PXE .vs gPXE Server (for Installfest) [Network Ew

Dazed_75 lthielster at gmail.com
Fri Feb 4 13:24:35 MST 2011


Resent after snipping some old text (message was bigger than list server
allowed

On Fri, Feb 4, 2011 at 1:19 PM, Dazed_75 <lthielster at gmail.com> wrote:

> Yes, there has been miscommunication.  I run the PLUG Installfests and a
> year ago had decided to try to use a network boot environment in order to
> serve many distributions.  I have hardware for it and did set up two
> renditions of a PXE server. Both worked, in fact, they also worked with
> using a gPXE boot CD on a client machine.  But neither has been used at an
> installfest because neither was ever fully populated with distros.  I was
> not satisfied with the amount of work to add an ever-changing list of
> distros.  It was easier to keep the .iso's on an external drive and make
> CD/DVDs as needed. This also served to provide installable media to users.
>
> I was not part of the discussion with you where you offered to build a
> network boot server (I am avoiding the terms PXE and gPXE as much as
> possible).  I would be happy for you to do so but recognize that I will have
> to understand it at least well enough to maintain it.  I had thought my
> telling you what I had and the environment I had tried to support (my home
> lab and the installfest) would help to ensure we ended up with the most
> serviceable unit we could.  I suspect my poor understanding of PXE vs gPXE
> and my not being part of that discussion you had with someone has led to the
> misunderstandings.
>
> I certainly had no intent for you to fix anything I had built and
> configured especially as it was all experimental.  The only thing which had
> failed was that it was a harder to maintain than what I was already doing.
> When I was told about that other discussion and your offer, it sounded like
> your solution might work better and be more maintainable.  My description of
> what I had done was more a description of my goals to help validate whether
> that was true or not.  And perhaps to help tweak your design to better fit
> my environment.
>
> If you still want to do this, I am happy to provide my hardware to be wiped
> and rebuilt.  I would like to know how it is done so I can maintain it or
> even replicate it if needed.  Here are some of my design goals I would hope
> to meet:
>
>    - the network boot server should be portable between my UAT environment
>    and my home lab.  Both are DHCP served LANs where I have little/no control
>    of the existing DHCP server configuration
>    - adding/removing distributions/releases to the list of network
>    bootable systems should be relatively easy
>    - it should support a fairly large number of distros and versions of
>    same
>    - it should support network booting of both Live and Install only
>    distros
>    - client machines should still have internet access
>    - client machines could ideally EITHER use a gPXE removable boot media,
>    get a gPXE loader from the network boot server, or still use their native
>    BIOS network boot code
>    - ideally, it should also support LAN clients downloading of .iso files
>    and/or local burning of CD/DVDs
>
> Thats all I can think of right now.  Is it too much?  Is it clear?
>
> More responses inserted below:
>
> On Thu, Feb 3, 2011 at 9:21 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>
>> Larry!
>>
>> You sound like you are doing very well, indeed; traipsing off to scaLE
>> just out of triangle heart bypassage surgery?
>>
>> Gee Larry, I believe there might be some mis-communication here?  At the
>> Installfest where Navin  Markandeya and I appeared (while our holiday
>> scheduling was being straightened out between Gangplankhq.com and John C.
>> Lincoln Hospital) someone suggested I build a NEW PXE server for the
>> installfest; which sounded fun - through my 24 years as a Unix Engineer and
>> Admin, I have built a couple (some on the fly) used more than a couple, and
>> most recently loved gPXE (ATJEU.com Hosting where did some work with Jeff
>> Lord and crew).   Through the ensuing discussion, I was told that *hardware
>> already exists for the server that I could get and just rebuild for YOU
>> GUYS.  *
>>
>> [Perhaps someone was actually suggesting that I clone what you are using
>> at Installfest for the Hackfest]?
>> *I was wondering where that PXE process was when we were setting up the
