I'm still learning some of the nuances of how UEFI has changed the game a bit... but, this should get you going in the right direction.
Summary:
It appears that if you boot using BIOS and /pxelinux.0 - it expects a pxelinux.cfg/default (or a file based on IP or MAC)
and boot using /BOOTX64.efi - it expects /efidefault
Also - the syntax appears to vary between default (BIOS) and efidefault (UEFI). At this point I am unsure if the differences I noticed are necessary though.
Details:
So - I'm not going to delve in to a lot of details about the BIOS/PXE kickstart, nor how to install packages. I also won't cover much about creating an actual kickstart file. There are plenty of other sites that do a much better job explaining it than I ever could. Also - my configuration supports the rest of my home network (not just my lab), so you may find some configuration settings are not absolutely necessary for this task - but should not hurt.
# Install the necessary packages
yum - y install syslinux-tftpboot tftp tftp-server dhcp
# Backup your existing Firewall Configuration
cp /etc/sysconfig/iptables /etc/sysconfig/iptables-`date +%F`
# LAZY WAY TO UPDATE FIREWALL
for SHIZZLE in 53 67 68 69 80 443 4011;
do
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport $SHIZZLE -j ACCEPT
iptables -I INPUT -p udp -m state --state NEW -m udp --dport $SHIZZLE -j ACCEPT
done
service iptables save
# Create your dhcpd.conf file
cat /etc/dhcp/dhcpd.conf
allow booting;
allow bootp;
authoritative;
ddns-update-style interim;
server-identifier 192.168.0.11;
server-name apoc;
#
option space PXE;
option PXE.mtftp-ip code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16;
option PXE.mtftp-sport code 3 = unsigned integer 16;
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;
option arch code 93 = unsigned integer 16; # RFC4578
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.20 192.168.0.30;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option domain-name "matrix.private";
option domain-search "matrix.private";
one-lease-per-client on;
default-lease-time 21600;
max-lease-time 21600;
option routers 192.168.0.1;
option domain-name-servers 192.168.0.11, 192.168.0.10, 8.8.8.8;
option netbios-name-servers 192.168.0.10;
option netbios-node-type 2;
option ntp-servers 192.168.0.10, 192.168.0.11;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
next-server 192.168.0.11; # APOC TFTP server
if option arch = 00:06 {
filename "/bootia32.efi";
} else if option arch = 00:07 {
# UEFI SYSTEMS
filename "/BOOTX64.efi";
} else {
# EVERYBODY ELSE (BIOS)
filename "/pxelinux.0";
}
}
}
#########################
# HOST DEFINITIONS
#########################
# Test Hardware
host xxxxa {
hardware ethernet bc:5f:f4:68:fc:fa;
fixed-address 192.168.0.140;
}
host xxxxb {
hardware ethernet 7c:05:07:0e:63:a4;
fixed-address 192.168.0.141;
}
host xxxxc {
hardware ethernet e8:40:f2:3c:4e:aa;
fixed-address 192.168.0.142; }
service dhcpd start; chkconfig dhcpd on
mkdir /var/lib/tftpboot/pxelinux.cfg/
cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
mount -o loop,ro /var/www/html/isos/rhel-server-6.5-x86_64-dvd.iso /var/www/html/RHEL-6.5-x86_64
mount -o loop /var/www/html/RHEL-6.5-x86_64/images/efiboot.img /mnt
cp /mnt/EFI/BOOT/BOOTX64.efi /mnt/EFI/BOOT/splash.xpm.gz /var/lib/tftpboot/
# cat << EOF > var/lib/tftpboot/efidefault
default=0
timeout=4
menu title PXE Boot Menu
display /msgs/boot.menu
splashimage=(nd)/splash.xpm.gz
#hiddenmenu
# Boot from Hard Disk
label 0
localboot 1
######################################################
# MANUAL INSTALL
######################################################
title RHEL
root (nd)
kernel /RHEL-6.5-x86_64/vmlinuz
initrd /RHEL-6.5-x86_64/initrd.img
######################################################
# KICKSTART
######################################################
title RHEL6B
root (nd)
kernel /RHEL-6.5-x86_64/vmlinuz ks=http://192.168.0.11/RHEL6B.ks ksdevice=bootif eth0_ethtool="autoneg off speed 1000 duplex full"
initrd /RHEL-6.5-x86_64/initrd.img
IPAPPEND 2
title RHEL7A
root (nd)
kernel /RHEL-6.5-x86_64/vmlinuz inst.ks=http://192.168.0.11/RHEL7A.ks inst.gpt ip=dhcp
initrd /RHEL-6.5-x86_64/initrd.img
EOF
restorecon -RFvv /var/lib/tftpboot/
Troubleshooting the process
This is likely the most important part, and a step that I did not do until I was quite frustrated...
