48 comments

[ 3.2 ms ] story [ 102 ms ] thread
Why should we trust you? Sure you set the mirror to rackspace but easily things can go wrong and if your competent enough to get iPXE running you should be doing the job your damn self.
In addition to the trust factor, what happens when this service dies? Netboot.me offered essentially the same service years ago, but disappeared and stopped working, with many guides written for and around their service.
I wonder if something like this could be built around torrents, or maybe one of the persistent distributed archive networks (whose names escape me at the moment).
I made an IPFS(the torrent+git+ thing) based fork of this because of these reasons.

It uses IPFS gateway setup in local network, this enables: * Caching of downloaded data (this is useful when using it to boot multiple computers in one LAN) * More trust: boot menu is served from local IPFS gateway using immutable hashes. It is also really easy to review it by hand. * It's a bit more service-dies-scenario proof

Downsides include lack of better documentation and messy code in places - it's a large scale refactor that changes the basics of how the tool works and isn't quite polished. It lives at https://netboot.devtty.eu/. There is no set-up instructions(tr;dr setup: run lan-open ipfs gateway, add A dns record 'ipfs.local' pointing at it in your lan DNS server, rest like netboot.xyz).

I'm pretty sure you're not supposed to use .local as a unicast domain name due to its use in mDNS/Zeroconf
There's nothing stopping you from pointing it at your own server -- which is what I did when I played with this months ago.
This is great! Especially for utility disks like gparted.

No longer needing to make 30 different bootable CDs or bootable USBs is nice.

Indeed, although with modern laptops not having Ethernet ports, it would need to be able to use wifi
IPXE only supports one WiFi chips and many laptops have a whitelist of USB Ethernet adaptors they'll PXE boot from.
This is super cool. You could sell this as a service to IT departments. Give each customer a subdomain, let them manage their own ISOs, maybe throw in kick-start support, and you've got a real product.

Edit: and this would be a great way to build trust, your paying customers would support the public service and distribution maintainers could get official accounts on your service to distribute to their users.

Most useful thing I found about netboot.xyz are the utilities. Imaging is far more useful for IT depts(from my limited exp with the matter) - for this use https://fogproject.org/ worked well for me.
I'd be wary about using this in a professional capacity without assurances of the security of the images stored upstream and better support for SSL (this last point is more an issue with PXE clients than with the hosts).

Really where this comes into its own is for personal builds. In those situations the convenience of not having to download an ISO and burn it / whatever is an arguable reasonable trade for the potential security hole it creates. Where is in business security is more critical and builds are more frequent so the effort of downloading the latest ISO is mitigated by the frequency you may end up using it.

This last point is why many corporate networks will have their own internal imaging servers.

In true style, I've thought for over a year about creating something like this.. turns out it already exists. Yes!

Side note, iPXE is awesome.. most recently I was using it to test a bug with iBFT (how the BIOS describes an iSCSI root disk to the operating system).. since iPXE lets you setup the appropriate stuff to do iBFT insteading of needing the relevant network card. So many good things from iPXE

I wrote Bootrino - an entire cross platform/cross cloud netboot over the Internet desktop application that supports AWS, Google Cloud, Digital Ocean. It did also support Rackspace but Rackspace is effectively dead as a cloud hosting platform and Bootrino also supported SoftLayer but I found after alot of work that SoftLayer is a very locked down environment that does not permit total control over what you run on your VMs.

Kinda takes this core concept and pushes it alot further and lets you boot from your own web servers - you just publish the (simple) bootrino config file plus the OS image and off you go, bootrino configures the instance and builds it from your own web infrastructure, be it internal or public.

You can see a demo of bootrino here:

https://www.youtube.com/watch?v=zJhxmVlR46c

The purpose of Bootrino is that it allows you to boot ANYTHING on the cloud - i.e. Unikernels and a whole zoo of other tiny operating systems, run-in-RAM operating systems, embedded operating systems etc. You are no longer restricted to running only the operating systems permitted by the cloud vendors.

Lets you do things like make RAM only Postgres databases servers, or run your web server applications purely from RAM without any login, for speed and security.

