wanboot.conf(4) File Formats wanboot.conf(4)NAMEwanboot.conf - repository for WANboot configuration data
SYNOPSIS
/etc/netboot/wanboot.conf
DESCRIPTION
The wanboot.conf file is set up by a system administrator for one or
more WANboot clients. The file contains information used to drive the
WANboot process. The CGI program that serves up the bootstrap (wanboot)
and the boot and root filesystems use information contained in the file
to determine file paths, encryption and signing policies, and other
characteristics of the operating environment.
A copy of wanboot.conf is incorporated in the boot filesystem that is
transmitted to the client. This is used by the bootstrap (wanboot) to
determine SSL authentication policy, and other security conditions.
You should use the bootconfchk(1M) utility to check the format and con‐
tent of a wanboot.conf file prior to deployment.
FILE FORMAT
Entries in wanboot.conf are written one per line; an entry cannot be
continued onto another line. Blank lines are ignored, as is anything
following a hash mark character (#), which allows you to insert com‐
ments.
Each non-blank, non-comment line must take the form:
parameter=value
where value is terminated by the end-of-line, a space, or the hash mark
character. The value can be quoted if it contains a space or a hash
mark, using single or double quotes.
The parameters currently supported and their meanings are as follows:
boot_file Specifies the path of the bootstrap file rela‐
tive to the directory from which the web
server serves files. This parameter must be
given if the bootstrap file (wanboot) is to be
served via HTTP, and must be specified with a
leading slash (/).
root_server Specifies the location of the CGI program that
will serve up the information about the root
filesystem that will be transmitted to the
client. If present, the value must be a URL in
one of the following forms:
http://host:port/some_path/wanboot-cgi
https://host:port/some_path/wanboot-cgi
where http specifies insecure download of the
root filesystem; https specifies secure down‐
load of the root filesystem; host is the name
of the system which will serve the root
filesystem; port is the port through which the
web server will serve the root filesystem
image; some-path is the directory which con‐
tains the wanboot-cgi CGI program which will
serve information about the root filesystem.
For example:
http://webserver:8080/cgi-bin/wanboot-cgi
root_file Specifies the path of the root filesystem
image relative to the directory from which the
web server serves files. This parameter must
be given if the root filesystem is to be
served by means of HTTP, and must be specified
with a leading /.
signature_type Specifies the signing algorithm to be used
when signing the bootstrap (that is, wanboot),
the boot filesystem, and the root filesystem
(assuming the last is not being sent using
secure HTTP), prior to transmission to the
client. If absent, or the value is empty, no
signing will be performed. If present, its
value must be: sha1.
If signature_type is set, the client system
being booted must also be setup with a client
key for that algorithm.
encryption_type Specifies the encryption algorithm to be used
when encrypting the boot filesystem prior to
transmission to the client. If absent, or the
value is empty, no encryption of the boot
filesystem will be performed. If present, its
value must be one of: 3des or aes.
If encryption_type is set to one of the above
algorithms, then the client system being
booted must also be setup with a client key
for that algorithm and a non-empty encryp‐
tion_type must also be specified.
server_authentication Specifies whether server authentication should
be requested during SSL connection setup. If
absent, or the value is empty, server authen‐
tication will not be requested. If present,
its value must be one of: yes or no.
client_authentication Specifies whether client authentication should
be requested during SSL coonection setup. If
absent, or the value is empty, client authen‐
tication will not be requested. If present,
its value must be one of: yes or no.
If client_authentication is yes, then encryp‐
tion and signing algorithms must also be spec‐
ified, the URL scheme in root_server must be
https, and server_authentication must also be
yes.
resolve_hosts Used to specify any host names that might need
to be resolved for the client system. Host
names appearing in URLs in wanboot.conf and
any discovered in certificates associated with
the client will automatically be resolved and
do not need to be specified here. The value
should be a comma-separated list of host
names.
