide, available at http://www.hp.com/go/hpux-core-docs.

System Installation Configuration

When using Ignite to install HP-UX on a client, a root disk must be identified. Ignite-UX selects a default disk, but it may be changed using the Root Disk... button on the Basic tab on the client installation configuration interface shown below.
Practical Considerations 73
Figure 19 Ignite-UX Client Installation Configuration Tabs
The hardware path displayed in the Root Disk text box is the lunpath hardware path for HP-UX 11i v3 and later, or the legacy hardware path for HP-UX 11i v2 and earlier.
By selecting Root Disk..., the Disk Selection – Root Disk dialog box is displayed (Figure 20
(page 74)).
Figure 20 Disk Selection – Root Disk Dialog Box
The Disk Selection – Root Disk dialog box displays every path for each disk, therefore disks with multiple paths are listed multiple times. Set View By: to Disks/Paths (the default is I/O Protocol) to see what paths go to each disk. For more information on using the Disk Selection – Root Disk dialog box, see “Root disk... Button” (page 119).
74 Managing I/O for Installation and Recovery
NOTE: Inventory blocking may be used to reduce the time required to discover devices during
Ignite-UX start-up. Devices blocked from inventory will not be listed in the Disk Selection dialog boxes. For more information on using Ignite-UX variables such as inventory_block_path and inventory_block_protocols, see instl_adm(4), “Controlling the I/O Configuration Process”
(page 81), and “Additional... Button” (page 124). For more information on the agile naming model,
see Figure 18 (page 72).
If you have a SAS device, physical locations will be displayed in the Disk Selection – Root Disk dialog box as shown in Figure 21 (page 75).
Figure 21 Disk Selection – Root Disk Dialog Box With Physical Locations
To get a concise listing of all the paths for a single device, select the path of interest and then click the More Info button, or use the Disks/Paths View. If a LUN has multiple paths, you may select any of them to get to the same More Info screen. For example, you may select either of the lunpath
hardware paths below since they both reference the same LUN.
0/0/6/0/0.0x50060b000019c8a6.0x4001000000000000
0/0/10/0/0.0x50060b000019c8a6.0x4001000000000000
Use the More Info screen to help make the transition from legacy hardware paths to the lunpath
hardware paths. The More Info screen supplies details about a LUN to help you verify that the
selected LUN is the one intended. Note that the legacy hardware path is also shown to the very right in the Path/Location window of the Disk Selection dialog box – use horizontal scrolling to see it.
Practical Considerations 75
Figure 22 More Info Dialog Box
For HP-UX 11i v3 and later, the More Info screen displays all the lunpath hardware paths for a device. (Note that the paths can be long - horizontal scrolling may be needed to see the entire path.) The Legacy HW Path displayed depends on the lunpath hardware path currently selected in the selection list window. One legacy hardware path is listed. For a concise list of all the legacy hardware paths leading to the device, select the All Paths... button (Figure 23 (page 76)).
The Legacy HW Path window and the All Paths... button are not available on systems running HP-UX 11i v2 and earlier.
Figure 23 All Paths Dialog Box
Accessed from the File System tab of the client installation configuration interface, the Disk Selection – Add/Remove Disks dialog box displays the lunpath hardware path, the legacy hardware path, or the physical location. See Figure 21 (page 75) for the display format of physical location hardware paths.
76 Managing I/O for Installation and Recovery
Figure 24 Disk Selection – Add/Remove Disks Dialog Box
The More Info screen is made available on the Disk Selection – Add/Remove Disks dialog box too, to validate selections and help make the change to the agile naming model.

Support for >2 TB boot disk

Starting with the HP-UX 11i v3 OE Update March 2013 release, the maximum size of the boot disk has been increased from 2 TB to 16 TB on HP Integrity systems. (HP 9000 systems have supported the boot disk or root volume group up to the 2 TB maximum size since the initial HP-UX 11i v3 OE February 2007 release.)
The >2 TB boot disk support is available with Logical Volume Manager (LVM) layout and currently not available on VxVM and Whole Disk layouts. To configure >2 TB disk as boot disk, you have to navigate to Basic tab -> Filesystem -> select Logical Volume Manager (LVM) with VxFS from the itool interface.
Update the Ignite-UX software on the Ignite-UX servers with the Ignite-UX bits.
NOTE: The Ignite-UX software is delivered with the HP-UX 11i v3 OE Update March 2013
release or higher for configuring the boot disk >2 TB in size.
NOTE: Support for >2 TB boot disk support is available with HP-UX 11i v3 OE Update March
2013 release or higher to HP Integrity systems, and this feature is not available and supported on the HP-UX versions earlier than OE Update March 2013 release.
During the cold installation, the default LVM Volume Group Version set by Ignite-UX is 1.0. This limits the size of the boot size to 2 TB, and the remaining space on the disk will be unused. To utilize the full disk capacity beyond 2 TB (and up to 16 TB max) for boot disk with LVM, you have to update the LVM’s Volume Group Version to 2.2 or later versions. You can do this by navigating to Filesystem tab > Advanced Tasks > Group parameters tab > LVM Version in the Ignite-UX itool user interface. For more information, see LVM Volume Group Version 2.2 at: http://www.hp.com/
go/hpux-core-docs
The VxFS File System size chosen for configuring any volume is limited to 2 TB during the installation and any size configured beyond 2 TB will be capped to a maximum of 2 TB . You can manually extend the size of the VxFS File System to >2 TB, post installation, if Online JFS License product is installed on the system.
Practical Considerations 77
Starting with HP-UX 11i v3 OE Update March 2013 release, Ignite-UX supports the size of Swap, Dump, and unused logical volumes up to 1 TB instead of the previous limit of 128 GB on 11i v2 and 11i v3. During a cold installation or recovery, larger amounts of swap, dump, or swap volumes can be utilized in disk or volume groups by defining multiple swap, dump, or swap volumes. The limit for unused volumes on 11i v1 is 1 TB; however, the limit for swap and dump has not been increased.

Identifying Devices for Other Tasks

There are a number of other Ignite tasks that require the identification of I/O devices:
When building installation media, you must use the ioscan command to find the tape, CD,
or DVD drive. Note that some of the CD/DVD writing SW included with Ignite-UX but not developed by HP only works with legacy device special files.
When performing a system recovery on Itanium-based systems, you must find the tape device’s
hardware path to create an EFI boot option. (This should be done at the time the tape is created.)
During two-step media recovery, you must select the hardware path of the tape drive to recover
from.
When in expert recovery mode, you must have the hardware path of the disk you are attempting
to recover.
When identifying disks in configuration files to define them or combine them in a single volume
group, you must supply the hardware paths of the disks.

