Skip Navigation Links | |
Exit Print View | |
Oracle Solaris 10 1/13 Installation Guide: Network-Based Installations Oracle Solaris 10 1/13 Information Library |
Part I Planning to Install Over the Network
1. Where to Find Oracle Solaris Installation Planning Information
2. Preconfiguring System Configuration Information (Tasks)
3. Preconfiguring With a Naming Service or DHCP
Part II Installing Over a Local Area Network
4. Installing From the Network (Overview)
5. Installing From the Network With DVD Media (Tasks)
6. Installing From the Network With CD Media (Tasks)
7. Patching the Miniroot Image (Tasks)
8. Installing Over the Network (Examples)
9. Installing From the Network (Command Reference)
Part III Installing Over a Wide Area Network
11. Preparing to Install With WAN Boot (Planning)
12. Installing With WAN Boot (Tasks)
13. SPARC: Installing With WAN Boot (Tasks)
Task Map: Installing a Client With WAN Boot
Preparing the Client for a WAN Boot Installation
How to Check the net Device Alias in the Client OBP
How to Install Keys in the Client OBP
How to Install a Hashing Key and an Encryption Key on a Running Client
How to Perform a Noninteractive WAN Boot Installation
How to Perform an Interactive WAN Boot Installation
How to Perform a WAN Boot Installation With a DHCP Server
How to Perform a WAN Boot Installation With Local CD Media
14. SPARC: Installing With WAN Boot (Examples)
Before you install the client system, prepare the client by performing the following tasks.
To boot the client from the WAN with the boot net, the net device alias must be set to the client's primary network device. On most systems, this alias is already set correctly. However, if the alias is not set to the network device you want to use, you must change the alias.
For more information about setting device aliases, see “The Device Tree” in OpenBoot 3.x Command Reference Manual.
Note - Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# init 0
The ok prompt is displayed.
ok devalias
The devalias command outputs information that is similar to the following example.
screen /pci@1f,0/pci@1,1/SUNW,m64B@2 net /pci@1f,0/pci@1,1/network@c,1 net2 /pci@1f,0/pci@1,1/network@5,1 disk /pci@1f,0/pci@1/scsi@8/disk@0,0 cdrom /pci@1f,0/pci@1,1/ide@d/cdrom@0,0:f keyboard /pci@1f,0/pci@1,1/ebus@1/su@14,3083f8 mouse /pci@1f,0/pci@1,1/ebus@1/su@14,3062f8
If the net alias is set to the network device you wan to use during the installation, you do not need to reset the alias. Go to Installing Keys on the Client to continue your installation.
If the net alias is not set to the network device you want to use, you must reset the alias.
To set the net device alias for this installation only, use the devalias command.
ok devalias net device-path
Assigns the device device-path to the net alias
To permanently set the net device alias, use the nvalias command.
ok nvalias net device-path
Example 13-1 Checking and Resetting the net Device Alias
The following commands show how to check and reset the net device alias.
Check the device aliases.
ok devalias screen /pci@1f,0/pci@1,1/SUNW,m64B@2 net /pci@1f,0/pci@1,1/network@c,1 net2 /pci@1f,0/pci@1,1/network@5,1 disk /pci@1f,0/pci@1/scsi@8/disk@0,0 cdrom /pci@1f,0/pci@1,1/ide@d/cdrom@0,0:f keyboard /pci@1f,0/pci@1,1/ebus@1/su@14,3083f8 mouse /pci@1f,0/pci@1,1/ebus@1/su@14,3062f8
If you want to use the /pci@1f,0/pci@1,1/network@5,1 network device, type the following command:
ok devalias net /pci@1f,0/pci@1,1/network@5,1
Next Steps
After you check the net device alias, continue the installation.
If you are using a hashing key and an encryption key in your installation, see Installing Keys on the Client.
If you are performing a less secure installation without keys, see Installing the Client.
For a more secure WAN boot installation or an insecure installation with data integrity checking, you must install keys on the client. By using a hashing key and an encryption key, you can protect the data that is transmitted to the client. You can install these keys in the following ways.
Set OBP variables – You can assign key values to OBP network boot argument variables before you boot the client. These keys can then be used for future WAN boot installations of the client.
Enter the key values during the boot process – You can set key values at the wanboot program boot> prompt. If you use this method to install keys, the keys are only used for the current WAN boot installation.
You can also install keys in the OBP of a running client. If you want to install keys on a running client, the system must be running the Solaris 9 12/03 OS or a compatible version.
When you install keys on your client, ensure that the key values are not transmitted over an insecure connection. Follow your site's security policies to ensure the privacy of the key values.
For instructions about how to assign key values to OBP network boot argument variables, see How to Install Keys in the Client OBP.
For instructions about how to install keys during the boot process, see How to Perform an Interactive WAN Boot Installation.
