Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
en:guides:pxe [2011/09/11 23:39] bellard [Why using PXE ? The VNC example] |
en:guides:pxe [2020/09/20 16:51] (current) hgt old revision restored (2018/03/05 16:48) |
||
---|---|---|---|
Line 50: | Line 50: | ||
append initrd=/boot/rootfs.gz,/boot/configs/extra-packages.gz,/boot/configs/special-configuration.gz rw root=/dev/null vga=normal autologin</file> | append initrd=/boot/rootfs.gz,/boot/configs/extra-packages.gz,/boot/configs/special-configuration.gz rw root=/dev/null vga=normal autologin</file> | ||
* Example of a PXE server configuration: The [[http://boot.slitaz.org/|SliTaz web boot]] server http://mirror.slitaz.org/pxe/ (start with [[http://mirror.slitaz.org/pxe/pxelinux.cfg/default|pxelinux.cfg/default]]) | * Example of a PXE server configuration: The [[http://boot.slitaz.org/|SliTaz web boot]] server http://mirror.slitaz.org/pxe/ (start with [[http://mirror.slitaz.org/pxe/pxelinux.cfg/default|pxelinux.cfg/default]]) | ||
+ | \\ | ||
+ | ==== Test the PXE server with QEMU ==== | ||
+ | |||
+ | * Install qemu <file>tazpkg get-install qemu</file> | ||
+ | * Launch the VM <file>qemu -boot n -bootp /pxelinux.0 -tftp /boot</file> | ||
\\ | \\ | ||
===== PXE Client Set-Up ===== | ===== PXE Client Set-Up ===== | ||
Line 181: | Line 186: | ||
download.tuxfamily.org/slitaz/pxe/pxelinux.0" | cat - /dev/zero | dd conv=notrunc bs=1 seek=519 count=255 of=gpxe | download.tuxfamily.org/slitaz/pxe/pxelinux.0" | cat - /dev/zero | dd conv=notrunc bs=1 seek=519 count=255 of=gpxe | ||
- | ===== Why using PXE ? The VNC example ===== | + | ===== Why use PXE ? The VNC example ===== |
- | Let's say that your company is working on very sensitive data. | + | Let's say that your company is working on some very sensitive data. |
- | You don't want that people copy anything on removable media such as USB keys. | + | You don't want people copying anything on to removable media such as USB keys. |
- | Only few users could use these datas. | + | Only a few users can use this data. |
- | * PXELINUX chooses a special configuration by MAC address in //pxelinux.cfg/<client-mac-address>// | + | * PXELINUX chooses a special configuration by the MAC address in //pxelinux.cfg/<client-mac-address>// |
- | * It send a kernel and a initramfs with **fbvnc** package built by http://tiny.slitaz.org/ (total size < 1.44MB) | + | * It checks the md5 (or sha256) password of the user boot entry with menu.c32 |
- | * the client boots in 1 to 5 seconds with a VNC framebuffer client | + | * It sends a kernel and an initramfs with a **fbvnc** package built by http://tiny.slitaz.org/ (total size < 1.44MB) |
- | * the VNC server can send any OS display | + | * The client boots in 1 to 5 seconds with a VNC framebuffer client |
- | * the client has no media driver and can have a 10 years old hardware | + | * The VNC server can send any OS display |
- | * the target OS can run into a VM : more scalable and easier to maintain than mutliple desktops | + | * The client has no media driver and can use 20 year old hardware (may avoid theft risk) |
- | * No data are stored on the client machine. It may have no disk. It only needs an ethernet card. | + | * The target OS can run in a VM : more scalable and easier to maintain than multiple desktops |
+ | * No data is stored on the client machine. It may also have no disk. It only needs an ethernet card | ||
* Of course, the sessions in the target OS must have a connection timeout and need a username and a password... | * Of course, the sessions in the target OS must have a connection timeout and need a username and a password... | ||
- | ==== Increase security a bit ==== | ||
- | The VNC listen to the network without password | + | ==== Increase security a bit ==== |
+ | |||
+ | The VNC listens to the network without a password | ||
(fbvnc has no authentication support) and the VNC traffic is not encrypted on | (fbvnc has no authentication support) and the VNC traffic is not encrypted on | ||
the network. | the network. | ||
- | * Build initramfs with **fbvnc-ssh** package on http://tiny.slitaz.org/ | + | * Build an initramfs with a **fbvnc-ssh** package on http://tiny.slitaz.org/ |
* On the server, VNC should listen on localhost only | * On the server, VNC should listen on localhost only | ||
- | * The SSH public key of the client is installed on //$HOME/.ssh/authorized_keys// on the VNC server | + | * The SSH public key of the client is installed in //$HOME/.ssh/authorized_keys// on the VNC server |
+ | * The VNC traffic can be compressed in the SSH tunnel (fbvnc supports raw frames only) | ||
==== A quick demo ==== | ==== A quick demo ==== | ||
- | The menu //Tiny SliTaz// -> //Tiny VNC// of the [[http://boot.slitaz.org/|SliTaz Web Boot]] launch the VNC client without ssh. | + | The menu //Tiny SliTaz// -> //Tiny VNC// of the [[http://boot.slitaz.org/|SliTaz Web Boot]] launches the VNC client without ssh |
- | Your need a VNC server running on your network... | + | (you need a VNC server running on your network...). |
- | <note tip>You can download directly the [[http://mirror.slitaz.org/pxe/tiny/vnc/bzImage.gz|kernel]] | + | <note tip>You can directly download the [[http://mirror.slitaz.org/pxe/tiny/vnc/bzImage.gz|kernel]] |
- | and then [[http://mirror.slitaz.org/pxe/tiny/vnc/rootfs.gz|initramfs]] and test it | + | and then the [[http://mirror.slitaz.org/pxe/tiny/vnc/rootfs.gz|initramfs]] and test it |
- | on your network or with qemu. | + | on your network or with qemu |
</note> | </note> | ||
- | <note tip>Try with the cmdline argument **vga=ask** first. You will find the best | + | <note tip>Try with the cmdline argument **vga=ask** first. This will find the best |
VESA mode to use (example **vga=0x33B**) | VESA mode to use (example **vga=0x33B**) | ||
</note> | </note> |