mirror of
https://github.com/mbirth/wiki.git
synced 2024-12-24 22:54:09 +00:00
Post about iPXE and network booting.
This commit is contained in:
parent
ec42c1a9b1
commit
5886d62802
BIN
assets/ipxe01.jpg
Normal file
BIN
assets/ipxe01.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 125 KiB |
BIN
assets/ipxe02.jpg
Normal file
BIN
assets/ipxe02.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 74 KiB |
BIN
assets/ipxe03.jpg
Normal file
BIN
assets/ipxe03.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 77 KiB |
BIN
assets/ipxe04.jpg
Normal file
BIN
assets/ipxe04.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 92 KiB |
BIN
assets/ipxe05.jpg
Normal file
BIN
assets/ipxe05.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 127 KiB |
195
know-how/software/_posts/2016-03-05-ipxe-network-boot.md
Normal file
195
know-how/software/_posts/2016-03-05-ipxe-network-boot.md
Normal file
@ -0,0 +1,195 @@
|
|||||||
|
---
|
||||||
|
title: iPXE Network Boot
|
||||||
|
layout: default
|
||||||
|
created: 2016-03-05 00:36:55 +0100
|
||||||
|
updated: 2016-03-05 00:36:55 +0100
|
||||||
|
toc: true
|
||||||
|
tags:
|
||||||
|
- know-how
|
||||||
|
- software
|
||||||
|
- ipxe
|
||||||
|
- network
|
||||||
|
- booting
|
||||||
|
---
|
||||||
|
I first stumbled upon iPXE because of a failing info monitor at my local train
|
||||||
|
station:
|
||||||
|
|
||||||
|
![]({{ site.url }}/assets/ipxe01.jpg){: height="400px"}
|
||||||
|
|
||||||
|
[iPXE](http://ipxe.org/) is an open source firmware, meant as a replacement for
|
||||||
|
the very basic [option ROM](https://en.wikipedia.org/wiki/Option_ROM#Network_boot_ROM)
|
||||||
|
in ethernet cards. But you can also use that default option ROM to chainload
|
||||||
|
iPXE without having to modify your device(s).
|
||||||
|
|
||||||
|
iPXE brings several features like loading boot images via HTTP, FTP, iSCSI, SMB,
|
||||||
|
etc. and it also supports WiFi.
|
||||||
|
|
||||||
|
|
||||||
|
First Steps
|
||||||
|
===========
|
||||||
|
|
||||||
|
Where do you get the binaries to boot from? The easiest way is to download
|
||||||
|
[ready-to-use binaries from their homepage](http://ipxe.org/download).
|
||||||
|
|
||||||
|
However, if you want to use e.g. a different keyboard because your devices
|
||||||
|
don't have a typical QWERTY one, you need to compile iPXE yourself. To do that,
|
||||||
|
[clone the source code](http://ipxe.org/download) to some directory and modify
|
||||||
|
the files `src/config/console.h` and `src/config/general.h`.
|
||||||
|
|
||||||
|
For inspiration, you can take a look at [my settings]({% post_url 2016-03-05-my-ipxe-settings %}).
|
||||||
|
|
||||||
|
I also had a problem with iPXE not being able to fetch the URL to the
|
||||||
|
`boot.ipxe` from dnsmasq. So I made the following `boot.ipxe` to be included in
|
||||||
|
the binary:
|
||||||
|
|
||||||
|
```
|
||||||
|
#!ipxe
|
||||||
|
dhcp
|
||||||
|
chain http://diskstation/ipxe/boot.ipxe
|
||||||
|
```
|
||||||
|
|
||||||
|
After you're done with the files, you have to *make* the required binaries:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
make bin/undionly.kpxe EMBED=boot.ipxe
|
||||||
|
make bin-x86_64-efi/ipxe.efi EMBED=boot.ipxe
|
||||||
|
make bin-i386-efi/ipxe.efi EMBED=boot.ipxe
|
||||||
|
```
|
||||||
|
|
||||||
|
And if everything goes well, you should find the files in those directories.
