Solaris 10 5/08 Installation Guide: Network-Based Installations

Chapter 12 SPARC: Installing With WAN Boot (Tasks)

This chapter describes how to perform a WAN boot installation on a SPARC based client. For information about how to prepare for a WAN boot installation, see Chapter 11, Installing With WAN Boot (Tasks).

This chapter describes the following tasks.

Task Map: Installing a Client With WAN Boot

The following table lists the tasks you need to perform to install a client over a WAN.

Table 12–1 Task Map: Performing a WAN Boot Installation



For Instructions 

Prepare the network for a WAN boot installation. 

Set up the servers and files that are required to perform a WAN boot installation. 

Chapter 11, Installing With WAN Boot (Tasks)

Verify that the net device alias is set correctly in the client OBP.

Use the devalias command to verify that the net device alias is set to the primary network interface.

To Check the net Device Alias in the Client OBP

Provide keys to the client 

Provide keys to the client by setting OBP variables or entering key values during the installation. 

This task is required for secure installation configurations. For insecure installations that check data integrity, complete this task to provide the HMAC SHA1 hashing key to the client. 

Installing Keys on the Client

Install the client over a wide area network. 

Choose the appropriate method to install your client. 

To Perform a Noninteractive WAN Boot Installation

To Perform an Interactive WAN Boot Installation

To Perform a WAN Boot Installation With a DHCP Server

To Perform a WAN Boot Installation With Local CD Media

Preparing the Client for a WAN Boot Installation

Before you install the client system, prepare the client by performing the following tasks.

ProcedureTo Check the net Device Alias in the Client OBP

To boot the client from the WAN with the boot net, the net device alias must be set to the client's primary network device. On most systems, this alias is already set correctly. However, if the alias is not set to the network device you want to use, you must change the alias.

For more information about setting device aliases, see “The Device Tree” in OpenBoot 3.x Command Reference Manual.

Follow these steps to check the net device alias on the client.

  1. Become superuser or assume an equivalent role on the client.

  2. Bring the system to run level 0.

     # init 0

    The ok prompt is displayed.

  3. At the ok prompt, check device aliases that are set in the OBP.

    ok devalias

    The devalias command outputs information that is similar to the following example.

    screen                   /pci@1f,0/pci@1,1/SUNW,m64B@2
    net                      /pci@1f,0/pci@1,1/network@c,1
    net2                     /pci@1f,0/pci@1,1/network@5,1
    disk                     /pci@1f,0/pci@1/scsi@8/disk@0,0
    cdrom                    /pci@1f,0/pci@1,1/ide@d/cdrom@0,0:f
    keyboard                 /pci@1f,0/pci@1,1/ebus@1/su@14,3083f8
    mouse                    /pci@1f,0/pci@1,1/ebus@1/su@14,3062f8
    • If the net alias is set to the network device you wan to use during the installation, you do not need to reset the alias. Go to Installing Keys on the Client to continue your installation.

    • If the net alias is not set to the network device you want to use, you must reset the alias. Continue.

  4. Set the net device alias.

    Choose one of the following commands to set the net device alias.

    • To set the net device alias for this installation only, use the devalias command.

      ok devalias net device-path
      net device-path

      Assigns the device device-path to the net alias

    • To permanently set the net device alias, use the nvalias command.

      ok nvalias net device-path
      net device-path

      Assigns the device device-path to the net alias

Example 12–1 Checking and Resetting the net Device Alias

The following commands show how to check and reset the net device alias.

Check the device aliases.

ok devalias
screen                   /pci@1f,0/pci@1,1/SUNW,m64B@2
net                      /pci@1f,0/pci@1,1/network@c,1
net2                     /pci@1f,0/pci@1,1/network@5,1
disk                     /pci@1f,0/pci@1/scsi@8/disk@0,0
cdrom                    /pci@1f,0/pci@1,1/ide@d/cdrom@0,0:f
keyboard                 /pci@1f,0/pci@1,1/ebus@1/su@14,3083f8
mouse                    /pci@1f,0/pci@1,1/ebus@1/su@14,3062f8

If you want to use the /pci@1f,0/pci@1,1/network@5,1 network device, type the following command.

ok devalias net /pci@1f,0/pci@1,1/network@5,1

Continuing the WAN Boot Installation

After you check the net device alias, see the appropriate section to continue the installation.

