Skip to main content

Kickstart with UEFI and PXE (and BIOS too)

I'm still learning some of the nuances of how UEFI has changed the game a bit... but, this should get you going in the right direction.

Summary:

It appears that if you boot using BIOS and /pxelinux.0 - it expects a pxelinux.cfg/default (or a file based on IP or MAC)
and boot using /BOOTX64.efi - it expects /efidefault
Also - the syntax appears to vary between default (BIOS) and efidefault (UEFI).  At this point I am unsure if the differences I noticed are necessary though. 

Details:

So - I'm not going to delve in to a lot of details about the BIOS/PXE kickstart, nor how to install packages.  I also won't cover much about creating an actual kickstart file.  There are plenty of other sites that do a much better job explaining it than I ever could.  Also - my configuration supports the rest of my home network (not just my lab), so you may find some configuration settings are not absolutely necessary for this task - but should not hurt.

# Install the necessary packages
yum - y install syslinux-tftpboot tftp tftp-server dhcp
# Backup your existing Firewall Configuration
cp /etc/sysconfig/iptables /etc/sysconfig/iptables-`date +%F`

# LAZY WAY TO UPDATE FIREWALL
for SHIZZLE in 53 67 68 69 80 443 4011;
do 
  iptables -I INPUT -p tcp -m state --state NEW -m tcp --dport $SHIZZLE -j ACCEPT
  iptables -I INPUT -p udp -m state --state NEW -m udp --dport $SHIZZLE -j ACCEPT
done
service iptables save

# Create your dhcpd.conf file
cat /etc/dhcp/dhcpd.conf
allow booting;
allow bootp;
authoritative;
ddns-update-style interim;
server-identifier 192.168.0.11;
server-name apoc;
#
option space PXE;
option PXE.mtftp-ip    code 1 = ip-address;
option PXE.mtftp-cport code 2 = unsigned integer 16;
option PXE.mtftp-sport code 3 = unsigned integer 16;
option PXE.mtftp-tmout code 4 = unsigned integer 8;
option PXE.mtftp-delay code 5 = unsigned integer 8;
option arch code 93 = unsigned integer 16; # RFC4578

subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.20 192.168.0.30;
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.0.255;
  option domain-name "matrix.private";
  option domain-search "matrix.private";
  one-lease-per-client on;
  default-lease-time 21600;
  max-lease-time 21600;
  option routers 192.168.0.1;
  option domain-name-servers 192.168.0.11, 192.168.0.10, 8.8.8.8;
  option netbios-name-servers 192.168.0.10;
  option netbios-node-type 2;
  option ntp-servers 192.168.0.10, 192.168.0.11;

  class "pxeclients" {
    match if substring (option vendor-class-identifier, 0, 9) = "PXEClient";
    next-server 192.168.0.11; # APOC TFTP server
    if option arch = 00:06 {
      filename "/bootia32.efi";
    } else if option arch = 00:07 {
      # UEFI SYSTEMS
      filename "/BOOTX64.efi";
    } else {
      # EVERYBODY ELSE (BIOS)
      filename "/pxelinux.0";
    }
  }
}
#########################
# HOST DEFINITIONS 
#########################
# Test Hardware
host xxxxa {
  hardware ethernet bc:5f:f4:68:fc:fa;
  fixed-address 192.168.0.140;
}
host xxxxb {
  hardware ethernet 7c:05:07:0e:63:a4;
  fixed-address 192.168.0.141;
}
host xxxxc {
  hardware ethernet e8:40:f2:3c:4e:aa;
  fixed-address 192.168.0.142; }

 service dhcpd start; chkconfig dhcpd on
mkdir /var/lib/tftpboot/pxelinux.cfg/
cp /usr/share/syslinux/pxelinux.0 /var/lib/tftpboot/
mount -o loop,ro /var/www/html/isos/rhel-server-6.5-x86_64-dvd.iso /var/www/html/RHEL-6.5-x86_64
mount -o loop /var/www/html/RHEL-6.5-x86_64/images/efiboot.img /mnt
cp /mnt/EFI/BOOT/BOOTX64.efi /mnt/EFI/BOOT/splash.xpm.gz /var/lib/tftpboot/

# cat << EOF > var/lib/tftpboot/efidefault
default=0
timeout=4
menu title PXE Boot Menu
display /msgs/boot.menu
splashimage=(nd)/splash.xpm.gz
#hiddenmenu