Important Characteristics of the Agile View

The following points will help you move from the legacy view to the agile view:
When using the new persistent DSFs, be sure to use the new directory structure:
Table 3 Mass Storage DSF Directories
Both legacy and persistent DSFs can be created during installation and recovery of HP-UX 11i
v3 depending on your volume manager. When Ignite-UX creates file system content for HP-UX 11i v3, persistent DSFs are used for LVM volumes and VxVM 5.0 layout, and legacy DSFs are used for VxVM 4.1.
NOTE: The VxVM components in the Ignite-UX install environment and the installation depot
must be version 5.0 or higher in order to use persistent DSFs.
Keep in mind that persistent DSFs endure with recovery if Ignite recovers to the same hardware
or can map to replacement hardware, but are not guaranteed to remain the same between installations. See Figure 25 for an overview regarding consistency of I/O addressing.
Legacy DSF DirectoryPersistent DSF Directory
/dev/dsk/dev/disk
/dev/rdsk/dev/rdisk
/dev/rmt/dev/rtape
If hardware is replaced and recovery is not needed, you might want to run io_redirect_dsf
to correct the system configuration. For more information, see io_redirect_dsf(1M).
78 Managing I/O for Installation and Recovery
Figure 25 Consistency of I/O Addressing
Reboot
Installation with other hardware changes
C C C C C CC
Persistent DSF
LUN H/W Path
Lunpath H/W Path
Legacy DSF
Legacy H/W Path
Device ID
WWID
Installation with replacement of system and/or HBAs
with same model and config using the same devices
Installation with same system and config using
replacement devices
C C C CN N N
N N
NNN
N N N N N N
NN
N
* *
C N C C C
Recovery with same system and devices
NRC
R
C C C
Recovery with replacement of system and/or HBAs
with same model and config using the same devices
R
N C
R
C C C
Recovery with same system and config using
R
N
*
R
*
N N
Recovery with other hardware changes N
N N N N N N
System Event
Device Addressing Identification
Reinstallation on same system and devices.
replacement devices
Use the following key for the “Consistency of I/O Addressing” figure above. C = Consistent — Device addressing id value is saved in HP-UX config content and the correlation
between these values and devices does not change as a result of the event. N = New Value — Device addressing id value is newly created as a result of the event. The device
addressing id value for a device might or might not change as a result of the event. R = Recovered — Ignite-UX will restore the association between device addressing id values and
devices when possible. The process used to match previous and current devices is handled by Ignite-UX recovery matching methods. Matching might not be possible if the system configs differ.
* — Might be a consistent value for some I/O protocols such as parallel SCSI, and might be a new value for some I/O protocols such as fibre channel.
Practical Considerations 79

Recovery and the Agile View

During recovery, Ignite-UX C.7.x makes changes to the new system I/O configuration to match the original system I/O configuration. This is necessary because some aspects of a system configuration depend on the unpredictable order of system I/O inventory.
The overall goal of this process is to make the system I/O configuration appear as if the system simply rebooted at the time the recovery archive was created. This process is complex, and Ignite-UX might be unable to fully restore the I/O configuration. Ignite might not be able to restore aspects of the I/O configuration due to hardware changes, limitations of system I/O software, and limitations of Ignite-UX.
The system I/O configuration should be verified during and after recovery so configuration adjustments can be made if needed.
One part of restoring the I/O configuration is the appropriate matching of device special files (DSFs) and devices. There is one approach used for legacy DSFs in HP-UX 11i v3 and previous releases, and another approach used for HP-UX 11i v3 persistent DSFs.

Legacy DSFs and Device Matching

Matching legacy DSFs and mass storage devices is done based on hardware paths. Generally, legacy DSFs are associated with a particular hardware path. During recovery, a device is associated with its hardware path's DSF. (See Figure 16 (page 71) for a description of the legacy addressing model.)
Hardware configuration changes are handled by assuming a new device is intended to replace the device originally at that hardware path.
Note that some I/O protocols, such as SAS and USB, associate legacy DSFs with specific devices using unique LUN IDs, and so behave like persistent DSF matching described below.
SAS devices are a special case, since their legacy DSF/unique LUN ID association can change as a result of I/O configuration changes. If you change a SAS configuration (physically move a SAS device to another bay or remove a SAS device) the hardware path associated with that and other SAS devices can change during an installation or recovery. In such a case, hardware paths are reassigned to SAS devices. Since legacy DSFs are associated with a particular hardware path, a change in a device's hardware path breaks the association between its previous legacy DSF and its unique LUN ID. Note that the way SAS devices are associated during recovery might change in future versions of Ignite-UX to use the agile addressing approach described below.
Only certain SAS configuration changes cause remapping of hardware paths. For more information see the white paper, “Ignite-UX and SAS Devices” available at http://www.hp.com/go/
ignite-ux-docs.

Persistent DSFs and Device Matching

Matching persistent DSFs and mass storage devices is relatively complex due to agile addressing. Ignite-UX will attempt to simulate agile addressing during recovery, while also dealing with hardware replacement. This matching is accomplished using the methods described below:
WWID — Matching is done based on the unique LUN ID of the device. Most often, this is the
device's WWID. This method matches a device's original persistent DSF with the same device in the recovered system configuration.
Device ID — (Future) Matching is done based on a user-definable identifier written to the
device. This method matches a device's original persistent DSF with the device that has the same device ID in the recovered system configuration. This method allows user-provided identification to control device matching. Note that some mass storage devices do not support the device ID feature.
Physical Location — Matching is done based on device physical location. This method matches
the original persistent DSF associated with a particular physical location (e.g. same enclosure
80 Managing I/O for Installation and Recovery
and bay) with the device at that location in the recovered system configuration. This method is intended to handle replacement of devices. Note that not all I/O protocols support physical location addressing.
Lunpath — Matching is done based on lunpath hardware path. This method matches the
original persistent DSF associated with a lunpath hardware path with the device at that lunpath hardware path in the recovered system configuration. This method is intended to handle replacement of devices. Some protocols such as fibre channel have lunpath hardware paths and legacy hardware paths that are functionally different (use different hardware attributes).
Legacy hardware path — Matching is done based on the legacy hardware path. This method
matches the original persistent DSF associated with a legacy hardware path with the device at that legacy hardware path in the recovered system. This method matches devices using the same approach used for typical legacy DSFs.
Not all methods are appropriate for all protocols. The following are the ordered lists of persistent DSF-to-device matching methods by protocol. The order in which these methods are applied is important. Matching will be done in the order listed.
Table 4 Persistent DSF-to-Device Matching Methods by Protocol
Ordered ListProtocol
WWID, lunpathparallel SCSI
WWID, physical location, lunpathfibre channel
lunpathide
WWID, physical location, lunpathSAS
no matching will be doneother
NOTE: There might be devices in the original system configuration that can not be matched with
devices in the new system configuration. There might also be devices in the new system configuration that do not match devices in the original configuration. In these cases, the HP-UX operating system I/O drivers will assign legacy and persistent DSFs for the non-matching devices.

