The versatile networkboot loader iPXE
Chain Booting with PXE
In a real network boot environment, you still need a DHCP server configuration. Admins are faced with the question of how to deliver the boot configuration to the booting iPXE. One approach is to embed the initial script into iPXE, but this option is not very flexible. For each change, you need to build a new iPXE image, and all systems must use the same script.
A more elegant approach relies on a little trick: In PXE chainloading, the client actually retrieves the IP address twice. On first access, the PXE ROM on the network card is assigned an IP address via DHCP; it downloads the specified file using TFTP and executes it as a PXE-program (Figure 1). The response to the first request is typically undionly.kpxe
, which uses the PXE-ROM Undi interface on the network card because it does not have native network drivers. The second time, the PXE program – iPXE in this case – initializes the network card and again receives an IP address, together with the additional configuration options, via DHCP.
Along with this second query, iPXE identifies itself through the user-class
option. The DHCP server can then respond with a different configuration for iPXE. The configuration in Listing 3 works well with the ISC DHCPD DHCP server. The PXE ROM responds to the filename
option. When iPXE then sends a DHCP request, ISC DHCPD transfers the root-path
option with the URL for the sanboot
command. In this case, the path leads to an ISO image.
Listing 3
/etc/dhcp/dhcpd.conf
As an alternative to PXE chainloading, iPXE can also be embedded as PXE-ROM in popular network cards, thus replacing the vendor's PXE firmware – the key word is ROM Burning [9]. On many network cards, you can permanently store the configuration (IP settings, SAN-URL) in NVRAM via the config
menu so that a server can boot from the Ethernet SAN even without DHCP.
iPXE Automation
The second iPXE mode provides a good basis for automation. You need to change the BIOS settings of all systems so that they first load a script over the network and only then boot from the local disk. This means intervening at another point in the system, because the system startup is preceded by centrally managed scripts.
The scripting language is quite simple:
:label
defines a jump targetgoto label
jumps to a jump target&&
and||
let you create logical conditionsiseq
compares values.
With these language constructs and the iPXE commands, an admin can create amazingly versatile scripts. The iPXE website [10] lists examples that reveal more details.
Useful Helpers
Inventorying is a simple example of a feature you can add through iPXE. The script in Listing 4 collects the necessary data in a Google form, which is available for testing.
Listing 4
Inventory Script
In the example (Listing 5), Qemu sets inventory data itself at startup and loads Listing 4 from a server; the results are available online [11].
Listing 5
Calling the Inventory Script
Another useful scenario is a login that calls an installation menu. If the login attempt fails, the user can only boot from the local disk. The script in Listing 6 combines a menu and simple control structures. Again, Qemu helps with development and testing.
Listing 6
Boot Menu with Login
qemu -kernel ipxe.lkrn -append 'dhcp && chain http://goo.gl/j8MbXI'
The sample PHP script in Listing 7 verifies that the password matches the user name written backward and then redirects to the specified URL. In real life, the web server would deliver different content depending on the application.
Listing 7
Login Checker
Finally, the fourth demo script (Listing 8) offers a menu that lets the user choose between Ubuntu and Fedora. To keep things simple, the URL for the distribution is stored in a variable so that you can replace Fedora 20 with 21 by changing one line.
Listing 8
Installation Menu
Thanks to exit
, iPXE jumps back to the previous menu. In this way, you can assign the components of nested menu structures to separate scripts, thus keeping things simple.
For production use, you need to provide the iPXE script via DHCP. Follow the Sanboot example and use a selective PXE boot in the DHCP configuration (Listing 9). The difference in the filename
option is the URL for the iPXE script. The powerful iPXE only transfers undionly.kpxe
via TFTP, and a web server delivers all the other resources.
Listing 9
/etc/dhcp/dhcpd.conf
« Previous 1 2 3 Next »
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.