[Kea-users] kea http uefi boot

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

[Kea-users] kea http uefi boot

Jorell F
What would be the kea config equivalent of the following dhcp config

if option client-architecture = encode-int ( 16, 16 ) {
     option vendor-class-identifier "HTTPClient";
     filename "http://my.web.server/ipxe.efi";
}




_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] kea http uefi boot

Klaus Steden

The UEFI section of my DHCP config looks like this:

{
  "name": "bootstrap-efi",
  "test": "substring(option[60].hex, 0, 20) == 'PXEClient:Arch:00007'",
  "option-data": [
    {
      "name": "boot-file-name",
      "data": "ipxe/snponly.efi"
    },
    {
      "name": "domain-name-servers",
      "data": "$nameserver1, $nameserver2"
    }
  ]
}

My embedded IPXE script (used when building snponly.efi) looks like this:

#!ipxe

goto boot_${platform} ||
shell

:boot_efi
dhcp || goto failed_dhcp
chain ${bootstrap_server}/${net0/mac} || goto failed_chain

:failed_dhcp
echo DHCP configuration failed, dropping to iPXE shell
shell
exit

:failed_chain
echo Chain loading failed, dropping to iPXE shell
shell
exit

The actual boot stanza looks a bit like this:

#!ipxe
set base_url $bootstrap_server

kernel ${base_url}/linux
initrd ${base_url}/initrd.gz
imgargs linux noapic acpi=off auto=true fb=false ip=dhcp ipv6.disable=1 interface=eth0 biosdevname=0 init=/init root=/dev/ram0 rdshell url=${base_url}/preseed/${net0/mac} language=en country=US locale=C priority=critical netcfg/dhcp_timeout=120 initrd=initrd.gz ||
boot ||
I don't do a lot of UEFI, but the above works quite well for us. Don't forget to disable IMAGE_COMBOOT if you use the same embedded script for both UEFI and BIOS mode, and to include the initrd in the boot stanza of your actual iPXE bootstrap (BIOS doesn't need that option in the kernel command line, but UEFI does). You could combine all of these into a single IPXE script, but YMMV.

Hope this helps.

cheers,
Klaus

On Tue, Jun 5, 2018 at 1:38 PM, Jorell F <[hidden email]> wrote:
What would be the kea config equivalent of the following dhcp config

if option client-architecture = encode-int ( 16, 16 ) {
     option vendor-class-identifier "HTTPClient";
     filename "http://my.web.server/ipxe.efi";
}




_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users



_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] kea http uefi boot

Jorell F

I am trying to get ipxe to load from UEFI HTTP booting using Kea, I already am booting from PXE supporting both UEFI and Legacy .


      {
        "name": "UEFI-64-1",
        "test": "substring(option[60].hex,0,20) == 'PXEClient:Arch:00007'",
        "boot-file-name": "ipxe/x86_64/snponly.efi"
      },
      {
        "name": "UEFI-64-2",
        "test": "substring(option[60].hex,0,20) == 'PXEClient:Arch:00008'",
        "boot-file-name": "ipxe/x86_64/snponly.efi"
      },
      {
        "name": "UEFI-64-3",
        "test": "substring(option[60].hex,0,20) == 'PXEClient:Arch:00009'",
        "boot-file-name": "ipxe/x86_64/snponly.efi"
      },
      {
        "name": "UEFI-32-1",
        "test": "substring(option[60].hex,0,20) == 'PXEClient:Arch:00006'",
        "boot-file-name": "ipxe/i386/ipxe.efi"
      },
      {
        "name": "UEFI-32-2",
        "test": "substring(option[60].hex,0,20) == 'PXEClient:Arch:00002'",
        "boot-file-name": "ipxe/i386/ipxe.efi"
      },
      {
        "name": "Legacy",
        "test": "substring(option[60].hex,0,20) == 'PXEClient:Arch:00000'",
        "boot-file-name": "ipxe/undionly.kpxe"
      },
      {
        "name": "XClient_iPXE",
        "test": "substring(option[77].hex,0,4) == 'iPXE'",
        "boot-file-name": <a class="moz-txt-link-rfc2396E" href="http://${webserver}/ipxe/boot.php"> "http://${webserver}/ipxe/boot.php"
      }