Controlling the I/O Configuration Process

It is possible to control the I/O configuration process associated with installation and recovery by using variables in the configuration file. These variables allow you to select disks that may be replaced with other disks, hide disks from the I/O configuration process, and control DSF naming.
By controlling the I/O configuration process, you can make configuration files that are general enough to use with clients having different hardware paths, protect disks from modification, and increase the performance of the I/O inventory process.
This section introduces the variables and value types associated with I/O configuration for use in configuration files. Further details can be found in instl_adm(4).
Table 5 I/O Configuration Variables
allow_disk_remap
hide_boot_disk
DescriptionI/O Configuration Variable
(boolean) Setting this to true allows Ignite to substitute a disk that was specified in the
configuration files but does not exist on the system with a disk that does exist and was
not specified to be used, hidden, or blocked. Default for this value is false for a noninteractive installation, and true for an interactive installation. This is useful when creating configuration files for use with multiple clients.
(boolean) Setting this to true prevents the installation process from allowing the boot disk to be configured and/or “cleaned”. This is useful only when the Ignite kernel is booted from a dedicated hard disk you wish to protect from being modified.
Controlling the I/O Configuration Process 81
Table 5 I/O Configuration Variables (continued)
DescriptionI/O Configuration Variable
_hp_hide_other_disks
hw_instance_number
inventory_block_path
inventory_block_protocols
(string) This may be set to one or more space-separated hardware paths of disks that should be “hidden” from being configured or otherwise modified during the installation. This is useful for hiding multiple disks.
(string) Setting this keyword forces a specific instance number assignment for the specified hardware device. This is useful for producing client configurations consistent with others regardless of variations in hardware configurations.
(string) This keyword is used to control Ignite inventory functionality by instructing Ignite to not collect inventory information for the devices specified. This is useful when you want devices hidden and not available for selection during installation.
(string) This keyword is used to control Ignite inventory functionality by instructing Ignite to not collect inventory information for the devices of the protocol type specified. This is useful when you want to increase the performance of the I/O inventory process by ignoring all devices of a certain protocol. These devices will not be available for selection during installation.
Below are listed the value types for use with the I/O configuration variables.
Table 6 I/O Configuration Value Types
DescriptionI/O Configuration Value Type
Hardware Path
For keywords that take a hardware path as an index parameter or value, the hardware path may be a series of more than one decimal or hexadecimal numbers separated by the period ( . ) or the forward slash ( / ) characters. A complex string or string variable may also be used where a hardware path is expected.
Physical Location
World-Wide Name / WWID
A physical location may be a series of alphanumeric values separated by the colon ( : ) character.
The format of this value varies depending on the protocol and device. This value is often a standard IEEE value in hexadecimal format, however this value may have some other format. This value may not contain white space.
The valid protocol values are:I/O Protocol
fibre_channel
parallel_scsi
sas
usb

Agile View Questions and Answers

What are the requirements for the use of persistent DSFs? Must I use them exclusively or can I mix them with legacy DSFs?
Ignite-UX will use persistent DSFs for installation and recovery on systems running HP-UX 11i v3. Internally, VxVM volume management software controlling installation and recovery uses persistent or legacy DSFs as appropriate for the VxVM version used. See “Important Characteristics of the
Agile View” (page 78) for more information.
Can the user switch from persistent to legacy DSFs and back if desired?
Switching between persistent and legacy DSFs is specific to the volume manager. See your volume manager documentation for more details.
Does the Ignite–UX interface enforce a particular use model with respect to persistent and legacy DSFs?
No, but persistent DSFs will be used for HP-UX 11i v3 installation and recovery.
If a persistent DSF is specified, is the equivalent legacy DSF added as well? And vice versa?
82 Managing I/O for Installation and Recovery
Ignite-UX will use persistent DSFs for installation and recovery. VxVM installation support software will create VxVM volumes using appropriate DSFs for the VxVM version used. See “Important
Characteristics of the Agile View” (page 78) for more information.
Agile View Questions and Answers 83

8 Security

The purpose of this chapter is to assist system and network administrators in understanding the network ports and protocols used by Ignite-UX during its various phases of operation, and to assist in configuring the HP-UX Bastille and IPFilter products. HP is not able to provide support for configuring third-party firewalls to work with Ignite-UX.

