Dave et al,
Attached is the current proposed installadm manpage which includes new
subcommand usage being introduced by AI projects going on right now, and
some in the future. Review and comments would be appreciated,
particularly on the usage sections.
thanks,
-ethan
System Administration Commands installadm(1M)
NAME
installadm - Manage automated installations on a network
SYNOPSIS
/usr/sbin/installadm
installadm create-service
[-a|--arch <architecture>]
[-b|--boot-args <boot property>=<value>,...]
[-i|--ip-start <dhcp_ip_start>]
[-c|--ip-count <count_of_ipaddr>]
[-d|--imagepath <imagepath>]
[-n|--service <svcname>]
[-s|--source <srcimage>]
[-y|--noprompt]
installadm set-service
-o|--option <prop>=<value>... <svcname>
installadm update-service
[-s|--source <srcimage>] <svcname>
installadm rename-service <svcname> <newsvcname>
installadm alias-service <svcname> <alias_svcname>
installadm delete-service [-r|--remove-aliases] <svcname>
installadm enable <svcname>
installadm disable [-t|--temporary] <svcname>
installadm create-client
[-b|--boot-args <property>=<value>,...]
-e|--macaddr <macaddr> -n|--service <svcname>
installadm delete-client -e <macaddr>
installadm create-manifest
-n|--service <svcname>
-f|--file <manifest/script_file>
[-d|--default]
[-m|--manifest <manifest_name>]
[-c|--criteria <criteria=value|range> ... |
-C|--criteria-file <criteria.xml>]
installadm delete-manifest -m|--manifest <manifest_name>
-n|--service <svcname>
installadm update-manifest -m|--manifest <manifest_name>
-n|--service <svcname>
-f|--file <manifest/script_file>
installadm create-profile -n|--service <svcname>
-f|--file <profile|command>...
[-p|--profile <profile_name>]
[-c|--criteria <criteria=value|range> ... |
-C|--criteria-file <criteria.xml>]
installadm delete-profile -p|--profile <profile_name>
-n|--service <svcname>
installadm update-profile -p|--profile<profile_name>
-n|--service <svcname>
-f|--file <profile|command>
installadm set-criteria -n|--service <svcname>
-m|--manifest <manifest_name> |
-p|--profile <profile_name>
-c|--criteria <criteria=value|range> ... |
-C|--criteria-file <criteria.xml> |
-a|--append-criteria <criteria=value|range> ... |
-r|--remove-criteria <criteria> ...
installadm export -n|--service <svcname>
-m|--manifest <manifest_name> |
-p|--profile <profile_name>
installadm validate -n|--service <svcname>
-P|--profile-file <profile_file> |
-p|--profile <profile_name>
installadm list-service [-n|--service <svcname>]
installadm list-client [-n|--service <svcname>]
installadm list-manifest [-n|--service <svcname>]
installadm list-profile [-n|--service <svcname>]
installadm set-server-auth
{-k|--ssl-key <ssl_key> |
-s|--ssl-cert <ssl_certificate>} |
-a|--add-ca-cert <CA_certificate> |
-d|--delete-ca-cert <CA_certificate_hash> |
-r|--revoke-ca-cert <CA_certificate_hash> |
-M|--master
installadm list-server-auth
installadm set-client-auth
{-e|--macaddr <macaddr> |
-n|--service <svcname> |
-g|--global}
{-k|--ssl-key <ssl_key> |
-s|--ssl-cert <ssl_certificate>} |
-a|--add-ca-cert <CA_certificate> |
-d|--delete-ca-cert <CA_certificate_hash> |
-r|--revoke-ca-cert <CA_certificate_hash>
[-E|--encrypt-key 3des|aes] |
[-H|--hash]
installadm list-client-auth
[-e|--macaddr <macaddr> |
-n|--service <svcname> |
-g|--global]
installadm help [<subcommand>]
DESCRIPTION
The automated installer (AI) is used to automate the
installation of the Oracle Solaris OS on one or more
SPARC and x86 systems over a network.
The machine topography necessary to employ AI over the
network is to have an install server, a DHCP server
(this can be the same system as the install server),
and the installation clients. On the install server,
installation services are set up to contain an AI
boot image, which is provided to the clients in order
for them to boot over the network, AI manifests, one
of which will be selected for the client, and SMF
configuration profiles, zero or more of which will be
selected for the client.
The AI boot image content is available in the IPS package,
pkg:/image/autoinstall, and is installed into an
installation service's image area by the create-service
command. The command is also able to use an AI ISO image
to create the service.
Installation services are created with a default AI
manifest, but customized manifests can be added to an
installation service by using the create-manifest
subcommand. The create-manifest subcommand also allows
criteria to be specified, which is used to determine
which manifest should be selected for an installation
client. Existing manifests in a service can be modified
by using the update-manifest subcommand and criteria can
be modified using the set-criteria subcommand.