Installing Keys on the Client

For a more secure WAN boot installation or an insecure installation with data integrity checking, you must install keys on the client. By using a hashing key and an encryption key, you can protect the data that is transmitted to the client. You can install these keys in the following ways.

You can also install keys in the OBP of a running client. If you want to install keys on a running client, the system must be running the Solaris 9 12/03 OS, or compatible version.

When you install keys on your client, ensure that the key values are not transmitted over an insecure connection. Follow your site's security policies to ensure the privacy of the key values.

ProcedureTo Install Keys in the Client OBP

You can assign key values to OBP network boot argument variables before you boot the client. These keys can then be used for future WAN boot installations of the client.

To install keys in the client OBP, follow these steps.

If you want to assign key values to OBP network boot argument variables, follow these steps.

  1. Assume the same user role as the web server user on the WAN boot server.

  2. Display the key value for each client key.

    # wanbootutil keygen -d -c -o net=net-ip,cid=client-ID,type=key-type

    The IP address of the client's subnet.


    The ID of the client you want to install. The client ID can be a user-defined ID or the DHCP client ID.


    The key type you want to install on the client. Valid key types are 3des, aes, or sha1.

    The hexadecimal value for the key is displayed.

  3. Repeat the previous step for each type of client key you want to install.

  4. Bring the client system to run level 0.

    # init 0

    The ok prompt is displayed.

  5. At the client ok prompt, set the value for the hashing key.

    ok set-security-key wanboot-hmac-sha1 key-value

    Installs the key on the client


    Instructs OBP to install a HMAC SHA1 hashing key


    Specifies the hexadecimal string that is displayed in Step 2.

    The HMAC SHA1 hashing key is installed in the client OBP.

  6. At the client ok prompt, install the encryption key.

    ok set-security-key wanboot-3des key-value

    Installs the key on the client


    Instructs OBP to install a 3DES encryption key. If you want to use an AES encryption key, set this value to wanboot-aes.


    Specifies the hexadecimal string that represents the encryption key.

    The 3DES encryption key is installed in the client OBP.

    After you install the keys, you are ready to install the client. See Installing the Client for instructions about how to install the client system.

  7. (Optional) Verify that the keys are set in the client OBP.

    ok list-security-keys
    Security Keys:
  8. (Optional) If you need to delete a key, type the following command.

    ok set-security-key key-type

    Specifies the type of key you need to delete. Use the value wanboot-hmac-sha1, wanboot-3des, or wanboot-aes.

Example 12–2 Installing Keys in the Client OBP

The following example shows how to install a hashing key and an encryption key in the client OBP.

Display the key values on the WAN boot server.

# wanbootutil keygen -d -c -o net=,cid=010003BA152A42,type=sha1
# wanbootutil keygen -d -c -o net=,cid=010003BA152A42,type=3des

The previous example uses the following information.


Specifies the IP address of the client's subnet


Specifies the client's ID


Specifies the value of the client's HMAC SHA1 hashing key


Specifies the value of the client's 3DES encryption key

If you use an AES encryption key in your installation, change wanboot-3des to wanboot-aes to display the encryption key value.

Install the keys on the client system.

ok set-security-key wanboot-hmac-sha1 b482aaab82cb8d5631e16d51478c90079cc1d463
ok set-security-key wanboot-3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04

The previous commands perform the following tasks.

Continuing the WAN Boot Installation

After you install keys on your client, you are ready to install the client over the WAN. For instructions, see Installing the Client.

See Also

For more information about how to display key values, see the man page wanbootutil(1M).

ProcedureTo Install a Hashing Key and an Encryption Key on a Running Client

You can set key values at the wanboot program boot> prompt on a running system. If you use this method to install keys, the keys are only used for the current WAN boot installation.

