Resent after snipping some old text (message was bigger than list server allowed On Fri, Feb 4, 2011 at 1:19 PM, Dazed_75 wrote: > Yes, there has been miscommunication. I run the PLUG Installfests and a > year ago had decided to try to use a network boot environment in order to > serve many distributions. I have hardware for it and did set up two > renditions of a PXE server. Both worked, in fact, they also worked with > using a gPXE boot CD on a client machine. But neither has been used at an > installfest because neither was ever fully populated with distros. I was > not satisfied with the amount of work to add an ever-changing list of > distros. It was easier to keep the .iso's on an external drive and make > CD/DVDs as needed. This also served to provide installable media to users. > > I was not part of the discussion with you where you offered to build a > network boot server (I am avoiding the terms PXE and gPXE as much as > possible). I would be happy for you to do so but recognize that I will have > to understand it at least well enough to maintain it. I had thought my > telling you what I had and the environment I had tried to support (my home > lab and the installfest) would help to ensure we ended up with the most > serviceable unit we could. I suspect my poor understanding of PXE vs gPXE > and my not being part of that discussion you had with someone has led to the > misunderstandings. > > I certainly had no intent for you to fix anything I had built and > configured especially as it was all experimental. The only thing which had > failed was that it was a harder to maintain than what I was already doing. > When I was told about that other discussion and your offer, it sounded like > your solution might work better and be more maintainable. My description of > what I had done was more a description of my goals to help validate whether > that was true or not. And perhaps to help tweak your design to better fit > my environment. > > If you still want to do this, I am happy to provide my hardware to be wiped > and rebuilt. I would like to know how it is done so I can maintain it or > even replicate it if needed. Here are some of my design goals I would hope > to meet: > > - the network boot server should be portable between my UAT environment > and my home lab. Both are DHCP served LANs where I have little/no control > of the existing DHCP server configuration > - adding/removing distributions/releases to the list of network > bootable systems should be relatively easy > - it should support a fairly large number of distros and versions of > same > - it should support network booting of both Live and Install only > distros > - client machines should still have internet access > - client machines could ideally EITHER use a gPXE removable boot media, > get a gPXE loader from the network boot server, or still use their native > BIOS network boot code > - ideally, it should also support LAN clients downloading of .iso files > and/or local burning of CD/DVDs > > Thats all I can think of right now. Is it too much? Is it clear? > > More responses inserted below: > > On Thu, Feb 3, 2011 at 9:21 PM, Lisa Kachold wrote: > >> Larry! >> >> You sound like you are doing very well, indeed; traipsing off to scaLE >> just out of triangle heart bypassage surgery? >> >> Gee Larry, I believe there might be some mis-communication here? At the >> Installfest where Navin Markandeya and I appeared (while our holiday >> scheduling was being straightened out between Gangplankhq.com and John C. >> Lincoln Hospital) someone suggested I build a NEW PXE server for the >> installfest; which sounded fun - through my 24 years as a Unix Engineer and >> Admin, I have built a couple (some on the fly) used more than a couple, and >> most recently loved gPXE (ATJEU.com Hosting where did some work with Jeff >> Lord and crew). Through the ensuing discussion, I was told that *hardware >> already exists for the server that I could get and just rebuild for YOU >> GUYS. * >> >> [Perhaps someone was actually suggesting that I clone what you are using >> at Installfest for the Hackfest]? >> *I was wondering where that PXE process was when we were setting up the >> kids' Atom's? Do we not host Netbook ISO? >> Laugh! * >> >> While I look young/blond , I appreciate your assistance, and I >> know you probably don't know me, while I have been active in Linux Community >> since 1994, I haven't been around PLUG until 2006 and don't get to attend >> meetings too much, I mostly benefit from open creative brainstorming >> discussions, since my server engineering and implementation experience is >> very long and deep indeed: USBank, KeyBank, Department of the Army > 20 years>, skymall.com, icrossing.com, choicehotels.com, >> UniversityofPhoenix.com, ivedasolutions.com, Polar Systems, Nike.com, >> teleport.com, (blah) using some form of PXE/iSCSI PXE, gPXE boot or >> server based build imaging tools (usually failing to use, since DHCP & >> broadcasting is usually not allowed (depending on OSI layer devices) in PCI >> Compliant Zone 0 network servers) and Sun/RHEl Jumpstart/kickstart Sat >> servers. >> > > I have the greatest respect for your background and knowledge. Clearly, t > is stronger than mine by far and that is the reason I often find myself > overwhelmed by your explanations. > >> >> I see a great deal of petty "testing" and nattering about the abilities of >> InstallFesters verses Hackfesters, or derision that this person or that >> person can't even do Y, for instance. I see a lot of people going on at >> length about what they KNOW about a project or technology, yet offer no >> assistance to get in and play build together? I see other's laugh rather >> than take the opportunity to learn from