iPXE discussion forum

Full Version: Inside Security (insert)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello Everyone,

At one time, I had a decent setup done - which was lost due to a major server crash (yeah - no backups - I know...#1 rule; always have good backups).

I had iBoot, Linux live environments, Linux Utilities, Storagecraft, Windows installers (not to iscsi - never could get that working - but to local storage), Windows "ERD" images (Utilities), etc. all network bootable and usable on almost any hardware (yes there are always those few systems that - well they just suck).

I had that all running in a PXE environment (not iPXE), and it was something I put together almost a decade ago, which at the time worked great. It's been so long, that I do not recall how I created this.

Now, the one image I "need" to get functioning ASAP is Insert v1.3.6 - which, is a ... "pain" to get running via network boot (PXE). When I first did this, it took me about a week or so to finally succeed. I'm already in this about a week - and still stuck. Insert is based on Knoppix - which should not be this hard to get to network boot. You've got vmlinuz, and miniroot.gz - piece of cake right? Eh, no (insert minion gif here... lol). I can get it to a certain point (boots via image) but when it looks for the cdrom (scans /dev/sd?##) it comes up empty and drops to a limited shell.

Now times have changed (iPXE vs PXE) since I've done this last, and there's more functionality. So, I've been looking at the work and examples here - which are pretty awesome. I've been trying quite a few different approaches to getting Insert up and running - all of which still fail. I would like to get everything running via iPXE, but will not shy away from PXE if it is the only option.

Any assistance/ideas will be much appreciated.

Created ipxelinux.0 file:
make bin/undionly.kpxe EMBED=../../imbedded.ipxe
install -v -m 0644 -g root -o root bin/undionly.kpxe ../../ipxelinux.0

Here is my imbedded.ipxe file:
****************************************************************
#!ipxe
set base-ftp-ip http://ftp.###.###.###.4
set base-http-ip http://###.###.###.4
set base-iscsi-ip ###.###.###.6
set base-nfs-ip ###.###.###.4:
set base-nfs-dir /var/lib/tftpboot/boot_images
set base-url boot_images
set base-iso-dir boot_images/iso
set base-iqn iqn.2017-11.nnnn-iscsitrgt.nnnn.local
set base-iscsi iscsi:${iscsi-server}::::${base-iqn}
set initiator-iqn ${base-iqn}:${mac}

dhcp
chain http://###.###.###.4/menu.ipxe
****************************************************************
Here is my menu.ipxe (the insert boot function), I'm using direct IP addresses just to
alleviate any possible issues with using variables. Once it's functioning, I'll change to
the variables:
****************************************************************
:insert136
echo Booting Insert 1.3.6
sanboot --keep --no-describe --drive 0x81 http://###.###.###.4/boot_images/iso/UTI...-1.3.6.iso || goto failed ##STILL FAILED

## Failed Attempts - or some combination/variation of the following:
#sanboot --keep --no-describe --drive 0x81 http://###.###.###.4/boot_images/iso/UTI...-1.3.6.iso || goto failed

#sanhook --keep --no-describe --drive 0x81 http://###.###.###.4/boot_images/iso/UTI...-1.3.6.iso || goto failed
#sanboot

## Also tried below kernel entries with http://###.###.###.4/boot_images/insert1.3.6/vmlinuz

#KERNEL boot_images/insert1.3.6/vmlinuz
#APPEND nfsdir=###.###.###.4:/var/lib/tftpboot/boot_images/insert1.3.6/cdrom/ nodhcp lang=en ramdisk=1000000 init=/etc/init apm=power-off nomce vga=normal
#initrd insert1.3.6/miniroot.gz

