RE: network boot uefi opnsense iso (or root fs!)

Thanks for that link. I’ll peruse it as well. At least Fog is old faithful and got my test computer up and running when USB/DVD both failed me miserably!

Based on the third link, I expect BSD to be able to netboot OK. OpnSense basically runs just off a normal hardenedBSD install, so I expect netboot to continue to work.

When you boot to the image, it’ll popup in a live CD mode. Full functionality with no HDD needed. Then, if you login with installer user, it’ll do setup.

My ultimate goal is to learn more about net booting iso files to [u]efi systems and install Opnsense on this laptop (usb and DVD install keeps not working!!).

However, I installed Opnsense to a local VM and captured it after the installer was done. I then deployed to this computer and now its all up and running! Woo.

So all that’s left is however much academic value I get out of it (Read: Masochism).

Following the last answer on this serverfault page (https://serverfault.com/questions/140979/pxe-boot-freebsd-iso-from-pxelinux-server/141890#141890), I set the root-path dhcpd option and tried to do a chain to fogip/opnsense/boot/pxeboot (of course with the extracted image contents sitting in my tftp folder) and seemed to not work. I will probably try this method a bit more. I’d love to just chain it. Maybe pxe from this link and chain aren’t the same thing…

That’s what I figured, but I too am not familiar with BSD. I hope to update soon with an answer for future generations.

I should add here’s what opnsense looks like when loaded via EFI:

I’m stuck. Which isn’t hard to get to.

Trying to boot Opnsense (a fork of pfSense using HardenedBSD) via Fog. Tried via tftp, nfs, http. Lots of things that don’t seem to be going anywhere after several hours on multiple days, so I think I’m finally ready to ask for some help.

My primary readings:
https://forums.fogproject.org/topic/12689/imaging-with-iso-files-with-fog-1-5-5
https://forums.fogproject.org/topic/10944/using-fog-to-pxe-boot-into-your-favorite-installer-images/16
https://wiki.netbsd.org/tutorials/how_to_install__40__boot__41___netbsd_using_pxelinux/
https://forums.fogproject.org/topic/12097/ipxe-setup-for-many-os-s-under-bios-and-uefi

I really liked how clean George had it with:

set tftp-path tftp://${fog-ip}
set pe-path ${tftp-path}/os/winpe
kernel ${tftp-path}/wimboot gui
imgfetch --name BCD ${pe-path}/BCD BCD
imgfetch --name boot.sdi ${pe-path}/boot.sdi boot.sdi
imgfetch --name boot.wim ${pe-path}/boot.wim boot.wim
boot || goto MENU

But, I’m not sure what I should be putting in here… There is no BCD or sdi or wim (obviosuly, this isn’t windows!). Here’s what I do have in the mounted ISO’s /boot folder:

