This would have the impact of potentially removing the need for TFTP for those PXE clients and using only HTTP or perhaps even HTTPS at some point.
For example, lets say I have a VM running on Nutanix, which by default uses SeaBIOS and iPXE as the boot ROM. It’s a bit redundant to load undionly.0 and then ipxe.0 and then proceed down the path of booting into the FOG menus.
It’s fairly straightforward to get an existing iPXE ROM to load a script or menu via HTTP using DHCP …
ISC DHCP
if exists user-class and option user-class = "iPXE" {
filename "http://${next-server}/fog/service/ipxe/boot.ipxe";
} else {
filename "undionly.kpxe";
}
DNSMASQ
# The dhcp-match sets the ipxe tag for requests from iPXE.
# iPXE sends a 175 option
dhcp-match=set:ipxe,175
# The boot filename, Server name, Server Ip Address
dhcp-boot=tag:!ipxe,undionly.kpxe,,192.168.X.X
dhcp-boot=http://${next-server}/fog/service/ipxe/boot.ipxe,,192.168.X.X
May also be able to use the DHCP option “user class” in dnsmasq.conf, but the above works just fine. I have only tested in proxy mode but it does work just fine … my DHCP server will be off-limits in production.
So, trying this I copied over /tftpboot/default.ipxe into /var/www/fog/services/ipxe/boot.ipxe.
The first thing that happened when dnsmasq sent over boot.ipxe as the file to load, exception thrown because all of the “params” and “param” statements in that file were of course not recognized by my iPXE boot ROM causing an exception and halting any progress. Based on a quick look through boot.php in the ipxe directory and then other php code further up the chain (bootmenu.class.php etc), I assume these are PHP arrays and variables. Of course, the FOG-provided chain loaded iPXE ROM seems to load just fine - so perhaps “default.ipxe” is the wrong place for me to start … I’m still digging around
Now, if I trim back boot.ipxe (default.ipxe) to instead contain only the following, I successfully boot to the FOG menu … however it has no styling or background PNG, only plain ncurses type PXE menu but all of the standard FOG options are there.
#!ipxe
cpuid --ext 29 && set arch x86_64 || set arch ${buildarch}
chain http://${next-server}/fog/service/ipxe/boot.php?mac=${net0/mac}
Now from here all I tried to do was click on the deploy image option and again I was given an exception stating that “params” was an unknown.
I’m going to continue to poke around, because obviously FOG is already working properly via iPXE once it’s chain loaded from undionly. So, I believe this may not require much in the way of codebase change, but perhaps configuration change.
As a side note, for physical hosts my plan would be to utilize UEFI HTTP Boot to load the iPXE ROM (vs using the Intel hardware PXE ROM) and then loading up the same boot.ipxe script via HTTP as shown above. Goal would be to eventually move all of this to HTTPS, but … baby steps!!
If you have any quick tips about where to look next that would be appreciated. I think as you look to the future and using UEFI HTTP(S) Boot and removing the hard requirement for TFTP for that initial undionly.0 for folks that may not want TFTP installed, this could be a good feature request.