1wanboot.conf(4) File Formats wanboot.conf(4)
2
3
4
6 wanboot.conf - repository for WANboot configuration data
7
9 /etc/netboot/wanboot.conf
10
11
13 The wanboot.conf file is set up by a system administrator for one or
14 more WANboot clients. The file contains information used to drive the
15 WANboot process. The CGI program that serves up the bootstrap (wanboot)
16 and the boot and root filesystems use information contained in the file
17 to determine file paths, encryption and signing policies, and other
18 characteristics of the operating environment.
19
20
21 A copy of wanboot.conf is incorporated in the boot filesystem that is
22 transmitted to the client. This is used by the bootstrap (wanboot) to
23 determine SSL authentication policy, and other security conditions.
24
25
26 You should use the bootconfchk(1M) utility to check the format and con‐
27 tent of a wanboot.conf file prior to deployment.
28
30 Entries in wanboot.conf are written one per line; an entry cannot be
31 continued onto another line. Blank lines are ignored, as is anything
32 following a hash mark character (#), which allows you to insert com‐
33 ments.
34
35
36 Each non-blank, non-comment line must take the form:
37
38 parameter=value
39
40
41
42
43 where value is terminated by the end-of-line, a space, or the hash mark
44 character. The value can be quoted if it contains a space or a hash
45 mark, using single or double quotes.
46
47
48 The parameters currently supported and their meanings are as follows:
49
50 boot_file Specifies the path of the bootstrap file rela‐
51 tive to the directory from which the web
52 server serves files. This parameter must be
53 given if the bootstrap file (wanboot) is to be
54 served via HTTP, and must be specified with a
55 leading slash (/).
56
57
58 root_server Specifies the location of the CGI program that
59 will serve up the information about the root
60 filesystem that will be transmitted to the
61 client. If present, the value must be a URL in
62 one of the following forms:
63
64 http://host:port/some_path/wanboot-cgi
65 https://host:port/some_path/wanboot-cgi
66
67
68 where http specifies insecure download of the
69 root filesystem; https specifies secure down‐
70 load of the root filesystem; host is the name
71 of the system which will serve the root
72 filesystem; port is the port through which the
73 web server will serve the root filesystem
74 image; some-path is the directory which con‐
75 tains the wanboot-cgi CGI program which will
76 serve information about the root filesystem.
77 For example:
78
79 http://webserver:8080/cgi-bin/wanboot-cgi
80
81
82
83
84 root_file Specifies the path of the root filesystem
85 image relative to the directory from which the
86 web server serves files. This parameter must
87 be given if the root filesystem is to be
88 served by means of HTTP, and must be specified
89 with a leading /.
90
91
92 signature_type Specifies the signing algorithm to be used
93 when signing the bootstrap (that is, wanboot),
94 the boot filesystem, and the root filesystem
95 (assuming the last is not being sent using
96 secure HTTP), prior to transmission to the
97 client. If absent, or the value is empty, no
98 signing will be performed. If present, its
99 value must be: sha1.
100
101 If signature_type is set, the client system
102 being booted must also be setup with a client
103 key for that algorithm.
104
105
106 encryption_type Specifies the encryption algorithm to be used
107 when encrypting the boot filesystem prior to
108 transmission to the client. If absent, or the
109 value is empty, no encryption of the boot
110 filesystem will be performed. If present, its
111 value must be one of: 3des or aes.
112
113 If encryption_type is set to one of the above
114 algorithms, then the client system being
115 booted must also be setup with a client key
116 for that algorithm and a non-empty encryp‐
117 tion_type must also be specified.
118
119
120 server_authentication Specifies whether server authentication should
121 be requested during SSL connection setup. If
122 absent, or the value is empty, server authen‐
123 tication will not be requested. If present,
124 its value must be one of: yes or no.
125
126
127 client_authentication Specifies whether client authentication should
128 be requested during SSL coonection setup. If
129 absent, or the value is empty, client authen‐
130 tication will not be requested. If present,
131 its value must be one of: yes or no.
132
133 If client_authentication is yes, then encryp‐
134 tion and signing algorithms must also be spec‐
135 ified, the URL scheme in root_server must be
136 https, and server_authentication must also be
137 yes.
138
139
140 resolve_hosts Used to specify any host names that might need
141 to be resolved for the client system. Host
142 names appearing in URLs in wanboot.conf and
143 any discovered in certificates associated with
144 the client will automatically be resolved and
145 do not need to be specified here. The value
146 should be a comma-separated list of host
147 names.
148
149 A typical use of this parameter would be to
150 name hosts used by the installer that differ
151 from any of those used by the bootstrap.
