Chapter 6. Using iPXE to reduce provisioning times
iPXE is an open-source network-boot firmware. It provides a full PXE implementation enhanced with additional features, such as booting from an HTTP server. For more information about iPXE, see iPXE website.
You can use iPXE if the following restrictions prevent you from using PXE:
- A network with unmanaged DHCP servers.
- A PXE service that is unreachable because of, for example, a firewall restriction.
- A TFTP UDP-based protocol that is unreliable because of, for example, a low-bandwidth network.
6.1. Prerequisites for using iPXE
You can use iPXE to boot virtual machines in the following cases:
- Your virtual machines run on a hypervisor that uses iPXE as primary firmware.
- Your virtual machines are in BIOS mode. In this case, you can configure PXELinux to chainboot iPXE and boot by using the HTTP protocol.
For booting virtual machines in UEFI mode by using HTTP, you can follow Section 5.5, “Creating hosts with UEFI HTTP boot provisioning” instead.
Supportability
Red Hat does not officially support iPXE in Red Hat Satellite. For more information, see Supported architectures and kickstart scenarios in Satellite 6 in the Red Hat Knowledgebase.
Host requirements
- The MAC address of the provisioning interface matches the host configuration.
- The provisioning interface of the host has a valid DHCP reservation.
- The NIC is capable of PXE booting. For more information, see supported hardware on ipxe.org for a list of hardware drivers expected to work with an iPXE-based boot disk.
- The NIC is compatible with iPXE.
6.2. Configuring iPXE environment
Configure an iPXE environment on all Capsules that you want to use for iPXE provisioning.
In Red Hat Enterprise Linux, security-related features of iPXE are not supported and the iPXE binary is built without security features. For this reason, you can only use HTTP but not HTTPS. For more information, see Red Hat Enterprise Linux HTTPS support in iPXE.
Prerequisites
- If you want to use Capsule Servers instead of your Satellite Server, ensure that you have configured your Capsule Servers accordingly. For more information, see Configuring Capsule for Host Registration and Provisioning in Installing Capsule Server.
Procedure
Enable the TFTP and HTTPboot services on your Capsule:
# satellite-installer \ --foreman-proxy-httpboot true \ --foreman-proxy-tftp true
Install the
ipxe-bootimgs
package on your Capsule:# satellite-maintain packages install ipxe-bootimgs
Copy iPXE firmware to the TFTP directory.
Copy the iPXE firmware with the Linux kernel header:
# cp /usr/share/ipxe/ipxe.lkrn /var/lib/tftpboot/
Copy the UNDI iPXE firmware:
# cp /usr/share/ipxe/undionly.kpxe /var/lib/tftpboot/undionly-ipxe.0
Correct the SELinux file contexts:
# restorecon -RvF /var/lib/tftpboot/
Set the HTTP URL.
If you want to use Satellite Server for booting, run the following command on Satellite Server:
# satellite-installer \ --foreman-proxy-dhcp-ipxefilename "http://satellite.example.com/unattended/iPXE?bootstrap=1"
If you want to use Capsule Server for booting, run the following command on Capsule Server:
# satellite-installer --foreman-proxy-dhcp-ipxe-bootstrap true
6.3. Booting virtual machines
Some virtualization hypervisors use iPXE as primary firmware for PXE booting. If you use such a hypervisor, you can boot virtual machines without TFTP and PXELinux.
Booting a virtual machine has the following workflow:
- Virtual machine starts.
- iPXE retrieves the network credentials, including an HTTP URL, by using DHCP.
- iPXE loads the iPXE bootstrap template from Capsule.
- iPXE loads the iPXE template with MAC as a URL parameter from Capsule.
- iPXE loads the kernel and initial RAM disk of the installer.
Prerequisites
Your hypervisor must support iPXE. The following virtualization hypervisors support iPXE:
- libvirt
- Red Hat Virtualization (deprecated)
- You have configured your iPXE environment. For more information, see Section 6.2, “Configuring iPXE environment”.
