• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

Question Regarding IPXE Boot Sequence

Scheduled Pinned Locked Moved Solved
FOG Problems
3
10
3.5k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    abos_systemax
    last edited by Jan 19, 2017, 2:17 PM

    Hello FOG,

    I am trying to find out how I can replace the default PXE server from FOG with one of my own.
    It is not that I do not like the default PXE server; but I really need WDS to handle the initial requests in order to support SecureBoot enabled devices.

    My situation is as follows:

    1. The Client boots to network, either UEFI or Legacy
    2. The DHCP request is fetched by the WDS Proxy
    3. The DefaultBootProgram in WDS is (currently) set to (I have tested several)
      …a. undionly.kpxe
      …b. ipxe.efi
      …c. pxelinux.0

    I receive several results;
    ipxe.efi just loads and reboots
    pxelinux.0 loads a pxelinux menu with a FOG entry (which I edited to chain any of the IPXE files/boot.php’s)
    undionly.kpxe works, but not on UEFI devices.

    What I am noticing is, when the device boots towards IPXE: it performs a new DHCP request; This is where my issue begins because the WDS DHCP proxy interferes here and somehow I receive default.ipxe as a boot option (I do, in none of my configs, have default.ipxe set as a boot option).

    Is this a inbuilt ipxe script; or am I overlooking something?

    Love to hear,

    1 Reply Last reply Reply Quote 0
    • A
      abos_systemax @abos_systemax
      last edited by Jan 19, 2017, 3:07 PM

      Ah! I see where my issue comes from…
      the “&& goto proxycheck” part is booting towards WDS. because this is a proxy.

      Guess I’ll have to build my own ipxe files then 🙂

      A 1 Reply Last reply Jan 19, 2017, 5:09 PM Reply Quote 0
      • T
        Tom Elliott
        last edited by Jan 19, 2017, 2:42 PM

        The embedded scripts are designed to look at the next-server address sent to tftp and get the default.ipxe file. The typical layout is

        Option 66 = next-server = <tftp server on fog>
        This chains to get tftp://<next-server>/default.ipxe
        From here, the default.ipxe is just an ipxe script that’s built up from the fog installer.

        If iPXE is not loaded for whatever reason, the default.ipxe script will have little bounds as nothing is there to load and run the script.

        I don’t know what answers you’re looking for but this is the information I can give readily.

        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

        Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

        Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

        1 Reply Last reply Reply Quote 0
        • A
          abos_systemax
          last edited by Jan 19, 2017, 2:46 PM

          This was the exact answer I was looking for. I was really confused as to where the default.ipxe came from; now I know.

          Is this thcase for both the undionly.kpxe and ipxe.efi?

          T 1 Reply Last reply Jan 19, 2017, 2:51 PM Reply Quote 0
          • T
            Tom Elliott @abos_systemax
            last edited by Jan 19, 2017, 2:51 PM

            @abos_systemax Yes, all ipxe files use the same embedded script.

            You can see the embedded settings here:
            Non-EFI: https://github.com/FOGProject/fogproject/blob/master/src/ipxe/src/ipxescript
            EFI: https://github.com/FOGProject/fogproject/blob/master/src/ipxe/src-efi/ipxescript

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            A 1 Reply Last reply Jan 19, 2017, 2:51 PM Reply Quote 1
            • A
              abos_systemax @Tom Elliott
              last edited by Jan 19, 2017, 2:51 PM

              @Tom-Elliott Thnx!

              A 1 Reply Last reply Jan 19, 2017, 3:07 PM Reply Quote 0
              • A
                abos_systemax @abos_systemax
                last edited by Jan 19, 2017, 3:07 PM

                Ah! I see where my issue comes from…
                the “&& goto proxycheck” part is booting towards WDS. because this is a proxy.

                Guess I’ll have to build my own ipxe files then 🙂

                A 1 Reply Last reply Jan 19, 2017, 5:09 PM Reply Quote 0
                • A
                  abos_systemax @abos_systemax
                  last edited by Jan 19, 2017, 5:09 PM

                  @abos_systemax said in Question Regarding IPXE Boot Sequence:

                  Ah! I see where my issue comes from…
                  the “&& goto proxycheck” part is booting towards WDS. because this is a proxy.

