How to prevent new installations when I have already installed my client through LAN boot?
Ivan Reche
ivan.reche at gmail.com
Thu Feb 9 15:59:03 CET 2012
2012/2/9 Ivan Reche <ivan.reche at gmail.com>
> 2012/2/9 Thomas Neumann <blacky+fai at fluffbunny.de>
>
>> >> +It is possible to remotely execute 'fai-chboot ...' on the fai
>> >> server to switch the installed client to localboot after the
>> >> installation has completed. Warning: This may open up the fai
>> >> installation environment to exploits if the remote login account
>> >> is not properly secured.
>>
>> > Sorry to chime in here, but if you require this to be added, where
>> > would you stop?
>>
>> Point taken. Too generic.
>>
>> Warning: This allows any fai client to control all other clients' boot
>> settings if no additional hardening is performed.
>>
>> Better?
>>
>>
> I'm sorry, I didn't mean to start a flame war. However, I still have some
> doubts about the original subject of this topic. I've read almost
> everything in the documentation but some things are not clear for me as I'm
> new to FAI.
>
> So, going back to the original subject. I need to make my system stop
> reinstalling itself after the first installation, which itself must be done
> with the reboot flag. fai_chboot seems to do this perfectly well with the
> -o option, but the problem is I'm still not able to execute remote commands
> in my server.
>
> My doubts are:
> - will I need to manually create a ssh key in my nfsroot and then add it
> to my server's authorized_keys?
> - is there a "standard" way of doing this (maybe I'm reinventing the
> wheel)? Thomas Lange said something about using $LOGUSER. Maybe I'll begin
> by reading again this part of the guide, but I'd appreciate any help in
> this.
>
> Thanks again for your attention.
>
Oh, I just forgot to mention another doubt:
- when I ssh into a system that has just been installed and waiting for
reboot, I can see a lot of FAI's variables, but $SERVER doesn't show
anything and there isn't any variable that holds the server IP or hostname.
Is this right? How do I find out who is my server?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uni-koeln.de/pipermail/linux-fai/attachments/20120209/60f6ef54/attachment.html>
More information about the linux-fai
mailing list