JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Installing Oracle® Solaris 11.2 Systems
Oracle Technology Network
Library
PDF
Print View
Feedback
search filter icon
search icon

Document Information

Using This Documentation

Part I Oracle Solaris 11.2 Installation Options

Part II Installing Using Installation Media

Part III Installing Using an Install Server

Chapter 7 Automated Installation of Multiple Clients

What Is an Automated Installation?

Components of the Automated Installer

DHCP Servers Supporting AI

IPS Repositories Supporting AI

AI Server

Install Services

AI Manifests

System Configuration Profiles

First-boot Scripts

AI Clients

Securing AI

AI and Zones

Overview of the AI Configuration Process

Booting an AI Client

Planning for an AI Server

Configuring Network Interfaces on an AI Server

Identifying Necessary Install Instances

Automated Installer Use Cases

Chapter 8 Setting Up an AI Server

AI Server Setup Tasks

AI Server Requirements

Install Service Operation Privileges

Configuring an AI Server

How to Set Up An AI Server

Changing the Configuration of an AI Server

Configuring the Web Server User Files Directory

Working With Install Services

Creating an Install Service

How to Create an Install Service

What Happens When an Install Service Is Created?

Example DHCP Configuration Files To Support AI Clients

ISC DHCP Configuration for an Oracle Solaris 11.2 i386 Install Service

ISC DHCP Configuration for an Oracle Solaris 11 i386 Install Service

ISC DHCP Configuration for an Oracle Solaris 11.2 sparc Install Service

Associating Clients With Install Services

Associating a Client With a Service

Hands-Off AI Installation for x86 Clients

Deleting a Client From an Install Service

Customizing Installation Instructions

Associating Client-Specific Installation Instructions With an Install Service

Associating Client-Specific Configuration Instructions With Install Services

Administering the AI SMF Service

Increasing Security for Automated Installations

Configuring Security Credentials

Order of Precedence for Security

How to Configure Security for Automated Installations

Configuring AI Server Credentials

Configuring Secure Install Services

Configuring Client Credentials

OBP Security Keys for SPARC Clients

Disabling and Enabling Security

Deleting Credentials

How to Configure Kerberos Clients Using AI

Showing Information About Install Services

Managing Install Services

Setting Install Service Aliases

Setting the Default AI Manifest for an Install Service

Setting the Image Path for an Install Service

Updating an Existing Install Service

Managing AI Manifests

Updating an AI Manifest

Validating an AI Manifest

Deleting an AI Manifest

Managing System Configuration Profiles

Updating a System Configuration Profile

Validating a System Configuration Profile

Deleting a System Configuration Profile

Exporting an AI Manifest or a System Configuration Profile

Chapter 9 Customizing Installations

Matching Clients With Installation and Configuration Instructions

Selecting the AI Manifest

Selecting System Configuration Profiles

Selection Criteria

Chapter 10 Provisioning the Client System

Customizing an XML AI Manifest File

How to Customize an XML AI Manifest File

Creating an AI Manifest at Client Installation Time

How to Create and Apply a Derived Manifest Script

Creating a Derived Manifest Script

Retrieving Client Attributes

Customizing the AI Manifest

Examples of Derived Manifest Scripts

Testing Derived Manifest Scripts

How to Test the Derived Manifest Script in an Install Environment

Adding a Derived Manifest Script to an Install Service

Creating a AI Manifest Using the AI Manifest Wizard

Configuring an AI Server for the AI Manifest Wizard

How to Create an AI Manifest Using the AI Manifest Wizard

Example AI Manifests

Specifying an iSCSI Target Device

Specifying a RAID Configuration

Installing an SVR4 Package

Installing Multiple SVR4 Packages

Reusing Existing Disk Slices or Partitions

Default AI Manifest

Chapter 11 Configuring the Client System

Providing Configuration Profiles

Creating System Configuration Profiles

Validating System Configuration Profiles

Adding System Configuration Profiles to an Install Service

Specifying Configuration in a System Configuration Profile

Configuring Root and User Accounts

Configuring the Root Account

Configuring a User Account

Creating a User Account Without Depending on the Automounter

User Account Properties

Configuring Multiple Initial Users

Configuring SSH Keys

Setting the System Identity

Setting the Time Zone and Locale

Setting the Terminal Type and Keyboard Layout

Configuring Network Interfaces

Configuring Name Service

Configuring Kerberos

Setting Up Oracle Configuration Manager and Oracle Auto Service Request

Using System Configuration Profile Templates

Example System Configuration Profiles

Sample System Configuration Profile

Specifying Static Network Configuration

Configuring Multiple IPv4 Interfaces

Adding User SSH Keys

Specifying Name Service Configuration

Configuring Name Service NIS

Configuring Name Service DNS

Configuring Name Service LDAP

Using DNS With LDAP

Using NIS With DNS

Chapter 12 Installing and Configuring Zones

How AI Installs Non-Global Zones

Specifying Non-Global Zones in the Global Zone AI Manifest

Non-Global Zone Configuration and Installation Data

Non-Global Zone AI Manifest

Non-Global Zone System Configuration Profiles

Chapter 13 Running a Custom Script During First Boot

Implementing Run Once at First Boot Controls

How to Ensure One Run at First Boot

Creating a Script to Run at First Boot

Creating an SMF Manifest File

Using the Manifest Creation Tool

Customizing the Generated Manifest

Creating an IPS Package for the Script and Service

How to Create and Publish the IPS Package

Installing the First-Boot Package on the AI Client

How to Install the IPS Package

Testing the First-Boot Service

How to Update the Script or Service

Chapter 14 Installing Client Systems

How a Client Is Installed

SPARC and x86 Client System Requirements

Setting Up an AI Client

Setting Up a SPARC Client

Setting Up an x86 Client

Deleting a Client From a Service

Installing Clients

Using Secure Shell to Remotely Monitor Installations

Monitoring x86 Client Installations

Monitoring SPARC Client Installations

