Re: [ipxe-devel] Custom syslog port
Geert, I think you have a point here. Let me try to answer that as well... My motivation for this mail thread was to test the waters if this is a valid feature request before I actually spend too much time implementing it. My expectations were to have a good discussion whether this feature request makes sense and on how this could be implemented, particularly the needed change/addition to iPXE settings. Michael does a good job so far on that front. ;-) I didn't expect that anyone would do the work for me though, however that would be very welcome. ;-) Michael, a syslog URI sounds like a good idea to me. I'm not aware of any RFC other than https://tools.ietf.org/html/draft-lear-ietf-syslog-uri-00, which proposes a rather odd URI syntax IMHO. Others seem to use URIs like `[tcp/udp]://host:port` or they have their own schemes. I personally find a standard URI more idiomatic and it looks like this could be nicely handled by `uribase`, which is currently an open iPXE pull request: https://github.com/ipxe/ipxe/pull/114 URI examples: * https://www.netiq.com/documentation/securelogin-88/installation_guide/data/b1hxlq7p.html * https://docs.newrelic.com/docs/logs/enable-log-management-new-relic/enable-log-monitoring-new-relic/forward-your-logs-using-infrastructure-agent Custom schemes examples: * https://www.grandmetric.com/knowledge-base/design_and_configure/syslog-configure-syslog-server-logging-cisco/ * https://www.debian.org/releases/buster/amd64/ch05s03.en.html#installer-args On Wed, Nov 18, 2020 at 12:05 AM Michael Brown wrote: > > On 17/11/2020 20:44, Geert Stappers wrote: > > On Tue, Nov 17, 2020 at 08:17:35PM +0100, Michael Schaller wrote: > >> On Tue, Nov 17, 2020 at 6:08 PM "Please elaborate" wrote: > >>> On Tue, Nov 17, 2020 at 05:54:04PM +0100, Michael Schaller wrote: > So are there any comments or opinions on this feature request? > >>> > >>> Please elaborate > >> > >> I thought I did that with the previous reply: > >> https://lists.ipxe.org/pipermail/ipxe-devel/2020-November/007331.html > >> > >> I'm happy to go into further detail or answer further questions... > > > > Reveal your agenda:-) > > Geert, > > I personally find the explanation as already provided to be perfectly > adequate. There is no need to demand anything further. > > Michael > ___ > ipxe-devel mailing list > ipxe-devel@lists.ipxe.org > https://lists.ipxe.org/mailman/listinfo/ipxe-devel ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo/ipxe-devel
Re: [ipxe-devel] Custom syslog port
On 18/11/2020 11:46, Michael Schaller wrote: Michael, a syslog URI sounds like a good idea to me. I'm not aware of any RFC other than https://tools.ietf.org/html/draft-lear-ietf-syslog-uri-00, which proposes a rather odd URI syntax IMHO. Others seem to use URIs like `[tcp/udp]://host:port` or they have their own schemes. I personally find a standard URI more idiomatic and it looks like this could be nicely handled by `uribase`, which is currently an open iPXE pull request: https://github.com/ipxe/ipxe/pull/114 URI examples: * https://www.netiq.com/documentation/securelogin-88/installation_guide/data/b1hxlq7p.html * https://docs.newrelic.com/docs/logs/enable-log-management-new-relic/enable-log-monitoring-new-relic/forward-your-logs-using-infrastructure-agent Custom schemes examples: * https://www.grandmetric.com/knowledge-base/design_and_configure/syslog-configure-syslog-server-logging-cisco/ * https://www.debian.org/releases/buster/amd64/ch05s03.en.html#installer-args Thank you for doing the research. We do already have support for `[tcp/udp]://host:port` as a URI syntax in iPXE so this could be a good minimal-code-size approach, given that there seems to be no globally agreed standard to which to conform. We would still need to support the existing ${syslog} setting as an IPv4 address (and only an IPv4 address), to maintain backwards compatibility and to allow for the syslog server to be set via DHCP option 7. This suggests defining a new setting e.g. ${sysloguri} or ${loguri} and updating apply_syslog_settings() to something like: - if ${sysloguri} is defined, then use that - else if ${syslog6} is defined, then use that - else if ${syslog} is defined, then use that - use xfer_open_uri_string() or xfer_open_socket() as applicable for the choice taken Given that a TCP connection (unlike UDP) can be closed by the remote end, it may also be worth separating out the xfer_open_*() logic and allowing the connection to be reopened if needed. It may then be worth defining a syslogs:// URI opener (for syslog-over-TCP+TLS as already supported in syslogs.c), and potentially consolidating some of the logic between syslog.c and syslogs.c, while ensuring that the TLS stack doesn't get dragged in to builds that don't explicitly request it. Please don't dive in to implement it yet, but does that sound sensible? Thanks, Michael ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo/ipxe-devel
Re: [ipxe-devel] Custom syslog port
