Skip to main content

Kickstart with UEFI and PXE (and BIOS too)

I'm still learning some of the nuances of how UEFI has changed the game a bit... but, this should get you going in the right direction.

Summary:

It appears that if you boot using BIOS and /pxelinux.0 - it expects a pxelinux.cfg/default (or a file based on IP or MAC)
and boot using /BOOTX64.efi - it expects /efidefault
Also - the syntax appears to vary between default (BIOS) and efidefault (UEFI).  At this point I am unsure if the differences I noticed are necessary though. 

Details:

So - I'm not going to delve in to a lot of details about the BIOS/PXE kickstart, nor how to install packages.  I also won't cover much about creating an actual kickstart file.  There are plenty of other sites that do a much better job explaining it than I ever could.  Also - my configuration supports the rest of my home network (not just my lab), so you may find some configuration settings are not absolutely necessary for this task - but should not hurt.

# Install the necessary packages
yum - y install syslinux-tftpboot tftp tftp-server dhcp
# Backup your existing Firewall Configuration
cp /etc/sysconfig/iptables /etc/sysconfig/iptables-`date +%F`

# LAZY WAY TO UPDATE FIREWALL
for SHIZZLE in 53 67 68 69 80 443 4011;
do 
  iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport $SHIZZLE -j ACCEPT
  iptables -I INPUT -p udp -m state --state NEW -m udp --dport $SHIZZLE -j ACCEPT
done
service iptables save

# Create your dhcpd.conf file
cat /etc/dhcp/dhcpd.conf
allow booting;
allow bootp;
authoritative;
ddns-update-style interim;
server-identifier 192.168.0.11;
server-name apoc;
#
option space PXE;
option PXE.mtftp-ip    code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16;
option PXE.mtftp-sport code 3 = unsigned integer 16;
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;
option arch code 93 = unsigned integer 16; # RFC4578

subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.20 192.168.0.30;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.0.255;
  option domain-name "matrix.private";
  option domain-search "matrix.private";
  one-lease-per-client on;
  default-lease-time 21600;
  max-lease-time 21600;
  option routers 192.168.0.1;
  option domain-name-servers 192.168.0.11, 192.168.0.10, 8.8.8.8;
  option netbios-name-servers 192.168.0.10;
  option netbios-node-type 2;
  option ntp-servers 192.168.0.10, 192.168.0.11;

  class "pxeclients" {
    match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
    next-server 192.168.0.11; # APOC TFTP server
    if option arch = 00:06 {
      filename "/bootia32.efi";
    } else if option arch = 00:07 {
      # UEFI SYSTEMS
      filename "/BOOTX64.efi";
    } else {
      # EVERYBODY ELSE (BIOS)
      filename "/pxelinux.0";
    }
  }
}
#########################
# HOST DEFINITIONS 
#########################
# Test Hardware
host xxxxa {
  hardware ethernet bc:5f:f4:68:fc:fa;
  fixed-address 192.168.0.140;
}
host xxxxb {
  hardware ethernet 7c:05:07:0e:63:a4;
  fixed-address 192.168.0.141;
}
host xxxxc {
  hardware ethernet e8:40:f2:3c:4e:aa;
  fixed-address 192.168.0.142; }

 service dhcpd start; chkconfig dhcpd on
mkdir /var/lib/tftpboot/pxelinux.cfg/
cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
mount -o loop,ro /var/www/html/isos/rhel-server-6.5-x86_64-dvd.iso /var/www/html/RHEL-6.5-x86_64
mount -o loop /var/www/html/RHEL-6.5-x86_64/images/efiboot.img /mnt
cp /mnt/EFI/BOOT/BOOTX64.efi /mnt/EFI/BOOT/splash.xpm.gz /var/lib/tftpboot/

# cat << EOF > var/lib/tftpboot/efidefault
default=0
timeout=4
menu title PXE Boot Menu
display /msgs/boot.menu
splashimage=(nd)/splash.xpm.gz
#hiddenmenu

# Boot from Hard Disk
label 0
  localboot 1
######################################################
# MANUAL INSTALL
######################################################
title RHEL
        root (nd)
        kernel /RHEL-6.5-x86_64/vmlinuz
        initrd /RHEL-6.5-x86_64/initrd.img
######################################################
# KICKSTART
######################################################
title RHEL6B
        root (nd)
        kernel /RHEL-6.5-x86_64/vmlinuz ks=http://192.168.0.11/RHEL6B.ks ksdevice=bootif eth0_ethtool="autoneg off speed 1000 duplex full"
        initrd /RHEL-6.5-x86_64/initrd.img
        IPAPPEND 2

title RHEL7A
        root (nd)
        kernel /RHEL-6.5-x86_64/vmlinuz inst.ks=http://192.168.0.11/RHEL7A.ks inst.gpt ip=dhcp
        initrd /RHEL-6.5-x86_64/initrd.img
EOF
restorecon -RFvv /var/lib/tftpboot/

 Troubleshooting the process
This is likely the most important part, and a step that I did not do until I was quite frustrated...

tcpdump -i eth0 port 69
[root@apoc RHEL-6.5-x86_64]# tcpdump -i eth0 port 69
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:59:57.836295 IP rhel6b.matrix.private.ansyslmd > apoc.matrix.private.tftp:  42 RRQ "/BOOTX64.efi" octet tsize 0 blksize 1468
19:59:57.931658 IP rhel6b.matrix.private.vfo > apoc.matrix.private.tftp:  34 RRQ "/BOOTX64.efi" octet blksize 1468
19:59:58.172605 IP rhel6b.matrix.private.startron > apoc.matrix.private.tftp:  66 RRQ "/7010367C-0011-11E2-8BFC-505054503030" octet tsize 0 blksize 512
19:59:58.177083 IP rhel6b.matrix.private.nim > apoc.matrix.private.tftp:  50 RRQ "/01-7C-05-07-0E-63-A4" octet tsize 0 blksize 512
19:59:58.181174 IP rhel6b.matrix.private.nimreg > apoc.matrix.private.tftp:  38 RRQ "/C0A8008D" octet tsize 0 blksize 512
19:59:58.185388 IP rhel6b.matrix.private.polestar > apoc.matrix.private.tftp:  37 RRQ "/C0A8008" octet tsize 0 blksize 512
19:59:58.189346 IP rhel6b.matrix.private.kiosk > apoc.matrix.private.tftp:  36 RRQ "/C0A800" octet tsize 0 blksize 512
19:59:58.193500 IP rhel6b.matrix.private.veracity > apoc.matrix.private.tftp:  35 RRQ "/C0A80" octet tsize 0 blksize 512
19:59:58.197424 IP rhel6b.matrix.private.kyoceranetdev > apoc.matrix.private.tftp:  34 RRQ "/C0A8" octet tsize 0 blksize 512
19:59:58.201419 IP rhel6b.matrix.private.jstel > apoc.matrix.private.tftp:  33 RRQ "/C0A" octet tsize 0 blksize 512
19:59:58.205191 IP rhel6b.matrix.private.syscomlan > apoc.matrix.private.tftp:  32 RRQ "/C0" octet tsize 0 blksize 512
19:59:58.208895 IP rhel6b.matrix.private.fpo-fns > apoc.matrix.private.tftp:  31 RRQ "/C" octet tsize 0 blksize 512
19:59:58.212589 IP rhel6b.matrix.private.instl_boots > apoc.matrix.private.tftp:  40 RRQ "/efidefault" octet tsize 0 blksize 512
19:59:58.216948 IP rhel6b.matrix.private.instl_bootc > apoc.matrix.private.tftp:  41 RRQ "//efidefault" octet tsize 0 blksize 512
19:59:58.220855 IP rhel6b.matrix.private.cognex-insight > apoc.matrix.private.tftp:  33 RRQ "//efidefault" octet blksize 512
19:59:58.226611 IP rhel6b.matrix.private.gmrupdateserv > apoc.matrix.private.tftp:  33 RRQ "//efidefault" octet blksize 512
19:59:58.535418 IP rhel6b.matrix.private.bsquare-voip > apoc.matrix.private.tftp:  44 RRQ "//splash.xpm.gz" octet tsize 0 blksize 512
19:59:58.540175 IP rhel6b.matrix.private.cardax > apoc.matrix.private.tftp:  36 RRQ "//splash.xpm.gz" octet blksize 512
20:00:02.505905 IP rhel6b.matrix.private.bridgecontrol > apoc.matrix.private.tftp:  54 RRQ "//RHEL-6.5-x86_64/vmlinuz" octet tsize 0 blksize 512
20:00:02.511793 IP rhel6b.matrix.private.warmspotMgmt > apoc.matrix.private.tftp:  46 RRQ "//RHEL-6.5-x86_64/vmlinuz" octet blksize 512
20:00:07.194531 IP rhel6b.matrix.private.rdrmshc > apoc.matrix.private.tftp:  46 RRQ "//RHEL-6.5-x86_64/vmlinuz" octet blksize 512


# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── BOOTX64.efi
├── CentOS-6.4-x86_64
│   ├── initrd.img
│   ├── TRANS.TBL
│   └── vmlinuz
├── efidefault
├── msgs
│   ├── boot.menu
│   ├── RHELH01
│   ├── RHELH02
│   └── RHELKVM01
├── pxelinux.0
├── pxelinux.cfg
│   ├── create_default_files.sh
│   ├── default
│   └── MACs
├── RHEL-6.4-x86_64
│   ├── initrd.img
│   ├── TRANS.TBL
│   └── vmlinuz
├── RHEL-6.5-x86_64
│   ├── initrd.img
│   ├── TRANS.TBL
│   └── vmlinuz
├── RHEL-7.0-x86_64
│   ├── initrd.img
│   ├── TRANS.TBL
│   ├── upgrade.img
│   └── vmlinuz
└── splash.xpm.gz

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:bootpc
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:bootps
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:tftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:tftp
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:pxe
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:altserviceboot
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
[root@apoc /]#

Comments

  1. UgoNovember 5, 2015 at 7:36 PM

    On my system, setting tftpd -vv parameter, I was able to see in the logs if the file was found or not.

    ReplyDelete
  2. AnonymousApril 20, 2022 at 6:35 AM

    Kickstart With Uefi And Pxe (And Bios Too) >>>>> Download Now

    >>>>> Download Full

    Kickstart With Uefi And Pxe (And Bios Too) >>>>> Download LINK

    >>>>> Download Now

    Kickstart With Uefi And Pxe (And Bios Too) >>>>> Download Full

    >>>>> Download LINK r5

    ReplyDelete

Post a Comment

Popular posts from this blog

RHN Satellite Server (spacewalk) repomd.xml not found

"repomd.xml not found" If you add a channel, or if your RHN cache gets corrupted, and one of your guests complains that it cannot find repomd.xml for jb-ews-2-x86_64-server-5-rpm (for example) - you need to rebuild your repodata cache. Normally this is an automated job - which is exemplified by the fact that you have obviously built out your entire Satellite environment and never had to do any of the steps you are about to do. So - some prep work: Open 3 terminals to your Satellite Server and run: # Term 1 cd /var/cache/rhn watch "ls -l | wc -l" # Term 2 pwd cd /var/log/rhn tail -f rhn_taskomatic_daemon.log # Term 3 satellite-sync --channel=jb-ews-2-x86_64-server-5-rpm Once the satellite-sync has completed, you >should< see the count increment by one.  If you are unlucky (like me) you will not. You then need to login to the Satellite WebUI as the satellite admin user. Click on the Admin tab (at the top) Task Schedules (on the left) fin
Post a Comment
Read more

Install RHEL 7 on old HP DL380 g5

Someone at work had been running RHEL on an HP DL380 G5 and blew it up.  After several attempts at doing an installation that made me conclude the hardware was actually bad... I kept digging for the answer. Attempt install and Anaconda could not find any disks - try a Drivers Disk (dd.img) both cciss and hpsa.   -- once we did that, when the system would reboot it would say it could not find a disk. hmmm. Boot from your installation media and interrupt the startup at grub. Add hpsa.hpsa_allow_any=1 hpsa.hpsa_simple_mode=1 to the line starting with linuxefi press CTRL-X to boot. Once the system restarts after the install, you need to once again interrupt the startup and add the line from above. After the system starts, edit /etc/default/grub and add those 2 parameters to the end of the line starting with GRUB_CMDLINE_LINUX (which likely has quiet at the end of the line currently). then run # cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg.orig # grub2-mkconfig -o /boot/grub2
Post a Comment
Read more

MOTD with colors! (also applies to shell profiles)

I'm not sure why I had never looked into this before, but this evening I became obsessed with discovering how to present different colored text in the /etc/motd. A person had suggested creating a shell script (rather than using special editing modes in vi, or something) and I agree that is the simplest way of getting this accomplished quickly. This most noteworthy portion of this script is the following: RESET="\033[0m" that puts the users shell back to the original color. I typically like a green text on black background. Also - a great reference for the different colors and font-type (underscore, etc...) https://wiki.archlinux.org/index.php/Color_Bash_Prompt I found this example on the web and I wish I could recall where so that I could provide credit to that person. #!/bin/bash #define the filename to use as output motd="/etc/motd" # Collect useful information about your system # $USER is automatically defined HOSTNAME=`uname -n` KERNEL=`un
1 comment
Read more