Project

General

Profile

Fetch boot files via http instead of TFTP » History » Version 11

Lukas Zapletal, 12/09/2015 10:24 AM

1 10 Lukas Zapletal
h1. PXELinux chainboot into iPXE
2 1 Alexander Chuzhoy
3 10 Lukas Zapletal
TFTP is a slow protocol on high-latency networks, but if your hardware is supported by iPXE (http://ipxe.org/appnote/hardware_drivers) or if UNDI driver of the NIC is compatible with iPXE, it is possible to configure PXELinux to chainboot iPXE and continue booting via HTTP protocol which is fast and reliable.
4 1 Alexander Chuzhoy
5 10 Lukas Zapletal
In this scenario, a system is PXE-booted into PXELinux which chainloads iPXE which continue booting via HTTP. The scenario is:
6
7
* hardware is turned on
8
* PXE driver gets network credentials from DHCP
9
* PXE driver gets PXELinux firmware from TFTP (pxelinux.0)
10
* PXELinux searches for configuration file on TFTP
11
* PXELinux chainloads iPXE (undionly-ipxe.0 or ipxe.lkrn)
12
* iPXE gets network credentials from DHCP again
13
* iPXE gets HTTP address from DHCP
14
* iPXE chainloads the iPXE template from Foreman
15
* iPXE loads kernel and init RAM disk of the installer
16
17
Requirements:
18
19
* a host entry is created in Foreman
20
* MAC address of the provisioning interface matches
21
* provisioning interface of the host has a valid DHCP reservation
22
* the host has special PXELinux template (below) associated
23
* the host has iPXE template associated
24
* hardware is capable of PXE booting
25
* hardware NIC is compatible with iPXE
26
27
The iPXE project offers two options: using PXE interface (UNDI) or using built-in linux network card driver. Both options have pros and cons and each gives different results with different hardware cards. Some NIC adapters can be slow with UNDI, some are actually faster. Not all network cards will work with either or both ways.
28
29
h3. TFTP setup - UNDI driver
30
31
In this setup, iPXE uses UNDI for network communication.
32
33
Copy the iPXE firmware to the TFTP root directory and rename it:
34
35
  cp /usr/share/ipxe/undionly.kpxe /var/lib/tftpboot/undionly-ipxe.0
36
37
The source directory can be different on linux distributions, this is for Red Hats. This is shipped in ipxe-bootimgs package.
38
39
h3. TFTP setup - built-in driver
40
41
In this setup, iPXE uses build-in driver for network communication. Therefore this will only work on supported cards.
42
43
Copy the iPXE firmware to the TFTP root directory:
44
45
  cp /usr/share/ipxe/ipxe.lkrn /var/lib/tftpboot/
46
47
The source directory can be different on linux distributions, this is for Red Hats. This is shipped in ipxe-bootimgs package.
48
49
h3. TFTP setup - alternative UNDI driver from syslinux
50
51
This is alternative approach if none of the above configurations work or packages are not available. This will work with templates shown below, even if they have prefix set to @#!ipxe@ (should be @#!gpxe@).
52
53
Copy the gPXE firmware to the TFTP root directory:
54
55
  cp /usr/share/syslinux/gpxelinuxk.0 /var/lib/tftpboot/
56
57
The source directory can be different on linux distributions, this is for Red Hats. This is shipped in syslinux package.
58
59
h3. TFTP setup - check-up
60
61
Do not use symbolic links as TFTP runs in chroot. When using SELinux, remember to correct file contexts:
62
63
  restorecon -RvF /var/lib/tftpboot/
64
65
h2. Foreman setup - PXELinux
66
67
Configuration involves associating PXELinux and iPXE templates.
68
69
h3. PXELinux with UNDI driver
70
71 9 Lukas Zapletal