# Boot from Hard Disk
label 0
  localboot 1
######################################################
# MANUAL INSTALL
######################################################
title RHEL
        root (nd)
        kernel /RHEL-6.5-x86_64/vmlinuz
        initrd /RHEL-6.5-x86_64/initrd.img
######################################################
# KICKSTART
######################################################
title RHEL6B
        root (nd)
        kernel /RHEL-6.5-x86_64/vmlinuz ks=http://192.168.0.11/RHEL6B.ks ksdevice=bootif eth0_ethtool="autoneg off speed 1000 duplex full"
        initrd /RHEL-6.5-x86_64/initrd.img
        IPAPPEND 2

title RHEL7A
        root (nd)
        kernel /RHEL-6.5-x86_64/vmlinuz inst.ks=http://192.168.0.11/RHEL7A.ks inst.gpt ip=dhcp
        initrd /RHEL-6.5-x86_64/initrd.img
EOF
restorecon -RFvv /var/lib/tftpboot/

 Troubleshooting the process
This is likely the most important part, and a step that I did not do until I was quite frustrated...

tcpdump -i eth0 port 69
[root@apoc RHEL-6.5-x86_64]# tcpdump -i eth0 port 69
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
19:59:57.836295 IP rhel6b.matrix.private.ansyslmd > apoc.matrix.private.tftp:  42 RRQ "/BOOTX64.efi" octet tsize 0 blksize 1468
19:59:57.931658 IP rhel6b.matrix.private.vfo > apoc.matrix.private.tftp:  34 RRQ "/BOOTX64.efi" octet blksize 1468
19:59:58.172605 IP rhel6b.matrix.private.startron > apoc.matrix.private.tftp:  66 RRQ "/7010367C-0011-11E2-8BFC-505054503030" octet tsize 0 blksize 512
19:59:58.177083 IP rhel6b.matrix.private.nim > apoc.matrix.private.tftp:  50 RRQ "/01-7C-05-07-0E-63-A4" octet tsize 0 blksize 512
19:59:58.181174 IP rhel6b.matrix.private.nimreg > apoc.matrix.private.tftp:  38 RRQ "/C0A8008D" octet tsize 0 blksize 512
19:59:58.185388 IP rhel6b.matrix.private.polestar > apoc.matrix.private.tftp:  37 RRQ "/C0A8008" octet tsize 0 blksize 512
19:59:58.189346 IP rhel6b.matrix.private.kiosk > apoc.matrix.private.tftp:  36 RRQ "/C0A800" octet tsize 0 blksize 512
19:59:58.193500 IP rhel6b.matrix.private.veracity > apoc.matrix.private.tftp:  35 RRQ "/C0A80" octet tsize 0 blksize 512
19:59:58.197424 IP rhel6b.matrix.private.kyoceranetdev > apoc.matrix.private.tftp:  34 RRQ "/C0A8" octet tsize 0 blksize 512
19:59:58.201419 IP rhel6b.matrix.private.jstel > apoc.matrix.private.tftp:  33 RRQ "/C0A" octet tsize 0 blksize 512
19:59:58.205191 IP rhel6b.matrix.private.syscomlan > apoc.matrix.private.tftp:  32 RRQ "/C0" octet tsize 0 blksize 512
19:59:58.208895 IP rhel6b.matrix.private.fpo-fns > apoc.matrix.private.tftp:  31 RRQ "/C" octet tsize 0 blksize 512
19:59:58.212589 IP rhel6b.matrix.private.instl_boots > apoc.matrix.private.tftp:  40 RRQ "/efidefault" octet tsize 0 blksize 512
19:59:58.216948 IP rhel6b.matrix.private.instl_bootc > apoc.matrix.private.tftp:  41 RRQ "//efidefault" octet tsize 0 blksize 512
19:59:58.220855 IP rhel6b.matrix.private.cognex-insight > apoc.matrix.private.tftp:  33 RRQ "//efidefault" octet blksize 512
19:59:58.226611 IP rhel6b.matrix.private.gmrupdateserv > apoc.matrix.private.tftp:  33 RRQ "//efidefault" octet blksize 512
19:59:58.535418 IP rhel6b.matrix.private.bsquare-voip > apoc.matrix.private.tftp:  44 RRQ "//splash.xpm.gz" octet tsize 0 blksize 512
19:59:58.540175 IP rhel6b.matrix.private.cardax > apoc.matrix.private.tftp:  36 RRQ "//splash.xpm.gz" octet blksize 512
20:00:02.505905 IP rhel6b.matrix.private.bridgecontrol > apoc.matrix.private.tftp:  54 RRQ "//RHEL-6.5-x86_64/vmlinuz" octet tsize 0 blksize 512
20:00:02.511793 IP rhel6b.matrix.private.warmspotMgmt > apoc.matrix.private.tftp:  46 RRQ "//RHEL-6.5-x86_64/vmlinuz" octet blksize 512
20:00:07.194531 IP rhel6b.matrix.private.rdrmshc > apoc.matrix.private.tftp:  46 RRQ "//RHEL-6.5-x86_64/vmlinuz" octet blksize 512


# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── BOOTX64.efi
├── CentOS-6.4-x86_64
│   ├── initrd.img
│   ├── TRANS.TBL
│   └── vmlinuz
├── efidefault
├── msgs
│   ├── boot.menu
│   ├── RHELH01
│   ├── RHELH02
│   └── RHELKVM01
├── pxelinux.0
├── pxelinux.cfg
│   ├── create_default_files.sh
│   ├── default
│   └── MACs
├── RHEL-6.4-x86_64
│   ├── initrd.img
│   ├── TRANS.TBL
│   └── vmlinuz
├── RHEL-6.5-x86_64
│   ├── initrd.img
│   ├── TRANS.TBL
│   └── vmlinuz
├── RHEL-7.0-x86_64
│   ├── initrd.img
│   ├── TRANS.TBL
│   ├── upgrade.img
│   └── vmlinuz
└── splash.xpm.gz

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination        
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere           
ACCEPT     all  --  anywhere             anywhere           
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:bootpc
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:bootps
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:tftp
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:tftp
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:http
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:pxe
ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:altserviceboot
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination        
REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
[root@apoc /]#

Comments

  1. UgoNovember 5, 2015 at 7:36 PM

    On my system, setting tftpd -vv parameter, I was able to see in the logs if the file was found or not.

    ReplyDelete
  2. AnonymousApril 20, 2022 at 6:35 AM

    Kickstart With Uefi And Pxe (And Bios Too) >>>>> Download Now

    >>>>> Download Full

    Kickstart With Uefi And Pxe (And Bios Too) >>>>> Download LINK

    >>>>> Download Now

    Kickstart With Uefi And Pxe (And Bios Too) >>>>> Download Full

    >>>>> Download LINK r5

    ReplyDelete

Post a Comment

Popular posts from this blog

P2V using dd for KVM-QEMU guest

Preface: I have certainly not exhaustively tested this process.  I had a specific need and found a specific solution that worked. Situation:  I was issued a shiny new laptop running Red Hat Enterprise Linux 7 (with Corp VPN, certs, Authentication configuration, etc...)  The image was great, but I needed more flexibility on my bare metal.  So, my goal was to P2V the corporate image so I could just run it as a VM. * Remove corporate drive and install new SSD * install corp drive in external USB-3 case * Install RHEL 7 on new SSD * dd old drive to a disk-image file in a temp location which will be an image which is the same size as your actual drive (unless you have enough space in your destination to contain a temp and converted image) * convert the raw disk-image to a qcow file while pushing it to the final location - this step should reduce the disk size - however, I believe it will only reduce/collapse zero-byte blocks (not just free space - i.e. if you de...
1 comment
Read more

Sun USS 7100 foo

TIP: put ALL of your LUNs into a designated TARGET and INITIATOR group when you create them.  If you leave them in the "default" group, then everything that does an discovery against the array will find them :-( I'm struggling to recognize a reason that a default should even be present on the array. Also - who, exactly, is Sun trying to kid.  The USS is simply a box.. running Solaris .. with IPMP and ZFS.  Great.  If you have ever attempted to "break-in" or "p0wn" your IBM HMC, you know that there are people out there that can harden a box - then.. there's Sun.  After a recent meltdown at the office I had to get quite intimate with my USS 7110 and learned quite a bit.  Namely: there's a shell ;-) My current irritation is how they attempt to "warn you" away from using the shell (my coverage expired a long time ago to worry about that) and then how they try to hide things, poorly. I was curious as to what version of SunOS it ...
1 comment
Read more

"Error getting authority: Error initializing authority: Could not connect: No such file or directory (g-io-error-quark, 1)"

"Error getting authority: Error initializing authority: Could not connect: No such file or directory (g-io-error-quark, 1)" One issue that may cause this to arise is if you managed to break your /etc/fstab We had an engineer add a line with the intended options of "nfsvers=3" but instead added "-onfsvers=3" and it broke the system fairly catastrophically.
Post a Comment
Read more