Configuring the WAN Boot Server
The WAN boot server is a web server that provides the boot
and configuration data during a WAN boot installation. For a list of the
system requirements for the WAN boot server, see Table 10-1.
This section describes the following tasks required to configure the WAN boot server
for a WAN boot installation.
Creating the Document Root Directory
To serve the configuration and installation files, you must make these files accessible
to the web server software on the WAN boot server. One method to
make these files accessible is to store them in the WAN boot
server's document root directory.
If you want to use a document root directory to serve the
configuration and installation files, you must create this directory. See your web server documentation
for information about how to create the document root directory. For detailed information
about how to design your document root directory, see Storing Installation and Configuration Files in the Document Root Directory.
For an example of how to set up this directory, see Create the Document Root Directory.
After you create the document root directory, create the WAN boot miniroot. For
instructions, see Creating the WAN Boot Miniroot.
Creating the WAN Boot Miniroot
WAN boot uses a special Solaris miniroot that has been modified to
perform a WAN boot installation. The WAN boot miniroot contains a subset of
the software in the Solaris miniroot. To perform a WAN boot installation, you
must copy the miniroot from the Solaris DVD or the Solaris Software -
1 CD to the WAN boot server. Use the -w option to the
setup_install_server command to copy the WAN boot miniroot from the Solaris software media
to your system's hard disk.
SPARC: To Create a WAN Boot Miniroot
This procedure creates a SPARC WAN boot miniroot with SPARC media. If you
want to serve a SPARC WAN boot miniroot from an x86–based server, you
must create the miniroot on a SPARC machine. After you create the
miniroot, copy the miniroot to the document root directory on the x86–based server.
Before You Begin
This procedure assumes that the WAN boot server is running the Volume Manager.
If you are not using the Volume Manager, see System Administration Guide: Devices and File Systems.
- Become superuser or assume an equivalent role on the WAN boot server.
The system must meet the following requirements.
Include a CD-ROM or DVD-ROM drive
Be part of the site's network and naming service
If you use a naming service, the system must already be in a naming service, such as NIS, NIS+, DNS, or LDAP. If you do not use a naming service, you must distribute information about this system by following your site's policies.
- Insert the Solaris Software - 1 CD or the Solaris DVD in the
install server's drive.
- Create a directory for the WAN boot miniroot and Solaris installation image.
# mkdir -p wan-dir-path install-dir-path
- -p
Instructs the mkdir command to create all the necessary parent directories for the directory you want to create.
- wan-dir-path
Specifies the directory where the WAN boot miniroot is to be created on the install server. This directory needs to accommodate miniroots that are typically 250 Mbytes in size.
- install-dir-path
Specifies the directory on the install server where the Solaris software image is to be copied. This directory can be removed later in this procedure.
- Change to the Tools directory on the mounted disc.
# cd /cdrom/cdrom0/s0/Solaris_11/Tools
In the previous example, cdrom0 is the path to the drive that contains
the Solaris OS media.
- Copy the WAN boot miniroot and the Solaris software image to the WAN
boot server's hard disk.
# ./setup_install_server -w wan-dir-path install-dir-path
- wan-dir-path
Specifies the directory where the WAN boot miniroot is to be copied
- install-dir-path
Specifies the directory where the Solaris software image is to be copied
Note - The setup_install_server command indicates whether you have enough disk space available for the
Solaris Software disc images. To determine available disk space, use the df -kl command.
The setup_install_server -w command creates the WAN boot miniroot and a network installation image
of the Solaris software.
- (Optional) Remove the network installation image.
You do not need the Solaris software image to perform a WAN installation
with a Solaris Flash archive. You can free up disk space if you
do not plan to use the network installation image for other network installations.
Type the following command to remove the network installation image.
# rm -rf install-dir-path
- Make the WAN boot miniroot available to the WAN boot server in one
of the following ways.
Example 11-1 Creating the WAN Boot Miniroot
Use the setup_install_server(1M) with the -w option to copy the WAN boot miniroot
and the Solaris software image to the /export/install/Solaris_11 directory of wanserver-1.
Insert the Solaris Software media in the media drive that is attached to
wanserver-1. Type the following commands.
wanserver-1# mkdir -p /export/install/cdrom0
wanserver-1# cd /cdrom/cdrom0/s0/Solaris_11/Tools
wanserver-1# ./setup_install_server -w /export/install/cdrom0/miniroot \
/export/install/cdrom0
Move the WAN boot miniroot to the document root directory (/opt/apache/htdocs/) of
the WAN boot server. In this example the name the WAN boot miniroot
is set to miniroot.s10_sparc.
wanserver-1# mv /export/install/cdrom0/miniroot/miniroot \
/opt/apache/htdocs/miniroot/miniroot.s10_sparc
More Information
Continuing the WAN Boot Installation
After you create the WAN boot miniroot, verify that the client OpenBoot PROM
(OBP) supports WAN boot. For instructions, see Verifying WAN Boot Support on the Client.
