Use the installadm list command to show information about install services, as well as the clients, AI manifests and system configuration profiles that are associated with the services. This section includes:
Example 8–34 shows how to list all of the install services on an AI server
Example 8–35 shows how to list information about a specific install service
Example 8–36 shows how to list the clients associated with install services
Example 8–37 shows how to list the clients associated with a specific install service
Example 8–38 shows how to list all AI manifests and system configuration profiles
Example 8–39 shows how to list AI manifests and system configuration profiles associated with a specific install service
Example 8–41 shows how to list client security information
Example 8–40 shows how to list AI server security information
This example displays all of the install services on this server. In this example, four enabled install services are found. Disabled services have a Status value of off.
$ /usr/sbin/installadm list Service Name Status Arch Type Alias Aliases Clients Profiles Manifests ------------ ------ ---- ---- ----- ------- ------- -------- --------- default-i386 on i386 iso yes 0 0 0 1 default-sparc on sparc iso yes 0 0 0 1 solaris11_2-i386 on i386 iso no 1 0 1 1 solaris11_2-sparc on sparc iso no 1 0 2 1
The default-i386 service was created automatically when the first i386 service was created on this server. The default-i386 service is used by any x86 client that has not been associated with the solaris11_2-i386 service by using the create-client subcommand. The default-i386 and solaris11_2-i386 services share an install image but they have different AI manifests and system configuration profiles.
The default-sparc service was created automatically when the first sparc service was created on this server. The default-sparc service is used by any SPARC client that has not been associated with the solaris11_2-sparc service by using the create-client subcommand. The default-sparc and solaris11_2-sparc services share an install image but they have different AI manifests and system configuration profiles.
Example 8-35 Showing Information for a Specified Install ServiceThis example displays information about the install service specified by the –n option.
$ /usr/sbin/installadm list -n solaris11_2-sparc Service Name Status Arch Type Alias Aliases Clients Profiles Manifests ------------ ------ ---- ---- ----- ------- ------- -------- --------- solaris11_2-sparc on sparc iso no 1 0 2 1Example 8-36 Listing Clients Associated With Install Services
This example lists all the clients that are associated with the install services on this AI server. The clients were associated with the install services by using the installadm create-client command. See Associating a Client With a Service.
$ /usr/sbin/installadm list -c Service Name Client Address Arch Secure Custom Args Custom Grub ------------ -------------- ---- ------ ----------- ----------- solaris11_2-sparc 00:14:4F:A7:65:70 sparc no no no solaris11_2-i386 08:00:27:8B:BD:71 i386 no no no 01:C2:52:E6:4B:E0 i386 no no noExample 8-37 Listing Clients Associated With a Specific Install Service
This example lists all the clients that have been added to the specified install service. In the following example, one client is associated with the solaris11_2-sparc install service.
$ /usr/sbin/installadm list -c -n solaris11_2-sparc Service Name Client Address Arch Secure Custom Args Custom Grub ------------ -------------- ---- ------ ----------- ----------- solaris11_2-sparc 00:14:4f:a7:65:70 sparc no no noExample 8-38 Listing All AI Manifests and System Configuration Profiles
This example lists all AI manifests, derived manifest scripts, and system configuration profiles for all install services on this AI server. The Service and Manifest Name and Profile Name columns display the internal names of the manifests, scripts, or profiles. The Status column identifies the default manifest for each service and any inactive manifests. A manifest is inactive if it does not have any associated criteria and also is not the default. The Criteria column shows the associated client criteria.
The orig_default manifest is the original default AI manifest that was part of the install service when the install service was created. The mem1 manifest was created with memory criteria and designated as the new default manifest for this service. Because mem1 is the default manifest, its criteria are ignored. If another manifest is created as the default manifest, then the mem1 criteria are used to select clients to use the mem1 manifest. The original default manifest is inactive because it has no associated criteria to determine which clients should use it. Only the default manifest can have no associated criteria. A client that does not match the criteria to use any other manifest associated with the service uses the default manifest, in this case, mem1. See Chapter 9, Customizing Installations for more information about selecting an AI manifest.
$ installadm list -m -p Service Name Manifest Name Type Status Criteria ------------ ------------- ---- ------ -------- default-i386 orig_default derived default one default-sparc orig_default derived default none solaris11_2-i386 ipv4 xml active ipv4 = 10.6.68.1 - 10.6.68.200 mem1 derived default (Ignored: mem = 2048 MB - 4095 MB) orig_default derived inactive none solaris11_2-sparc sparc-ent xml active mem = 4096 MB - unbounded platform = SUNWSPARC-Enterprise mem1 derived default (Ignored: mem = 2048 MB - 4095 MB) orig_default derived inactive none Service Name Profile Name Criteria ------------ ------------ -------- solaris11_2-i386 mac2 mac = 08:00:27:8B:BD:71 hostname = server2 mac3 mac = 01:C2:52:E6:4B:E0 hostname = server3 ipv4 ipv4 = 10.0.2.100 - 10.0.2.199 mem1 mem = 2048 MB - 4095 MB solaris11_2-sparc mac1 mac = 01:C2:52:E6:4B:E0 hostname = server1 ipv4 = 192.168.168.251 sparc-ent platform = SUNWSPARC-Enterprise mem = 4096-unbounded
If you run this command with the rights profile, an additional column in the list of manifests identifies the type of the manifest, either xml or derived.
Example 8-39 Listing Manifests and Profiles Associated With a Specified Install ServiceThis example shows all AI manifests, derived manifest scripts, and system configuration profiles associated with the install service solaris11_2-sparc.
