Fetch boot files via http instead of TFTP » History » Revision 10
Revision 9 (Lukas Zapletal, 11/24/2015 09:21 AM) → Revision 10/26 (Lukas Zapletal, 12/09/2015 10:23 AM)
h1. PXELinux chainboot into iPXE Fetch boot files via HTTP instead of TFTP TFTP is a slow protocol on high-latency networks, but if your hardware is supported by iPXE (http://ipxe.org/appnote/hardware_drivers) or if UNDI driver of the NIC is compatible with iPXE, it is possible to configure PXELinux to chainboot iPXE and continue booting via HTTP protocol which is fast and reliable. In this scenario, a system is PXE-booted into PXELinux which chainloads iPXE which continue booting via HTTP. The scenario is: * hardware is turned on * PXE driver gets network credentials from DHCP * PXE driver gets PXELinux firmware from TFTP (pxelinux.0) * PXELinux searches for configuration file on TFTP * PXELinux chainloads iPXE (undionly-ipxe.0 or ipxe.lkrn) * iPXE gets network credentials from DHCP again * iPXE gets HTTP address from DHCP * iPXE chainloads the iPXE template from Foreman * iPXE loads kernel and init RAM disk of the installer Requirements: * a host entry is created in Foreman * MAC address of the provisioning interface matches * provisioning interface of the host has a valid DHCP reservation * the host has special PXELinux template (below) associated * the host has iPXE template associated * hardware is capable of PXE booting * hardware NIC is compatible with iPXE The iPXE project offers two options: using PXE interface (UNDI) or using built-in linux network card driver. Both options have pros and cons and each gives different results with different hardware cards. Some NIC adapters can be slow with UNDI, some are actually faster. Not all network cards will work with either or both ways. h3. TFTP setup - UNDI driver In this setup, iPXE uses UNDI for network communication. Copy the iPXE firmware to the TFTP root directory and rename it: cp /usr/share/ipxe/undionly.kpxe /var/lib/tftpboot/undionly-ipxe.0 The source directory can be different on linux distributions, this is for Red Hats. This is shipped in ipxe-bootimgs package. h3. TFTP setup - built-in driver In this setup, iPXE uses build-in driver for network communication. Therefore this will only work on supported cards. Copy the iPXE firmware to the TFTP root directory: cp /usr/share/ipxe/ipxe.lkrn /var/lib/tftpboot/ The source directory can be different on linux distributions, this is for Red Hats. This is shipped in ipxe-bootimgs package. h3. TFTP setup - alternative UNDI driver from syslinux This is alternative approach if none of the above configurations work or packages are not available. This will work with templates shown below, even if they have prefix set to @#!ipxe@ (should be @#!gpxe@). Copy the gPXE firmware to the TFTP root directory: cp /usr/share/syslinux/gpxelinuxk.0 /var/lib/tftpboot/ The source directory can be different on linux distributions, this is for Red Hats. This is shipped in syslinux package. h3. TFTP setup - check-up Do not use symbolic links as TFTP runs in chroot. When using SELinux, remember to correct file contexts: restorecon -RvF /var/lib/tftpboot/ h2. Foreman setup - PXELinux Configuration involves associating PXELinux and iPXE templates. h3. PXELinux with UNDI driver In your Foreman instance, go to "Provisioning templates" and create new template of PXELinux kind with the following contents: <pre><code> DEFAULT undionly-ipxe LABEL undionly-ipxe MENU LABEL iPXE UNDI KERNEL undionly-ipxe.0 IPAPPEND 2 </code></pre> Recent version of Foreman ships with this template already under name "PXELinux chain iPXE UNDI". h3. PXELinux with built-in driver In your Foreman instance, go to "Provisioning templates" and create new template of PXELinux kind with the following contents: <pre><code> DEFAULT linux LABEL linux KERNEL ipxe.lkrn APPEND dhcp && chain <%= foreman_url('iPXE') %> IPAPPEND 2 </code></pre> Recent version of Foreman ships with this template already under name "PXELinux chain iPXE". h2. Foreman setup You'll need to have the @ipxe.lkrn@ file in your tftpboot directory. Can be downloaded from here attachment:ipxe.lkrn, from your distribution (e.g. Red Hat systems ships in /usr/share/ipxe/ipxe.lkrn - iPXE package ipxe-bootimgs) or compiled from source. Make sure you have a template Use provided of iPXE template which ship kind with Foreman, these are named 'Kickstart default iPXE' or 'Preseed default iPXE' containing something like: the following body: <pre><code>#!ipxe kernel <%= "#{@host.url_for_boot(:kernel)}" %> ks=<%= foreman_url("provision")%> initrd <%= "#{@host.url_for_boot(:initrd)}" %> boot </code></pre> If Associate the above templates with an Operating System and make sure there was is a host provisioning template associated with PXELinux templates, you may need to exit and re-enter Build state for the TFTP configuration to be redeployed. Recent as well. That's it - verify it works! h2. Notes # Older versions of Foreman do this automatically on template save. h3. DHCP setup with UNDI The above configuration will lead to may refer iPXE as gPXE, which is an endless loop of chainbooting older project iPXE firmware. To break this loop, configure DHCP server to hand over correct URL to iPXE to continue booting. was based (forked) on. In the /etc/dhcp/dhcpd.conf file change the "filename" global or subnet configuration as follows: if exists user-class and option user-class = "iPXE" { filename "http://foreman:3000/unattended/iPXE"; } else { filename "pxelinux.0"; } If there are existing leases on the DHCP server, let them expire and restart the DHCP service. This can be also forced with truncate /var/lib/dhcpd/dhcpd.leases service dhcpd restart h3. DHCP setup built-in driver No changes are necessary since built-in firmware can directly read URL from kernel command line. h1. Boot virtual machines via iPXE directly Since most virtualization platforms use iPXE as the primary firmware for PXE booting, the above configuration will directly work without TFTP and PXELinux involved. This recent versions, gPXE is known just an alias to work with libvirt, oVirt and RHEV. If the hypervisor is capable of replacing PXE firmware, it will work too (e.g. VMWare is documented at http://ipxe.org/howto/vmware). The workflow is simplified in this case: * VM is turned on * iPXE gets network credentials from DHCP again * iPXE gets HTTP address from DHCP * iPXE chainloads the iPXE template from Foreman * iPXE loads kernel and init RAM disk of the installer To implement that behavior, simply follow the above steps described in "DHCP setup with UNDI" and make sure iPXE template is associated with the host and IP address match the one reserved on DHCP server. iPXE.