Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages

OpenSolaris 2009.06 - man page for wanboot.conf (opensolaris section 4)

wanboot.conf(4) 			   File Formats 			  wanboot.conf(4)

NAME
       wanboot.conf - repository for WANboot configuration data

SYNOPSIS
       /etc/netboot/wanboot.conf

DESCRIPTION
       The wanboot.conf file is set up by a system administrator for one or more WANboot clients.
       The file contains information used to drive the WANboot	process.  The  CGI  program  that
       serves  up  the bootstrap (wanboot) and the boot and root filesystems use information con-
       tained in the file to determine file paths, encryption and  signing  policies,  and  other
       characteristics of the operating environment.

       A  copy	of wanboot.conf is incorporated in the boot filesystem that is transmitted to the
       client. This is used by the bootstrap (wanboot) to determine  SSL  authentication  policy,
       and other security conditions.

       You  should  use  the  bootconfchk(1M)  utility	to check the format and content of a wan-
       boot.conf file prior to deployment.

FILE FORMAT
       Entries in wanboot.conf are written one per  line;  an  entry  cannot  be  continued  onto
       another line. Blank lines are ignored, as is anything following a hash mark character (#),
       which allows you to insert comments.

       Each non-blank, non-comment line must take the form:

	 parameter=value

       where value is terminated by the end-of-line, a space, or the  hash  mark  character.  The
       value can be quoted if it contains a space or a hash mark, using single or double quotes.

       The parameters currently supported and their meanings are as follows:

       boot_file		Specifies  the	path of the bootstrap file relative to the direc-
				tory from which the web server serves files. This parameter  must
				be  given  if  the  bootstrap  file (wanboot) is to be served via
				HTTP, and must be specified with a leading slash (/).

       root_server		Specifies the location of the CGI program that will serve up  the
				information about the root filesystem that will be transmitted to
				the client. If present, the value must be a URL  in  one  of  the
				following forms:

				  http://host:port/some_path/wanboot-cgi
				  https://host:port/some_path/wanboot-cgi

				where  http  specifies	insecure download of the root filesystem;
				https specifies secure download of the root filesystem;  host  is
				the name of the system which will serve the root filesystem; port
				is the port through which the web  server  will  serve	the  root
				filesystem  image;  some-path is the directory which contains the
				wanboot-cgi CGI program which will serve  information  about  the
				root filesystem. For example:

				  http://webserver:8080/cgi-bin/wanboot-cgi

       root_file		Specifies  the	path of the root filesystem image relative to the
				directory from which the web server serves files. This	parameter
				must  be given if the root filesystem is to be served by means of
				HTTP, and must be specified with a leading /.

       signature_type		Specifies the signing algorithm to be used when signing the boot-
				strap  (that  is,  wanboot),  the  boot  filesystem, and the root
				filesystem (assuming the last is  not  being  sent  using  secure
				HTTP),	prior  to  transmission  to the client. If absent, or the
				value is empty, no signing will be  performed.	If  present,  its
				value must be: sha1.

				If  signature_type  is	set,  the client system being booted must
				also be setup with a client key for that algorithm.

       encryption_type		Specifies the encryption algorithm to be used when encrypting the
				boot  filesystem  prior to transmission to the client. If absent,
				or the value is empty, no encryption of the boot filesystem  will
				be performed. If present, its value must be one of: 3des or aes.

				If  encryption_type  is  set to one of the above algorithms, then
				the client system being booted must also be setup with	a  client
				key  for that algorithm and a non-empty encryption_type must also
				be specified.

       server_authentication	Specifies whether server authentication should be requested  dur-
				ing  SSL  connection  setup.  If  absent,  or the value is empty,
				server authentication will not	be  requested.	If  present,  its
				value must be one of: yes or no.

       client_authentication	Specifies  whether client authentication should be requested dur-
				ing SSL coonection setup. If  absent,  or  the	value  is  empty,
				client	authentication	will  not  be  requested. If present, its
				value must be one of: yes or no.

				If client_authentication is  yes,  then  encryption  and  signing
				algorithms  must also be specified, the URL scheme in root_server
				must be https, and server_authentication must also be yes.

       resolve_hosts		Used to specify any host names that might need to be resolved for
				the  client  system. Host names appearing in URLs in wanboot.conf
				and any discovered in certificates  associated	with  the  client
				will  automatically  be  resolved and do not need to be specified
				here. The value should be a comma-separated list of host names.