See Also
For additional information about the setup_install_server command, see install_scripts(1M).
Verifying WAN Boot Support on the Client
To perform an unattended WAN boot installation, the client system's OpenBoot PROM (OBP)
must support WAN boot. If the client's OBP does not support WAN boot,
you can perform a WAN boot installation by providing the necessary programs on
a local CD.
You can determine if the client supports WAN boot by checking the
client's OBP configuration variables. Perform the following procedure to check the client for WAN
boot support.
To Check the Client OBP for WAN Boot Support
This procedure describes how to determine if the client OBP supports WAN boot.
- Become superuser or assume an equivalent role.
Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map) in System Administration Guide: Security Services.
- Check the OBP configuration variables for WAN boot support.
# eeprom | grep network-boot-arguments
If the variable network-boot-arguments is displayed, or if the previous command returns the output network-boot-arguments: data not available, the OBP supports WAN boot installations. You do not need to update the OBP before you perform your WAN boot installation.
If the previous command does not return any output, the OBP does not support WAN boot installations. You must perform one of the following tasks.
Update the client OBP. For those clients who do have an OBP that is capable of supporting WAN boot installations, see your system documentation for information about how to update the OBP.
Note - Not all client OBPs support WAN Boot. For those clients use the next option.
After you complete the preparation tasks and are ready to install the client, perform the WAN boot installation from the Solaris Software CD1 or DVD. This option works in all cases when the current OBP does not provide WAN Boot support.
For instructions about how to boot the client from CD1, see To Perform a WAN Boot Installation With Local CD Media. To continue preparing for the WAN boot installation, see Creating the /etc/netboot Hierarchy on the WAN Boot Server.
Example 11-2 Verifying OBP Support for WAN Boot on the Client
The following command shows how to check the client OBP for WAN
boot support.
# eeprom | grep network-boot-arguments
network-boot-arguments: data not available
In this example, the output network-boot-arguments: data not available indicates that the client OBP supports
WAN boot.
More Information
Continuing the WAN Boot Installation
After you verify that the client OBP supports WAN boot, you must
copy the wanboot program to the WAN boot server. For instructions, see Installing the wanboot Program on the WAN Boot Server.
If the client OBP does not support WAN boot, you do not
need to copy the wanboot program to the WAN boot server. You must provide
the wanboot program to the client on a local CD. To continue the
installation, see Creating the /etc/netboot Hierarchy on the WAN Boot Server.
See Also
For additional information about the setup_install_server command, see Chapter 4, Installing From the Network (Overview).
Installing the wanboot Program on the WAN Boot Server
WAN boot uses a special second-level boot program (wanboot) to install the client.
The wanboot program loads the WAN boot miniroot, client configuration files, and installation
files that are required to perform a WAN boot installation.
To perform a WAN boot installation, you must provide the wanboot program to
the client during the installation. You can provide this program to the client
in the following ways.
If your client's PROM supports WAN boot, you can transmit the program from the WAN boot server to the client. You must install the wanboot program on the WAN boot server.
To check if your client's PROM supports WAN boot, see To Check the Client OBP for WAN Boot Support.
If your client's PROM does not support WAN boot, you must provide the program to the client on a local CD. If your client's PROM does not support WAN boot, go to Creating the /etc/netboot Hierarchy on the WAN Boot Server to continue preparing for your installation.
SPARC: To Install the wanboot Program on the WAN Boot Server
This procedure describes how to copy the wanboot program from Solaris media to
the WAN boot server.
This procedure assumes that the WAN boot server is running the Volume Manager.
If you are not using the Volume Manager, see System Administration Guide: Devices and File Systems.
Before You Begin
Verify that your client system supports WAN boot. See To Check the Client OBP for WAN Boot Support for more information.
- Become superuser or assume an equivalent role on the install server.
- Insert the Solaris Software - 1 CD or the Solaris DVD in the
install server's drive.
- Change to the sun4u platform directory on the Solaris Software - 1 CD
or the Solaris DVD.
# cd /cdrom/cdrom0/s0/Solaris_11/Tools/Boot/platform/sun4u/
- Copy the wanboot program to the install server.
# cp wanboot /document-root-directory/wanboot/wanboot-name
- document-root-directory
Specifies the document root directory of the WAN boot server.
- wanboot-name
Specifies the name of the wanboot program. Name this file descriptively, for example, wanboot.s10_sparc.