each other by asking questions, etc. >> Hans and Brian have done a great job with fostering community, and it >> would be my hope that Installfests and Hackfests find common ground to >> develop good collaboration; just as the Linux Security Teamsters do with the >> Academic Arm of PLUG - recommending classes where they are certainly welcome >> and needed. >> > > No idea where this comes from. I find most of PLUG to be considerate and > helpful with only a few firebrands. I know of no antagonism between > Installfesters and Hackfesters. I would also like to see more common ground > though I think we can all agree that there are great differences in > knowledge and expertise. > >> >> We Linux Security Teamsters don't want to get into a position to "server >> host" ISOs [loop mount/copy to >> temp/add reverse shell/backdoors/burn to iso] and I already have a server >> with a gPXE setup that can use my Terrabyte USB for providing build sources >> (on a one by one copy basis) (like we are going to be using for the next >> Security Distro Comparison [OWASP etc, all ACTIVE sec distros will be >> compared in 3 hours] Lab. >> >> *Suddenly I find myself thrust into the details of a former PXE failed >> build and questionable configuration.* >> >> Not sure how to take thes two paragraphs though I previously explained you > were NOT asked to do anything about any "failed build". > > >> The beginning of a project involves SPECIFICATION. What is your build >> server need/specification please? I also find a great deal of legacy PXE >> build server integration discussion, which involves a second build server >> and additional DHCP server addressing (which is handled by the gPXE process >> itself). For what purposes is this complexity introduced? Larry? Is this >> your tool which you feel comfortable maintaining? Has someone suggested we >> walk over your work? >> > > To many thoughts here. I don't know how to respond. What second build > server? Additional DHCP server because the network definition allows for > multiple servers and I cannot configure UATs DHCP server and those provided > by my routers don't, to my knowledge, allow configuraton to respond to a > network boot request. This would be easier to discuss in person. Not my > tool or issue and no one suggested we "walk over your work". > >> >> What is the purpose of specifying the whole build tree if it exists on a >> remote drive (which can be copied right over to use? >> > > Don't understand your question (probably a difference in our terminology). > >> >> Clearly this is not the original request to build the Installfest a Server >> Imaging Solution? >> Clearly this does not involve taking existing hardware and providing a >> solution? >> Perhaps you were not there during that discussion and should have been? >> > > No I was not and wish I had been. > >> >> It sounds like you need someone to repair or rebuild, under your >> specifications, a failed second PXE server? >> Perhaps that server does not work for most of the systems or does not work >> within the current network? What and how does it fail? What again are the >> specifications so that we can image a great number of systems/netbooks and >> provide a great number of modern distro choices, while meeting the needs >> swiftly for our community (Colleges/University, PLUG) during the fests? >> > > Answered above I hope. > >> >> I did get the following email message from the Discussion list but not in >> it's complete version. Either the message appears to have completely missed >> the point of the project or the request for me to build the PXE server >> itself was out of context, without complete regard for your current roles >> (and hopefully not meant as a critique of either of us). Let's track toward >> a solution, shall we? >> > > Yep!!!! > >> >> The specifications needed by the installfest include: >> >> large number of easily changeable ISOs >> expandable >> gPXE rather than PXE: >> >> NOTE: >> gPXE must be supported by the BIOS to provide DHCP address, etc. >> >> *If gPXE is not supported by the BIOS, a USB Flashdisk with Grub2 is >> needed (even providing menu to distro via ubootnetlin).* >> > > or CD, or even floppy. Ideally all types of client hardware can be > supported. > >> >> *I am interested in building you a gPXE server. Not another PXE server. >> I am not interested in taking over your failed spec or building a second >> server. >> * > > > No problem although I would hope to support clients who already have > network boot options in their BIOS. > > >> *I believe you, Larry, can solve the problems described with the ISO / >> path as unrecognized because you are "chaining your server" and gPXE is not >> recognized when passwd from PXE, getting gPXE from BIOS: >> http://sourceforge.net/mailarchive/forum.php?forum_name=etherboot-discuss&max_rows=25&style=nested&viewmonth=200807 >> * >> > > I have no idea what this last paragraph says nor the purpose of the link. > Sorry > >> >> I am interested in recreating a new ISO repo with perhaps the inclusion of >> a realtime MD certificate veracity test, available to the user/installer and >> either immediately X-checked or checked later where networking is not >> available. >> > > Fine by me. I don't know what you mean by "a realtime MD certificate > veracity test" or the checking part. > >> >> I am not interested in retaining your old ISOs or installation at any >> level - easier to rebuild the whole server. What else is needed in the way >> of services is needed here? >> > > the existing collection of .ISOs is just a collection, not necessarily to > be used for this. Dunno what services you might be referring to. > >> >> I am interested in questioning your distro list based upon what is >> currently