				A typical use of this parameter would be to name  hosts  used  by
				the  installer	that  differ  from any of those used by the boot-
				strap.

       boot_logger		Specifies the URL of a system to which logging messages  will  be
				sent.  If  absent, or the value is empty, then logging will be to
				the system console only. If present it must specify a URL in  one
				of the following forms:

				  http://host:port/some_path/bootlog-cgi
				  https://host:port/some_path/bootlog-cgi

				where  the  constituent  parts	are  as  defined for root_server,
				above.

				Logging can be insecure or secure.

       system_conf		Specifies the name of a file in the /etc/netboot  hierarchy  that
				will be incorporated in the boot filesystem named system.conf and
				which is intended for use by the system startup scripts only.

EXAMPLES
       Example 1 Sample  File

       The following is a sample wanboot.conf file:

	 ####################################################################
	 #
	 # Copyright 2003 Sun Microsystems, Inc.  All rights reserved.
	 # Use is subject to license terms.
	 #
	 #ident  "@(#)wanboot.conf	 1.12	 03/01/30 SMI"
	 #
	 ####################################################################
	 # wanboot.conf(4): boot configuration file.
	 #
	 # Please consult wanboot.conf(4) for further information.  Note that
	 # this interface is "Evolving" as defined by attributes(5).
	 #
	 # Anything after a '#' is comment.  Values may be quoted (e.g. "val").
	 #
	 # <empty> means there is no value, i.e. null.	The absence of any
	 # parameter implies that it takes a default value (<empty> unless
	 # otherwise specified).
	 #
	 # <url> is of the form http://... or https://...
	 ####################################################################

	 # The path of the bootstrap file (within htdocs) which is served up
	 # by wanboot-cgi(bootfile).
	 #
	 boot_file=/bootfiles/wanboot	 # <absolute pathname>

	 # These are used by wanboot-cgi(bootfile|bootfs|rootfs) to determine
	 # whether boot_file or the bootfs is to be sent encrypted/signed, or
	 # root_file is to be sent signed; the client must be setup with the
	 # corresponding encryption/signature key(s) (which cannot be auto-
	 # matically verified).
	 #
	 # If an encryption_type is specified then a signature_type must also
	 # be specified.
	 #
	 encryption_type=3des		 # 3des | aes | <empty>
	 signature_type=sha1		 # sha1 | <empty>

	 # This is used by wanboot-cgi(bootfs) and WANboot to determine whether
	 # server authentication should be requested during SSL connection
	 # setup.
	 #
	 server_authentication=yes	 # yes | no

	 # This is used by wanboot-cgi(bootfs) and wanboot to determine whether
	 # client authentication should be requested during SSL connection
	 # setup.  If client_authentication is "yes", then server_authentication
	 # must also be "yes".
	 #
	 client_authentication=yes	 # yes | no

	 # wanboot-cgi(bootfs) will construct a hosts file which resolves any
	 # hostnames specified in any of the URLs in the wanboot.conf file,
	 # plus those found in certificates, etc.  The following parameter
	 # may be used to add additional mappings to the hosts file.
	 #
	 resolve_hosts= 		 # <hostname>[,<hostname>*] | <empty>

	 # This is used to specify the URL of wanboot-cgi on the server on which
	 # the root_file exists, and used by wanboot to obtain the root server's
	 # URL; wanboot substitutes root_file for the pathname part of the URL.
	 # If the schema is http://... then the root_file will be signed if there
	 # is a non-empty signature_type.  If server_authentication is "yes", the
	 # schema must be https://...; otherwise it must be http://...
	 #
	 root_server=https://www.example.com:1234/cgi-bin/wanboot-cgi # <url> \
	    | <empty>

	 # This is used by wanboot-cgi(rootfs) to locate the path of the
	 # rootfs image (within htdocs) on the root_server.
	 #
	 root_file=/rootimages/miniroot  # <absolute pathname> | <empty>

	 # This is used by wanboot to determine the URL of the boot_logger
	 # (and whether logging traffic should be sent using http or https),
	 # or whether it should simply be sent to the console.
	 #
	 boot_logger=http://www.example.com:1234/cgi-bin/bootlog-cgi  # <url> \
	     | <empty>

	 # This is used by the system startup scripts.
	 #
	 system_conf=system.conf

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Evolving			   |
       +-----------------------------+-----------------------------+

SEE ALSO
       bootconfchk(1M), attributes(5)

SunOS 5.11				   15 Nov 2003				  wanboot.conf(4)


All times are GMT -4. The time now is 05:17 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
UNIX.COM Login
Username:
Password:  
Show Password