Resent after snipping some old text (message was bigger than list server allowed
Yes, there has been miscommunication. I run the PLUG Installfests and a year ago had decided to try to use a network boot environment in order to serve many distributions. I have hardware for it and did set up two renditions of a PXE server. Both worked, in fact, they also worked with using a gPXE boot CD on a client machine. But neither has been used at an installfest because neither was ever fully populated with distros. I was not satisfied with the amount of work to add an ever-changing list of distros. It was easier to keep the .iso's on an external drive and make CD/DVDs as needed. This also served to provide installable media to users.
I was not part of the discussion with you where you offered to build a network boot server (I am avoiding the terms PXE and gPXE as much as possible). I would be happy for you to do so but recognize that I will have to understand it at least well enough to maintain it. I had thought my telling you what I had and the environment I had tried to support (my home lab and the installfest) would help to ensure we ended up with the most serviceable unit we could. I suspect my poor understanding of PXE vs gPXE and my not being part of that discussion you had with someone has led to the misunderstandings.
I certainly had no intent for you to fix anything I had built and configured especially as it was all experimental. The only thing which had failed was that it was a harder to maintain than what I was already doing. When I was told about that other discussion and your offer, it sounded like your solution might work better and be more maintainable. My description of what I had done was more a description of my goals to help validate whether that was true or not. And perhaps to help tweak your design to better fit my environment.
If you still want to do this, I am happy to provide my hardware to be wiped and rebuilt. I would like to know how it is done so I can maintain it or even replicate it if needed. Here are some of my design goals I would hope to meet:
Thats all I can think of right now. Is it too much? Is it clear?
- the network boot server should be portable between my UAT environment and my home lab. Both are DHCP served LANs where I have little/no control of the existing DHCP server configuration
- adding/removing distributions/releases to the list of network bootable systems should be relatively easy
- it should support a fairly large number of distros and versions of same
- it should support network booting of both Live and Install only distros
- client machines should still have internet access
- client machines could ideally EITHER use a gPXE removable boot media, get a gPXE loader from the network boot server, or still use their native BIOS network boot code
- ideally, it should also support LAN clients downloading of .iso files and/or local burning of CD/DVDs
More responses inserted below:On Thu, Feb 3, 2011 at 9:21 PM, Lisa Kachold <lisakachold@obnosis.com> wrote:
Larry!
You sound like you are doing very well, indeed; traipsing off to scaLE just out of triangle heart bypassage surgery?
Gee Larry, I believe there might be some mis-communication here? At the Installfest where Navin Markandeya and I appeared (while our holiday scheduling was being straightened out between Gangplankhq.com and John C. Lincoln Hospital) someone suggested I build a NEW PXE server for the installfest; which sounded fun - through my 24 years as a Unix Engineer and Admin, I have built a couple (some on the fly) used more than a couple, and most recently loved gPXE (ATJEU.com Hosting where did some work with Jeff Lord and crew). Through the ensuing discussion, I was told that hardware already exists for the server that I could get and just rebuild for YOU GUYS.
[Perhaps someone was actually suggesting that I clone what you are using at Installfest for the Hackfest]?
I was wondering where that PXE process was when we were setting up the kids' Atom's? Do we not host Netbook ISO?
Laugh!
While I look young/blond <snicker>, I appreciate your assistance, and I know you probably don't know me, while I have been active in Linux Community since 1994, I haven't been around PLUG until 2006 and don't get to attend meetings too much, I mostly benefit from open creative brainstorming discussions, since my server engineering and implementation experience is very long and deep indeed: USBank, KeyBank, Department of the Army <snip out 20 years>, skymall.com, icrossing.com, choicehotels.com, UniversityofPhoenix.com, ivedasolutions.com, Polar Systems, Nike.com, teleport.com, (blah) using some form of PXE/iSCSI PXE, gPXE boot or server based build imaging tools (usually failing to use, since DHCP & broadcasting is usually not allowed (depending on OSI layer devices) in PCI Compliant Zone 0 network servers) and Sun/RHEl Jumpstart/kickstart Sat servers.
I have the greatest respect for your background and knowledge. Clearly, t is stronger than mine by far and that is the reason I often find myself overwhelmed by your explanations.
