Use the installadm list command to show information about install services, as well as the clients, AI manifests and system configuration profiles that are associated with the services. This section includes:
Example 8–34 shows how to list all of the install services on an AI server
Example 8–35 shows how to list information about a specific install service
Example 8–36 shows how to list the clients associated with install services
Example 8–37 shows how to list the clients associated with a specific install service
Example 8–38 shows how to list all AI manifests and system configuration profiles
Example 8–39 shows how to list AI manifests and system configuration profiles associated with a specific install service
Example 8–41 shows how to list client security information
Example 8–40 shows how to list AI server security information
This example displays all of the install services on this server. In this example, four enabled install services are found. Disabled services have a Status value of off.
$ /usr/sbin/installadm list Service Name Status Arch Type Alias Aliases Clients Profiles Manifests ------------ ------ ---- ---- ----- ------- ------- -------- --------- default-i386 on i386 iso yes 0 0 0 1 default-sparc on sparc iso yes 0 0 0 1 solaris11_2-i386 on i386 iso no 1 0 1 1 solaris11_2-sparc on sparc iso no 1 0 2 1
The default-i386 service was created automatically when the first i386 service was created on this server. The default-i386 service is used by any x86 client that has not been associated with the solaris11_2-i386 service by using the create-client subcommand. The default-i386 and solaris11_2-i386 services share an install image but they have different AI manifests and system configuration profiles.
The default-sparc service was created automatically when the first sparc service was created on this server. The default-sparc service is used by any SPARC client that has not been associated with the solaris11_2-sparc service by using the create-client subcommand. The default-sparc and solaris11_2-sparc services share an install image but they have different AI manifests and system configuration profiles.
Example 8-35 Showing Information for a Specified Install ServiceThis example displays information about the install service specified by the –n option.
$ /usr/sbin/installadm list -n solaris11_2-sparc Service Name Status Arch Type Alias Aliases Clients Profiles Manifests ------------ ------ ---- ---- ----- ------- ------- -------- --------- solaris11_2-sparc on sparc iso no 1 0 2 1Example 8-36 Listing Clients Associated With Install Services
This example lists all the clients that are associated with the install services on this AI server. The clients were associated with the install services by using the installadm create-client command. See Associating a Client With a Service.
$ /usr/sbin/installadm list -c
Service Name Client Address Arch Secure Custom Args Custom Grub
------------ -------------- ---- ------ ----------- -----------
solaris11_2-sparc 00:14:4F:A7:65:70 sparc no no no
solaris11_2-i386 08:00:27:8B:BD:71 i386 no no no
01:C2:52:E6:4B:E0 i386 no no no
Example 8-37 Listing Clients Associated With a Specific Install Service
This example lists all the clients that have been added to the specified install service. In the following example, one client is associated with the solaris11_2-sparc install service.
$ /usr/sbin/installadm list -c -n solaris11_2-sparc Service Name Client Address Arch Secure Custom Args Custom Grub ------------ -------------- ---- ------ ----------- ----------- solaris11_2-sparc 00:14:4f:a7:65:70 sparc no no noExample 8-38 Listing All AI Manifests and System Configuration Profiles
This example lists all AI manifests, derived manifest scripts, and system configuration profiles for all install services on this AI server. The Service and Manifest Name and Profile Name columns display the internal names of the manifests, scripts, or profiles. The Status column identifies the default manifest for each service and any inactive manifests. A manifest is inactive if it does not have any associated criteria and also is not the default. The Criteria column shows the associated client criteria.
The orig_default manifest is the original default AI manifest that was part of the install service when the install service was created. The mem1 manifest was created with memory criteria and designated as the new default manifest for this service. Because mem1 is the default manifest, its criteria are ignored. If another manifest is created as the default manifest, then the mem1 criteria are used to select clients to use the mem1 manifest. The original default manifest is inactive because it has no associated criteria to determine which clients should use it. Only the default manifest can have no associated criteria. A client that does not match the criteria to use any other manifest associated with the service uses the default manifest, in this case, mem1. See Chapter 9, Customizing Installations for more information about selecting an AI manifest.
$ installadm list -m -p
Service Name Manifest Name Type Status Criteria
------------ ------------- ---- ------ --------
default-i386 orig_default derived default one
default-sparc orig_default derived default none
solaris11_2-i386 ipv4 xml active ipv4 = 10.6.68.1 - 10.6.68.200
mem1 derived default (Ignored: mem = 2048 MB - 4095 MB)
orig_default derived inactive none
solaris11_2-sparc sparc-ent xml active mem = 4096 MB - unbounded
platform = SUNWSPARC-Enterprise
mem1 derived default (Ignored: mem = 2048 MB - 4095 MB)
orig_default derived inactive none
Service Name Profile Name Criteria
------------ ------------ --------
solaris11_2-i386 mac2 mac = 08:00:27:8B:BD:71
hostname = server2
mac3 mac = 01:C2:52:E6:4B:E0
hostname = server3
ipv4 ipv4 = 10.0.2.100 - 10.0.2.199
mem1 mem = 2048 MB - 4095 MB
solaris11_2-sparc mac1 mac = 01:C2:52:E6:4B:E0
hostname = server1
ipv4 = 192.168.168.251
sparc-ent platform = SUNWSPARC-Enterprise
mem = 4096-unbounded
If you run this command with the rights profile, an additional column in the list of manifests identifies the type of the manifest, either xml or derived.
Example 8-39 Listing Manifests and Profiles Associated With a Specified Install ServiceThis example shows all AI manifests, derived manifest scripts, and system configuration profiles associated with the install service solaris11_2-sparc.
$ installadm list -m -p -n solaris11_2-sparc
Service Name Manifest Name Type Status Criteria
------------ ------------- ------- ------ --------
solaris11_2-sparc sparc-ent xml active mem = 4096 MB - unbounded
platform = SUNWSPARC-Enterprise
mem1 derived default Ignored:
mem = 2048 MB - 4095 MB)
orig_default derived inactive none
Service Name Profile Name Criteria
------------ ------------ --------
solaris11_2-sparc mac1 mac = 01:C2:52:E6:4B:E0
hostname = server1
ipv4 = 192.168.168.251
sparc-ent platform = SUNWSPARC-Enterprise
mem = 4096-unbounded
Example 8-40 Listing Server Security Information
The list subcommand with the –v and –s options shows information about the server including:
Current state of security: enabled or disabled
Server certificate X.509 subject and issuer strings
Dates the server certificate is valid
Results of validating the server certificate
Server CA certificate hash value, X.509 subject, and issuer
Client CA certificates for client authentication
The default client certificate
# installadm list -v -s
AI Server Parameter Value
------------------- -----
Hostname ........... install-svr
Architecture ....... i386
Active Networks .... 10.134.125.170
Http Port .............. 5555
Secure Port ............ 5556
Image Path Base Dir .... /export/auto_install
Multi-Homed? ........... no
Managing DHCP? ......... yes
DHCP IP Range .......... 192.168.100.240 - 192.168.100.249
Boot Server ............ 192.168.100.45
Web UI Enabled? ........ yes
Wizard Saves to Server? no
Security Enabled? ...... yes
Security Key? .......... yes
Security Cert:
Subject: /C=US/O=Oracle/OU=Solaris Deployment/CN=osol-inst
Issuer : /C=US/O=Oracle/OU=Solaris Deployment/CN=Signing CA
Source : Server Certificate
Valid from: Jan 24 22:53:00 2014 GMT
to: Jan 24 22:53:00 2024 GMT
Validates?: yes
CA Certificates:
d09051e4 Subject: /C=US/O=Oracle/OU=Solaris Deployment/CN=Root CA
Issuer : /C=US/O=Oracle/OU=Solaris Deployment/CN=Root CA
Source : Server CA Certificate
Valid from: Jan 24 22:53:00 2014 GMT
to: Jan 24 22:53:00 2024 GMT
f9d73b41 Subject: /C=US/O=Oracle/OU=Solaris Deployment/CN=Signing CA
Issuer : /C=US/O=Oracle/OU=Solaris Deployment/CN=Root CA
Source : Server CA Certificate
Valid from: Jan 24 22:53:00 2014 GMT
to: Jan 24 22:53:00 2024 GMT
Def Client Sec Key? .... yes
Def Client Sec Cert:
Subject: /C=US/O=Oracle/OU=Solaris Deployment/CN=Client default
Issuer : /C=US/O=Oracle/OU=Solaris Deployment/CN=Signing CA
Source : Default Client Certificate
Valid from: Jul 15 19:33:00 2013 GMT
to: Jul 13 19:33:00 2023 GMT
Def Client CA Certs .... none
Def Client FW Encr Key . adcc858c58ecae04c02282e7245c235c
Def Client FW HMAC Key . cb7bc6213512c8fa3dc7d7283a9e056dc2791f98
Number of Services ..... 102
Number of Clients ...... 37
Number of Manifests .... 108
Number of Profiles ..... 92
Example 8-41 Listing Client Security Information
The list subcommand with the –v and –e options show the following client security information:
The credentials that are used for the client
The source of the client's credentials
The validity of the client's certificate
# installadm list -v -e 00:14:4F:83:3F:4A
Service Name Client Address Arch Secure Custom Args Custom Grub
------------ -------------- ---- ------ ----------- -----------
solaris11_2-sparc 00:14:4F:A7:65:70 sparc yes no no
Client Credentials? yes
Security Key? ..... yes
Security Cert:
Subject: /C=US/O=Oracle/OU=Solaris Deployment/CN=CID 01020000000000
Issuer : /C=US/O=Oracle/OU=Solaris Deployment/CN=Signing CA
Valid from: Jan 24 10:20:00 2014 GMT
to: Jan 24 10:20:00 2024 GMT
CA Certificates:
d09051e4 Subject: /C=US/O=Oracle/OU=Solaris Deployment/CN=Root CA
Issuer : /C=US/O=Oracle/OU=Solaris Deployment/CN=Root CA
Source : Default CA Certificate
Valid from: Jan 24 22:53:00 2014 GMT
to: Jan 24 22:53:00 2024 GMT
FW Encr Key (AES) . 23780bc444636f124ba3ff61bdac32d1
FW HMAC Key (SHA1) 1093562559ec45a5bb5235b27c1d0545ff259d63
Boot Args ......... none
The export subcommand shows the TLS credentials attributed to a client. Adding –C displays the x.509 TLS certificate.
# installadm export -e 00:14:4F:83:3F:4A -C ------ certificate: client_00:14:4F:83:3F:4A_cert_de22916b ------ -----BEGIN CERTIFICATE----- MIICFDCCAX+gAwIBAgIBGTALBgkqhkiG9w0BAQswUDELMAkGA1UEBhMCVVMxDzAN .... UiZDA6GOdvE= -----END CERTIFICATE-----
The –K option shows the X.509 private key:
# installadm export -e 00:14:4F:83:3F:4A -K --------------- key: client_00:14:4F:83:3F:4A_key --------------- -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDCCJbC5Bd0uMQ0AOk4lLlQqWiQwqkx9lpIhHl31tF1/WxHi74A ... SYoBeKAOPSo7Evund+bHAROl0H4QnbSJgl1UDuZr3T3h -----END RSA PRIVATE KEY-----