Question Regarding IPXE Boot Sequence
-
Hello FOG,
I am trying to find out how I can replace the default PXE server from FOG with one of my own.
It is not that I do not like the default PXE server; but I really need WDS to handle the initial requests in order to support SecureBoot enabled devices.My situation is as follows:
- The Client boots to network, either UEFI or Legacy
- The DHCP request is fetched by the WDS Proxy
- The DefaultBootProgram in WDS is (currently) set to (I have tested several)
…a. undionly.kpxe
…b. ipxe.efi
…c. pxelinux.0
I receive several results;
ipxe.efi just loads and reboots
pxelinux.0 loads a pxelinux menu with a FOG entry (which I edited to chain any of the IPXE files/boot.php’s)
undionly.kpxe works, but not on UEFI devices.What I am noticing is, when the device boots towards IPXE: it performs a new DHCP request; This is where my issue begins because the WDS DHCP proxy interferes here and somehow I receive default.ipxe as a boot option (I do, in none of my configs, have default.ipxe set as a boot option).
Is this a inbuilt ipxe script; or am I overlooking something?
Love to hear,
-
Ah! I see where my issue comes from…
the “&& goto proxycheck” part is booting towards WDS. because this is a proxy.Guess I’ll have to build my own ipxe files then
-
The embedded scripts are designed to look at the next-server address sent to tftp and get the default.ipxe file. The typical layout is
Option 66 = next-server = <tftp server on fog>
This chains to get tftp://<next-server>/default.ipxe
From here, the default.ipxe is just an ipxe script that’s built up from the fog installer.If iPXE is not loaded for whatever reason, the default.ipxe script will have little bounds as nothing is there to load and run the script.
I don’t know what answers you’re looking for but this is the information I can give readily.
-
This was the exact answer I was looking for. I was really confused as to where the default.ipxe came from; now I know.
Is this thcase for both the undionly.kpxe and ipxe.efi?
-
@abos_systemax Yes, all ipxe files use the same embedded script.
You can see the embedded settings here:
Non-EFI: https://github.com/FOGProject/fogproject/blob/master/src/ipxe/src/ipxescript
EFI: https://github.com/FOGProject/fogproject/blob/master/src/ipxe/src-efi/ipxescript -
@Tom-Elliott Thnx!
-
Ah! I see where my issue comes from…
the “&& goto proxycheck” part is booting towards WDS. because this is a proxy.Guess I’ll have to build my own ipxe files then
-
@abos_systemax said in Question Regarding IPXE Boot Sequence:
Ah! I see where my issue comes from…
the “&& goto proxycheck” part is booting towards WDS. because this is a proxy.Guess I’ll have to build my own ipxe files then
The solution is even easier…
addingoption ipxe.no-pxedhcp 1;to the dhcpd config fixed the proxy issue
-
@abos_systemax you were able to chain from WDS to fog? Can you explain more fully please?
-
@Wayne-Workman
Yes! In fact; I’ll post my exact how to below for future reference…My Environment:
- Citrix XenServer as a host
- Windows 2012 R2 as WDS Server (named X02, ip 10.0.0.2)
- Linux Debian for DHCP (named X01, ip 10.0.0.1)
- Linux Debian for Fog (named X03, ip 10.0.0.3)
Install the WDS Role onto Windows Server 2012 and configure it to listen to port 66
Settings: WDS Properties window DHCP --> Do not select the 'Do Not Listen on DHCP Ports' BOOT --> Always Continue the PXE Boot, or Require the user to press the F12 key (if so wanted) BOOT --> Do set default boot images PXE Response --> Respond to all client computers (Known and Unkown)This will enable the Proxy DHCP for WDS to be enabled, and actually make WDS repond to DHCP requests before DHCP can hand out the ‘Next-Server’.
