Hello,
I'm planning to integrate Foreman into our infrastructure.
We're currently using ipxe and we built a simple menu where the user
selects an installation profile. The user can also choose some variants of
OpenBSD and Windows, by chainloading WDS.
I'd like to integrate the Foreman Discovery plugin progressively while
retaining ipxe as the main technology.
I see ipxe is supported but how do I select my ipxe recipe/image as the one
to be provided by the TFTP server? The only type of recipes in the PXELinux
menu under the OS/Templates section are the ones marked as PXE (not ipxe).
IF I understand correctly the original question, the author was trying to
use iPXE instead of regular (and now actually legacy) PXELinux on
smart-proxy side.
This is something that I'm looking for as well, but Foreman TFTP
smart-proxy seems to be missing native "ipxe" variant, that would allow for
creation of <tftp_path>/01-<MAC>.ipxe by calling something like this (based
on syntax for smart-proxy TFTP API described in [3]):
Something that I'm sure more people interested in these days as with iPXE
as main bootloader (as opposed to chain-booting iPXE from PXELinux 01-<MAC>
described in [1]).
There multiple reasons for that:
support of more protocols to download config file - HTTP/HTTPS, etc.
ability to create backward-compatible implementations - iPXE can chain
PXELinux if its own rather extensive script-enabled config file is not
found.
support for both UEFI and BIOS (both of which obviously understand iPXE
script/config file making this rather attractive alternative to having to
recognize the boot method of the system and create an appropriate config
files as described in [2]
Is there a reason why Foreman/Smart-proxy only uses iPXE by chaining
through PXElinux and not natively? Is it hard to add at least on
smart-proxy side?
> Is there a reason why Foreman/Smart-proxy only uses iPXE by chaining
> through PXElinux and not natively? Is it hard to add at least on
> smart-proxy side?
>
>
The actual change is very simple:
class Ipxe < Server
def pxeconfig_dir
“#{path}/pxelinux.cfg”
end
def pxe_default
“#{pxeconfig_dir}/default.ipxe”
end
def pxeconfig_file mac
“#{pxeconfig_dir}/01-”+mac.gsub(/:/,“-”).downcase+“.ipxe”
end
end
However, I immediately ran into issue with the size of ipxe config file -
it could be much larger that syslinux config file and if ipxe config file
is large, TFTP API only writes 464 bytes for me:
-rw-r–r–. 1 foreman-proxy foreman-proxy 464 Aug 2 17:28
01-00-11-22-33-44-55.ipxe
-rw-r–r–. 1 foreman-proxy foreman-proxy 2976 Aug 2 17:28 default.ipxe
This problem exist even w/o above changes and is not ipxe-related. For
example, here’s an attempt to create “syslinux” variant from a larger file
and resulting file is still 464 bytes in length:
> This is something that I'm looking for as well, but Foreman TFTP
> smart-proxy seems to be missing native "ipxe" variant, that would allow for
> creation of <tftp_path>/01-<MAC>.ipxe by calling something like this (based
> on syntax for smart-proxy TFTP API described in [3]):
I don't understand how would you download the script from proxy, using
HTTP? There is no preconfigured httpd service by default.
> - support of more protocols to download config file - HTTP/HTTPS, etc.
But no TFTP, right? I am not following why someone would do this.
> - support for both UEFI and BIOS (both of which obviously understand iPXE
> script/config file making this rather attractive alternative to having to
> recognize the boot method of the system and create an appropriate config
> files as described in [2]
iPXE UEFI is in quite early stage of development, you need to get a
recent build (2015). But sure, it's a great option for the future.
> Is there a reason why Foreman/Smart-proxy only uses iPXE by chaining
> through PXElinux and not natively? Is it hard to add at least on
> smart-proxy side?
No specific reason, the feature hasn't been delivered yet simply.
> However, I immediately ran into issue with the size of ipxe config file -
> it could be much larger that syslinux config file and if ipxe config file
> is large, TFTP API only writes 464 bytes for me:
>
> # curl -k --cacert /var/lib/puppet/ssl/certs/ca.pem --cert
> /var/lib/puppet/ssl/certs/hostname -f.pem --key
> /var/lib/puppet/ssl/private_keys/hostname -f.pem -H
> "Accept:application/json" -X POST
> https://<proxy>:8443/tftp/ipxe/00:11:22:33:44:55 -d "pxeconfig=cat > default.ipxe"
I believe your patch is correct, what's I believe is wrong is the way
you load data via shell. Doesn't the first newline break it? Try to use
stdin to provide the content.
> I don't understand how would you download the script from proxy, using
> HTTP? There is no preconfigured httpd service by default.
>
> > - support of more protocols to download config file - HTTP/HTTPS, etc.
>
> But no TFTP, right? I am not following why someone would do this.
>
No, TFTP is still there. So really not any different from PXELinux, just
has more features for those who needs them. I'd just prefer to chain-load
PXELinux from iPXE rather than the other way around as it is done in
Foreman now. Enabling "ipxe" variant in TFTP proxy would be the first step
anyway, IMHO.
iPXE UEFI is in quite early stage of development, you need to get a
> recent build (2015). But sure, it's a great option for the future.
>
Hmm, I can't say that I fully agree with this statement - yes, you do need
the recent version, but I wouldn't say that it is at early stages. Works
for me pretty steadily so far.