A P P E N D I X B - Installing the Software Without the Installation Script

A P P E N D I X B

Installing the Software Without the Installation Script

This appendix describes how to install the Sun Crypto Accelerator 4000 software manually without using the installation script (/cdrom/cdrom0/install) provided on the product CD. The following sections are included:

Installing the Software Manually

Directories and Files

Removing the Software Manually

Installing the Software Manually

The Sun Crypto Accelerator 4000 software is included on the product CD. You may need to download patches from the SunSolve web site (http://sunsolve.sun.com). See Required Patches for more information.

To Install the Software Manually

1. Insert the Sun Crypto Accelerator 4000 CD into a CD-ROM drive that is connected to your system.

If your system is running Sun Enterprise Volume Manager, it should automatically mount the CD-ROM to the /cdrom/cdrom0 directory.

If your system is not running Sun Enterprise Volume Manager, mount the CD-ROM as follows:

# mount -F hsfs -o ro /dev/dsk/c0t6d0s2 /cdrom

You see the following files and directories in the /cdrom/cdrom0 directory.


File or Directory	Contents
`Copyright`	U.S. copyright file
`FR_Copyright`	French copyright file
install	Installation script that installs the Sun Crypto Accelerator 4000 software
remove	Removal script that removes the Sun Crypto Accelerator 4000 software
Docs	Sun Crypto Accelerator 4000 Board Version 1.1 Installation and User's Guide Sun Crypto Accelerator 4000 Board Release Notes
`Packages`	Sun Crypto Accelerator 4000 software packages:
	`SUNWkcl2r`	Cryptography Kernel Components
	`SUNWkcl2u`	Cryptographic Administration Utility and Libraries
	`SUNWkcl2a`	SSL Support for Apache (optional)
	`SUNWkcl2m`	Cryptographic Administration Manual Pages (optional)
	`SUNWvcar`	VCA Crypto Accelerator (root)
	`SUNWvcau`	VCA Crypto Accelerator (usr)
	SUNWvcaa	VCA Administration
	SUNWvcafw	VCA Firmware
	`SUNWvcamn`	VCA Crypto Accelerator Manual Page (optional)
	`SUNWvcav`	SunVTS Test of VCA Crypto Accelerator (optional)
	`SUNWkcl2o`	SSL Development Tools and Libraries (optional)
	`SUNWkcl2i.u`	IPsec Acceleration with KCLv2 Crypto (optional)

The required packages must be installed in a specific order and must be installed before installing any optional packages. Once the required packages are installed, you can install and remove the optional packages in any order.

Install the optional SUNWkcl2a package only if you plan to use Apache as your web server.

Install the optional SUNWkcl2o package only if you plan to relink to another (unsupported) version of Apache Web Server.

Install the optional SUNWvcav package only if you plan to perform the SunVTS tests. You must have SunVTS 4.4 or later up to 5.x installed to install the SUNWvcav package.

Note - The optional SUNWkcl2i.u package has the .u extension only on the Sun Crypto Accelerator 4000 CD. Once this package is installed, the name is changed to SUNWkcl2i. The .u extension of this package on the CD, defines the package as sun4u architecture-specific.

1. Install the required software packages by typing:

# cd /cdrom/cdrom0/Packages

# pkgadd -d . SUNWkcl2r SUNWkcl2u SUNWkcl2m SUNWvcar SUNWvcau SUNWvcaa SUNWvcamn SUNWvcafw

2. (Optional) To verify that the software is installed properly, run the pkginfo command.

# pkginfo SUNWkcl2r SUNWkcl2u SUNWvcar SUNWvcau SUNWvcaa SUNWvcafw

system      SUNWkcl2r      KCLv2 Crypto (Root)

system      SUNWkcl2u      KCLv2 Crypto Support Software

system      SUNWvcaa       VCA Crypto Accelerator/Gigabit Ethernet Admin

system      SUNWvcafw      VCA Crypto Accelerator/Gigabit Ethernet firmware

system      SUNWvcar       VCA Crypto Accelerator/Gigabit Ethernet Drivers

system      SUNWvcau       VCA Crypto Accelerator/Gigabit Ethernet Daemon

3. (Optional) To ensure that the driver is attached, you can run the prtdiag command.

Refer to the prtdiag(1m) online manual pages.

# prtdiag -v

4. (Optional) Run the modinfo command to see that modules are loaded.

# modinfo | grep Crypto

62   1317f62  20b1f 198   1  vca (VCA Crypto/Ethernet v1.102)

63   13360e9  12510 200   1  kcl2 (Kernel Crypto Library v1.148)

197  136d5d6   19b0 199   1  vcactl (VCA Crypto Control v1.19)

Installing the Optional Packages

To install only the optional packages that provide the SSL support for Apache Web Server and the Sun Crypto Accelerator 4000 online manual pages, type the following:

# cd /cdrom/cdrom0/Packages

# pkgadd -d . SUNWkcl2a SUNWkcl2m

To install all of the optional software packages, type the following:

# cd /cdrom/cdrom0/Packages

# pkgadd -d . SUNWkcl2a SUNWkcl2m SUNWvcamn SUNWvcav SUNWkcl2o SUNWkcl2i.u

See TABLE B-1 for a description of the package contents of the optional packages in the previous examples.

Directories and Files

TABLE B-2 shows the directories created by the default installation of the Sun Crypto Accelerator 4000 software.


Directory	Contents
/`etc/opt/SUNWconn/vca/keydata`	Keystore data (encrypted)
`/opt/SUNWconn/crypto`v2`/bin`	Utilities
`/opt/SUNWconn/crypto`v2`/lib`	Support libraries
`/opt/SUNWconn/crypto`v2`/sbin`	Administrative commands

FIGURE B-1 shows the hierarchy of these directories and files.

FIGURE B-1 Sun Crypto Accelerator 4000 Directories and Files

Note - Once you have installed the hardware and software of the board, you need to initialize the board with configuration and keystore information. See Initializing the Board With vcaadm for information on how to initialize the board.

Removing the Software Manually

If you have created keystores (refer to Managing Keystores With vcaadm), you must delete the keystore information that the Sun Crypto Accelerator 4000 board is configured with before removing the software. The zeroize command removes all key material, but does not delete the keystore files that are stored in the filesystem of the physical host in which the board is installed. See the Performing a Software Zeroize on the Board for details on the zeroize command. To delete the keystore files stored in the system, become superuser and remove the keystore files. If you have not yet created any keystores, you can skip this procedure.

Caution - Do not delete a keystore that is currently in use or that is shared by other users and keystores. To free references to keystores, you might have to shut down the web server and/or administration server.

Caution - Before removing the Sun Crypto Accelerator 4000 software disable any web servers you have enabled for use with the Sun Crypto Accelerator 4000 board. Failure to do so leaves those web servers nonfunctional.

To Remove the Software Manually

As superuser, use the pkgrm command to remove only the software packages you installed.

Caution - Installed packages must be removed in the order shown. Failure to remove them in this order could result in dependency warnings and leave kernel modules loaded.

If you installed all the packages, you would remove them as follows:

# pkgrm SUNWkcl2o SUNWvcav SUNWvcar SUNWkcl2a SUNWkcl2u SUNWkcl2r SUNWvcamn SUNWkcl2m SUNWkcl2i SUNWvcaa SUNWvcafw SUNWvcau

Note - After installing or removing the SunVTS test (SUNWvcav) for the Sun Crypto Accelerator 4000 board, if SunVTS is already running it might be necessary to reprobe the system to update the available tests. See your SunVTS documentation for more information.