Network boot SPARC AI clients from the OBP prompt. Decide whether you are using secure download and whether you are using DHCP.
For SPARC AI client that are secured with credentials, the net boot file and the boot file system can be securely downloaded over the network through SPARC OBP firmware configured with security keys. Firmware keys must be specified in OBP to validate the downloaded boot file and file system.
The hashing digest (HMAC) is computed with the SHA1 algorithm, and AES is the encryption method employed.
You can set the HMAC and encryption key at the OBP command prompt.
The following example sets the OBP HMAC on a SPARC client console with the AI-generated SHA1 value:
ok set-security-key wanboot-hmac-sha1 767280bd72bca8cef3d679815dfca54638691ec5
The following example sets the OBP AES encryption key on a SPARC client console:
ok set-security-key wanboot-aes 38114ef74dc409a161099775f437e030
If the OBP keys for an AI client are regenerated in the AI server's configuration, the keys must be updated on the affected SPARC clients to perform authenticated AI installations. To invalidate existing OBP keys and generate new OBP keys, use the –H and –E options with the installadm command. See OBP Security Keys for SPARC Clients for information about generating OBP keys for server authentication only, for a specific AI client, for a specific install service, and for the default AI client.
When you delete the HMAC key and encryption key, that AI client will no longer require or attempt authentication. You will not be able to use AI to install the client using any install service whose sec property is set to either require-client-auth or require-server-auth.
To delete the HMAC key and encryption key at the OBP command prompt, use the same command that you use to set the keys, but do not provide any values:
ok set-security-key wanboot-hmac-sha1 ok set-security-key wanboot-aes
If you are using DHCP, use the following network boot command:
ok boot net:dhcp - install
If you are not using DHCP, use the following command to set the network-boot-arguments variable in the OBP. This variable is set persistently in the OBP:
ok setenv network-boot-arguments host-ip=client-ip, router-ip=router-ip,subnet-mask=subnet-mask,hostname=hostname, file=wanboot-cgi-file
Then use the following command to network boot the AI client:
ok boot net - install
The following events occur during AI boot of a SPARC client:
The AI client boots and gets its network configuration and the location of the wanboot-cgi file from the DHCP server or from the network-boot-arguments variable set in its OBP.
The wanboot-cgi program reads wanboot.conf and sends the location of the WAN boot binary to the AI client.
The WAN boot binary is downloaded using HTTP, and the AI client boots the WAN boot program.
WAN boot gets the boot_archive file, and the Oracle Solaris OS is booted.
Image archives, solaris.zlib and solarismisc.zlib, are downloaded using HTTP.
The AI manifest and system configuration profiles are downloaded from an AI install service specified either from the mDNS lookup or from the system.conf file.
The AI install program is invoked with the AI manifest to perform the installation of the Oracle Solaris OS to the AI client.
Normally, when you install an AI client using an AI server, you would have selected a disk to install onto in an AI manifest. If there is no definition for a disk to install onto, then the boot-device OBP parameter is checked. If the parameter is not set, then the first disk that is big enough is used. To prevent AI from placing the OS on the wrong disk when a disk has not been selected in the manifest, set the boot-device OBP parameter.
# init 0
ok devalias ... disk1 /pci@306/pci@1/SUNW,qlc@0/fp@0,0/disk@w202400a0b836a3b9,3 disk0 /pci@306/pci@1/SUNW,qlc@0/fp@0,0/disk@w202400a0b836a3b9,1 disk /pci@304/pci@2/usb@0/storage@1/disk@0,0
ok setenv boot-device /pci@306/pci@1/SUNW,qlc@0/fp@0,0/disk@x202400a0b836a3b39,1
ok printenv boot-device boot-device = /pci@306/pci@1/SUNW,qlc@0/fp@0,0/disk@x202400a0b836a3b39,1
ok boot net:dhcp - install