Manifests can include information such as a target device,
partition information, a list of packages, and other
parameters (see ai_manifest(4)). When the client boots,
a search is initiated for a manifest that matches the
client's machine criteria. When a matching manifest is
found, the client is installed with the Oracle Solaris
release according to the specifications in the manifest
file.
System configuration profiles are complementary to manifests
in that they also contain specifications for an installation.
In particular, profiles are used to specify system
configuration information such as the initial user account
username and password, timezone, hostname, and system IP
address.
Configuration profiles are SMF profiles (see
service_bundle(4)). To add profiles to an installation
service, use the the create-profile subcommand. As with
manifests, profiles can be created with criteria specified
to determine which profile(s) will be selected for an
installation client. Existing profiles in a service can
be modified by using the update-profile subcommand and
criteria can be modified using the set-criteria subcommand.
If you want a specific client to use a specific install
service, you can associate that client to the service by
using the installadm create-client subcommand.
Since profiles can contain sensitive information such as
passwords, and since they are exposed on the network when
they are delivered to the client, a high level of security
checking on profiles has been added. SSL/TLS is the
security model, built upon the WANboot infrastructure
generalized to support all architectures. Server and client
authentication of profiles is supported. Keys and
certificates can be specified by the user. Profiles are
accessed through the HTTPS protocol which provides
encryption and guarantees data integrity as long as the
client certificates and keys are distributed securely.
Security is managed using the following installadm
subcommands:
set-server-auth - configure server authentication
list-server-auth - list stored server authentication data
set-client-auth - configure client authentication
list-client-auth - list stored client authentication data
The installadm utility can be used to accomplish the
following tasks:
- Set up installation services
- Set up installation images
- Set up or delete clients
- Set up server and client authentication
- Create or delete manifests
- Create or delete system configuration profiles
- Validate a profile
- Add, modify, or remove criteria for a manifest or profile
- Export a manifest or profile
- Enable or disable installation services
- Update installation services, manifests, and profiles
- List installation services
- List clients for an installation service
- List manifests for an installation service
- List profiles for an installation service
- List server and client authentication information
SUBCOMMANDS AND OPTIONS
The installadm command has the subcommands and options
listed below. Also, see EXAMPLES below.
installadm
Displays command usage.
installadm create-service
[-a|--arch <architecture>]
[-b|--boot-args <boot property>=<value>,...]
[-i|--ip-start <dhcp_ip_start>]
[-c|--ip-count <count_of_ipaddr>]
[-d|--imagepath <imagepath>]
[-n|--name <svcname>]
[-s|--source <srcimage>]
[-y|--noprompt]
This command sets up a network boot image (net image)
in the specified imagepath directory, and creates an
installation service that specifies how a client booted
from the net image is installed.
The AI boot image content is published as the
package, image/autoinstall. If the -s option is not
specified, that package is installed from the first
publisher in the system's publisher preference list
that provides an instance of that package. The -s
option accepts the pkg specification as a FULL FMRI,
URI to p5i file, or location of an image ISO file.
The resulting net image is eventually located in
<imagepath>. The net image enables client
installations.
Note the following specifications:
- The first installation service of a given
architecture that is created on an install
server is the service that will be used for all
client installations of that architecture that use
the install server. If you want a client to use a
different installation service from this install
server, you must use the installadm create-client
command to create a client-specific configuration.
- If an existing installation service name is provided,
the command will fail.
- If the -i option and the -c option are used,
and a DHCP server is not yet configured, a DHCP
server is configured.
- If an already-configured DHCP server exists,
that DHCP server is updated.
-a|--arch <architecture>
Selects a specific variant architecture; valid
values are i386 or sparc. If not specified, the
architecture corresponding to the server's
architecture is selected.
-b|--boot-args <boot property>=<value>,...
For x86 clients only, sets a property value in
the service-specific menu.lst file in the service
image. Use this option to set boot properties
that are specific to this service. This option
can accept multiple property=value pairs.
-i|--ip-start <dhcp_ip_start>
Sets up a new DHCP server. The IP addresses,
starting from dhcp_ip_start, are set up. The number
of IP addresses is provided by the -c option.
-c|--ip-count <dhcp_ip_cont>
Sets up a total number of IP addresses in the
DHCP table equal to the value of the
dhcp_ip_count. The first IP address is the
value of dhcp_ip_start that is provided by the
-i option.
-d|--imagepath <imagepath>
Specifies path at which to create the net image.
If not specified, the default location,
/export/auto_install/<svcname>, will be used; a
confirmation prompt is displayed unless -y is also
specified.
-n|--name <svcname>
Uses this installation service name instead of a
system-generated service name.
If -n option is not specified, a service name is
generated automatically. The image/autoinstall
package published includes a metadata tag defining
a default name that is used by installadm to
generate a name for the service. Generated names are
appended with the architecture of the service in
order to allow all architectures to be automatically
named and served from a single server.
-s|--source <srcimage>
Specifies data source for net image. This can be
any of:
- FMRI of a pkg(5) package
- URI for a .p5i package info file
- path to an AI ISO image
If -s is not specified, the image/autoinstall
package from the first publisher in the system's
publisher preference list providing an instance of
that package is used.
-y|--noprompt
Suppresses any confirmation prompts and proceeeds
with service creation using the supplied options and
any default values (see "-d").
installadm set-service -o <prop>=<value>... <svcname>
Sets a property of a service to a specified value.
-o|--option <prop>=<value>...
Specifies the property and value to set.
prop=value can be:
global-menu=true|false
default-manifest=<manifest/script name>
- global-menu=true|false
As there are limitations on the size of the
menu that pxegrub can load, an service property
(global_menu) is created for each service, with
its value set to "true". If a service should
be excluded from the any-i386 menu, this
property can be set to "false".
- default-manifest=<manifest/script name>
The default manifest of a service may not have
criteria actively associated with it while it is
the default. If one uses installadm set-service
to make a manifest the default, then its
associated criteria become "inactive", and are
not considered during manifest selection.
Inactive criteria are clearly indicated by the
installadm list-manifest command. If a different
manifest is later made the default, the criteria
of the formerly default manifest becomes active
again.
<svcname>
Specifies the name of the installation service
whose property is being set.
installadm update-service [-s|--source <srcimage>] <svcname>
Updates a service by replacing the image currently
associated with the service. This operation can only
be carried out on services that were originally created
from a package instance, not an ISO image. (See the -s
option of create-service subcommand.
-s|--source <srcimage>
Specifies full FMRI to package instance or a URI to
a pgi file.
<svcname>
Specifies the name of the installation service to
update.
installadm rename-service <svcname> <newsvcname>
Renames the service to <new_svcname>. If the DHCP
configuration is being managed locally on the server,
the macro for the service is renamed. Any clients
assigned, or services aliased, to the existing service
name will be updated to reference the new service name.
<svcname>
Specifies the name of the installation service to
rename.
<newsvcname>
Specifies the new name of the installation service.
installadm alias-service <svcname> <alias_svcname>
Provides an alternate name for a service. Typically,
this is used to provide stable service name assignments
for clients as services are updated from version to
version. If the DHCP configuration is being managed
locally on the server, a macro for the alias service is
created.
<svcname>
Specifies the name of the installation service to
alias.
<alias_svcname>
Specifies the alias name of the installation service.
installadm delete-service [-r|--remove-aliases] <svcname>
Deletes an installation service. Accomplishes the
following:
- Removes the installation service from the DHCP
configuration.
- Deletes the manifest, profiles, client configuration
files, and web server configuration for this
installation service.
- Deletes the pkg image used to instantiate the
service.
-r|--remove-aliases <svcname>
If specified, any clients assigned to this service,
and any services aliased to this service, are also
removed.
<svcname>
Specifies the installation service name to delete.
installadm enable <svcname>
Enables a specified installation service. Also, enables
the web server configuration for the service.
<svcname>
Specifies the name of the installation service to be
enabled.
installadm disable [-t|--temporary] <svcname>
Disables a specified installation service. Also,
disables the web server configuration with the service.
-t|--temporary
If specified, the service is temporarily disabled,
which only lasts until reboot.
<svcname>
Specifies the name of the installation service to be
disabled.
installadm create-client [-b <property>=<value>,...]
-e <macaddr> -n <svcname>
Accomplishes optional setup tasks for a specified
client, in order to provide custom client settings that
vary from the defaults resulting from the installadm
create-service command. Enables the user to specify a
non-default service name and image path for a client:
- Specifies installation service for that client.
- Appropriately links client-specific configuration
files (wanboot.conf for SPARC, menu.lst for i386)
to the files for the specified service.
The DHCP configuration is not updated. If desired,
the administrator can use appropriate client macros
on the DHCP server to assign clients to services.
-b <property>=<value>,...
For x86 clients only, sets a property value in the
client-specific menu.lst file in the service
image. Use this option to set boot properties that
are specific to this client. This option can
accept multiple property=value pairs.
-e <macaddr>
Specifies a MAC address for the client.
-n <svcname>
Specifies the installation service for client
installation.
installadm delete-client -e <macaddr>
Deletes an existing client's specific service
information that was previously set up using the
installadm create-client command.
-e <macaddr>
Specifies a MAC address for the client.
installadm create-manifest -n <svcname>
-f <manifest/script_file> [-d] [-m <manifest_name>]
[-c <criteria=value|range> ... | -C <criteria.xml>]
Associates manifests with a specific installation
service, thus making the manifests available on the
network, independently from creating a service. When
publishing a non-default manifest, it is required to
associate criteria either via criteria entered on the
command line (-c) or via a criteria XML file (-C).
