Configuring iPXE to Reduce Provisioning Times

You can use orcharhino to configure PXELinux to chainboot iPXE in BIOS mode and boot using the HTTP protocol if you have the following restrictions that prevent you from using PXE:

  • A network with unmanaged DHCP servers.

  • A PXE service that is blacklisted on your network or restricted by a firewall.

  • An unreliable TFTP UDP-based protocol because of, for example, a low-bandwidth network.

Only BIOS systems are known to work reliably. For configuring iPXE with some EFI hosts, read a separate tutorial.

iPXE Overview

iPXE is an open source network boot firmware. It provides a full PXE implementation enhanced with additional features, including booting from HTTP server. For more information, see ipxe.org.

There are three methods of using iPXE with orcharhino:

  1. Booting virtual machines using hypervisors that use iPXE as primary firmware.

  2. Using PXELinux through TFTP to chainload iPXE directly on bare metal hosts.

  3. Using PXELinux through UNDI, which uses HTTP to transfer the kernel and the initial RAM disk on bare-metal hosts.

Security Information

The iPXE binary in Rocky Linux is built without some security features. For this reason, you can only use HTTP, and cannot use HTTPS. Recompile iPXE from source to use security features like HTTPS.

Prerequisites

  • A host exists on orcharhino to use.

  • The MAC address of the provisioning interface matches the host configuration.

  • The provisioning interface of the host has a valid DHCP reservation.

  • The NIC is capable of PXE booting. For more information, see supported hardware on ipxe.org for a list of hardware drivers expected to work with an iPXE-based boot disk.

  • The NIC is compatible with iPXE.

To prepare iPXE environment, you must perform this procedure on all orcharhino Proxies.

Procedure

  1. Enable the tftp and httpboot services:

    # foreman-installer --foreman-proxy-httpboot true --foreman-proxy-tftp true

  2. Install the ipxe-bootimgs RPM package:

    # yum install ipxe-bootimgs

  3. Correct the SELinux file contexts:

    # restorecon -RvF /var/lib/tftpboot/

    • Copy the iPXE firmware with the Linux kernel header to the TFTP directory:

      # cp /usr/share/ipxe/ipxe.lkrn /var/lib/tftpboot/

    • Copy the UNDI iPXE firmware to the TFTP directory:

      # cp /usr/share/ipxe/undionly.kpxe /var/lib/tftpboot/undionly-ipxe.0

  4. Optionally, configure Foreman discovery. For more information, see Configuring the Discovery Service.

    • In the orcharhino management UI, navigate to Administer > Settings, and click the Provisioning tab.

    • Locate the Default PXE global template entry row and in the Value column, change the value to discovery.

Booting Virtual Machines

Some virtualization hypervisors use iPXE as primary firmware for PXE booting. Because of this, you can boot virtual machines without TFTP and PXELinux.

Chainbooting virtual machine workflow

Using virtualization hypervisors removes the need for TFTP and PXELinux. It has the following workflow:

  1. Virtual machine starts

  2. iPXE retrieves the network credentials using DHCP

  3. iPXE retrieves the HTTP address using DHCP

  4. iPXE loads the iPXE bootstrap template from orcharhino Proxy

  5. iPXE loads the iPXE template with MAC as a URL parameter from orcharhino Proxy

  6. iPXE loads the kernel and initial RAM disk of the installer

Ensure that the hypervisor that you want to use supports iPXE. The following virtualization hypervisors support iPXE:

Configuring orcharhino Server to use iPXE

You can use the default template to configure iPXE booting for hosts. If you want to change the default values in the template, clone the template and edit the clone.

Procedure

  1. In the orcharhino management UI, navigate to Hosts > Provisioning Templates, enter Kickstart default iPXE and click Search.

  2. Optional: If you want to change the template, click Clone, enter a unique name, and click Submit.

  3. Click the name of the template you want to use.

  4. If you clone the template, you can make changes you require on the Template tab.

  5. Click the Association tab, and select the operating systems that your host uses.

  6. Click the Locations tab, and add the location where the host resides.

  7. Click the Organizations tab, and add the organization that the host belongs to.

  8. Click Submit to save the changes.

  9. In the orcharhino management UI, navigate to Hosts > Operating systems and select the operating system of your host.

  10. Click the Templates tab.

  11. From the iPXE Template list, select the template you want to use.

  12. Click Submit to save the changes.

  13. In the orcharhino management UI, navigate to Hosts > All Hosts.

  14. In the Hosts page, select the host that you want to use.

  15. Select the Operating System tab.

  16. Set PXE Loader to iPXE Embedded.

  17. Select the Templates tab.

  18. From the iPXE template list, select Review to verify that the Kickstart default iPXE template is the correct template.

