I would like to clarify what it means to use wanbootfs to deliver SC
manifests.
Presently, the wanboot-cgi webserver cobbles together an assortment of
files in a sparse tree structure that mirrors the normal Solaris
directory tree starting from the root.
From my personal notes, this is what wanboot-cgi puts into wanbootfs:
--- make directory structure in temporary directory: /etc, /etc/inet,
/dev and set protection
--- authenticate client, if requested
------ add client private key in /keystore
---------- launch wanbootutil keymgmt -x -f <keystore> -s <output path>
-o type=rsa
------ add client certificate - just copy it into wanbootfs /certstore
--- if authenticating either client or server
----- build_trustfile() adds the certificates found in the trustfile
found in path to the file bootfs_dir/truststore
--- add /dev/random
--- add /etc/wanboot.conf
--- copy system_conf file to /system_conf
--- create the /nonce file
--- create /etc/inet/hosts by extracting hostnames from CN, URLs in
bootconf, and resolve-hosts in bootconf.
--- symbolic link symbolic link etc/hosts -> etc/inet/hosts
--- create /timestamp
mkisofs is used to generate wanbootfs as an hsfs.
wanbootfs is constructed dynamically at install time. Additional files
could be added to wanbootfs, such as the AI and SC manifests
If wanboot-cgi were modified to deliver the AI and SC manifests, I would
suggest that there be a new script that outputs both the AI manifest and
any SC manifests to some specified path given all criteria information
available to wanboot-cgi, presumably the HTTP QUERY_STRING.
This assumes that any SC manifests are specified in the AI manifest, and
the SC manifests will be copied after the AI manifest is parsed.
The wanbootfs is bundled with a hash digest (used on the AI client
wanboot program to validate that the wanbootfs was not changed during
transmission) in MIME format and uploaded as an HTTP GET RESPONSE.
Presently, on the client, wanboot extracts the wanbootfs, validates it
against the hash digest while copying it into memory as a ramdisk, the
ramdisk is mounted, and the files are available.
So, the wanbootfs could be used by the webserver to store the AI and SC
manifests for upload. Once the wanbootfs is mounted on the client, the
AI and SC manifests can be copied to their final destinations.
William
On 06/23/10 06:09 PM, Dave Miner wrote:
On 06/23/10 07:10 AM, William Schumann wrote:
Sarah wrote:
ok, fair enough. I am good with using wanbootfs for this.
Under SPARC wanboot, the wanbootfs is an hsfs that is loaded onto a
ramdisk.
Under x86, could this be simply copied to /tmp and mounted hsfs?
Sure, that's what I was expecting we'd do.
_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
