top | item 45979680

(no title)

zorlack | 3 months ago

The fun thing about learning to boot from PXE, is that you have to learn it every time you onboard a new type of hardware... or a new VM hypervisor... or new NIC firmware... or new BIOS firmware.

God help you if you actually want to install an operating system.

PXE is such a vital capability for working with on-prem servers. But it's ten different things which all have to play nicely together. Every time I build a PXE system I feel like I'm reinventing the universe in my tiny subnet.

discuss

legooolas|3 months ago

I've not found this at all -- PXE "just works" on legacy boot or UEFI for me. I've used it for years to install hosts via Foreman (https://theforeman.org/), as well as for personal stuff on my home network, and it's so much better than getting people to use USB sticks or whatever else!

hardwaresofton|3 months ago

Agreed, PXE seems ideal for provisioning things, but it's just too hard to use, especially when you're not on a network you fully control.

I just want to start the computer, and have it download an immutable OS image from somewhere I decide (and supply a checksum for, etc). I don't want to set up TFTP or any of this other stuff. It feels like I should be able to just specify an IP (let's say) a checksum (maybe supply that information to the NIC directly somehow), and be off to the races after a reboot.

convolvatron|3 months ago

replace the PXE stack with an OS installer written in UEFI. This bootload can be installed through a guest running on the host in the EFI partition, or possibly through PXE or direct UEFI http load.

this allows you intermediate the boot process without coordinating with the administrative owner of the DHCP server, and is actually less janky than PXE

webdevver|3 months ago

we need to go /stalinmode/ on the whole bootup and initialization industry subsector. it should be required by law for that stuff to be open source and documented.

"but muh competitive advantage??"

its literally a for loop that reads sectors from disk/network into memory and jumps to the start address.

if a local build of the (vendor provided source code) firmware doesn't match the checksum of the build thats flashed on the actual mobo, you get sent to a cobalt mine.

toast0|3 months ago

Boot by committee (UEFI) doesn't seem much better than boot by fiat (BIOS). For everything nice it gives you, you lose something nice that BIOS gave you ... or you have something nice that you lose when you exit boot services. Or there's an extension for something nice that isn't usable on mainstream hardware.

UEFI gives you nicer video modes, but not a text mode after boot services.

UEFI has an extension for booting images from the network, but afaik, it's impossible to use, and there's no reasonable way to boot from a disk image; working UEFI network boot has to pull pieces out of the filesytem and present them seperately; as opposed to MEMDISK which makes the image available as a BIOS disk and the image is labeled so that one the OS is loaded, the image can be used without BIOS hooks. If this is possible on UEFI generally, it isn't widely distributed knowledge. Something that will work on any UEFI system that makes it to iPXE, subject to changes to the OS in the image (which is reasonable... MEMDISK needs changes too, unless the OS runs all disk I/O through BIOS APIs)

pjc50|3 months ago

You're getting downvotes for being hyperbolic about it, but boot integrity is really both a consumer safety and a national security issue.

generalizations|3 months ago

I’m confused, are you talking about getting PXE enabled in the hardware, or customizing something about your PXE software for the new hardware?

zorlack|3 months ago

There's a lot of nonsense at every level. Especially when dealing with heterogenous infrastructure.

Some NICs support http. Some NICs support tftp. Some NICs have enough memory for a big iPXE, other NICs don't. Some BMC systems make next-boot-to-lan easy, but not all.

We almost always use iPXE in order to normalize our pxe environment before OS kickstart. There's a lot to it and quite a lot of little things that can go wrong. Oh, and every bit of it becomes critical infra.

kasabali|3 months ago

All of 'em.

happyPersonR|3 months ago

Yeah in order to automate, you’ve gotta know something about what you’re automating. PXE is not different.