On Solaris 11, Reflection for Secure IT installation uses the Image Packaging System (IPS).
To install Reflection for Secure IT on Solaris 11
Log in as root.
Uninstall any existing SSH product. To uninstall Reflection for Secure IT, see the uninstall procedure below. To uninstall Oracle SSH, use pkg uninstall to remove all SSH components. For example:
pkg uninstall service/network/ssh pkg uninstall gnu-tar //Required in global zone only pkg uninstall network/ssh pkg uninstall ssh-key
Create an IPS repository and set the publisher to "microfocus." The repository name shown in this example is a recommendation, not a requirement. Setting the publisher name to "microfocus" is required. For example:
pkgrepo create microfocus-repository pkgrepo -s microfocus-repository set publisher/prefix=microfocus
Copy the installation package file to your computer and navigate to the directory that contains this file.
Extract the package:
server: |
tar xvfo rsit-server-< n.n.nn> -sparc-solaris11.tar.gz |
client: |
tar xvfo rsit-client-< n.n.nn> -sparc-solaris11.tar.gz |
Publish the package. Note that both the package directory and manifest names are different for server and client installs.
server: |
pkgsend -s microfocus-repository publish -d pkgs sshdmanifest |
client: |
pkgsend -s microfocus-repository publish -d pkgc sshmanifest |
Add the publisher in the repository you created ("microfocus-repository" in this example) to the configured publishers:
pkg set-publisher -p microfocus-repository
Install the package:
server: |
pkg install RSITsshs |
client: |
pkg install RSITsshc |
Changing the installation location (Solaris 11)
Reflection for Secure IT installs a pkgmogrify input file called relocate.mog that supports installation to a non-default location using the following two configurable options:
Use sysconfdir to specify an alternate location for configuration files and keys (installed by default to /etc/ssh2).
Use prefix to specify an alternate location for binaries and man pages (installed by default to /usr).
To install to a non-default location
Download and extract the distribution package.
From the directory that contains the extracted files, run the pkgmogrify command using the syntax shown here.
Replace the sample paths for sysconfdir and prefix with the installation directories of your choice.
If you are installing the client, replace sshdmanifest with sshmanifest and replace pkgs with pkgc.
# pkgmogrify -D prefix=/opt/usr -D sysconfdir=/opt/etc/ssh2 -P pkgs/etc/rsit.conf sshdmanifest relocate.mog | pkgfmt > sshdmanifest.relocate
NOTE:This command creates a new manifest file (sshdmanifest.relocate in this example) that you will use when you publish the package. You must use this new manifest (not the original sshdmanifest). If you decide after running the pkgmogrify command that you want to install using defaults, or you decide to use an alternate relocation path, delete the expanded file set and run tar xvfo <pkg_name>.tar.gz again to restore all files to the original version.
Publish the package using the new manifest you created in the previous step. (For a client installation, replace "pkgs" with "pkgc".) For example:
pkgsend -s microfocus-repository publish -d pkgs sshdmanifest.relocate
Specify the repository and install the package. (For a client installation, replace "RSITsshs" with "RSITsshc".)
pkg set-publisher -p microfocus-repository pkg install RSITsshs
NOTE:
To provide access to binaries and man pages after installing to a non-default location, modify the system PATH and MANPATH variables.
The following installed items are not relocated: startup and shutdown scripts, the cryptographic module, and the PKI client library.
Installing to a non-global zone
When you run the pkg install command in the global zone, the package is installed only to the global zone; it is not propagated to any other zones. Two approaches are available to install Reflection for Secure IT to a non-global zone:
Create the repository in the global zone and use this repository to install in the non-global zone. Publisher configuration changes made to the global zone are seen immediately by all non-global zones via the system repository.
Create a repository in the non-global zone.
NOTE:Before you use either approach, first remove the Oracle SSH package as described above.
To install in a non-global zone using the system repository
Create the repository in the global zone.
From the non-global zone, use pkg publisher to confirm that the "microfocus" publisher is available, as shown here:
# pkg publisher PUBLISHER TYPE STATUS P LOCATION solaris (syspub) origin online T <system-repository> microfocus (syspub) origin online F <system-repository>
Execute the pkg install command as the zone administrator. (For a client installation, replace "RSITsshs" with "RSITsshc".)
# pkg install RSITsshs
To install using a repository in the non-global zone
If you created a repository in the global zone, disable the "microfocus" publisher in the global zone:
pkg set-publisher --disable microfocus
Log in as root in the non-global zone.
Use pkg publisher to confirm that the "microfocus" publisher is no longer available, as shown here:
# pkg publisher PUBLISHER TYPE STATUS P LOCATION solaris (syspub) origin online T <system-repository>
Create a repository in the non-global zone. This example configures a server installation.
# tar xvfo rsit-server-8.0.1.99--sparc-solaris11.tar.gz # pkgrepo create zone-repository # pkgrepo -s zone-repository set publisher/prefix=microfocus # pkgsend -s zone-repository publish -d pkgs sshdmanifest # pkg set-publisher -p zone-repository # pkg publisher PUBLISHER TYPE STATUS P LOCATION solaris (syspub) origin online T <system-repository> microfocus origin online F file:///export/zone-repository/
Install the package. (For a client installation, replace "RSITsshs" with "RSITsshc".)
# pkg install RSITsshs
Package Update
You can use the pkg update command (without a list of packages) to keep all zones synchronized with the global zone:
#pkg update
If you specify a list of packages, the update is performed only in the current zone. The following command when run in the global zone will update only the global zone. When run in a non-global zone, it will update only the non-global zone.
#pkg update RSITsshs
To uninstall
Log in as root.
Use pkg uninstall to remove the package:
server: |
pkg uninstall RSITsshs |
client: |
pkg uninstall RSITsshc |