needed for netbooks, what has been installed recently and current >> versions. >> > > Mostly we have installed ubuntu, ubuntu derivatives, Puppy, Fedora. > Versions usually the current and LTS releases. Others have been rare, but > with network booting and of Live distros I would expect more variety for > tryouts. > >> >> I am also interested in perhaps adding a PLUG specific content library >> and/or github (but that would be more of a Linux Security Teamster function >> for our API's, etc. >> > > No idea what you are referring to unless it were a more available resource > that just for installfests. Perhaps this is a discussion related to > coordinating activities for multiple PLUG groups. > >> >> Does this clear things up at all? >> * >> We Security Teamsters need ethernet cabling and a 16 port hub. * >> > > We might be able to help with cables. I bought my own switch when I needed > one. > <30> > > >> Thanks very much Larry >> >> Might not be able to anp >> >> On Thu, Feb 3, 2011 at 4:34 PM, Dazed_75 wrote: >> >>> Bottom posting since I am including a HUGE piece of text. See below. >>> >>> On Wed, Feb 2, 2011 at 9:22 PM, Lisa Kachold wrote: >>> >>>> Larry, >>>> >>>> Can I come over and visit? >>>> >>>> How are you feeling? >>>> >>>> I can pick up that server or build it there with you? Let me know what >>>> to bring (my TB Nas or server tools). >>>> >>>> I am available all this week? >>>> >>>> >>>> -- >>>> >>>> (503) 754-4452 >>>> (623) 688-3392 >>>> >>>> http://www.obnosis.com >>>> *Catch My MetaSploit & IP CAM Surveillence >>>> Presentations @ ABLEConf.com in April!* >>>> >>>> >>>> >>>> I would enjoy having a visit if you can stand my bachelor quarters >>> mess. Be aware that I live in Apache Junction (almost) at roughly Highway >>> 60 and Ironwood Drive. It is already Thursday late afternoon and I have a >>> Friday morning meeting so this week is pretty tight. Let me know what >>> options you have including if you would rather not drive so far. >>> >>> Actually I am doing very well considering that three weeks ago I was >>> laying on an operating table with my chest open and my heart stopped while >>> they did three bypasses. I am walking around a mile each day and am finally >>> sleeping decently. I got permission to drive yesterday though I am still >>> not supposed to lift more than 5 lbs at a time. >>> >>> The PXE server I built some while back is still running on the hardware >>> listed in the very long description below. I never really finished it >>> because I did not like certain aspects of how it worked. Specifically, the >>> HOWTO I followed had me copy the CONTENT of each .iso to a directory on the >>> hard disk and point the menu at its initrd.img or equivalent. That and >>> building/maintaining the menus seemed a LOT of work as distros to be >>> included changed. Also, I would like machines on the LAN to be able to copy >>> the .iso files for their own use. >>> >>> I am hoping your methods let one simply have the .iso files on the server >>> and a menu hierchy which is little more than an organized list of the .iso >>> files which some description. I am imagining the [g]PXE server either >>> serving up the .iso to the PXE client or automounting the .iso needed only >>> for the duration of the client boot though that may require too much menu >>> work and too much bookkeeping to serve multiple PXE clients. >>> >>> Ideally, the PXE server can be added to an existing LAN and its DHCP >>> server run along side the one serving the LAN, just offering a different >>> range of IPs within the scope of the LAN but adding the PXE boot not offered >>> by the base LAN DHCP server. That is how mine is set up now though it >>> currently depends on knowing what those values are. Finding them >>> dynamically would be even better. If I were to have two routers (my home >>> router and one for the installfest) set to service the same LAN IP ranges, >>> that would allow me to use the PXE server either at home or in an >>> installfest setting without changes. A different option would be to set it >>> up with rwo ethernet cards so one is used to connect to the home/office LAN >>> and the other to service a separate LAN with the installable machines. I >>> don't like that as well generically, but ... >>> >>> One more thing is that the PXE server can ideally run headless but could >>> also be used with a monitor, keyboard and mouse (or using a remote >>> connection) as a normal GUI as can the one I built. With that arrangement, >>> it could be the only machine I would need to bring to the installfest. >>> >>> Lisa, the following is a copy of a message I sent to Todd, and Main that >>> I thought you would get but I don't think you did. Note that the form >>> factor does not support a second hard drive. Note also that the list of >>> distros on my portable drive is long and not all need to be PXE bootable >>> although it would be handy if we were versatile enough to do so. >>> >> original reply was bigger than allowed > >>> >>> -- >>> Dazed_75 a.k.a. Larry >>> >>> The spirit of resistance to government is so valuable on certain >>> occasions, that I wish it always to be kept alive. >>> - Thomas Jefferson >>> >> >> >> >> -- >> >> (503) 754-4452 >> (623) 688-3392 >> >> http://www.obnosis.com >> *Catch My MetaSploit & IP CAM Surveillence >> Presentations @ ABLEConf.com in April!* >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > > -- > Dazed_75 a.k.a. Larry > > The spirit of resistance to government is so valuable on certain occasions, > that I wish it always to be kept alive. > - Thomas Jefferson > -- Dazed_75 a.k.a. Larry The spirit of resistance to government is so valuable on certain occasions, that I wish it always to be kept alive. - Thomas Jefferson