>> kids' Atom's?  Do we not host Netbook ISO?
>> Laugh!  *
>>
>> While I look young/blond <snicker>, I appreciate your assistance, and I
>> know you probably don't know me, while I have been active in Linux Community
>> since 1994, I haven't been around PLUG until 2006 and don't get to attend
>> meetings too much,  I mostly benefit from open creative brainstorming
>> discussions, since my server engineering and implementation experience is
>> very long and deep indeed: USBank, KeyBank, Department of the Army <snip out
>> 20 years>, skymall.com, icrossing.com, choicehotels.com,
>> UniversityofPhoenix.com, ivedasolutions.com, Polar Systems, Nike.com,
>> teleport.com, (blah) using some form of PXE/iSCSI PXE, gPXE boot or
>> server based build imaging tools (usually failing to use, since DHCP &
>> broadcasting is usually not allowed (depending on OSI layer devices) in PCI
>> Compliant Zone 0 network servers) and Sun/RHEl Jumpstart/kickstart Sat
>> servers.
>>
>
> I have the greatest respect for your background and knowledge. Clearly, t
> is stronger than mine by far and that is the reason I often find myself
> overwhelmed by your explanations.
>
>>
>> I see a great deal of petty "testing" and nattering about the abilities of
>> InstallFesters verses Hackfesters, or derision that this person or that
>> person can't even do Y, for instance.  I see a lot of people going on at
>> length about what they KNOW about a project or technology, yet offer no
>> assistance to get in and play build together?  I see other's laugh rather
>> than take the opportunity to learn from each other by asking questions, etc.
>>    Hans and Brian have done a great job with fostering community, and it
>> would be my hope that Installfests and Hackfests find common ground to
>> develop good collaboration; just as the Linux Security Teamsters do with the
>> Academic Arm of PLUG - recommending classes where they are certainly welcome
>> and needed.
>>
>
> No idea where this comes from.  I find most of PLUG to be considerate and
> helpful with only a few firebrands.  I know of no antagonism between
> Installfesters and Hackfesters.  I would also like to see more common ground
> though I think we can all agree that there are great differences in
> knowledge and expertise.
>
>>
>> We Linux Security Teamsters don't want to get into a position to "server
>> host"                                      ISOs  [loop mount/copy to
>> temp/add reverse shell/backdoors/burn to iso] and I already have a server
>> with a gPXE setup that can use my Terrabyte USB for providing build sources
>> (on a one by one copy basis) (like we are going to be using for the next
>> Security Distro Comparison [OWASP etc, all ACTIVE sec distros will be
>> compared in 3 hours]  Lab.
>>
>> *Suddenly I find myself thrust into the details of a former PXE failed
>> build and questionable configuration.*
>>
>> Not sure how to take thes two paragraphs though I previously explained you
> were NOT asked to do anything about any "failed build".
>
>
>> The beginning of a project involves SPECIFICATION.  What is your build
>> server need/specification please?  I also find a great deal of legacy PXE
>> build server integration discussion,  which involves a second build server
>> and additional DHCP server addressing (which is handled by the gPXE process
>> itself).  For what purposes is this complexity introduced?  Larry?  Is this
>> your tool which you feel comfortable maintaining?  Has someone suggested we
>> walk over your work?
>>
>
> To many thoughts here.  I don't know how to respond.  What second build
> server? Additional DHCP server because the network definition allows for
> multiple servers and I cannot configure UATs DHCP server and those provided
> by my routers don't, to my knowledge, allow configuraton to respond to a
> network boot request. This would be easier to discuss in person.  Not my
> tool or issue and no one suggested we "walk over your work".
>
>>
>> What is the purpose of specifying the whole build tree if it exists on a
>> remote drive (which can be copied right over to use?
>>
>
> Don't understand your question (probably a difference in our terminology).
>
>>
>> Clearly this is not the original request to build the Installfest a Server
>> Imaging Solution?
>> Clearly this does not involve taking existing hardware and providing a
>> solution?
>> Perhaps you were not there during that discussion and should have been?
>>
>
> No I was not and wish I had been.