Ignite-UX Server Ports

Ignite-UX server network port usage is described below by server activity. Diagrams follow that describe the port activity by network communication task and timing. See the product documentation to get the protocol for your system when the protocol is listed as tcp/udp.
Initiate LAN Boot for Itanium-Based clients, Figure 26 (page 85): ports 67 and 68.
Initiate LAN Boot for PA-RISC clients, Figure 27 (page 85): ports 1067, 1068.
Cold boot and installation initiated from client, Figure 28 (page 86): 69, 2049, 2121, an
SD dynamically allocated port.
Live system reinstall via bootsys initiated from the server, Figure 29 (page 87): 2049, 69,
2121, an SD dynamically allocated port, and 514 or 22.
make_net_recovery initiated from client, Figure 30 (page 88): 69, 2121, an SD
dynamically allocated port, 2049.
make_net_recovery initiated from the server, Figure 31 (page 89): 69, 2121, an SD
dynamically allocated port, 2049, and 514 or 22.
make_sys_image initiated from client, Figure 32 (page 89): 514 or 2049.
84 Security
Figure 26 Port Usage: Initiate LAN Boot for Itanium-Based Clients
PXE/DHCP (udp)
Client Timeline
Server
67
68
68
67
Initiate LAN Boot: Itanium-Based Systems
[Request IP address for boot]
DHCP/bootp (udp)
[Network boot information]
1
bootp (udp)
bootp (udp)
Client Timeline
Server
1067
Initiate LAN Boot: PA-RISC Systems
[Request IP address for boot]
[Network boot information]
1068 1068
1067
2
1. The client sends a boot request to the server over port 67. The request is handled by the
bootpd daemon on the server. If the client is registered, the /etc/bootptab file is referenced
for the boot IP address; if the client is anonymous, DHCP services are used to assign the boot IP address. The server then sends the networking information to the client on port 68. For more information on booting registered Itanium-based clients, see “Configuring the Ignite-UX Server
for Itanium-Based Clients” (page 34). For more information on booting anonymous
Itanium-based clients, see “Configuring an Ignite Server to Boot Anonymous Itanium-Based
Clients” (page 43). For more information on bootpd, see bootpd(1M).
Figure 27 Port Usage: Initiate LAN Boot for PA-RISC Clients
2. The client sends a boot request to the server over port 1067. The request is handled by the
instl_bootd daemon on the server. The /etc/opt/ignite/instl_boottab file is
referenced whether the client is registered or anonymous. The server then sends the networking information to the client on port 1068. For more information on booting registered PA-RISC clients, see “Configuring the Ignite-UX Server for PA-RISC Clients” (page 30). For more information on booting anonymous PA-RISC clients, see “Configuring an Ignite Server to Boot
Anonymous PA-RISC Clients” (page 42). For more information on instl_bootd, see
instl_bootd(1M).
Ignite-UX Server Ports 85
Figure 28 Port Usage: Client Cold Boot and Installation
Client Timeline
Server
Client Cold Boot and Installation
Initiated from Client Firmware
[Depots]
swinstall (tcp/udp)
NFS (tcp/udp)
[Record log information on server]
tftp (udp)
[INSTCMDS, SYSCMDS]
NFS (tcp/udp)
[Image]
tftp (udp)
[Initial boot content]
swinstall @ server (tcp/udp)
[Port to listen to]
Initiate LAN Boot - see the diagram for your hardware
P
P
69
2049
2049
69
2121
Common to all Server-based
Download and
Boot Kernel
Installations
swinstall depot sequence
3
6
4
5
3. The initial boot content (kernel, file system, and required files) is downloaded from the server
to the client, then the client is booted. For Itanium-based systems, these files are downloaded in the order listed: nbp.efi, AUTO, fpswa.efi, hpux.efi, IINSTALL, and IINSTALLFS. PA-RISC systems download these files in the order listed: boot_lif, AUTO, WINSTALL, and
WINSTALLFS.
4. The file install.log is updated on the server in the /var/opt/ignite/clients/client
directory. A compressed tar archive of commands to set up disk volumes and file systems is downloaded (INSTCMDS for PA-RISC, and INSTCMDSIA for Itanium-based systems). The TUI is run on the client console. The user selects the installation configuration via the TUI and selects Go!. A compressed tar archive of commands required to complete the installation is downloaded (SYSCMDS for PA-RISC and SYSCMDSIA for Itanium-based systems). Ports used by NFS to make RPC (Remote Procedure Call) calls are not discussed here.
5. If the installation is from an image, it is downloaded. Ports used by NFS to make RPC calls
6. If the installation configuration requires software to be installed from depots on the server, a
are not discussed here.
swinstall request is sent to the server's Software Distributor (SD) daemon, swagentd, on port 2121. An SD agent, swagent, is then spawned on the server that acquires a dynamically allocated communication port for the download. That communication port is then reported to the client on port 2121. The client then spawns a new swagent processes that communicates with the server on the acquired communication port P, where the depot download takes place. For more information on SD, see the Software Distributor Administration Guide available at
http://www.hp.com/go/sd-docs.
86 Security
NOTE: Although swinstall is illustrated here, the install could use one or more of
P
P
swinstall depot sequence
[Depots]
Environment
Get Install
Kernel Boot Sequence
remsh (tcp)
[bootsys_prep, OS & hardware information]
514
22
514
22
ssh (tcp)
[bootsys_prep, OS & hardware information]
Client Timeline
Server
rcp (tcp)
[*INSTALL, ISL, AUTO, HPUX, *INSTALLFS]
2049
2049
NFS (tcp/udp)
[Record log information on server]
69
tftp (udp)
[INSTCMDS, SYSCMDS]
Common to all Server-based
Installations
NFS (tcp/udp)
[Image]
2121
Live System Reinstall via bootsys from Server
or
or
Run bootsys
scp (tcp)
[*INSTALL, ISL, AUTO, HPUX, *INSTALLFS]
swinstall @ server (tcp/udp)
[Port to listen to]
ping (icmp)
swinstall (tcp/udp)
7
8
6
4
5
swinstall with remsh (port 514), NFS (ports 49152–65535), ftp data (port 20), and ftp (port 21).
Figure 29 Port Usage: Live System Reinstall
7. The server pings the client with an ICMP type 8 echo request. The client answers the ping with
an ICMP type 0 echo reply. Files required for bootsys are transferred from the server to the client. These files are transferred with remsh by default, or by ssh if the bootsys -S option is used.
8. The kernel, file system, and required files are downloaded from the server to the client, then
the client is booted. These files are transferred with rcp by default, or by scp if the bootsys
-S option is used.
NOTE:
The client can specify to use privileged ports (1–1023) or not via the ssh_config directive. The default is non-privileged ports. If you want to configure ssh to use privileged ports, you have to make the client an suid program.
Ignite-UX Server Ports 87
Figure 30 Port Usage: make_net_recovery Initiated from the Client
swinstall (tcp/udp)
swinstall (tcp/udp)
check_version
tftp (udp)
[/opt/ignite/data/Version from server to client]
69
2121
2121
Pn
PnPn
Pn
swlist@server (tcp/udp)
Client Timeline
Server
2049
[Output of swlist]
[IUX-Recovery depot]
NFS (tcp/udp)
[Recovery image]
make_net_recovery Initiated from Client
[Port to listen to]
[Port to listen to]
ping (icmp)
(tcp/udp)
9
10
11
5
9. The server pings the client with an ICMP type 8 echo request. The client answers the ping with
an ICMP type 0 echo reply. If tftp is enabled, the version check is done with the file /opt/ ignite/data/Version.
10. If tftp is not enabled, the version check is done with swlist using the swinstall depot
sequence described in Figure 28 (page 86).
11. If the client has a lower version of Ignite than the server, a depot of recovery commands is
transferred to the client using the swinstall depot sequence described in Figure 28
(page 86).
NOTE: Although swinstall is illustrated here, the install could use one or more of
swinstall with remsh (port 514), NFS (ports 49152–65535), ftp data (port 20), and ftp (port 21).
88 Security
Figure 31 Port Usage: make_net_recovery Initiated from the Server
remsh (tcp)
[Run make_net_recovery command]
Proceed as make_net_recovery initiated from client
514
22
ssh (tcp)
[Run make_net_recovery command]
Client Timeline
Server
make_net_recovery Initiated from Server
or
12
or
13
remsh (tcp)
514
Client
Server
make_sys_image Initiated from Client
NFS (tcp/udp)
[Golden archive]
[Golden archive]
2049
12. The server remotely executes make_net_recovery from the client. The command is run via
remsh by default, or by ssh if the client was added for recovery on the server with the ssh option.
NOTE:
The client can specify to use privileged ports (1–1023) or not via the ssh_config directive. The default is non-privileged ports. If you want to configure ssh to use privileged ports, you have to make the client an suid program.
Figure 32 Port Usage: make_sys_image Initiated from the Client
13. The golden archive is written to the destination server via remsh or NFS. Note that

