<div dir="ltr">Jarrod,<div><br></div><div>Ah, the notion of anonymity on the internet - well played finding me on LinkedIn. Yes, I work for Walmart. I just didn't want to use my work email for the reasons I mentioned earlier.</div>
<div><br></div><div>I actually just touched base with Matthew Helton, a member of our infrastructure team, two weeks ago to discuss his current utilization of iPXE in our environment. He's posted on a few forums and contributed a bit to the project in the past, it seems, and he's become quite proficient at automating builds for specific needs. Not sure if his name is at all familiar to you, but I thought I'd mention him just in case.</div>
<div><br></div><div>After emailing you, I did plenty more research and became aware of the fact that a lot of projects already use iPXE in the manner that I was suggesting without explicitly mentioning it by name. Puppet's Razor framework and VMware come to mind right off the bat, but most of these are either overly-complex for what I'd want to do or come with a cost. I guess what I found most tantalizing was the following line from the iPXE site:</div>
<div><br></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div>"The <code>boot.php</code> program running on the web server could dynamically generate a script based on the information provided in the <acronym title="Uniform Resource Locator">URL</acronym>. For example, <code>boot.php</code> could look up the asset tag in a MySQL database to determine the correct <acronym title="Internet Small Computer Systems Interface">iSCSI</acronym> target to boot from, and then dynamically generate a script"</div>
</blockquote><br><div>This is stated . . . but there's no correlated project or example given directly. Finding this and Robin Smidsrød's menu library was a bit of a tease, I suppose.</div><div><br></div><div>I suppose I've gotten a bit ahead of myself and should really circle back to the root of how I stumbled upon iPXE. I'm a Security Systems Engineer at Walmart, meaning I set up and configure testing platforms, images, software, and what-have-you for a team of analysts, pen-testers, and white-hat hackers. As you can imagine, we often have to deploy systems into non-standard or diverse environments (hence my mention of not using DHCP), blow away and build clean images after a test is performed, and otherwise reconfigure systems on a rotating or ad-hoc basis.</div>
<div><br></div><div>Since I'm not a part of the Infrastructure team (and teams don't like to share what they view as "theirs," of course), I often don't have the luxury of direct access to an iLO, hypervisor, or one of their awesome build-management systems. This means I generally wind up having to work through a mess of processes and procedures to accomplish something viewed as "non-standard" simply because my team's tools and operations aren't well understood.</div>
<div><br></div><div>I started chatting with the maintainers of Kali Linux (formerly Backtrack) to see what their ideas were since it's a common platform for my team, and they're very motivated to improve their ability to distribute and integrate Kali into enterprise environments. After some digging from both parties, we thought iPXE could have some promise for what I was looking for. However, I never could find a project that was both simple yet flexible enough to do what I wanted without building it myself (and I'm not the greatest programmer in the world). On one hand, there are full-fledged build-management systems which are complete overkill for my needs and not something I want to set up and maintain for just my team. On the other hand, I could strap things together manually to at least automate a bit of the process. There really isn't a nice middle-ground.</div>
<div><br></div><div>So, I suppose that pretty well describes my story and where I'm coming from. Let me know if you have any thoughts, and I'd love to include Matt if you'd like to see some of the scripting and automation he's developed in his spare time. I appreciate your time, this project, and all of your contributions.</div>
<div><br></div><div>Andrew Summers</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Mar 14, 2014 at 10:57 AM, Jarrod Johnson <span dir="ltr"><<a href="mailto:jarrod.b.johnson@gmail.com" target="_blank">jarrod.b.johnson@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div><div><div></div><div>FWIW, you can look at 'IBM FastSetup', which already employs iPXE in this manner. They use iPXE on a floppy image as a means to sidestep any DHCP requirement around netboot. The scheme is easily made workable yet generic in UEFI mode (i.e. not having to include any specific drivers, just SNP). xnba repository contains some bits and pieces not yet in main ipxe required to facilitate such a thing. I have plans to make more changes enhancing the scenario and will announce them to ipxe-devel as I commit to xnba repository, and iPXE can elect to ignore/take in such changes as they come about.<br>
</div></div></div></div></div></div></div></div><div class="gmail_extra"><br><br><div class="gmail_quote"><div><div class="h5">On Fri, Feb 21, 2014 at 2:29 PM, Andrew "Arthur" Summers <span dir="ltr"><<a href="mailto:arthur.summers@gmail.com" target="_blank">arthur.summers@gmail.com</a>></span> wrote:<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr"><p class="MsoNormal">Team,</p><p class="MsoNormal"><br></p><p class="MsoNormal">