On 6/5/2018 3:44 PM, Klaus Steden wrote:

The UEFI section of my DHCP config looks like this:

{
  "name": "bootstrap-efi",
  "test": "substring(option[60].hex, 0, 20) == 'PXEClient:Arch:00007'",
  "option-data": [
    {
      "name": "boot-file-name",
      "data": "ipxe/snponly.efi"
    },
    {
      "name": "domain-name-servers",
      "data": "$nameserver1, $nameserver2"
    }
  ]
}

My embedded IPXE script (used when building snponly.efi) looks like this:

#!ipxe

goto boot_${platform} ||
shell

:boot_efi
dhcp || goto failed_dhcp
chain ${bootstrap_server}/${net0/mac} || goto failed_chain

:failed_dhcp
echo DHCP configuration failed, dropping to iPXE shell
shell
exit

:failed_chain
echo Chain loading failed, dropping to iPXE shell
shell
exit

The actual boot stanza looks a bit like this:

#!ipxe
set base_url $bootstrap_server

kernel ${base_url}/linux
initrd ${base_url}/initrd.gz
imgargs linux noapic acpi=off auto=true fb=false ip=dhcp ipv6.disable=1 interface=eth0 biosdevname=0 init=/init root=/dev/ram0 rdshell url=${base_url}/preseed/${net0/mac} language=en country=US locale=C priority=critical netcfg/dhcp_timeout=120 initrd=initrd.gz ||
boot ||
I don't do a lot of UEFI, but the above works quite well for us. Don't forget to disable IMAGE_COMBOOT if you use the same embedded script for both UEFI and BIOS mode, and to include the initrd in the boot stanza of your actual iPXE bootstrap (BIOS doesn't need that option in the kernel command line, but UEFI does). You could combine all of these into a single IPXE script, but YMMV.

Hope this helps.

cheers,
Klaus

On Tue, Jun 5, 2018 at 1:38 PM, Jorell F <[hidden email]> wrote:
What would be the kea config equivalent of the following dhcp config

if option client-architecture = encode-int ( 16, 16 ) {
     option vendor-class-identifier "HTTPClient";
     filename "http://my.web.server/ipxe.efi";
}




_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users




_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] kea http uefi boot

Francis Dupont
In reply to this post by Jorell F
Jorell F writes:
> What would be the kea config equivalent of the following dhcp config
>
> if option client-architecture = encode-int ( 16, 16 ) {
>      option vendor-class-identifier "HTTPClient";
>      filename "http://my.web.server/ipxe.efi";
> }

=> in general ISC DHCP if expression can't be translated but here
it is not the case: you can create a class using the translation of
the test argument of the if.
For the option I don't know the client-architecture one but you should
have its definition somewhere in the configuration.
"encode-int ( 16, 16 )" is a literal (0x0010).
option vendor-class-identifier "HTTPClient" is an option-data.
filename is boot-file-name in Kea.

BTW I'd like to keep this example for the Kea migration assistant
(when I'll add the code to translate this kind of if expressions)
so I'll need more about the client-architecture option.

Regards

Francis Dupont <[hidden email]>
_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] kea http uefi boot

Francis Dupont
In reply to this post by Jorell F
I looked at for possible candidates fro client-architecture options.
One is the option 93 (client-system in Kea which BTW does not allow
to redefine options). The value 16 is not in RFC 4578 table but it is
11 year old...

