iPXE discussion forum

Full Version: sanboot problems.
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Hello.

My use case:
Im work at a cyber cafe. To make Everything easier to manage (with updates, only needing to update one computer then all is updated) and prevent customers from tampering with the computers (downloading viruses and such), I want to boot the computers "read-only" from a central server containing a ISO image or some other sort of raw read-only image.

I have built a Windows 7 liveCD image using WinBuilder. The ISO boots locally perfect, in QEMU.

I put the ISO on a LAN accessible web server, and then sanboot the file.

iPXE> dhcp
"DHCP (net0 90:e6:ba:68:e8:2d)...... ok"
iPXE> sanboot http://192.168.1.11/peiso.iso
"Registered SAN device 0x80"
"Booting from SAN device 0x80"
Then it hangs there forever.


The web server log show:

192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "HEAD /peiso.iso HTTP/1.1" 200 0 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "HEAD /peiso.iso HTTP/1.1" 200 0 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 512 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 512 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 2048 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 16384 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 2048 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 32768 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 2048 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 2048 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 2048 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 2048 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 2048 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 2048 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 2048 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 2048 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 2048 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 2048 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 2048 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 2048 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 65536 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 65536 "-" "iPXE/1.0.0+ (22a0)"
192.168.1.7 - - [26/Sep/2013:14:26:17 +0200] "GET /peiso.iso HTTP/1.1" 206 65536 "-" "iPXE/1.0.0+ (22a0)"

After the third request with 65536 bytes, theres no more requests in log, even after 30 minutes of wait, so seems the boot process completely stopped.

ISO is 627 163 136 byte large (about 600MB) and the computer has 6 GB of available RAM. LAN Network is 100MBit.

Whats the problem, why does it hang? Server support Range requests so there should not be problem there, and ISO is fine (boots locally in emulator)
(2013-09-26 13:44)sebastian Wrote: [ -> ]My use case:
Im work at a cyber cafe. To make Everything easier to manage (with updates, only needing to update one computer then all is updated) and prevent customers from tampering with the computers (downloading viruses and such), I want to boot the computers "read-only" from a central server containing a ISO image or some other sort of raw read-only image.

I have built a Windows 7 liveCD image using WinBuilder. The ISO boots locally perfect, in QEMU.

I put the ISO on a LAN accessible web server, and then sanboot the file.

SAN-booting a Windows ISO won't work anyway; there will be no way for Windows to access the ISO image after starting up.

If you can create a .wim image then you could potentially use http://ipxe.org/wimboot.

Another option is to use iSCSI boot (from a disk image rather than an ISO image), and use LVM or similar copy-on-write techniques to provide a clean image on each boot.

Michael
For the wimboot method:
Mount your ISO file (Virtual Disk or similar). You will find the wim file in the "sources" directory. Your file size will be little below 600MB. Copy the files including fonts (for error messages) and bootmgr to your Web- or TFTP Server.
Config file for HTTP download.
Code:
    #!ipxe
    dhcp net0 && echo IP address: ${net0/ip} ; echo Subnet mask:${net0/netmask}
    kernel http://NNN.XXX.YYY.ZZZ/wimboot/wimboot
    initrd http://NNN.XXX.YYY.ZZZ/wimboot/win8_1/bootmgr bootmgr
    initrd http://NNN.XXX.YYY.ZZZ/wimboot/Boot/bcd bcd
    initrd http://NNN.XXX.YYY.ZZZ/wimboot/Boot/fonts/segmono_boot.ttf segmono_boot.ttf
    initrd http://NNN.XXX.YYY.ZZZ/wimboot/Boot/fonts/segoe_slboot.ttf segoe_slboot.ttf
    initrd http://NNN.XXX.YYY.ZZZ/wimboot/Boot/fonts/segoen_slboot.ttf segoen_slboot.ttf
    initrd http://NNN.XXX.YYY.ZZZ/wimboot/Boot/fonts/wgl4_boot.ttf wgl4_boot.ttf
    initrd http://NNN.XXX.YYY.ZZZ/wimboot/Boot/boot.sdi boot.sdi
    initrd http://NNN.XXX.YYY.ZZZ/wimboot/win7pe_x86/sources/Boot.wim Boot.wim
    boot
I'd be very interested in your results as I could not get these large WIM files to work. Take a look here: wimboot Custom WIMs
Unfortunately nobody ever replied to my request here or in the iPXE devel mailing list. Sad
I'm very interested if large WIM files work for anybody.
The only way I could get these large files to work was the memdisk method.
Config file for HTTP download:
Code:
#!ipxe
       set download-url http://NNN.XXX.YYY.ZZZ
       dhcp net0 && echo IP address: ${net0/ip} ; echo Subnet mask:${net0/netmask}
       initrd ${download-url}/win7pe/win7pe_x86.iso
       chain ${download-url}/syslinux/memdisk iso raw
Of course you need to correct the file locations...
Did go the iSCSI way. Used IETD to set up a master image and 20 cow images.

I mount the master image with:
dhcp
set initiator-iqn iqn.2013-01.se.vasagaming:m
sanhook iscsi:192.168.1.14::::iqn.2013-01.se.vasagaming:m
exit

(then it boots the Windows 7 install DVD I have in the drive to do a over-the-network install).

Trying to install, gives the error message:
"Setup was unable to create a system partition or locate an existing partition. More information can be found in the installation log files."


X:\Windows\Panther\setupact.log says:

IBSLIB CanBeSystemVolume: Volume at disk [0] offset [0x0] doesn't meet criteria for system volumes...
IBSLIB DiskRegionSupportsCapability:Disk [0] is BLOCKED against capability [CanBeSystemVolume] for the following reason:
IBSLIB LogReasons: [BLOCKING Reason for disk 0: CanBeSystemVolume] The Selected disk is not the computer's boot disk.
I would suggest you follow the http://ipxe.org/howto/winpe to boot a custom-made WinPE made with AIK/ADK instead of booting the Windows 7 install DVD locally. That should hopefully allow you to install to the iscsi volume. You might also need the set gateway 0.0.0.0 trick (before the sanhook command) if your router is not set up properly (routes packets back to local network).
Finally solved it. It turned out that I was CTRL+Bing too early. The reason I didn't get the second prompt was something I noticed when carefully watching the boot process....

under 0,1 seconds, it flashed "NVRAM: Unable to copy PCI Boot Rom [Insufficent Space]"
or something similiar.

Turned out my ROM image was too large. Shaving off features (by modifying general.h in config folder) leaving only iSCSI, HTTP, script intepreter and menu function, so it come under 64kb solved all problems.
Reference URL's