A manifest can be created without criteria. Such a
manifest will be inactive until criteria are added with
installadm set-criteria or until the manifest is made
the default manifest. In other words, any manifest
without criteria that is not the default is inactive.
-c <criteria=value|range> ...
Specifies criteria to be associated with the the
added non-default manifest. When publishing a
default manifest, criteria must not be specified.
When publishing a non-default manifest, criteria
must be specified.
Valid criteria are:
ARCH (uname(1) -m)
CPU (uname(1) -p)
IPV4 (IP address or range of addresses)
MAC (MAC address or range of addresses)
MEM (Memory size in megabytes or range of
memory size)
PLATFORM (uname(1) -i)
-C <criteria.xml>
Specifies the path name of a criteria XML file
containing criteria to be associated with the
added non-default manifest. When publishing a
default manifest, criteria must not be specified.
When publishing a non-default manifest, criteria
must be specified.
-d
Specifes that this manifest is the
new default manifest for the service. Any criteria
associated with the manifest are immediately
inactive.
-f <manifest_file>
Specifies the path name of the manifest to add.
-m <manifest_name>
Specifies the name of the manifest being created.
If not provided, the name attribute of the
<ai_instance> element in the manifest is used. If
that attribute is not present, then the manifest
filename is used.
-n <svcname>
Specifies the name of the installation service with
which this manifest is to be associated.
installadm delete-manifest -n <svcname> -m <manifest_name>
Deletes a manifest that was published with a specific
installation service.
-m <manifest_name>
Specifies the name of a manifest as output by
installadm list-manifest.
-n <svcname>
Specifies the name of the installation service this
manifest is associated with.
installadm update-manifest -n <svcname> -m <manifest_name>
-f <manifest/script_file>
Updates the manifest named <manifest_name> in
service <svcname>.
-f <manifest_file>
Specifies the path name of the file with which
to update the manifest.
-m <manifest_name>
Specifies the name of the manifest to update.
-n <svcname>
Specifies the name of the installation service of
the manifest being updated.
installadm create-profile -n <svcname>
-f <profile|command>... [-p <profile_name>]
[-c <criteria=value|range> ... | -C <criteria.xml>]
Associates profiles with a specific installation
service. Criteria can optionally be associated with a
profile by either entering them on the command line (-c)
or via a criteria XML file (-C). Profiles created
without criteria are associated with all clients of the
service.
If multiple "-f"s are used to create more than one
profile with the same criteria, then the "-p"
option is invalid and the names of the profiles
are derived from their filenames.
-c <criteria=value|range> ...
Specifies criteria to be associated with the
profile.
-C <criteria.xml>
Specifies the path name of a criteria XML file
containing criteria to be associated with the
added non-default manifest. When publishing a
default manifest, criteria must not be specified.
When publishing a non-default manifest, criteria
must be specified.
-f <profile|command>
Specifies the path name of the file with which to
update the profile. Multiple profiles may be
specified.
-n <svcname>
Specifies the name of the installation service of
the profile being updated.
-p <profile_name>
Specifies the name of the profile being created.
If not provided, the name of the profile filename
is used as the name of the profile. This optin
is valid only for single profile creation.
installadm delete-profile -n <svcname> -p <profile_name>
Deletes a profile that is associated with a specific
installation service.
-n <svcname>
Specifies the name of the installation service of
the profile being deleted.
-p <profile_name>
Specifies the name of the profile to delete.
installadm update-profile -n <svcname> -p <profile_name>
-f <profile|command>
Updates the profile named <profile_name> in
service <svcname>.
-f <profile|command>
Specifies the path name of the file with which
to update the profile.
-n <svcname>
Specifies the name of the installation service of
the profile being updated.
-p <profile_name>
Specifies the name of the profile to update.
installadm set-criteria -n <svcname>
{-m <manifest_name> | -p <profile_name>}
{-a|-c <criteria=value|range> ... } |
{ -r <criteria> ... } |
{ -C <criteria.xml> }
Updates criteria of an already published manifest or
profile. Criteria can be specified via the command
line or or via a criteria XML file. Criteria must be
specified with one of the mutually exclusive options,
-a, -c, -r, or -C.
Valid criteria are described under create-manifest
subcommand.
-a <criteria=value|range>
Specifies criteria to be appended to the existing
criteria for the manifest or profile. If the
criteria specified already exists, the value/range
of that criteria is replaced by the specified
value/range.
-c <criteria=value|range>
Specifies criteria to replace all existing
criteria for the manifest or profile.
-C <criteria.xml>
Specifies the path name of a criteria XML file
containing criteria to replace all existing
criteria for this manifest or profile.
