USB Boot method: Make FOG serve ipxe files via http instead of tftp


  • I’ve been experimenting with the USB boot method for a bit now. I’m wondering if it is possible to serve all boot files via http instead of tftp using the USB boot method.


  • @george1421 I just tested it out on a PC outside of our IT vlan with success. I hard coded it already, but I have a habit of not disclosing our IP addresses even if they’re private. I get the Press ESC to show the menu option for one second, then it boots to the hard drive. Now I took the modified bootx64.efi from my usb drive and copied it to the Windows EFI partition, replacing the existing one (renamed the old to bootx64.efi.bak), made sure that the UEFI is pointing to the file, and now the PC boots the fog process without USB.

  • Moderator

    @brakcounty Sure you can do that. You can strip out things that are not important during the execution of the embedded script.

    #!ipxe
    isset ${net0/mac} && ifopen net0 && dhcp net0 || goto dhcpnet1
    echo Received DHCP answer on interface net0 && goto netboot
    
    :dhcpnet1
    isset ${net1/mac} && ifopen net1 && dhcp net1 || goto dhcpnet2
    echo Received DHCP answer on interface net1 && goto netboot
    
    :dhcpnet2
    isset ${net2/mac} && ifopen net2 && dhcp net2 || goto dhcpall
    echo Received DHCP answer on interface net2 && goto netboot
    
    :dhcpall
    dhcp && goto netboot || goto dhcperror
    
    :dhcperror
    prompt --key s --timeout 10000 DHCP failed, hit 's' for the iPXE shell; reboot in 10 seconds && shell || reboot
    
    :netboot
    chain http://10.10.1.30/default.ipxe ||
    prompt --key s --timeout 10000 Chainloading failed, hit 's' for the iPXE shell; reboot in 10 seconds && shell || reboot
    

    The only thing you will need to do is update the hard coded IP address in the chain command with your FOG server’s IP. That way it will be locked into only talking to that server. DHCP options 66 or 67 will be ignored.

    Understand I did not test this script only hacked up what you provided below.


  • @george1421 I placed a copy of default.ipxe in /var/www/html and verified it is accessible via my web browser. Still having trouble with the ipxescript. What I’d like it to do, and I’m currently researching how to do, is tell ipxe to:

    1. Init devices
    2. Request an IP via DHCP
    3. chainload the default.ipxe file by connecting to the http share.

    What I don’t want is the proxy check and all that. I want everything to be specified and explicit.

    UPDATE: Found it! Still a bit dirty, but I got it to serve over http only.

    #!ipxe
    isset ${net0/mac} && ifopen net0 && dhcp net0 || goto dhcperror
    echo Received DHCP answer on interface net0 && goto netboot
    
    #:dhcpnet1
    #isset ${net1/mac} && ifopen net1 && dhcp net1 || goto dhcpnet2
    #echo Received DHCP answer on interface net1
    
    #:dhcpnet2
    #isset ${net2/mac} && ifopen net2 && dhcp net2 || goto dhcpall
    #echo Received DHCP answer on interface net2
    
    #:dhcpall
    #dhcp && goto setserv || goto dhcperror
    
    :dhcperror
    prompt --key s --timeout 10000 DHCP failed, hit 's' for the iPXE shell; reboot in 10 seconds && shell || reboot
    
    #:proxycheck
    #isset ${proxydhcp/next-server} && set next-server ${proxydhcp/next-server} || goto nextservercheck
    
    #:nextservercheck
    #isset ${next-server} || set next-server fogip && goto netboot || goto setserv
    
    #:setserv
    #set fogserver fogip && goto netboot || goto setserv
    
    :netboot
    chain http://fogip/html/default.ipxe ||
    prompt --key s --timeout 10000 Chainloading failed, hit 's' for the iPXE shell; reboot in 10 seconds && shell || reboot
    
    
  • Moderator

    @brakcounty Yes you will need to fix the script to use http:// instead of tftp:// (ipxe will know how to manage this new connection), then also copy default.ipxe to /var/www/html directory. Its not hard to do since everything you need to compile ipxe is built into the FOG server.


  • @george1421 Screenshot from 2021-11-09 09-22-29.png

    /root/fogproject-1.5.9/src/ipxe/src/ipxescript

    #!ipxe
    isset ${net0/mac} && ifopen net0 && dhcp net0 || goto dhcpnet1
    echo Received DHCP answer on interface net0 && goto proxycheck
    
    :dhcpnet1
    isset ${net1/mac} && ifopen net1 && dhcp net1 || goto dhcpnet2
    echo Received DHCP answer on interface net1 && goto proxycheck
    
    :dhcpnet2
    isset ${net2/mac} && ifopen net2 && dhcp net2 || goto dhcpall
    echo Received DHCP answer on interface net2 && goto proxycheck
    
    :dhcpall
    dhcp && goto proxycheck || goto dhcperror
    
    :dhcperror
    prompt --key s --timeout 10000 DHCP failed, hit 's' for the iPXE shell; reboot in 10 seconds && shell || reboot
    
    :proxycheck
    isset ${proxydhcp/next-server} && set next-server ${proxydhcp/next-server} || goto nextservercheck
    
    :nextservercheck
    isset ${next-server} && goto netboot || goto setserv
    
    :setserv
    echo -n Please enter tftp server: && read next-server && goto netboot || goto setserv
    
    :netboot
    chain tftp://${next-server}/default.ipxe ||
    prompt --key s --timeout 10000 Chainloading failed, hit 's' for the iPXE shell; reboot in 10 seconds && shell || reboot
    

    The ipxe.efi was compiled on the same server that the USB boot method is connecting to. It seems like default.ipxe is being served via tftp AFTER ipxe init. So that file is what I want to be served via http. I guess I’d have to make the ipxe.efi do this via script of config file before compiling it.

  • Moderator

    @brakcounty said in USB Boot method: Make FOG serve ipxe files via http instead of tftp:

    I’m wondering if it is possible to serve all boot files via http instead of tftp using the USB boot method

    I guess I need to know how you created the the usb boot image.

    Because… the only files served by tftp protocol is ipxe.efi files, and those are/should be already on the usb drive. If you are usb booting into the grub menu then bzImage and init.xz is already on the usb boot drive.

    If you are usb booting into the FOG iPXE menu then bzImage and init.xz should be transferred via http already. As I said earlier the only files sent by tftp is the pxe boot loader program (iPXE).

314
Online

9.0k
Users

15.6k
Topics

145.1k
Posts