Project

General

Profile

Bootdisk

Requirements

https://trello.com/c/to0NYlGk/7-using-discovery-without-dhcp-2

I would like a boot disk option that provides the following:

  • A single ISO that allows me to provision a system against any configured hostgroup on the Satellite.
  • The ISO would not require me to pre-create a host in Satellite.
  • The ISO would allow me to provide a user provided IP address or use DHCP to find the Satellite server.
  • The ISO will be generated on the Satellite
  • The ISO will provide a means to provision via a Capsule
  • The functionality to generate the ISO will be exposed via the API, UI & CLI.
  • Functionality to provide a local IP and VLAN to the target host

Approaches

Bootdisk

In the bootdisk approach, the Generic bootdisk provides a menu like below.

When the user first boots, they have the option for configuring DHCP or manually entering network configuration.

Manual network configuration:

After configuring network, you can select from the main menu:

  • Existing host record (traditional generic bootdisk)
  • New host from host group
  • The provisioning URL can be customized, for example, if DNS is not available and you need to use an IP

If creating a new host, iPXE chain loads the host group menu off of the Foreman server.

Workflow

They are prompted for a host name:

And then hostgroup, and (if enabled) organization, and location:

Finally the user confirms the selections and:

  • iPXE sends the options to Foreman
  • Foreman creates the new Host, and runs orchestration
  • Server boots vmlinuz/initrd
  • Loads kickstart
  • Provisions as normal

This is ridiculously insecure, because we're running orchestration with access to services like DNS, Realm, Puppet, etc

Options:

  • Have bootdisk ask for login
    • Only supports HTTP (plaintext)
    • Foreman if SSL is enabled does not allow HTTP login
    • Discovery, in its full RHEL environment, could do this
  • Tokens
    • Have a bootdisk wizard that lets a user generate a bootdisk image with embedded tokens, that give access only to specific host groups/orgs/locations

Discovery

The idea is to introduce TUI allowing users to do standard provisioning (register in Foreman using a hostgroup first, called "managed") or standalone (just select a kickstart without creating a host). Prototype is implemented as a ruby service using newt bindings, the service awaits 10 seconds before initiating discovery (key press cancels).

New status screen was crafted where users can investigate current status, reboot or even enable ssh daemon setting and unlocking root account.

Upon countdown cancellation, menu appears allowing to initiate provisioning or return to discovery process.

By default DHCP is enabled for all interfaces, but users are able to enter net credentials manually (this screen was not prototyped).

Selection of the process: Managed - pre-register host, Unmanaged - just select kickstart and go.

If Managed was selected, foreman url, type and credentials must be entered, host name and host group must be entered on the next screen and then the system is rebooted (via kexec) into Anaconda.

When Unmanaged was selected, user only needs to enter foreman url and type and on the next screen select kickstart to use. Then the host is rebooted into Anaconda. The list of kickstarts would be handed over via new "Discovery Unmanaged" template (JSON).