In your Foreman instance, go to "Provisioning templates" and create new template of PXELinux kind with the following contents:
72 1 Alexander Chuzhoy
73
<pre><code>
74 10 Lukas Zapletal
DEFAULT undionly-ipxe
75
LABEL undionly-ipxe
76
MENU LABEL iPXE UNDI
77
KERNEL undionly-ipxe.0
78
IPAPPEND 2
79
</code></pre>
80
81
Recent version of Foreman ships with this template already under name "PXELinux chain iPXE UNDI".
82
83
h3. PXELinux with built-in driver
84
85
In your Foreman instance, go to "Provisioning templates" and create new template of PXELinux kind with the following contents:
86
87
<pre><code>
88 1 Alexander Chuzhoy
DEFAULT linux
89 9 Lukas Zapletal
LABEL linux
90
KERNEL ipxe.lkrn
91
APPEND dhcp && chain <%= foreman_url('iPXE') %>
92
IPAPPEND 2
93
</code></pre>
94 1 Alexander Chuzhoy
95
Recent version of Foreman ships with this template already under name "PXELinux chain iPXE".
96 9 Lukas Zapletal
97 10 Lukas Zapletal
h2. Foreman setup - iPXE template
98 9 Lukas Zapletal
99 10 Lukas Zapletal
Use provided iPXE template which ship with Foreman, these are named 'Kickstart default iPXE' or 'Preseed default iPXE' containing something like:
100 9 Lukas Zapletal
101 2 Ohad Levy
<pre><code>#!ipxe
102 1 Alexander Chuzhoy
kernel <%= "#{@host.url_for_boot(:kernel)}" %> ks=<%= foreman_url("provision")%>
103
initrd <%= "#{@host.url_for_boot(:initrd)}" %>
104
boot
105
</code></pre>
106
107 10 Lukas Zapletal
If there was a host associated with PXELinux templates, you may need to exit and re-enter Build state for the TFTP configuration to be redeployed. Recent versions of Foreman do this automatically on template save.
108 1 Alexander Chuzhoy
109 10 Lukas Zapletal
h3. DHCP setup with UNDI
110 1 Alexander Chuzhoy
111 10 Lukas Zapletal
The above configuration will lead to an endless loop of chainbooting iPXE firmware. To break this loop, configure DHCP server to hand over correct URL to iPXE to continue booting. In the /etc/dhcp/dhcpd.conf file change the "filename" global or subnet configuration as follows:
112
113 11 Lukas Zapletal
<pre><code>
114 10 Lukas Zapletal
if exists user-class and option user-class = "iPXE" {
115
  filename "http://foreman:3000/unattended/iPXE";
116
} else {
117
  filename "pxelinux.0";
118
}
119 11 Lukas Zapletal
</code></pre>
120 10 Lukas Zapletal
121 1 Alexander Chuzhoy
If there are existing leases on the DHCP server, let them expire and restart the DHCP service. This can be also forced with
122
123 11 Lukas Zapletal
<pre><code>
124
truncate /var/lib/dhcpd/dhcpd.leases
125
service dhcpd restart
126
</code></pre>
127 10 Lukas Zapletal
128
h3. DHCP setup built-in driver
129
130
No changes are necessary since built-in firmware can directly read URL from kernel command line.
131
132
h1. Boot virtual machines via iPXE directly
133
134
Since most virtualization platforms use iPXE as the primary firmware for PXE booting, the above configuration will directly work without TFTP and PXELinux involved. This is known to work with libvirt, oVirt and RHEV. If the hypervisor is capable of replacing PXE firmware, it will work too (e.g. VMWare is documented at http://ipxe.org/howto/vmware). The workflow is simplified in this case:
135
136
* VM is turned on
137
* iPXE gets network credentials from DHCP again
138
* iPXE gets HTTP address from DHCP
139
* iPXE chainloads the iPXE template from Foreman
140
* iPXE loads kernel and init RAM disk of the installer
141
142
To implement that behavior, simply follow the above steps described in "DHCP setup with UNDI" and make sure iPXE template is associated with the host and IP address match the one reserved on DHCP server.