Network boot SPARC clients from the OBP prompt. Decide whether you are using secure download and whether you are using DHCP.
For SPARC AI client systems that are secured with credentials, the net boot file and the boot file system can be securely downloaded over the network through SPARC OBP firmware configured with security keys. Firmware keys must be specified in OBP to validate the downloaded boot file and file system.
The hashing digest (HMAC) is computed with the SHA1 algorithm, and AES is the encryption method employed.
You can set the HMAC and encryption key at the OBP command prompt.
The following example command sets the OBP HMAC on a SPARC client console with the AI-generated SHA1 value:
ok set-security-key wanboot-hmac-sha1 767280bd72bca8cef3d679815dfca54638691ec5
The following example command sets the OBP AES encryption key on a SPARC client console:
ok set-security-key wanboot-aes 38114ef74dc409a161099775f437e030
If the OBP keys for a client are regenerated in the servers' configuration, the keys must be updated on the affected SPARC clients to perform authenticated AI installations. To invalidate existing OBP keys and generate new OBP keys, use the –H and –E options with the installadm command. See OBP Security Keys for SPARC Clients for information about generating OBP keys for server authentication only, for a specific client, for a specific install service, and for the default client.
When you delete the HMAC key and encryption key, that client will no longer require or attempt authentication. You will not be able to use AI to install the client using any install service whose sec property is set to either require-client-auth or require-server-auth.
To delete the HMAC key and encryption key at the OBP command prompt, use the same command that you use to set the keys, but do not provide any values:
ok set-security-key wanboot-hmac-sha1 ok set-security-key wanboot-aes
If you are using DHCP, use the following network boot command:
ok boot net:dhcp - install
If you are not using DHCP, use the following command to set the network-boot-arguments variable in the OBP. This variable is set persistently in the OBP:
ok setenv network-boot-arguments host-ip=client-ip, router-ip=router-ip,subnet-mask=subnet-mask,hostname=hostname, file=wanboot-cgi-file
Then use the following command to network boot the client:
ok boot net - install
The following events occur during AI boot of a SPARC client:
The client boots and gets its network configuration and the location of the wanboot-cgi file from the DHCP server or from the network-boot-arguments variable set in its OBP.
The wanboot-cgi program reads wanboot.conf and sends the location of the WAN boot binary to the client.
The WAN boot binary is downloaded using HTTP, and the client boots the WAN boot program.
WAN boot gets the boot_archive file, and the Oracle Solaris OS is booted.
Image archives, solaris.zlib and solarismisc.zlib, are downloaded using HTTP.
The AI manifest and system configuration profiles are downloaded from an AI install service specified either from the mDNS lookup or from the system.conf file.
The AI install program is invoked with the AI manifest to perform the installation of the Oracle Solaris OS to the client.