iPXE network booting (was Re: [GSOC 2020] Booting via network)

[Giovanni Biscuolo]

Hello Brice and Vagrant

Vagrant Cascadian <address@hidden> writes:

> On 2020-03-30, Brice Waegeneire wrote:
>> I know it's quite late to submit a GSOC proposal but here it's.
>> I would like to work on the project suggested by Danny to
>> add PXE support to Guix. Which has been requested several
>> times on IRC and in the ML. This would get us a step closer
>> to provisioning bare bone machines directly from Guix.

Great feature, I hope you are not too late

[...]

>   https://ltsp.org

Thanks Vagrant for your work with LTSP in Debian!!!

I'm an _enthusiastic_ user of LTSP (LTSP5 now, but soon I'll experiment
20.04) and I'll be very happy to test (and help as I can) develop this
Guix feature (network booting, I mean).

I never used iPXE but... please consider using iPXE (if possible) for
Guix network booting and consider that this feature is a prerequisite
for seamless remote desktop with Guix (using x2go or xrdp like the new
LTSP is doing [1]) in addition to "diskless fat clients"; a very cool
feature, I think :-D

In addition to LAN booting, iPXE supports booting from:

* a web server via HTTP/HTTPS
* an iSCSI SAN
* a Fibre Channel SAN via FCoE
* an AoE SAN
* a wireless network
* a wide-area network
* an Infiniband network

inlcuding "code signing" to verify the authenticity and integrity of
files downloaded by iPXE.

Users will have many interesting, configurable [2] and secure ways to
boot Guix with iPXE :-D (imagine booting from a remote host connected
via a wireguard network connection... could it be possible?!?)

> None of it is scheme code, but there are possibly some useful ideas in
> there you could make use of. One of the big changes is making extensive
> use of iPXE, though that might need some further auditing to meet the
> FSDG (Free Software Distribution Guidelines?) for inclusion into Guix.

Vagrant plz do you have some specific potential issue in mind?

iPXE AFAIU is completely free software https://ipxe.org/licensing , it
also contains a tool that produces a detailed license analysis for each
ROM file.

On Guix iPXE could be used in "chainloading mode" [3] if the network
card already have a PXE implementation or - for advenced users - could
replace the network card ROM [4]: Guix service configuration should then
allow disabling chainloading for advanced users.

iPXE is still not packaged for Guix but it should not be hard to package
since AFAIU it uses standard GNU build tools and deps are all already
packaged (not sure about mkisofs and syslinux):

https://ipxe.org/download:
--8<---------------cut here---------------start------------->8---

[...]

build it using:

  cd ipxe/src
  make

You will need to have at least the following packages installed in order to 
build iPXE:

    gcc (version 3 or later)
    binutils (version 2.18 or later)
    make
    perl
    liblzma or xz header files
    mtools
    mkisofs (needed only for building .iso images)
    syslinux (for isolinux, needed only for building .iso images)

[...]

--8<---------------cut here---------------end--------------->8---

Making a iPXE ISO image could be useful to boot from CD-ROM/USB on
machines lacking NIC supporting PXE (do they still exist?)


HTH! Thanks, Gio'




[1] https://github.com/ltsp/community/issues/4: «thin client support is
now reduced to "remote desktop with xfreerdp / x2go / VNC".»
Exept VNC (that I do not consider useful in this scenario), x2go and
xrdp are still not packaged in Guix but we can work it out

[2] https://ipxe.org/embed and https://ipxe.org/scripting (including
dynamic scripts)

[3] https://ipxe.org/download#chainloading_from_an_existing_pxe_rom

[4] https://ipxe.org/howto/romburning

-- 
Giovanni Biscuolo

Xelera IT Infrastructures

signature.asc
Description: PGP signature