Skip to content

os deployment plans

Jump to bottom Edit New page
Jarrod Johnson edited this page Jan 8, 2019 · 1 revision

As it stands, it seems like there are three strategies to support delivering base OS content to servers:

  • BIOS style boot - Using ipxe similar to today

  • UEFI PXE boot - Similar to today, but remove the elilo piece. This drops support for kernels prior to EFISTUB, but those are all very older, and simplifies the process for everything else. Compatible boot script for BIOS and UEFI with this change

  • Secureboot - Tentative plan to only support this with very recent UEFI using HTTPSBoot of iso image, to sidestep limitations of the secureboot enabled bootstrap components. This makes permutations of boot arguments very expensive, as each permutation requires duplication of the kernel and initrd and taking time to generate an expensive ISO. Mitigations:

    • Only support console, driver blacklist, and other customization only on the OS image
    • Or permit custom node arguments, but 'dedupe' identical images to one
    • This suggests embedding deployment agents into initrds to provide alternatives to frequently unique parameters (ip addressing, etc).

  • OS deployment will segregate non-private data to the 'iso' or other verifiable, but not authenticated content. Private data will be available through API or remote media.

Add a custom footer
Add a custom sidebar
Clone this wiki locally