This chapter briefly describes the commands and files you use to perform a WAN installation.WAN Boot Installation Commands OBP Commands System Configuration File Settings and Syntax wanboot.conf File Parameters and Syntax The following tables describe the commands you use to perform a WAN boot installation.Table 14–1 Table 14–2 Task and Description Command Copy the Solaris installation image to install-dir-path, and copy the WAN boot miniroot to wan-dir-path on the install server's local disk. setup_install_server –w wan-dir-path install-dir-path Create a Solaris Flash archive that is named name.flar.name is the name of the archive optional-parameters are optional parameters you can use to customize the archive document-root is the path to the document root directory on the install server filename is the name of the archive flarcreate – n name [optional-parameters] document-root/flash/filename Check the validity of the custom JumpStart rules file that is named rules. ./check -r rules Check the validity of the wanboot.conf file.net-ip is the IP address of the client's subnet. client-ID can be a user-defined ID or the DHCP client ID. bootconfchk /etc/netboot/net-ip/client-ID/wanboot.conf Check for WAN boot installation support in the client OBP. eeprom | grep network-boot-arguments Task and Description Command Create a master HMAC SHA1 key for the WAN boot server. wanbootutil keygen -m Create a HMAC SHA1 hashing key for the client.net-ip is the IP address of the client's subnet. client-ID can be a user-defined ID or the DHCP client ID. wanbootutil keygen -c -o net=net-ip,cid=client-ID,type=sha1 Create an encryption key for the client.net-ip is the IP address of the client's subnet. client-ID can be a user-defined ID or the DHCP client ID. key-type is either 3des or aes. wanbootutil keygen -c -o net=net-ip,cid=client-ID,type=key-type Split a PKCS#12 certificate file and insert the certificate in the client's truststore.p12cert is the name of the PKCS#12 certificate file. net-ip is the IP address of the client's subnet. client-ID can be a user-defined ID or the DHCP client ID. wanbootutil p12split -i p12cert -t /etc/netboot/net-ip/client-ID/truststore Split a PKCS#12 certificate file and insert the client certificate in the client's certstore.p12cert is the name of the PKCS#12 certificate file. net-ip is the IP address of the client's subnet. client-ID can be a user-defined ID or the DHCP client ID. keyfile is the name of the client's private key. wanbootutil p12split -i p12cert -c /etc/netboot/net-ip/client-ID/certstore -k keyfile Insert the client private key from a split PKCS#12 file in the client's keystore.keyfile is the name of the client's private key. net-ip is the IP address of the client's subnet. client-ID can be a user-defined ID or a DHCP client ID. wanbootutil keymgmt -i -k keyfile -s /etc/netboot/net-ip/client-ID/keystore -o type=rsa Display the value of a HMAC SHA1 hashing key.net-ip is the IP address of the client's subnet. client-ID can be a user-defined ID or the DHCP client ID. wanbootutil keygen -d -c -o net=net-ip,cid=client-ID,type=sha1 Display the value of an encryption key.net-ip is the IP address of the client's subnet. client-ID can be a user-defined ID or the DHCP client ID. key-type is either 3des or aes. wanbootutil keygen -d -c -o net=net-ip,cid=client-ID,type=key-type Insert a hashing key or an encryption key on a running system. key-type can have a value of sha1, 3des, or aes. /usr/lib/inet/wanboot/ickey -o type=key-type The following table lists the OBP commands that you type at the client ok prompt to perform a WAN boot installation.Task and Description OBP Command Begin an unattended WAN boot installation. boot net – install Begin an interactive WAN boot installation. boot net –o prompt - install Begin a WAN boot installation from a local CD. boot cdrom –F wanboot - install Install a hashing key before you begin a WAN boot installation.key-value is the hexadecimal value of the hashing key. set-security-key wanboot-hmac-sha1 key-value Install an encryption key before you begin a WAN boot installation.key-type is either wanboot-3des or wanboot-aes. key-value is the hexadecimal value of the encryption key. set-security-key key-type key-value Verify that key values are set in OBP. list-security-keys Set client configuration variables before you begin your WAN boot installation.client-IP is the IP address of the client. router-ip is the IP address of the network router. mask-value is the subnet mask value. client-name is the host name of the client. proxy-ip is the IP address of the network's proxy server. wanbootCGI-path is the path to the wanbootCGI programs on the web server. setenv network-boot-arguments host-ip=client-IP,router-ip=router-ip,subnet-mask=mask-value,hostname=client-name,http-proxy=proxy-ip,file=wanbootCGI-path Check the network device alias. devalias Set the network device alias, where device-path is the path to the primary network device. To set the alias for the current installation only, type devalias net device-path. To permanently set the alias, type nvvalias net device-path. The system configuration file enables you to direct the WAN boot installation programs to the following files.sysidcfg rules.ok Custom JumpStart profile The system configuration file is a plain text file, and must be formatted in the following pattern.setting=valueThe system.conf file must contain the following settings.SsysidCF=sysidcfg-file-URLThis setting points to the directory on the