test

Solaris 10 11/06 Installation Guide: Network-Based Installations

WAN Boot Installation Commands

The following tables describe the commands you use to perform a WAN boot installation.

Table 14–1 Preparing the WAN Boot Installation and Configuration Files

Task and Description 

Command 

Copy the Solaris installation image to install-dir-path, and copy the WAN boot miniroot to wan-dir-path on the install server's local disk.

setup_install_server –w wan-dir-path install-dir-path

Create a Solaris Flash archive that is named name.flar.

  • name is the name of the archive

  • optional-parameters are optional parameters you can use to customize the archive

  • document-root is the path to the document root directory on the install server

  • filename is the name of the archive

flarcreate – n name [optional-parameters] document-root/flash/filename

Check the validity of the custom JumpStart rules file that is named rules.

./check -r rules

Check the validity of the wanboot.conf file.

  • net-ip is the IP address of the client's subnet.

  • client-ID can be a user-defined ID or the DHCP client ID.

bootconfchk /etc/netboot/net-ip/client-ID/wanboot.conf

Check for WAN boot installation support in the client OBP.

eeprom | grep network-boot-arguments

Table 14–2 Preparing the WAN Boot Security Files

Task and Description 

Command 

Create a master HMAC SHA1 key for the WAN boot server. 

wanbootutil keygen -m

Create a HMAC SHA1 hashing key for the client. 

  • net-ip is the IP address of the client's subnet.

  • client-ID can be a user-defined ID or the DHCP client ID.

wanbootutil keygen -c -o net=net-ip,cid=client-ID,type=sha1

Create an encryption key for the client. 

  • net-ip is the IP address of the client's subnet.

  • client-ID can be a user-defined ID or the DHCP client ID.

  • key-type is either 3des or aes.

wanbootutil keygen -c -o net=net-ip,cid=client-ID,type=key-type

Split a PKCS#12 certificate file and insert the certificate in the client's truststore.

  • p12cert is the name of the PKCS#12 certificate file.

  • net-ip is the IP address of the client's subnet.

  • client-ID can be a user-defined ID or the DHCP client ID.

wanbootutil p12split -i p12cert -t /etc/netboot/net-ip/client-ID/truststore

Split a PKCS#12 certificate file and insert the client certificate in the client's certstore.

  • p12cert is the name of the PKCS#12 certificate file.

  • net-ip is the IP address of the client's subnet.

  • client-ID can be a user-defined ID or the DHCP client ID.

  • keyfile is the name of the client's private key.

wanbootutil p12split -i p12cert -c /etc/netboot/net-ip/client-ID/certstore -k keyfile

Insert the client private key from a split PKCS#12 file in the client's keystore.

  • keyfile is the name of the client's private key.

  • net-ip is the IP address of the client's subnet.

  • client-ID can be a user-defined ID or a DHCP client ID.

wanbootutil keymgmt -i -k keyfile -s /etc/netboot/net-ip/client-ID/keystore -o type=rsa

Display the value of a HMAC SHA1 hashing key. 

  • net-ip is the IP address of the client's subnet.

  • client-ID can be a user-defined ID or the DHCP client ID.

wanbootutil keygen -d -c -o net=net-ip,cid=client-ID,type=sha1

Display the value of an encryption key. 

  • net-ip is the IP address of the client's subnet.

  • client-ID can be a user-defined ID or the DHCP client ID.

  • key-type is either 3des or aes.

wanbootutil keygen -d -c -o net=net-ip,cid=client-ID,type=key-type

Insert a hashing key or an encryption key on a running system. key-type can have a value of sha1, 3des, or aes.

/usr/lib/inet/wanboot/ickey -o type=key-type