WIP: PXE boot server (for kickstarting hardware) #181
Conversation
|
Making this a draft for you :) |
|
|
||
| - name: Enable tftp server socket | ||
| systemd: | ||
| name: tftp.socket |
There was a problem hiding this comment.
I would really rather not use tftp. It's insecure, old as heck, and udp i.e. Slow.
There was a problem hiding this comment.
UEFI can probably load the boot files over HTTP, but I'm not sure if that's an option for BIOS. Since this is only for loading the boot files when initially installing a host, is the slowness / security an issue? The TFTP server should only be exposed to the network from which the servers get installed.
There was a problem hiding this comment.
UEFI not only supports HTTP, but HTTPS (with certificate verification).
There was a problem hiding this comment.
TFTP also has other nasty problems: being able to send a UDP packet to the client is Game Over. I strongly recommend making sure the “network” is just a single cable.
| path: '/var/lib/tftpboot/uefi' | ||
| state: directory | ||
|
|
||
| # Are there better ways to get these same files into the tftpboot directory? |
There was a problem hiding this comment.
We can add a reposync to a local mirror later on. This is good enough for now.
Can you log an issue and link to it in this via an @todo or something?
There was a problem hiding this comment.
EDIT: oops, replied to the wrong comment :-)
|
|
||
| # This is to try to avoid the handler issue in pre/post tasks | ||
| handlers: | ||
| - include: handlers/main.yml |
There was a problem hiding this comment.
Leaving a note here so as not to be forgotten. Please update the include statement with the new import_tasks as ansible docs suggest.
There was a problem hiding this comment.
Can you add a lint check to reject commits which perform this (unwanted) behavior? Is it possible?
I'm working on this related to #14
This is not even tested yet, but I'll work on it during the weekend, just making this PR in case someone has ideas they want to bring up.