   3497 Mar  9 19:42 beastie.4th
   8192 Mar  9 19:42 boot
    512 Mar  9 19:42 boot0
    512 Mar  9 19:42 boot0sio
    512 Mar  9 19:42 boot1
  96768 Mar  9 19:42 boot1.efi
 819200 Mar  9 19:42 boot1.efifat
   7680 Mar  9 19:42 boot2
   2735 Mar  9 19:42 brand.4th
   2050 Mar  9 19:42 brand-fbsd.4th
   2201 Mar  9 19:42 brand-hbsd.4th
   2074 Mar 10 21:35 brand-opnsense.4th
   1185 Mar  9 19:42 cdboot
   6197 Mar  9 19:42 check-password.4th
   1796 Mar  9 19:42 color.4th
   4096 Mar  9 19:42 defaults
   3985 Mar  9 19:42 delay.4th
    754 Mar  9 19:42 device.hints
   4096 Mar  9 19:41 dtb
   4096 Mar 13 01:10 entropy
   4096 Mar  9 19:41 firmware
   4104 Mar  9 19:42 frames.4th
  66082 Mar  9 19:42 gptboot
 114754 Mar  9 19:42 gptzfsboot
  14755 Mar  9 19:42 isoboot
  32768 Mar 13 01:09 kernel
 331776 Mar  9 19:42 loader
   7356 Mar  9 19:42 loader.4th
   1678 Mar 13 01:10 loader.conf
 404480 Mar  9 19:42 loader.efi
  15084 Mar  9 19:42 loader.help
    350 Mar  9 19:42 loader.rc
   3032 Mar  9 19:42 logo-beastie.4th
   2556 Mar  9 19:42 logo-beastiebw.4th
   2137 Mar  9 19:42 logo-fbsdbw.4th
   2367 Mar  9 19:42 logo-hardenedbsd.4th
   2289 Mar  9 19:42 logo-hardenedbsdbw.4th
   2387 Mar 10 21:35 logo-hourglass.4th
   2557 Mar  9 19:42 logo-orb.4th
   2278 Mar  9 19:42 logo-orbbw.4th
    512 Mar  9 19:42 mbr
  35953 Mar  9 19:42 menu.4th           
   9178 Mar  9 19:42 menu-commands.4th
   6259 Mar  9 19:42 menu.rc
  18523 Mar  9 19:42 menusets.4th
   4096 Mar  9 19:41 modules
    512 Mar  9 19:42 pmbr
 333824 Mar  9 19:42 pxeboot
   2603 Mar  9 19:42 screen.4th
   2538 Mar  9 19:42 shortcuts.4th
  36212 Mar  9 19:42 support.4th
 329249 Mar  9 19:42 userboot.so
   2992 Mar  9 19:42 version.4th
   4096 Mar  9 19:41 zfs
 262656 Mar  9 19:42 zfsboot
 389120 Mar  9 19:42 zfsloader

Any thoughts on what solutions I have? Thank you so much.

Verify that a host on the same subnet is able to manually access the tftpd server. Make sure a host on the other subnet is able to manually access the tftpd server (including downloading the boot file both times!). If both of these work, then its figure out funky stuff. If either fail, you gotta figure out what’s incorrect on your config.

Seems legit. May have to try that out.

Thoughts on creating a script to take a base ubuntu to fully patched fog and another script to configure IP, name, mysql password, etc. ?

Now. we just gotta get people back on IRC… Used to have like 40 on all the time and answers within a few minutes. Hmmm.

I’m on! And am always there. Feel free to ping

@quinniedid which is what I guessed.

@fry_p Clonezilla can handle cifs for source/target, so I’ve debated trying to make fog work with a AD secured share. Honestly, I’ve LOVE to be able to run fog as a service from a nano server instance using AD for security/auth…

@quinniedid Dunno if you typically mention, but you should probably note that this is against the MS EULA for imaging. Some sectors care about that.

@trialanderror I get where you’re coming from, but I agree with Tom that this for free software would be too much of a nightmare to do LTS support on. I mean, there isn’t even a support team. I’m glad they don’t spend a ton of time going back to old codebases and backporting it. The installer does a good job of not blowing stuff up and the db schema typically upgrades fine too.

I say “good” because it isn’t totally transparent about what’s going on, so you do actually have to be a bit familiar with the upgrade process to make sure that you don’t do anything that could lead to loss of data.

Nice! I have made my own scripts that just do all the API stuff that I want, but I will definitely check this out!!!

@julianh You can migrate to a VM and prove that your new config works as expected. If so, then you are clear to wipe your expensive box and put a clean OS isntall on it and migrate config to it. Should work with minimal work and you have a good confidence that it work fine.

Why not just use a powershell script as a snapin?

Rename-Computer -NewName (gwmi -Class win32_bios).SerialNumber -Force -Restart

Then, everytime you image and boot up, after join domain with the default name, the computer will reboot, run the snapin, and rename to serial number.

@tom-elliott Ah. I haven’t yet ever found a need to run x86 powershell on x64 machine.

@tom-elliott Powershell as of… a year or two ago VASTLY prefers to be run in the system native bitness. Hence, we had all those issues when I was trying to Import-Module for stuff that was on the system, but available only to the 64bit version of powershell. I doubt that you would have ANY problems from powershell if client were to auto-target either.

@joe-schmitt If you made it auto-target 64, would that potentially break people who use it to install 32bit programs?

@wayne-workman I had no idea you could do an import for hosts… I made an API script to get the serial and replace the quick reg name (mac) with the serial since I didn’t see any other way to do it easily for all my hosts…