tcpdump -i eth0 port 69
[root@apoc RHEL-6.5-x86_64]# tcpdump -i eth0 port 69
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:59:57.836295 IP rhel6b.matrix.private.ansyslmd > apoc.matrix.private.tftp: 42 RRQ "/BOOTX64.efi" octet tsize 0 blksize 1468
19:59:57.931658 IP rhel6b.matrix.private.vfo > apoc.matrix.private.tftp: 34 RRQ "/BOOTX64.efi" octet blksize 1468
19:59:58.172605 IP rhel6b.matrix.private.startron > apoc.matrix.private.tftp: 66 RRQ "/7010367C-0011-11E2-8BFC-505054503030" octet tsize 0 blksize 512
19:59:58.177083 IP rhel6b.matrix.private.nim > apoc.matrix.private.tftp: 50 RRQ "/01-7C-05-07-0E-63-A4" octet tsize 0 blksize 512
19:59:58.181174 IP rhel6b.matrix.private.nimreg > apoc.matrix.private.tftp: 38 RRQ "/C0A8008D" octet tsize 0 blksize 512
19:59:58.185388 IP rhel6b.matrix.private.polestar > apoc.matrix.private.tftp: 37 RRQ "/C0A8008" octet tsize 0 blksize 512
19:59:58.189346 IP rhel6b.matrix.private.kiosk > apoc.matrix.private.tftp: 36 RRQ "/C0A800" octet tsize 0 blksize 512
19:59:58.193500 IP rhel6b.matrix.private.veracity > apoc.matrix.private.tftp: 35 RRQ "/C0A80" octet tsize 0 blksize 512
19:59:58.197424 IP rhel6b.matrix.private.kyoceranetdev > apoc.matrix.private.tftp: 34 RRQ "/C0A8" octet tsize 0 blksize 512
19:59:58.201419 IP rhel6b.matrix.private.jstel > apoc.matrix.private.tftp: 33 RRQ "/C0A" octet tsize 0 blksize 512
19:59:58.205191 IP rhel6b.matrix.private.syscomlan > apoc.matrix.private.tftp: 32 RRQ "/C0" octet tsize 0 blksize 512
19:59:58.208895 IP rhel6b.matrix.private.fpo-fns > apoc.matrix.private.tftp: 31 RRQ "/C" octet tsize 0 blksize 512
19:59:58.212589 IP rhel6b.matrix.private.instl_boots > apoc.matrix.private.tftp: 40 RRQ "/efidefault" octet tsize 0 blksize 512
19:59:58.216948 IP rhel6b.matrix.private.instl_bootc > apoc.matrix.private.tftp: 41 RRQ "//efidefault" octet tsize 0 blksize 512
19:59:58.220855 IP rhel6b.matrix.private.cognex-insight > apoc.matrix.private.tftp: 33 RRQ "//efidefault" octet blksize 512
19:59:58.226611 IP rhel6b.matrix.private.gmrupdateserv > apoc.matrix.private.tftp: 33 RRQ "//efidefault" octet blksize 512
19:59:58.535418 IP rhel6b.matrix.private.bsquare-voip > apoc.matrix.private.tftp: 44 RRQ "//splash.xpm.gz" octet tsize 0 blksize 512
19:59:58.540175 IP rhel6b.matrix.private.cardax > apoc.matrix.private.tftp: 36 RRQ "//splash.xpm.gz" octet blksize 512
20:00:02.505905 IP rhel6b.matrix.private.bridgecontrol > apoc.matrix.private.tftp: 54 RRQ "//RHEL-6.5-x86_64/vmlinuz" octet tsize 0 blksize 512
20:00:02.511793 IP rhel6b.matrix.private.warmspotMgmt > apoc.matrix.private.tftp: 46 RRQ "//RHEL-6.5-x86_64/vmlinuz" octet blksize 512
20:00:07.194531 IP rhel6b.matrix.private.rdrmshc > apoc.matrix.private.tftp: 46 RRQ "//RHEL-6.5-x86_64/vmlinuz" octet blksize 512
# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── BOOTX64.efi
├── CentOS-6.4-x86_64
│ ├── initrd.img
│ ├── TRANS.TBL
│ └── vmlinuz
├── efidefault
├── msgs
│ ├── boot.menu
│ ├── RHELH01
│ ├── RHELH02
│ └── RHELKVM01
├── pxelinux.0
├── pxelinux.cfg
│ ├── create_default_files.sh
│ ├── default
│ └── MACs
├── RHEL-6.4-x86_64
│ ├── initrd.img
│ ├── TRANS.TBL
│ └── vmlinuz
├── RHEL-6.5-x86_64
│ ├── initrd.img
│ ├── TRANS.TBL
│ └── vmlinuz
├── RHEL-7.0-x86_64
│ ├── initrd.img
│ ├── TRANS.TBL
│ ├── upgrade.img
│ └── vmlinuz
└── splash.xpm.gz
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT udp -- anywhere anywhere state NEW udp dpt:bootps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:bootpc
ACCEPT udp -- anywhere anywhere state NEW udp dpt:bootps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:bootps
ACCEPT udp -- anywhere anywhere state NEW udp dpt:tftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:tftp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT udp -- anywhere anywhere state NEW udp dpt:pxe
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:altserviceboot
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@apoc /]#
Summary:
It appears that if you boot using BIOS and /pxelinux.0 - it expects a pxelinux.cfg/default (or a file based on IP or MAC)
and boot using /BOOTX64.efi - it expects /efidefault
Also - the syntax appears to vary between default (BIOS) and efidefault (UEFI). At this point I am unsure if the differences I noticed are necessary though.
Details:
So - I'm not going to delve in to a lot of details about the BIOS/PXE kickstart, nor how to install packages. I also won't cover much about creating an actual kickstart file. There are plenty of other sites that do a much better job explaining it than I ever could. Also - my configuration supports the rest of my home network (not just my lab), so you may find some configuration settings are not absolutely necessary for this task - but should not hurt.
# Install the necessary packages
yum - y install syslinux-tftpboot tftp tftp-server dhcp
# Backup your existing Firewall Configuration
cp /etc/sysconfig/iptables /etc/sysconfig/iptables-`date +%F`
# LAZY WAY TO UPDATE FIREWALL
for SHIZZLE in 53 67 68 69 80 443 4011;
do
iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport $SHIZZLE -j ACCEPT
iptables -I INPUT -p udp -m state --state NEW -m udp --dport $SHIZZLE -j ACCEPT
done
service iptables save
# Create your dhcpd.conf file
cat /etc/dhcp/dhcpd.conf
allow booting;
allow bootp;
authoritative;
ddns-update-style interim;
server-identifier 192.168.0.11;
server-name apoc;
#
option space PXE;
option PXE.mtftp-ip code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16;
option PXE.mtftp-sport code 3 = unsigned integer 16;
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;
option arch code 93 = unsigned integer 16; # RFC4578
subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.20 192.168.0.30;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option domain-name "matrix.private";
option domain-search "matrix.private";
one-lease-per-client on;
default-lease-time 21600;
max-lease-time 21600;
option routers 192.168.0.1;
option domain-name-servers 192.168.0.11, 192.168.0.10, 8.8.8.8;
option netbios-name-servers 192.168.0.10;
option netbios-node-type 2;
option ntp-servers 192.168.0.10, 192.168.0.11;
class "pxeclients" {
match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
next-server 192.168.0.11; # APOC TFTP server
