Skip to main content

Kickstart with UEFI and PXE (and BIOS too)

I'm still learning some of the nuances of how UEFI has changed the game a bit... but, this should get you going in the right direction.

Summary:

It appears that if you boot using BIOS and /pxelinux.0 - it expects a pxelinux.cfg/default (or a file based on IP or MAC)
and boot using /BOOTX64.efi - it expects /efidefault
Also - the syntax appears to vary between default (BIOS) and efidefault (UEFI).  At this point I am unsure if the differences I noticed are necessary though. 

Details:

So - I'm not going to delve in to a lot of details about the BIOS/PXE kickstart, nor how to install packages.  I also won't cover much about creating an actual kickstart file.  There are plenty of other sites that do a much better job explaining it than I ever could.  Also - my configuration supports the rest of my home network (not just my lab), so you may find some configuration settings are not absolutely necessary for this task - but should not hurt.

# Install the necessary packages
yum - y install syslinux-tftpboot tftp tftp-server dhcp
# Backup your existing Firewall Configuration
cp /etc/sysconfig/iptables /etc/sysconfig/iptables-`date +%F`

# LAZY WAY TO UPDATE FIREWALL
for SHIZZLE in 53 67 68 69 80 443 4011;
do 
  iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport $SHIZZLE -j ACCEPT
  iptables -I INPUT -p udp -m state --state NEW -m udp --dport $SHIZZLE -j ACCEPT
done
service iptables save

# Create your dhcpd.conf file
cat /etc/dhcp/dhcpd.conf
allow booting;
allow bootp;
authoritative;
ddns-update-style interim;
server-identifier 192.168.0.11;
server-name apoc;
#
option space PXE;
option PXE.mtftp-ip    code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16;
option PXE.mtftp-sport code 3 = unsigned integer 16;
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;
option arch code 93 = unsigned integer 16; # RFC4578

subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.20 192.168.0.30;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.0.255;
  option domain-name "matrix.private";
  option domain-search "matrix.private";
  one-lease-per-client on;
  default-lease-time 21600;
  max-lease-time 21600;
  option routers 192.168.0.1;
  option domain-name-servers 192.168.0.11, 192.168.0.10, 8.8.8.8;
  option netbios-name-servers 192.168.0.10;
  option netbios-node-type 2;
  option ntp-servers 192.168.0.10, 192.168.0.11;

  class "pxeclients" {
    match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
    next-server 192.168.0.11; # APOC TFTP server
    if option arch = 00:06 {
      filename "/bootia32.efi";
    } else if option arch = 00:07 {
      # UEFI SYSTEMS
      filename "/BOOTX64.efi";
    } else {
      # EVERYBODY ELSE (BIOS)
      filename "/pxelinux.0";
    }
  }
}
#########################

# HOST DEFINITIONS 
#########################
# Test Hardware
host xxxxa {
  hardware ethernet bc:5f:f4:68:fc:fa;
  fixed-address 192.168.0.140;
}
host xxxxb {
  hardware ethernet 7c:05:07:0e:63:a4;
  fixed-address 192.168.0.141;
}
host xxxxc {
  hardware ethernet e8:40:f2:3c:4e:aa;
  fixed-address 192.168.0.142; }


service dhcpd start; chkconfig dhcpd on
mkdir /var/lib/tftpboot/pxelinux.cfg/
cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
mount -o loop,ro /var/www/html/isos/rhel-server-6.5-x86_64-dvd.iso /var/www/html/RHEL-6.5-x86_64
mount -o loop /var/www/html/RHEL-6.5-x86_64/images/efiboot.img /mnt
cp /mnt/EFI/BOOT/BOOTX64.efi /mnt/EFI/BOOT/splash.xpm.gz /var/lib/tftpboot/

# cat << EOF > var/lib/tftpboot/efidefault
default=0
timeout=4
menu title PXE Boot Menu
display /msgs/boot.menu
splashimage=(nd)/splash.xpm.gz
#hiddenmenu

# Boot from Hard Disk
label 0
  localboot 1
######################################################
# MANUAL INSTALL

######################################################
title RHEL
        root (nd)
        kernel /RHEL-6.5-x86_64/vmlinuz
        initrd /RHEL-6.5-x86_64/initrd.img