A typical use of this parameter would be to
name hosts used by the installer that differ
from any of those used by the bootstrap.
boot_logger Specifies the URL of a system to which logging
messages will be sent. If absent, or the value
is empty, then logging will be to the system
console only. If present it must specify a URL
in one of the following forms:
http://host:port/some_path/bootlog-cgi
https://host:port/some_path/bootlog-cgi
where the constituent parts are as defined for
root_server, above.
Logging can be insecure or secure.
system_conf Specifies the name of a file in the /etc/net‐
boot hierarchy that will be incorporated in
the boot filesystem named system.conf and
which is intended for use by the system
startup scripts only.
EXAMPLES
Example 1 Sample File
The following is a sample wanboot.conf file:
####################################################################
#
# Copyright 2003 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#ident "@(#)wanboot.conf 1.12 03/01/30 SMI"
#
####################################################################
# wanboot.conf(4): boot configuration file.
#
# Please consult wanboot.conf(4) for further information. Note that
# this interface is "Committed" as defined by attributes(5).
#
# Anything after a '#' is comment. Values may be quoted (e.g. "val").
#
# <empty> means there is no value, i.e. null. The absence of any
# parameter implies that it takes a default value (<empty> unless
# otherwise specified).
#
# <url> is of the form http://... or https://...
####################################################################
# The path of the bootstrap file (within htdocs) which is served up
# by wanboot-cgi(bootfile).
#
boot_file=/bootfiles/wanboot # <absolute pathname>
# These are used by wanboot-cgi(bootfile|bootfs|rootfs) to determine
# whether boot_file or the bootfs is to be sent encrypted/signed, or
# root_file is to be sent signed; the client must be setup with the
# corresponding encryption/signature key(s) (which cannot be auto-
# matically verified).
#
# If an encryption_type is specified then a signature_type must also
# be specified.
#
encryption_type=3des # 3des | aes | <empty>
signature_type=sha1 # sha1 | <empty>
# This is used by wanboot-cgi(bootfs) and WANboot to determine whether
# server authentication should be requested during SSL connection
# setup.
#
server_authentication=yes # yes | no
# This is used by wanboot-cgi(bootfs) and wanboot to determine whether
# client authentication should be requested during SSL connection
# setup. If client_authentication is "yes", then server_authentication
# must also be "yes".
#
client_authentication=yes # yes | no
# wanboot-cgi(bootfs) will construct a hosts file which resolves any
# hostnames specified in any of the URLs in the wanboot.conf file,
# plus those found in certificates, etc. The following parameter
# may be used to add additional mappings to the hosts file.
#
resolve_hosts= # <hostname>[,<hostname>*] | <empty>
# This is used to specify the URL of wanboot-cgi on the server on which
# the root_file exists, and used by wanboot to obtain the root server's
# URL; wanboot substitutes root_file for the pathname part of the URL.
# If the schema is http://... then the root_file will be signed if there
# is a non-empty signature_type. If server_authentication is "yes", the
# schema must be https://...; otherwise it must be http://...
#
root_server=https://www.example.com:1234/cgi-bin/wanboot-cgi # <url> \
| <empty>
# This is used by wanboot-cgi(rootfs) to locate the path of the
# rootfs image (within htdocs) on the root_server.
#
root_file=/rootimages/miniroot # <absolute pathname> | <empty>
# This is used by wanboot to determine the URL of the boot_logger
# (and whether logging traffic should be sent using http or https),
# or whether it should simply be sent to the console.
#
boot_logger=http://www.example.com:1234/cgi-bin/bootlog-cgi # <url> \
| <empty>
# This is used by the system startup scripts.
#
system_conf=system.conf
ATTRIBUTES
See attributes(5) for descriptions of the following attributes:
┌─────────────────────────────┬─────────────────────────────┐
│ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
├─────────────────────────────┼─────────────────────────────┤
│Interface Stability │Committed │
└─────────────────────────────┴─────────────────────────────┘
SEE ALSObootconfchk(1M), attributes(5)SunOS 5.11 15 Nov 2003 wanboot.conf(4)