If you want to install a hashing key and an encryption key in the OBP of a running client, follow these steps.

Before You Begin

This procedure makes the following assumptions.

  1. Assume the same user role as the web server user on the WAN boot server.

  2. Display the key value for the client keys.

    # wanbootutil keygen -d -c -o net=net-ip,cid=client-ID,type=key-type

    The IP address of the client's subnet.


    The ID of the client you want to install. The client ID can be a user-defined ID or the DHCP client ID.


    The key type you want to install on the client. Valid key types are 3des, aes, or sha1.

    The hexadecimal value for the key is displayed.

  3. Repeat the previous step for each type of client key you want to install.

  4. Become superuser or assume an equivalent role on the client machine.

  5. Install the necessary keys on the running client machine.

    # /usr/lib/inet/wanboot/ickey -o type=key-type
    > key-value

    Specifies the key type you want to install on the client. Valid key types are 3des, aes, or sha1.


    Specifies the hexadecimal string that is displayed in Step 2.

  6. Repeat the previous step for each type of client key you want to install.

    After you install the keys, you are ready to install the client. See Installing the Client for instructions about how to install the client system.

Example 12–3 Installing Keys in the OBP of a Running Client System

The following example shows how to install keys in the OBP of a running client.

Display the key values on the WAN boot server.

# wanbootutil keygen -d -c -o net=,cid=010003BA152A42,type=sha1
# wanbootutil keygen -d -c -o net=,cid=010003BA152A42,type=3des

The previous example uses the following information.


Specifies the IP address of the client's subnet


Specifies the client's ID


Specifies the value of the client's HMAC SHA1 hashing key


Specifies the value of the client's 3DES encryption key

If you use an AES encryption key in your installation, change type=3des to type=aes to display the encryption key value.

Install the keys in the OBP of the running client.

# /usr/lib/inet/wanboot/ickey -o type=sha1 b482aaab82cb8d5631e16d51478c90079cc1d463
# /usr/lib/inet/wanboot/ickey -o type=3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04

The previous commands perform the following tasks.

Continuing the WAN Boot Installation

After you install keys on your client, you are ready to install the client over the WAN. For instructions, see Installing the Client.

See Also

For more information about how to display key values, see the man page wanbootutil(1M).

For additional information about how to install keys on a running system, see ickey(1M).

Installing the Client

When you finish preparing your network for a WAN boot installation, you can choose from the following ways to install the system.

Table 12–2 Methods to Install the Client




Noninteractive installation 

Use this installation method if you want to install keys on the client and set the client configuration information before you boot the client. 

Interactive installation 

Use this installation method if you want to set the client configuration information during the boot process. 

To Perform an Interactive WAN Boot Installation

Installing with a DHCP server 

Use this installation method if you configured the network DHCP server to provide client configuration information during the installation. 

Installing with local CD media 

If your client OBP does not support WAN boot, boot the client from a local copy of the Solaris Software CD. 

ProcedureTo Perform a Noninteractive WAN Boot Installation

Use this installation method if you prefer to install keys and set client configuration information before you install the client. You can then boot the client from the WAN and perform an unattended installation.

This procedure assumes that you have either installed keys in the client's OBP, or that you are performing an insecure installation. For information about installing keys on the client before your installation, see Installing Keys on the Client.

  1. If the client system is currently running, bring the system to run level 0.

    # init 0

    The ok prompt is displayed.

  2. At the ok prompt on the client system, set the network boot argument variables in OBP.

    ok setenv network-boot-arguments  host-ip=client-IP,

    Note –

    The line breaks in this command sample are included for formatting purposes only. Do not enter a carriage return until you finish typing the command.

    setenv network-boot-arguments

    Instructs the OBP to set the following boot arguments


    Specifies the IP address of the client


    Specifies the IP address of the network router


    Specifies the subnet mask value


    Specifies the host name of the client

    (Optional) http-proxy=proxy-ip:port

    Specifies the IP address and port of the network's proxy server


    Specifies the URL of the wanboot-cgi program on the web server

  3. Boot the client.

    ok boot net - install
    net - install

    Instructs the client to use the network boot argument variables to boot from the WAN

    The client installs over the WAN. If the WAN boot programs do not find all the necessary installation information, the wanboot program prompts to provide the missing information. Type the additional information at the prompt.