|
||||||
|
|
||||||
|
You have to rename them for further use:
|
||||||
|
|
||||||
|
`bin/undionly.kpxe` :arrow_right: `undionly.kpxe.0`
|
||||||
|
`bin-x86_64-efi/ipxe.efi` :arrow_right: `ipxe.efi.0`
|
||||||
|
`bin-i386-efi/ipxe.efi` :arrow_right: `ipxe32.efi.0`
|
||||||
|
|
||||||
|
|
||||||
|
Booting iPXE
|
||||||
|
============
|
||||||
|
|
||||||
|
So how do you get your computers to boot iPXE? You have to get your DHCP server
|
||||||
|
to announce it to them. You can either do this in the DHCP directly, or just a
|
||||||
|
DHCP proxy server, which adds the neccessary information. This can be done with
|
||||||
|
*dnsmasq*.
|
||||||
|
|
||||||
|
I'm using this configuration in a file `/etc/dnsmasq.d/pxeproxy.conf`:
|
||||||
|
|
||||||
|
```ini
|
||||||
|
dhcp-range=172.16.0.0,proxy
|
||||||
|
dhcp-match=set:ipxe,175 # iPXE sends a 175 option
|
||||||
|
dhcp-vendorclass=set:bios,PXEClient:Arch:00000
|
||||||
|
dhcp-vendorclass=set:efi32,PXEClient:Arch:00002
|
||||||
|
dhcp-vendorclass=set:efi32,PXEClient:Arch:00006
|
||||||
|
dhcp-vendorclass=set:efi64,PXEClient:Arch:00007
|
||||||
|
dhcp-vendorclass=set:efi64,PXEClient:Arch:00008
|
||||||
|
dhcp-vendorclass=set:efi64,PXEClient:Arch:00009
|
||||||
|
tag-if=set:loadbios,tag:!ipxe,tag:bios
|
||||||
|
tag-if=set:loadefi32,tag:!ipxe,tag:efi32
|
||||||
|
tag-if=set:loadefi64,tag:!ipxe,tag:efi64
|
||||||
|
pxe-service=tag:loadbios,x86PC,"iPXE Network boot (BIOS)",undionly.kpxe
|
||||||
|
pxe-service=tag:loadefi32,IA32_EFI,"iPXE Network boot (EFI32)",ipxe32.efi
|
||||||
|
pxe-service=tag:loadefi32,BC_EFI,"iPXE Network boot (EFI32)",ipxe32.efi
|
||||||
|
pxe-service=tag:loadefi64,X86-64_EFI,"iPXE Network boot (EFI)",ipxe.efi
|
||||||
|
pxe-service=tag:loadefi64,IA64_EFI,"iPXE Network boot (EFI)",ipxe.efi
|
||||||
|
dhcp-boot=tag:ipxe,http://diskstation:80/ipxe/boot.ipxe
|
||||||
|
enable-tftp
|
||||||
|
tftp-root=/var/ftpd
|
||||||
|
```
|
||||||
|
|
||||||
|
This acts as a proxy for the `172.16.0.0/16` network - the one I use. And for
|
||||||
|
each request, it detects whether there's the option 175 (=request comes from
|
||||||
|
iPXE) set or not and which type or architecture is requested (legacy, 32bit,
|
||||||
|
64bit). According to those flags, either the appropriate iPXE binary is returned
|
||||||
|
or - if the request is from iPXE - the URL to the boot script which is hosted
|
||||||
|
on my Synology DiskStation's web server.
|
||||||
|
|
||||||
|
The last two lines enable the built-in tftp server of dnsmasq and set the path
|
||||||
|
to it. That's where you have to put your `undionly.kpxe.0`, `ipxe32.efi.0` and
|
||||||
|
`ipxe.efi.0` from the previous step.
|
||||||
|
|
||||||
|
|
||||||
|
Before the first boot
|
||||||
|
=====================
|
||||||
|
|
||||||
|
Now that iPXE is launched, it tries to fetch the boot script we compiled in.
|
||||||
|
But this doesn't exist yet.
|
||||||
|
|
||||||
|
I used @robinsmidrod's extensive [full iPXE native menu](https://gist.github.com/robinsmidsrod/2234639)
|
||||||
|
as a basis, removed all things I didn't need and added the things I needed.