install server that contains the sysidcfg file. For WAN installations that use HTTPS, set the value to a valid HTTPS URL. SjumpsCF=jumpstart-files-URLThis setting points to the custom JumpStart directory that contains the rules.ok and profile files. For WAN installations that use HTTPS, set the value to a valid HTTPS URL. You can store the system.conf in any directory that is accessible to the WAN boot server. The wanboot.conf file is a plain-text configuration file that the WAN boot installation programs use to perform a WAN installation. The following programs and files use the information included in the wanboot.conf file to install the client machine.wanboot-cgi program WAN boot file system WAN boot miniroot Save the wanboot.conf file in the appropriate client subdirectory in the /etc/netboot hierarchy on the WAN boot server. For information on how to define the scope of your WAN boot installation with the /etc/netboot hierarchy, see Creating the /etc/netboot Hierarchy on the WAN Boot Server.You specify information in the wanboot.conf file by listing parameters with associated values in the following format.parameter=valueParameter entries cannot span lines. You can include comments in the file by preceding the comments with the # character.For detailed information about the wanboot.conf file, see the man page wanboot.conf(4).You must set the following parameters in the wanboot.conf file.boot_file=wanboot-pathThis parameter specifies the path to the wanboot program. The value is a path relative to the document root directory on the WAN boot server.boot_file=/wanboot/wanboot.s10_sparc root_server=wanbootCGI-URL/wanboot-cgiThis parameter specifies the URL of the wanboot-cgi program on the WAN boot server.Use an HTTP URL if you are performing a WAN boot installation without client or server authentication.root_server=http://www.example.com/cgi-bin/wanboot-cgi Use an HTTPS URL if you are performing a WAN boot installation with server authentication, or server and client authentication.root_server=https://www.example.com/cgi-bin/wanboot-cgi root_file=miniroot-pathThis parameter specifies the path to the WAN boot miniroot on the WAN boot server. The value is a path relative to the document root directory on the WAN boot server.root_file=/miniroot/miniroot.s10_sparc signature_type=sha1 | emptyThis parameter specifies the type of hashing key to use to check the integrity of the data and files that are transmitted.For WAN boot installations that use a hashing key to protect the wanboot program, set this value to sha1.signature_type=sha1 For insecure WAN installations that do not use a hashing key, leave this value blank.signature_type= encryption_type=3des | aes | emptyThis parameter specifies the type of encryption to use to encrypt the wanboot program and WAN boot file system.For WAN boot installations that use HTTPS, set this value to 3des or aes to match the key formats you use. You must also set the signature_type keyword value to sha1.encryption_type=3desorencryption_type=aes For an insecure WAN boot installations that do not use encryption key, leave this value blank.encryption_type= server_authentication=yes | noThis parameter specifies if the server should be authenticated during the WAN boot installation.For WAN boot installations with server authentication or server and client authentication, set this value to yes. You must also set the value of signature_type to sha1, encryption_type to 3des or aes, and the URL of root_server to an HTTPS value.server_authentication=yes For insecure WAN boot installations that do not use server authentication or server and client authentication, set this value to no. You can also leave the value blank.server_authentication=no client_authentication=yes | noThis parameter specifies if the client should be authenticated during a WAN boot installation.For WAN boot installations with server and client authentication, set this value to yes. You must also set the value of signature_type to sha1, encryption_type to 3des or aes, and the URL of root_server to an HTTPS value.client_authentication=yes For WAN boot installations that do not use client authentication, set this value to no. You can also leave the value blank.client_authentication=no resolve_hosts=hostname | emptyThis parameter specifies additional hosts that need to be resolved for the wanboot-cgi program during the installation.Set the value to the host names of systems that are not specified previously in the wanboot.conf file or in a client certificate.If all the required hosts are listed in the wanboot.conf file or the client certificate, leave this value blank.resolve_hosts= If specific hosts are not listed in the wanboot.conf file or the client certificate, set the value to these host names.resolve_hosts=seahag,matters boot_logger=bootlog-cgi-path | emptyThis parameter specifies the URL to the bootlog-cgi script on the logging server.To record boot or installation log messages on a dedicated logging server, set the value to the URL of the bootlog-cgi script on the logging server.boot_logger=http://www.example.com/cgi-bin/bootlog-cgi To display boot and installation messages on the client console, leave this value blank.boot_logger= system_conf=system.conf | custom-system-confThis parameter specifies the path to the system configuration file that includes the location of sysidcfg and custom JumpStart files.Set the value to the path to the sysidcfg and custom JumpStart files on the web server.system_conf=sys.conf