Hi folks.
I started working on the clarification of the term “HTTP Booting” (1) some weeks ago. At the beginning I thoughts it’s quite easy:
There is TFTP and HTTP(S), there are two stages (stage1: firmware → GRUB2; stage2 :GRUB2 → kernel), and both do not rely on each other. That’s not always true.
Stage 1 can be configured via PXE loader, stage 2 can be configured via host parameter default_grub_install_entry.
I did some tests:
Ubuntu 24.04
| Stage 1 | Implicit | TFTP (IPv4) | TFTP (FQDN) | HTTP (IPv4) | HTTP (FQDN) | HTTPS (IPv4) | HTTPS (FQDN) |
|---|---|---|---|---|---|---|---|
| TFTP |  |
|
|
|
|
 |
|
| HTTP (IPv4) | |
|
|
|
|
|
|
| HTTP (FQDN) | |
|
|
|
|
|
|
| HTTPS (FQDN) | |
|
|
|
|
|
|
| TFTP (legacy)* | |
|
|
|
|
|
|
openSUSE TW
| Stage 1 | Implicit | TFTP (IPv4) | TFTP (FQDN) | HTTP (IPv4) | HTTP (FQDN) | HTTPS (IPv4) | HTTPS (FQDN) |
|---|---|---|---|---|---|---|---|
| TFTP | |
|
|
|
|
|
|
| HTTP (IPv4) | |
|
|
|
|
|
|
| HTTP (FQDN) | |
|
|
|
|
|
|
| HTTPS (FQDN) | |
|
|
|
|
|
|
| TFTP (legacy)* | |
|
|
|
|
|
|
Debian 13
| Stage 1 | Implicit | TFTP (IPv4) | TFTP (FQDN) | HTTP (IPv4) | HTTP (FQDN) | HTTPS (IPv4) | HTTPS (FQDN) |
|---|---|---|---|---|---|---|---|
| TFTP | |
|
|
|
|
|
|
| HTTP (IPv4) | |
|
|
|
|
|
|
| HTTP (FQDN) | |
|
|
|
|
|
|
| HTTPS (FQDN) | |
|
|
|
|
|
|
| TFTP (legacy)* | |
|
|
|
|
|
|
AlmaLinux 10
| Stage 1 | Implicit | TFTP (IPv4) | TFTP (FQDN) | HTTP (IPv4) | HTTP (FQDN) | HTTPS (IPv4) | HTTPS (FQDN) |
|---|---|---|---|---|---|---|---|
| TFTP | |
|
|
|
|
|
|
| HTTP (IPv4) | |
|
|
|
|
|
|
| HTTP (FQDN) | |
|
|
|
|
|
|
| HTTPS (FQDN) | |
|
|
|
|
|
|
| TFTP (legacy)* | |
|
|
|
|
|
|
Fedora 42
| Stage 1 | Implicit | TFTP (IPv4) | TFTP (FQDN) | HTTP (IPv4) | HTTP (FQDN) | HTTPS (IPv4) | HTTPS (FQDN) |
|---|---|---|---|---|---|---|---|
| TFTP | |
|
|
|
|
|
|
| HTTP (IPv4) | |
|
|
|
|
|
|
| HTTP (FQDN) | |
|
|
|
|
|
|
| HTTPS (FQDN) | |
|
|
|
|
|
|
| TFTP (legacy)* | |
|
|
|
|
|
|
*) AlmaLinux 9.6; grub2-mkimage -O i386-pc-pxe -o grubnetx64.0.img -p grub2 tftp net pxe normal linux http configfile echo
Stage 2 explanation:
linux /vmlinuz # Implicit
linux (tftp,10.0.2.2)/vmlinuz # TFTP (IPv4)
linux (tftp,testhost.atix)/vmlinuz # TFTP (FQDN)
linux (http,10.0.2.2:8000)/vmlinuz # HTTP (IPv4)
linux (http,testhost.atix:8000)/vmlinuz # HTTP (FQDN)
linux (https,10.0.2.2:8443)/vmlinuz # HTTPS (IPv4) **
linux (https,testhost.atix:8443)/vmlinuz # HTTPS (FQDN)
**) makes no sense by design
Evaluation
Stage 1 TFTP UEFI:
- TFTP works as desired
- HTTP works as desired
- no HTTPS at all
Stage 1 TFTP legacy BIOS:
- same as with UEFI
Stage 1 HTTP UEFI:
- HTTP works as desired
- TFTP works always when using IPv4
- HTTPS works sometimes, not for all
Stage 1 HTTPS UEFI:
- HTTPS works as desired
- HTTP works as desired
- TFTP works always when using IPv4
Three are no difference in stage 1 HTTP via FQDN or IPv4 per distribution GRUB2.
This is not complete; all supported operating systems and major versions would need to be checked!
Summary
It’s complicated. Distribution vendors patch their GRUBs differently which makes it hard for Foreman to provide a generic ways which work for all.
It looks like that TFTP and HTTP can be combined in any way in stage 1 and stage 2, with the exception that stage 2 TFTP only works for all distributions with IPv4.
How do we want to handle this in Foreman?
At the moment, Foreman provides the possibility for the user to use any desired combination, even combination that will not work for a specific operating system. I am fine with keeping this approach, but we need to provide more documentation (as started with 1) incl. to point out that not all combinations may work (we had this already in web UI, right?).
As alternative, we could only provide a subset of combinations which works for all or add sanity checks for different distributions.