Example 12–4 Noninteractive WAN Boot Installation

In the following example, the network boot argument variables for the client system myclient are set before the machine is booted. This example assumes that a hashing key and encryption key are already installed on the client. For information about installing keys before you boot from the WAN, see Installing Keys on the Client.

ok setenv network-boot-arguments host-ip=,
ok boot net - install
Resetting ...

Sun Blade 100 (UltraSPARC-IIe), No Keyboard
Copyright 1998-2003 Sun Microsystems, Inc.  All rights reserved.
OpenBoot 4.x.build_28, 512 MB memory installed, Serial #50335475.
Ethernet address 0:3:ba:e:f3:75, Host ID: 83000ef3.

Rebooting with command: boot net - install
Boot device: /pci@1f,0/network@c,1  File and args: - install

The following variables are set.

See Also

For more information about how to set network boot arguments, see set(1).

For more information about how to boot a system, see boot(1M).

ProcedureTo Perform an Interactive WAN Boot Installation

Use this installation method if you want to install keys and set client configuration information at the command line during the installation.

This procedure assumes that you are using HTTPS in your WAN installation. If you are performing an insecure installation that does not use keys, do not display or install the client keys.

  1. Assume the same user role as the web server user on the WAN boot server.

  2. Display the key value for each client key.

    # wanbootutil keygen -d -c -o net=net-ip,cid=client-ID,type=key-type

    The IP address of the subnet for the client you want to install.


    The ID of the client you want to install. The client ID can be a user-defined ID or the DHCP client ID.


    The key type you want to install on the client. Valid key types are 3des, aes, or sha1.

    The hexadecimal value for the key is displayed.

  3. Repeat the previous step for each type of client key you are installing.

  4. If the client system is currently running, bring the client to run level 0.

  5. At the ok prompt on the client system, set the network boot argument variables in OBP.

    ok setenv network-boot-arguments  host-ip=client-IP,router-ip=router-ip,

    Note –

    The line breaks in this command sample are included for formatting purposes only. Do not enter a carriage return until you finish typing the command.

    setenv network-boot-arguments

    Instructs the OBP to set the following boot arguments


    Specifies the IP address of the client


    Specifies the IP address of the network router


    Specifies the subnet mask value


    Specifies the host name of the client

    (Optional) http-proxy=proxy-ip:port

    Specifies the IP address and port of the network's proxy server


    Specifies the URL of the wanboot-cgi program on the web server

    Note –

    The URL value for thebootserver variable must not be an HTTPS URL. The URL must start with http://.

  6. At the client ok prompt, boot the system.

    ok boot net -o prompt - install
    net -o prompt - install

    Instructs the client to boot and install from the network. The wanboot program prompts the user to enter client configuration information at the boot> prompt.

    The boot> prompt is displayed.

  7. Install the encryption key.

    boot> 3des=key-value

    Specifies the hexadecimal string of the 3DES key that is displayed in Step 2.

    If you use an AES encryption key, use the following format for this command.

    boot> aes=key-value
  8. Install the hashing key.

    boot> sha1=key-value

    Specifies the hashing key value that is displayed in Step 2.

  9. Type the following command to continue the boot process.

    boot> go

    The client installs over the WAN.

  10. If prompted, type client configuration information on the command line.

    If the WAN boot programs do not find all the necessary installation information, the wanboot program prompts to provide the missing information. Type the additional information at the prompt.

Example 12–5 Interactive WAN Boot Installation

In the following example, the wanboot program prompts you to set the key values for the client system during the installation.

Display the key values on the WAN boot server.

# wanbootutil keygen -d -c -o net=,cid=010003BA152A42,type=sha1
# wanbootutil keygen -d -c -o net=,cid=010003BA152A42,type=3des

The previous example uses the following information.