Modifying a Bastille-Hardened System to Operate with Ignite-UX

make_sys_image does not need networking if the archive is written locally to the client.
HP-UX Bastille is a security hardening/lockdown tool that can be used to enhance the security of the HP-UX operating system. It provides customized lockdown on a system-by-system basis by encoding functionality similar to the Center for Internet Security (CIS) Level 1 Benchmark for HP-UX and other hardening/lockdown checklists. The Bastille technology is available in HP-UX 11i v1 and later versions of HP-UX.
This section describes how to make sure Ignite-UX requirements are enabled on your Bastille system. For more information on HP-UX Bastille, see bastille(1M) , bastille_drift(1M), the HP-UX System
Administrator's Guide: Security Management if you are running HP-UX 11i v3, and Managing
Modifying a Bastille-Hardened System to Operate with Ignite-UX 89
Systems and Workgroups: A Guide for HP-UX System Administrators for systems running HP-UX 11i v2 and earlier.
CAUTION: The configuration processes in this section change the security properties of your
system. When enabling services, protocols, and ports, careful consideration should be given to the impact to your network and system security.

Enabling Ignite-UX Server Requirements

To make sure Ignite-UX requirements are enabled on the server, you must first discover your current lockdown state and then modify that state, if necessary, to allow selected daemons and services to run. You must also allow access to certain ports used by an Ignite-UX server.
1. Discover your current lockdown state.
If you are using Bastille 3.0 or later, create a configuration report. The report will be
created in /var/opt/sec_mgmt/bastille/log/Assessment/
assessment-log.config.
# bastille --assessnobrowser
If you are using a version of Bastille earlier than 3.0, get the latest configuration file used
by Bastille.
# bastille -l
NOTE: If you get the message
NOTE: The system is in its pre-bastilled state.
there is no need to proceed with this configuration, as daemons, services, and ports required by Ignite-UX are not locked-down in the pre-bastille state.
2. Copy the last configuration file used or the assessment report to a place of your choice.
3. Bring up the latest configuration in the Bastille GUI.
# bastille --os [HP-UX11.00 | HP-UX11.11 | HPUX11.23 | HPUX11.31] -f filename
4. Make sure the settings in your configuration file for the following daemons and services are
set to No. Note that if you have to change a setting from Yes to No, you will likely be required to enable that daemon or service on your system in order to use it. After you have made changes, save the configuration file to a place of your choice.
Would you like to deactivate the NFS server on this system Would you like to deactivate NIS client programs? Should Bastille ensure inetd's bootp service does not run on this system? Should Bastille ensure inetd's TFTP service does not run on this system?
5. To update your firewall or have Bastille create a new one:
a. Backup your /etc/opt/ipf/ipf.conf file to a place of your choice. b. Update the port information for the Bastille-enabled HP-UX IPFilter firewall by editing the
file /etc/opt/sec_mgmt/bastille/ipf.customrules and making the following changes:
Add the words keep frags to the end of the udp outgoing rule line so it looks like
pass out quick proto udp all keep state keep frags
90 Security
Remove or comment-out the following line.
block in quick proto udp from any to any port = portmap
Add the following lines after the End allow outgoing rules section.
# ports required for Ignite-UX ############################################################ pass in log quick proto udp from any to any port = 69 keep state pass in log quick proto udp from any port = 68 to any port = 67 keep state pass in log quick proto udp from any port = 1068 to any port = 1067 keep state pass in log quick proto tcp/udp from any to any port = 2049 keep frags
pass in log quick proto tcp/udp from any to any port = 2121 pass in log quick proto tcp/udp from any to any port 49152 >< 65535 pass in log quick proto tcp from any to any port = 20 pass in log quick proto tcp from any to any port = 21 pass in log quick proto tcp from any to any port = 22 pass in log quick proto tcp from any to any port = 514 pass in log quick proto icmp from any to any icmp-type 8 keep state pass in log quick proto tcp from any port = 514 to any keep state
c. In the IPFilter Module of Bastille, change the following line to Yes if it is not already.
Should Bastille setup basic firewall rules with these properties?
d. Run Bastille.
# bastille -b -f your_configuration_file
6. If a Bastille baseline had been created for the system, update that baseline.
# bastille_drift --save_baseline baseline

Enabling Ignite-UX Client Requirements

To make sure Ignite-UX requirements are enabled on the client, you must first discover your current lockdown state and then modify that state, if necessary, to allow the NFS daemon and rtools services to run. You must also allow access to certain ports used by an Ignite-UX client.
1. Discover your current lockdown state.
If you are using Bastille 3.0 or later, create a configuration report. The report will be created in /var/opt/sec_mgmt/bastille/log/Assessment/
assessment-log.config.
# bastille --assessnobrowser
If you are using a version of Bastille earlier than 3.0, get the latest configuration file used by Bastille.
# bastille -l
NOTE: If you get the message
NOTE: The system is in its pre-bastilled state.
there is no need to proceed with this configuration, as daemons, services, and ports required by Ignite-UX are not locked-down in the pre-bastille state.
2. Copy the last configuration file used or the assessment report to a place of your choice.
3. Bring up the latest configuration in the Bastille GUI.
# bastille --os [HP-UX11.00 | HP-UX11.11 | HPUX11.23 | HPUX11.31] -f filename
4. Make sure the settings in your configuration file for the NFS daemon and rtools service are
set to No. Note that if you have to change a setting from Yes to No, you will likely be required to enable that daemon or service on your system in order to use it. After you have made changes, save the configuration file to a place of your choice.
Would you like to deactivate the NFS client daemons? Should Bastille ensure that the login, shell, and exec services do not run on this system?
5. To update your firewall or have Bastille create a new one:
a. Backup your /etc/opt/ipf/ipf.conf file to a place of your choice. b. Update the port information for the Bastille-enabled HP-UX IPFilter firewall by editing the
file /etc/opt/sec_mgmt/bastille/ipf.customrules and making the following changes:
Add the words keep frags to the end of the udp outgoing rule line so it looks like
pass out quick proto udp all keep state keep frags
Add the following lines after the End allow outgoing rules section.
Modifying a Bastille-Hardened System to Operate with Ignite-UX 91
# ports required for Ignite-UX ############################################################ pass in log quick proto icmp from any to any icmp-type 8 keep state pass in log quick proto tcp from any to any port = 512 pass in log quick proto tcp from any to any port = 514 pass in log quick proto tcp/udp from any port = 2049 to any keep frags pass in log quick proto tcp/udp from any to any port 49152 >< 65535
c. In the IPFilter Module of Bastille, change the following line to Yes if it is not already.
Should Bastille setup basic firewall rules with these properties?
d. Run Bastille.
# bastille -b -f your_configuration_file
6. If a Bastille baseline had been created for the system, update that baseline.
# bastille_drift --save_baseline baseline

Configuring Ignite to Replace TFTP with NFS

Beginning with Ignite-UX version C.7.9, it is possible to configure the Ignite-UX loadfile utility to use NFS instead of TFTP for network access to the Ignite server. This allows users to avoid use of TFTP except during direct network boot of the install kernel. The TFTP protocol can be avoided entirely if the system being installed is booted from media (including vMedia) or via the bootsys command.

