Bootdisk 17.0 with EFI support


Foreman Bootdisk plugin version 17.0 is available for testing in nightly and 2.1 repositories. It requires Foreman 2.1rc3 or newer which is coming out shortly. The major change is EFI support for two bootdisk types:

  • Full host bootdisk
  • Generic subnet bootdisk

Full host image should work out of box and it’s the recommended bootdisk to use. It now has an EFI partition with Grub2 and configuration file that loads kernel and initramdisk from the disk itself, therefore no network is needed. This is similar to BIOS where SYSLINUX bootloader is used instead. Operating system must have PXEGrub2 template associated which is then used to generate the configuration file with two small changes (kernel/initramdisk locations are different, the device is found using search grub statement).

Generic subnet image was a challenge, we worked hard with Red Hat bootloader team to iron out several issues we ran into. It is important to note that to use this new feature, you will likely need a fresh build of grub2 as several patches were sent upstream to fix these problems. I do expect that future versions of RHEL and CentOS will have these fixed, but to be on the safe side I recommend using grub2 from Fedora Rawhide until then. Grab grub2-efi file and extract grubx64.efi and put that to the expected location at /var/lib/tftproot/grub2 or configure a directory in Bootdisk Settings.

There are many prerequisites which must be matched for generic subnet image, they are all listed onscreen once an EFI host is booted up. Apologies for caps, I just felt I need to scream those because any of these missing and bootdisk will fail to boot:

  • HOST PARAM default_grub_install_entry set to efi_http
  • HTTP UEFI BOOT ONLY (Legacy/PXE not supported)
  • IPv4 ONLY (IPv6 not tested, change the template)
  • HTTP ONLY (change the template for HTTPS)
  • ISC DHCP (other servers not tested)
  • GRUB FROM RHEL 8.3+/7.9+ (when generating the image)
  • EFI HTTP or HTTPS grub entry must be selected in menu
  • DNS must resolve proxy hostname via DNS proxy if set

Let me explain every one of the prerequisites.

A smart proxy with httpboot feature must be associated with the provisioning Subnet. On top of that, HTTP endpoint must be enabled, which is usually port 8000 or 8448 depending on the deployment scenario. Also TFTP module must be enabled even if TFTP service is not used as both httpboot and tftp features share the same directory. Remember to click on Refresh features once proxy is set up so Foreman can detect the feature and also exposed port numbers. An example installer command for the proxy is:

foreman-installer \
 --scenario katello \
 --foreman-proxy-http true \
 --foreman-proxy-httpboot true \
 --foreman-proxy-tftp true

Only IPv4 and HTTP scenarios have been tested. We have experienced problems with dnsmasq DHCP implementation (grub2 not picking up responses correctly), ISC DHCP is recommended. Also, DNS must be set correctly and Foreman hostname and Foreman proxy hostname must resolve.

Due to bug in grub2 which was not yet fixed, path in the final configuration file must be absolute. For this reason, Foreman 2.1 ships with PXEGrub2 template which also has efi_http id and ends with “HTTPBoot”. This must be selected for the bootdisk, otherwise the first entry would fail to load. This can be done via a host/hostgroup parameter named default_grub_install_entry.

The bootdisk plugin 17.0 will only work with Foreman 2.1 or higher due to new macro introduced named httpboot_http_path.

Please share your feedback here, this was highly requested feature and it was quite challenging due to changes we had to do on the grub side. Special thanks to Francisco Martinez Canillas of Red Hat bootloader team.