152
153
154 boot_logger Specifies the URL of a system to which logging
155 messages will be sent. If absent, or the value
156 is empty, then logging will be to the system
157 console only. If present it must specify a URL
158 in one of the following forms:
159
160
161
162 http://host:port/some_path/bootlog-cgi
163 https://host:port/some_path/bootlog-cgi
164
165
166 where the constituent parts are as defined for
167 root_server, above.
168
169 Logging can be insecure or secure.
170
171
172 system_conf Specifies the name of a file in the /etc/net‐
173 boot hierarchy that will be incorporated in
174 the boot filesystem named system.conf and
175 which is intended for use by the system
176 startup scripts only.
177
178
180 Example 1 Sample File
181
182
183 The following is a sample wanboot.conf file:
184
185
186 ####################################################################
187 #
188 # Copyright 2003 Sun Microsystems, Inc. All rights reserved.
189 # Use is subject to license terms.
190 #
191 #ident "@(#)wanboot.conf 1.12 03/01/30 SMI"
192 #
193 ####################################################################
194 # wanboot.conf(4): boot configuration file.
195 #
196 # Please consult wanboot.conf(4) for further information. Note that
197 # this interface is "Evolving" as defined by attributes(5).
198 #
199 # Anything after a '#' is comment. Values may be quoted (e.g. "val").
200 #
201 # <empty> means there is no value, i.e. null. The absence of any
202 # parameter implies that it takes a default value (<empty> unless
203 # otherwise specified).
204 #
205 # <url> is of the form http://... or https://...
206 ####################################################################
207
208 # The path of the bootstrap file (within htdocs) which is served up
209 # by wanboot-cgi(bootfile).
210 #
211 boot_file=/bootfiles/wanboot # <absolute pathname>
212
213 # These are used by wanboot-cgi(bootfile|bootfs|rootfs) to determine
214 # whether boot_file or the bootfs is to be sent encrypted/signed, or
215 # root_file is to be sent signed; the client must be setup with the
216 # corresponding encryption/signature key(s) (which cannot be auto-
217 # matically verified).
218 #
219 # If an encryption_type is specified then a signature_type must also
220 # be specified.
221 #
222 encryption_type=3des # 3des | aes | <empty>
223 signature_type=sha1 # sha1 | <empty>
224
225 # This is used by wanboot-cgi(bootfs) and WANboot to determine whether
226 # server authentication should be requested during SSL connection
227 # setup.
228 #
229 server_authentication=yes # yes | no
230
231 # This is used by wanboot-cgi(bootfs) and wanboot to determine whether
232 # client authentication should be requested during SSL connection
233 # setup. If client_authentication is "yes", then server_authentication
234 # must also be "yes".
235 #
236 client_authentication=yes # yes | no
237
238
239 # wanboot-cgi(bootfs) will construct a hosts file which resolves any
240 # hostnames specified in any of the URLs in the wanboot.conf file,
241 # plus those found in certificates, etc. The following parameter
242 # may be used to add additional mappings to the hosts file.
243 #
244 resolve_hosts= # <hostname>[,<hostname>*] | <empty>
245
246 # This is used to specify the URL of wanboot-cgi on the server on which
247 # the root_file exists, and used by wanboot to obtain the root server's
248 # URL; wanboot substitutes root_file for the pathname part of the URL.
249 # If the schema is http://... then the root_file will be signed if there
250 # is a non-empty signature_type. If server_authentication is "yes", the
251 # schema must be https://...; otherwise it must be http://...
252 #
253 root_server=https://www.example.com:1234/cgi-bin/wanboot-cgi # <url> \
254 | <empty>
255
256 # This is used by wanboot-cgi(rootfs) to locate the path of the
257 # rootfs image (within htdocs) on the root_server.
258 #
259 root_file=/rootimages/miniroot # <absolute pathname> | <empty>
260
261 # This is used by wanboot to determine the URL of the boot_logger
262 # (and whether logging traffic should be sent using http or https),
263 # or whether it should simply be sent to the console.
264 #
265 boot_logger=http://www.example.com:1234/cgi-bin/bootlog-cgi # <url> \
266 | <empty>
267
268 # This is used by the system startup scripts.
269 #
270 system_conf=system.conf
271
272
273
275 See attributes(5) for descriptions of the following attributes:
276
277
278
279
280 ┌─────────────────────────────┬─────────────────────────────┐
281 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
282 ├─────────────────────────────┼─────────────────────────────┤
283 │Interface Stability │Evolving │
284 └─────────────────────────────┴─────────────────────────────┘
285
287 bootconfchk(1M), attributes(5)
288
289
290
291SunOS 5.11 15 Nov 2003 wanboot.conf(4)