1.7 Install and Uninstall on Oracle Solaris 11

On Solaris 11, Reflection for Secure IT installation uses the Image Packaging System (IPS).

To install Reflection for Secure IT on Solaris 11

  1. Log in as root.

  2. Uninstall any existing SSH product. To uninstall Reflection for Secure IT, see the uninstall procedure below. To uninstall Oracle SSH, use pkg uninstall to remove all SSH components. For example:

    pkg uninstall service/network/ssh
pkg uninstall gnu-tar //Required in global zone only
pkg uninstall network/ssh
pkg uninstall ssh-key

  3. Create an IPS repository and set the publisher to "microfocus." The repository name shown in this example is a recommendation, not a requirement. Setting the publisher name to "microfocus" is required. For example:

    pkgrepo create microfocus-repository
pkgrepo -s microfocus-repository set publisher/prefix=microfocus

  4. Copy the installation package file to your computer and navigate to the directory that contains this file.

  5. Extract the package:

    server:

    tar xvfo rsit-server-< n.n.nn> -sparc-solaris11.tar.gz

    client:

    tar xvfo rsit-client-< n.n.nn> -sparc-solaris11.tar.gz

  6. Publish the package. Note that both the package directory and manifest names are different for server and client installs.

    server:

    pkgsend -s microfocus-repository publish -d pkgs sshdmanifest

    client:

    pkgsend -s microfocus-repository publish -d pkgc sshmanifest

  7. Add the publisher in the repository you created ("microfocus-repository" in this example) to the configured publishers:

    pkg set-publisher -p microfocus-repository

  8. Install the package:

    server:

    pkg install RSITsshs

    client:

    pkg install RSITsshc

Changing the installation location (Solaris 11)

Reflection for Secure IT installs a pkgmogrify input file called relocate.mog that supports installation to a non-default location using the following two configurable options:

  • Use sysconfdir to specify an alternate location for configuration files and keys (installed by default to /etc/ssh2).

  • Use prefix to specify an alternate location for binaries and man pages (installed by default to /usr).

To install to a non-default location

  1. Download and extract the distribution package.

  2. From the directory that contains the extracted files, run the pkgmogrify command using the syntax shown here.

    • Replace the sample paths for sysconfdir and prefix with the installation directories of your choice.

    • If you are installing the client, replace sshdmanifest with sshmanifest and replace pkgs with pkgc.

# pkgmogrify -D prefix=/opt/usr -D sysconfdir=/opt/etc/ssh2
-P pkgs/etc/rsit.conf sshdmanifest relocate.mog | pkgfmt > sshdmanifest.relocate

NOTE:This command creates a new manifest file (sshdmanifest.relocate in this example) that you will use when you publish the package. You must use this new manifest (not the original sshdmanifest). If you decide after running the pkgmogrify command that you want to install using defaults, or you decide to use an alternate relocation path, delete the expanded file set and run tar xvfo <pkg_name>.tar.gz again to restore all files to the original version.

  1. Publish the package using the new manifest you created in the previous step. (For a client installation, replace "pkgs" with "pkgc".) For example:

    pkgsend -s microfocus-repository publish -d pkgs sshdmanifest.relocate

  2. Specify the repository and install the package. (For a client installation, replace "RSITsshs" with "RSITsshc".)

    pkg set-publisher -p microfocus-repository
pkg install RSITsshs

    NOTE:

    • To provide access to binaries and man pages after installing to a non-default location, modify the system PATH and MANPATH variables.

    • The following installed items are not relocated: startup and shutdown scripts, the cryptographic module, and the PKI client library.

Installing to a non-global zone

When you run the pkg install command in the global zone, the package is installed only to the global zone; it is not propagated to any other zones. Two approaches are available to install Reflection for Secure IT to a non-global zone:

  • Create the repository in the global zone and use this repository to install in the non-global zone. Publisher configuration changes made to the global zone are seen immediately by all non-global zones via the system repository.

  • Create a repository in the non-global zone.

NOTE:Before you use either approach, first remove the Oracle SSH package as described above.

To install in a non-global zone using the system repository

  1. Create the repository in the global zone.

  2. From the non-global zone, use pkg publisher to confirm that the "microfocus" publisher is available, as shown here:

    # pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
solaris        (syspub)     origin   online T <system-repository>
microfocus     (syspub)     origin   online F <system-repository>

  3. Execute the pkg install command as the zone administrator. (For a client installation, replace "RSITsshs" with "RSITsshc".)

    # pkg install RSITsshs

To install using a repository in the non-global zone

  1. If you created a repository in the global zone, disable the "microfocus" publisher in the global zone:

    pkg set-publisher --disable microfocus

  2. Log in as root in the non-global zone.

  3. Use pkg publisher to confirm that the "microfocus" publisher is no longer available, as shown here:

    # pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
solaris        (syspub)     origin   online T <system-repository>

  4. Create a repository in the non-global zone. This example configures a server installation.

    # tar xvfo rsit-server-8.0.1.99--sparc-solaris11.tar.gz
# pkgrepo create zone-repository
# pkgrepo -s zone-repository set publisher/prefix=microfocus
# pkgsend -s zone-repository publish -d pkgs sshdmanifest
# pkg set-publisher -p zone-repository
# pkg publisher
PUBLISHER                   TYPE     STATUS P LOCATION
solaris        (syspub)     origin   online T <system-repository>
microfocus                  origin   online F file:///export/zone-repository/

  5. Install the package. (For a client installation, replace "RSITsshs" with "RSITsshc".)

    # pkg install RSITsshs

Package Update

You can use the pkg update command (without a list of packages) to keep all zones synchronized with the global zone:

#pkg update

If you specify a list of packages, the update is performed only in the current zone. The following command when run in the global zone will update only the global zone. When run in a non-global zone, it will update only the non-global zone.

#pkg update RSITsshs

To uninstall

  1. Log in as root.

  2. Use pkg uninstall to remove the package:

    server:

    pkg uninstall RSITsshs

    client:

    pkg uninstall RSITsshc

Related Topics