Project

General

Profile

Bootdisk » History » Revision 9

Revision 8 (Lukas Zapletal, 04/21/2015 12:23 PM) → Revision 9/10 (Lukas Zapletal, 04/21/2015 12:29 PM)

h1. Bootdisk 

 h2. Requirements 

 https://trello.com/c/to0NYlGk/7-using-discovery-without-dhcp-2 

 I would like a boot disk option that provides the following: 

 * A single ISO that allows me to provision a system against any configured hostgroup on the Satellite. 
 * The ISO would not require me to pre-create a host in Satellite. 
 * The ISO would allow me to provide a user provided IP address or use DHCP to find the Satellite server. 
 * The ISO will be generated on the Satellite 
 * The ISO will provide a means to provision via a Capsule 
 * The functionality to generate the ISO will be exposed via the API, UI & CLI. 
 * Functionality to provide a local IP and VLAN to the target host 

 h2. Approaches 

 h3. Bootdisk 

 In the bootdisk approach, the Generic bootdisk provides a menu like below. 

 When the user first boots, they have the option for configuring DHCP or manually entering network configuration. 

 !bootdisk.png! 

 Manual network configuration: 

 !network.png! 

 After configuring network, you can select from the main menu: 

 * Existing host record (traditional generic bootdisk) 
 * New host from host group 
 * The provisioning URL can be customized, for example, if DNS is not available and you need to use an IP 

 !main.png! 

 If creating a new host, iPXE chain loads the host group menu off of the Foreman server. 

 *Workflow* 

 They are prompted for a host name: 

 !hostname.png! 

 And then hostgroup, and (if enabled) organization, and location: 

 !hostgroup.png! 

 !org_select.png! 

 !loc_select.png! 

 Finally the user confirms the selections and: 

 * iPXE sends the options to Foreman 
 * Foreman creates the new Host, and runs orchestration 
 * Server boots vmlinuz/initrd 
 * Loads kickstart 
 * Provisions as normal 

 !boot.png! 


 *This is ridiculously insecure, because we're running orchestration with access to services like DNS, Realm, Puppet, etc*   

 Options: 

 * Have bootdisk ask for login 
 ** Only supports HTTP (plaintext) 
 ** Foreman if SSL is enabled does not allow HTTP login 
 ** Discovery, in its full RHEL environment, could do this 
 * Tokens 
 ** Have a bootdisk wizard that lets a user generate a bootdisk image with embedded tokens, that give access only to specific host groups/orgs/locations 



 h3. Discovery 

 The idea is to introduce TUI allowing users to do standard provisioning (register in Foreman using a hostgroup first, called "managed") or standalone (just select a kickstart without creating a host). Prototype is implemented as a ruby service using newt bindings, the service awaits 10 seconds before initiating discovery (key press cancels). 

 !Screenshot1.png! 

 New status screen was crafted where users can investigate current status, reboot or even enable ssh daemon setting and unlocking root account. 

 !Screenshot2.png! 

 !Screenshot3.png! 

 !Screenshot4.png! 

 !Screenshot5.png! 

 !Screenshot6.png! 

 !Screenshot7.png! 

 Upon countdown cancellation, menu appears allowing to initiate provisioning or return to discovery process. 

 !Screenshot8.png! 

 !Screenshot9.png! 

 !Screenshot10.png! 

 !Screenshot11.png! 

 !Screenshot12.png! 

 !Screenshot13.png! 

 !Screenshot14.png!