- Make the wanboot program available to the WAN boot server in one of
the following ways.
Create a symbolic link to the wanboot program in the document root directory of the WAN boot server.
# cd /document-root-directory/wanboot
# ln -s /wan-dir-path/wanboot .
- document-root-directory/wanboot
Specifies the directory in the WAN boot server's document root directory where you want to link to the wanboot program
- /wan-dir-path/wanboot
Specifies the path to the wanboot program
Move the WAN boot miniroot to the document root directory on the WAN boot server.
# mv /wan-dir-path/wanboot /document-root-directory/wanboot/wanboot-name
- wan-dir-path/wanboot
Specifies the path to the wanboot program
- /document-root-directory/wanboot/
Specifies the path to the wanboot program directory in the WAN boot server's document root directory.
- wanboot-name
Specifies the name of the wanboot program. Name the file descriptively, for example wanboot.s10_sparc.
Example 11-3 Installing the
wanboot Program on the WAN Boot Server
To install the wanboot program on the WAN boot server, copy the program
from the Solaris Software media to the WAN boot server's document root directory.
Insert the Solaris DVD or the Solaris Software - 1 CD in
the media drive that is attached to wanserver-1 and type the following commands.
wanserver-1# cd /cdrom/cdrom0/s0/Solaris_11/Tools/Boot/platform/sun4u/
wanserver-1# cp wanboot /opt/apache/htdocs/wanboot/wanboot.s10_sparc
In this example, the name of the wanboot program is set to wanboot.s10_sparc.
More Information
Continuing the WAN Boot Installation
After you install the wanboot program on the WAN boot server, you
must create the /etc/netboot hierarchy on the WAN boot server. For instructions,
see Creating the /etc/netboot Hierarchy on the WAN Boot Server.
See Also
For overview information about the wanboot program, see What Is WAN Boot?.
Creating the /etc/netboot Hierarchy on the WAN Boot Server
During the installation, WAN boot refers to the contents of the /etc/netboot
hierarchy on the web server for instructions about how to perform the installation.
This directory contains the configuration information, private key, digital certificate, and certificate authority
required for a WAN boot installation. During the installation, the wanboot-cgi program converts this
information into the WAN boot file system. The wanboot-cgi program then transmits
the WAN boot file system to the client.
You can create subdirectories within the /etc/netboot directory to customize the scope of
the WAN installation. Use the following directory structures to define how configuration information
is shared among the clients that you want to install.
Global configuration – If you want all the clients on your network to share configuration information, store the files that you want to share in the /etc/netboot directory.
Network-specific configuration – If you want only those machines on a specific subnet to share configuration information, store the configuration files that you want to share in a subdirectory of /etc/netboot. Have the subdirectory follow this naming convention.
/etc/netboot/net-ip
In this example, net-ip is the IP address of the client's subnet.
Client-specific configuration – If you want only a specific client to use the boot file system, store the boot file system files in a subdirectory of /etc/netboot. Have the subdirectory follow this naming convention.
/etc/netboot/net-ip/client-ID
In this example, net-ip is the IP address of the subnet. client-ID is either the client ID that is assigned by the DHCP server, or a user-specified client ID.
For detailed planning information about these configurations, see Storing Configuration and Security Information in the /etc/netboot Hierarchy.
The following procedure describes how to create the /etc/netboot hierarchy.
To Create the /etc/netboot Hierarchy on the WAN Boot Server
Follow these steps to create the /etc/netboot hierarchy.
- Become superuser or assume an equivalent role on the WAN boot server.
- Create the /etc/netboot directory.
# mkdir /etc/netboot
- Change the permissions of the /etc/netboot directory to 700.
# chmod 700 /etc/netboot
- Change the owner of the /etc/netboot directory to the web server owner.
# chown web-server-user:web-server-group /etc/netboot/
- web-server-user
Specifies the user owner of the web server process
- web-server-group
Specifies the group owner of the web server process
- Exit the superuser role.
# exit
- Assume the user role of the web server owner.
- Create the client subdirectory of the /etc/netboot directory.
# mkdir -p /etc/netboot/net-ip/client-ID
- -p
Instructs the mkdir command to create all the necessary parent directories for the directory you want to create.
- (Optional) net-ip
Specifies the network IP address of the client's subnet.
- (Optional) client-ID
Specifies the client ID. The client ID can be a user-defined value or the DHCP client ID. The client-ID directory must be a subdirectory of the net-ip directory.
- For each directory in the /etc/netboot hierarchy, change the permissions to 700.