Rackspace is effectively dead as a cloud hosting platform

Could you elaborate on this? I'm genuinely curious and didn't see anything obvious to explain it in search results.

Well it's my own personal judgement.

I did ALOT of work implementing support for six cloud computing platforms (also MS Azure, which I did not mention above).

All of them provided me either with free or cheap access to their services - I was building something for the platform after all.

Rackspace started out with a developer program, which they withdrew as my project was coming to completion. I asked for more free/cheap developer access and they said no - it was going to cost me several hundred dollars per month (the base line cost for Rackspace) just to support their service. I thought "no thanks". I also thought that any other cloud provider that actually cared about getting people to use its platform would provide a free/cheap program for developers to build tools around it and support it. What I saw was that Rackspace just don't really care about its cloud platform any more.

How can a cloud hosting platform company take a cloud hosting product to market whilst actively selling support for its just-the-same competitor (i.e. AWS) and still be credible? Doesn't make sense.

I noticed at the same time that Rackspace shifted focus heavily towards providing support for other cloud computing platforms like AWS and also observed in the news some of their business challenges and came to my own conclusion that they have been defeated in cloud computing but have not declared defeat yet.

So it's just my opinion but I think Rackspace cloud is dead/defeated and will meet its fate soon enough, maybe to be sold off or something. Just my opinion.

Rackspace was the only cloud provider that would rather have paying customers, and this signals you they're out of the game?
Rackspace has been taken private and sold; the company has refocused its efforts on its original mission: fanatical support. They are now selling support for the other major cloud providers. They still run datacenters and a public cloud but those mostly exist for their support customers that need them. They have basically killed off all of the cloud R&D functions that defined them in the early part of this decade.

Incidentally, NetBoot.xyz is hosted in Rackspace by a Racker, or at least he was when I worked there.

> Lets you do things like make RAM only Postgres databases servers, or run your web server applications purely from RAM without any login, for speed and security.

Holy crap, I've been wishing for this for a long time! Thank you very much for creating this!

Edit: http://www.bootrino.com doesn't seem to load.

Yes Bootrino is finished but I haven't released it yet. Some other urgent things have drawn me away.

I have not yet decided if/when to release bootrino - I'm not sure if there's enough demand to be able to do this sort of thing.

You can however have a look at Lunikernel.com which is closely related to bootrino.

I made Lunikernel.com because I needed a standard packaging format for tiny operating systems for bootrino to run.

Lunikernel.com isn't as exciting as Bootrino, but it's something to look at whilst i think about whether the world needs the ability to boot any OS on any cloud. Seems to me that serverless has taken the wind out of the sails of tiny operating systems and Unikernels.

I'm definitely interested in Bootrino, even if it was paid, heck I'll say it, how can I beg, pay or otherwise bribe you to alpha test Bootrino?

I've been looking at a cloud based project that is actually completely blocked because of a vendor who is focused on supporting a use case centred on a "rack and run" deployment method. Their entire stack is designed on PXE booting. Their software is actually a pretty huge enabling factor in this project so if I could PXE boot it on AWS this would be a viable project.

My email address is in my profile - drop me a note.
If you would be so kind please elaborate your complication on Softlayer. I am an engineer there and am curious.
Well if you boot a SoftLayer machine and format the hard disk and overwrite it with your own OS/kernel then Softlayer detects it somehow and has a major meltdown and reports it as a critical system failure and the sysadmins contact you and tell you not to do it anymore.
Is this similar to http://httpredir.debian.org/ ?

I just created my first live debian chroot earlier today, and was amazed at how it seemingly worked.

debootstrap downloaded everything required for a basic debian install in a few minutes from http://httpredir.debian.org/ and I was in and using the fresh system.

Is that what netboot.xyz is? The same thing but for multiple linux distros?

This provides images you can boot over the internet - you install iPXE on a boot disk of some kind or offer it over your local network through PXE, and then you can choose between images that are booted into directly from their site.
FYI, http://deb.debian.org/ is preferred over the httpredir these days. deb.debian.org is backed by multiple CDNs, whereas httpredir is backed by the traditional mirror network. The latter does its best to avoid redirecting to an unavailable/outdated mirror, but the former typically works better.
A good example where gigabit connection makes it usable.
Netboot, sure. But why Linux?