  19. Configure the dhcpd.conf file as follows:

    if exists user-class and option user-class = "iPXE" {
  filename "http://orcharhino-proxy.network2.example.com:8000/unattended/iPXE?bootstrap=1";
} # elseif existing statements if non-iPXE environment should be preserved

    If you use an isolated network, use a orcharhino Proxy URL with TCP port 8000, instead of the URL of orcharhino Server.

    If you have changed the port using the --foreman-proxy-http-port installer option, use your custom port. You must update the /etc/dhcp/dhcpd.conf file after every upgrade.

Chainbooting iPXE from PXELinux

Use this procedure to set up iPXE to use a built-in driver for network communication or UNDI interface. To use HTTP with iPXE, use iPXE build with built-in drivers (ipxe.lkrn). Universal Network Device Interface (UNDI) is a minimalistic UDP/IP stack that implements TFTP client, however, cannot support other protocols like HTTP (undionly-ipxe.0). You can choose to either load ipxe.lkrn or undionly-ipxe.0 file depending on the networking hardware capabilities and iPXE driver availability.

Chainbooting iPXE directly or with UNDI workflow

  1. Host powers on

  2. PXE driver retrieves the network credentials using DHCP

  3. PXE driver retrieves the PXELinux firmware pxelinux.0 using TFTP

  4. PXELinux searches for the configuration file on the TFTP server

  5. PXELinux chainloads iPXE ipxe.lkrn or undionly-ipxe.0

  6. iPXE retrieves the network credentials using DHCP again

  7. iPXE retrieves HTTP address using DHCP

  8. iPXE chainloads the iPXE template from the template orcharhino Proxy

  9. iPXE loads the kernel and initial RAM disk of the installer

Configuring orcharhino Server to use iPXE

You can use the default template to configure iPXE booting for hosts. If you want to change the default values in the template, clone the template and edit the clone.

Procedure

  1. In the orcharhino management UI, navigate to Hosts > Provisioning Templates.

  2. Enter PXELinux chain iPXE to use ipxe.lkrn or, for BIOS systems, enter PXELinux chain iPXE UNDI to use undionly-ipxe.0, and click Search.

  3. Optional: If you want to change the template, click Clone, enter a unique name, and click Submit.

  4. Click the name of the template you want to use.

  5. If you clone the template, you can make changes you require on the Template tab.

  6. Click the Association tab, and select the operating systems that your host uses.

  7. Click the Locations tab, and add the location where the host resides.

  8. Click the Organizations tab, and add the organization that the host belongs to.

  9. Click Submit to save the changes.

  10. In the Provisioning Templates page, enter Kickstart default iPXE into the search field and click Search.

  11. Optional: If you want to change the template, click Clone, enter a unique name, and click Submit.

  12. Click the name of the template you want to use.

  13. If you clone the template, you can make changes you require on the Template tab.

  14. Click the Association tab, and associate the template with the operating system that your host uses.

  15. Click the Locations tab, and add the location where the host resides.

  16. Click the Organizations tab, and add the organization that the host belongs to.

  17. Click Submit to save the changes.

  18. In the orcharhino management UI, navigate to Hosts > Operating systems and select the operating system of your host.

  19. Click the Templates tab.

  20. From the PXELinux template list, select the template you want to use.

  21. From the iPXE template list, select the template you want to use.

  22. Click Submit to save the changes.

  23. In the orcharhino management UI, navigate to Hosts > All Hosts, and select the host you want to use.

  24. Select the Operating System tab.

  25. Set PXE Loader to PXELinux BIOS to chainboot iPXE via PXELinux, or to iPXE Chain BIOS to load undionly-ipxe.0 directly.

  26. Select the Templates tab, and from the PXELinux template list, select Review to verify the template is the correct template.

  27. From the iPXE template list, select Review to verify the template is the correct template. If there is no PXELinux entry, or you cannot find the new template, navigate to Hosts > All Hosts, and on your host, click Edit. Click the Operating system tab and click the Provisioning Template Resolve button to refresh the list of templates.

  28. Configure the dhcpd.conf file as follows:

    if exists user-class and option user-class = "iPXE" {
  filename "http://orcharhino-proxy.network2.example.com:8000/unattended/iPXE?bootstrap=1";
} # elseif existing statements if non-iPXE environment should be preserved

    If you have changed the port using the --foreman-proxy-http-port installer option, use your custom port. You must update the /etc/dhcp/dhcpd.conf file after every upgrade.

The text and illustrations on this page are licensed by ATIX AG under a Creative Commons Attribution–Share Alike 3.0 Unported ("CC-BY-SA") license. This page also contains text from the official Foreman documentation which uses the same license ("CC-BY-SA").