Bootdisk » History » Version 3
Stephen Benjamin, 04/08/2015 09:32 AM
1 | 1 | Stephen Benjamin | h1. Bootdisk |
---|---|---|---|
2 | |||
3 | h2. Requirements |
||
4 | |||
5 | https://trello.com/c/to0NYlGk/7-using-discovery-without-dhcp-2 |
||
6 | |||
7 | I would like a boot disk option that provides the following: |
||
8 | |||
9 | * A single ISO that allows me to provision a system against any configured hostgroup on the Satellite. |
||
10 | * The ISO would not require me to pre-create a host in Satellite. |
||
11 | * The ISO would allow me to provide a user provided IP address or use DHCP to find the Satellite server. |
||
12 | * The ISO will be generated on the Satellite |
||
13 | * The ISO will provide a means to provision via a Capsule |
||
14 | * The functionality to generate the ISO will be exposed via the API, UI & CLI. |
||
15 | * Functionality to provide a local IP and VLAN to the target host |
||
16 | |||
17 | h2. Approaches |
||
18 | |||
19 | h3. Bootdisk |
||
20 | |||
21 | 2 | Stephen Benjamin | In the bootdisk approach, the Generic bootdisk would be modified to provide a menu like the one shown below: |
22 | |||
23 | !bootdisk.png! |
||
24 | |||
25 | *Notes*: |
||
26 | * If the user does not have DHCP, they may configure networking manually. |
||
27 | * The provisioning URL can be customized, for example, if DNS is not available and you need to use an IP |
||
28 | * If the user wants to build an existing host, they can boot from the existing record |
||
29 | * Otherwise they can create an entirely new host |
||
30 | |||
31 | If creating a new host, iPXE chainloads off of the Foreman server. |
||
32 | |||
33 | *Workflow* |
||
34 | |||
35 | They are prompted for a host name: |
||
36 | |||
37 | !new_host.png! |
||
38 | |||
39 | And then hostgroup, and (if enabled) organization, and location: |
||
40 | |||
41 | !hostgroup.png! |
||
42 | |||
43 | !org_select.png! |
||
44 | |||
45 | !loc_select.png! |
||
46 | |||
47 | Finally: |
||
48 | |||
49 | * iPXE Boots off Foreman |
||
50 | * Foreman creates the new Host, and runs orchestration |
||
51 | * Server boots vmlinuz/initrd |
||
52 | * Loads kickstart |
||
53 | * Provisions as normal |
||
54 | |||
55 | |||
56 | 3 | Stephen Benjamin | *This is ridiculously insecure, because we're running orchestration with access to services like DNS, Realm, Puppet, etc* |
57 | 2 | Stephen Benjamin | |
58 | Options: |
||
59 | |||
60 | * Have bootdisk ask for login |
||
61 | 3 | Stephen Benjamin | ** Only supports HTTP (plaintext) |
62 | ** Foreman if SSL is enabled does not allow HTTP login |
||
63 | 2 | Stephen Benjamin | * Tokens |
64 | 3 | Stephen Benjamin | ** Have a wizard that lets a user generate a bootdisk image with embedded tokens, that give access only to specific host groups/orgs/locations |
65 | 2 | Stephen Benjamin | |
66 | |||
67 | |||
68 | 1 | Stephen Benjamin | h3. Discovery |