|
||||||
|
|
||||||
|
In the beginning, this looked like this:
|
||||||
|
|
||||||
|
![]({{ site.url }}/assets/ipxe02.jpg){: height="400px"}
|
||||||
|
|
||||||
|
|
||||||
|
Adding tools to boot
|
||||||
|
====================
|
||||||
|
|
||||||
|
Most tools you want to boot are probably Linux systems. To boot them, you need
|
||||||
|
a *kernel* and some (initial) filesystem. One way is to load an *initrd*
|
||||||
|
(initial ramdisk) which contains only the basic stuff and mounts the big
|
||||||
|
filesystem itself. Or you can mount the "big" filesystem directly and use that
|
||||||
|
from the beginning.
|
||||||
|
|
||||||
|
|
||||||
|
SystemRescueCD
|
||||||
|
--------------
|
||||||
|
|
||||||
|
To boot the [SysRescCD](https://www.system-rescue-cd.org/), you need the
|
||||||
|
following files from the ISO image:
|
||||||
|
|
||||||
|
* `sysrcd.dat` --- "big" filesystem
|
||||||
|
* `sysrcd.md5` --- checksum to validate the sysrcd.dat
|
||||||
|
* `isolinux/rescue32` --- kernel for 32bit systems
|
||||||
|
* `isolinux/rescue64` --- kernel for 64bit systems
|
||||||
|
* `isolinux/initram.igz` --- initial ramdisk
|
||||||
|
|
||||||
|
Copy those to a directory `sysresccd` on your web server (where the `boot.ipxe`
|
||||||
|
is). Look at the `menu.ipxe` from the example configuration mentioned above for
|
||||||
|
how to add new menu items.
|
||||||
|
|
||||||
|
A menu item for SysRescCD could look like this:
|
||||||
|
|
||||||
|
```
|
||||||
|
:srcd
|
||||||
|
echo Booting SystemRescueCD 32bit
|
||||||
|
set base-url http://diskstation:80/ipxe/sysresccd/
|
||||||
|
kernel ${base-url}isolinux/rescue32
|
||||||
|
initrd ${base-url}isolinux/initram.igz
|
||||||
|
imgargs rescue32 setkmap=de dodhcp netboot=${base-url}sysrcd.dat
|
||||||
|
boot || goto failed
|
||||||
|
goto start
|
||||||
|
```
|
||||||
|
|
||||||
|
As you can see, we instruct iPXE to boot the kernel `rescue32` with the initrd
|
||||||
|
`initram.igz` - both from the web server. And in the `imgargs` line, we tell
|
||||||
|
SysRescCD where to look for the `sysrcd.dat`.
|
||||||
|
|
||||||
|
![]({{ site.url }}/assets/ipxe03.jpg){: width="400px"}
|
||||||
|
|
||||||
|
|
||||||
|
Boot ALL the tools
|
||||||
|
==================
|
||||||
|
|
||||||
|
You can find my current config [here](https://github.com/mbirth/ipxe-config).
|
||||||
|
It boots the following tools via the network - no CD or flash drive needed:
|
||||||
|
|
||||||
|
* [System Rescue CD](https://www.system-rescue-cd.org/)
|
||||||
|
* [DFSee](http://www.dfsee.com/)
|
||||||
|
* [CloneZilla](http://clonezilla.org/)
|
||||||
|
* [GParted Live](http://gparted.org/livecd.php)
|
||||||
|
* [g4u - ghost for unix](http://www.feyrer.de/g4u/)
|
||||||
|
* [G4L - Ghost for Linux](https://sourceforge.net/projects/g4l/)
|
||||||
|
* [AVG Rescue CD](http://www.avg.com/ww-en/avg-rescue-cd)
|
||||||
|
* [BitDefender Rescue CD](http://www.bitdefender.com/support/how-to-create-a-bitdefender-rescue-cd-627.html)
|
||||||
|
* [F-Secure Rescue CD](https://www.f-secure.com/en/web/labs_global/rescue-cd)
|
||||||
|
* [HDT - Hardware Detection Tool](http://www.hdt-project.org/)
|
||||||
|
* [Memtest86 V6](http://www.memtest86.com/)
|
||||||
|
* [Memtest86+ V5](http://www.memtest.org/)
|
||||||
|
|
||||||
|
And this is what it looks like:
|
||||||
|
|
||||||
|
![]({{ site.url }}/assets/ipxe04.jpg){: width="400px"}
|
||||||
|
|
||||||
|
![]({{ site.url }}/assets/ipxe05.jpg){: width="400px"}
|
84
know-how/software/_posts/2016-03-05-my-ipxe-settings.md
Normal file
84
know-how/software/_posts/2016-03-05-my-ipxe-settings.md
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
---
|
||||||
|
title: My iPXE settings
|
||||||
|
layout: default
|
||||||
|
created: 2016-03-05 00:36:55 +0100
|
||||||
|
updated: 2016-03-05 00:36:55 +0100
|
||||||
|
toc: false
|
||||||
|
tags:
|
||||||
|
- know-how
|
||||||
|
- software
|
||||||
|
- ipxe
|
||||||
|
- network
|
||||||
|
- booting
|
||||||
|
---
|
||||||
|
I'll list my modifications (keep everything else as it is) here but keep in mind that you most probably want
|
||||||
|
different settings.