This isn't in any way Linux specific.

The intro gif shows Linux, BSD, and Windows installer categories.
Exactly. So why is the story titled "Netboot Linux over the internet"?
You can't do the stuff described at this site universally on any cloud due to various technical restrictions. There's certainly no standard way to do it. I even found it to be problematic on the cloud for which it was intended - Rackspace.

HOWEVER - there IS a way to boot anything at all you want on any cloud.

It's a little bit tricky.

The solution depends on the fact that EVERY cloud runs just about exactly the same version of Ubuntu. And every cloud provides a way to run Ubuntu with a boot script. What this means is in effect that every cloud has a highly standardised boot process.

So what you do, is boot Ubuntu with a script that drops the operating system, formats the hard disk and installs a new OS, i.e. a Unikernel, Alpine Linux, TinyCore Linux, Windows even, whatever you want.

I built Bootrino around this concept (see the other message in this thread about Bootrino). Bootrino is essentially a front end that boots an instance, passes in a boot script that it gets from your web server, the boot script does the job of dropping the OS, reformatting and then reconfiguring it to be whatever you want. It pulls in the OS files from any URL so it's super flexible. True net boot for the cloud.

Sounds a bit odd but it is highly reliable and works very nicely. I got a whole nunch of stuff running including Unikernels, Alpine Linux, TinyCore Linux and a few even more tiny exotic operating systems.

There's some real challenges to do with the differing ways that the clouds implement networking but I worked all that out with only just enough pain to make me tear out my eyes.

How do you get to Windows in that case? AWS doesn't let you get to GRUB or similar, does it? Chain loading NTLDR is a pain in the best circumstances.
Apparently boot.kernel.org is no more. Does anyone know what happened?
Wild guess - kernel.org was compromised some years ago, maybe they never rebuilt that service. Also, consider what would have happened if boot.kernel.org was compromised at the same time as kernel.org? :)
Weird to see this today because I was using netboot.xyz only yesterday to install OpenBSD.

My only gripe with netboot.xyz is that it seems to be missing a few of the less mainstream yet still platforms like NetBSD and Dragonfly. But I know from my own experience writing something similar but not as good that the maintenance of something like that is rather large. So I can't really complain.

I've seen discussions about getting new images and the maintainers are super willing. It's most likely that no one has put the effort in yet, rather then netboot.xyz saying no.
In this age of containers you can still do some pretty impressive things with PXE. That doesn't make it a good standard.

I first saw this trick using iPXE from boot.rackspace.com.

iPXE is also an amazing thing in itself. I would pay for a detailed writeup of the CDROM emulator that does HTTP-range requests when the "device" is accessed.

I'm an occasional iPXE contributor, I guess it's my time to shine!

Bootloaders are reading block of data from CR-ROM, disk, floppy or USB drive by using int 13h[1] whose handler is set by the BIOS. A bootloader is only asking the BIOS to read data for him and does not have to implement drivers.

iPXE replaces the int 13h handler in the interrupt vector table[2] by its own, and when a read is issued by a bootloader, it performs it with an HTTP range or iSCSI request.

It's actually really simple. :)

[1] https://en.wikipedia.org/wiki/INT_13H

[2] https://en.wikipedia.org/wiki/Interrupt_vector_table

How does iSCSI work for Windows then?

I setup iPXE to boot Windows 7 (Embedded Standard technically) to boot off an iSCSI target and it shows up as a disk in Windows. Does Windows still allow for int 13h handlers or is there some other special handling?

iPXE uses the iBFT[1] to pass this information to the OS.

ftp://ftp.software.ibm.com/systems/support/bladecenter/iscsi_boot_firmware_table_v1.03.pdf[1]

It looks like this thing bundles ca.ipxe.org and ca.netboot.xyz certs. It also makes a SHA256 checksum of each boot disk, and creates signed signatures for all source files.

But it is not verifying signed checksums of the bootloaders themselves, which you would expect to be probably the most important part of running an OS downloaded over HTTP from random mirrors you don't know.

Also, thanks for giving us your encrypted secrets database, as well as your S3 secret access keys, author?