wanboot.conf(4)
NAME
wanboot.conf - repository for WANboot configuration data
SYNOPSIS
/etc/netboot/wanboot.conf
DESCRIPTION
The wanboot.conf file is set up by a system administrator
for one or more WANboot clients. The file contains informa-
tion used to drive the WANboot process. The CGI program that
serves up the bootstrap (wanboot) and the boot and root
filesystems use information contained in the file to deter-
mine file paths, encryption and signing policies, and other
characteristics of the operating environment.
A copy of wanboot.conf is incorporated in the boot filesys-
tem that is transmitted to the client. This is used by the
bootstrap (wanboot) to determine SSL authentication policy,
and other security conditions.
You should use the bootconfchk(1M) utility to check the for-
mat and content of a wanboot.conf file prior to deployment.
FILE FORMAT
Entries in wanboot.conf are written one per line; an entry
cannot be continued onto another line. Blank lines are
ignored, as is anything following a hash mark character (#),
which allows you to insert comments.
Each non-blank, non-comment line must take the form:
parameter=value
where value is terminated by the end-of-line, a space, or
the hash mark character. The value can be quoted if it con-
tains a space or a hash mark, using single or double quotes.
The parameters currently supported and their meanings are as
follows:
boot_file
Specifies the path of the bootstrap file relative to
the directory from which the web server serves files.
This parameter must be given if the bootstrap file
(wanboot) is to be served via HTTP, and must be speci-
fied with a leading slash (/).
root_server
Specifies the location of the CGI program that will
serve up the information about the root filesystem
that will be transmitted to the client. If present,
the value must be a URL in one of the following forms:
http://host:port/some_path/wanboot-cgi
https://host:port/some_path/wanboot-cgi
where http specifies insecure download of the root
filesystem; https specifies secure download of the
root filesystem; host is the name of the system which
will serve the root filesystem; port is the port
through which the web server will serve the root
filesystem image; some-path is the directory which
contains the wanboot-cgi CGI program which will serve
information about the root filesystem. For example:
http://webserver:8080/cgi-bin/wanboot-cgi
root_file
Specifies the path of the root filesystem image rela-
tive to the directory from which the web server serves
files. This parameter must be given if the root
filesystem is to be served by means of HTTP, and must
be specified with a leading /.
signature_type
Specifies the signing algorithm to be used when sign-
ing the bootstrap (that is, wanboot), the boot
filesystem, and the root filesystem (assuming the last
is not being sent using secure HTTP), prior to
transmission to the client. If absent, or the value
is empty, no signing will be performed. If present,
its value must be: sha1.
If signature_type is set, the client system being
booted must also be setup with a client key for that
algorithm.
encryption_type
Specifies the encryption algorithm to be used when
encrypting the boot filesystem prior to transmission
to the client. If absent, or the value is empty, no
encryption of the boot filesystem will be performed.
If present, its value must be one of: 3des or aes.
If encryption_type is set to one of the above algo-
rithms, then the client system being booted must also
be setup with a client key for that algorithm and a
non-empty encryption_type must also be specified.
server_authentication
Specifies whether server authentication should be
requested during SSL connection setup. If absent, or
the value is empty, server authentication will not be
requested. If present, its value must be one of: yes
or no.
client_authentication
Specifies whether client authentication should be
requested during SSL coonection setup. If absent, or
the value is empty, client authentication will not be
requested. If present, its value must be one of: yes
or no.
If client_authentication is yes, then encryption and
signing algorithms must also be specified, the URL
scheme in root_server must be https, and
server_authentication must also be yes.
resolve_hosts
Used to specify any host names that might need to be
resolved for the client system. Host names appearing
in URLs in wanboot.conf and any discovered in certifi-
cates associated with the client will automatically be
resolved and do not need to be specified here. The
value should be a comma-separated list of host names.
A typical use of this parameter would be to name hosts
used by the installer that differ from any of those
used by the bootstrap.
boot_logger
Specifies the URL of a system to which logging mes-
sages will be sent. If absent, or the value is empty,
then logging will be to the system console only. If
present it must specify a URL in one of the following
forms:
http://host:port/some_path/bootlog-cgi
https://host:port/some_path/bootlog-cgi
where the constituent parts are as defined for
root_server, above.
Logging can be insecure or secure.
system_conf
Specifies the name of a file in the /etc/netboot
hierarchy that will be incorporated in the boot
filesystem named system.conf and which is intended for
use by the system startup scripts only.
EXAMPLES
Example 1: Sample File
The following is a sample wanboot.conf file:
####################################################################
#
# Copyright 2003 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#ident "@(#)wanboot.conf 1.12 03/01/30 SMI"
#
####################################################################
# wanboot.conf(4): boot configuration file.
#
# Please consult wanboot.conf(4) for further information. Note that
# this interface is "Evolving" as defined by attributes(5).
#
# Anything after a '#' is comment. Values may be quoted (e.g. "val").
#
# <empty> means there is no value, i.e. null. The absence of any
# parameter implies that it takes a default value (<empty> unless
# otherwise specified).
#
# <url> is of the form http://... or https://...
####################################################################
# The path of the bootstrap file (within htdocs) which is served up
# by wanboot-cgi(bootfile).
#
boot_file=/bootfiles/wanboot # <absolute pathname>
# These are used by wanboot-cgi(bootfile|bootfs|rootfs) to determine
# whether boot_file or the bootfs is to be sent encrypted/signed, or
# root_file is to be sent signed; the client must be setup with the
# corresponding encryption/signature key(s) (which cannot be auto-
# matically verified).
#
# If an encryption_type is specified then a signature_type must also
# be specified.
#
encryption_type=3des # 3des | aes | <empty>
signature_type=sha1 # sha1 | <empty>
# This is used by wanboot-cgi(bootfs) and WANboot to determine whether
# server authentication should be requested during SSL connection
# setup.
#
server_authentication=yes # yes | no
# This is used by wanboot-cgi(bootfs) and wanboot to determine whether
# client authentication should be requested during SSL connection
# setup. If client_authentication is "yes", then server_authentication
# must also be "yes".
#
client_authentication=yes # yes | no
# wanboot-cgi(bootfs) will construct a hosts file which resolves any
# hostnames specified in any of the URLs in the wanboot.conf file,
# plus those found in certificates, etc. The following parameter
# may be used to add additional mappings to the hosts file.
#
resolve_hosts= # <hostname>[,<hostname>*] | <empty>
# This is used to specify the URL of wanboot-cgi on the server on which
# the root_file exists, and used by wanboot to obtain the root server's
# URL; wanboot substitutes root_file for the pathname part of the URL.
# If the schema is http://... then the root_file will be signed if there
# is a non-empty signature_type. If server_authentication is "yes", the
# schema must be https://...; otherwise it must be http://...
#
root_server=https://www.sun.com:1234/cgi-bin/wanboot-cgi # <url> | <empty>
# This is used by wanboot-cgi(rootfs) to locate the path of the
# rootfs image (within htdocs) on the root_server.
#
root_file=/rootimages/miniroot # <absolute pathname> | <empty>
# This is used by wanboot to determine the URL of the boot_logger
# (and whether logging traffic should be sent using http or https),
# or whether it should simply be sent to the console.
#
boot_logger=http://www.sun.com:1234/cgi-bin/bootlog-cgi # <url> | <empty>
# This is used by the system startup scripts.
#
system_conf=system.conf
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Interface Stability | Evolving |
|_____________________________|_____________________________|
SEE ALSO
bootconfchk(1M), attributes(5)
Man(1) output converted with
man2html