I have an idea and potential enterprise use case for iPXE that I wanted to share with you. I debated sending this via my corporate email so it would stand out a little more in your inbox, but I thought that should this idea be viable enough to become something bigger, it would potentially be considered intellectual property of my company from a legal standpoint. However, let’s just say that I work for a VERY big company (I’ll narrow it down a little and say it’s in the Fortune Top 5).</p>
<p class="MsoNormal"><br></p><p class="MsoNormal">As I’m sure you’re aware, no enterprise datacenter uses DHCP for its systems. What’s more, even if DHCP is used for backend interfaces, this becomes a problem when NATs and subnets are part of the picture. Even more frustrating is the fact that reconfiguring a system or attaching an ISO to an iLO or a VM usually requires involving a different team, filling out a form, logging hours, and jumping through a dozen or so hoops. Further, performing a zero-touch install generally requires creating a preseeded image for every target, and these generally aren’t as tiny as an iPXE ISO.</p>
<p class="MsoNormal"><br></p><p class="MsoNormal">Enter iPXE. My thought is that this little gem could be used as a “software iLO” of sorts to give control over a system’s boot process by using some simple dynamic scripts and backend configuration data. Instead of preseeding a full image for a system and needing to remove it after the system is installed, a system could be configured with the tiny iPXE ISO permanently attached. The only preseeding needed would be static IP information. Let me walk you through a potential boot process:</p>
<p class="MsoNormal"><br></p><p class="MsoNormal">CLIENT SYSTEM/VM</p><p class="MsoNormal">- iPXE ISO</p><p class="MsoNormal">- Preseeded with static IP config</p><p class="MsoNormal">- Basic script pointing to repo (if unreachable, boot from HDD)</p>
<p class="MsoNormal"> | /\</p><p class="MsoNormal">\/ |</p><p class="MsoNormal">boot return config, preseed, boot media</p><p class="MsoNormal"> | /\</p><p class="MsoNormal">\/ |</p>
<p class="MsoNormal">REPO SERVER</p><p class="MsoNormal">- PHP to provide client-specific dynamic config</p><p class="MsoNormal">- Boot media (via sanboot/TFTP/etc depending on system)</p><p class="MsoNormal">- Database with preseed and iPXE script info for each client</p>
<p class="MsoNormal"> - First boot or system marked for reimaging?</p><p class="MsoNormal"> - Return config information and script to perform fresh install</p><p class="MsoNormal"> - Update record in DB to allow regular boot</p>
<p class="MsoNormal"> - Not first boot or marked for reimaging?</p><p class="MsoNormal"> - Return script instructing boot from local media</p><p class="MsoNormal"><br></p><p class="MsoNormal">When the client boots, iPXE loads, configures static IP information, and reaches out to the repository. If the repository is unavailable for some reason, iPXE continues to boot from local media. Otherwise, the repository looks at its database for config information for the client. If this is the first request from the client or it has been marked for reimaging, the configuration data is dynamically returned to the client, the database is updated to allow the client to boot from local media on subsequent boots, and the client boots appropriately. If the client has previously made a request or is not marked for reimaging, the repository simpy dynamically returns a script instructing iPXE to boot the client from local media.</p>
<p class="MsoNormal"><br></p><p class="MsoNormal">There are obviously a few components that need to be built to allow all of this to work:</p><p class="MsoNormal"></p><ul><li>Some sort of management console (web based?) for entering/updating client information<br>
</li><ul><li>Would be great if AD integration were possible with role separation (role for changing configs, role for marking systems for reimaging, audit role, etc)</li></ul><li>Database to store client information (perhaps paired with something like OpenStack/SaltStack?)</li>
<ul><li>Flexible options for backend integration (SQL Server, MySQL, etc)</li></ul><li>PHP backend to serve dynamic configuration info to iPXE requests</li><li>Tool to generate iPXE ISOs with preseeded static IP information</li>
<ul><li>Looked at ROM-o-Matic</li><li>Would ideally allow the creation of multiple ISOs based on a CSV or a feed from the DB</li><li>Web-based? Would need to be platform-agnostic</li></ul><li>iPXE currently doesn’t recognize Hyper-V vNICs unless a legacy adapter is used</li>
</ul><p></p><p class="MsoNormal">I’ll admit that I’m no developer, but I’m no stranger to code, either. Let me know what your thoughts are, and if there’s any way I can assist, I’d be more than willing to do so.</p><p class="MsoNormal">
<br></p><p class="MsoNormal">Regards,</p><p class="MsoNormal"><br></p><p class="MsoNormal">Andrew "Arthur" Summers</p><div><br></div></div>
<br></div></div>_______________________________________________<br>
ipxe-devel mailing list<br>
<a href="mailto:ipxe-devel@lists.ipxe.org" target="_blank">ipxe-devel@lists.ipxe.org</a><br>
<a href="https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel" target="_blank">https://lists.ipxe.org/mailman/listinfo.cgi/ipxe-devel</a><br>
<br></blockquote></div><br></div>
</blockquote></div><br></div>