-m <manifest_name>
Specifies the name of a manifest.
-n <svcname>
Specifies the name of the installation service
this manifest or profile is associated with.
-p <profile_name>
Specifies the name of a profile.
-r <criteria>
Specifies criterion to remove from the manifest.
installadm export -n <svcname>
-m <manifest_name> | -p <profile_name>
Exports specified manifest or profile to stdout.
-m <manifest_name>
Specifies the name of a manifest to export.
-n <svcname>
Specifies the service with which this manifest
or profile is associated.
-p <profile_name>
Specifies the name of the profile to export.
installadm validate -n <svcname>
-P <profile_file> | -p <profile_name>
Validates specified profile.
-n <svcname>
Specifies the service with which this profile is
associated.
-P <profile_file>
Specifies the profile file to validate.
-p <profile_name>
Specifies the name of the profile to validate.
installadm list-service [-n <svcname>]
Lists all installation services on a server.
-n <svcname>
Lists information about the specific installation
service on a local server.
installadm list-client [-n <svcname>]
Lists all clients of the installation services on a
local server.
-n <svcname>
Lists the client information associated with the
specified installation service.
installadm list-manifest [-n <svcname>]
Lists the manifests associated with the installation
services on a local server. Manifests will be listed in
the following order:
- manifests with active criteria
- default manifest
- inactive manifests
-n <svcname>
Lists the manifest information associated with the
specified installation service.
installadm list-profile [-n <svcname>]
Lists the profiles associated with the installation
services on a local server.
-n <svcname>
Lists the profile information associated with the
specified installation service.
installadm set-server-auth
{-k|--ssl-key <ssl_key> |
-s|--ssl-cert <ssl_certificate>} |
-a|--add-ca-cert <CA_certificate> |
-d|--delete-ca-cert <CA_certificate_hash> |
-r|--revoke-ca-cert <CA_certificate_hash> |
-M|--master
Provide certificate and key to support AI server
authentication.
-a|--add-ca-cert <CA_certificate>
Add a new Certificate Authority (CA) certificate
from a file.
-d|delete-ca-cert <CA_certificate_hash>
Delete the specified Certificate Authority (CA)
certificate specified by its hash value from
'installadm list-server-auth'.
-k|--ssl-key <ssl_key>
Store the SSL encryption key read from the
specified file.
-M|--master
Generate and store a "master" HMAC SHA-1 key for
WAN boot, used to derive per-client HMAC SHA-1
hashing keys in a manner described in RFC 3118,
Appendix A. Used for SPARC client
authentication only.
-r|--revoke-ca-cert <CA_certificate_hash>
Revoke Certificate Authority (CA) certificate
specified by its hash value from
'installadm list-server-auth'.
-s|--ssl-cert <ssl_certificate>
Store an SSL certificate read from the specified
file.
installadm list-server-auth
List server authentication information, including its
encryption key, certificate, Certificate Authority
certificates and their hash values (used in managing
the CA certificates after they have been registered),
and the WAN boot master key (SPARC client
authentication only).
installadm set-client-auth
{-e|--macaddr <macaddr> |
-n|--service <svcname> |
-g|--global}
{-k|--ssl-key <ssl_key> |
-s|--ssl-cert <ssl_certificate>} |
-a|--add-ca-cert <CA_certificate> |
-d|--delete-ca-cert <CA_certificate_hash> |
-r|--revoke-ca-cert <CA_certificate_hash>
[-E|--encrypt-key 3des|aes] |
[-H|--hash]
Configure client authentication. Associate keys and
certificates with either:
- a specific AI client,
- all clients (not having their own authentication)
associated with a specific AI service, or
- all clients (having neither their own authentication
nor service authentication)
-a|--add-ca-cert <CA_certificate>
Add a Certificate Authority (CA) certificate.
-d|--delete-ca-cert <CA_certificate_hash>
Delete Certificate Authority (CA) certificate by
hash value obtained from
'installadm list-client-auth'.
-e|--macaddr <macaddr>
Set authentication for client with specified
macaddr.
-E|--encrypt-key 3des|aes
Generate and store 3DES/AES encryption key for WAN
boot. Used for SPARC client authentication only.
-g|--global
Global, applies to all clients with no
authentication by MAC address or AI service.
-H|--hash
Derive and store, from the master key, a HMAC SHA-1
hashing key for WAN boot, in a manner described in
RFC 3118, Appendix A. Used for SPARC client
authentication only.
-k|--ssl-key <ssl_key>
Store an SSL key read from the specified file.
-n|--service <svcname>
Set authentication for all clients (without client-
specific authentication) of specified service.
-r|--revoke-ca-cert <CA_certificate_hash>
Revoke Certificate Authority (CA) certificate
specified by its hash value from
'installadm list-client-auth'.
