Sun Microsystems, Inc.
spacerspacer
spacer www.sun.com docs.sun.com |
spacer
black dot
 
 
10.  Administering DHCP (Task) Supporting Solaris Network Installation with the DHCP Service (Task Map) Creating DHCP Options and Macros for Solaris Installation Parameters Writing a Script That Uses dhtadm to Create Options and Macros  Previous   Contents   Next 
   
 

As superuser, execute dhtadm in batch mode and specify the name of the script to add the options and macros to your dhcptab. For example, if your script is named netinstalloptions, type the command:

dhtadm -B netinstalloptions

When you have done this, clients that have vendor client classes that are listed in the Vendor= string can use DHCP to obtain the parameters they need for Solaris installation over the network.

Using DHCP Manager to Create Install Options and Macros

You can create the options listed in Table 10-4 and the macros listed in Table 10-5 with DHCP Manager.

See Figure 10-17 and Figure 10-16 for illustrations of the dialog boxes you use to create options and macros.

How to Create Options to Support Solaris Installation (DHCP Manager)

  1. Select the Options tab in DHCP Manager.

  2. Choose Create from the Edit menu.

    The Create Option dialog box opens.

  3. Type the option name for the first option and type values appropriate for that option.

    Use Table 10-4 to look up the option names and values for options you must create. Notice that the vendor client classes are only suggested values. You should create classes to indicate the actual client types that need to obtain Solaris installation parameters from the DHCP service. See Table 10-3 for information about how to determine a client's vendor client class.

  4. Click OK when you have entered all the values.

  5. In the Options tab, select the option you just created.

  6. Select Duplicate from the Edit menu.

    The Duplicate Option dialog box opens.

  7. Type the name of another option and modify other values appropriately.

    The values for code, data type, granularity, and maximum are most likely to need modification. See Table 10-4 for the values.

  8. Repeat Step 5 through Step 7 until you have created all the options.

    You can now create macros to pass the options to network installation clients, as explained in the following procedure.

    Note - You do not need to add these options to a Solaris client's /etc/dhcp/inittab file because they are already included in that file.

How to Create Macros to Support Solaris Installation (DHCP Manager)

  1. Select the Macros tab in DHCP Manager.

  2. Choose Create from the Edit menu.

    The Create Macro dialog box opens.

  3. Type the name of a macro.

    See Table 10-5 for macro names you might use.

  4. Click the Select button.

    The Select Option dialog box opens.

  5. Select Vendor in the Category list.

    The Vendor options you created are listed.

  6. Select an option you want to add to the macro and click OK.

  7. Type a value for the option.

    See Table 10-4 for the option's data type and refer to the information reported by add_install_client -d.

  8. Repeat Step 6 through Step 7 for each option you want to include.

    To include another macro, type Include as the option name and type the macro name as the option value.

  9. Click OK when the macro is complete.

Supporting Remote Boot and Diskless Boot Clients (Task Map)

The Solaris DHCP service can support Solaris client systems that mount their operating system files remotely from another machine, called the OS server. Such clients are often called diskless clients. They can be thought of as persistent remote boot clients in that each time they boot, they must obtain the name and IP address of the server that hosts their operating system files, and then boot remotely from those files.

Each diskless client has its own root partition on the OS server, which is shared to the client host name. This means that the DHCP server must always return the same IP address to the client, and that address must remain mapped to the same host name in the name service (such as DNS). To accomplish this, each diskless client must be assigned a consistent IP address.

In addition to the IP address and host name, the DHCP server can supply a diskless client with all the information needed to locate its operating system files on the OS server. However, you must create options and macros that can be used to pass the information in a DHCP message packet.

The following task map lists the tasks required to support diskless clients or any other persistent remote boot clients, and includes links to procedures to help you carry them out.

Task

Description

Instructions

Set up OS services on a Solaris server.

Use the smosservice command to create operating system files for clients.

"Managing Diskless Client Support (Tasks)" in System Administration Guide: Basic Administration

Also see the smosservice man page.

Set up DHCP Service to support network boot clients

Use DHCP Manager or dhtadm to create new Vendor options and macros which the DHCP server can use to pass booting information to the clients.

