techblog 

OMAPI is an API to allow you to control and query the ISC DHCP server. Unfortunately finding a nice example of how to use it securely wasn’t easy. So here is one:

Create a TSIG key

dnssec-keygen -a HMAC-MD5 -b 512 -n HOST omapi_key

Add the following to dhcpd.conf replacing XXXXXXXXX with the key you generated in the previous step.

omapi-port 9991;
key omapi_key {
algorithm HMAC-MD5;
secret "XXXXXXXXX";
};
omapi-key omapi_key;

Start dhcpd

Test that you can add a host to dhcpd by using omshell or by using this perl example

#!/usr/bin/perl -w

print "Please enter the MAC address of the client interface.n";
my $mac = <STDIN>;
chomp ($mac);

print "Please enter the IP address.n";
my $ip = <STDIN>;
chomp ($ip);

print "Please enter a name for this client.n";
my $name = <STDIN>;
chomp ($name);

open (OMSHELL, "|omshell") || die ("Unable to open omshelln");
print OMSHELL "port 9991n";
print OMSHELL "key omapi_key \"XXXXXXXXX\"n";
print OMSHELL "connectn";
print OMSHELL "new hostn";
print OMSHELL "set name = \"$name\"n";
print OMSHELL "set hardware-address = $macn";
print OMSHELL "set hardware-type = 1n";
print OMSHELL "set ip-address = $ipn";
print OMSHELL "createn";
close (OMSHELL) || die "Unable to close omshell.n";

Look in the dhcpd.leases file and you should see the host defined like this

host test1 {
dynamic;
hardware ethernet <YOUR MAC ADDRESS>;
fixed-address <YOUR IP ADDRESS>;
}

This dynamic statement indicates that this was created using omapi and did not come from the dhcpd.conf file.

I have been building a provisioning server to automate installing servers. One of the things this server will do is Jumpstart Solaris 10. The target servers are HP DL25 blades and when they tried to boot over the network I was getting an “A20 enable failed” error on the console. After many hours searching on Google I finally found this. There is a bug in boot.bin (also known as inetboot). Amazingly you need a Sun support contract to download this patch but I can now confirm that it does fix the problem.