>
>>
>> It sounds like you need someone to repair or rebuild, under your
>> specifications, a failed second PXE server?
>> Perhaps that server does not work for most of the systems or does not work
>> within the current network?  What and how does it fail?  What again are the
>> specifications so that we can image a great number of systems/netbooks and
>> provide a great number of modern distro choices, while meeting the needs
>> swiftly for our community (Colleges/University, PLUG) during the fests?
>>
>
> Answered above I hope.
>
>>
>> I did get the following email message from the Discussion list but not in
>> it's complete version.  Either the message appears to have completely missed
>> the point of the project or the request for me to build the PXE server
>> itself was out of context, without complete regard for your current roles
>> (and hopefully not meant as a critique of either of us).  Let's track toward
>> a solution, shall we?
>>
>
> Yep!!!!
>
>>
>> The specifications needed by the installfest include:
>>
>> large number of easily changeable ISOs
>> expandable
>> gPXE rather than PXE:
>>
>> NOTE:
>> gPXE must be supported by the BIOS to provide DHCP address, etc.
>>
>> *If gPXE is not supported by the BIOS, a USB Flashdisk with Grub2 is
>> needed (even providing menu to distro via ubootnetlin).*
>>
>
> or CD, or even floppy.  Ideally all types of client hardware can be
> supported.
>
>>
>> *I am interested in building you a gPXE server.  Not another PXE server.
>> I am not interested in taking over your failed spec or building a second
>> server.
>> *
>
>
> No problem although I would hope to support clients who already have
> network boot options in their BIOS.
>
>
>> *I believe you, Larry, can solve the problems described with the ISO  /
>> path as unrecognized because you are "chaining your server" and gPXE is not
>> recognized when passwd from PXE, getting gPXE from BIOS:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=etherboot-discuss&max_rows=25&style=nested&viewmonth=200807
>> *
>>
>
> I have no idea what this last paragraph says nor the purpose of the link.
> Sorry
>
>>
>> I am interested in recreating a new ISO repo with perhaps the inclusion of
>> a realtime MD certificate veracity test, available to the user/installer and
>> either immediately X-checked or checked later where networking is not
>> available.
>>
>
> Fine by me.  I don't know what you mean by "a realtime MD certificate
> veracity test" or the checking part.
>
>>
>> I am not interested in retaining your old ISOs or installation at any
>> level - easier to rebuild the whole server. What else is needed in the way
>> of services is needed here?
>>
>
> the existing collection of .ISOs is just a collection, not necessarily to
> be used for this.  Dunno what services you might be referring to.
>
>>
>> I am interested in questioning your distro list based upon what is
>> currently needed for netbooks, what has been installed recently and current
>> versions.
>>
>
> Mostly we have installed ubuntu, ubuntu derivatives, Puppy, Fedora.
> Versions usually the current and LTS releases.  Others have been rare, but
> with network booting and of Live distros I would expect more variety for
> tryouts.
>
>>
>> I am also interested in perhaps adding a PLUG specific content library
>> and/or github (but that would be more of a Linux Security Teamster function
>> for our API's, etc.
>>
>
> No idea what you are referring to unless it were a more available resource
> that just for installfests.  Perhaps this is a discussion related to
> coordinating activities for multiple PLUG groups.
>
>>
>> Does this clear things up at all?
>> *
>> We Security Teamsters need ethernet cabling and a 16 port hub.  *
>>
>
> We might be able to help with cables.  I bought my own switch when I needed
> one.
> <30>
>
>
>> Thanks very much Larry
>>
>> Might not be able to anp
>>
>> On Thu, Feb 3, 2011 at 4:34 PM, Dazed_75 <lthielster at gmail.com> wrote:
>>
>>> Bottom posting since I am including a HUGE piece of text.  See below.
>>>
>>> On Wed, Feb 2, 2011 at 9:22 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>>>
>>>> Larry,
>>>>
>>>> Can I come over and visit?
>>>>
>>>> How are you feeling?
>>>>
>>>> I can pick up that server or build it there with you?  Let me know what
>>>> to bring (my TB Nas or server tools).
>>>>
>>>> I am available all this week?
>>>>
>>>>
>>>> --
>>>>
>>>> (503) 754-4452
>>>> (623) 688-3392