Specifies the IP address of the client's subnet


Specifies the client's ID


Specifies the value of the client's HMAC SHA1 hashing key


Specifies the value of the client's 3DES encryption key

If you use an AES encryption key in your installation, change type=3des to type=aes to display the encryption key value.

Set the network boot argument variables in the OBP on the client.

ok setenv network-boot-arguments host-ip=,

The following variables are set.

Boot and install the client.

ok boot net -o prompt - install
Resetting ...

Sun Blade 100 (UltraSPARC-IIe), No Keyboard
Copyright 1998-2003 Sun Microsystems, Inc.  All rights reserved.
OpenBoot 4.x.build_28, 512 MB memory installed, Serial #50335475.
Ethernet address 0:3:ba:e:f3:75, Host ID: 83000ef3.

Rebooting with command: boot net -o prompt                            
Boot device: /pci@1f,0/network@c,1  File and args: -o prompt

boot> 3des=9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04

boot> sha1=b482aaab82cb8d5631e16d51478c90079cc1d463

boot> go

The previous commands perform the following tasks.

See Also

For more information about how to display key values, see wanbootutil(1M).

For more information about how to set network boot arguments, see set(1).

For more information about how to boot a system, see boot(1M).

ProcedureTo Perform a WAN Boot Installation With a DHCP Server

If you configured a DHCP server to support WAN boot options, you can use the DHCP server to provide client configuration information during the installation. For more information about configuring a DHCP server to support a WAN boot installation, see (Optional) Providing Configuration Information With a DHCP Server.

This procedure makes the following assumptions.

  1. If the client system is currently running, bring the system to run level 0.

    # init 0

    The ok prompt is displayed.

  2. At the ok prompt on the client system, set the network boot argument variables in OBP.

    ok setenv network-boot-arguments dhcp,hostname=client-name
    setenv network-boot-arguments

    Instructs the OBP to set the following boot arguments


    Instructs the OBP to use the DHCP server to configure the client


    Specifies the host name you want to assign to the client

  3. Boot the client from the network.

    ok boot net - install
    net - install

    Instructs the client to use the network boot argument variables to boot from the WAN

    The client installs over the WAN. If the WAN boot programs do not find all the necessary installation information, the wanboot program prompts to provide the missing information. Type the additional information at the prompt.

Example 12–6 WAN Boot Installation With a DHCP Server

In the following example, the DHCP server on the network provides client configuration information. This sample requests the host name myclient for the client.

ok setenv network-boot-arguments dhcp, hostname=myclient

ok boot net - install
Resetting ...

Sun Blade 100 (UltraSPARC-IIe), No Keyboard
Copyright 1998-2003 Sun Microsystems, Inc.  All rights reserved.
OpenBoot 4.x.build_28, 512 MB memory installed, Serial #50335475.
Ethernet address 0:3:ba:e:f3:75, Host ID: 83000ef3.

Rebooting with command: boot net - install
Boot device: /pci@1f,0/network@c,1  File and args: - install

See Also

For more information about how to set network boot arguments, see set(1).

For more information about how to boot a system, see boot(1M).

For more information about how to configure a DHCP server, see (Optional) Providing Configuration Information With a DHCP Server.

ProcedureTo Perform a WAN Boot Installation With Local CD Media

If your client's OBP does not support WAN boot, you can install with a Solaris Software - 1 CD inserted in the client's CD-ROM drive. When you use a local CD, the client retrieves the wanboot program from the local media, rather than from the WAN boot server.

This procedure assumes that you are using HTTPS in your WAN installation. If you are performing an insecure installation, do not display or install the client keys.

Follow these steps to perform a WAN boot installation from a local CD.

  1. Assume the same user role as the web server user on the WAN boot server.

  2. Display the key value for each client key.

    # wanbootutil keygen -d -c -o net=net-ip,cid=client-ID,type=key-type

    The network IP address for the client you are installing.


    The ID of the client you are installing. The client ID can be a user-defined ID or the DHCP client ID.