-s|--ssl-cert <ssl_certificate>
Store an SSL certificate read from the specified
file.
installadm list-client-auth
[-e|--macaddr <macaddr> |
-n|--service <svcname> |
-g|--global]
Lists client authentication information.
-e|--macaddr <macaddr>
List client authentication for a particular client.
-g|--global
Global, list authentication used for all clients
without authentication for a specific client or
service.
-n|--service <svcname>
List client authentication for clients using a
particular service and not having their own
authentication.
installadm help [<subcommand>]
Displays the syntax for the installadm utility.
<subcommand>
If subcommand is provided, the command
provides the syntax for that subcommand.
CRITERIA FILES
A criteria XML file allows you to specify criteria for a
manifest or profile by passing the file to the create-
manifest, create-profile, or set-criteria commands. Criteria
can be specified as a value or a range, by using the
following tags.
For a criterion with a specific value:
<ai_criteria_manifest>
<ai_criteria name=XXXX>
<value>yyyy</value>
</ai_criteria>
</ai_criteria_manifest>
where XXXX is the name of the criterion (e.g. MAC, IPV4,
MEM, or ARCH) and yyyy is the value of the criterion.
For a criterion with a range:
<ai_criteria_manifest>
<ai_criteria name=XXXX>
<range>
yyyy1
yyyy2
</range>
</ai_criteria>
</ai_criteria_manifest>
where XXXX is the name of the criterion (e.g. MAC, IPV4,
or MEM) and yyyy1 and yyyy2 are the lower and uppper
bounds of the range.
Multiple criteria may be specified in the file between
the <ai_criteria_manifest> and </ai_criteria_manifest>
tags.
EXAMPLES
Example 1: Set up an install server and an install
service for the first time. The command includes a
starting IP address and total count of IP addresses,
in order to configure the DHCP server.
# installadm create-service -n os-dev-131-i386 -a i386
-i 172.0.0.10 -c 10 -d /export/ai/os-dev-131-i386
This command would result in the following operations
(order may vary somewhat):
1. Create /export/ai/os-dev-131-i386 as a pkg(5) user image
2. Install the image/autoinstall package into
/export/ai/os-dev-131-i386
3. Generate the Apache configuration at
/var/installadm/ai-webserver/ai-httpd.conf, with document
root at /etc/netboot.
4. Generate the pxegrub menu at
/export/ai/os-dev-131-i386/menu.lst, with contents:
.sp
.in +1
.nf
default=0
timeout=30
min_mem64=1536
title os-dev-131-i386
kernel$ /os-dev-131-i386/platform/i86pc/kernel/$ISADIR/unix -B
install_media=http://172.0.0.1:5555/os-dev-131-i386,install_service=os-dev-131-i386,install_svc_address=172.0.0.1:46501,livemode=text
module /os-dev-131-i386/platform/i86pc/$ISADIR/boot_archive
.fi
.in -1
.sp
5. Create the SMF application property group AI_1 on the
install/server:default instance with properties:
service_name os-dev-131-i386
image_path /export/ai/os-dev-131-i386
txt_record aiwebserver=<hostname>:46501
status on
global_menu true
6. Create the SMF application property group AI_2 on the
install/server:default instance with properties:
service_name default-i386
service_alias os-dev-131-i386
status on
global_menu true
7. Create the SMF application property group AI_3 on the
install/server:default instance with properties:
service_name any-i386
boot_file pxegrub.any-i386
boot_menu menu.lst.any-i386
8. Enable the install/server service, which performs any
required mounts, including mounting via lofs of
/export/ai/os-dev-131-i386 as
/etc/netboot/os-dev-131-i386 and
/etc/netboot/default-i386. This also generates the
menu.lst.any-i386 and copies the
default-i386/boot/grub/pxegrub to pxegrub.any-i386. Since
this is the first service, the generated GRUB menu will
be identical to the os-dev-131-i386 GRUB menu. It also
starts the webserver instance to serve images and the
criteria server.
9. Create a DHCP service (if necessary) and provision IP
addresses 172.0.0.10 - 172.0.0.19.
10. Create the DHCP macro AI_os-dev-131-i386:
.sp
.in +1
.nf
AI_os-dev-131-i386
:BootSrvA=172.0.0.1:BootFile="os-dev-131-i386/boot/grub/pxegrub":
.fi
.in -1
.sp
11. Create the DHCP macro AI_default-i386:
.sp
.in +1
.nf
AI_default-i386
:BootSrvA=172.0.0.1:BootFile="default-i386/boot/grub/pxegrub":
.fi
.in -1
.sp
12. Create the DHCP macro for the any-i386 service:
.sp
.in +1
.nf
AI_any-i386
:BootSrvA=172.0.0.1:BootFile="pxegrub.any-i386":
.fi
.in -1
.sp
13. Create the PXE client class macro pointing at the
default-i386 service:
.sp
.in +1
.nf
PXEClient:Arch:00000:UNDI:002001 :Include=AI_default-i386:
.fi
.in -1
.sp
At this point, the service is operational and a client
booted via PXE will boot and install from the default-i386
service. If the any-i386 service is made the default used
by the environment, dhtadm or DHCP Manager can be used to
change the Include reference on the PXE macro to the
AI_any-i386 service.