Note that if you already created the options for network install clients, you need only create macros for the Vendor client types of the diskless clients.

"Supporting Solaris Network Installation with the DHCP Service (Task Map)"

Assign reserved IP addresses to the diskless clients.

Use DHCP Manager or pntadm to mark addresses reserved (or manual) for diskless clients.

"Setting Up DHCP Clients for a Consistent IP Address"

Set up diskless clients for OS service

Use the smdiskless command to add operating system support on the OS server for each client. Specify the IP addresses you reserved for each client.

"Managing Diskless Client Support (Tasks)" in System Administration Guide: Basic Administration

Also see the smdiskless man page

Assign reserved IP addresses to the diskless clients.

Use DHCP Manager or pntadm to mark addresses reserved (or manual) for diskless clients.

"Setting Up DHCP Clients for a Consistent IP Address"

Set up diskless clients for OS service

Use the smdiskless command to add operating system support on the OS server for each client. Specify the IP addresses you reserved for each client.

"Managing Diskless Client Support (Tasks)" in System Administration Guide: Basic Administration

Also see the smdiskless man page

Setting Up DHCP Clients as NIS+ Clients

You can use the NIS+ name service on Solaris systems that are DHCP clients, but to do so requires you to partially circumvent one of the security-enhancing features of NIS+ - the creation of DES credentials. When you set up a NIS+ client that is not using DHCP, you add unique DES credentials for the new NIS+ client system to the cred table on the NIS+ server. There are several ways to accomplish this, such as using the nisclient script or the nisaddcred command.

For DHCP clients, you cannot use these methods because they depend on a static host name to create and store the credentials. If you want to use NIS+ and DHCP, you must create identical credentials to be used for all the host names of DHCP clients. In this way, no matter what IP address (and associated host name) a DHCP client receives, it can use the same DES credentials.

Note - Before you do this, remember that NIS+ was designed with security in mind, and this procedure weakens that security because it allows random DHCP clients to receive NIS+ credentials.

The following procedure shows you how to create identical credentials for all DHCP host names. This procedure is only valid if you know the host names that DHCP clients will use, such as when the host names are generated by the DHCP server.

How to Set Up Solaris DHCP Clients as NIS+ Clients

A DHCP client workstation that is to be a NIS+ client must use credentials copied from another NIS+ client workstation in the NIS+ domain. This procedure only produces credentials for the workstation, which apply only to the superuser logged in to the workstation. Other users logged in to the DHCP client workstation must have their own unique credentials in the NIS+ server, created according to the procedure in the System Administration Guide: Naming and Directory Services (FNS and NIS+).

  1. Type the following command on the NIS+ server to write the cred table entry for the NIS+ client to a temporary file.

    # nisgrep nisplus-client-name cred.org_dir > /tmp/file

  2. View the contents of the temporary file so you can copy the credentials and use them to create credentials for DHCP clients.

    You must copy the public key and private key, which are long strings of numbers and letters separated by colons.

  3. Type the following commands to add credentials for a DHCP client. Copy the public and private key information from the temporary file.

    # nistbladm -a cname=" dhcp-client-name@nisplus-domain" auth_type=DES \
auth_name="unix.dhcp-client-name@nisplus-domain" \
public_data=copied-public-data \ 
private_data=copied-private-data

  4. Type the following commands on each DHCP client system to remote copy NIS+ client files to the DHCP client system. 

    # rcp nisplus-client-name:/var/nis/NIS_COLD_START /var/nis
# rcp nisplus-client-name:/etc/.rootkey /etc
# rcp nisplus-client-name:/etc/defaultdomain /etc

    If you get a "permission denied" message, the systems may not be set up to allow remote copying. You can copy the files as a regular user to an intermediate location and then copy them to the proper location as root on the DHCP client systems.

  5. Type the following command on the DHCP client system to use the correct name service switch file for NIS+:

    # cp /etc/nsswitch.nisplus /etc/nsswitch.conf

  6. Reboot the DHCP client system.

    The DHCP client system should now be able to use NIS+ services.

 		 
 
  Previous   Contents   Next