iPXE discussion forum
iPXE chain load over squid - Printable Version

+- iPXE discussion forum (https://forum.ipxe.org)
+-- Forum: iPXE user forums (/forumdisplay.php?fid=1)
+--- Forum: General (/forumdisplay.php?fid=2)
+--- Thread: iPXE chain load over squid (/showthread.php?tid=6957)

iPXE chain load over squid - elwoodblues - 2013-06-28 04:06


I'm new to iPXE, but was easily able to get DHCP, TFTP and HTTP running as a test of iPXE. However, in my environment, the target server lives on an isolated VLAN until the build is completed. Essentially, this means the "next-server" in dhcpd.conf is only reachable through a squid proxy.

Is there any way to specify a proxy in the URI string of dhcpd.conf, or scripted through the chain command?


RE: iPXE chain load over squid - robinsmidsrod - 2013-07-02 08:09

There is, to my knowledge, no proxy support in iPXE, except for ProxyDHCP, but that's another thing. The "next-server" variable in your dhcpd.conf is pointing to a TFTP server, not an HTTP server. From what I know, TFTP does have any kind of proxy support, and it is not possible to access through a proxy (unless it's a SOCKS proxy, but iPXE doesn't support that). Are you trying to do chainloading with an HTTP proxy? That wouldn't work. The TFTP server must be available using normal routing, and so must the HTTP server. Neither of them needs to be on the local subnet, though.

RE: iPXE chain load over squid - elwoodblues - 2013-07-03 15:27

Thanks for the reply.

I believe I've found a way to leverage iPXE, and remain compliant with our requirement that new servers be built on an isolated network segment.

I'm using the standard technique to assign an initial IP address, then break the infinite loop. The TFTP, DHCP and HTTP server are actually running on the same server, which is dual homed. I've configured the apache http server with mod_proxy, and I'm using a reverse proxy to contact a centralized server that has the syslinux binaries, linux/windows distros and the scripts to install them.

We have a number of locations needing to build servers. Using a central server they can point to, is a big help from a release management perspective.