$ installadm list -m -p -n solaris11_2-sparc Service Name Manifest Name Type Status Criteria ------------ ------------- ------- ------ -------- solaris11_2-sparc sparc-ent xml active mem = 4096 MB - unbounded platform = SUNWSPARC-Enterprise mem1 derived default Ignored: mem = 2048 MB - 4095 MB) orig_default derived inactive none Service Name Profile Name Criteria ------------ ------------ -------- solaris11_2-sparc mac1 mac = 01:C2:52:E6:4B:E0 hostname = server1 ipv4 = 192.168.168.251 sparc-ent platform = SUNWSPARC-Enterprise mem = 4096-unboundedExample 8-40 Listing Server Security Information
The list subcommand with the –v and –s options shows information about the server including:
Current state of security: enabled or disabled
Server certificate X.509 subject and issuer strings
Dates the server certificate is valid
Results of validating the server certificate
Server CA certificate hash value, X.509 subject, and issuer
Client CA certificates for client authentication
The default client certificate
# installadm list -v -s AI Server Parameter Value ------------------- ----- Hostname ........... install-svr Architecture ....... i386 Active Networks .... 10.134.125.170 Http Port .............. 5555 Secure Port ............ 5556 Image Path Base Dir .... /export/auto_install Multi-Homed? ........... no Managing DHCP? ......... yes DHCP IP Range .......... 192.168.100.240 - 192.168.100.249 Boot Server ............ 192.168.100.45 Web UI Enabled? ........ yes Wizard Saves to Server? no Security Enabled? ...... yes Security Key? .......... yes Security Cert: Subject: /C=US/O=Oracle/OU=Solaris Deployment/CN=osol-inst Issuer : /C=US/O=Oracle/OU=Solaris Deployment/CN=Signing CA Source : Server Certificate Valid from: Jan 24 22:53:00 2014 GMT to: Jan 24 22:53:00 2024 GMT Validates?: yes CA Certificates: d09051e4 Subject: /C=US/O=Oracle/OU=Solaris Deployment/CN=Root CA Issuer : /C=US/O=Oracle/OU=Solaris Deployment/CN=Root CA Source : Server CA Certificate Valid from: Jan 24 22:53:00 2014 GMT to: Jan 24 22:53:00 2024 GMT f9d73b41 Subject: /C=US/O=Oracle/OU=Solaris Deployment/CN=Signing CA Issuer : /C=US/O=Oracle/OU=Solaris Deployment/CN=Root CA Source : Server CA Certificate Valid from: Jan 24 22:53:00 2014 GMT to: Jan 24 22:53:00 2024 GMT Def Client Sec Key? .... yes Def Client Sec Cert: Subject: /C=US/O=Oracle/OU=Solaris Deployment/CN=Client default Issuer : /C=US/O=Oracle/OU=Solaris Deployment/CN=Signing CA Source : Default Client Certificate Valid from: Jul 15 19:33:00 2013 GMT to: Jul 13 19:33:00 2023 GMT Def Client CA Certs .... none Def Client FW Encr Key . adcc858c58ecae04c02282e7245c235c Def Client FW HMAC Key . cb7bc6213512c8fa3dc7d7283a9e056dc2791f98 Number of Services ..... 102 Number of Clients ...... 37 Number of Manifests .... 108 Number of Profiles ..... 92Example 8-41 Listing Client Security Information
The list subcommand with the –v and –e options show the following client security information:
The credentials that are used for the client
The source of the client's credentials
The validity of the client's certificate
# installadm list -v -e 00:14:4F:83:3F:4A Service Name Client Address Arch Secure Custom Args Custom Grub ------------ -------------- ---- ------ ----------- ----------- solaris11_2-sparc 00:14:4F:A7:65:70 sparc yes no no Client Credentials? yes Security Key? ..... yes Security Cert: Subject: /C=US/O=Oracle/OU=Solaris Deployment/CN=CID 01020000000000 Issuer : /C=US/O=Oracle/OU=Solaris Deployment/CN=Signing CA Valid from: Jan 24 10:20:00 2014 GMT to: Jan 24 10:20:00 2024 GMT CA Certificates: d09051e4 Subject: /C=US/O=Oracle/OU=Solaris Deployment/CN=Root CA Issuer : /C=US/O=Oracle/OU=Solaris Deployment/CN=Root CA Source : Default CA Certificate Valid from: Jan 24 22:53:00 2014 GMT to: Jan 24 22:53:00 2024 GMT FW Encr Key (AES) . 23780bc444636f124ba3ff61bdac32d1 FW HMAC Key (SHA1) 1093562559ec45a5bb5235b27c1d0545ff259d63 Boot Args ......... none
The export subcommand shows the TLS credentials attributed to a client. Adding –C displays the x.509 TLS certificate.
# installadm export -e 00:14:4F:83:3F:4A -C ------ certificate: client_00:14:4F:83:3F:4A_cert_de22916b ------ -----BEGIN CERTIFICATE----- MIICFDCCAX+gAwIBAgIBGTALBgkqhkiG9w0BAQswUDELMAkGA1UEBhMCVVMxDzAN .... UiZDA6GOdvE= -----END CERTIFICATE-----
The –K option shows the X.509 private key:
# installadm export -e 00:14:4F:83:3F:4A -K --------------- key: client_00:14:4F:83:3F:4A_key --------------- -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQDCCJbC5Bd0uMQ0AOk4lLlQqWiQwqkx9lpIhHl31tF1/WxHi74A ... SYoBeKAOPSo7Evund+bHAROl0H4QnbSJgl1UDuZr3T3h -----END RSA PRIVATE KEY-----