if option arch = 00:06 {
filename "/bootia32.efi";
} else if option arch = 00:07 {
# UEFI SYSTEMS
filename "/BOOTX64.efi";
} else {
# EVERYBODY ELSE (BIOS)
filename "/pxelinux.0";
}
}
}
#########################
# HOST DEFINITIONS
#########################
# Test Hardware
host xxxxa {
hardware ethernet bc:5f:f4:68:fc:fa;
fixed-address 192.168.0.140;
}
host xxxxb {
hardware ethernet 7c:05:07:0e:63:a4;
fixed-address 192.168.0.141;
}
host xxxxc {
hardware ethernet e8:40:f2:3c:4e:aa;
fixed-address 192.168.0.142; }
service dhcpd start; chkconfig dhcpd on
mkdir /var/lib/tftpboot/pxelinux.cfg/
cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
mount -o loop,ro /var/www/html/isos/rhel-server-6.5-x86_64-dvd.iso /var/www/html/RHEL-6.5-x86_64
mount -o loop /var/www/html/RHEL-6.5-x86_64/images/efiboot.img /mnt
cp /mnt/EFI/BOOT/BOOTX64.efi /mnt/EFI/BOOT/splash.xpm.gz /var/lib/tftpboot/
# cat << EOF > var/lib/tftpboot/efidefault
default=0
timeout=4
menu title PXE Boot Menu
display /msgs/boot.menu
splashimage=(nd)/splash.xpm.gz
#hiddenmenu
# Boot from Hard Disk
label 0
localboot 1
######################################################
# MANUAL INSTALL
######################################################
title RHEL
root (nd)
kernel /RHEL-6.5-x86_64/vmlinuz
initrd /RHEL-6.5-x86_64/initrd.img
######################################################
# KICKSTART
######################################################
title RHEL6B
root (nd)
kernel /RHEL-6.5-x86_64/vmlinuz ks=http://192.168.0.11/RHEL6B.ks ksdevice=bootif eth0_ethtool="autoneg off speed 1000 duplex full"
initrd /RHEL-6.5-x86_64/initrd.img
IPAPPEND 2
title RHEL7A
root (nd)
kernel /RHEL-6.5-x86_64/vmlinuz inst.ks=http://192.168.0.11/RHEL7A.ks inst.gpt ip=dhcp
initrd /RHEL-6.5-x86_64/initrd.img
EOF
restorecon -RFvv /var/lib/tftpboot/
Troubleshooting the process
This is likely the most important part, and a step that I did not do until I was quite frustrated...
tcpdump -i eth0 port 69
[root@apoc RHEL-6.5-x86_64]# tcpdump -i eth0 port 69
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:59:57.836295 IP rhel6b.matrix.private.ansyslmd > apoc.matrix.private.tftp: 42 RRQ "/BOOTX64.efi" octet tsize 0 blksize 1468
19:59:57.931658 IP rhel6b.matrix.private.vfo > apoc.matrix.private.tftp: 34 RRQ "/BOOTX64.efi" octet blksize 1468
19:59:58.172605 IP rhel6b.matrix.private.startron > apoc.matrix.private.tftp: 66 RRQ "/7010367C-0011-11E2-8BFC-505054503030" octet tsize 0 blksize 512
19:59:58.177083 IP rhel6b.matrix.private.nim > apoc.matrix.private.tftp: 50 RRQ "/01-7C-05-07-0E-63-A4" octet tsize 0 blksize 512
19:59:58.181174 IP rhel6b.matrix.private.nimreg > apoc.matrix.private.tftp: 38 RRQ "/C0A8008D" octet tsize 0 blksize 512
19:59:58.185388 IP rhel6b.matrix.private.polestar > apoc.matrix.private.tftp: 37 RRQ "/C0A8008" octet tsize 0 blksize 512
19:59:58.189346 IP rhel6b.matrix.private.kiosk > apoc.matrix.private.tftp: 36 RRQ "/C0A800" octet tsize 0 blksize 512
19:59:58.193500 IP rhel6b.matrix.private.veracity > apoc.matrix.private.tftp: 35 RRQ "/C0A80" octet tsize 0 blksize 512