You can use the original templates shipped in Satellite as described below. If you require modification to an original template, clone the template, edit the clone, and associate the clone instead of the original template. For more information, see Section 2.14, “Cloning provisioning templates”.
Procedure
- In the Satellite web UI, navigate to Hosts > Templates > Provisioning Templates.
-
Search for the
Kickstart default iPXE
template. - Click the name of the template.
- Click the Association tab and select the operating systems that your host uses.
- Click the Locations tab and add the location where the host resides.
- Click the Organizations tab and add the organization that the host belongs to.
- Click Submit to save the changes.
- In the Satellite web UI, navigate to Hosts > Operating systems and select the operating system of your host.
- Click the Templates tab.
-
From the iPXE template list, select the
Kickstart default iPXE
template. - Click Submit to save the changes.
- In the Satellite web UI, navigate to Hosts > All Hosts.
- In the Hosts page, select the host that you want to use.
- Select the Operating System tab.
-
Set PXE Loader to
iPXE Embedded
. - Select the Templates tab.
- In Provisioning Templates, click Resolve and verify that the iPXE template resolves to the required template.
- Click Submit to save host settings.
6.4. Chainbooting iPXE from PXELinux
You can set up iPXE to use a built-in driver for network communication (ipxe.lkrn
) or Universal Network Device Interface (UNDI) (undionly-ipxe.0
). You can choose to load either file depending on the networking hardware capabilities and iPXE driver availability.
UNDI is a minimalistic UDP/IP stack that implements TFTP client. However, UNDI cannot support other protocols like HTTP. To use HTTP with iPXE, use the iPXE build with built-in drivers (ipxe.lkrn
).
Chainbooting iPXE has the following workflow:
- Host powers on.
- PXE driver retrieves the network credentials by using DHCP.
-
PXE driver retrieves the PXELinux firmware
pxelinux.0
by using TFTP. - PXELinux searches for the configuration file on the TFTP server.
-
PXELinux chainloads iPXE
ipxe.lkrn
orundionly-ipxe.0
. - iPXE retrieves the network credentials, including an HTTP URL, by using DHCP again.
- iPXE chainloads the iPXE template from your Templates Capsule.
- iPXE loads the kernel and initial RAM disk of the installer.
Prerequisites
- You have configured your iPXE environment. For more information, see Section 6.2, “Configuring iPXE environment”.
You can use the original templates shipped in Satellite as described below. If you require modification to an original template, clone the template, edit the clone, and associate the clone instead of the original template. For more information, see Section 2.14, “Cloning provisioning templates”.
Procedure
- In the Satellite web UI, navigate to Hosts > Templates > Provisioning Templates.
Search for the required PXELinux template:
-
PXELinux chain iPXE
to useipxe.lkrn
-
PXELinux chain iPXE UNDI
to useundionly-ipxe.0
-
- Click the name of the template you want to use.
- Click the Association tab and select the operating systems that your host uses.
- Click the Locations tab and add the location where the host resides.
- Click the Organizations tab and add the organization that the host belongs to.
- Click Submit to save the changes.
-
On the Provisioning Templates page, search for the
Kickstart default iPXE
template. - Click the name of the template.
- Click the Association tab and associate the template with the operating system that your host uses.
- Click the Locations tab and add the location where the host resides.
- Click the Organizations tab and add the organization that the host belongs to.
- Click Submit to save the changes.
- In the Satellite web UI, navigate to Hosts > Operating systems and select the operating system of your host.
- Click the Templates tab.
- From the PXELinux template list, select the template you want to use.
-
From the iPXE template list, select the
Kickstart default iPXE
template. - Click Submit to save the changes.
- In the Satellite web UI, navigate to Configure > Host Groups, and select the host group you want to configure.
- Select the Operating System tab.
- Select the Architecture and Operating system.
Set the PXE Loader:
-
Select
PXELinux BIOS
to chainboot iPXE (ipxe.lkrn
) from PXELinux. -
Select
iPXE Chain BIOS
to loadundionly-ipxe.0
directly.
-
Select