|
||||||
|
|
||||||
|
See also [this post about iPXE in general]({% post_url 2016-03-05-ipxe-network-boot %}).
|
||||||
|
|
||||||
|
src/config/console.h
|
||||||
|
--------------------
|
||||||
|
|
||||||
|
(commented in to enable:)
|
||||||
|
|
||||||
|
#define CONSOLE_FRAMEBUFFER /* Graphical framebuffer console */
|
||||||
|
|
||||||
|
(changed from `us` to `de`:)
|
||||||
|
|
||||||
|
#define KEYBOARD_MAP de
|
||||||
|
|
||||||
|
|
||||||
|
src/config/general.h
|
||||||
|
--------------------
|
||||||
|
|
||||||
|
(changed from `#undef` to `#define`:)
|
||||||
|
|
||||||
|
#define NET_PROTO_IPV6 /* IPv6 protocol */
|
||||||
|
|
||||||
|
(changed from `#undef` to `#define`:)
|
||||||
|
|
||||||
|
#define DOWNLOAD_PROTO_HTTPS /* Secure Hypertext Transfer Protocol */
|
||||||
|
#define DOWNLOAD_PROTO_FTP /* File Transfer Protocol */
|
||||||
|
|
||||||
|
(changed from `#undef` to `#define`:)
|
||||||
|
|
||||||
|
#define DOWNLOAD_PROTO_NFS /* Network File System Protocol */
|
||||||
|
|
||||||
|
(commented in to disable:)
|
||||||
|
|
||||||
|
#undef SANBOOT_PROTO_ISCSI /* iSCSI protocol */
|
||||||
|
#undef SANBOOT_PROTO_AOE /* AoE protocol */
|
||||||
|
#undef SANBOOT_PROTO_IB_SRP /* Infiniband SCSI RDMA protocol */
|
||||||
|
#undef SANBOOT_PROTO_FCP /* Fibre Channel protocol */
|
||||||
|
|
||||||
|
(changed from `#undef` to `#define`:)
|
||||||
|
|
||||||
|
#define SANBOOT_PROTO_HTTP /* HTTP SAN protocol */
|
||||||
|
|
||||||
|
(commented in to enable - *works only for undionly.kpxe*:)
|
||||||
|
|
||||||
|
#define IMAGE_ELF /* ELF image support */
|
||||||
|
|
||||||
|
(commented in to enable:)
|
||||||
|
|
||||||
|
#define IMAGE_SCRIPT /* iPXE script image support */
|
||||||
|
|
||||||
|
(commented in to enable - *works only for undionly.kpxe*:)
|
||||||
|
|
||||||
|
#define IMAGE_COMBOOT /* SYSLINUX COMBOOT image support */
|
||||||
|
|
||||||
|
(commented in to enable:)
|
||||||
|
|
||||||
|
#define NSLOOKUP_CMD /* DNS resolving command */
|
||||||
|
|
||||||
|
(commented in to enable:)
|
||||||
|
|
||||||
|
#define REBOOT_CMD /* Reboot command */
|
||||||
|
#define POWEROFF_CMD /* Power off command */
|
||||||
|
|
||||||
|
(commented in to enable:)
|
||||||
|
|
||||||
|
#define PING_CMD /* Ping command */
|
||||||
|
#define CONSOLE_CMD /* Console command */
|
||||||
|
#define IPSTAT_CMD /* IP statistics commands */
|
||||||
|
|
Loading…
Reference in New Issue
Block a user