Go to main content

Installing Oracle® Solaris 11.3 Systems

Exit Print View

Updated: April 2019
 
 

Installing a SPARC AI Client

Network boot SPARC AI clients from the OBP prompt. Decide whether you are using secure download and whether you are using DHCP.

Installing a SPARC AI Client Using Secure Download

For SPARC AI client that are secured with credentials, the net boot file and the boot file system can be securely downloaded over the network through SPARC OBP firmware configured with security keys. Firmware keys must be specified in OBP to validate the downloaded boot file and file system.

The hashing digest (HMAC) is computed with the SHA1 algorithm, and AES is the encryption method employed.

Setting the Hashing Key and Encryption Key

You can set the HMAC and encryption key at the OBP command prompt.

The following example sets the OBP HMAC on a SPARC client console with the AI-generated SHA1 value:

ok set-security-key wanboot-hmac-sha1 767280bd72bca8cef3d679815dfca54638691ec5

The following example sets the OBP AES encryption key on a SPARC client console:

ok set-security-key wanboot-aes 38114ef74dc409a161099775f437e030
Resetting the Hashing Key and Encryption Key

If the OBP keys for an AI client are regenerated in the AI server's configuration, the keys must be updated on the affected SPARC clients to perform authenticated AI installations. To invalidate existing OBP keys and generate new OBP keys, use the –H and –E options with the installadm command. See OBP Security Keys for SPARC Clients for information about generating OBP keys for server authentication only, for a specific AI client, for a specific install service, and for the default AI client.

Deleting the Hash Key and Encryption Key

When you delete the HMAC key and encryption key, that AI client will no longer require or attempt authentication. You will not be able to use AI to install the client using any install service whose sec property is set to either require-client-auth or require-server-auth.

To delete the HMAC key and encryption key at the OBP command prompt, use the same command that you use to set the keys, but do not provide any values:

ok set-security-key wanboot-hmac-sha1
ok set-security-key wanboot-aes

Installing a SPARC AI Client Using DHCP

If you are using DHCP, use the following network boot command:

ok boot net:dhcp - install

Installing a SPARC AI Client Without Using DHCP

If you are not using DHCP, use the following command to set the network-boot-arguments variable in the OBP. This variable is set persistently in the OBP:

ok setenv network-boot-arguments host-ip=client-ip,
router-ip=router-ip,subnet-mask=subnet-mask,hostname=hostname,
file=wanboot-cgi-file

Then use the following command to network boot the AI client:

ok boot net - install

Note -  When you use the network-boot-arguments variable, the SPARC client does not have DNS configuration information. Ensure that the AI manifest used with this AI client specifies an IP address instead of a host name for the location of the IPS package repository, and for any other URI in the manifest.

SPARC AI Client Network Boot Sequence

    The following events occur during AI boot of a SPARC client:

  1. The AI client boots and gets its network configuration and the location of the wanboot-cgi file from the DHCP server or from the network-boot-arguments variable set in its OBP.

  2. The wanboot-cgi program reads wanboot.conf and sends the location of the WAN boot binary to the AI client.

  3. The WAN boot binary is downloaded using HTTP, and the AI client boots the WAN boot program.

  4. WAN boot gets the boot_archive file, and the Oracle Solaris OS is booted.

  5. Image archives, solaris.zlib and solarismisc.zlib, are downloaded using HTTP.

  6. The AI manifest and system configuration profiles are downloaded from an AI install service specified either from the mDNS lookup or from the system.conf file.

  7. The AI install program is invoked with the AI manifest to perform the installation of the Oracle Solaris OS to the AI client.

How To Set the Boot Disk From OBP

Normally, when you install an AI client using an AI server, you would have selected a disk to install onto in an AI manifest. If there is no definition for a disk to install onto, then the boot-device OBP parameter is checked. If the parameter is not set, then the first disk that is big enough is used. To prevent AI from placing the OS on the wrong disk when a disk has not been selected in the manifest, set the boot-device OBP parameter.

  1. Bring the system to the ok PROM prompt.
    # init 0
  2. List the devices on the system.
    ok devalias
    ...
    disk1                    /pci@306/pci@1/SUNW,qlc@0/fp@0,0/disk@w202400a0b836a3b9,3
    disk0                    /pci@306/pci@1/SUNW,qlc@0/fp@0,0/disk@w202400a0b836a3b9,1
    disk                     /pci@304/pci@2/usb@0/storage@1/disk@0,0
    
  3. Set the boot-device parameter to the appropriate disk.
    ok setenv boot-device /pci@306/pci@1/SUNW,qlc@0/fp@0,0/disk@x202400a0b836a3b39,1
  4. (Optional) Verify the boot device.
    ok printenv boot-device
    boot-device = /pci@306/pci@1/SUNW,qlc@0/fp@0,0/disk@x202400a0b836a3b39,1
  5. Boot the system to start the AI installation.
    ok boot net:dhcp - install