Post Reply 
 
Thread Rating:
  • 2 Vote(s) - 3.5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Breaking loop by checking iPXE special feature?
2019-12-09, 09:39 (This post was last modified: 2019-12-10 09:22 by foresty.)
Post: #1
Breaking loop by checking iPXE special feature?
Sorry for posting my question here!
Because I can't find where is the button to post a new discussion.
(Maybe I have no right to post question as a new user).

Seriously, I have to register my new same accout(foresty, with the same PASSWORD for 3rd time), as I can't keep my account after registering about 5 hours.

##### My question is #####
I have met an issue when use iPXE booting VM on Ctrix XenServer 6.5.
The VM has an old existing iPXE verision embeded. I got failed chainload old iPXE ROM with
"user-class iPXE" option.
if exists user-class and option user-class = "iPXE" {
filename "http://pxe.mydomain.org/ipxe/boot.ipxe";
} else { ...

Follow Robin's link "https://gist.github.com/robinsmidsrod/4008017"
I also tried to use "iPXE feature detetion" on my DHCP by replacing user-class option (it works before changing), but it didn't break iPXE loop:
if exists ipxe.https {
filename "http://pxe.mydomain.org/ipxe/boot.ipxe";
} else { ...

So anybody could help me? Thanks very much.

Best Regards,
Foresty
Find all posts by this user
Quote this message in a reply
2019-12-10, 00:26
Post: #2
RE: Breaking loop?
You are allowed to post new threads, but it seems you didn't try, I did split it for you tho. But I would suggest you to read the FAQ.

After trying to understand what your actual question was, I think it is about the loop, and that you are checking for https feature. did you build the ipxe that you are chaining to, with https support?

Use GitHub Discussions
VRAM bin
Visit this user's website Find all posts by this user
Quote this message in a reply
2019-12-10, 02:29
Post: #3
RE: Breaking loop?
(2019-12-10 00:26)NiKiZe Wrote:  You are allowed to post new threads, but it seems you didn't try, I did split it for you tho. But I would suggest you to read the FAQ.

After trying to understand what your actual question was, I think it is about the loop, and that you are checking for https feature. did you build the ipxe that you are chaining to, with https support?

Thank you very much, NikiZe.
After read FAQ. I have found how to post a new thread. I'll follow forum's rule to post threads later.

I confirm my iPXE has https support.
Acturally, I got my full features are follwing from the booting screan:
"DNS/FTP/HTTP/HTTPS/iSCSI/NFS/TFTP/AoE/ELF/
MBOOT/PXE/bzImage/COMBOOT/ Menu/PXEEXT"

These 4 special features "https/ftp/nfs/comboot" are different from VM on XenServer 6.5.
I aslo have tested other 3 features and got the same result, loop and loop again.

Best Regards,
Foresty
Find all posts by this user
Quote this message in a reply
2019-12-10, 06:54
Post: #4
RE: Breaking loop?
so you are checking all 4 ? if so post all of the relevant part of your dhcp config, not just a snippet.
Also describe your issue more clearly.

example:
PXE rom start, that loads iPXE, which then loads iPXE again, I would expect it to load script x instead.

Use GitHub Discussions
VRAM bin
Visit this user's website Find all posts by this user
Quote this message in a reply
2019-12-10, 07:53
Post: #5
RE: Breaking loop?
(2019-12-10 06:54)NiKiZe Wrote:  so you are checking all 4 ? if so post all of the relevant part of your dhcp config, not just a snippet.
Also describe your issue more clearly.

example:
PXE rom start, that loads iPXE, which then loads iPXE again, I would expect it to load script x instead.

1. My iPXE host works good(I mean chainload good) for VM on ESXi or bare metal machine, but can't chainload VM on XenServer 6.5
2. On the good "My iPXE" host, I only changing one line by checking one of "https/ftp/nfs/comboot" features per test, got failed. Then checking second, failed; then third, failed; then fourth, faild.
3. Every time, I only changed this line ("My ISC dhcpd.conf" below):
if exists user-class and option user-class = "iPXE" {
to
if exists ipxe.<ONE of "https/ftp/nfs/comboot"> {
4. Every test, I have compared with VM ESXi:
For VM on XenServer 6.5:
ROM old-iPXE start => load MyiPXE (with my expected features) => then load MyiPXE again => then again ...again...
(Compared)For VM on ESXi:
ROM PXE start => load MyiPXE (with my expected features) => then load MyiPXE again => then again ...again...

##### My ISC dhcpd.conf (Only removed/replaced comments/confidential info) #####
bash-4.2# cat /etc/dhcp/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;

log-facility local7;

option domain-name "mydomain.org";
option domain-name-servers 192.168.0.201,114.114.114.114,8.8.8.8;
allow booting;
allow bootp;

# Support define user-class
option user-class code 77 = string;

# Support iPXE options
option space ipxe;
option ipxe-encap-opts code 175 = encapsulate ipxe;
option ipxe.priority code 1 = signed integer 8;
option ipxe.keep-san code 8 = unsigned integer 8;
option ipxe.skip-san-boot code 9 = unsigned integer 8;
option ipxe.syslogs code 85 = string;
option ipxe.cert code 91 = string;
option ipxe.privkey code 92 = string;
option ipxe.crosscert code 93 = string;
option ipxe.no-pxedhcp code 176 = unsigned integer 8;
option ipxe.bus-id code 177 = string;
option ipxe.san-filename code 188 = string;
option ipxe.bios-drive code 189 = unsigned integer 8;
option ipxe.username code 190 = string;
option ipxe.password code 191 = string;
option ipxe.reverse-username code 192 = string;
option ipxe.reverse-password code 193 = string;
option ipxe.version code 235 = string;
option iscsi-initiator-iqn code 203 = string;
# iPXE feature indicators
option ipxe.pxeext code 16 = unsigned integer 8;
option ipxe.iscsi code 17 = unsigned integer 8;
option ipxe.aoe code 18 = unsigned integer 8;
option ipxe.http code 19 = unsigned integer 8;
option ipxe.https code 20 = unsigned integer 8;
option ipxe.tftp code 21 = unsigned integer 8;
option ipxe.ftp code 22 = unsigned integer 8;
option ipxe.dns code 23 = unsigned integer 8;
option ipxe.bzimage code 24 = unsigned integer 8;
option ipxe.multiboot code 25 = unsigned integer 8;
option ipxe.slam code 26 = unsigned integer 8;
option ipxe.srp code 27 = unsigned integer 8;
option ipxe.nbi code 32 = unsigned integer 8;
option ipxe.pxe code 33 = unsigned integer 8;
option ipxe.elf code 34 = unsigned integer 8;
option ipxe.comboot code 35 = unsigned integer 8;
option ipxe.efi code 36 = unsigned integer 8;
option ipxe.fcoe code 37 = unsigned integer 8;
option ipxe.vlan code 38 = unsigned integer 8;
option ipxe.menu code 39 = unsigned integer 8;
option ipxe.sdi code 40 = unsigned integer 8;
option ipxe.nfs code 41 = unsigned integer 8;

# Support gPXE options
option space gpxe;
option gpxe-encap-opts code 175=encapsulate gpxe;
option gpxe.bus-id code 177=string;

# Support UEFI options
option space pxelinux;
option pxelinux.magic code 208 = string;
option pxelinux.configfile code 209 = text;
option pxelinux.pathprefix code 210 = text;
option pxelinux.reboottime code 211 = unsigned integer 32;
option client-arch code 93 = unsigned integer 16;

# Detect if PXE client is already iPXE
if exists user-class and option user-class = "iPXE" {
filename "http://pxe.mydomain.org/ipxe/boot.ipxe";
} else {
next-server 192.168.0.201;
if exists client-arch {
# Support UEFI
if option client-arch = 00:00 {
filename "undionly.kpxe";
} elsif option client-arch = 00:02 {
filename "ipxe32.efi";
} elsif option client-arch = 00:06 {
filename "ipxe32.efi";
} elsif option client-arch = 00:07 {
filename "snponly.efi";
} elsif option client-arch = 00:08 {
filename "snponly.efi";
} elsif option client-arch = 00:09 {
filename "snponly.efi";
} elsif option client-arch = 00:0a {
filename "bin-arm32-efi/ipxe.efi";
} elsif option client-arch = 00:0b {
filename "bin-arm64-efi/ipxe.efi";
} else {
filename "undionly.kpxe";
}
}
}

include "/etc/dhcp/conf.d/fixed_address.conf";
include "/etc/dhcp/conf.d/a1.conf";
include "/etc/dhcp/conf.d/a4.conf";
<include lines... and so on>
bash-4.2#

Best Regards,
Foresty
Find all posts by this user
Quote this message in a reply
2019-12-12, 10:16 (This post was last modified: 2019-12-12 10:22 by foresty.)
Post: #6
RE: Breaking loop?
(2019-12-10 07:53)foresty Wrote:  
(2019-12-10 06:54)NiKiZe Wrote:  so you are checking all 4 ? if so post all of the relevant part of your dhcp config, not just a snippet.
Also describe your issue more clearly.

example:
PXE rom start, that loads iPXE, which then loads iPXE again, I would expect it to load script x instead.

1. My iPXE host works good(I mean chainload good) for VM on ESXi or bare metal machine, but can't chainload VM on XenServer 6.5
2. On the good "My iPXE" host, I only changing one line by checking one of "https/ftp/nfs/comboot" features per test, got failed. Then checking second, failed; then third, failed; then fourth, faild.
3. Every time, I only changed this line ("My ISC dhcpd.conf" below):
if exists user-class and option user-class = "iPXE" {
to
if exists ipxe.<ONE of "https/ftp/nfs/comboot"> {
4. Every test, I have compared with VM ESXi:
For VM on XenServer 6.5:
ROM old-iPXE start => load MyiPXE (with my expected features) => then load MyiPXE again => then again ...again...
(Compared)For VM on ESXi:
ROM PXE start => load MyiPXE (with my expected features) => then load MyiPXE again => then again ...again...