    The key type you are installing on the client. Valid key types are 3des, aes, or sha1.

    The hexadecimal value for the key is displayed.

  3. Repeat the previous step for each type of client key you are installing.

  4. On the client system, insert the Solaris Software - 1 CD in the CD-ROM drive.

  5. Power on the client system.

  6. Boot the client from the CD.

    ok boot cdrom -o prompt -F wanboot - install

    Instructs the OBP to boot from the local CD-ROM

    -o prompt

    Instructs the wanboot program to prompt the user to enter client configuration information

    -F wanboot

    Instructs the OBP to load the wanboot program from the CD-ROM

    - install

    Instructs the client to perform a WAN boot installation

    The client's OBP loads the wanboot program from the Solaris Software - 1 CD. The wanboot program boots the system, and the boot> prompt is displayed.

  7. Type the encryption key value.

    boot> 3des=key-value

    Specifies the hexadecimal string of the 3DES key that is displayed in step Step 2.

    If you use an AES encryption key, use the following format for this command.

    boot> aes=key-value
  8. Type the hashing key value.

    boot> sha1=key-value

    Specifies the hexadecimal string that represents the hashing key value that is displayed in step Step 2.

  9. Set the network interface variables.

    boot> variable=value[,variable=value*]

    Type the following variable and value pairs at the boot> prompt.


    Specifies the IP address of the client.


    Specifies the IP address of the network router.


    Specifies the subnet mask value.


    Specifies the host name of the client.

    (Optional) http-proxy=proxy-ip:port

    Specifies the IP address and port number of the network's proxy server.


    Specifies the URL of the wanboot-cgi program on the web server.

    Note –

    The URL value for thebootserver variable must not be an HTTPS URL. The URL must start with http://.

    You can enter these variables in the following ways.

    • Type one variable and value pair at the boot> prompt, then press the Return key.

      boot> host-ip=client-IP
      boot> subnet-mask=mask-value
    • Type all the variable and value pairs on one boot> prompt line, then press the Return key. Type commas to separate each variable and value pair.

      boot> host-ip=client-IP,subnet-mask=mask-value,
  10. Type the following command to continue the boot process.

    boot> go

    The client installs over the WAN. If the WAN boot programs do not find all the necessary installation information, the wanboot program prompts to provide the missing information. Type the additional information at the prompt.

Example 12–7 Installing With Local CD Media

In the following example, the wanboot program on a local CD prompts you to set the network interface variables for the client during the installation.

Display the key values on the WAN boot server.

# wanbootutil keygen -d -c -o net=,cid=010003BA152A42,type=sha1
# wanbootutil keygen -d -c -o net=,cid=010003BA152A42,type=3des

The previous example uses the following information.


Specifies the IP address of the client's subnet


Specifies the client's ID


Specifies the value of the client's HMAC SHA1 hashing key


Specifies the value of the client's 3DES encryption key

If you use an AES encryption key in your installation, change type=3des to type=aes to display the encryption key value.

Boot and install the client.

ok boot cdrom -o prompt -F wanboot - install
Resetting ...

Sun Blade 100 (UltraSPARC-IIe), No Keyboard
Copyright 1998-2003 Sun Microsystems, Inc.  All rights reserved.
OpenBoot 4.x.build_28, 512 MB memory installed, Serial #50335475.
Ethernet address 0:3:ba:e:f3:75, Host ID: 83000ef3.

Rebooting with command: boot cdrom -F wanboot - install                            
Boot device: /pci@1f,0/network@c,1  File and args: -o prompt

boot> 3des=9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04

boot> sha1=b482aaab82cb8d5631e16d51478c90079cc1d463

boot> host-ip=

boot> subnet-mask=

boot> router-ip=

boot> hostname=myclient
boot> client-id=010003BA152A42

boot> bootserver=

boot> go

The previous commands perform the following tasks.

See Also

For more information about how to display key values, see wanbootutil(1M).

For more information about how to set network boot arguments, see set(1).

For more information about how to boot a system, see boot(1M).