>>>>
>>>>  http://www.obnosis.com
>>>> *Catch My MetaSploit & IP CAM Surveillence
>>>> Presentations @ ABLEConf.com in April!*
>>>>
>>>>
>>>>
>>>> I would enjoy having a visit if you can stand my bachelor quarters
>>> mess.  Be aware that I live in Apache Junction (almost) at roughly Highway
>>> 60 and Ironwood Drive.  It is already Thursday late afternoon and I have a
>>> Friday morning meeting so this week is pretty tight.  Let me know what
>>> options you have including if you would rather not drive so far.
>>>
>>> Actually I am doing very well considering that three weeks ago I was
>>> laying on an operating table with my chest open and my heart stopped while
>>> they did three bypasses.  I am walking around a mile each day and am finally
>>> sleeping decently.  I got permission to drive yesterday though I am still
>>> not supposed to lift more than 5 lbs at a time.
>>>
>>> The PXE server I built some while back is still running on the hardware
>>> listed in the very long description below.  I never really finished it
>>> because I did not like certain aspects of how it worked.  Specifically, the
>>> HOWTO I followed had me copy the CONTENT of each .iso to a directory on the
>>> hard disk and point the menu at its initrd.img or equivalent.  That and
>>> building/maintaining the menus seemed a LOT of work as distros to be
>>> included changed.  Also, I would like machines on the LAN to be able to copy
>>> the .iso files for their own use.
>>>
>>> I am hoping your methods let one simply have the .iso files on the server
>>> and a menu hierchy which is little more than an organized list of the .iso
>>> files which some description.  I am imagining the [g]PXE server either
>>> serving up the .iso to the PXE client or automounting the .iso needed only
>>> for the duration of the client boot though that may require too much menu
>>> work and too much bookkeeping to serve multiple PXE clients.
>>>
>>> Ideally, the PXE server can be added to an existing LAN and its DHCP
>>> server run along side the one serving the LAN, just offering a different
>>> range of IPs within the scope of the LAN but adding the PXE boot not offered
>>> by the base LAN DHCP server.  That is how mine is set up now though it
>>> currently depends on knowing what those values are.  Finding them
>>> dynamically would be even better.  If I were to have two routers (my home
>>> router and one for the installfest) set to service the same LAN IP ranges,
>>> that would allow me to use the PXE server either at home or in an
>>> installfest setting without changes.  A different option would be to set it
>>> up with rwo ethernet cards so one is used to connect to the home/office LAN
>>> and the other to service a separate LAN with the installable machines.  I
>>> don't like that as well generically, but ...
>>>
>>> One more thing is that the PXE server can ideally run headless but could
>>> also be used with a monitor, keyboard and mouse (or using a remote
>>> connection) as a normal GUI as can the one I built.  With that arrangement,
>>> it could be the only machine I would need to bring to the installfest.
>>>
>>> Lisa, the following is a copy of a message I sent to Todd, and Main that
>>> I thought you would get but I don't think you did.  Note that the form
>>> factor does not support a second hard drive. Note also that the list of
>>> distros on my portable drive is long and not all need to be PXE bootable
>>> although it would be handy if we were versatile enough to do so.
>>>
>>
<snip> original reply was bigger than allowed

>
>>>
>>> --
>>> Dazed_75 a.k.a. Larry
>>>
>>> The spirit of resistance to government is so valuable on certain
>>> occasions, that I wish it always to be kept alive.
>>>   - Thomas Jefferson
>>>
>>
>>
>>
>> --
>>
>> (503) 754-4452
>> (623) 688-3392
>>
>>  http://www.obnosis.com
>> *Catch My MetaSploit & IP CAM Surveillence
>> Presentations @ ABLEConf.com in April!*
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> Dazed_75 a.k.a. Larry
>
> The spirit of resistance to government is so valuable on certain occasions,
> that I wish it always to be kept alive.
>   - Thomas Jefferson
>



-- 
Dazed_75 a.k.a. Larry

The spirit of resistance to government is so valuable on certain occasions,
that I wish it always to be kept alive.
  - Thomas Jefferson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110204/2d10b568/attachment.html>


More information about the PLUG-discuss mailing list