# chmod 700 /etc/netboot/dir-name
- dir-name
Specifies the name of a directory in the /etc/netboot hierarchy
Example 11-4 Creating the
/etc/netboot Hierarchy on the WAN Boot Server
The following example shows how to create the /etc/netboot hierarchy for the client
010003BA152A42 on subnet 192.168.198.0. In this example, the user nobody and the group
admin own the web server process.
The commands in this example perform the following tasks.
Create the /etc/netboot directory.
Change the permissions of the /etc/netboot directory to 700.
Change the ownership of the /etc/netboot directory to the owner of the web server process.
Assume the same user role as the web server user.
Create a subdirectory of /etc/netboot that is named after the subnet (192.168.198.0).
Create a subdirectory of the subnet directory that is named after the client ID.
Change the permissions of the /etc/netboot subdirectories to 700.
# cd /
# mkdir /etc/netboot/
# chmod 700 /etc/netboot
# chown nobody:admin /etc/netboot
# exit
server# su nobody
Password:
nobody# mkdir -p /etc/netboot/192.168.198.0/010003BA152A42
nobody# chmod 700 /etc/netboot/192.168.198.0
nobody# chmod 700 /etc/netboot/192.168.198.0/010003BA152A42
More Information
Continuing the WAN Boot Installation
After you create the /etc/netboot hierarchy, you must copy the WAN Boot CGI
program to the WAN boot server. For instructions, see Copying the WAN Boot CGI Program to the WAN Boot Server.
See Also
For detailed planning information about how to design the /etc/netboot hierarchy, see
Storing Configuration and Security Information in the /etc/netboot Hierarchy.
Copying the WAN Boot CGI Program to the WAN Boot Server
The wanboot-cgi program creates the data streams that transmit the following files from
the WAN boot server to the client.
wanboot program
WAN boot file system
WAN boot miniroot
The wanboot-cgi program is installed on the system when you install the current
Solaris release software. To enable the WAN boot server to use this program,
copy this program to the cgi-bin directory of the WAN boot server.
To Copy the wanboot-cgi Program to the WAN Boot Server
- Become superuser or assume an equivalent role on the WAN boot server.
- Copy the wanboot-cgi program to the WAN boot server.
# cp /usr/lib/inet/wanboot/wanboot-cgi /WAN-server-root/cgi-bin/wanboot-cgi
- /WAN-server-root
Specifies the root directory of the web server software on the WAN boot server
- On the WAN boot server, change the permissions of the CGI program to
755.
# chmod 755 /WAN-server-root/cgi-bin/wanboot-cgi
More Information
Continuing the WAN Boot Installation
After you copy the WAN boot CGI program to the WAN boot
server, you can optionally set up a logging server. For instructions, see (Optional) To Configure the WAN Boot Logging Server.
If you do not want to set up a separate logging server,
see (Optional) Protecting Data by Using HTTPS for instructions about how to set up the security features of
a WAN boot installation.
See Also
For overview information about the wanboot-cgi program, see What Is WAN Boot?.
(Optional) To Configure the WAN Boot Logging Server
By default, all WAN boot logging messages are displayed on the client system.
This default behavior enables you to quickly debug any installation issues.
If you want to record boot and installation logging messages on a
system other than the client, you must set up a logging server. If
you want to use a logging server with HTTPS during the installation, you
must configure the WAN boot server as the logging server.
To configure the logging server, follow these steps.
- Copy the bootlog-cgi script to the logging server's CGI script directory.
# cp /usr/lib/inet/wanboot/bootlog-cgi \ log-server-root/cgi-bin
- log-server-root/cgi-bin
Specifies the cgi-bin directory in the logging server's web server directory
- Change the permissions of the bootlog-cgi script to 755.
# chmod 755 log-server-root/cgi-bin/bootlog-cgi
- Set the value of the boot_logger parameter in the wanboot.conf file.
In the wanboot.conf file, specify the URL of the bootlog-cgi script on the
logging server.
For more information about setting parameters in the wanboot.conf file, see To Create the wanboot.conf File.
During the installation, boot and installation log messages are recorded in the /tmp
directory of the logging server. The log file is named bootlog.hostname, where
hostname is the host name of the client.
Example 11-5 Configuring a Logging Server for WAN Boot Installation Over HTTPS
The following example configures the WAN boot server as a logging server.
# cp /usr/lib/inet/wanboot/bootlog-cgi /opt/apache/cgi-bin/
# chmod 755 /opt/apache/cgi-bin/bootlog-cgi
More Information
Continuing the WAN Boot Installation
After you set up the logging server, you can optionally set up
the WAN boot installation to use digital certificates and security keys. See (Optional) Protecting Data by Using HTTPS
for instructions about how to set up the security features of a WAN
boot installation.