                  Guess I’ll have to build my own ipxe files then 🙂

                  The solution is even easier…
                  adding

                  option ipxe.no-pxedhcp 1;
                  

                  to the dhcpd config fixed the proxy issue

                  W 1 Reply Last reply Jan 20, 2017, 4:50 AM Reply Quote 2
                  • W
                    Wayne Workman @abos_systemax
                    last edited by Wayne Workman Jan 19, 2017, 10:50 PM Jan 20, 2017, 4:50 AM

                    @abos_systemax you were able to chain from WDS to fog? Can you explain more fully please?

                    Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                    Daily Clean Installation Results:
                    https://fogtesting.fogproject.us/
                    FOG Reporting:
                    https://fog-external-reporting-results.fogproject.us/

                    A 1 Reply Last reply Jan 20, 2017, 6:45 AM Reply Quote 0
                    • A
                      abos_systemax @Wayne Workman
                      last edited by abos_systemax Jan 20, 2017, 12:51 AM Jan 20, 2017, 6:45 AM

                      @Wayne-Workman
                      Yes! In fact; I’ll post my exact how to below for future reference…

                      My Environment:

                      • Citrix XenServer as a host
                      • Windows 2012 R2 as WDS Server (named X02, ip 10.0.0.2)
                      • Linux Debian for DHCP (named X01, ip 10.0.0.1)
                      • Linux Debian for Fog (named X03, ip 10.0.0.3)

                      Install the WDS Role onto Windows Server 2012 and configure it to listen to port 66

                      Settings:
                      WDS Properties window 
                         DHCP --> Do not select the 'Do Not Listen on DHCP Ports'
                         BOOT --> Always Continue the PXE Boot, or Require the user to press the F12 key (if so wanted)
                         BOOT --> Do set default boot images
                         PXE Response --> Respond to all client computers (Known and Unkown)
                      

                      This will enable the Proxy DHCP for WDS to be enabled, and actually make WDS repond to DHCP requests before DHCP can hand out the ‘Next-Server’.

                      Also on Windows, launch an administrative prompt or Powershell and use the following commands to change the default boot program:

                      wdsutil /set-server /N12bootprogram:Boot\Custom\undionly.kpxe /Architecture:x64
                      wdsutil /set-server /bootprogram:Boot\Custom\undionly.kpxe /Architecture:x64
                      wdsutil /set-server /N12bootprogram:Boot\Custom\undionly.kpxe/Architecture:x86
                      wdsutil /set-server /bootprogram:Boot\Custom\undionly.kpxe /Architecture:x86
                      wdsutil /set-server /N12bootprogram:Boot\Custom\ipxe.efi /architecture:x64uefi
                      wdsutil /set-server /N12bootprogram:Boot\Custom\ipxe_x32.efi /architecture:x86uefi
                      

                      This will set the boot program for both the ‘no F12’ and ‘normal’ boot to your own boot program, either undionly.kpxe in this case, and ipxe.efi/ipxe_x32.efi for UEFI environments

                      Of course you now need to copy the undionly.kpxe, ipxe.efi and ipxe_32 files to the /boot/Custom folder for WDS (where you need to create the Custom Folder)
                      You can place the files in any WDS Boot folder you wish, just change the commands above to correspond with the new location. Notice that the files must be placed in the WDS root folder ‘/boot’

                      Now for the DHCP server,
                      nothing quite special here except for the iPXE options:

