Project

General

Profile

Bootdisk » History » Revision 3

Revision 2 (Stephen Benjamin, 04/08/2015 09:30 AM) → Revision 3/10 (Stephen Benjamin, 04/08/2015 09:32 AM)

h1. Bootdisk 

 h2. Requirements 

 https://trello.com/c/to0NYlGk/7-using-discovery-without-dhcp-2 

 I would like a boot disk option that provides the following: 

 * A single ISO that allows me to provision a system against any configured hostgroup on the Satellite. 
 * The ISO would not require me to pre-create a host in Satellite. 
 * The ISO would allow me to provide a user provided IP address or use DHCP to find the Satellite server. 
 * The ISO will be generated on the Satellite 
 * The ISO will provide a means to provision via a Capsule 
 * The functionality to generate the ISO will be exposed via the API, UI & CLI. 
 * Functionality to provide a local IP and VLAN to the target host 

 h2. Approaches 

 h3. Bootdisk 

 In the bootdisk approach, the Generic bootdisk would be modified to provide a menu like the one shown below: 

 !bootdisk.png! 

 *Notes*: 
 * If the user does not have DHCP, they may configure networking manually. 
 * The provisioning URL can be customized, for example, if DNS is not available and you need to use an IP 
 * If the user wants to build an existing host, they can boot from the existing record 
 * Otherwise they can create an entirely new host 

 If creating a new host, iPXE chainloads off of the Foreman server. 

 *Workflow* 

 They are prompted for a host name: 

 !new_host.png! 

 And then hostgroup, and (if enabled) organization, and location: 

 !hostgroup.png! 

 !org_select.png! 

 !loc_select.png! 

 Finally: 

 * iPXE Boots off Foreman 
 * Foreman creates the new Host, and runs orchestration 
 * Server boots vmlinuz/initrd 
 * Loads kickstart 
 * Provisions as normal 


 *This is ridiculously insecure, because we're running orchestration with access to services like DNS, Realm, Puppet, etc* insecure.*   

 Options: 

 * Have bootdisk ask for login 
 ** 
    * Only supports HTTP (plaintext) 
 ** 
    * Foreman if SSL is enabled does not allow HTTP login 
 * Tokens 
 ** 
    * Have a wizard that lets a user generate a bootdisk image with embedded tokens, that give access only to specific host groups/orgs/locations 



 h3. Discovery