I see a great deal of petty "testing" and nattering about the abilities of InstallFesters verses Hackfesters, or derision that this person or that person can't even do Y, for instance. I see a lot of people going on at length about what they KNOW about a project or technology, yet offer no assistance to get in and play build together? I see other's laugh rather than take the opportunity to learn from each other by asking questions, etc. Hans and Brian have done a great job with fostering community, and it would be my hope that Installfests and Hackfests find common ground to develop good collaboration; just as the Linux Security Teamsters do with the Academic Arm of PLUG - recommending classes where they are certainly welcome and needed.
No idea where this comes from. I find most of PLUG to be considerate and helpful with only a few firebrands. I know of no antagonism between Installfesters and Hackfesters. I would also like to see more common ground though I think we can all agree that there are great differences in knowledge and expertise.
We Linux Security Teamsters don't want to get into a position to "server host" ISOs [loop mount/copy to temp/add reverse shell/backdoors/burn to iso] and I already have a server with a gPXE setup that can use my Terrabyte USB for providing build sources (on a one by one copy basis) (like we are going to be using for the next Security Distro Comparison [OWASP etc, all ACTIVE sec distros will be compared in 3 hours] Lab.
Suddenly I find myself thrust into the details of a former PXE failed build and questionable configuration.Not sure how to take thes two paragraphs though I previously explained you were NOT asked to do anything about any "failed build".
The beginning of a project involves SPECIFICATION. What is your build server need/specification please? I also find a great deal of legacy PXE build server integration discussion, which involves a second build server and additional DHCP server addressing (which is handled by the gPXE process itself). For what purposes is this complexity introduced? Larry? Is this your tool which you feel comfortable maintaining? Has someone suggested we walk over your work?
To many thoughts here. I don't know how to respond. What second build server? Additional DHCP server because the network definition allows for multiple servers and I cannot configure UATs DHCP server and those provided by my routers don't, to my knowledge, allow configuraton to respond to a network boot request. This would be easier to discuss in person. Not my tool or issue and no one suggested we "walk over your work".
What is the purpose of specifying the whole build tree if it exists on a remote drive (which can be copied right over to use?
Don't understand your question (probably a difference in our terminology).
Clearly this is not the original request to build the Installfest a Server Imaging Solution?
Clearly this does not involve taking existing hardware and providing a solution?
Perhaps you were not there during that discussion and should have been?
No I was not and wish I had been.
It sounds like you need someone to repair or rebuild, under your specifications, a failed second PXE server?
Perhaps that server does not work for most of the systems or does not work within the current network? What and how does it fail? What again are the specifications so that we can image a great number of systems/netbooks and provide a great number of modern distro choices, while meeting the needs swiftly for our community (Colleges/University, PLUG) during the fests?
Answered above I hope.
I did get the following email message from the Discussion list but not in it's complete version. Either the message appears to have completely missed the point of the project or the request for me to build the PXE server itself was out of context, without complete regard for your current roles (and hopefully not meant as a critique of either of us). Let's track toward a solution, shall we?
Yep!!!!
The specifications needed by the installfest include:
large number of easily changeable ISOs
expandable
gPXE rather than PXE:
NOTE:
gPXE must be supported by the BIOS to provide DHCP address, etc.
If gPXE is not supported by the BIOS, a USB Flashdisk with Grub2 is needed (even providing menu to distro via ubootnetlin).
or CD, or even floppy. Ideally all types of client hardware can be supported.
I am interested in building you a gPXE server. Not another PXE server. I am not interested in taking over your failed spec or building a second server.
No problem although I would hope to support clients who already have network boot options in their BIOS.
I believe you, Larry, can solve the problems described with the ISO / path as unrecognized because you are "chaining your server" and gPXE is not recognized when passwd from PXE, getting gPXE from BIOS: http://sourceforge.net/mailarchive/forum.php?forum_name=etherboot-discuss&max_rows=25&style=nested&viewmonth=200807
I have no idea what this last paragraph says nor the purpose of the link. Sorry
I am interested in recreating a new ISO repo with perhaps the inclusion of a realtime MD certificate veracity test, available to the user/installer and either immediately X-checked or checked later where networking is not available.
Fine by me. I don't know what you mean by "a realtime MD certificate veracity test" or the checking part.
I am not interested in retaining your old ISOs or installation at any level - easier to rebuild the whole server. What else is needed in the way of services is needed here?
the existing collection of .ISOs is just a collection, not necessarily to be used for this. Dunno what services you might be referring to.
