Orca Client Installation

The following method can be used to automatically install orca clients when
solaris boxes are jumped.  The setup consist of configuring an orca server with
rsync.  And then orca client solaris package which is installed during jump (or
at some other time).  The orca client solaris pkg installs files needed to
gather data and rsync it to the server for processing of orca graphs.

======================
I  Setup Orca Server
======================

1) Install the orca pkg and all the needed modules on server.  To separate orca
from other stuff, I usually install in /usr/local/orca prefix.  Instruction for
installing orca can be found on orcaware site.
 
   http://www.orcaware.com/

2) Come up with name for your orca server.  It is suggested that you use a
virtual IP address or CNAME, so that you have the flexibility to move your
server in the future if the need determing it.

   For our example:  orcaserv


3) Install rsync on the server as this will be used to rsync files in.  You can
download rsync src or binaries from:

   http://rsync.samba.org/download.html
   

4) Create an orca user and group under /etc/passwd and /etc/group.  This
user/group should own the orcallator directory where file are kept, so that
rsync can be setup to write data as a non-priviledged user to this directory.

   ex. chown orca:orca /usr/local/orca/var/orca/orcallator


5) Add rsync port to /etc/services.

   ex. echo "rsync	873/tcp" >> /etc/services


6) Add rsync server to /etc/inetd.conf and HUP if needed.  The following example
uses tcp-wrappers found at:

   ftp://ftp.porcupine.org/pub/security/index.html 

tcp-wrappers are not needed but are strongly suggested to restrict access.

--Entry in /etc/inetd.conf--
rsync   stream  tcp     nowait  root    /usr/sbin/tcpd /usr/local/bin/rsync rsyncd --daemon

Since we are also using host.allow, you should also add to /etc/hosts.allow the
IP address that you are looking to restrict.  In this example, we just want 10.  
addresses to connect.

echo "rsync: 10. :ALLOW" >> /etc/hosts.allow


7) Create an /etc/rsyncd.conf files with following:

[orca]
        path = /usr/local/orca/var/orca/orcallator
        comment = orca se file depot
        use chroot = no
        uid = orca
        gid = orca
        auth users = orca
        secrets file = /etc/rsyncd.secrets
        strict modes = yes
        read only = false
        exclude = orcallator.pid


8) Create an /etc/rsyncd.secrets file with orca passwd and restrict access to
root only via chmod.  Set this password to whatever you want to use.

--Entry in /etc/rsyncd.secrets--
orca:yoyoyo

Change Permissions:
chown 400 /etc/rsyncd.secrets


9) You have completed setup of the server.  You can test rsync setup by trying to rsync to 
the server as the user orca.  Or, just setup your first client and see it it is okay 
rsyncing.



==============================
II  Setup Orca Client Package
==============================

1) Download the the following package as a base for orca client:

   orcaclient.pkg.tar.gz


2) Extract the file somewhere on your system for editing.

   # gzcat orcaclient.pkg.tar.gz | tar xf -


3) # cd orcaclient.pkg


4) Edit the following file and change RSYNCSERV and RSYNC_PASSWORD to whatever
you made them in setup of your orca server.

   # vi usr/local/orca/bin/rsync_orca


5) The package includes orcallator.se version 1.33.  If a new version comes out
then you will probably want to change that also in usr/local/orca/lib directory.  
This package includes orca perl script even though it is not used on clients and
rsync which you may choose to remove if you have elsewhere.  If you remove rsync
then you will want to edit prototype listing and again edit rsync_orca for new
reference.


6) After all changes have been made... Make the package.

   # ./makepkg

You should now have pkg /tmp/orca that can be loaded on any system.

In addition to application above, the pkg also adds a root cron that will
automatically rsync orcallator data every five minutes.  If your systems can not
handle five minutes, you may want to alter in postinstall script before makepkg.


7) If you do not have a jumpstart server then you can just added the RICHse kit
and then the orca pkg manually.

By the way, you can get the RICHse kit from following:

   http://www.setoolkit.com/

Adding pkgs manually and starting data collection:

   # pkgadd -d RICHPse
   # pkgadd -d orca
   # /etc/init.d/orcallatator start

You are Done!


8) If you do have jumpstart server finish scripts then you can try adding the
following:

# Install RICHPse interpreter
    cd ${SI_CONFIG_DIR}/pkgs
    /a/usr/sbin/pkgadd -d RICHPse -R /a -a ${SI_CONFIG_DIR}/pkgs/pkg_adminfile -r ${SI_CONFIG _DIR}/pkgs/pkgask all

# Install Orca 0.27
    cd ${SI_CONFIG_DIR}/pkgs
    /a/usr/sbin/pkgadd -d orca -R /a -a ${SI_CONFIG_DIR}/pkgs/pkg_adminfile -r ${SI_CONFIG_DIR}/pkgs/pkgask all

Above assumes you put pkgs in a subdir pkgs under your jumpstart config directory.

It further assumes that you touch filenames RICHPse and orca in pkgask directory
under the pkgs directory.  I believe you can run with noask option and it would
be fine with no scrolling output, but not sure as you like the scrolling output.

It further assumes that you have pkg_adminfile defined in pkgs directory with
non-default values... I use the following:

# cat pkg_adminfile
mail=
instance=overwrite
partial=nocheck
runlevel=nocheck
idepend=quit
rdepend=nocheck
space=nocheck
setuid=nocheck
conflict=nocheck
action=nocheck
basedir=default


If corectly implemented in jump, you should not have to bother with adding
systems to orca after they have been built.  Depending on your server
configuration, orca should pick them up automatcally at certain intervals.

Now, orca server can really start to slow after 80 or so systems on single
process.  In that case you should probably split up your server into multiple
processes... Information on this can be found on orca mailling list.



Above information is present AS IS with no implied or expressed warranty on
usage. If you find the information useful, Great!  If you don't find it useful,
don't use it.  If you find errors in the information, let me know and I will
correct when I can.  Any questions about the wonderful ORCA product and its
usage should be directed to one of the orca mailing list (probably orca-users)
at:

  http://www.orcaware.com/orca/mailing_lists.html