See Part III Installing Over a Wide Area Network in Solaris 10 5/08 Installation Guide: Network-Based Installations
Solaris Jumpstart Wanboot is a method of installing Solaris OS over Wide Area Network using http(s) protocol. Given a fast Internet connection, a Sun server may be installed from a remote site, where Wanboot/Install server is located.
A WAN Boot server can be a server running Solaris with a web service that supports cgi. In this example, we use a machine that runs Solaris 9 and apache 2.2.9.
The limitation on the Solaris OS comes from the fact that Sun provides cgi binaries compiled for Solaris only. Assuming that both SPARC and x86 versions of these binaries are available, one can deploy Wanboot/Install server on a field laptop in VMWare environment. On the other hand, such approach would not make much sense since Solaris Jumpstart LAN Boot is far more convenient.
WAN Boot server is better suited for clients who have fast Internet access from their sites.
1. On the WAN Boot server, create a directory where we put Solaris DVD image, for example
mkdir -p /export/home/jumpstart/sol_10_05-08_dvd
2. Insert Solaris 10 05/08 install DVD into the server and copy Solaris image from the DVD using the following commands:
cd /cdrom/sol_10_508_sparc/s0/Solaris_10/Tools ./setup_install_server /export/home/jumpstart/sol_10_05-08_dvd
3. Patch the miniroot with the latest kernel patch. We downloaded 137111-04 patch into /export/home/jumpstart/sol_10_05-08_dvd/Solaris 10/Patches, then we ran patchadd command (the success in patching miniroot lies in having the system itself patched with the latest patches and the machine should probably have the same architecture):
patchadd -C /export/home/jumpstart/sol_10_05-08_dvd/Solaris_10/Tools/Boot -n -d -M /export/home/jumpstart/sol_10_05-08_dvd/Solaris 10/Patches 137111-04
4. Install wanboot miniroot into the directory accessible by the web server (-w argument), for example:
cd /export/home/jumpstart/sol_10_05-08_dvd/Solaris_10/Tools
./setup_install_server -w /export/home/jumpstart/jumpstart /tmp/bla
Verifying target directory...
Calculating the required disk space for the Solaris_10 product
Calculating space required for the installation boot image
Copying the CD image to disk...
Copying Install Boot Image hierarchy...
Starting WAN boot Image build
Calculating space required for WAN boot Image
Copying WAN boot Image hierarchy...
730944 blocks
Removing unneeded packages from WAN boot Image hierarchy
Creating the WAN boot Image file
Image size is 302276608 bytes
Copying WAN boot to Image file...
608032 blocks
WAN boot Image creation complete The WAN boot Image file has been placed in
/export/home/jumpstart/miniroot Ensure that you move this file to a location
accessible to the web server, and that the
WAN boot configuration file wanboot.conf(4)
for each WAN boot client contains the entries: root_server=<URL>
where <URL> is an HTTP or HTTPS URL
scheme pointing to the location of the
WAN boot CGI program root_file=<miniroot>
where <miniroot> is the path and file
name, relative to the web server
document directory, of 'miniroot' You should also make sure you have initialized
the key generation process by issuing (once): # /usr/sbin/wanbootutil keygen -m Install Server setup complete5. Remove temporary files
rm -rf /tmp/bla/ cd /export/home/jumpstart/jumpstart rm -rf interim_dir interim_file mnt.munix
6. Now create the virtual apache host for installing Solaris over http. Please note that apache configuration is site specific. Use this paragraph as an example only. You may need to check for large file support in apache. If it is not compiled in, then a wanboot client will have a problem downloading a flash archive that is over 2GB - the limit for a 32-bit application that does not support large files. BY default, apache on Solaris 9, for example, does not support large files.
mkdir /export/home/jumpstart/cgi-bin
cd /usr/local/apache/conf
vi httpd.conf
ServerName server.domain.com:80
ServerAdmin root@domain.com
User nobody
Group nobody
ScriptAlias /cgi-bin/ "/export/home/jumpstart/cgi-bin/"
Include conf/extra/httpd-vhosts.conf
vi extra/httpd-vhosts.conf
<VirtualHost *:80>
ServerAdmin root@invidi.com
DocumentRoot /export/home/jumpstart
ServerName wanboot.domain.com
ErrorLog /var/apache/logs/wanboot.domain.com-error_log
CustomLog /var/apache/logs/wanboot.domain.com-access_log common
<Directory /export/home/jumpstart>
Options None
AllowOverride None
Order deny,allow
Allow from any
</Directory>
<IfModule alias_module>
ScriptAlias /cgi-bin/ /export/home/jumpstart/cgi-bin/
</IfModule>
<Directory /export/home/jumpstart/cgi-bin>
AllowOverride None
Options None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>/usr/local/apache/bin/apachectl -t /usr/local/apache/bin/apachectl start
7. Copying wanboot-cgi and bootlog-cgi in cgi-bin
cp /usr/lib/inet/wanboot/wanboot-cgi /export/home/jumpstart/cgi-bin cp /usr/lib/inet/wanboot/bootlog-cgi /export/home/jumpstart/cgi-bin chmod 755 /export/home/jumpstart/cgi-bin/wanboot-cgi chmod 755 /export/home/jumpstart/cgi-bin/bootlog-cgi
The log file can be found in /tmp/bootlog.<client-name> on the wanboot server
8. The following directory structure must be created on the wanboot server
/etc/netboot <- this is where non-client-ID non-network specific files are placed /etc/netboot<ip-net> <- this is where network specific files are located /etc/netboot<ip-net>/<client-ID> <- this is where we put files for a given client (<client-ID> is client's MAC address prefixed with "01")
For example,
mkdir -p /etc/netboot/192.168.1.0/0100144FCB864E chown -R nobody:nobody /etc/netboot chmod -R 700 /etc/netboot
