Skip to content

Latest commit

 

History

History
141 lines (85 loc) · 7.05 KB

win-iis-ipxe-linux.md

File metadata and controls

141 lines (85 loc) · 7.05 KB

Network booting CentOS 7 via iPXE PXE bootstrapping and Windows IIS

This guide is using Windows Server 2016, WSL Ubuntu, Mikrotik RB751U-2HnD and VMWare Workstation. This is an experimental home lab setup and should not be used in production. This exists only because there's barely any iPXE information that explains in one page how to get the whole thing running.

iPXE is very powerful, but very hard to learn. You'll spend most of your time trying to figure out why something is not working. Do not try to boot ISOs, it will look like things work, only for it to crash. It will be a frustrating process, but once you get it working, you'll see how wonderful it is. I'd recommend testing things with a VM.

Your setup may wary, but same things apply.

Compiling our iPXE binary

First thing first, we need to know which domain/IP address will the serving our files. In my case, my Windows server running IIS is located on IP 10.1.69.5.
Install these required packages first:
sudo apt install build-essential liblzma mkisofs perl xz-utils mtools liblzma-dev git
Then clone the iPXE repo.
git clone git://git.ipxe.org/ipxe.git

In the src folder in the repo we cloned, there should be a file called boot.ipxe that we need to modify. If it doesn't exist, create it. You can put your menu into it, but I'd recommend serving the menu itself via HTTP, as it makes edits far easier and you don't have to recompile and replace the package in TFTP. This is how boot.ipxe looks for me. Notice the shebang indicating that this is an iPXE script. We need to define dhcp so that the host gets the IP and information from the DHCP server.

#!ipxe

dhcp
chain http://10.1.69.5/menu.ipxe


We will be needing only the undionly.kpxe file, so lets compile it.
make bin/undionly.kpxe EMBED=boot.ipxe

Setting up DHCP Server and TFTP server

Mikrotik can serve as a TFTP Server, but to make things simplier, I'll be using Tftpd64 on the Windows server itself.

We will be bootstrapping our own compiled iPXE code, but to get it to work, we need to set DHCP option 66 to the TFTP server and option 67 to our iPXE menu/script. Option 67 is the filename that the host will look for when connecting to TFTP server.
On Mikrotik, option 66 is Next Server and option 67 is Boot File Name. Setting DHCP options manually in the options tab will NOT work unless enabled in the DHCP Network panel, which already has Next Server and Boot File Name options already.

Drop your undionly.kpxe file into the tftpd64 directory to make the file available via tftp. Make sure you allow tftpd64 through the firewall.

Setting up IIS

This assumes you already have an IIS default page made already. You're good to go with dropping your menu.ipxe file and your setup files, but there's one problem. IIS by default serves only specific MIME type files, and since most Linux files have no extension, we have to enable all MIME types to be served.

Create a new web.config file in your IIS website directory and paste this in:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <system.webServer>
        <directoryBrowse enabled="true" />
        <staticContent>
            <mimeMap fileExtension=".*" mimeType="application/octetstream" />
            <mimeMap fileExtension="." mimeType="application/octetstream" />
        </staticContent>
    </system.webServer>
</configuration>

This will make IIS serve all MIME type files.

In IIS, we also have to allow double escaping. Click on the Request Filtering icon in IIS, Edit Feature Settings, and Allow Double Escaping.

If we don't do this, IIS will 404'd on packages like libstdc++

Extract the ISO files

This one is fairly straightforward. Extract the full contents of the ISO file you downloaded into a folder, so that all of the content is accessible through a web browser. In my case, I extracted the ISO to \wwwroot\iso\CENTOS-1908\.

Writing your menu.ipxe file

This is a file undionly.kpxe chainloads after loading iPXE.

#!ipxe

menu Steak's iPXE menu
item centos7-setup CentOS 7
item 
item ipxeshell iPXE Shell

choose os && goto ${os}

:ipxeshell
shell

:centos7-setup
set base http://10.1.69.5/iso/CENTOS-1908/
prompt -k 0x197e -t 2000 Press F12 to install CentOS... || exit
kernel ${base}/images/pxeboot/vmlinuz initrd=initrd.img repo=${base}
initrd ${base}/images/pxeboot/initrd.img
boot || read void

If you want to boot CentOS 7 directly off the official repos and download stuff off the internet, you can replace the local URL with http://mirror.centos.org/centos/7/os/x86_64/.

Be aware that each distro has their own different approach to network booting. If for example, we wanted to boot Ubuntu LiveCD, we'd have to create a NFS server serving the Ubuntu files, compile iPXE with NFS support and our configuration would look something like this:

kernel http://10.1.69.5/iso/ubuntu/casper/vmlinuz || read void
initrd http://10.1.69.5/iso/ubuntu/casper/initrd || read void
imgargs vmlinuz initrd=initrd root=/dev/nfs boot=casper netboot=nfs nfsroot=10.1.69.5:/ubuntu ip=dhcp splash quiet -- || read void
boot || read void

Fixing repodata

Because we are doing something that was never intented to be done, we need to manually do some fixes to the repodata folder. Depending on which form of ISO extraction you used, the files in repodata will have their extensions cut off.

Top is before and bottom is after.

Open the repomd.xml file and rename the files based on it, so for example 84ff0ada5bdbf970afd2791ab1850d0596e41b5442e1ec3f7073974b222b7be9 becomes 84ff0ada5bdbf970afd2791ab1850d0596e41b5442e1ec3f7073974b222b7be9-filelists.xml.gz and so on.

Testing iPXE through VMWare Workstation

Create a new VM in Workstation and remember where its created. If you can't find it when setting up a new VM, open the VM settings and go to options. Working Directory contains the VM files. Go to it and open them .vmx file. After the first line, add bios.bootdelay = 10000 to delay the boot by 10 seconds. The network adapter needs to be bridged to the physical network to function correctly.

Testing out things

It is time to see the fruits of your own labor. Boot up the VM and press F12 to network boot. If the IIS web server is configured correctly, you compiled iPXE with no problems and the DHCP option is functional, you'll be greeted by something like this.

Boot into CentOS. If you did things correctly and manually fixed the repodata, you'll see the installation source and software selection working.

The battle is not over yet. Try installing the system to make sure anaconda and yum is able to pull packages from the webserver without hitting 404 errors.

If it installs sucesfully, congratulations! You got yourself an iPXE server with functional CentOS 7 installer.