Regards

Francis Dupont <[hidden email]>
_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] kea http uefi boot

Jason Guy
Klaus, Jorell and Francis,

Let me start by saying I have never tested or tried anything but classic PXE in my lab. But thanks for providing your configurations as a point of reference if I ever need them. I looked at the configuration I have for the PXE, iPXE, UEFI, etc, and I found it interesting how different it was. To Francis' point, I am using option 93, rather than 60. 

        "client-classes": [
            {
                "boot-file-name": "pxelinux.0",
                "name": "pxe_x86",
                "next-server": "10.50.32.95",
                "server-hostname": "labtools",
                "test": "option[93].hex == 0x0000"
            },
            {
                "boot-file-name": "syslinux.efi",
                "name": "pxe_efi_ia32",
                "next-server": "10.50.32.95",
                "server-hostname": "labtools",
                "test": "option[93].hex == 0x0006"
            },
            {
                "boot-file-name": "syslinux.efi",
                "name": "ipxe_efi_bc",
                "next-server": "10.50.32.95",
                "server-hostname": "labtools",
                "test": "option[93].hex == 0x0007"
            },
            {
                "boot-file-name": "syslinux.efi",
                "name": "ipxe_efi_x86_64",
                "next-server": "10.50.32.95",
                "server-hostname": "labtools",
                "test": "option[93].hex == 0x0009"
            },

I think I created this based on some internet research, and these were classifications for isc-dhcp. Then I converted it to work with Kea... I cannot remember. It certainly works for PXE_x86, but perhaps this will offer a different point of view of a way to work with iPXE.

Francis, I was thinking that it would be cool to put stuff like this in a knowledge base or something on the wiki to pull together how to do things like this. Alternately we could have a GIT repo of contributed configuration examples that have been validated by users who know what they are doing. :) Obviously this would need to be treated like any other open source project, but would be really cool way to share example configs to increase adoption velocity. Something to consider... Perhaps this is something Victoria would be interested in looking at?

Thanks,
Jason

On Tue, Jun 5, 2018 at 7:24 PM, Francis Dupont <[hidden email]> wrote:
I looked at for possible candidates fro client-architecture options.
One is the option 93 (client-system in Kea which BTW does not allow
to redefine options). The value 16 is not in RFC 4578 table but it is
11 year old...

Regards

Francis Dupont <[hidden email]>
_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users


_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] kea http uefi boot

Jorell F

Francis and Jason, thank you!

After finding the different the different Architecture Name codes, I removed the excess lines.

I changed my test lines for simplicity.

I can now boot to iPXE from Legacy PXE, UEFI PXE, and UEFI HTTP.

For reference, my new client classes:

    "client-classes":
    [
      {
        "name": "Legacy_Intel_x86PC",
        "test": "option[93].hex == 0x0000",
        "boot-file-name": "ipxe/undionly.kpxe"
      },
      {
        "name": "EFI_x86-64",
        "test": "option[93].hex == 0x0009",
        "boot-file-name": "ipxe/x86_64/snponly.efi"
      },
      {
        "name": "HTTPClient",
        "test": "option[93].hex == 0x0010",
        "option-data": [ { "name": "vendor-class-identifier", "data": "HTTPClient" } ],
        "boot-file-name": <a class="moz-txt-link-rfc2396E" href="http://${httpserver}/ipxe/x86_64/snponly.efi"> "http://${httpserver}/ipxe/x86_64/snponly.efi"
      },
      {
        "name": "XClient_iPXE",
        "test": "substring(option[77].hex,0,4) == 'iPXE'",
        "boot-file-name": <a class="moz-txt-link-rfc2396E" href="http://${httpserver}/ipxe/boot.php"> "http://${httpserver}/ipxe/boot.php"
      }
    ],



and for additional references, the Architecture Name and Codes:
Type   Architecture Name
----   -----------------
  0    Intel x86PC
  1    NEC/PC98
  2    EFI Itanium
  3    DEC Alpha
  4    Arc x86
  5    Intel Lean Client
  6    EFI IA32
  7    EFI BC
  8    EFI Xscale
  9    EFI x86-64

_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] kea http uefi boot

vicky risk
Administrator
In reply to this post by Jason Guy

Francis, I was thinking that it would be cool to put stuff like this in a knowledge base or something on the wiki to pull together how to do things like this. Alternately we could have a GIT repo of contributed configuration examples that have been validated by users who know what they are doing. :) Obviously this would need to be treated like any other open source project, but would be really cool way to share example configs to increase adoption velocity. Something to consider... Perhaps this is something Victoria would be interested in looking at?

Thanks,
Jason


Hi Jason,

We are indeed trying to figure out the best way to support this. Our current Knowledge base (kb.isc.org) is self-hosted, using some software that I think was last updated in 2013. We are worried about the lack of software maintenance. We also turned off the ability for readers to add comments several years ago, because people were posting technical questions (and spam) and we didn’t have time to curate it.

We are looking at several options for where to move the existing content, and create new content. We haven’t figured it out yet.  One option is a web forum (we have one set up, but haven’t launched it yet at forum.isc.org), another idea is to use the Kea github repo for contributions.

Although a forum is easiest for this kind of thing, it is also somewhat competitive with the mailing list. We are not sure we have time to read both, and we figure many of you don’t either.  We do have a separate Kea-contrib github repo (https://github.com/isc-projects/kea-contrib), and maybe people could post configurations there, adding a link to the configuration file and a description on the main README page for each configuration?

What do you all think?  What’s the best way to share sample configurations that work?

Vicky




_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users
Reply | Threaded
Open this post in threaded view
|

Re: [Kea-users] kea http uefi boot

Klaus Steden

Hi Victoria,

Personally I think a community GitHub repo would be the most effective way. The mailing list is great, and very helpful, but personally I don't think it's the ideal place for code because a) people join and leave, and won't know about a given topic unless they search list archives and b) it's not immediately functional the way a Git can be

A community Wiki would work, too, but it's got the same functionality drawback that the mailing list does.

A workflow I think could work would be if people fork the kea-contrib Wiki and then submit PRs against the master branch, which would establish an effective guard against spam and abuse, and also offer people a very quick and easy way to get access to community-contributed code by cloning the repo locally and just updating it periodically.

my $0.02,
Klaus

On Thu, Jun 7, 2018 at 4:35 PM, Victoria Risk <[hidden email]> wrote:

Francis, I was thinking that it would be cool to put stuff like this in a knowledge base or something on the wiki to pull together how to do things like this. Alternately we could have a GIT repo of contributed configuration examples that have been validated by users who know what they are doing. :) Obviously this would need to be treated like any other open source project, but would be really cool way to share example configs to increase adoption velocity. Something to consider... Perhaps this is something Victoria would be interested in looking at?

Thanks,
Jason


Hi Jason,

We are indeed trying to figure out the best way to support this. Our current Knowledge base (kb.isc.org) is self-hosted, using some software that I think was last updated in 2013. We are worried about the lack of software maintenance. We also turned off the ability for readers to add comments several years ago, because people were posting technical questions (and spam) and we didn’t have time to curate it.

We are looking at several options for where to move the existing content, and create new content. We haven’t figured it out yet.  One option is a web forum (we have one set up, but haven’t launched it yet at forum.isc.org), another idea is to use the Kea github repo for contributions.

Although a forum is easiest for this kind of thing, it is also somewhat competitive with the mailing list. We are not sure we have time to read both, and we figure many of you don’t either.  We do have a separate Kea-contrib github repo (https://github.com/isc-projects/kea-contrib), and maybe people could post configurations there, adding a link to the configuration file and a description on the main README page for each configuration?

What do you all think?  What’s the best way to share sample configurations that work?

Vicky




_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users



_______________________________________________
Kea-users mailing list
[hidden email]
https://lists.isc.org/mailman/listinfo/kea-users