Hello! I have outlined a proposal for a new feature of pxelinux in http://www.zytor.com/pipermail/syslinux/2004-December/004360.html (see the last couple of sentences) but nobody has commented it, so I am asking again: Imagine a company with a lot of departments and where network booting is widely used. Each department has different needs when it comes to operating systems. Because things change very often, it would be a nightmare for a single administrator to update the pxelinux configuration file. The administrator should be able to delegate the task of maintainung the configuration file to the departments: The master configuration file created by the administrator only provides a basic set of boot images and each department should be able to add new ones. Therefore I think that a LOADCONFIG command would be useful for pxelinux. Here is an expample: pxelinux.cfg/default LABEL load_new_config LOADCONFIG 192.168.0.1::my_new_config when load_new_config is selected pxelinux downloads the file "my_new_config" from the TFTP server with the IP 192.168.0.1 and uses it as its configuration file. Comments? Good or bad idea (and why)? Alex
Alexander Heinz wrote:> Hello! > > I have outlined a proposal for a new feature of pxelinux in > http://www.zytor.com/pipermail/syslinux/2004-December/004360.html (see > the last couple of sentences) but nobody has commented it, so I am > asking again: > > Imagine a company with a lot of departments and where network booting is > widely used. Each department has different needs when it comes to > operating systems. > Because things change very often, it would be a nightmare for a single > administrator to update the pxelinux configuration file. > The administrator should be able to delegate the task of maintainung the > configuration file to the departments: > The master configuration file created by the administrator only provides > a basic set of boot images and each department should be able to add new > ones.Have you considered autogenerating these from templates?> Therefore I think that a LOADCONFIG command would be useful for pxelinux. > > Here is an expample: > pxelinux.cfg/default > LABEL load_new_config > LOADCONFIG 192.168.0.1::my_new_config > > when load_new_config is selected pxelinux downloads the file > "my_new_config" from the TFTP server with the IP 192.168.0.1 and uses it > as its configuration file. > > Comments? Good or bad idea (and why)?Any reason you can't specify different config files via DHCP options and/or links on your TFTP server? -hpa
Alexander Heinz wrote:> Hello! > > I have outlined a proposal for a new feature of pxelinux in > http://www.zytor.com/pipermail/syslinux/2004-December/004360.html (see > the last couple of sentences) but nobody has commented it, so I am > asking again: > > Imagine a company with a lot of departments and where network booting > is widely used. Each department has different needs when it comes to > operating systems. > Because things change very often, it would be a nightmare for a single > administrator to update the pxelinux configuration file. > The administrator should be able to delegate the task of maintainung > the configuration file to the departments: > The master configuration file created by the administrator only > provides a basic set of boot images and each department should be able > to add new ones. > Therefore I think that a LOADCONFIG command would be useful for pxelinux. > > Here is an expample: > pxelinux.cfg/default > LABEL load_new_config > LOADCONFIG 192.168.0.1::my_new_config > > when load_new_config is selected pxelinux downloads the file > "my_new_config" from the TFTP server with the IP 192.168.0.1 and uses > it as its configuration file. > > Comments? Good or bad idea (and why)? > > Alexwhile and include mechanism would be nice, I would be a bit concerned about the exposure to a trojan file. and what if numeric ips are later supplemented with DNS lookups ? are you now exposed to dns hijacking w/in your network ? If this duct-tape is holding your enterprise together, it seems safer to get updates by email, then push those out after youve inspected them etc.. how much updating do you envision happening that a simpler include mechanism would still be a burden? Further, it seems that it doesnt cover the whole problem, youve still got a DHCP server in most situations, and having one config-base shifting independently and uncoordinated with another seems to be asking for trouble. It doesnt seem impractical to write scripts or a makefile to do sanity checks and automate the tedious parts. I suppose it could be a compile-time option, and the paranoid could turn it off
> while and include mechanism would be nice, > I would be a bit concerned about the exposure to a trojan file. > > and what if numeric ips are later supplemented with DNS lookups ? > are you now exposed to dns hijacking w/in your network ?dns hijacking is already a problem with current versions of pxelinux and not specific to my proposal.> If this duct-tape is holding your enterprise together, > it seems safer to get updates by email, then push those > out after youve inspected them etc..That would be a lot of (stupid) work for a single person if there are frequent updates.> how much updating do you envision happening that > a simpler include mechanism would still be a burden?What do you mean by "include mechaism"? Should pxelinux treat the text contained in a file specified by INCLUDE as a part of its own configuration file? That would do the job but incorrect syntax of an included file would jeopardize network booting. Alex
Apparently Analagous Threads
- [syslinux:master] core/fs/lib/loadconfig.c: Add architecture-specific config name to search
- syslinux efi configuration file name proposal
- Configuration file not found when using non-standard installation path
- syslinux efi configuration file name proposal
- How to make isolinux.bin only?