                        option space ipxe;
                        option ipxe-encap-opts code 175 = encapsulate ipxe;
                        option ipxe.priority code 1 = signed integer 8;
                        option ipxe.keep-san code 8 = unsigned integer 8;
                        option ipxe.skip-san-boot code 9 = unsigned integer 8;
                        option ipxe.syslogs code 85 = string;
                        option ipxe.cert code 91 = string;
                        option ipxe.privkey code 92 = string;
                        option ipxe.crosscert code 93 = string;
                        option ipxe.no-pxedhcp code 176 = unsigned integer 8;
                        option ipxe.bus-id code 177 = string;
                        option ipxe.bios-drive code 189 = unsigned integer 8;
                        option ipxe.username code 190 = string;
                        option ipxe.password code 191 = string;
                        option ipxe.reverse-username code 192 = string;
                        option ipxe.reverse-password code 193 = string;
                        option ipxe.version code 235 = string;
                        option iscsi-initiator-iqn code 203 = string;
                        #// Feature indicators
                        option ipxe.pxeext code 16 = unsigned integer 8;
                        option ipxe.iscsi code 17 = unsigned integer 8;
                        option ipxe.aoe code 18 = unsigned integer 8;
                        option ipxe.http code 19 = unsigned integer 8;
                        option ipxe.https code 20 = unsigned integer 8;
                        option ipxe.tftp code 21 = unsigned integer 8;
                        option ipxe.ftp code 22 = unsigned integer 8;
                        option ipxe.dns code 23 = unsigned integer 8;
                        option ipxe.bzimage code 24 = unsigned integer 8;
                        option ipxe.multiboot code 25 = unsigned integer 8;
                        option ipxe.slam code 26 = unsigned integer 8;
                        option ipxe.srp code 27 = unsigned integer 8;
                        option ipxe.nbi code 32 = unsigned integer 8;
                        option ipxe.pxe code 33 = unsigned integer 8;
                        option ipxe.elf code 34 = unsigned integer 8;
                        option ipxe.comboot code 35 = unsigned integer 8;
                        option ipxe.efi code 36 = unsigned integer 8;
                        option ipxe.fcoe code 37 = unsigned integer 8;
                        option ipxe.vlan code 38 = unsigned integer 8;
                        option ipxe.menu code 39 = unsigned integer 8;
                        option ipxe.sdi code 40 = unsigned integer 8;
                        option ipxe.nfs code 41 = unsigned integer 8;
                        
                      #//Basically, this one stops WDS from interfering once iPXE has booted; it disables iPXE 'listen for a DHCP proxy' 
                        option ipxe.no-pxedhcp 1;
                      
                      authoritative;
                      allow unknown-clients;
                      option broadcast-address 10.0.0..255;
                      option subnet-mask 255.0.0.0;
                      option routers 10.0.0.254;
                      ddns-update-style none;;
                      option domain-name-servers 10.0.0.1, 8.8.8.8;
                      default-lease-time 14400;
                      max-lease-time 14400;
                      log-facility local7;
                      
                      # LAN
                      subnet 10.0.0.1 netmask 255.0.0.0 {
                      	dynamic-bootp-lease-length 14400;
                      	authoritative;
                      	max-lease-time 14400;
                      	default-lease-time 14400;
                      	allow unknown-clients;
                      	next-server 10.0.0.3;
                      	range 10.0.0.25 10.0.0.250;
                      }
                      

                      Nothing special there, except for the option ipxe.no-pxedhcp 1;
                      Otherwise, WDS will always inject it’s own next-server reply, looping you back to wdsnbp.com, now you stay in iPXE, where FOG’s default.ipxe can take over.

                      basically, that’s all there is about it.
                      This archieves the following:

                      1. Secure Boot Enabled devices will always boot towards WDS; no control about that
                      2. UEFI devices will boot to either ipxe.efi or ipxe_x32.efi, depending on the arch
                      3. Legacy devices will boot to undionly.kpxe

                      This will enable you to boot towards FOG.

                      One mayor But:

                      I haven’t yet got the EFI side of the FOG menu working; so all commands from the default boot.php fail on UEFI enabled devices. of/c this has something to to with the bzimage and init.xz not being able to load… but that is my challenge for today 🙂

                      W 1 Reply Last reply Jan 20, 2017, 1:57 PM Reply Quote 1
                      • W
                        Wayne Workman @abos_systemax
                        last edited by Wayne Workman Jan 20, 2017, 7:57 AM Jan 20, 2017, 1:57 PM

                        @abos_systemax #wiki worthy

                        Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG!
                        Daily Clean Installation Results:
                        https://fogtesting.fogproject.us/
                        FOG Reporting:
                        https://fog-external-reporting-results.fogproject.us/

                        1 Reply Last reply Reply Quote 0
                        • 1 / 1
                        1 / 1
                        • First post
                          5/10
                          Last post

                        142

                        Online

                        12.0k

                        Users

                        17.3k

                        Topics

                        155.2k

                        Posts
                        Copyright © 2012-2024 FOG Project