Project

General

Profile

Actions

Bootdisk » History » Revision 7

« Previous | Revision 7/10 (diff) | Next »
Stephen Benjamin, 04/14/2015 03:09 PM


Bootdisk

Requirements

https://trello.com/c/to0NYlGk/7-using-discovery-without-dhcp-2

I would like a boot disk option that provides the following:

  • A single ISO that allows me to provision a system against any configured hostgroup on the Satellite.
  • The ISO would not require me to pre-create a host in Satellite.
  • The ISO would allow me to provide a user provided IP address or use DHCP to find the Satellite server.
  • The ISO will be generated on the Satellite
  • The ISO will provide a means to provision via a Capsule
  • The functionality to generate the ISO will be exposed via the API, UI & CLI.
  • Functionality to provide a local IP and VLAN to the target host

Approaches

Bootdisk

In the bootdisk approach, the Generic bootdisk provides a menu like below.

When the user first boots, they have the option for configuring DHCP or manually entering network configuration.

Manual network configuration:

After configuring network, you can select from the main menu:

  • Existing host record (traditional generic bootdisk)
  • New host from host group
  • The provisioning URL can be customized, for example, if DNS is not available and you need to use an IP

If creating a new host, iPXE chain loads the host group menu off of the Foreman server.

Workflow

They are prompted for a host name:

And then hostgroup, and (if enabled) organization, and location:

Finally the user confirms the selections and:

  • iPXE sends the options to Foreman
  • Foreman creates the new Host, and runs orchestration
  • Server boots vmlinuz/initrd
  • Loads kickstart
  • Provisions as normal

This is ridiculously insecure, because we're running orchestration with access to services like DNS, Realm, Puppet, etc

Options:

  • Have bootdisk ask for login
    • Only supports HTTP (plaintext)
    • Foreman if SSL is enabled does not allow HTTP login
    • Discovery, in its full RHEL environment, could do this
  • Tokens
    • Have a bootdisk wizard that lets a user generate a bootdisk image with embedded tokens, that give access only to specific host groups/orgs/locations

Discovery

Updated by Stephen Benjamin over 9 years ago · 10 revisions