Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
en:guides:pxe [2011/09/11 19:53] bellard VNC example |
en:guides:pxe [2020/09/20 16:51] (current) hgt old revision restored (2018/03/05 16:48) |
||
|---|---|---|---|
| Line 50: | Line 50: | ||
| append initrd=/boot/rootfs.gz,/boot/configs/extra-packages.gz,/boot/configs/special-configuration.gz rw root=/dev/null vga=normal autologin</file> | append initrd=/boot/rootfs.gz,/boot/configs/extra-packages.gz,/boot/configs/special-configuration.gz rw root=/dev/null vga=normal autologin</file> | ||
| * Example of a PXE server configuration: The [[http://boot.slitaz.org/|SliTaz web boot]] server http://mirror.slitaz.org/pxe/ (start with [[http://mirror.slitaz.org/pxe/pxelinux.cfg/default|pxelinux.cfg/default]]) | * Example of a PXE server configuration: The [[http://boot.slitaz.org/|SliTaz web boot]] server http://mirror.slitaz.org/pxe/ (start with [[http://mirror.slitaz.org/pxe/pxelinux.cfg/default|pxelinux.cfg/default]]) | ||
| + | \\ | ||
| + | ==== Test the PXE server with QEMU ==== | ||
| + | |||
| + | * Install qemu <file>tazpkg get-install qemu</file> | ||
| + | * Launch the VM <file>qemu -boot n -bootp /pxelinux.0 -tftp /boot</file> | ||
| \\ | \\ | ||
| ===== PXE Client Set-Up ===== | ===== PXE Client Set-Up ===== | ||
| Line 181: | Line 186: | ||
| download.tuxfamily.org/slitaz/pxe/pxelinux.0" | cat - /dev/zero | dd conv=notrunc bs=1 seek=519 count=255 of=gpxe | download.tuxfamily.org/slitaz/pxe/pxelinux.0" | cat - /dev/zero | dd conv=notrunc bs=1 seek=519 count=255 of=gpxe | ||
| - | ===== Why using PXE ? The VNC example ===== | + | ===== Why use PXE ? The VNC example ===== |
| - | Let's say that your company is working on very sensitive data. | + | Let's say that your company is working on some very sensitive data. |
| - | You don't want that people copy anything on removable media such as USB keys. | + | You don't want people copying anything on to removable media such as USB keys. |
| - | Only few users could use these datas. | + | Only a few users can use this data. |
| - | * PXELINUX chooses a special configuration by MAC address in //pxelinux.cfg/<client-mac-address>// | + | * PXELINUX chooses a special configuration by the MAC address in //pxelinux.cfg/<client-mac-address>// |
| - | * It send a kernel and a initramfs with **fbvnc** package built by http://tiny.slitaz.org/ (total size < 1.5MB) | + | * It checks the md5 (or sha256) password of the user boot entry with menu.c32 |
| - | * the client boots in 1 to 5 seconds with a VNC framebuffer client | + | * It sends a kernel and an initramfs with a **fbvnc** package built by http://tiny.slitaz.org/ (total size < 1.44MB) |
| - | * the VNC server can send any OS display | + | * The client boots in 1 to 5 seconds with a VNC framebuffer client |
| - | * the client has no media driver and can have a (very) old hardware | + | * The VNC server can send any OS display |
| - | * the target OS can run into a VM : more scalable and easier to maintain than mutliple desktops | + | * The client has no media driver and can use 20 year old hardware (may avoid theft risk) |
| - | * the client machine can be stolen. it's not a big problem. | + | * The target OS can run in a VM : more scalable and easier to maintain than multiple desktops |
| - | | + | * No data is stored on the client machine. It may also have no disk. It only needs an ethernet card |
| - | ==== Increase security a bit ==== | + | * Of course, the sessions in the target OS must have a connection timeout and need a username and a password... |
| - | The VNC listen to the network without password | + | ==== Increase security a bit ==== |
| + | |||
| + | The VNC listens to the network without a password | ||
| (fbvnc has no authentication support) and the VNC traffic is not encrypted on | (fbvnc has no authentication support) and the VNC traffic is not encrypted on | ||
| the network. | the network. | ||
| - | * Build initramfs with **fbvnc-ssh** package on http://tiny.slitaz.org/ | + | * Build an initramfs with a **fbvnc-ssh** package on http://tiny.slitaz.org/ |
| * On the server, VNC should listen on localhost only | * On the server, VNC should listen on localhost only | ||
| - | * The SSH public key of the client is installed on //$HOME/.ssh/authorized_keys// on the VNC server | + | * The SSH public key of the client is installed in //$HOME/.ssh/authorized_keys// on the VNC server |
| + | * The VNC traffic can be compressed in the SSH tunnel (fbvnc supports raw frames only) | ||
| ==== A quick demo ==== | ==== A quick demo ==== | ||
| - | The menu //Tiny SliTaz// -> //Tiny VNC// of the [[http://boot.slitaz.org/|SliTaz Web Boot]] launch the VNC client without ssh. | + | The menu //Tiny SliTaz// -> //Tiny VNC// of the [[http://boot.slitaz.org/|SliTaz Web Boot]] launches the VNC client without ssh |
| - | Your need a VNC server running on your network... | + | (you need a VNC server running on your network...). |
| - | <note tip>You can download directly the [[http://mirror.slitaz.org/pxe/tiny/vnc/bzImage.gz|kernel]] | + | <note tip>You can directly download the [[http://mirror.slitaz.org/pxe/tiny/vnc/bzImage.gz|kernel]] |
| - | and then [[http://mirror.slitaz.org/pxe/tiny/vnc/rootfs.gz|initramfs]] and test it | + | and then the [[http://mirror.slitaz.org/pxe/tiny/vnc/rootfs.gz|initramfs]] and test it |
| - | on your network or with qemu. | + | on your network or with qemu |
| </note> | </note> | ||
| - | <note tip>Try with the cmdline argument **vga=ask** first. You will find the best | + | <note tip>Try with the cmdline argument **vga=ask** first. This will find the best |
| VESA mode to use (example **vga=0x33B**) | VESA mode to use (example **vga=0x33B**) | ||
| </note> | </note> | ||