Overview

In order to use this functionality, minor modifications to Ignite-UX configuration files might have be made to the Ignite-UX server system. These modifications fall into the following categories:
Add a keyword to the appropriate configuration files instructing Ignite to use NFS instead of
TFTP.
Ensure config files are located in an acceptable directory that is NFS-mounted during the
installation. Make sure the INDEX file refers to the config files in their new (C.7.9 and later) locations as outlined below.
Disable the TFTP daemon.
NOTE: Because of changes necessary to replace TFTP with NFS, beginning with C.7.9 the
locations of three Ignite product files have moved. Ignite automatically creates symbolic links from the old file to the new file location. These files are:
Table 7 Ignite Product Files Moved in Version C.7.9 and Later
C.7.9 and Later LocationPre-C.7.9 Location
/opt/ignite/data/Version/opt/ignite/Version
/var/opt/ignite/data/INDEX/var/opt/ignite/INDEX
/var/opt/ignite/data/config.local/var/opt/ignite/config.local

Procedure

1. Add the _hp_loadfile_use_nfs keyword.
92 Security
HP recommends placing this in the config section of the install file system. Use your environment’s HP-UX version and install file system in the following commands.
First, change the working directory to the release-specific boot directory and grab the config content:
# cd /opt/ignite/boot/Rel_B.11.31 # instl_adm -d > /tmp/ifs.cfg
Use vi to add _hp_loadfile_use_nfs=trueto the file:
# cat /tmp/ifs.cfg # instl_adm defaults: # NOTE: Manual additions between the line containing "instl_adm defaults # and "end instl_adm defaults" will not be preserved. server="10.1.54.230" netmask[]="255.255.248.0" route_gateway[0]="10.1.48.1" route_destination[0]="default" # end instl_adm defaults. _hp_loadfile_use_nfs="true"
Now use instl_adm to update the install file system:
# instl_adm -f /tmp/ifs.cfg
2. Set up NFS exports and check custom configuration files.
Because of preexisting Ignite-UX file system layouts, the locations of certain files are automatically moved when Ignite-UX Version C.7.9 or later is installed . These files are /opt/ ignite/Version, /var/opt/ignite/INDEX, and /var/opt/ignite/config.local. In addition, certain other customer-created config files might need to be moved or edited.
First, edit /etc/exports or /etc/dfs/dfstab as appropriate for the version of HP-UX running on the Ignite-UX server.
For Ignite servers running HP-UX 11i v2 or earlier:
# cat /etc/exports
/opt/ignite/data -ro /var/opt/ignite/config -ro /var/opt/ignite/data -ro /var/opt/ignite/clients -anon=2
# exportfs -a
For Ignite servers running HP-UX 11i v3:
# cat /etc/dfs/dfstab
share -F nfs -o ro /opt/ignite/data share -F nfs -o ro /var/opt/ignite/data share -F nfs -o anon=2 /var/opt/ignite/clients
# shareall
If there are any customer-created config files that are outside of the directories exported by NFS, they must be moved under /var/opt/ignite/data.
3. Edit the /var/opt/ignite/INDEX file to refer to /var/opt/ignite/data.
Some customers will need to modify the config.local entry in /var/opt/ignite/data/ INDEX. For example, the INDEX clause
cfg "HP-UX B.11.31 Default" { description "Example HP-UX 11i v3 (11.31) configuration." "/opt/ignite/data/Rel_B.11.31/config" "/opt/ignite/data/Rel_B.11.31/hw_patches_cfg" "/var/opt/ignite/data/Rel_B.11.31/core_cfg" "/var/opt/ignite/config.local" }
would need to be modified to be
cfg "HP-UX B.11.31 Default" { description "Example HP-UX 11i v3 (11.31) configuration." "/opt/ignite/data/Rel_B.11.31/config" "/opt/ignite/data/Rel_B.11.31/hw_patches_cfg" "/var/opt/ignite/data/Rel_B.11.31/core_cfg" "/var/opt/ignite/data/config.local" }
Configuring Ignite to Replace TFTP with NFS 93
4. Disable TFTP on the Ignite-UX server (optional).
Unless you need to initiate installations via network boot, you may now disable TFTP on the Ignite-UX server. You may remove or comment out the "tftp" entry from /etc/inetd.conf.
If the system to be installed is running any version of HP-UX, booting from the network can be avoided by using the bootsys command or by booting from media and switching to the Ignite-UX server.
In the boot-from-media case, it will be necessary to either specify the _hp_loadfile_use_nfs keyword on the boot loader command line or create custom media with that keyword built into it.
For PA-RISC systems, interrupt the autoboot sequence at the prompt
Interact with IPL (Y, N, or Cancel)?> y
and enter the following (substitute 11.31 for 11.23 depending on the release).
ISL> hpux -i_hp_loadfile_use_nfs=\"true\" Rel_B.11.23/WINSTALL
For Integrity systems, interrupt the autoboot sequence at the prompt
Press Any Key to interrupt Autoboot
and enter the following (substitute 11.31 for 11.23 depending on the release).
HPUX> boot Rel_B.11.23/IINSTALL -i_hp_loadfile_use_nfs=\"true\"
If you do need to preserve the ability to perform network boot, but otherwise wish to take advantage of the NFS loadfile functionality, you may remove the /var/opt/ignite directory from the "tftp" entry in /etc/inetd.conf, leaving only /opt/ignite.
When Ignite-UX is installed, it automatically enables the TFTP daemon. If you reinstall Ignite-UX, you will need to reapply these changes.
For information on booting from media and then switching to an Ignite-UX server over the network, see “Alternate Boot with Network Server Installation” (page 26). For information about changing configuration content in the install file system, see instl_adm(1M) and instl_adm(4).
5. Verify that the configuration works.
Perform an installation, and watch the console output or the install.log file for the “Ignite-UX will use NFS for loadfile.” message:
* Preparing to execute init... ======= 03/02/09 20:39:20 EST HP-UX Installation Initialization. @(#)Ignite-UX Revision C.7.8.201 @(#)ignite/launch (opt) Revision: /branches/IUX_RA0903/ignite/src@76987 Last Modified: 2009-02-05 15:45:55 -0700 (Thu, 05 Feb 2009) * Configuring RAM filesystems... NOTE: Ignite-UX will use NFS for loadfile.
94 Security
9 Booting and Installing HP-UX From the Server Using the
Client Console
This chapter discusses booting and installing HP-UX on clients from the server using the client console. Ignite-UX can be run in terminal user interface (TUI) mode on the client system.
See the HP-UX Installation and Update Guide available from http://www.hp.com/go/
hpux-core-docs for instructions on how to install HP-UX from the Operating Environment DVD
media.