Example 2: Use the following sample command to set
up a client that references a specific installation service
and a specific net image location.
The installation service and net image should already exist.
# installadm create-client -e 0:e0:81:5d:bf:e0
-n os-dev-131-i386
In this example, the command creates a client-specific
setup for the system with MAC address of 0:e0:81:5d:bf:e0.
This client will use the installation service previously
set up in Example 1, named os-dev-131-i386.
Using the -b option, the command sets the console
value, <console=ttya>, in the client-specific
menu.lst file in the service image.
Example 3: Use the following sample command to add
a new service named os-dev-131-sparc, retaining existing
services, and leaving the existing default unchanged:
# installadm create-service -n os-dev-131-sparc -a sparc
/export/ai/os-dev-131-sparc
Example 4: Use the following sample commands to add a
a new service named os-dev-131-sparc, retaining existing
services, and making the new service the default:
# installadm create-service -n os-dev-131-sparc -a sparc
/export/ai/os-dev-131-sparc
# installadm alias-service os-dev-131-sparc default-sparc
Example 5: Use the following sample command to replace the
image associated with an existing service, os-dev-sparc,
leaving the default for the environment unchanged:
# installadm update-service os-dev-sparc
Example 6: Use the following sample command to replace
the default manifest for an existing installation service,
service_092910, with a custom manifest, my_manifest.xml.
The manifest contains a name attribute, name="default",
which designates it as the default manifest, i.e.:
<ai_instance name="default">
# installadm create-manifest -f my_manifest.xml
-n service_092910
Example 7: Use the following sample command to create a
rolling default service with automatic naming. The service
is initially configured with:
# installadm create-service -a i386 -y
This creates an x86 service based on the default name under
the base directory, /export/auto_install, with the
default-i386 service aliased to it. An alternate base
directory can be specified as an additional argument on the
command line. Example 1 describes the processing that
occurs.
The service can be automatically updated by:
# installadm update-service default-i386
This operation checks whether an update is available for the
default-i386 service. If an update is available, the fact
that it is an aliased service causes update-service to
internally convert to a create-service using the default
name provided for the update, then re-alias the default-i386
service to the new service after the create-service has
successfully completed. This command can be placed in a
cron(1M) job to run at convenient times.
Example 8: Use the following sample command to create two
system configuration profiles, myprofile.xml and
myprofile2.xml, associated with service sparc2:
# installadm create-profile -f /tmp/myprofile.xml
-f /tmp/myprofile2.xml -n sparc2
Example 9: Use the following sample command to list the
installation services on a local server:
# installadm list-service
In this example, the terminal displays the following output:
.sp
.in +9
.nf
Service Name Status Arch Port Image Path
------------ ------ ---- ---- ----------
svc0811 off x86 45602 /export/server/osol-0811-ai-x86
svc1006 on x86 45601 /export/server/osol-1006-ai-x86
svc-bld-127 on x86 45603 /export/server/osol-b127-ai-x86
.fi
.in -9
.sp
Example 10: Use the following sample command to list the
clients for a specific installation service of a local
server:
# installadm list-client -n svc-2010-06
In this example, the terminal displays the following output:
.sp
.in +9
.nf
Service Name Client Address Arch Image Path
------------ -------------- ---- ----------
svc-2010-06 01:C2:52:E6:4B:E1 x86 /export/server/sol-1006-ai-x86
.fi
.in -9
.sp
Example 11: Use the following sample command to list the
maniifests associated with a specific installation service
on a local server:
# installadm list-manifest -n svc-2010-06
In this example, the terminal displays the following output:
.sp
.in +9
.nf
Manifest Criteria
-------- --------
devpublisher.xml arch = i86pc
ipv4 = 010.000.002.015
mac = 01:C4:51:E6:4B:E6 - 01:C4:51:E6:4B:E9
mem = 2048 MB
.fi
.in -9
.sp
Example 12: Use the following sample command to list the
profiles on a local server:
# installadm list-profile
In this example, the terminal displays the following output:
.sp
.in +9
.nf
Service Name Profile
------------ -------
sparc2 myprofile.xml
myprofile2.xml
svc0817 profile3
svc0819 profile4.xml
newprofile
foo.xml
.fi
.in -9
.sp
Example 13: Use the following sample command to add the
manifest in /export/my_manifest to svc1 with a criterion of
MAC address equaling "aa:bb:cc:dd:ee:ff":
# installadm create-manifest -f /export/my_manifest
-n svc1 -c MAC="aa:bb:cc:dd:ee:ff"
In this example, the manifest does not contain a name
attribute, so the manifest name is taken from the file name:
# installadm list-manifest -n svc1
.sp
.in +9
.nf
Manifest Criteria
-------- --------
my_manifest mac = AA:BB:CC:DD:EE:FF
.fi
.in -9
.sp
Example 14: Use the following sample command to add the
manifest in /export/my_manifest to svc1 with the criterion
of IPv4 range between 10.0.2.100 to 10.0.2.199:
# installadm create-manifest -f /export/my_manifest
-n svc1 -m chosen_name -c IPV4=10.0.2.100-10.0.2.199
In this example, the manifest name is taken from the -m
option.