For instructions about how to install keys in the OBP of a running client, see How to Install a Hashing Key and an Encryption Key on a Running Client.
You can assign key values to OBP network boot argument variables before you boot the client. These keys can then be used for future WAN boot installations of the client.
# wanbootutil keygen -d -c -o net=net-IP,cid=client-ID,type=key-type
The IP address of the client's subnet.
The ID of the client you want to install. The client ID can be a user-defined ID or the DHCP client ID.
The key type you want to install on the client. Valid key types are 3des, aes, or sha1.
The hexadecimal value for the key is displayed.
# init 0
The ok prompt is displayed.
ok set-security-key wanboot-hmac-sha1 key-value
Installs the key on the client.
Instructs OBP to install a HMAC SHA1 hashing key.
Specifies the hexadecimal string that is displayed in Step 2.
The HMAC SHA1 hashing key is installed in the client OBP.
ok set-security-key wanboot-3des key-value
Instructs OBP to install a 3DES encryption key. If you want to use an AES encryption key, set this value to wanboot-aes.
Specifies the hexadecimal string that represents the encryption key.
The 3DES encryption key is installed in the client OBP.
ok list-security-keys Security Keys: wanboot-hmac-sha1 wanboot-3des
ok set-security-key key-type
Example 13-2 Installing Keys in the Client OBP
The following example shows how to install a hashing key and an encryption key in the client OBP. Display the key values on the WAN boot server.
# wanbootutil keygen -d -c -o net=192.168.198.0,cid=010003BA152A42,type=sha1 b482aaab82cb8d5631e16d51478c90079cc1d463# wanbootutil keygen -d -c -o net=192.168.198.0,cid=010003BA152A42,type=3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04
The example uses the following information:
Specifies the IP address of the client's subnet
Specifies the client's ID
Specifies the value of the client's HMAC SHA1 hashing key
Specifies the value of the client's 3DES encryption key
Install the keys on the client system.
The following commands perform the following tasks.
Installs the HMAC SHA1 hashing key with a value of b482aaab82cb8d5631e16d51478c90079cc1d463 on the client
Installs the 3DES encryption key with a value of 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04 on the client
If you use an AES encryption key in your installation, change wanboot-3des to wanboot-aes.
ok set-security-key wanboot-hmac-sha1 b482aaab82cb8d5631e16d51478c90079cc1d463 ok set-security-key wanboot-3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04
Next Steps
After you install keys on your client, you are ready to install the client over the WAN. For instructions, see Installing the Client.
See Also
For more information about how to display key values, see the wanbootutil(1M) man page.
You can set key values at the wanboot program boot> prompt on a running system. If you use this method to install keys, the keys are only used for the current WAN boot installation.
Before You Begin
This procedure makes the following assumptions:
The client system is powered on.
The client is accessible over a secure connection, such as a secure shell (ssh).
# wanbootutil keygen -d -c -o net=net-IP,cid=client-ID,type=key-type
The IP address of the client's subnet.
The ID of the client you want to install. The client ID can be a user-defined ID or the DHCP client ID.
The key type you want to install on the client. Valid key types are 3des, aes, or sha1.
The hexadecimal value for the key is displayed.
Note - Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
# /usr/lib/inet/wanboot/ickey -o type=key-type > key-value
Specifies the hexadecimal string that is displayed in Step 2.
Example 13-3 Installing Keys in the OBP of a Running Client System
The following example shows how to install keys in the OBP of a running client.
Display the key values on the WAN boot server.
# wanbootutil keygen -d -c -o net=192.168.198.0,cid=010003BA152A42,type=sha1 b482aaab82cb8d5631e16d51478c90079cc1d463 # wanbootutil keygen -d -c -o net=192.168.198.0,cid=010003BA152A42,type=3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04
The example uses the following information:
Specifies the IP address of the client's subnet
Specifies the client's ID
Specifies the value of the client's HMAC SHA1 hashing key
Specifies the value of the client's 3DES encryption key
If you use an AES encryption key in your installation, change type=3des to type=aes to display the encryption key value.
Install the keys in the OBP of the running client.
The following commands perform the following tasks:
Installs a HMAC SHA1 hashing key with a value of b482aaab82cb8d5631e16d51478c90079cc1d463 on the client
Installs a 3DES encryption key with a value of 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04 on the client
# /usr/lib/inet/wanboot/ickey -o type=sha1 b482aaab82cb8d5631e16d51478c90079cc1d463 # /usr/lib/inet/wanboot/ickey -o type=3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04
Next Steps
After you install keys on your client, you are ready to install the client over the WAN. For instructions, see Installing the Client.
See Also
For more information about how to display key values, see the wanbootutil(1M) man page.
For additional information about how to install keys on a running system, see the ickey(1M) man page.