19:59:58.197424 IP rhel6b.matrix.private.kyoceranetdev > apoc.matrix.private.tftp: 34 RRQ "/C0A8" octet tsize 0 blksize 512
19:59:58.201419 IP rhel6b.matrix.private.jstel > apoc.matrix.private.tftp: 33 RRQ "/C0A" octet tsize 0 blksize 512
19:59:58.205191 IP rhel6b.matrix.private.syscomlan > apoc.matrix.private.tftp: 32 RRQ "/C0" octet tsize 0 blksize 512
19:59:58.208895 IP rhel6b.matrix.private.fpo-fns > apoc.matrix.private.tftp: 31 RRQ "/C" octet tsize 0 blksize 512
19:59:58.212589 IP rhel6b.matrix.private.instl_boots > apoc.matrix.private.tftp: 40 RRQ "/efidefault" octet tsize 0 blksize 512
19:59:58.216948 IP rhel6b.matrix.private.instl_bootc > apoc.matrix.private.tftp: 41 RRQ "//efidefault" octet tsize 0 blksize 512
19:59:58.220855 IP rhel6b.matrix.private.cognex-insight > apoc.matrix.private.tftp: 33 RRQ "//efidefault" octet blksize 512
19:59:58.226611 IP rhel6b.matrix.private.gmrupdateserv > apoc.matrix.private.tftp: 33 RRQ "//efidefault" octet blksize 512
19:59:58.535418 IP rhel6b.matrix.private.bsquare-voip > apoc.matrix.private.tftp: 44 RRQ "//splash.xpm.gz" octet tsize 0 blksize 512
19:59:58.540175 IP rhel6b.matrix.private.cardax > apoc.matrix.private.tftp: 36 RRQ "//splash.xpm.gz" octet blksize 512
20:00:02.505905 IP rhel6b.matrix.private.bridgecontrol > apoc.matrix.private.tftp: 54 RRQ "//RHEL-6.5-x86_64/vmlinuz" octet tsize 0 blksize 512
20:00:02.511793 IP rhel6b.matrix.private.warmspotMgmt > apoc.matrix.private.tftp: 46 RRQ "//RHEL-6.5-x86_64/vmlinuz" octet blksize 512
20:00:07.194531 IP rhel6b.matrix.private.rdrmshc > apoc.matrix.private.tftp: 46 RRQ "//RHEL-6.5-x86_64/vmlinuz" octet blksize 512
# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── BOOTX64.efi
├── CentOS-6.4-x86_64
│ ├── initrd.img
│ ├── TRANS.TBL
│ └── vmlinuz
├── efidefault
├── msgs
│ ├── boot.menu
│ ├── RHELH01
│ ├── RHELH02
│ └── RHELKVM01
├── pxelinux.0
├── pxelinux.cfg
│ ├── create_default_files.sh
│ ├── default
│ └── MACs
├── RHEL-6.4-x86_64
│ ├── initrd.img
│ ├── TRANS.TBL
│ └── vmlinuz
├── RHEL-6.5-x86_64
│ ├── initrd.img
│ ├── TRANS.TBL
│ └── vmlinuz
├── RHEL-7.0-x86_64
│ ├── initrd.img
│ ├── TRANS.TBL
│ ├── upgrade.img
│ └── vmlinuz
└── splash.xpm.gz
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT udp -- anywhere anywhere state NEW udp dpt:bootps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:bootpc
ACCEPT udp -- anywhere anywhere state NEW udp dpt:bootps
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:bootps
ACCEPT udp -- anywhere anywhere state NEW udp dpt:tftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:tftp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT udp -- anywhere anywhere state NEW udp dpt:pxe
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:altserviceboot
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@apoc /]#
On my system, setting tftpd -vv parameter, I was able to see in the logs if the file was found or not.
ReplyDeleteKickstart With Uefi And Pxe (And Bios Too) >>>>> Download Now
ReplyDelete>>>>> Download Full
Kickstart With Uefi And Pxe (And Bios Too) >>>>> Download LINK
>>>>> Download Now
Kickstart With Uefi And Pxe (And Bios Too) >>>>> Download Full
>>>>> Download LINK r5