Installing a SPARC Client

Installing a SPARC Client Using Secure Download

Setting the Hashing Key and Encryption Key

Resetting the Hashing Key and Encryption Key

Deleting the Hash Key and Encryption Key

Installing a SPARC Client Using DHCP

Installing a SPARC Client Without Using DHCP

SPARC Client Network Boot Sequence

Installing an x86 Client

Client Installation Messages

Automated Installation Started Message

Automated Installation Succeeded Message

Chapter 15 Troubleshooting Automated Installations

Client Installation Fails

Check the Installation Logs and Instructions

Check DNS

Check Client Boot Errors

Boot Disk Not Found

SPARC Network Booting Errors and Possible Causes

Timed out Waiting for BOOTP/DHCP Reply

Boot Load Failed

Internal Server Error or WAN Boot Alert

ERROR 403: Forbidden or ERROR 404: Not Found

Automated Installer Not Started

Invalid HMAC Value

x86 Network Booting Errors and Possible Causes

No DHCP or ProxyDHCP Offers Were Received

TFTP Error or System Hangs After GATEWAY Message

System Hangs After GRUB Menu Entry is Selected

HTTP Request Sent Results in 403 Forbidden or 404 Not Found

Automated Installer Not Started

SPARC and x86 Error Messages

Automated Installation Failed Message

IPS Server Not Available

Package Not Found

Boot Errors on Secured Client

Security-related AI Failures

Booting the Installation Environment Without Starting an Installation

Starting an Automated Installation from the Command Line

Part IV Performing Related Tasks

Index

How to Configure Security for Automated Installations

  1. Become an administrator.

    For more information, see How to Use Your Assigned Administrative Rights in Oracle Solaris 11.2 Administration: Security Services.

  2. Generate security credentials for the AI server.

    The following command automatically generates an X.509 root CA certificate and signing CA certificate, a server certificate and private key, and OBP keys for AI server authentication. The CA certificate and the OBP keys are generated only if they do not already exist. If OBP keys are generated, the OBP commands to set these keys are displayed.

    # installadm set-server -g
    The root CA certificate has been generated.
    The CA signing certificate request has been generated.
    The signing CA certificate has been generated.
    A new certificate key has been generated.
    A new certificate has been generated.
    Generating new encryption key...
    To set the OBP encryption key for server authentication only, enter
        this OBP command:
      set-security-key wanboot-aes 8d210964e95f2a333c5e749790633273
    Generating new hashing key (HMAC)...
    To set the OBP hashing (HMAC) key for server authentication only,
        enter this OBP command:
      set-security-key wanboot-hmac-sha1 4088861239fa3f3bed22f8eb885bfa476952fab4
    Configuring web server security.
    Changed Server

    For more information about configuring AI server credentials, see Configuring AI Server Credentials.

  3. (Optional) Set the install service security policy.

    The following example specifies a security setting that requires client authentication to use an install service. To protect all clients and all data associated with a specific install service, use the require-client-auth install service security setting to require all clients to be secured with both server and client authentication. In this example, a client must have X.509 credentials to access any svcname install service data.

    # installadm set-service -p require-client-auth -n svcname

    For more information about configuring install service security policies, see Configuring Secure Install Services.

  4. Generate credentials for an AI client.

    The following example automatically generates a private X.509 certificate and key pair and an X.509 CA certificate for authentication of the specified client, where 02:00:00:00:00:00 is the MAC address of the client. Client credentials that are assigned by specifying the MAC address are unique for each client. The CA certificate is generated only if it does not already exist. If the client is a SPARC system, OBP keys are also generated if they do not already exist, and the OBP commands to set these keys are displayed.

    # installadm set-client -e 02:00:00:00:00:00 -g
    Generating credentials for client 02:00:00:00:00:00...
    A new certificate key has been generated.
    A new certificate has been generated.
    Generating new encryption key...
    To set the OBP encryption key, enter this OBP command:
      set-security-key wanboot-aes 030fd11c98afb3e434576e886a094c1c
    Generating new hashing key (HMAC)...
    To set the OBP hashing (HMAC) key, enter this OBP command:
      set-security-key wanboot-hmac-sha1 e729a742ae4ba977254a2cf89c2060491e7d86eb
    Changed Client: '02:00:00:00:00:00'

    For more information about configuring client credentials, see Configuring Client Credentials.

  5. Set OBP keys for SPARC clients.

    For SPARC clients that have security credentials assigned, you must set OBP security keys (hashing key and encryption key) when you boot the client for AI installation. The following example sets the OBP AES encryption key on a SPARC client console.

    ok set-security-key wanboot-aes 030fd11c98afb3e434576e886a094c1c

    The following example sets the OBP hashing (HMAC) key on a SPARC client console.

    ok set-security-key wanboot-hmac-sha1 e729a742ae4ba977254a2cf89c2060491e7d86eb

    See Installing a SPARC Client Using Secure Download for more information and examples.

  6. Modify the AI manifest to install from a secure IPS repository.

    If an AI manifest specifies a publisher that has a secure origin, specify the key and certificates in the credentials sub-element of the publisher element. See the Software section of the ai_manifest (4) man page for details. You can specify an SSL key and certificate in attributes of the image element, but this key and certificate apply only to the first publisher specified in the manifest. If keys and certificates are specified both in an image element and in a credentials element, the credentials specified in the credentials element are used. Consider locating key and certificate files in a user-specified directory on the AI web server. See Configuring the Web Server User Files Directory for information.