WAN Boot Installation Commands
The following tables describe the commands you use to perform a WAN boot
installation.
Table 15-1 Preparing the WAN Boot Installation and Configuration Files
|
|
Copy the Solaris installation image to install-dir-path, and copy the WAN boot
miniroot to wan-dir-path on the install server's local disk. |
setup_install_server –w wan-dir-path install-dir-path |
Create a Solaris Flash archive that
is named name.flar.
name is the name of the archive
optional-parameters are optional parameters you can use to customize the archive
document-root is the path to the document root directory on the install server
filename is the name of the archive
|
flarcreate – n name [optional-parameters] document-root/flash/filename |
Check the validity of the custom JumpStart rules file that is
named rules. |
./check -r rules |
Check the validity of the wanboot.conf file.
|
bootconfchk /etc/netboot/net-ip/client-ID/wanboot.conf |
Check for WAN boot installation support
in the client OBP. |
eeprom | grep network-boot-arguments |
|
Table 15-2 Preparing the WAN Boot Security Files
|
|
Create a master HMAC SHA1 key for
the WAN boot server. |
wanbootutil keygen -m |
Create a HMAC SHA1 hashing key for the client.
|
wanbootutil keygen -c -o net=net-ip,cid=client-ID,type=sha1 |
Create
an encryption key for the client.
net-ip is the IP address of the client's subnet.
client-ID can be a user-defined ID or the DHCP client ID.
key-type is either 3des or aes.
|
wanbootutil keygen -c -o net=net-ip,cid=client-ID,type=key-type |
Split a PKCS#12 certificate file and insert
the certificate in the client's truststore.
p12cert is the name of the PKCS#12 certificate file.
net-ip is the IP address of the client's subnet.
client-ID can be a user-defined ID or the DHCP client ID.
|
wanbootutil p12split -i p12cert -t /etc/netboot/net-ip/client-ID/truststore |
Split a PKCS#12 certificate file and insert
the client certificate in the client's certstore.
p12cert is the name of the PKCS#12 certificate file.
net-ip is the IP address of the client's subnet.
client-ID can be a user-defined ID or the DHCP client ID.
keyfile is the name of the client's private key.
|
wanbootutil p12split -i p12cert -c /etc/netboot/net-ip/client-ID/certstore -k keyfile |
Insert the client private key from a
split PKCS#12 file in the client's keystore.
keyfile is the name of the client's private key.
net-ip is the IP address of the client's subnet.
client-ID can be a user-defined ID or a DHCP client ID.
|
wanbootutil keymgmt -i -k keyfile -s /etc/netboot/net-ip/client-ID/keystore -o type=rsa |
Display the value of a HMAC
SHA1 hashing key.
|
wanbootutil keygen -d -c -o net=net-ip,cid=client-ID,type=sha1 |
Display the value of an encryption key.
net-ip is the IP address of the client's subnet.
client-ID can be a user-defined ID or the DHCP client ID.
key-type is either 3des or aes.
|
wanbootutil keygen -d -c -o net=net-ip,cid=client-ID,type=key-type |
Insert a hashing key
or an encryption key on a running system. key-type can have a
value of sha1, 3des, or aes. |
/usr/lib/inet/wanboot/ickey -o type=key-type |
|