9. Optionally, generate master key for the wanboot server, which will be stored in /etc/netboot/keystore.
su - nobody $ wanbootutil keygen -m The master HMAC/SHA1 key has been generated
If this is not done, then the following should be entered in wanboot.conf
signature_type= encryption_type=
10. Optionally, generate client’s keys. They are used for verification of server signing (HMAC) and decryption (3DES, AES). Option “-d” allows to display a key for subsequent writing into OBP variables on a client. If the keys are not used, then see the previous paragraph for the modifications to wanboot.conf file.
It is not possible to use keys when installing Solaris LDoms with Wanboot.
$ wanbootutil keygen -c -o net=192.168.1.0,cid=0100144FCB864E,type=sha1 A new client HMAC/SHA1 key has been generated
$ wanbootutil keygen -d -c -o net=192.168.1.0,cid=0100144FCB864E,type=sha1 b482aaab82cb8d5631e16d51478c90079cc1d463
$ wanbootutil keygen -c -o net=192.168.1.0,cid=0100144FCB864E,type=3des A new client 3DES key has been generated
$ wanbootutil keygen -d -c -o net=192.168.1.0,cid=0100144FCB864E,type=3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04
$ exit
11. Create sysidcfg, rules and profiles as usual, check and archive them in a location accessible by the web server. For example,
mkdir /export/home/jumpstart/client
cd /export/home/jumpstart/client
vi sysidcfg
name_service=DNS {domain_name=domain.com
name_server=192.168.1.2,192.168.2.2
search=domain.com,subdomain.domain.com}
network_interface=bge0 {hostname=client
ip_address=192.168.1.100
netmask=255.255.255.0
protocol_ipv6=no
default_route=192.168.1.1}
root_password=**********
security_policy=NONE
system_locale=C
terminal=vt100
timezone=Canada/Mountain
timeserver=localhost
nfs4_domain=dynamic vi rules arch sparc && disksize c0t0d0 150000-170000 devfsadm profile160g-flash -
vi devfsadm #!/bin/sh /usr/sbin/devfsadm
chmod 755 devfsadm vi profile160g-flash install_type flash_install partitioning explicit filesys c0t0d0s0 2000 / filesys c0t0d0s1 4000 swap filesys c0t0d0s3 8000 /usr filesys c0t0d0s4 8000 /var filesys c0t0d0s5 20000 /opt filesys c0t0d0s6 110560 /export/home archive_location http://wanboot.domain.com/client/client.flar
cp /export/home/jumpstart/sol_10_05-08_dvd/Solaris_10/Misc/jumpstart_sample/check .
./check
tar -cf client.tar sysidcfg rules.ok profile160g-flash devfsadm
12. Copy a flash archive in /export/home/jumpstart/client
For information on how to create flash archives, see Solaris Jumpstart LAN Boot
13. Copying boot loader from patched miniroot for a given client’s platform into a directory, accessible by the web server
cp /export/home/jumpstart/sol_10_05-08_dvd/Solaris_10/Tools/Boot/platform/sun4v/wanboot /export/home1/sw/jumpstart/wanboot.sun4v
14. Create wanboot.conf file and put it into the client’s netboot directory
vi /etc/netboot/192.168.1.0/0100144FCB864E/wanboot.conf root_server=http://wanboot.domain.com/cgi-bin/wanboot-cgi boot_file=/wanboot.sun4v root_file=/miniroot signature_type=sha1 encryption_type=3des server_authentication=no client_authentication=no resolve_hosts= boot_logger=http://wanboot.domain.com/cgi-bin/bootlog-cgi
15. From the OBP ok prompt, set the following variables (for key values, see wanbootutil -d util above)
ok set-security-key wanboot-hmac-sha1 b482aaab82cb8d5631e16d51478c90079cc1d463 ok set-security-key wanboot-3des 9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04 ok setenv network-boot-arguments host-ip=192.168.1.100,subnet-mask=255.255.255.0,router-ip=192.168.1.1,hostname=<client_name>,file=http://192.168.1.1/cgi-bin/wanboot-cgi
16. Install the client using “boot net” command:
ok boot net - install http://wanboot.domain.com/client/client.tar reboot