Preparing the Client for Installation

For bootsys The bootsys command is used to reboot a client system, already running HP-UX, using a kernel and file system from a server. The bootsys command will copy the [W|V|I]INSTALL
install kernel and the [W|V|I]INSTALLFS file system from the server to the /stand directory on
the client, and then use them when rebooting. Make sure there is enough disk space in the /stand directory on the client to hold the install
kernel and file system before you run bootsys. For V-class PA-RISC clients the files on the server are:
/opt/ignite/boot/Rel_release/VINSTALL
/opt/ignite/boot/Rel_release/VINSTALLFS
For 64-bit PA-RISC clients the files on the server are:
/opt/ignite/boot/Rel_release/WINSTALL
/opt/ignite/boot/Rel_release/WINSTALLFS
For Itanium-based clients the files on the server are:
/opt/ignite/boot/Rel_release/IINSTALL
/opt/ignite/boot/Rel_release/IINSTALLFS
where release is the release identifier. For HP-UX 11i v3 — If you are installing HP-UX 11i v3 onto a client, its boot disk must be at least
30 GB. HP-UX 11i v3 requires more space on the HP-UX boot disk than prior HP-UX releases. Minimum Memory Size — During installation and recovery, Ignite-UX uses system memory to hold
a RAM-based install environment with a subset of HP-UX. Ignite-UX requires installation and recovery client systems to have at least a minimum amount of RAM to hold this install environment while leaving enough space to run HP-UX. The minimum required RAM size is specific to the HP-UX version to be installed or recovered. See the Ignite-UX Release Notes under “Minimum Memory Size” for the current client memory requirements. You can find the Ignite-UX Release Notes via the Ignite-UX website, http://www.hp.com/go/ignite-ux, and also at /opt/ignite/share/doc/ release_note on your system.
If Ignite-UX detects there is not enough RAM on the client system, you will see these errors:
ERROR: RAMFS Setup memory issue.
ERROR: The system does not contain the minimum supported amount of memory needed to install and run HP-UX. HP-UX requires minimum_amount of available memory for the B.xx.xx release. The system has only actual_amount of memory available for HP-UX use (this may be less than physical memory installed due to space reserved by system firmware). The amount of memory in the system must be increased if this release is to be installed successfully.
Preparing the Client for Installation 95
ERROR: The system install or recovery session cannot continue. The system will now reboot.
If Ignite-UX detects only the minimum amount of RAM on the client system, you will see these messages:
WARNING: RAMFS Setup memory issue.
WARNING: The system does not contain the minimal amount of memory needed for install or recovery. Ignite-UX requires minimum_amount of available memory for the B.xx.xx release. The system has only actual_amount of memory available for use (this may be less than physical memory installed due to space reserved by system firmware). The install or recovery may or may not complete, and it may take an extraordinary amount of time to complete. It is advised to increase the amount of memory in the system.
NOTE: The system install or recovery session will now continue.
CAUTION: Any data on the client disks that are used for installation, including the operating
system, are removed entirely as part of this installation process.
IMPORTANT: During HP-UX 11i v3 installation and recovery, connected Active/Passive devices
will cause long delays (one hour or more) or may cause a system to hang. Similarly, connecting an Active/Passive device before installing the Active/Passive Switch (APSW) plug-in can cause some commands to take a long time. Disconnect any Active/Passive devices connected to your system before installing or recovering HP-UX 11i v3. After installation or recovery, it is important that the APSW plug-in be installed before connecting an Active/Passive device to the system.

Making Boot Decisions When Using the Client Console

When deciding which method to use when operating from the client console, you should take your server/client configuration into consideration. See Chapter 2 (page 24) for information on configuring your Ignite-UX server for your environment.
This section provides an overview of options when booting from the client console.

Boot Using the Network

A decision tree for booting and installing HP-UX from the client console using the server is shown in Figure 33. If you want to boot a client without using an Ignite-UX server, see Figure 34 (page
98).
Use the decision tree below when you want to install from the Ignite-UX server and control the installation from the client console.
96 Booting and Installing HP-UX From the Server Using the Client Console
YES YESYES
NO
Is HP-UX
running ?
NO
Itanium-based and dbprofile
support ?
Local server
or boot
helper ?
Using the Client Console
Use bootsys -c
Use dbprofile
Boot from local server or boot helper
See the decision tree for stand alone systems
Figure 33 Decision Tree for Booting and Installing HP-UX From the Server Using the Client Console
Use bootsys -c - If the client system is currently running HP-UX, you can use bootsys -c on
the client console to boot from the Ignite-UX server. See “Using bootsys on the Client Console”
(page 98) and the bootsys(1M) manpage for more information.
Boot from local server or boot helper - You can boot your client from a server or boot helper system using the client console by interrupting the reboot process and invoking the boot from the firmware interface. Details vary depending whether your client is a PA-RISC or Itanium-based. See “Booting
PA-RISC Clients from the Console ” (page 99), or “Booting Itanium-Based Clients using the Network” (page 100), depending on the hardware of your client.
Use dbprofile - All partitionable Itanium-based systems allow the definition of direct boot profiles. This EFI functionality is also found in other, non-partitionable systems. With these profiles, you can supply all the networking information needed to contact an Ignite-UX server and perform an install or recovery.
Some systems might require firmware updates to provide support for direct boot profiles. If your system does not provide the dbprofile command, check for any firmware updates that might enable it. You can also consult the system's hardware documentation to determine if dbprofile is supported.
For more information, see “Direct Boot Profiles for Itanium-Based Systems” (page 102). See the decision tree for booting stand alone systems - This decision tree can be found below in
figure Figure 34.