# installadm list-manifest -n svc1
.sp
.in +9
.nf
Manifest Criteria
-------- --------
chosen_name ipv4 = 10.0.2.100 - 10.0.2.199
.fi
.in -9
.sp
Example 15: Use the following sample command to add the
manifest in /export/manifest3 to svc1 with criteria of
2048MB memory or greater and an architecture of i86pc:
# installadm create-manifest -f /export/manifest3
-n svc1 -c MEM="2048-unbounded" -c ARCH=i86pc
In this example, the manifest name is taken from the name
attribute of the manifest, name="my_name", i.e.:
<ai_instance name="my_name">
# installadm list-manifest -n svc1
.sp
.in +9
.nf
Manifest Criteria
-------- --------
my_name arch = i86pc
mem = 2048 MB - unbounded
.fi
.in -9
.sp
Example 16: Use the following sample command to append to
the criteria of manifest2 of svc1, a criterion of 4096MB
memory or greater:
# installadm set-criteria -m manifest2 -n svc1
-a MEM="4096-unbounded"
Example 17: Use the following sample command to replace the
criteria of manifest2 of svc1 with the criteria specified by
the file, /tmp/criteria.xml:
# installadm set-criteria -m manifest2 -n svc1
-C /tmp/criteria.xml
See the CRITERIA FILES section for more information on the
contents of the criteria xml file.
Example 18: Use the following sample command to validate
the profile, myprofile.xml, in service, svc1:
# installadm validate -p myprofile.xml -n svc1
Example 19: Use the following sample command to export
the profile myprofile.xml in service, svc1:
# installadm export -p myprofile.xml -n svc1
Example 20: Use the following commands to assign a
certificate and key for server authentication and to
supply a certificate for the CA that issued the
certificate:
.sp
.in +9
.nf
# installadm set-server-auth --ssl-key keyfile.txt --ssl-cert cert.txt
# installadm set-server-auth --add-ca-cert ca.crt
.fi
.in -9
.sp
Example 21: Use the following commands to assign a
certificate and key for authenticating a client by MAC
address, supply the certificate against which incoming
client connection requests will be authenticated, and
display the results:
.sp
.in +9
.nf
# installadm set-client-auth --ssl-key keyfile.txt --ssl-cert cert.txt
--macaddr 1:2:3:4:5:6
# installadm set-client-auth --add-ca-cert ca.crt --macaddr 1:2:3:4:5:6
# installadm list-client-auth --macaddr 1:2:3:4:5:6
.fi
.in -9
.sp
Example 22: Use the following command to generate a master
key for the server so that client keys can be later
generated for SPARC WANboot installations:
# installadm set-server-auth -M
Example 23: Use the following commands to generate a hash
and encryption key (type 3des) for a SPARC client to
authenticate that client, and then display the generated
keys for distribution to the client before installation:
.sp
.in +9
.nf
# installadm set-client-auth --encrypt-key 3des --macaddr 1:2:3:4:5:6
# installadm set-client-auth --hash --macaddr 1:2:3:4:5:6
# installadm list-client-auth --macaddr 1:2:3:4:5:6
.fi
.in -9
.sp
Example 24: Use the following commands to insert the hash
and 3des encryption key generated and displayed in the
previous example into the SPARC client OBP before starting
the automated installation:
.sp
.in +9
.nf
ok set-security-key wanboot-hmac-sha1 b482aaab82cb8d5631e16d51478c90079cc1d46
ok set-security-key wanboot-3des
9ebc7a57f240e97c9b9401e9d3ae9b292943d3c143d07f04
.fi
.in -9
.sp
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | install/installadm |
|_____________________________|_____________________________|
| Interface Stability | None / Under Development |
|_____________________________|_____________________________|
SEE ALSO
pntadm(1M), dhcpmgr(1M), pkg(5), attributes(5)
Oracle Solaris Automated Installer Guide on
http://docs.sun.com/
Getting Started with Oracle Solaris on
http://docs.sun.com/
Last Changed March 28, 2011
_______________________________________________
caiman-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/caiman-discuss
