Installing Oracle® Solaris 11.2 Systems

Exit Print View

Updated: July 2014

Installing a SPARC Client

Network boot SPARC clients from the OBP prompt. Decide whether you are using secure download and whether you are using DHCP.

Installing a SPARC Client Using Secure Download

For SPARC AI client systems that are secured with credentials, the net boot file and the boot file system can be securely downloaded over the network through SPARC OBP firmware configured with security keys. Firmware keys must be specified in OBP to validate the downloaded boot file and file system.

The hashing digest (HMAC) is computed with the SHA1 algorithm, and AES is the encryption method employed.

Setting the Hashing Key and Encryption Key

You can set the HMAC and encryption key at the OBP command prompt.

The following example command sets the OBP HMAC on a SPARC client console with the AI-generated SHA1 value:

ok set-security-key wanboot-hmac-sha1 767280bd72bca8cef3d679815dfca54638691ec5

The following example command sets the OBP AES encryption key on a SPARC client console:

ok set-security-key wanboot-aes 38114ef74dc409a161099775f437e030
Resetting the Hashing Key and Encryption Key

If the OBP keys for a client are regenerated in the servers' configuration, the keys must be updated on the affected SPARC clients to perform authenticated AI installations. To invalidate existing OBP keys and generate new OBP keys, use the –H and –E options with the installadm command. See OBP Security Keys for SPARC Clients for information about generating OBP keys for server authentication only, for a specific client, for a specific install service, and for the default client.

Deleting the Hash Key and Encryption Key

When you delete the HMAC key and encryption key, that client will no longer require or attempt authentication. You will not be able to use AI to install the client using any install service whose sec property is set to either require-client-auth or require-server-auth.

To delete the HMAC key and encryption key at the OBP command prompt, use the same command that you use to set the keys, but do not provide any values:

ok set-security-key wanboot-hmac-sha1
ok set-security-key wanboot-aes

Installing a SPARC Client Using DHCP

If you are using DHCP, use the following network boot command:

ok boot net:dhcp - install

Installing a SPARC Client Without Using DHCP

If you are not using DHCP, use the following command to set the network-boot-arguments variable in the OBP. This variable is set persistently in the OBP:

ok setenv network-boot-arguments host-ip=client-ip,

Then use the following command to network boot the client:

ok boot net - install

Note - When you use the network-boot-arguments variable, the SPARC client does not have DNS configuration information. Ensure that the AI manifest used with this client specifies an IP address instead of a host name for the location of the IPS package repository, and for any other URI in the manifest.

SPARC Client Network Boot Sequence

    The following events occur during AI boot of a SPARC client:

  1. The client boots and gets its network configuration and the location of the wanboot-cgi file from the DHCP server or from the network-boot-arguments variable set in its OBP.

  2. The wanboot-cgi program reads wanboot.conf and sends the location of the WAN boot binary to the client.

  3. The WAN boot binary is downloaded using HTTP, and the client boots the WAN boot program.

  4. WAN boot gets the boot_archive file, and the Oracle Solaris OS is booted.

  5. Image archives, solaris.zlib and solarismisc.zlib, are downloaded using HTTP.

  6. The AI manifest and system configuration profiles are downloaded from an AI install service specified either from the mDNS lookup or from the system.conf file.

  7. The AI install program is invoked with the AI manifest to perform the installation of the Oracle Solaris OS to the client.