I am interested in questioning your distro list based upon what is currently needed for netbooks, what has been installed recently and current versions.
Mostly we have installed ubuntu, ubuntu derivatives, Puppy, Fedora. Versions usually the current and LTS releases. Others have been rare, but with network booting and of Live distros I would expect more variety for tryouts.
I am also interested in perhaps adding a PLUG specific content library and/or github (but that would be more of a Linux Security Teamster function for our API's, etc.
No idea what you are referring to unless it were a more available resource that just for installfests. Perhaps this is a discussion related to coordinating activities for multiple PLUG groups.
Does this clear things up at all?
We Security Teamsters need ethernet cabling and a 16 port hub.
We might be able to help with cables. I bought my own switch when I needed one.
<30>
Thanks very much Larry
Might not be able to anpOn Thu, Feb 3, 2011 at 4:34 PM, Dazed_75 <lthielster@gmail.com> wrote:
Bottom posting since I am including a HUGE piece of text. See below.On Wed, Feb 2, 2011 at 9:22 PM, Lisa Kachold <lisakachold@obnosis.com> wrote:
Larry,
Can I come over and visit?
How are you feeling?
I can pick up that server or build it there with you? Let me know what to bring (my TB Nas or server tools).
I am available all this week?
--
(503) 754-4452
(623) 688-3392
http://www.obnosis.com
Catch My MetaSploit & IP CAM Surveillence
Presentations @ ABLEConf.com in April!
I would enjoy having a visit if you can stand my bachelor quarters mess. Be aware that I live in Apache Junction (almost) at roughly Highway 60 and Ironwood Drive. It is already Thursday late afternoon and I have a Friday morning meeting so this week is pretty tight. Let me know what options you have including if you would rather not drive so far.
Actually I am doing very well considering that three weeks ago I was laying on an operating table with my chest open and my heart stopped while they did three bypasses. I am walking around a mile each day and am finally sleeping decently. I got permission to drive yesterday though I am still not supposed to lift more than 5 lbs at a time.
The PXE server I built some while back is still running on the hardware listed in the very long description below. I never really finished it because I did not like certain aspects of how it worked. Specifically, the HOWTO I followed had me copy the CONTENT of each .iso to a directory on the hard disk and point the menu at its initrd.img or equivalent. That and building/maintaining the menus seemed a LOT of work as distros to be included changed. Also, I would like machines on the LAN to be able to copy the .iso files for their own use.
I am hoping your methods let one simply have the .iso files on the server and a menu hierchy which is little more than an organized list of the .iso files which some description. I am imagining the [g]PXE server either serving up the .iso to the PXE client or automounting the .iso needed only for the duration of the client boot though that may require too much menu work and too much bookkeeping to serve multiple PXE clients.
Ideally, the PXE server can be added to an existing LAN and its DHCP server run along side the one serving the LAN, just offering a different range of IPs within the scope of the LAN but adding the PXE boot not offered by the base LAN DHCP server. That is how mine is set up now though it currently depends on knowing what those values are. Finding them dynamically would be even better. If I were to have two routers (my home router and one for the installfest) set to service the same LAN IP ranges, that would allow me to use the PXE server either at home or in an installfest setting without changes. A different option would be to set it up with rwo ethernet cards so one is used to connect to the home/office LAN and the other to service a separate LAN with the installable machines. I don't like that as well generically, but ...
One more thing is that the PXE server can ideally run headless but could also be used with a monitor, keyboard and mouse (or using a remote connection) as a normal GUI as can the one I built. With that arrangement, it could be the only machine I would need to bring to the installfest.
Lisa, the following is a copy of a message I sent to Todd, and Main that I thought you would get but I don't think you did. Note that the form factor does not support a second hard drive. Note also that the list of distros on my portable drive is long and not all need to be PXE bootable although it would be handy if we were versatile enough to do so.
--
Dazed_75 a.k.a. Larry
The spirit of resistance to government is so valuable on certain occasions, that I wish it always to be kept alive.
- Thomas Jefferson
--
(503) 754-4452
(623) 688-3392
http://www.obnosis.com
Catch My MetaSploit & IP CAM Surveillence
Presentations @ ABLEConf.com in April!
--
Dazed_75 a.k.a. Larry
The spirit of resistance to government is so valuable on certain occasions, that I wish it always to be kept alive.
- Thomas Jefferson