Boot Using Media

Use the following decision tree if you do not have support for network boot. The methods described in Figure 34 use media content to boot for install.
Once you have booted the system, you will be able to communicate with an Ignite-UX server to perform an installation or recovery. Note that if you do not have an active DHCP server to provide networking IP address requests, you will need to manually provide networking information before you can communicate with the server.
See “How Ignite Works” (page 17) for more information on the network booting process.
Making Boot Decisions When Using the Client Console 97
Figure 34 Decision Tree for Booting From Media and Installing HP-UX From the Server
YES
YES
YES
DVD
drive?
iLO vMedia support?
OE install
media matches
server?
NO
NO
NO
Create matching
installation
media on server
Boot from HP-UX
OE install DVD,
then switch to
network server
Boot from
installation media
then switch to
network server
Stand alone systems
See the decision trees
for network server
installation
Boot from HP-UX OE install DVD, then switch to network server - This option requires the system to have a CD or DVD drive attached, or iLO vMedia support. The version of Ignite-UX on the OE media must match the Ignite-UX version on the server. For more information on iLO vMedia, see
Appendix D (page 238) and the HP Integrity iLO 2 MP Operations Guide available at http:// www.hp.com/bizsupport.
Create matching installation media on server - It is possible to create installation media for booting purposes. This type of installation media does not include a full archive. See Chapter 14: “Creating
Your Own Boot and Installation Media”, for more information.
Boot from installation media then switch to network server - This option assumes you have created installation media for booting purposes. See Chapter 14: “Creating Your Own Boot and Installation
Media”, for more information. This option requires the system to have a CD or DVD drive attached,
or iLO vMedia support. For more information on iLO vMedia, see Appendix D (page 238) and the HP Integrity iLO 2 MP Operations Guide available at http://www.hp.com/bizsupport.
See the decision trees for network server installation - These decision trees are: Figure 5: “Decision
Tree When Configuring a Server for Booting PA-RISC Systems”, and Figure 6, "Decision Tree When Configuring a Server for Booting Itanium-Based Systems.”

Using bootsys on the Client Console

The bootsys command may be run from the client console if you use the -c Ignite-UX Server option. This option directs bootsys to contact the specified Ignite-UX server, and then perform a local reboot.
For more information on bootsys, see bootsys(1M) and the section describing its use from the server: “Installation Using bootsys” (page 110).
98 Booting and Installing HP-UX From the Server Using the Client Console
After booting the system, see “Installing HP-UX From the Client Console” (page 105) for information on installing HP-UX from the client console.

Booting PA-RISC Clients from the Console

This section describes how to boot HP-UX on PA-RISC clients from the client console using an
Ignite-UX server.
See the "Preparing the Client for Installation " section for important notes. If you need further help with the boot process, enter:
BOOT ADMIN>help boot
1. Obtain the IP address of the Ignite-UX server you intend to use.
2. Cycle the power (perform a cold reset) on the client to bring it to a known state.
NOTE: If you have the AUTOBOOT flag set, you will have to interrupt the boot sequence by
pressing Esc when the Processor Dependent Code (PDC) offers the opportunity with this message:
To stop selection process, press and hold ESCAPE key.
For detailed information regarding the boot sequence, see the HP-UX System Administrator’s Guide for HP-UX 11i v3, or Managing Systems and Workgroups: A Guide for HP-UX System Administrators.
During the boot sequence, status messages are displayed on the client console. Depending on the type of machine, server or workstation model, a boot administration menu and/or firmware prompt may appear.
3. Boot the client using your Ignite-UX server’s IP address by entering this command at the client console:
firmware prompt> boot lan.n.n.n.n install
where: n.n.n.n is the IP address of the Ignite-UX server. The client then begins to download the install kernel from the network server. This should take
approximately 5 minutes.
TIP: To search for Ignite-UX servers, enter the following at the client console (workstations
only):
firmware prompt>search lan install
The list of servers you can boot the client from is displayed with their corresponding IP addresses, similar to:
Searching for potential boot devices(s)... on Path LAN
This may take several minutes.
To discontinue search, press any key (termination may not be immediate).
Path Number Device Path Device Type
----------- ----------- -----------
P0 LAN.15.1.46.117.3.254 lp2 100/Full Dx
P1 LAN.15.1.41.70.3.254 lp4 100/Full D
You may need to run the nslookup command on another running system to determine which address corresponds to your Ignite-UX server.
Booting PA-RISC Clients from the Console 99
4. When an Ignite-UX server responds, the installation begins with the following query:
hpux KernelPrompt "Choose Operating System to Install :"
1. target OS is B.11.11
2. target OS is B.11.23 PA
3. target OS is B.11.31 PA
4. Exit
Choose an operating system to install that your hardware supports :
Select the operating system version that you want to install on the client by typing the appropriate number, and then press Enter to continue the installation.
After booting the system, see “Installing HP-UX From the Client Console” (page 105) for information on configuring the HP-UX installation from the client console.

Booting Itanium-Based Clients using the Network

This section describes how to boot HP-UX on Itanium-based clients from an Ignite-UX server using the network.
See the "Preparing the Client for Installation " section for important notes.
1. Cycle the power (perform a cold reset) on the client to bring it to a known state.
NOTE: If you have the AUTOBOOT flag set, you must interrupt the boot sequence by pressing
Esc when the Processor Dependent Code offers the opportunity with this message:
Press Any Key to interrupt Autoboot
Next, you will need to enter exit at the prompt to invoke the extensible firmware interface
(EFI) Boot Manager menu.
For detailed information regarding the boot sequence, see the HP-UX System Administrator’s
Guide for HP-UX 11i v3, or Managing Systems and Workgroups: A Guide for HP-UX System Administrators, and the hardware documentation for your system.
During the boot sequence, status messages are displayed on the client console. Depending on what type of machine, server or workstation model, the EFI Boot Manager menu appears and looks similar to:
EFI Boot Manager ver 1.10 [14.60]
Please select a boot option
HP-UX Primary Boot: 0/2/2/0.0.0.0 EFI Shell [Built-in] Boot option maintenance menu Security/Password Menu
Use ^ and v to change option(s). Use Enter to select an option
TIP: On some machines, the up-arrow and down-arrow keys may not work. If this is the
case, you can use Shift-6 (^) for up and v for down.
2. Select Boot option maintenance menu using the up and down arrows, which advances you
to the EFI Boot Maintenance Manager Main Menu, similar to the following example:
EFI Boot Maintenance Manager ver 1.10 [14.60]
Main Menu. Select an Operation
Boot from a File Add a Boot Option Delete Boot Option(s)
100 Booting and Installing HP-UX From the Server Using the Client Console
Loading...