#KERNEL boot_images/insert1.3.6/vmlinuz
#append nfsdir=###.###.###.4:/var/lib/tftpboot/boot_images/insert1.3.6/cdrom nodhcp lnag=en ramdisk_size=1000000 init=/etc/init apm=power-off nomce vga=normal initrd=insert1.3.6/miniroot.gz BOOT_IMAGE=insert
****************************************************************
With some trial and error, I've been able to get Knoppix 7.2 to boot with the following PXE menu (APPEND is one line...):
***************************************************************
label 3
menu label ^3) Knoppix 7.2
KERNEL http://xxx.xxx.xxx.4/knoppix-tftpboot/linux
APPEND nfsdir=xxx.xxx.xxx.4:/var/lib/tftpboot/knoppix-tftpboot/cdrom nodhcp lang= ramdisk_size=100000 init=/etc/init apm=power-off loglevel=1 initrd=http://xxx.xxx.xxx.4/knoppix-tftpboot/miniroot.gz libata.force=noncq tz=localtime lang=en apm=power-off nomce libata.force=noncq hpsa.hpsa_allow_any=1 loglevel=1 noswap nofstab nopcmcia nofirewire BOOT_IMAGE=knoppix
***************************************************************
I've loop mounted the iso image to /var/lib/tftpboot/knoppix-tftpboot/cdrom
The linux and miniroot.gz (and the remaining filesystem in knoppix-tftpboot) were from "knoppix-terminalserver" script form the live boot environment, which I copied over.

I'm still trying to get it to iPXE boot - but I've been consistently failing.

So, my question is...What is the iPXE equivalent to my PXE menu that works here? If I can get Knoppix to function with iPXE, then I can get Insert to function with iPXE as they are almost identical. (Why am I still using Insert you may ask - well, I am very familiar with it, it's tools, and how to manipulate it for various tasks - mainly data recovery; and I feel that familiarity is one of the best tools.)
Ha! I "kinda" figured it out...

So, I'm using iPXE to chainload PXE to boot knoppix. Here's what I have:

imbedded.ipxe above - as it's part of ipxelinux.0 when I create it; but does not effect the way Knoppix is being loaded so it's not necessary.

menu.ipxe is as follows:
***************************************************************
echo Booting Knoppix 7.2
set use-cached 1
dhcp
set 209:string http://###.###.###.4/knoppix-tftpboot/px...noppixboot
set 210:string tftp://###.###.###.4/knoppix-tftpboot/
chain ${210:string}knoppix.0
goto start
***************************************************************
http://###.###.###.4/knoppix-tftpboot/px...noppixboot (again, APPEND is one line):
***************************************************************
TIMEOUT 1
DEFAULT http://###.###.###.4/knoppix-tftpboot/linux
APPEND nfsdir=###.###.###.4:/var/lib/tftpboot/knoppix-tftpboot/cdrom nodhcp lang= ramdisk_size=100000 init=/etc/init apm=power-off nomce loglevel=1 2 initrd=http://###.###.###.4/knoppix-tftpboot/miniroot.gz libata.force=noncq tz=localtime lang=en apm=power-off nomce libata.force=noncq hpsa.hpsa_allow_any=1 loglevel=1 noswap nofstab nopcmcia nofirewire BOOT_IMAGE=knoppix
***************************************************************

Hopefully this will help with anyone else having this issue. I still could not figure out how to do it with only iPXE, but this is a close second that will work.

Good luck everyone.
You are using pxelinux mixed with ipxe.
Just use ipxe on it's own instead, for legacy pcbios eighter use ipxe.pxe or undionly.kpxe

Basic example of working script for linux boot can be found at http://boot.ipxe.org/demo/
I've changed it up just a few hours ago to reflect the following in menu.ipxe - which works great:

set 209:string http://###.###.###.4/knoppix-tftpboot/px...noppixboot
set 210:string tftp://###.###.###.4/knoppix-tftpboot/
imgload knoppix-tftpboot/knoppix.0
boot knoppix.0


But now, I'm attempting to get iscsi to connect as a cache location for data recovery. Here's my code and the error messages:

set iscsistuff iscsi:###.###.###.6::::iqn.2017-11.nnnn-iscsitrgt.nnnn.local:knoppix00 iqn.2017-11.nnnn-iscsitrgt.nnnn.local:knoppixstuff
sanhook ${iscsistuff} && sanunhook || echo Unable to hook ${iscsistuff}
set 209:string http://###.###.###.4/knoppix-tftpboot/px...noppixboot
set 210:string tftp://###.###.###.4/knoppix-tftpboot/
imgload knoppix-tftpboot/knoppix.0
boot knoppix.0

The error is:
Could not open SAN device: Input/ouput error (http://ipxe.org/1d0d6139)

I can connect via Windows iscsi initiator using the initiator name:
iqn.2017-11.nnnn-iscsitrgt.nnnn.local:knoppixstuff

Once connected, I can delete, create, and format the filesystem and I can create directories and files. But when attempting via iPXE I get the above error.

Any ideas?
Reference URL's