##### My ISC dhcpd.conf (Only removed/replaced comments/confidential info) #####
bash-4.2# cat /etc/dhcp/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;

log-facility local7;

option domain-name "mydomain.org";
option domain-name-servers 192.168.0.201,114.114.114.114,8.8.8.8;
allow booting;
allow bootp;

# Support define user-class
option user-class code 77 = string;

# Support iPXE options
option space ipxe;
option ipxe-encap-opts code 175 = encapsulate ipxe;
option ipxe.priority code 1 = signed integer 8;
option ipxe.keep-san code 8 = unsigned integer 8;
option ipxe.skip-san-boot code 9 = unsigned integer 8;
option ipxe.syslogs code 85 = string;
option ipxe.cert code 91 = string;
option ipxe.privkey code 92 = string;
option ipxe.crosscert code 93 = string;
option ipxe.no-pxedhcp code 176 = unsigned integer 8;
option ipxe.bus-id code 177 = string;
option ipxe.san-filename code 188 = string;
option ipxe.bios-drive code 189 = unsigned integer 8;
option ipxe.username code 190 = string;
option ipxe.password code 191 = string;
option ipxe.reverse-username code 192 = string;
option ipxe.reverse-password code 193 = string;
option ipxe.version code 235 = string;
option iscsi-initiator-iqn code 203 = string;
# iPXE feature indicators
option ipxe.pxeext code 16 = unsigned integer 8;
option ipxe.iscsi code 17 = unsigned integer 8;
option ipxe.aoe code 18 = unsigned integer 8;
option ipxe.http code 19 = unsigned integer 8;
option ipxe.https code 20 = unsigned integer 8;
option ipxe.tftp code 21 = unsigned integer 8;
option ipxe.ftp code 22 = unsigned integer 8;
option ipxe.dns code 23 = unsigned integer 8;
option ipxe.bzimage code 24 = unsigned integer 8;
option ipxe.multiboot code 25 = unsigned integer 8;
option ipxe.slam code 26 = unsigned integer 8;
option ipxe.srp code 27 = unsigned integer 8;
option ipxe.nbi code 32 = unsigned integer 8;
option ipxe.pxe code 33 = unsigned integer 8;
option ipxe.elf code 34 = unsigned integer 8;
option ipxe.comboot code 35 = unsigned integer 8;
option ipxe.efi code 36 = unsigned integer 8;
option ipxe.fcoe code 37 = unsigned integer 8;
option ipxe.vlan code 38 = unsigned integer 8;
option ipxe.menu code 39 = unsigned integer 8;
option ipxe.sdi code 40 = unsigned integer 8;
option ipxe.nfs code 41 = unsigned integer 8;

# Support gPXE options
option space gpxe;
option gpxe-encap-opts code 175=encapsulate gpxe;
option gpxe.bus-id code 177=string;

# Support UEFI options
option space pxelinux;
option pxelinux.magic code 208 = string;
option pxelinux.configfile code 209 = text;
option pxelinux.pathprefix code 210 = text;
option pxelinux.reboottime code 211 = unsigned integer 32;
option client-arch code 93 = unsigned integer 16;

# Detect if PXE client is already iPXE
if exists user-class and option user-class = "iPXE" {
filename "http://pxe.mydomain.org/ipxe/boot.ipxe";
} else {
next-server 192.168.0.201;
if exists client-arch {
# Support UEFI
if option client-arch = 00:00 {
filename "undionly.kpxe";
} elsif option client-arch = 00:02 {
filename "ipxe32.efi";
} elsif option client-arch = 00:06 {
filename "ipxe32.efi";
} elsif option client-arch = 00:07 {
filename "snponly.efi";
} elsif option client-arch = 00:08 {
filename "snponly.efi";
} elsif option client-arch = 00:09 {
filename "snponly.efi";
} elsif option client-arch = 00:0a {
filename "bin-arm32-efi/ipxe.efi";
} elsif option client-arch = 00:0b {
filename "bin-arm64-efi/ipxe.efi";
} else {
filename "undionly.kpxe";
}
}
}

include "/etc/dhcp/conf.d/fixed_address.conf";
include "/etc/dhcp/conf.d/a1.conf";
include "/etc/dhcp/conf.d/a4.conf";
<include lines... and so on>
bash-4.2#

Finally, I have narrowed down this issue by removing the following 2 lines within MY
ISC DHCPD.CONF:

option gpxe-encap-opts code 175=encapsulate gpxe;
option gpxe.bus-id code 177=string;

These 2 options conflict with iPXE's options.

Thanks iPXE forum and Admin @NikiZe @Robin

Best Regards,
Foresty
Find all posts by this user
Quote this message in a reply
Post Reply 




User(s) browsing this thread: 1 Guest(s)