[OpenIndiana-discuss] Can we abandon wanboot?
RJ Bergeron
rbergero at gmail.com
Thu Aug 7 15:08:24 UTC 2014
For SPARC in particular, I believe wanboot *is* that thing. Certainly from
checking the file contents of osol-0906-ai-sparc, there is no inetboot
(which is what the DHCP/RARP process would typically use to boot). If we
stop supporting wanboot, it will be impossible to netboot SPARC.
rj
On Thu, Aug 7, 2014 at 9:14 AM, James Carlson <carlsonj at workingcode.com>
wrote:
> On 08/06/14 16:24, Gary Mills wrote:
> > Does illumos really need wanboot? It's used only to perform one type
> > of a network boot on SPARC machines. There are actually several
> > different types. `boot net:rarp' is the traditional one. It requires
> > a RARP server and downloads the inetboot executable from a TFTP
> > server. `boot net:dhcp' is newer, requiring a DHCP server instead.
> > According to the boot man page, it also downloads the inetboot
> > executable if the DHCP server provides a file name.
>
> Note that a normal DHCP PXE boot uses TFTP as well. The only difference
> is how the server and file name are constructed -- by defaults with
> RARP, or by explicit configuration options with DHCP. The rest of the
> boot sequence is essentially the same.
>
> I'm pretty sure that there were x86 wanboot machines available as well
> from Sun, but you had to have a special BIOS for it.
>
> It also requires a special HTTP server, because (as I recall) the server
> constructs the image to send on the fly.
>
> > As you can probably tell by now, I'd like to abandon the wanboot
> > portion of the openssl build on the SPARC platform. Doing this will
> > make the x86 and SPARC builds almost identical. Before I do this,
> > I want to consult the illumos developers. What should we do?
>
> I say ditch it. It was of marginal use when Sun was alive, very
> complicated to use, seldom (if ever) seen in the wild, and I see no
> point at all to it now.
>
> The original idea was to avoid the insecurity of TFTP for organizations
> that cared about such things. To make it reasonably secure, you'd need
> to sign every image, because DHCP itself isn't secure. But most places
> I've seen don't normally boot-load their Solaris machines on production
> networks anyway. If they reinstall, it's done as part of the deployment
> process.
>
> I'd expect that if you were doing the same thing today, you would
> probably want to look into whatever the Linux folks are doing now --
> iPXE, coreboot, or whatever it is.
>
> --
> James Carlson 42.703N 71.076W <carlsonj at workingcode.com>
>
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
>
--
"Always love, hate will get you every time" - Nada Surf
More information about the openindiana-discuss
mailing list