######################################################
# KICKSTART

######################################################
title RHEL6B
        root (nd)
        kernel /RHEL-6.5-x86_64/vmlinuz ks=http://192.168.0.11/RHEL6B.ks ksdevice=bootif eth0_ethtool="autoneg off speed 1000 duplex full"
        initrd /RHEL-6.5-x86_64/initrd.img
        IPAPPEND 2

title RHEL7A
        root (nd)
        kernel /RHEL-6.5-x86_64/vmlinuz inst.ks=http://192.168.0.11/RHEL7A.ks inst.gpt ip=dhcp
        initrd /RHEL-6.5-x86_64/initrd.img
EOF

restorecon -RFvv /var/lib/tftpboot/

Troubleshooting the process
This is likely the most important part, and a step that I did not do until I was quite frustrated...

tcpdump -i eth0 port 69
[root@apoc RHEL-6.5-x86_64]# tcpdump -i eth0 port 69
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:59:57.836295 IP rhel6b.matrix.private.ansyslmd > apoc.matrix.private.tftp:  42 RRQ "/BOOTX64.efi" octet tsize 0 blksize 1468
19:59:57.931658 IP rhel6b.matrix.private.vfo > apoc.matrix.private.tftp:  34 RRQ "/BOOTX64.efi" octet blksize 1468
19:59:58.172605 IP rhel6b.matrix.private.startron > apoc.matrix.private.tftp:  66 RRQ "/7010367C-0011-11E2-8BFC-505054503030" octet tsize 0 blksize 512
19:59:58.177083 IP rhel6b.matrix.private.nim > apoc.matrix.private.tftp:  50 RRQ "/01-7C-05-07-0E-63-A4" octet tsize 0 blksize 512
19:59:58.181174 IP rhel6b.matrix.private.nimreg > apoc.matrix.private.tftp:  38 RRQ "/C0A8008D" octet tsize 0 blksize 512
19:59:58.185388 IP rhel6b.matrix.private.polestar > apoc.matrix.private.tftp:  37 RRQ "/C0A8008" octet tsize 0 blksize 512
19:59:58.189346 IP rhel6b.matrix.private.kiosk > apoc.matrix.private.tftp:  36 RRQ "/C0A800" octet tsize 0 blksize 512
19:59:58.193500 IP rhel6b.matrix.private.veracity > apoc.matrix.private.tftp:  35 RRQ "/C0A80" octet tsize 0 blksize 512
19:59:58.197424 IP rhel6b.matrix.private.kyoceranetdev > apoc.matrix.private.tftp:  34 RRQ "/C0A8" octet tsize 0 blksize 512
19:59:58.201419 IP rhel6b.matrix.private.jstel > apoc.matrix.private.tftp:  33 RRQ "/C0A" octet tsize 0 blksize 512
19:59:58.205191 IP rhel6b.matrix.private.syscomlan > apoc.matrix.private.tftp:  32 RRQ "/C0" octet tsize 0 blksize 512
19:59:58.208895 IP rhel6b.matrix.private.fpo-fns > apoc.matrix.private.tftp:  31 RRQ "/C" octet tsize 0 blksize 512
19:59:58.212589 IP rhel6b.matrix.private.instl_boots > apoc.matrix.private.tftp:  40 RRQ "/efidefault" octet tsize 0 blksize 512
19:59:58.216948 IP rhel6b.matrix.private.instl_bootc > apoc.matrix.private.tftp:  41 RRQ "//efidefault" octet tsize 0 blksize 512
19:59:58.220855 IP rhel6b.matrix.private.cognex-insight > apoc.matrix.private.tftp:  33 RRQ "//efidefault" octet blksize 512
19:59:58.226611 IP rhel6b.matrix.private.gmrupdateserv > apoc.matrix.private.tftp:  33 RRQ "//efidefault" octet blksize 512
19:59:58.535418 IP rhel6b.matrix.private.bsquare-voip > apoc.matrix.private.tftp:  44 RRQ "//splash.xpm.gz" octet tsize 0 blksize 512
19:59:58.540175 IP rhel6b.matrix.private.cardax > apoc.matrix.private.tftp:  36 RRQ "//splash.xpm.gz" octet blksize 512
20:00:02.505905 IP rhel6b.matrix.private.bridgecontrol > apoc.matrix.private.tftp:  54 RRQ "//RHEL-6.5-x86_64/vmlinuz" octet tsize 0 blksize 512
20:00:02.511793 IP rhel6b.matrix.private.warmspotMgmt > apoc.matrix.private.tftp:  46 RRQ "//RHEL-6.5-x86_64/vmlinuz" octet blksize 512
20:00:07.194531 IP rhel6b.matrix.private.rdrmshc > apoc.matrix.private.tftp:  46 RRQ "//RHEL-6.5-x86_64/vmlinuz" octet blksize 512



# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── BOOTX64.efi
├── CentOS-6.4-x86_64
│   ├── initrd.img
│   ├── TRANS.TBL
│   └── vmlinuz
├── efidefault
├── msgs
│   ├── boot.menu
│   ├── RHELH01
│   ├── RHELH02
│   └── RHELKVM01
├── pxelinux.0
├── pxelinux.cfg
│   ├── create_default_files.sh
│   ├── default
│   └── MACs
├── RHEL-6.4-x86_64
│   ├── initrd.img
│   ├── TRANS.TBL
│   └── vmlinuz
├── RHEL-6.5-x86_64
│   ├── initrd.img
│   ├── TRANS.TBL
│   └── vmlinuz
├── RHEL-7.0-x86_64
│   ├── initrd.img
│   ├── TRANS.TBL
│   ├── upgrade.img
│   └── vmlinuz
└── splash.xpm.gz

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:bootpc
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:bootps
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:tftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:tftp
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:pxe
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:altserviceboot
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
[root@apoc /]#

Comments

  1. On my system, setting tftpd -vv parameter, I was able to see in the logs if the file was found or not.

    ReplyDelete
  2. Kickstart With Uefi And Pxe (And Bios Too) >>>>> Download Now

    >>>>> Download Full

    Kickstart With Uefi And Pxe (And Bios Too) >>>>> Download LINK

    >>>>> Download Now

    Kickstart With Uefi And Pxe (And Bios Too) >>>>> Download Full

    >>>>> Download LINK r5

    ReplyDelete

Post a Comment

Popular posts from this blog

P2V using dd for KVM-QEMU guest

Preface: I have certainly not exhaustively tested this process.  I had a specific need and found a specific solution that worked. Situation:  I was issued a shiny new laptop running Red Hat Enterprise Linux 7 (with Corp VPN, certs, Authentication configuration, etc...)  The image was great, but I needed more flexibility on my bare metal.  So, my goal was to P2V the corporate image so I could just run it as a VM. * Remove corporate drive and install new SSD * install corp drive in external USB-3 case * Install RHEL 7 on new SSD * dd old drive to a disk-image file in a temp location which will be an image which is the same size as your actual drive (unless you have enough space in your destination to contain a temp and converted image) * convert the raw disk-image to a qcow file while pushing it to the final location - this step should reduce the disk size - however, I believe it will only reduce/collapse zero-byte blocks (not just free space - i.e. if you delete a file, it may

RHN Satellite Server (spacewalk) repomd.xml not found

"repomd.xml not found" If you add a channel, or if your RHN cache gets corrupted, and one of your guests complains that it cannot find repomd.xml for jb-ews-2-x86_64-server-5-rpm (for example) - you need to rebuild your repodata cache. Normally this is an automated job - which is exemplified by the fact that you have obviously built out your entire Satellite environment and never had to do any of the steps you are about to do. So - some prep work: Open 3 terminals to your Satellite Server and run: # Term 1 cd /var/cache/rhn watch "ls -l | wc -l" # Term 2 pwd cd /var/log/rhn tail -f rhn_taskomatic_daemon.log # Term 3 satellite-sync --channel=jb-ews-2-x86_64-server-5-rpm Once the satellite-sync has completed, you >should< see the count increment by one.  If you are unlucky (like me) you will not. You then need to login to the Satellite WebUI as the satellite admin user. Click on the Admin tab (at the top) Task Schedules (on the left) fin

Extending SNMP to run arbitrary shell script

Why are we here... This is not likely something I would have pursued under normal circumstances.  I happen to be working for a customer/client who is not afforded a lot of flexibility to accomplish their goals.  In this case, the rigor is justified.  They have to sometimes be fairly creative with how they solve problems. In this case they would like to utilize an existing snmp implementation to execute a command (or shell script) on a remote system.  They came to me with the idea of using Net-SNMP extend. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sect-System_Monitoring_Tools-Net-SNMP-Extending.html NOTE:  This is NOT a good implementation strategy in the "real world"  it will simply allow you to test the functionality.  There are a TON of security implications which would need to be taken in to consideration. Implementation Steps: [root@rh7tst01 ~]# yum -y install net-snmp net-snmp-utils [root@rh7tst01 ~]# cd /