On Sat, 27 Jun 2020 at 08:05, Peter Robinson <pbrobinson@xxxxxxxxx> wrote: > > > > 10. Our deployment infrastructure of kickstarts/pxe/tftp falls under > > > technical debt. It is based off of what we have been doing for 10+ > > > years and it has broken a lot in this transition. When it works its > > > fine, and when it doesn't nothing works. > > > > I'm not sure any more 'modern' thing here would be much better on the > > hardware level. For vm's, yeah, there's some annoyances with > > virt-installs which we should either track down and fix, or just go to > > the 'use a cloud image and adjust it' mode. > > HTTP Boot would be the "new" replacement for PXE/tftp in this context. > Most modern HW should support it, whether it supports HTTPS is less > sure, in the IoT gateway space we've had some rather dubious options, > but HTTP worked. Over all it's more secure and more straightforward > for firewalls etc as HTTP(S) is generally allowed. > The only thing I have found which supports it in our modern HW is our Power systems which do it via petitboot. Everything else (even stuff bought 3 months ago) has needed to get enough over pxe/tftp so that it could do the http after. It may need some finagling somewhere in the systems but it is buried or not clearly labeled in the Lenovo EMAGs or Dell boxes. I spent a couple of hours trying to find it on these and ended up going with what I knew worked. If someone can help me on this I would appreciate it. > From a VM PoV it should "just work" for VMs that use tianocore/UEFI on > x86, not sure what the default is for the infra VMs, but I would > suggest that any VMs that currently use the old "BIOS" firmware be > moved over to UEFI as they're rebuilt as in the general industry UEFI > is now the default, some cloud providers aside, and it's certainly the > case for x86/aarch64 HW. > > Not sure what the status is for Power/Z-series in this context. > > Also does the new DC support IPv6 for external services now? > It does, but our services do not so they would sometimes talk back over ipv6 and sometimes over ipv4 to the same system and things wouldn't work. We turned it off until we could get our basic infrastructure in place so we were not debugging yet another thing that was not working. We expect to turn it back on in August. > Peter > _______________________________________________ > infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx -- Stephen J Smoogen. _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx