最後更新: 2018-03-09
介紹
iPXE Home Page: http://ipxe.org
功能
- boot from a web server via HTTP
- boot from an iSCSI SAN
- boot from a Fibre Channel SAN via FCoE
- boot from an AoE SAN
- boot from a wireless network
- boot from a wide-area network
- boot from an Infiniband network
- control the boot process with a script
前章
https://datahunter.org/pxe
目錄
- Test iPEX by iso
- iPEX CMD
- KVM & iPXE
- Build ipxe
- Scripting
- Chainloading iPXE
- Code 77 & 175
- iSCSI
- iPXE Chainloading iPXE
- iPXE Login
Test iPEX by iso
# bootable iso
http://boot.ipxe.org/ipxe.iso
Press Ctrl-B for the iPXE command line...
iPEX CMD
Ctrl-B = iPXE Shell
# version
iPXE> show version
# network devices
iPXE> ifstat
# dhcp
iPXE> dhcp
# route
iPXE> route
# dns
iPXE> show dns
# test
ping 8.8.8.8
nslookup hk.yahoo.com
# Reboot system
iPXE> reboot
# boot
iPXE> chain http://boot.ipxe.org/demo/boot.php
KVM & iPXE
U16 Package
ipxe-qemu
Disable
... ,romfile=, ...
Enable
xml
<os>
<boot dev='network'/>
</os>
libvirt builtin Boot server
- A PXE Server ( 支有 DHCP and TFTP Service )
- 提供 Boot images
<ip address='192.168.122.1' netmask='255.255.255.0'> <tftp root='/var/lib/tftp' /> <dhcp> <range start='192.168.122.2' end='192.168.122.254' /> <bootp file='BOOT_FILENAME' /> </dhcp> </ip>
Build ipxe
# Requirement
apt-get install mtools perl make binutils gcc liblzma-dev
make bin/undionly.kpxe
# 建立的 binary 在
./bin/undionly.kpxe
Scripting
ie.
#!ipxe dhcp chain http://boot.ipxe.org/demo/boot.php
# Dynamic scripts
http://192.168.0.1/boot.php?mac=52:54:00:12:34:56&asset=BKQ42M1
# DOC
https://ipxe.org/scripting
Chainloading iPXE
To enable chainloading, you need to place a copy of iPXE on your TFTP server.
Your machines will download this copy of iPXE from the TFTP server each time that they boot
loader for chainloading (undionly.kpxe)
cd /home/pxe/tftpboot
wget http://boot.ipxe.org/undionly.kpxe
Breaking the loop with the DHCP server
One way that you can break this infinite loop is to configure the DHCP server to hand out iPXE only for the first DHCP request;
the second DHCP request will return the “real” boot filename.
Breaking the loop using dnsmasq
# load undionly.kpxe for clients not tagged with 'iPXE'
dhcp-match=set:ipxe,77,iPXE dhcp-boot=tag:!ipxe,undionly.kpxe dhcp-boot=http://10.37.129.3/bootstrap.ipxe
Breaking the loop with an embedded script
demo.ipxe
#!ipxe dhcp chain http://boot.ipxe.org/demo/boot.php
# build your own version of iPXE with this script embedded:
make bin/undionly.kpxe EMBED=demo.ipxe
# then the chainloaded iPXE will always boot from http://boot.ipxe.org/demo/boot.php regardless of the DHCP server configuration
#!ipxe dhcp chain http://boot.ipxe.org/demo/boot.php
Code 77 & 175
Code 77: user-class
Default: iPXE
Set user-class
HEX
# Length 4, value 'i' (0x69), 'P' (0x50), 'X' (0x48), 'E' (0x45)
set user-class:hex 04:69:50:48:45
OR
String
set user-class U16
Code 175
# iPXE sends a 175 option
dhcp-match=set:ipxe,175
iSCSI
sanboot - Boot from an iSCSI target
Usage:
sanboot iscsi:<servername>:<protocol>:<port>:<LUN>:<targetname>
<LUN>
# The SCSI LUN of the boot disk, in hexadecimal.
# It can be left empty, in which case the default LUN (0) will be used.
ie.
iscsi:192.168.123.10::::iqn.2018-03.local.home:u16
Remark
If you are using iSCSI authentication, then you will need to configure the username and password settings Or login
Boot from iSCSI target using CHAP authentication
i.e.
set username myusername
set password mypassword
Troubleshoot
[1]
Server log
[281882.292710] iSCSI Initiator Node: iqn.1993-08.org.debian:01:e0899cca81fd is not authorized to access iSCSI target portal group: 1. [281882.292731] iSCSI Login negotiation failed.
Set the iSCSI initiator name manually
iPXE> set initiator-iqn iqn.2010-04.org.ipxe:client123
Set the iSCSI initiator name based on the MAC address
iPXE> set initiator-iqn iqn.2010-04.org.ipxe:${mac:hexhyp}
[2]
Server log
[272713.672591] iSCSI Login negotiation failed.
Solve by Upgrade iPXE
iPXE Chainloading iPXE
# Script to boot with iSCSI
u16-iscsi.txt
#!ipxe dhcp && echo DHCP succeeded set initiator-iqn iqn.2018-03.local.u16 sanboot iscsi:192.168.123.10::::iqn.2018-03.local.home:u16
# Build Our Loader
cd /usr/src/ipxe/src
make bin/undionly.kpxe EMBED=u16-iscsi.txt
cp bin/undionly.kpxe /home/pxe/tftpboot/u16.kpxe
dnsmasq assign a MAC to boot u16.kpxe
dhcp-boot=tag:u16,u16.kpxe dhcp-host=88:88:88:88:88:56,set:u16,192.168.123.56,u16,infinite
iPXE Login
# Using HTTP authentication
login chain http://${username:uristring}:${password:uristring}@my.web.server/boot.ipxe
Other