On 17/11/2020 20:44, Geert Stappers wrote: On Tue, Nov 17, 2020 at 08:17:35PM +0100, Michael Schaller wrote: On Tue, Nov 17, 2020 at 6:08 PM "Please elaborate" wrote: On Tue, Nov 17, 2020 at 05:54:04PM +0100, Michael Schaller wrote: So are there any comments or opinions on this feature request? Please elaborate I thought I did that with the previous reply: https://lists.ipxe.org/pipermail/ipxe-devel/2020-November/007331.html I'm happy to go into further detail or answer further questions... Reveal your agenda:-) Geert, I personally find the explanation as already provided to be perfectly adequate. There is no need to demand anything further. Michael ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo/ipxe-devel
Re: [ipxe-devel] Custom syslog port
On 12/11/2020 12:56, Michael Schaller wrote: We do automated installation testing for a whole array of different hardware models (similar to https://autotest.github.io/). Each machine logs to a dedicated syslog endpoint so that we have one dedicated log per installation attempt per machine. We create these syslog endpoints on demand per installation attempt per machine on a central syslog service to collect the installer logs. As this central syslog service needs to provide many syslog endpoints at a given time we use whatever port is available when we create a new endpoint. A syslog endpoint will be given to the respective installer via an on demand created ipxe script and it would be nice if we could also collect the syslog of that on demand created ipxe script. It wouldn't be a big code change to allow a custom port to be specified, but I'd want to be convinced that it was necessary. I'm aware that this is an incredibly exotic setup and this would be a nice to have for us. So feel free to deny this feature request. ;-) Thanks for the explanation. It is a fairly exotic requirement. I would be more comfortable implementing a more generic solution that e.g. allows a syslog URI to be specified, since that would allow for specifying a syslog server via DNS name as well as providing a port. Questions from me are therefore: a) would a syslog URI setting work for your use case? b) are you aware of any RFC (or similar) efforts to define a syslog URI? Thanks, Michael ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo/ipxe-devel
Re: [ipxe-devel] Custom syslog port
On Tue, Nov 17, 2020 at 08:17:35PM +0100, Michael Schaller wrote: > On Tue, Nov 17, 2020 at 6:08 PM "Please elaborate" wrote: > > > > On Tue, Nov 17, 2020 at 05:54:04PM +0100, Michael Schaller wrote: > > > So are there any comments or opinions on this feature request? > > > > Please elaborate > > I thought I did that with the previous reply: > https://lists.ipxe.org/pipermail/ipxe-devel/2020-November/007331.html > > I'm happy to go into further detail or answer further questions... Reveal your agenda:-) Right now I can't tell what Original Poster wants Wild Guesses: * Finding fellow stake holders * Creating awareness for an upcoming patch * Being spoon feeded * Hiring developers * Getting review on the multiport logging concept Regards Geert Stappers -- Silence is hard to parse ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo/ipxe-devel
Re: [ipxe-devel] Custom syslog port
On Tue, Nov 17, 2020 at 05:54:04PM +0100, Michael Schaller wrote: > So are there any comments or opinions on this feature request? Please elaborate ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo/ipxe-devel
Re: [ipxe-devel] Custom syslog port
On 12/11/2020 11:46, Michael Schaller wrote: We use a central syslog service that provides syslog endpoints on a per-host basis with a random port per endpoint. How hard would it be to add an iPXE setting that allows to configure the syslog port? Something like `set syslog-port PORT` or `set syslog IP:PORT` would work for us. The ${syslog} setting is an IPv4 address (with roots in the fact that it can be provided via DHCP option 7, in the form of an IPv4 address). There is an equivalent ${syslog6} setting for IPv6. Any particular reason why the central syslog service needs to use separate ports per host? As an RFC-defined protocol, syslog expects to receive messages from multiple hosts anyway, and every syslog implementation I've seen has the ability to utilise the remote host address in onward routing. It wouldn't be a big code change to allow a custom port to be specified, but I'd want to be convinced that it was necessary. Thanks, Michael ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo/ipxe-devel
Re: [ipxe-devel] Custom syslog port
On Thu, Sep 9935, 1993 at 12:46:44PM +0100, Michael Schaller wrote: > Hi everyone, > > We use a central syslog service that provides syslog endpoints on a > per-host basis with a random port per endpoint. > > How hard would it be to add an iPXE setting that allows to configure the > syslog port? Please elaborate > Something like `set syslog-port PORT` or `set syslog IP:PORT` would work > for us. Regards Geert Stappers -- Silence is hard to parse ___ ipxe-devel mailing list ipxe-devel@lists.ipxe.org https://lists.ipxe.org/mailman/listinfo/ipxe-devel