Also on Windows, launch an administrative prompt or Powershell and use the following commands to change the default boot program:
wdsutil /set-server /N12bootprogram:Boot\Custom\undionly.kpxe /Architecture:x64 wdsutil /set-server /bootprogram:Boot\Custom\undionly.kpxe /Architecture:x64 wdsutil /set-server /N12bootprogram:Boot\Custom\undionly.kpxe/Architecture:x86 wdsutil /set-server /bootprogram:Boot\Custom\undionly.kpxe /Architecture:x86 wdsutil /set-server /N12bootprogram:Boot\Custom\ipxe.efi /architecture:x64uefi wdsutil /set-server /N12bootprogram:Boot\Custom\ipxe_x32.efi /architecture:x86uefiThis will set the boot program for both the ‘no F12’ and ‘normal’ boot to your own boot program, either undionly.kpxe in this case, and ipxe.efi/ipxe_x32.efi for UEFI environments
Of course you now need to copy the undionly.kpxe, ipxe.efi and ipxe_32 files to the /boot/Custom folder for WDS (where you need to create the Custom Folder)
You can place the files in any WDS Boot folder you wish, just change the commands above to correspond with the new location. Notice that the files must be placed in the WDS root folder ‘/boot’Now for the DHCP server,
nothing quite special here except for the iPXE options:option space ipxe; option ipxe-encap-opts code 175 = encapsulate ipxe; option ipxe.priority code 1 = signed integer 8; option ipxe.keep-san code 8 = unsigned integer 8; option ipxe.skip-san-boot code 9 = unsigned integer 8; option ipxe.syslogs code 85 = string; option ipxe.cert code 91 = string; option ipxe.privkey code 92 = string; option ipxe.crosscert code 93 = string; option ipxe.no-pxedhcp code 176 = unsigned integer 8; option ipxe.bus-id code 177 = string; option ipxe.bios-drive code 189 = unsigned integer 8; option ipxe.username code 190 = string; option ipxe.password code 191 = string; option ipxe.reverse-username code 192 = string; option ipxe.reverse-password code 193 = string; option ipxe.version code 235 = string; option iscsi-initiator-iqn code 203 = string; #// Feature indicators option ipxe.pxeext code 16 = unsigned integer 8; option ipxe.iscsi code 17 = unsigned integer 8; option ipxe.aoe code 18 = unsigned integer 8; option ipxe.http code 19 = unsigned integer 8; option ipxe.https code 20 = unsigned integer 8; option ipxe.tftp code 21 = unsigned integer 8; option ipxe.ftp code 22 = unsigned integer 8; option ipxe.dns code 23 = unsigned integer 8; option ipxe.bzimage code 24 = unsigned integer 8; option ipxe.multiboot code 25 = unsigned integer 8; option ipxe.slam code 26 = unsigned integer 8; option ipxe.srp code 27 = unsigned integer 8; option ipxe.nbi code 32 = unsigned integer 8; option ipxe.pxe code 33 = unsigned integer 8; option ipxe.elf code 34 = unsigned integer 8; option ipxe.comboot code 35 = unsigned integer 8; option ipxe.efi code 36 = unsigned integer 8; option ipxe.fcoe code 37 = unsigned integer 8; option ipxe.vlan code 38 = unsigned integer 8; option ipxe.menu code 39 = unsigned integer 8; option ipxe.sdi code 40 = unsigned integer 8; option ipxe.nfs code 41 = unsigned integer 8; #//Basically, this one stops WDS from interfering once iPXE has booted; it disables iPXE 'listen for a DHCP proxy' option ipxe.no-pxedhcp 1; authoritative; allow unknown-clients; option broadcast-address 10.0.0..255; option subnet-mask 255.0.0.0; option routers 10.0.0.254; ddns-update-style none;; option domain-name-servers 10.0.0.1, 8.8.8.8; default-lease-time 14400; max-lease-time 14400; log-facility local7; # LAN subnet 10.0.0.1 netmask 255.0.0.0 { dynamic-bootp-lease-length 14400; authoritative; max-lease-time 14400; default-lease-time 14400; allow unknown-clients; next-server 10.0.0.3; range 10.0.0.25 10.0.0.250; }Nothing special there, except for the option ipxe.no-pxedhcp 1;
Otherwise, WDS will always inject it’s own next-server reply, looping you back to wdsnbp.com, now you stay in iPXE, where FOG’s default.ipxe can take over.basically, that’s all there is about it.
This archieves the following:- Secure Boot Enabled devices will always boot towards WDS; no control about that
- UEFI devices will boot to either ipxe.efi or ipxe_x32.efi, depending on the arch
- Legacy devices will boot to undionly.kpxe
This will enable you to boot towards FOG.
One mayor But:
I haven’t yet got the EFI side of the FOG menu working; so all commands from the default boot.php fail on UEFI enabled devices. of/c this has something to to with the bzimage and init.xz not being able to load… but that is my challenge for today
-
@abos_systemax #wiki worthy