Thursday, November 17, 2011

iPXE: Boot iPXE firmware

iPXE (formerly known as gPXE) is an open source network boot firmware.  The most obvious reason of using iPXE is the ability to download image from HTTP and Boot ISCSI target but not limited to that.  For illustration purpose, this topic focus on chain load usage of iPXE image.

Prepare iPXE image

  1. Get a copy of the iPXE source
    # git clone git://git.ipxe.org/ipxe.git
  2. Build chain load iPXE image:
    # cd ipxe
    # make src/bin/undionly.kpxe
  3. Chain load iPXE image file:
    # ls -algG src/bin/undionly.kpxe -al
    -rw-r--r-- 1 62326 Nov 15 11:38 src/bin/undionly.kpxe
  4. Refer to: http://ipxe.org/download for more information on preparing iPXE image.

Chain loading iPXE from PXE ROM

  1. Deploy iPXE image to TFTP boot folder:
    # cp src/bin/undionly.kpxe /var/lib/tftpboot
  2. Change dhcp configuration file to boot iPXE image:
    # vi /etc/dhcp/dhcpd.conf
    next-server <tftp-server>;
    filename "undionly.kpxe";
  3. Restart dhcpd service:
    # service dhcpd restart
  4. Power on machine and boot to network using existing PXE ROM.  You should see the machine will boot into iPXE shell after PXE ROM:

    MS-DOS-2011-11-15-11-49-38
  5. Press Ctrl-B for enter iPXE cli mode.
  6. Type help to get a list of available commands:
    MS-DOS-2011-11-17-15-08-47

iPXE options for DHCP

  1. Construct a list of iPXE options for DHCP configuration:
    # cat /etc/dhcp/ipxe.options
    # iPXE specific options
    option space ipxe;
    option ipxe-encap-opts code 175 = encapsulate ipxe;
    option ipxe.priority code 1 = signed integer 8;
    option ipxe.keep-san code 8 = unsigned integer 8;
    option ipxe.skip-san-boot code 9 = unsigned integer 8;
    option ipxe.no-pxedhcp code 176 = unsigned integer 8;
    option ipxe.bus-id code 177 = string;
    option ipxe.bios-drive code 189 = unsigned integer 8;
    option ipxe.username code 190 = string;
    option ipxe.password code 191 = string;
    option ipxe.reverse-username code 192 = string;
    option ipxe.reverse-password code 193 = string;
    option ipxe.version code 235 = string;
    option iscsi-initiator-iqn code 203 = string;
    
    # Feature indicators
    option ipxe.pxeext code 16 = unsigned integer 8;
    option ipxe.iscsi code 17 = unsigned integer 8;
    option ipxe.aoe code 18 = unsigned integer 8;
    option ipxe.http code 19 = unsigned integer 8;
    option ipxe.https code 20 = unsigned integer 8;
    option ipxe.tftp code 21 = unsigned integer 8;
    option ipxe.ftp code 22 = unsigned integer 8;
    option ipxe.dns code 23 = unsigned integer 8;
    option ipxe.bzimage code 24 = unsigned integer 8;
    option ipxe.multiboot code 25 = unsigned integer 8;
    option ipxe.slam code 26 = unsigned integer 8;
    option ipxe.srp code 27 = unsigned integer 8;
    option ipxe.nbi code 32 = unsigned integer 8;
    option ipxe.pxe code 33 = unsigned integer 8;
    option ipxe.elf code 34 = unsigned integer 8;
    option ipxe.comboot code 35 = unsigned integer 8;
    option ipxe.efi code 36 = unsigned integer 8;
    option ipxe.fcoe code 37 = unsigned integer 8;
  2. These options are useful for advance configuration of iPXE booting.

Prevent infinite iPXE boot

  1. You will notice that booting undionly.kpxe basically just boot iPXE firmware.  The iPXE will keep obtain iPXE image from DHCP server and boot itself infinitely.  To instruct iPXE to do other work once iPXE has been loaded, make changes to dhcpd.conf:
    include "/etc/dhcp/ipxe.options";
    
    next-server <tftp-server>;
    if exists user-class and option user-class = "iPXE" {
        filename "http://boot-server/boot.ipxe";
    } else {
        filename "undionly.kpxe";
    }
  2. Restart dhcpd service:
    # service dhcpd restart
    Shutting down dhcpd:                                       [  OK  ]
    Starting dhcpd:                                            [  OK  ]
  3. The above changes will first boot iPXE image (undionly.kpxe), followed by booting a iPXE script from http service.
  4. The iPXE script (boot.ipxe) can be as simple as:
    # cat boot.ipxe
    #!ipxe
    login
  5. Here is an output screen of boot.ipxe:

    MS-DOS-2011-11-17-15-26-11

Speeding iPXE boot

iPXE booting will wait for replies from a ProxyDHCP server before booting. If you are not using a ProxyDHCP server, then this creates an unnecessary delay of several seconds. You can eliminate this delay by adding an option in dhcpd.conf:

option ipxe.no-pxedhcp 1;

Simple iPXE Commands

  1. Obtain an IP for interface net0:
    IPXE> dhcp net0
  2. Interactive Configuration Tools:
    IPXE> config
    

    MS-DOS-2011-11-15-14-38-44
  3. Boot an image
    IPXE> chain pxelinux.0
  4. Boot a ISCSI target:

    IPXE> sanboot iscsi:<ip-address>::::iqn.2011-03.example.org:my-target
  5. You may aggregate iPXE commands to form a iPXE script file:
    #!ipxe
    login
    echo ${username}
    echo ${password}
    sanboot iscsi:<ip-address>::::iqn.2011-03.example.org:my-target

Chain loading iPXE from PXELinux

  1. If you have deployed PXELinux in your network and want to preserve it while enjoying the iPXE’s extra functionalities, you may chain load iPXE from PXELinux’s configuration
  2. PXELinux requires boot image file to have suffix of .0.  Make a symbolic link reference:
    # ln -s undionly.kpxe undionly.0
    # ls -algG undionly*
    lrwxrwxrwx 1 13 Nov 12 10:35 undionly.0 -> undionly.kpxe
    -rw-r--r-- 1 55168 Nov 12 09:54 undionly.kpxe
  3. Add a menu entry to PXELinux to boot iPXE image:
    # vi pxelinux.cfg/default
    
    LABEL iPXE
        kernel undionly.0
  4. You may now boot iPXE from PXELinux menu

Reference

  1. Network-booting machines over HTTP. URL: http://jpmens.net/2011/07/18/network-booting-machines-over-http/
  2. iPXE - open source boot firmware. URL: http://ipxe.org/

No comments: